Update uamlite.sh to handle empty user_sshkeys arrays

Previously _uamlite.sh.tpl would fail to render if any user data had an empty user_sshkeys array. This is because the template would check to see if the key existed, but not actually make sure that the array contained within that key had any elements. "first" would be called against the empty array, which would return nil, and then the outer eq function call would fail (as it can't be used to compare nil values). This patch set adds a default statement after the "first" function, so that if the array is empty and first returns nil, a default of "Unmanaged" will be returned, which will end up making the eq statement evaluate to false, and the code inside the if statement to not be run. Change-Id: I52713795284cd1d0961bd430858061f9df9c5f78
2019-06-25 15:16:31 -05:00 · 2019-06-25 15:16:31 -05:00 · 4c6ac4712d
parent 00cebd8b3b
commit 4c6ac4712d
1 changed files with 1 additions and 1 deletions
--- a/divingbell/templates/bin/_uamlite.sh.tpl
+++ b/divingbell/templates/bin/_uamlite.sh.tpl
@ -154,7 +154,7 @@ purge_expired_users={{ .Values.conf.uamlite.purge_expired_users | squote }}
    {{ $key }}={{ $value | squote }} \
  {{- end }}
  {{- if hasKey . "user_sshkeys" }}
-  {{- if not (eq (first .user_sshkeys) "Unmanaged") }}
+  {{- if not (eq (first .user_sshkeys | default "Unmanaged") "Unmanaged") }}
  add_sshkeys {{ range $ssh_key := .user_sshkeys }}{{ if not (or (regexMatch "ssh-dss .*" $ssh_key) (regexMatch "ecdsa-.*" $ssh_key) (regexMatch "ssh-ed25519 .*" $ssh_key) (regexMatch "ssh-rsa .*" $ssh_key)) }}{{ fail (print "BAD SSH KEY FOR '" $item.user_name "': One of the 'user_sshkeys' specified for '" $item.user_name "' does not pass regex checks: '" $ssh_key "'. Ensure that the supplied user SSH keys are supported/formatted per divingbell documentation at https://airship-divingbell.readthedocs.io/#uamlite") }}{{ else }}{{ $ssh_key | squote }}{{ end }} {{ end }}
 {{- end }}
 {{- else }}