1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
Description: Retain world-readable /etc/netplan/50-cloud-init.yaml
To avoid change in behavior stable releases wil not adopt root read-only
/etc/netplan/50-cloud-init.yaml. which is present in Lunar and newer.
Author: chad.smith@canonical.com
Origin: backport
Forwarded: not-needed
Last-Update: 2023-01-09
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/cloudinit/features.py
+++ b/cloudinit/features.py
@@ -59,7 +59,7 @@ only non-hashed passwords were expired.
(This flag can be removed after Jammy is no longer supported.)
"""
-NETPLAN_CONFIG_ROOT_READ_ONLY = True
+NETPLAN_CONFIG_ROOT_READ_ONLY = False
"""
If ``NETPLAN_CONFIG_ROOT_READ_ONLY`` is True, then netplan configuration will
be written as a single root readon-only file /etc/netplan/50-cloud-init.yaml.
--- a/tests/unittests/distros/test_netconfig.py
+++ b/tests/unittests/distros/test_netconfig.py
@@ -608,32 +608,41 @@ class TestNetCfgDistroUbuntuNetplan(Test
(self.netplan_path(), V1_TO_V2_NET_CFG_OUTPUT, 0o600),
)
- self._apply_and_verify_netplan(
- self.distro.apply_network_config,
- V1_NET_CFG,
- expected_cfgs=expected_cfgs,
- )
+ with mock.patch.object(
+ features, "NETPLAN_CONFIG_ROOT_READ_ONLY", True
+ ):
+ self._apply_and_verify_netplan(
+ self.distro.apply_network_config,
+ V1_NET_CFG,
+ expected_cfgs=expected_cfgs,
+ )
def test_apply_network_config_v1_ipv6_to_netplan_ub(self):
expected_cfgs = (
(self.netplan_path(), V1_TO_V2_NET_CFG_IPV6_OUTPUT, 0o600),
)
- self._apply_and_verify_netplan(
- self.distro.apply_network_config,
- V1_NET_CFG_IPV6,
- expected_cfgs=expected_cfgs,
- )
+ with mock.patch.object(
+ features, "NETPLAN_CONFIG_ROOT_READ_ONLY", True
+ ):
+ self._apply_and_verify_netplan(
+ self.distro.apply_network_config,
+ V1_NET_CFG_IPV6,
+ expected_cfgs=expected_cfgs,
+ )
def test_apply_network_config_v2_passthrough_ub(self):
expected_cfgs = (
(self.netplan_path(), V2_TO_V2_NET_CFG_OUTPUT, 0o600),
)
- self._apply_and_verify_netplan(
- self.distro.apply_network_config,
- V2_NET_CFG,
- expected_cfgs=expected_cfgs,
- )
+ with mock.patch.object(
+ features, "NETPLAN_CONFIG_ROOT_READ_ONLY", True
+ ):
+ self._apply_and_verify_netplan(
+ self.distro.apply_network_config,
+ V2_NET_CFG,
+ expected_cfgs=expected_cfgs,
+ )
def test_apply_network_config_v2_passthrough_retain_orig_perms(self):
"""Custom permissions on existing netplan is kept when more strict."""
@@ -673,11 +682,14 @@ class TestNetCfgDistroUbuntuNetplan(Test
expected_cfgs = (
(self.netplan_path(), V2_PASSTHROUGH_NET_CFG_OUTPUT, 0o600),
)
- self._apply_and_verify_netplan(
- self.distro.apply_network_config,
- V2_PASSTHROUGH_NET_CFG,
- expected_cfgs=expected_cfgs,
- )
+ with mock.patch.object(
+ features, "NETPLAN_CONFIG_ROOT_READ_ONLY", True
+ ):
+ self._apply_and_verify_netplan(
+ self.distro.apply_network_config,
+ V2_PASSTHROUGH_NET_CFG,
+ expected_cfgs=expected_cfgs,
+ )
self.assertIn("Passthrough netplan v2 config", self.logs.getvalue())
self.assertIn(
"Selected renderer 'netplan' from priority list: ['netplan']",
@@ -1072,12 +1084,16 @@ class TestNetCfgDistroArch(TestNetCfgDis
with mock.patch(
"cloudinit.net.netplan.get_devicelist", return_value=[]
):
- self._apply_and_verify(
- self.distro.apply_network_config,
- V1_NET_CFG,
- expected_cfgs=expected_cfgs.copy(),
- with_netplan=True,
- )
+ with mock.patch.object(
+ features, "NETPLAN_CONFIG_ROOT_READ_ONLY"
+ ) as netplan_readonly:
+ netplan_readonly = True
+ self._apply_and_verify(
+ self.distro.apply_network_config,
+ V1_NET_CFG,
+ expected_cfgs=expected_cfgs.copy(),
+ with_netplan=True,
+ )
class TestNetCfgDistroPhoton(TestNetCfgDistroBase):
|
