From 4c6ac4712d6e75fe2e0c41060e13d0fdf0c7c3fd Mon Sep 17 00:00:00 2001 From: Matt Carter Date: Tue, 25 Jun 2019 15:16:31 -0500 Subject: [PATCH] Update uamlite.sh to handle empty user_sshkeys arrays Previously _uamlite.sh.tpl would fail to render if any user data had an empty user_sshkeys array. This is because the template would check to see if the key existed, but not actually make sure that the array contained within that key had any elements. "first" would be called against the empty array, which would return nil, and then the outer eq function call would fail (as it can't be used to compare nil values). This patch set adds a default statement after the "first" function, so that if the array is empty and first returns nil, a default of "Unmanaged" will be returned, which will end up making the eq statement evaluate to false, and the code inside the if statement to not be run. Change-Id: I52713795284cd1d0961bd430858061f9df9c5f78 --- divingbell/templates/bin/_uamlite.sh.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/divingbell/templates/bin/_uamlite.sh.tpl b/divingbell/templates/bin/_uamlite.sh.tpl index faf4337..02d6f71 100644 --- a/divingbell/templates/bin/_uamlite.sh.tpl +++ b/divingbell/templates/bin/_uamlite.sh.tpl @@ -154,7 +154,7 @@ purge_expired_users={{ .Values.conf.uamlite.purge_expired_users | squote }} {{ $key }}={{ $value | squote }} \ {{- end }} {{- if hasKey . "user_sshkeys" }} - {{- if not (eq (first .user_sshkeys) "Unmanaged") }} + {{- if not (eq (first .user_sshkeys | default "Unmanaged") "Unmanaged") }} add_sshkeys {{ range $ssh_key := .user_sshkeys }}{{ if not (or (regexMatch "ssh-dss .*" $ssh_key) (regexMatch "ecdsa-.*" $ssh_key) (regexMatch "ssh-ed25519 .*" $ssh_key) (regexMatch "ssh-rsa .*" $ssh_key)) }}{{ fail (print "BAD SSH KEY FOR '" $item.user_name "': One of the 'user_sshkeys' specified for '" $item.user_name "' does not pass regex checks: '" $ssh_key "'. Ensure that the supplied user SSH keys are supported/formatted per divingbell documentation at https://airship-divingbell.readthedocs.io/#uamlite") }}{{ else }}{{ $ssh_key | squote }}{{ end }} {{ end }} {{- end }} {{- else }}