openstack/charm-nova-cloud-controller
Code Issues Proposed changes
charm-nova-cloud-controller/charmhelpers/contrib/hardening/host/checks/apt.py
Alex Kavanagh 9c12812735 Switch the charm to support py3 
Some major changes:
* the charm has been rebased (from a Python perspective) to be rooted in
  the charm directory.  This is a single root.
* Imports have been changed so that the don't add lots of imports to the
  namespace of the module doing the import.
* The code that used to run at module import time has been made lazy
  such that it only has to run if the relevant functions are called.
  This includes restart_on_change parameters, the harden function and
  the parameters to the guard_map.  Appropriate changes will be
  submitted to charm-helpers.
* Several tests had to be re-written as (incorrect) mocking meant that
  text fixtures didn't actually match what the code was doing.  Thus,
  the tests were meaningless.
* This has had a net positive impact on the unit tests wrt to importing
  modules and mocking.

Change-Id: Id07d9d1caaa9b29453a63c2e49ba831071e9457f
2018-10-18 15:43:03 +01:00

38 lines
1.2 KiB
Python
Raw Blame History

# Copyright 2016 Canonical Limited.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from charmhelpers.contrib.hardening.utils import get_settings
from charmhelpers.contrib.hardening.audits.apt import (
AptConfig,
RestrictedPackages,
)
def get_audits():
"""Get OS hardening apt audits.
:returns: dictionary of audits
"""
audits = [AptConfig([{'key': 'APT::Get::AllowUnauthenticated',
'expected': 'false'}])]
settings = get_settings('os')
clean_packages = settings['security']['packages_clean']
if clean_packages:
security_packages = settings['security']['packages_list']
if security_packages:
audits.append(RestrictedPackages(security_packages))
return audits
View Git Blame Copy Permalink