summaryrefslogtreecommitdiffstats
path: root/tools/yaml-validate.py
diff options
context:
space:
mode:
authorJenkins <jenkins@review.openstack.org>2017-06-30 13:44:59 +0000
committerGerrit Code Review <review@openstack.org>2017-06-30 13:44:59 +0000
commit711bb776198ab076f38eca04b69f08cefd15048b (patch)
tree865fec4a73c8150c220c929b88f2f22c5e55ead3 /tools/yaml-validate.py
parent12377bc7d0899d6e39244275972e6ad25f324d03 (diff)
parent425c9d4e47898221832f01287ad165833ceab3cd (diff)
Merge "Ensure boostrap_host_exec runs as root"
Diffstat (limited to 'tools/yaml-validate.py')
-rwxr-xr-xtools/yaml-validate.py17
1 files changed, 17 insertions, 0 deletions
diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py
index 233ec185..674449f5 100755
--- a/tools/yaml-validate.py
+++ b/tools/yaml-validate.py
@@ -200,6 +200,23 @@ def validate_docker_service(filename, tpl):
% (expected_config_image_parameter, config_volume))
return 1
+ if 'docker_config' in role_data:
+ docker_config = role_data['docker_config']
+ for _, step in docker_config.items():
+ for _, container in step.items():
+ if not isinstance(container, dict):
+ # NOTE(mandre) this skips everything that is not a dict
+ # so we may ignore some containers definitions if they
+ # are in a map_merge for example
+ continue
+ command = container.get('command', '')
+ if isinstance(command, list):
+ command = ' '.join(map(str, command))
+ if 'bootstrap_host_exec' in command \
+ and container.get('user') != 'root':
+ print('ERROR: bootstrap_host_exec needs to run as the root user.')
+ return 1
+
if 'parameters' in tpl:
for param in required_params:
if param not in tpl['parameters']: