environment: Add in preliminary support for a whitelisted env
This provides initial support for a whitelisted environment using globbing
similar to the way ssh is configured.
Change-Id: I2d5a70f5fa42522509abd1dd45ac9ec7a1fc17ff
diff --git a/mdt/config.py b/mdt/config.py
index 1f1985e..7678c8d 100644
--- a/mdt/config.py
+++ b/mdt/config.py
@@ -25,6 +25,7 @@
DEFAULT_USERNAME = "mendel"
DEFAULT_PASSWORD = "mendel"
DEFAULT_DISABLE_PASSWD_AUTH = "true"
+DEFAULT_ENV_WHITELIST = "TERM LANG LC_*"
class Config:
@@ -70,6 +71,11 @@
return self.getAttribute("password", DEFAULT_PASSWORD)
self.setAttribute("password", password)
+ def envWhitelist(self, whitelist=None):
+ if not whitelist:
+ return self.getAttribute("env-whitelist", DEFAULT_ENV_WHITELIST)
+ self.setAttribute("env-whitelist", whitelist)
+
def shouldDisablePasswordAuth(self, disablePasswdAuth=None):
if disablePasswdAuth == None:
return self.getAttribute("disable-password-auth",
diff --git a/mdt/sshclient.py b/mdt/sshclient.py
index 90c516b..f12ca77 100644
--- a/mdt/sshclient.py
+++ b/mdt/sshclient.py
@@ -19,6 +19,7 @@
import os
import socket
import time
+import fnmatch
import paramiko
from paramiko.ssh_exception import AuthenticationException, SSHException
@@ -55,6 +56,7 @@
self.username = self.config.username()
self.password = self.config.password()
+ self.envWhitelist = self.config.envWhitelist()
if not self.maybeGenerateSshKeys():
return False
@@ -158,8 +160,17 @@
return True
+ def _generateEnvironment(self):
+ environment = {}
+ for pattern in self.envWhitelist.split(' '):
+ for name, value in os.environ.keys():
+ if fnmatch.fnmatch(name, pattern):
+ environment[name] = value
+ return environment
+
def openShell(self):
term = os.getenv("TERM", default="vt100")
+ env = self._generateEnvironment()
width, height = os.get_terminal_size()
if self._shouldPushKey():
@@ -173,6 +184,9 @@
allow_agent=False,
look_for_keys=False,
compress=True)
+
+ # FIXME(jtgans): Add environment support once all major distributions we
+ # support have added in Paramiko v2.1.x or newer.
return self.client.invoke_shell(term=term, width=width, height=height)
def shellExec(self, cmd, allocPty=False):