From 835c459b9849b888fdecd045f5d64b37742eb2b3 Mon Sep 17 00:00:00 2001
From: Sol Jerome <sol.jerome@gmail.com>
Date: Wed, 29 Oct 2014 15:30:26 -0500
Subject: Tools: Fix install of non-whitelisted services

Previously, a service restart would occur even when running in whitelist
mode without the service being present in the whitelist.

Signed-off-by: Sol Jerome <sol.jerome@gmail.com>
---
 src/lib/Bcfg2/Client/Tools/Action.py   | 22 +++-------------------
 src/lib/Bcfg2/Client/Tools/__init__.py | 22 ++++++++++++++++++++--
 2 files changed, 23 insertions(+), 21 deletions(-)

diff --git a/src/lib/Bcfg2/Client/Tools/Action.py b/src/lib/Bcfg2/Client/Tools/Action.py
index 0166e4c00..1edf4609b 100644
--- a/src/lib/Bcfg2/Client/Tools/Action.py
+++ b/src/lib/Bcfg2/Client/Tools/Action.py
@@ -4,7 +4,6 @@ import os
 import sys
 import select
 import Bcfg2.Client.Tools
-from Bcfg2.Client.Frame import matches_white_list, passes_black_list
 from Bcfg2.Compat import input  # pylint: disable=W0622
 
 
@@ -15,21 +14,6 @@ class Action(Bcfg2.Client.Tools.Tool):
     __req__ = {'PostInstall': ['name'],
                'Action': ['name', 'timing', 'when', 'command', 'status']}
 
-    def _action_allowed(self, action):
-        """ Return true if the given action is allowed to be run by
-        the whitelist or blacklist """
-        if self.setup['decision'] == 'whitelist' and \
-           not matches_white_list(action, self.setup['decision_list']):
-            self.logger.info("In whitelist mode: suppressing Action: %s" %
-                             action.get('name'))
-            return False
-        if self.setup['decision'] == 'blacklist' and \
-           not passes_black_list(action, self.setup['decision_list']):
-            self.logger.info("In blacklist mode: suppressing Action: %s" %
-                             action.get('name'))
-            return False
-        return True
-
     def RunAction(self, entry):
         """This method handles command execution and status return."""
         shell = False
@@ -90,12 +74,12 @@ class Action(Bcfg2.Client.Tools.Tool):
     def BundleUpdated(self, bundle, states):
         """Run postinstalls when bundles have been updated."""
         for postinst in bundle.findall("PostInstall"):
-            if not self._action_allowed(postinst):
+            if not self._install_allowed(postinst):
                 continue
             self.cmd.run(postinst.get('name'))
         for action in bundle.findall("Action"):
             if action.get('timing') in ['post', 'both']:
-                if not self._action_allowed(action):
+                if not self._install_allowed(action):
                     continue
                 states[action] = self.RunAction(action)
 
@@ -104,6 +88,6 @@ class Action(Bcfg2.Client.Tools.Tool):
         for action in bundle.findall("Action"):
             if action.get('timing') in ['post', 'both'] and \
                action.get('when') != 'modified':
-                if not self._action_allowed(action):
+                if not self._install_allowed(action):
                     continue
                 states[action] = self.RunAction(action)
diff --git a/src/lib/Bcfg2/Client/Tools/__init__.py b/src/lib/Bcfg2/Client/Tools/__init__.py
index 703b8ff57..0bec71e20 100644
--- a/src/lib/Bcfg2/Client/Tools/__init__.py
+++ b/src/lib/Bcfg2/Client/Tools/__init__.py
@@ -1,10 +1,12 @@
 """This contains all Bcfg2 Tool modules"""
 
 import os
-import sys
 import stat
+import sys
+
 import Bcfg2.Client
 import Bcfg2.Client.XML
+from Bcfg2.Client.Frame import matches_white_list, passes_black_list
 from Bcfg2.Utils import Executor, ClassName
 from Bcfg2.Compat import walk_packages  # pylint: disable=W0622
 
@@ -141,6 +143,21 @@ class Tool(object):
                 raise ToolInstantiationError("%s: %s not executable" %
                                              (self.name, filename))
 
+    def _install_allowed(self, entry):
+        """ Return true if the given entry is allowed to be installed by
+        the whitelist or blacklist """
+        if self.setup['decision'] == 'whitelist' and \
+           not matches_white_list(entry, self.setup['decision_list']):
+            self.logger.info("In whitelist mode: suppressing %s: %s" %
+                             (entry.tag, entry.get('name')))
+            return False
+        if self.setup['decision'] == 'blacklist' and \
+           not passes_black_list(entry, self.setup['decision_list']):
+            self.logger.info("In blacklist mode: suppressing %s: %s" %
+                             (entry.tag, entry.get('name')))
+            return False
+        return True
+
     def BundleUpdated(self, bundle, states):  # pylint: disable=W0613
         """ Callback that is invoked when a bundle has been updated.
 
@@ -591,7 +608,8 @@ class SvcTool(Tool):
             return
 
         for entry in bundle:
-            if not self.handlesEntry(entry):
+            if (not self.handlesEntry(entry)
+                or not self._install_allowed(entry)):
                 continue
 
             estatus = entry.get('status')
-- 
cgit v1.2.3-1-g7c22