Lock user by default

Only leave user unlocked when specifically requested because less secure
2022-11-09 13:51:43 -05:00 · 2013-12-19 10:14:01 -05:00 · 2013-12-19 10:14:01 -05:00 · b9770da6b8
commit b9770da6b8
parent 2a4ac7f9c6
2 changed files with 38 additions and 4 deletions
--- a/lib/fog/rackspace/models/compute_v2/server.rb
+++ b/lib/fog/rackspace/models/compute_v2/server.rb
@ -1,3 +1,4 @@
+# -*- coding: utf-8 -*-
 require 'fog/compute/models/server'
 require 'fog/rackspace/models/compute_v2/metadata'

@ -521,13 +522,14 @@ module Fog
        # @see Servers#bootstrap
        def setup(credentials = {})
          requires :public_ip_address, :identity, :public_key, :username
-          Fog::SSH.new(public_ip_address, username, credentials).run([
+          commands = [
            %{mkdir .ssh},
            %{echo "#{public_key}" >> ~/.ssh/authorized_keys},
-            %{passwd -l #{username}},
+            password_lock,
            %{echo "#{Fog::JSON.encode(attributes)}" >> ~/attributes.json},
            %{echo "#{Fog::JSON.encode(metadata)}" >> ~/metadata.json}
-          ])
+          ].compact
+          Fog::SSH.new(public_ip_address, username, credentials).run(commands)
        rescue Errno::ECONNREFUSED
          sleep(1)
          retry
@ -538,6 +540,10 @@ module Fog
        def adminPass=(new_admin_pass)
          @password = new_admin_pass
        end
+
+        def password_lock
+          "passwd -l #{username}" unless attributes[:no_passwd_lock] 
+        end
      end
    end
  end
--- a/tests/rackspace/models/compute_v2/server_tests.rb
+++ b/tests/rackspace/models/compute_v2/server_tests.rb
@ -195,7 +195,35 @@ Shindo.tests('Fog::Compute::RackspaceV2 | server', ['rackspace']) do
    end

    @instance.wait_for { ready? }
-   end
+  end
+
+  tests('#setup') do
+    perform_setup = lambda { |attributes|
+      Fog::SSH::Mock.data.clear
+
+      server = Fog::Compute::RackspaceV2::Server.new(attributes)
+
+      address = 123
+
+      server.ipv4_address = address
+      server.identity = "bar"
+      server.public_key = "baz"
+
+      server.setup
+
+      Fog::SSH::Mock.data[address].first[:commands]
+    }
+
+    test("leaves user unlocked only when requested") do
+      perform_setup.call(:service => service, :no_passwd_lock => true)
+                   .none? { |c| c =~ /passwd\s+-l\s+root/ } 
+    end
+
+    test("locks user by default") do
+      perform_setup.call(:service => service)
+                   .one? { |c| c =~ /passwd\s+-l\s+root/ }
+    end
+  end

  #When after testing resize/resize_confirm we get a 409 when we try to resize_revert so I am going to split it into two blocks
  model_tests(service.servers, options, true) do