Browse Source

[Bug 402389] Script should work without users

Change-Id: I7af070f71ed940be5869f38f02c5b44d8795f14b
Craig Anderson 1 year ago
parent
commit
73e7437b9b
2 changed files with 33 additions and 21 deletions
  1. 31
    19
      divingbell/templates/bin/_uamlite.sh.tpl
  2. 2
    2
      divingbell/tools/gate/test.sh

+ 31
- 19
divingbell/templates/bin/_uamlite.sh.tpl View File

@@ -118,27 +118,33 @@ add_sshkeys(){
118 118
 
119 119
 # TODO: This should be done before applying new settings rather than after
120 120
 # Expire any previously defined users that are no longer defined
121
-users="$(getent passwd | grep ${keyword} | cut -d':' -f1)"
122
-echo "$users" | sort > /tmp/prev_users
123
-echo "$curr_userlist" | sort > /tmp/curr_users
124
-revert_list="$(comm -23 /tmp/prev_users /tmp/curr_users)"
125
-IFS=$'\n'
126
-for user in ${revert_list}; do
127
-  # We expire rather than delete the user to maintain local UID FS consistency
128
-  usermod --expiredate 1 ${user}
129
-  log.INFO "User '${user}' has been disabled (expired)"
130
-done
121
+if [ -n "$(getent passwd | grep ${keyword} | cut -d':' -f1)" ]; then
122
+  users="$(getent passwd | grep ${keyword} | cut -d':' -f1)"
123
+  echo "$users" | sort > /tmp/prev_users
124
+  echo "$curr_userlist" | sort > /tmp/curr_users
125
+  revert_list="$(comm -23 /tmp/prev_users /tmp/curr_users)"
126
+  IFS=$'\n'
127
+  for user in ${revert_list}; do
128
+    # We expire rather than delete the user to maintain local UID FS consistency
129
+    usermod --expiredate 1 ${user}
130
+    log.INFO "User '${user}' has been disabled (expired)"
131
+  done
132
+  unset IFS
133
+fi
131 134
 
132 135
 # Delete any previous user sudo access that is no longer defined
133
-sudoers="$(find /etc/sudoers.d | grep ${keyword})"
134
-echo "$sudoers" | sort > /tmp/prev_sudoers
135
-echo "$curr_sudoers" | sort > /tmp/curr_sudoers
136
-revert_list="$(comm -23 /tmp/prev_sudoers /tmp/curr_sudoers)"
137
-IFS=$'\n'
138
-for sudo_file in ${revert_list}; do
139
-  rm "${sudo_file}"
140
-  log.INFO "Sudoers file '${sudo_file}' has been deleted"
141
-done
136
+if [ -n "$(find /etc/sudoers.d | grep ${keyword})" ]; then
137
+  sudoers="$(find /etc/sudoers.d | grep ${keyword})"
138
+  echo "$sudoers" | sort > /tmp/prev_sudoers
139
+  echo "$curr_sudoers" | sort > /tmp/curr_sudoers
140
+  revert_list="$(comm -23 /tmp/prev_sudoers /tmp/curr_sudoers)"
141
+  IFS=$'\n'
142
+  for sudo_file in ${revert_list}; do
143
+    rm -v "${sudo_file}"
144
+    log.INFO "Sudoers file '${sudo_file}' has been deleted"
145
+  done
146
+  unset IFS
147
+fi
142 148
 
143 149
 if [ -n "${builtin_acct}" ] && [ -n "$(getent passwd ${builtin_acct})" ]; then
144 150
   # Disable built-in account as long as there was at least one account defined
@@ -147,6 +153,8 @@ if [ -n "${builtin_acct}" ] && [ -n "$(getent passwd ${builtin_acct})" ]; then
147 153
     if [ "$(chage -l ${builtin_acct} | grep 'Account expires' | cut -d':' -f2 |
148 154
           tr -d '[:space:]')" = "never" ]; then
149 155
       usermod --expiredate 1 ${builtin_acct}
156
+      log.INFO "Built-in account '${builtin_acct}' was expired because at least"
157
+      log.INFO "one other account was defined with an SSH key."
150 158
     fi
151 159
   # Re-enable built-in account as a fallback in the event that are no other
152 160
   # accounts defined in this chart with a ssh key present
@@ -154,8 +162,12 @@ if [ -n "${builtin_acct}" ] && [ -n "$(getent passwd ${builtin_acct})" ]; then
154 162
     if [ "$(chage -l ${builtin_acct} | grep 'Account expires' | cut -d':' -f2 |
155 163
           tr -d '[:space:]')" != "never" ]; then
156 164
       usermod --expiredate "" ${builtin_acct}
165
+      log.INFO "Built-in account '${builtin_acct}' was un-expired because there"
166
+      log.INFO "were no other accounts defined with an SSH key."
157 167
     fi
158 168
   fi
169
+elif [ -n "${builtin_acct}" ]; then
170
+  log.WARN "Could not find built-in account '${builtin_acct}'."
159 171
 fi
160 172
 
161 173
 if [ -n "${curr_userlist}" ]; then

+ 2
- 2
divingbell/tools/gate/test.sh View File

@@ -728,9 +728,9 @@ test_overrides(){
728 728
 
729 729
   # Compare against expected number of generated daemonsets
730 730
   daemonset_count="$(echo "${tc_output}" | grep 'kind: DaemonSet' | wc -l)"
731
-  if [ "${daemonset_count}" != "11" ]; then
731
+  if [ "${daemonset_count}" != "12" ]; then
732 732
     echo '[FAILURE] overrides test 1 failed' >> "${TEST_RESULTS}"
733
-    echo "Expected 11 daemonsets; got '${daemonset_count}'" >> "${TEST_RESULTS}"
733
+    echo "Expected 12 daemonsets; got '${daemonset_count}'" >> "${TEST_RESULTS}"
734 734
     exit 1
735 735
   else
736 736
     echo '[SUCCESS] overrides test 1 passed successfully' >> "${TEST_RESULTS}"

Loading…
Cancel
Save