You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@brooklyn.apache.org by he...@apache.org on 2015/05/08 19:01:52 UTC

[3/7] incubator-brooklyn git commit: respect disabling root flag and test for it

respect disabling root flag and test for it


Project: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/commit/9c4516f6
Tree: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/tree/9c4516f6
Diff: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/diff/9c4516f6

Branch: refs/heads/master
Commit: 9c4516f606b03804118769b196115e364f40d68c
Parents: 78776ca
Author: Alex Heneveld <al...@cloudsoftcorp.com>
Authored: Tue May 5 17:59:37 2015 +0100
Committer: Alex Heneveld <al...@cloudsoftcorp.com>
Committed: Tue May 5 17:59:37 2015 +0100

----------------------------------------------------------------------
 .../location/jclouds/JcloudsLocation.java       |  3 +-
 .../location/jclouds/JcloudsLocationTest.java   | 45 ++++++++++++++++++++
 2 files changed, 47 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/9c4516f6/locations/jclouds/src/main/java/brooklyn/location/jclouds/JcloudsLocation.java
----------------------------------------------------------------------
diff --git a/locations/jclouds/src/main/java/brooklyn/location/jclouds/JcloudsLocation.java b/locations/jclouds/src/main/java/brooklyn/location/jclouds/JcloudsLocation.java
index d0c52d8..8be14bf 100644
--- a/locations/jclouds/src/main/java/brooklyn/location/jclouds/JcloudsLocation.java
+++ b/locations/jclouds/src/main/java/brooklyn/location/jclouds/JcloudsLocation.java
@@ -1467,6 +1467,7 @@ public class JcloudsLocation extends AbstractCloudMachineProvisioningLocation im
                     .grantSudoToAdminUser(grantUserSudo);
 
             boolean useKey = Strings.isNonBlank(pubKey);
+            adminBuilder.cryptFunction(Sha512Crypt.function());
 
             // always set this password; if not supplied, it will be a random string
             adminBuilder.adminPassword(passwordToSet);
@@ -1499,7 +1500,7 @@ public class JcloudsLocation extends AbstractCloudMachineProvisioningLocation im
 
             // lock SSH means no root login and no passwordless login
             // if we're using a password or we don't have sudo, then don't do this!
-            adminBuilder.lockSsh(useKey && grantUserSudo && !config.get(JcloudsLocationConfig.DISABLE_ROOT_AND_PASSWORD_SSH));
+            adminBuilder.lockSsh(useKey && grantUserSudo && config.get(JcloudsLocationConfig.DISABLE_ROOT_AND_PASSWORD_SSH));
 
             statements.add(adminBuilder.build());
 

http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/9c4516f6/locations/jclouds/src/test/java/brooklyn/location/jclouds/JcloudsLocationTest.java
----------------------------------------------------------------------
diff --git a/locations/jclouds/src/test/java/brooklyn/location/jclouds/JcloudsLocationTest.java b/locations/jclouds/src/test/java/brooklyn/location/jclouds/JcloudsLocationTest.java
index b41f24e..c2a78c3 100644
--- a/locations/jclouds/src/test/java/brooklyn/location/jclouds/JcloudsLocationTest.java
+++ b/locations/jclouds/src/test/java/brooklyn/location/jclouds/JcloudsLocationTest.java
@@ -28,7 +28,10 @@ import java.util.concurrent.atomic.AtomicInteger;
 import javax.annotation.Nullable;
 
 import org.jclouds.compute.ComputeService;
+import org.jclouds.compute.domain.Image;
 import org.jclouds.compute.domain.Template;
+import org.jclouds.scriptbuilder.domain.OsFamily;
+import org.jclouds.scriptbuilder.domain.StatementList;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.testng.Assert;
@@ -44,6 +47,7 @@ import brooklyn.location.LocationSpec;
 import brooklyn.location.NoMachinesAvailableException;
 import brooklyn.location.basic.LocationConfigKeys;
 import brooklyn.location.geo.HostGeoInfo;
+import brooklyn.location.jclouds.JcloudsLocation.UserCreation;
 import brooklyn.management.internal.LocalManagementContext;
 import brooklyn.test.Asserts;
 import brooklyn.test.entity.LocalManagementContextForTests;
@@ -52,6 +56,7 @@ import brooklyn.util.config.ConfigBag;
 import brooklyn.util.exceptions.CompoundRuntimeException;
 import brooklyn.util.exceptions.Exceptions;
 
+import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Function;
 import com.google.common.base.Predicate;
 import com.google.common.base.Predicates;
@@ -104,6 +109,10 @@ public class JcloudsLocationTest implements JcloudsLocationConfig {
                 }
             }
         }
+        @Override @VisibleForTesting
+        public UserCreation createUserStatements(@Nullable Image image, ConfigBag config) {
+            return super.createUserStatements(image, config);
+        }
     }
 
     @SuppressWarnings("serial")
@@ -554,4 +563,40 @@ public class JcloudsLocationTest implements JcloudsLocationConfig {
     }
 
     // TODO more tests, where flags come in from resolver, named locations, etc
+
+    // now test creating users
+    
+    protected String getCreateUserStatementsFor(Map<?,?> config) {
+        BailOutJcloudsLocation jl = newSampleBailOutJcloudsLocationForTesting(MutableMap.<Object,Object>builder()
+            .put(JcloudsLocationConfig.LOGIN_USER, "root").put(JcloudsLocationConfig.LOGIN_USER_PASSWORD, "m0ck")
+            .put(JcloudsLocationConfig.USER, "bob").put(JcloudsLocationConfig.LOGIN_USER_PASSWORD, "b0b")
+            .putAll(config).build());
+        
+        UserCreation creation = jl.createUserStatements(null, jl.config().getBag());
+        return new StatementList(creation.statements).render(OsFamily.UNIX);        
+    }
+    
+    @Test
+    public void testDisablesRoot() {
+        String statements = getCreateUserStatementsFor(ImmutableMap.of());
+        Assert.assertTrue(statements.contains("PermitRootLogin"), "Error:\n"+statements);
+        Assert.assertTrue(statements.matches("(?s).*sudoers.*useradd.*bob.*wheel.*"), "Error:\n"+statements);
+    }
+
+    @Test
+    public void testDisableRootFalse() {
+        String statements = getCreateUserStatementsFor(ImmutableMap.of(JcloudsLocationConfig.DISABLE_ROOT_AND_PASSWORD_SSH, false));
+        Assert.assertFalse(statements.contains("PermitRootLogin"), "Error:\n"+statements);
+        Assert.assertTrue(statements.matches("(?s).*sudoers.*useradd.*bob.*wheel.*"), "Error:\n"+statements);
+    }
+    
+    @Test
+    public void testDisableRootAndSudoFalse() {
+        String statements = getCreateUserStatementsFor(ImmutableMap.of(
+            JcloudsLocationConfig.DISABLE_ROOT_AND_PASSWORD_SSH, false,
+            JcloudsLocationConfig.GRANT_USER_SUDO, false));
+        Assert.assertFalse(statements.contains("PermitRootLogin"), "Error:\n"+statements);
+        Assert.assertFalse(statements.matches("(?s).*sudoers.*useradd.*bob.*wheel.*"), "Error:\n"+statements);
+    }
+
 }