1
0
Fork 0
mirror of https://github.com/fog/fog.git synced 2022-11-09 13:51:43 -05:00

Lock user by default

Only leave user unlocked when specifically requested because less secure
This commit is contained in:
Evan Light 2013-12-19 10:14:01 -05:00
parent 2a4ac7f9c6
commit b9770da6b8
2 changed files with 38 additions and 4 deletions

View file

@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
require 'fog/compute/models/server' require 'fog/compute/models/server'
require 'fog/rackspace/models/compute_v2/metadata' require 'fog/rackspace/models/compute_v2/metadata'
@ -521,13 +522,14 @@ module Fog
# @see Servers#bootstrap # @see Servers#bootstrap
def setup(credentials = {}) def setup(credentials = {})
requires :public_ip_address, :identity, :public_key, :username requires :public_ip_address, :identity, :public_key, :username
Fog::SSH.new(public_ip_address, username, credentials).run([ commands = [
%{mkdir .ssh}, %{mkdir .ssh},
%{echo "#{public_key}" >> ~/.ssh/authorized_keys}, %{echo "#{public_key}" >> ~/.ssh/authorized_keys},
%{passwd -l #{username}}, password_lock,
%{echo "#{Fog::JSON.encode(attributes)}" >> ~/attributes.json}, %{echo "#{Fog::JSON.encode(attributes)}" >> ~/attributes.json},
%{echo "#{Fog::JSON.encode(metadata)}" >> ~/metadata.json} %{echo "#{Fog::JSON.encode(metadata)}" >> ~/metadata.json}
]) ].compact
Fog::SSH.new(public_ip_address, username, credentials).run(commands)
rescue Errno::ECONNREFUSED rescue Errno::ECONNREFUSED
sleep(1) sleep(1)
retry retry
@ -538,6 +540,10 @@ module Fog
def adminPass=(new_admin_pass) def adminPass=(new_admin_pass)
@password = new_admin_pass @password = new_admin_pass
end end
def password_lock
"passwd -l #{username}" unless attributes[:no_passwd_lock]
end
end end
end end
end end

View file

@ -197,6 +197,34 @@ Shindo.tests('Fog::Compute::RackspaceV2 | server', ['rackspace']) do
@instance.wait_for { ready? } @instance.wait_for { ready? }
end end
tests('#setup') do
perform_setup = lambda { |attributes|
Fog::SSH::Mock.data.clear
server = Fog::Compute::RackspaceV2::Server.new(attributes)
address = 123
server.ipv4_address = address
server.identity = "bar"
server.public_key = "baz"
server.setup
Fog::SSH::Mock.data[address].first[:commands]
}
test("leaves user unlocked only when requested") do
perform_setup.call(:service => service, :no_passwd_lock => true)
.none? { |c| c =~ /passwd\s+-l\s+root/ }
end
test("locks user by default") do
perform_setup.call(:service => service)
.one? { |c| c =~ /passwd\s+-l\s+root/ }
end
end
#When after testing resize/resize_confirm we get a 409 when we try to resize_revert so I am going to split it into two blocks #When after testing resize/resize_confirm we get a 409 when we try to resize_revert so I am going to split it into two blocks
model_tests(service.servers, options, true) do model_tests(service.servers, options, true) do
@instance.wait_for { ready? } @instance.wait_for { ready? }