summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCraig Anderson <craig.anderson@att.com>2018-04-04 18:57:12 +0000
committerCraig Anderson <craig.anderson@att.com>2018-04-04 20:39:04 +0000
commit73e7437b9bbecbcdd006b8ee33460843d2baa593 (patch)
tree38922d843e3e124559cb7a00060933535aceadac
parent4f141f2c22b65819f79a10bfa47d3cd07b29f8cd (diff)
[Bug 402389] Script should work without users
-rw-r--r--divingbell/templates/bin/_uamlite.sh.tpl50
-rwxr-xr-xdivingbell/tools/gate/test.sh4
2 files changed, 33 insertions, 21 deletions
diff --git a/divingbell/templates/bin/_uamlite.sh.tpl b/divingbell/templates/bin/_uamlite.sh.tpl
index adbf4b6..8ec9e8a 100644
--- a/divingbell/templates/bin/_uamlite.sh.tpl
+++ b/divingbell/templates/bin/_uamlite.sh.tpl
@@ -118,27 +118,33 @@ add_sshkeys(){
118 118
119# TODO: This should be done before applying new settings rather than after 119# TODO: This should be done before applying new settings rather than after
120# Expire any previously defined users that are no longer defined 120# Expire any previously defined users that are no longer defined
121users="$(getent passwd | grep ${keyword} | cut -d':' -f1)" 121if [ -n "$(getent passwd | grep ${keyword} | cut -d':' -f1)" ]; then
122echo "$users" | sort > /tmp/prev_users 122 users="$(getent passwd | grep ${keyword} | cut -d':' -f1)"
123echo "$curr_userlist" | sort > /tmp/curr_users 123 echo "$users" | sort > /tmp/prev_users
124revert_list="$(comm -23 /tmp/prev_users /tmp/curr_users)" 124 echo "$curr_userlist" | sort > /tmp/curr_users
125IFS=$'\n' 125 revert_list="$(comm -23 /tmp/prev_users /tmp/curr_users)"
126for user in ${revert_list}; do 126 IFS=$'\n'
127 # We expire rather than delete the user to maintain local UID FS consistency 127 for user in ${revert_list}; do
128 usermod --expiredate 1 ${user} 128 # We expire rather than delete the user to maintain local UID FS consistency
129 log.INFO "User '${user}' has been disabled (expired)" 129 usermod --expiredate 1 ${user}
130done 130 log.INFO "User '${user}' has been disabled (expired)"
131 done
132 unset IFS
133fi
131 134
132# Delete any previous user sudo access that is no longer defined 135# Delete any previous user sudo access that is no longer defined
133sudoers="$(find /etc/sudoers.d | grep ${keyword})" 136if [ -n "$(find /etc/sudoers.d | grep ${keyword})" ]; then
134echo "$sudoers" | sort > /tmp/prev_sudoers 137 sudoers="$(find /etc/sudoers.d | grep ${keyword})"
135echo "$curr_sudoers" | sort > /tmp/curr_sudoers 138 echo "$sudoers" | sort > /tmp/prev_sudoers
136revert_list="$(comm -23 /tmp/prev_sudoers /tmp/curr_sudoers)" 139 echo "$curr_sudoers" | sort > /tmp/curr_sudoers
137IFS=$'\n' 140 revert_list="$(comm -23 /tmp/prev_sudoers /tmp/curr_sudoers)"
138for sudo_file in ${revert_list}; do 141 IFS=$'\n'
139 rm "${sudo_file}" 142 for sudo_file in ${revert_list}; do
140 log.INFO "Sudoers file '${sudo_file}' has been deleted" 143 rm -v "${sudo_file}"
141done 144 log.INFO "Sudoers file '${sudo_file}' has been deleted"
145 done
146 unset IFS
147fi
142 148
143if [ -n "${builtin_acct}" ] && [ -n "$(getent passwd ${builtin_acct})" ]; then 149if [ -n "${builtin_acct}" ] && [ -n "$(getent passwd ${builtin_acct})" ]; then
144 # Disable built-in account as long as there was at least one account defined 150 # Disable built-in account as long as there was at least one account defined
@@ -147,6 +153,8 @@ if [ -n "${builtin_acct}" ] && [ -n "$(getent passwd ${builtin_acct})" ]; then
147 if [ "$(chage -l ${builtin_acct} | grep 'Account expires' | cut -d':' -f2 | 153 if [ "$(chage -l ${builtin_acct} | grep 'Account expires' | cut -d':' -f2 |
148 tr -d '[:space:]')" = "never" ]; then 154 tr -d '[:space:]')" = "never" ]; then
149 usermod --expiredate 1 ${builtin_acct} 155 usermod --expiredate 1 ${builtin_acct}
156 log.INFO "Built-in account '${builtin_acct}' was expired because at least"
157 log.INFO "one other account was defined with an SSH key."
150 fi 158 fi
151 # Re-enable built-in account as a fallback in the event that are no other 159 # Re-enable built-in account as a fallback in the event that are no other
152 # accounts defined in this chart with a ssh key present 160 # accounts defined in this chart with a ssh key present
@@ -154,8 +162,12 @@ if [ -n "${builtin_acct}" ] && [ -n "$(getent passwd ${builtin_acct})" ]; then
154 if [ "$(chage -l ${builtin_acct} | grep 'Account expires' | cut -d':' -f2 | 162 if [ "$(chage -l ${builtin_acct} | grep 'Account expires' | cut -d':' -f2 |
155 tr -d '[:space:]')" != "never" ]; then 163 tr -d '[:space:]')" != "never" ]; then
156 usermod --expiredate "" ${builtin_acct} 164 usermod --expiredate "" ${builtin_acct}
165 log.INFO "Built-in account '${builtin_acct}' was un-expired because there"
166 log.INFO "were no other accounts defined with an SSH key."
157 fi 167 fi
158 fi 168 fi
169elif [ -n "${builtin_acct}" ]; then
170 log.WARN "Could not find built-in account '${builtin_acct}'."
159fi 171fi
160 172
161if [ -n "${curr_userlist}" ]; then 173if [ -n "${curr_userlist}" ]; then
diff --git a/divingbell/tools/gate/test.sh b/divingbell/tools/gate/test.sh
index 10a19f0..5f6f2a3 100755
--- a/divingbell/tools/gate/test.sh
+++ b/divingbell/tools/gate/test.sh
@@ -728,9 +728,9 @@ test_overrides(){
728 728
729 # Compare against expected number of generated daemonsets 729 # Compare against expected number of generated daemonsets
730 daemonset_count="$(echo "${tc_output}" | grep 'kind: DaemonSet' | wc -l)" 730 daemonset_count="$(echo "${tc_output}" | grep 'kind: DaemonSet' | wc -l)"
731 if [ "${daemonset_count}" != "11" ]; then 731 if [ "${daemonset_count}" != "12" ]; then
732 echo '[FAILURE] overrides test 1 failed' >> "${TEST_RESULTS}" 732 echo '[FAILURE] overrides test 1 failed' >> "${TEST_RESULTS}"
733 echo "Expected 11 daemonsets; got '${daemonset_count}'" >> "${TEST_RESULTS}" 733 echo "Expected 12 daemonsets; got '${daemonset_count}'" >> "${TEST_RESULTS}"
734 exit 1 734 exit 1
735 else 735 else
736 echo '[SUCCESS] overrides test 1 passed successfully' >> "${TEST_RESULTS}" 736 echo '[SUCCESS] overrides test 1 passed successfully' >> "${TEST_RESULTS}"