[202012] Check config file not empty after modify it in hostcfgd. (#14385)

**What I did** Check /etc/pam.d/sshd integrity after modify it in hostcfgd. **Why I did it** Found some incident that /etc/pam.d/sshd become empty file during OR upgrade. **How I verified it** Pass all UT. Add new UT to cover new code. **Details if related** This is a manually cherry-pick PR for https://github.com/sonic-net/sonic-host-services/pull/36
2023-03-27 00:30:05 -07:00 · 2023-03-27 00:30:05 -07:00 · a20b43e502
commit a20b43e502
parent 43aec133da
4 changed files with 82 additions and 1 deletions
--- a/src/sonic-host-services/scripts/hostcfgd
+++ b/src/sonic-host-services/scripts/hostcfgd
@ -210,11 +210,26 @@ class AaaCfg(object):
        if modify_conf:
            self.modify_conf_file()

+    def check_file_not_empty(self, filename):
+        exists = os.path.exists(filename)
+        if not exists:
+            syslog.syslog(syslog.LOG_ERR, "file size check failed: {} is missing".format(filename))
+            return
+
+        size = os.path.getsize(filename)
+        if size == 0:
+            syslog.syslog(syslog.LOG_ERR, "file size check failed: {} is empty, file corrupted".format(filename))
+            return
+
+        syslog.syslog(syslog.LOG_INFO, "file size check pass: {} size is ({}) bytes".format(filename, size))
+
    def modify_single_file(self, filename, operations=None):
        if operations:
            cmd = "sed -e {0} {1} > {1}.new; mv -f {1} {1}.old; mv -f {1}.new {1}".format(' -e '.join(operations), filename)
            os.system(cmd)

+        self.check_file_not_empty(filename)
+
    def modify_conf_file(self):
        auth = self.auth_default.copy()
        auth.update(self.auth)
--- a/src/sonic-host-services/tests/hostcfgd/hostcfgd_test.py
+++ b/src/sonic-host-services/tests/hostcfgd/hostcfgd_test.py
@ -226,3 +226,68 @@ class TestHostcfgdDaemon(TestCase):
                        call('sonic-kdump-config --num_dumps 3', shell=True),
                        call('sonic-kdump-config --memory 0M-2G:256M,2G-4G:320M,4G-8G:384M,8G-:448M', shell=True)]
            mocked_subprocess.check_call.assert_has_calls(expected, any_order=True)
+
+class TesAaaCfgd(TestCase):
+    """
+        Test hostcfd daemon - AaaCfgd
+    """
+    def setUp(self):
+        MockConfigDb.CONFIG_DB['NTP'] = {'global': {'vrf': 'mgmt', 'src_intf': 'eth0'}}
+        MockConfigDb.CONFIG_DB['NTP_SERVER'] = {'0.debian.pool.ntp.org': {}}
+
+    def tearDown(self):
+        MockConfigDb.CONFIG_DB = {}
+
+    def test_aaa_sshd_not_empty(self):
+        with mock.patch('hostcfgd.subprocess') as mocked_subprocess:
+            popen_mock = mock.Mock()
+            attrs = {'communicate.return_value': ('output', 'error')}
+            popen_mock.configure_mock(**attrs)
+            mocked_subprocess.Popen.return_value = popen_mock
+
+            test_path = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
+            sample_output_path = os.path.join(test_path, "hostcfgd/sample_output/")
+
+            aaacfgd = hostcfgd.AaaCfg()
+            aaacfgd.modify_single_file(os.path.join(sample_output_path, "sshd_not_empty"))
+                
+            # render with empty sshd config file and check error log
+            test_file = os.path.join(sample_output_path, "sshd_empty")
+            original_syslog = hostcfgd.syslog
+            with mock.patch('hostcfgd.syslog.syslog') as mocked_syslog:
+                mocked_syslog.LOG_ERR = original_syslog.LOG_ERR
+                aaacfgd.modify_single_file(test_file)
+
+                # check sys log
+                expected = [
+                    mock.call(mocked_syslog.LOG_ERR, "file size check failed: {} is empty, file corrupted".format(test_file))
+                ]
+                mocked_syslog.assert_has_calls(expected)
+
+            # check with missing sshd config file and check error log
+            test_file = os.path.join(sample_output_path, "sshd_missing")
+            with mock.patch('hostcfgd.syslog.syslog') as mocked_syslog:
+                mocked_syslog.LOG_ERR = original_syslog.LOG_ERR
+
+                # missing file can't test by render config file,
+                # because missing file case difficult to reproduce: code always generate a empty file.
+                aaacfgd.check_file_not_empty(test_file)
+
+                # check sys log
+                expected = [
+                    mock.call(mocked_syslog.LOG_ERR, "file size check failed: {} is missing".format(test_file))
+                ]
+                mocked_syslog.assert_has_calls(expected)
+
+            # render with empty sshd config file and check error log
+            test_file = os.path.join(sample_output_path, "sshd_not_empty")
+            original_syslog = hostcfgd.syslog
+            with mock.patch('hostcfgd.syslog.syslog') as mocked_syslog:
+                mocked_syslog.LOG_INFO = original_syslog.LOG_INFO
+                aaacfgd.modify_single_file(test_file)
+
+                # check sys log
+                expected = [
+                    mock.call(mocked_syslog.LOG_INFO, "file size check pass: {} size is ({}) bytes".format(test_file, 21))
+                ]
+                mocked_syslog.assert_has_calls(expected)
--- a/src/sonic-host-services/tests/hostcfgd/sample_output/sshd_empty
+++ b/src/sonic-host-services/tests/hostcfgd/sample_output/sshd_empty
--- a/src/sonic-host-services/tests/hostcfgd/sample_output/sshd_not_empty
+++ b/src/sonic-host-services/tests/hostcfgd/sample_output/sshd_not_empty
@ -0,0 +1 @@
+#SSHD NOT EMPTY TEST