diff options
author | Michael Still <mikal@stillhq.com> | 2019-04-01 20:58:54 +0000 |
---|---|---|
committer | Michael Still <mikal@stillhq.com> | 2019-04-04 20:42:43 +0000 |
commit | 07627d4d3958c34d317037cdd62b88b3ad750392 (patch) | |
tree | a0a366771f67acffacf10c3eaed649fd832a8214 /HACKING.rst | |
parent | 88560094450bb4935909793965866b542d9ef3fe (diff) | |
download | nova-07627d4d3958c34d317037cdd62b88b3ad750392.tar.gz |
Hacking N362: Don't abbrev/alias privsep import
As noted in [1]:
We always import privsep modules like this:
import nova.privsep.libvirt
Not like this:
from nova.privsep import libvirt
This is because it makes it obvious at the caller that a priviledged
operation is occuring:
nova.privsep.libvirt.destroy_root_filesystem()
Not just:
libvirt.destroy_root_filesystem()
This is especially true when the imported module is called "libvirt",
which is a very common term in the codebase and super hard to grep
for specific uses of.
This commit introduces hacking rule N362 to enforce the above.
Change-Id: I9b6aefa015acbf28e49a9ff1713a8bb544586579
Co-Authored-By: Eric Fried <openstack@fried.cc>
Diffstat (limited to 'HACKING.rst')
-rw-r--r-- | HACKING.rst | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/HACKING.rst b/HACKING.rst index 480b79d1bb..16664f02fd 100644 --- a/HACKING.rst +++ b/HACKING.rst @@ -70,6 +70,9 @@ Nova Specific Commandments - [N360] Yield must always be followed by a space when yielding a value. - [N361] Check for usage of deprecated assertRegexpMatches and assertNotRegexpMatches +- [N362] Imports for privsep modules should be specific. Use "import nova.privsep.path", + not "from nova.privsep import path". This ensures callers know that the method they're + calling is using priviledge escalation. Creating Unit Tests ------------------- |