mirror of
https://github.com/fog/fog.git
synced 2022-11-09 13:51:43 -05:00
Lock user by default
Only leave user unlocked when specifically requested because less secure
This commit is contained in:
parent
2a4ac7f9c6
commit
b9770da6b8
2 changed files with 38 additions and 4 deletions
|
@ -1,3 +1,4 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
require 'fog/compute/models/server'
|
||||
require 'fog/rackspace/models/compute_v2/metadata'
|
||||
|
||||
|
@ -521,13 +522,14 @@ module Fog
|
|||
# @see Servers#bootstrap
|
||||
def setup(credentials = {})
|
||||
requires :public_ip_address, :identity, :public_key, :username
|
||||
Fog::SSH.new(public_ip_address, username, credentials).run([
|
||||
commands = [
|
||||
%{mkdir .ssh},
|
||||
%{echo "#{public_key}" >> ~/.ssh/authorized_keys},
|
||||
%{passwd -l #{username}},
|
||||
password_lock,
|
||||
%{echo "#{Fog::JSON.encode(attributes)}" >> ~/attributes.json},
|
||||
%{echo "#{Fog::JSON.encode(metadata)}" >> ~/metadata.json}
|
||||
])
|
||||
].compact
|
||||
Fog::SSH.new(public_ip_address, username, credentials).run(commands)
|
||||
rescue Errno::ECONNREFUSED
|
||||
sleep(1)
|
||||
retry
|
||||
|
@ -538,6 +540,10 @@ module Fog
|
|||
def adminPass=(new_admin_pass)
|
||||
@password = new_admin_pass
|
||||
end
|
||||
|
||||
def password_lock
|
||||
"passwd -l #{username}" unless attributes[:no_passwd_lock]
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -197,6 +197,34 @@ Shindo.tests('Fog::Compute::RackspaceV2 | server', ['rackspace']) do
|
|||
@instance.wait_for { ready? }
|
||||
end
|
||||
|
||||
tests('#setup') do
|
||||
perform_setup = lambda { |attributes|
|
||||
Fog::SSH::Mock.data.clear
|
||||
|
||||
server = Fog::Compute::RackspaceV2::Server.new(attributes)
|
||||
|
||||
address = 123
|
||||
|
||||
server.ipv4_address = address
|
||||
server.identity = "bar"
|
||||
server.public_key = "baz"
|
||||
|
||||
server.setup
|
||||
|
||||
Fog::SSH::Mock.data[address].first[:commands]
|
||||
}
|
||||
|
||||
test("leaves user unlocked only when requested") do
|
||||
perform_setup.call(:service => service, :no_passwd_lock => true)
|
||||
.none? { |c| c =~ /passwd\s+-l\s+root/ }
|
||||
end
|
||||
|
||||
test("locks user by default") do
|
||||
perform_setup.call(:service => service)
|
||||
.one? { |c| c =~ /passwd\s+-l\s+root/ }
|
||||
end
|
||||
end
|
||||
|
||||
#When after testing resize/resize_confirm we get a 409 when we try to resize_revert so I am going to split it into two blocks
|
||||
model_tests(service.servers, options, true) do
|
||||
@instance.wait_for { ready? }
|
||||
|
|
Loading…
Reference in a new issue