Finish the remote→restricted commands rename

The documentation still points to /etc/ganeti/remote-commands,
although the code is already using restricted-command. Update the
documentation and a few docstrings accordingly.

Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>

diff --git a/Makefile.am b/Makefile.am
index 996feff..e0f3e89 100644 (file)
--- a/Makefile.am
+++ b/Makefile.am
@@ -395,8 +395,8 @@ docinput = \
        doc/design-partitioned.rst \
        doc/design-query-splitting.rst \
        doc/design-query2.rst \
-       doc/design-remote-commands.rst \
        doc/design-resource-model.rst \
+       doc/design-restricted-commands.rst \
        doc/design-shared-storage.rst \
        doc/design-monitoring-agent.rst \
        doc/design-virtual-clusters.rst \

diff --git a/doc/design-2.7.rst b/doc/design-2.7.rst
index 848159e..1c27e24 100644 (file)
--- a/doc/design-2.7.rst
+++ b/doc/design-2.7.rst
@@ -6,7 +6,7 @@ The following design documents have been implemented in Ganeti 2.7:
 
 - :doc:`design-bulk-create`
 - :doc:`design-opportunistic-locking`
-- :doc:`design-remote-commands`
+- :doc:`design-restricted-commands`
 - :doc:`design-node-add`
 - :doc:`design-virtual-clusters`
 - :doc:`design-network`

diff --git a/doc/design-remote-commands.rst b/doc/design-restricted-commands.rst
similarity index 93%
rename from doc/design-remote-commands.rst
rename to doc/design-restricted-commands.rst
index 27524ff..167c816 100644 (file)
--- a/doc/design-remote-commands.rst
+++ b/doc/design-restricted-commands.rst
@@ -28,7 +28,7 @@ be taken:
 
 - No parameters may be passed
 - No absolute or relative path may be passed, only a filename
-- Executable must reside in ``/etc/ganeti/remote-commands``, which must
+- Executable must reside in ``/etc/ganeti/restricted-commands``, which must
   be owned by root:root and have mode 0755 or stricter
   - Must be regular files or symlinks
   - Must be executable by root:root
@@ -46,7 +46,7 @@ If a command can not be executed for some reason, the lock is only
 released with a delay of several seconds, after which the generic error
 message will be returned to the caller.
 
-At first, remote commands will not be made available through the
+At first, restricted commands will not be made available through the
 :doc:`remote API <rapi>`, though that could be done at a later point
 (with a separate password).
 

diff --git a/doc/index.rst b/doc/index.rst
index 87bd2a1..c6963b0 100644 (file)
--- a/doc/index.rst
+++ b/doc/index.rst
@@ -51,7 +51,7 @@ Contents:
    design-opportunistic-locking.rst
    design-ovf-support.rst
    design-query2.rst
-   design-remote-commands.rst
+   design-restricted-commands.rst
    design-shared-storage.rst
    design-virtual-clusters.rst
    design-network.rst

diff --git a/lib/backend.py b/lib/backend.py
index b7dd2ab..cf28d4f 100644 (file)
--- a/lib/backend.py
+++ b/lib/backend.py
@@ -1,7 +1,7 @@
 #
 #
 
-# Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012 Google Inc.
+# Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Google Inc.
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -88,15 +88,15 @@ _LVSLINE_REGEX = re.compile("^ *([^|]+)\|([^|]+)\|([0-9.]+)\|([^|]{6,})\|?$")
 _MASTER_START = "start"
 _MASTER_STOP = "stop"
 
-#: Maximum file permissions for remote command directory and executables
+#: Maximum file permissions for restricted command directory and executables
 _RCMD_MAX_MODE = (stat.S_IRWXU |
                   stat.S_IRGRP | stat.S_IXGRP |
                   stat.S_IROTH | stat.S_IXOTH)
 
-#: Delay before returning an error for remote commands
+#: Delay before returning an error for restricted commands
 _RCMD_INVALID_DELAY = 10
 
-#: How long to wait to acquire lock for remote commands (shorter than
+#: How long to wait to acquire lock for restricted commands (shorter than
 #: L{_RCMD_INVALID_DELAY}) to reduce blockage of noded forks when many
 #: command requests arrive
 _RCMD_LOCK_TIMEOUT = _RCMD_INVALID_DELAY * 0.8
@@ -3672,7 +3672,7 @@ def PowercycleNode(hypervisor_type):
 
 
 def _VerifyRestrictedCmdName(cmd):
-  """Verifies a remote command name.
+  """Verifies a restricted command name.
 
   @type cmd: string
   @param cmd: Command name
@@ -3694,7 +3694,7 @@ def _VerifyRestrictedCmdName(cmd):
 
 
 def _CommonRestrictedCmdCheck(path, owner):
-  """Common checks for remote command file system directories and files.
+  """Common checks for restricted command file system directories and files.
 
   @type path: string
   @param path: Path to check
@@ -3724,7 +3724,7 @@ def _CommonRestrictedCmdCheck(path, owner):
 
 
 def _VerifyRestrictedCmdDirectory(path, _owner=None):
-  """Verifies remote command directory.
+  """Verifies restricted command directory.
 
   @type path: string
   @param path: Path to check
@@ -3745,10 +3745,10 @@ def _VerifyRestrictedCmdDirectory(path, _owner=None):
 
 
 def _VerifyRestrictedCmd(path, cmd, _owner=None):
-  """Verifies a whole remote command and returns its executable filename.
+  """Verifies a whole restricted command and returns its executable filename.
 
   @type path: string
-  @param path: Directory containing remote commands
+  @param path: Directory containing restricted commands
   @type cmd: string
   @param cmd: Command name
   @rtype: tuple; (boolean, string)
@@ -3774,10 +3774,10 @@ def _PrepareRestrictedCmd(path, cmd,
                           _verify_dir=_VerifyRestrictedCmdDirectory,
                           _verify_name=_VerifyRestrictedCmdName,
                           _verify_cmd=_VerifyRestrictedCmd):
-  """Performs a number of tests on a remote command.
+  """Performs a number of tests on a restricted command.
 
   @type path: string
-  @param path: Directory containing remote commands
+  @param path: Directory containing restricted commands
   @type cmd: string
   @param cmd: Command name
   @return: Same as L{_VerifyRestrictedCmd}
@@ -3804,7 +3804,7 @@ def RunRestrictedCmd(cmd,
                      _prepare_fn=_PrepareRestrictedCmd,
                      _runcmd_fn=utils.RunCmd,
                      _enabled=constants.ENABLE_RESTRICTED_COMMANDS):
-  """Executes a remote command after performing strict tests.
+  """Executes a restricted command after performing strict tests.
 
   @type cmd: string
   @param cmd: Command name
@@ -3813,10 +3813,10 @@ def RunRestrictedCmd(cmd,
   @raise RPCFail: In case of an error
 
   """
-  logging.info("Preparing to run remote command '%s'", cmd)
+  logging.info("Preparing to run restricted command '%s'", cmd)
 
   if not _enabled:
-    _Fail("Remote commands disabled at configure time")
+    _Fail("Restricted commands disabled at configure time")
 
   lock = None
   try:
@@ -3844,7 +3844,7 @@ def RunRestrictedCmd(cmd,
       # Do not include original error message in returned error
       _Fail("Executing command '%s' failed" % cmd)
     elif cmdresult.failed or cmdresult.fail_reason:
-      _Fail("Remote command '%s' failed: %s; output: %s",
+      _Fail("Restricted command '%s' failed: %s; output: %s",
             cmd, cmdresult.fail_reason, cmdresult.output)
     else:
       return cmdresult.output

diff --git a/test/py/ganeti.backend_unittest.py b/test/py/ganeti.backend_unittest.py
index 74ae4e7..a84fbff 100755 (executable)
--- a/test/py/ganeti.backend_unittest.py
+++ b/test/py/ganeti.backend_unittest.py
@@ -1,7 +1,7 @@
 #!/usr/bin/python
 #
 
-# Copyright (C) 2010 Google Inc.
+# Copyright (C) 2010, 2013 Google Inc.
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -423,7 +423,8 @@ class TestRunRestrictedCmd(unittest.TestCase):
                                _sleep_fn=sleep_fn, _prepare_fn=prepare_fn,
                                _enabled=True)
     except backend.RPCFail, err:
-      self.assertTrue(str(err).startswith("Remote command 'test3079' failed:"))
+      self.assertTrue(str(err).startswith("Restricted command 'test3079'"
+                                          " failed:"))
       self.assertTrue("stderr406328567" in str(err),
                       msg="Error did not include output")
     else:
@@ -477,7 +478,8 @@ class TestRunRestrictedCmd(unittest.TestCase):
                                _runcmd_fn=NotImplemented,
                                _enabled=False)
     except backend.RPCFail, err:
-      self.assertEqual(str(err), "Remote commands disabled at configure time")
+      self.assertEqual(str(err),
+                       "Restricted commands disabled at configure time")
     else:
       self.fail("Did not raise exception")