mirror of
https://github.com/fog/fog.git
synced 2022-11-09 13:51:43 -05:00
Lock user by default
Only leave user unlocked when specifically requested because less secure
This commit is contained in:
parent
2a4ac7f9c6
commit
b9770da6b8
2 changed files with 38 additions and 4 deletions
|
@ -1,3 +1,4 @@
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
require 'fog/compute/models/server'
|
require 'fog/compute/models/server'
|
||||||
require 'fog/rackspace/models/compute_v2/metadata'
|
require 'fog/rackspace/models/compute_v2/metadata'
|
||||||
|
|
||||||
|
@ -521,13 +522,14 @@ module Fog
|
||||||
# @see Servers#bootstrap
|
# @see Servers#bootstrap
|
||||||
def setup(credentials = {})
|
def setup(credentials = {})
|
||||||
requires :public_ip_address, :identity, :public_key, :username
|
requires :public_ip_address, :identity, :public_key, :username
|
||||||
Fog::SSH.new(public_ip_address, username, credentials).run([
|
commands = [
|
||||||
%{mkdir .ssh},
|
%{mkdir .ssh},
|
||||||
%{echo "#{public_key}" >> ~/.ssh/authorized_keys},
|
%{echo "#{public_key}" >> ~/.ssh/authorized_keys},
|
||||||
%{passwd -l #{username}},
|
password_lock,
|
||||||
%{echo "#{Fog::JSON.encode(attributes)}" >> ~/attributes.json},
|
%{echo "#{Fog::JSON.encode(attributes)}" >> ~/attributes.json},
|
||||||
%{echo "#{Fog::JSON.encode(metadata)}" >> ~/metadata.json}
|
%{echo "#{Fog::JSON.encode(metadata)}" >> ~/metadata.json}
|
||||||
])
|
].compact
|
||||||
|
Fog::SSH.new(public_ip_address, username, credentials).run(commands)
|
||||||
rescue Errno::ECONNREFUSED
|
rescue Errno::ECONNREFUSED
|
||||||
sleep(1)
|
sleep(1)
|
||||||
retry
|
retry
|
||||||
|
@ -538,6 +540,10 @@ module Fog
|
||||||
def adminPass=(new_admin_pass)
|
def adminPass=(new_admin_pass)
|
||||||
@password = new_admin_pass
|
@password = new_admin_pass
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def password_lock
|
||||||
|
"passwd -l #{username}" unless attributes[:no_passwd_lock]
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -197,6 +197,34 @@ Shindo.tests('Fog::Compute::RackspaceV2 | server', ['rackspace']) do
|
||||||
@instance.wait_for { ready? }
|
@instance.wait_for { ready? }
|
||||||
end
|
end
|
||||||
|
|
||||||
|
tests('#setup') do
|
||||||
|
perform_setup = lambda { |attributes|
|
||||||
|
Fog::SSH::Mock.data.clear
|
||||||
|
|
||||||
|
server = Fog::Compute::RackspaceV2::Server.new(attributes)
|
||||||
|
|
||||||
|
address = 123
|
||||||
|
|
||||||
|
server.ipv4_address = address
|
||||||
|
server.identity = "bar"
|
||||||
|
server.public_key = "baz"
|
||||||
|
|
||||||
|
server.setup
|
||||||
|
|
||||||
|
Fog::SSH::Mock.data[address].first[:commands]
|
||||||
|
}
|
||||||
|
|
||||||
|
test("leaves user unlocked only when requested") do
|
||||||
|
perform_setup.call(:service => service, :no_passwd_lock => true)
|
||||||
|
.none? { |c| c =~ /passwd\s+-l\s+root/ }
|
||||||
|
end
|
||||||
|
|
||||||
|
test("locks user by default") do
|
||||||
|
perform_setup.call(:service => service)
|
||||||
|
.one? { |c| c =~ /passwd\s+-l\s+root/ }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
#When after testing resize/resize_confirm we get a 409 when we try to resize_revert so I am going to split it into two blocks
|
#When after testing resize/resize_confirm we get a 409 when we try to resize_revert so I am going to split it into two blocks
|
||||||
model_tests(service.servers, options, true) do
|
model_tests(service.servers, options, true) do
|
||||||
@instance.wait_for { ready? }
|
@instance.wait_for { ready? }
|
||||||
|
|
Loading…
Reference in a new issue