respect disabling root flag and test for it
Project: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/commit/9c4516f6 Tree: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/tree/9c4516f6 Diff: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/diff/9c4516f6 Branch: refs/heads/master Commit: 9c4516f606b03804118769b196115e364f40d68c Parents: 78776ca Author: Alex Heneveld <[email protected]> Authored: Tue May 5 17:59:37 2015 +0100 Committer: Alex Heneveld <[email protected]> Committed: Tue May 5 17:59:37 2015 +0100 ---------------------------------------------------------------------- .../location/jclouds/JcloudsLocation.java | 3 +- .../location/jclouds/JcloudsLocationTest.java | 45 ++++++++++++++++++++ 2 files changed, 47 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/9c4516f6/locations/jclouds/src/main/java/brooklyn/location/jclouds/JcloudsLocation.java ---------------------------------------------------------------------- diff --git a/locations/jclouds/src/main/java/brooklyn/location/jclouds/JcloudsLocation.java b/locations/jclouds/src/main/java/brooklyn/location/jclouds/JcloudsLocation.java index d0c52d8..8be14bf 100644 --- a/locations/jclouds/src/main/java/brooklyn/location/jclouds/JcloudsLocation.java +++ b/locations/jclouds/src/main/java/brooklyn/location/jclouds/JcloudsLocation.java @@ -1467,6 +1467,7 @@ public class JcloudsLocation extends AbstractCloudMachineProvisioningLocation im .grantSudoToAdminUser(grantUserSudo); boolean useKey = Strings.isNonBlank(pubKey); + adminBuilder.cryptFunction(Sha512Crypt.function()); // always set this password; if not supplied, it will be a random string adminBuilder.adminPassword(passwordToSet); @@ -1499,7 +1500,7 @@ public class JcloudsLocation extends AbstractCloudMachineProvisioningLocation im // lock SSH means no root login and no passwordless login // if we're using a password or we don't have sudo, then don't do this! - adminBuilder.lockSsh(useKey && grantUserSudo && !config.get(JcloudsLocationConfig.DISABLE_ROOT_AND_PASSWORD_SSH)); + adminBuilder.lockSsh(useKey && grantUserSudo && config.get(JcloudsLocationConfig.DISABLE_ROOT_AND_PASSWORD_SSH)); statements.add(adminBuilder.build()); http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/9c4516f6/locations/jclouds/src/test/java/brooklyn/location/jclouds/JcloudsLocationTest.java ---------------------------------------------------------------------- diff --git a/locations/jclouds/src/test/java/brooklyn/location/jclouds/JcloudsLocationTest.java b/locations/jclouds/src/test/java/brooklyn/location/jclouds/JcloudsLocationTest.java index b41f24e..c2a78c3 100644 --- a/locations/jclouds/src/test/java/brooklyn/location/jclouds/JcloudsLocationTest.java +++ b/locations/jclouds/src/test/java/brooklyn/location/jclouds/JcloudsLocationTest.java @@ -28,7 +28,10 @@ import java.util.concurrent.atomic.AtomicInteger; import javax.annotation.Nullable; import org.jclouds.compute.ComputeService; +import org.jclouds.compute.domain.Image; import org.jclouds.compute.domain.Template; +import org.jclouds.scriptbuilder.domain.OsFamily; +import org.jclouds.scriptbuilder.domain.StatementList; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.testng.Assert; @@ -44,6 +47,7 @@ import brooklyn.location.LocationSpec; import brooklyn.location.NoMachinesAvailableException; import brooklyn.location.basic.LocationConfigKeys; import brooklyn.location.geo.HostGeoInfo; +import brooklyn.location.jclouds.JcloudsLocation.UserCreation; import brooklyn.management.internal.LocalManagementContext; import brooklyn.test.Asserts; import brooklyn.test.entity.LocalManagementContextForTests; @@ -52,6 +56,7 @@ import brooklyn.util.config.ConfigBag; import brooklyn.util.exceptions.CompoundRuntimeException; import brooklyn.util.exceptions.Exceptions; +import com.google.common.annotations.VisibleForTesting; import com.google.common.base.Function; import com.google.common.base.Predicate; import com.google.common.base.Predicates; @@ -104,6 +109,10 @@ public class JcloudsLocationTest implements JcloudsLocationConfig { } } } + @Override @VisibleForTesting + public UserCreation createUserStatements(@Nullable Image image, ConfigBag config) { + return super.createUserStatements(image, config); + } } @SuppressWarnings("serial") @@ -554,4 +563,40 @@ public class JcloudsLocationTest implements JcloudsLocationConfig { } // TODO more tests, where flags come in from resolver, named locations, etc + + // now test creating users + + protected String getCreateUserStatementsFor(Map<?,?> config) { + BailOutJcloudsLocation jl = newSampleBailOutJcloudsLocationForTesting(MutableMap.<Object,Object>builder() + .put(JcloudsLocationConfig.LOGIN_USER, "root").put(JcloudsLocationConfig.LOGIN_USER_PASSWORD, "m0ck") + .put(JcloudsLocationConfig.USER, "bob").put(JcloudsLocationConfig.LOGIN_USER_PASSWORD, "b0b") + .putAll(config).build()); + + UserCreation creation = jl.createUserStatements(null, jl.config().getBag()); + return new StatementList(creation.statements).render(OsFamily.UNIX); + } + + @Test + public void testDisablesRoot() { + String statements = getCreateUserStatementsFor(ImmutableMap.of()); + Assert.assertTrue(statements.contains("PermitRootLogin"), "Error:\n"+statements); + Assert.assertTrue(statements.matches("(?s).*sudoers.*useradd.*bob.*wheel.*"), "Error:\n"+statements); + } + + @Test + public void testDisableRootFalse() { + String statements = getCreateUserStatementsFor(ImmutableMap.of(JcloudsLocationConfig.DISABLE_ROOT_AND_PASSWORD_SSH, false)); + Assert.assertFalse(statements.contains("PermitRootLogin"), "Error:\n"+statements); + Assert.assertTrue(statements.matches("(?s).*sudoers.*useradd.*bob.*wheel.*"), "Error:\n"+statements); + } + + @Test + public void testDisableRootAndSudoFalse() { + String statements = getCreateUserStatementsFor(ImmutableMap.of( + JcloudsLocationConfig.DISABLE_ROOT_AND_PASSWORD_SSH, false, + JcloudsLocationConfig.GRANT_USER_SUDO, false)); + Assert.assertFalse(statements.contains("PermitRootLogin"), "Error:\n"+statements); + Assert.assertFalse(statements.matches("(?s).*sudoers.*useradd.*bob.*wheel.*"), "Error:\n"+statements); + } + }
