Hacking N362: Don't abbrev/alias privsep import
As noted in [1]:
We always import privsep modules like this:
import nova.privsep.libvirt
Not like this:
from nova.privsep import libvirt
This is because it makes it obvious at the caller that a priviledged
operation is occuring:
nova.privsep.libvirt.destroy_root_filesystem()
Not just:
libvirt.destroy_root_filesystem()
This is especially true when the imported module is called "libvirt",
which is a very common term in the codebase and super hard to grep
for specific uses of.
This commit introduces hacking rule N362 to enforce the above.
Change-Id: I9b6aefa015acbf28e49a9ff1713a8bb544586579
Co-Authored-By: Eric Fried <openstack@fried.cc>
This commit is contained in:
Michael Still
@@ -70,6 +70,9 @@ Nova Specific Commandments
|
||||
- [N360] Yield must always be followed by a space when yielding a value.
|
||||
- [N361] Check for usage of deprecated assertRegexpMatches and
|
||||
assertNotRegexpMatches
|
||||
- [N362] Imports for privsep modules should be specific. Use "import nova.privsep.path",
|
||||
not "from nova.privsep import path". This ensures callers know that the method they're
|
||||
calling is using priviledge escalation.
|
||||
|
||||
Creating Unit Tests
|
||||
-------------------
|
||||
|
||||
Reference in New Issue
Block a user