[Bug 402389] Script should work without users
Change-Id: I7af070f71ed940be5869f38f02c5b44d8795f14b
This commit is contained in:
parent
4f141f2c22
commit
73e7437b9b
|
@ -118,27 +118,33 @@ add_sshkeys(){
|
||||||
|
|
||||||
# TODO: This should be done before applying new settings rather than after
|
# TODO: This should be done before applying new settings rather than after
|
||||||
# Expire any previously defined users that are no longer defined
|
# Expire any previously defined users that are no longer defined
|
||||||
users="$(getent passwd | grep ${keyword} | cut -d':' -f1)"
|
if [ -n "$(getent passwd | grep ${keyword} | cut -d':' -f1)" ]; then
|
||||||
echo "$users" | sort > /tmp/prev_users
|
users="$(getent passwd | grep ${keyword} | cut -d':' -f1)"
|
||||||
echo "$curr_userlist" | sort > /tmp/curr_users
|
echo "$users" | sort > /tmp/prev_users
|
||||||
revert_list="$(comm -23 /tmp/prev_users /tmp/curr_users)"
|
echo "$curr_userlist" | sort > /tmp/curr_users
|
||||||
IFS=$'\n'
|
revert_list="$(comm -23 /tmp/prev_users /tmp/curr_users)"
|
||||||
for user in ${revert_list}; do
|
IFS=$'\n'
|
||||||
# We expire rather than delete the user to maintain local UID FS consistency
|
for user in ${revert_list}; do
|
||||||
usermod --expiredate 1 ${user}
|
# We expire rather than delete the user to maintain local UID FS consistency
|
||||||
log.INFO "User '${user}' has been disabled (expired)"
|
usermod --expiredate 1 ${user}
|
||||||
done
|
log.INFO "User '${user}' has been disabled (expired)"
|
||||||
|
done
|
||||||
|
unset IFS
|
||||||
|
fi
|
||||||
|
|
||||||
# Delete any previous user sudo access that is no longer defined
|
# Delete any previous user sudo access that is no longer defined
|
||||||
sudoers="$(find /etc/sudoers.d | grep ${keyword})"
|
if [ -n "$(find /etc/sudoers.d | grep ${keyword})" ]; then
|
||||||
echo "$sudoers" | sort > /tmp/prev_sudoers
|
sudoers="$(find /etc/sudoers.d | grep ${keyword})"
|
||||||
echo "$curr_sudoers" | sort > /tmp/curr_sudoers
|
echo "$sudoers" | sort > /tmp/prev_sudoers
|
||||||
revert_list="$(comm -23 /tmp/prev_sudoers /tmp/curr_sudoers)"
|
echo "$curr_sudoers" | sort > /tmp/curr_sudoers
|
||||||
IFS=$'\n'
|
revert_list="$(comm -23 /tmp/prev_sudoers /tmp/curr_sudoers)"
|
||||||
for sudo_file in ${revert_list}; do
|
IFS=$'\n'
|
||||||
rm "${sudo_file}"
|
for sudo_file in ${revert_list}; do
|
||||||
log.INFO "Sudoers file '${sudo_file}' has been deleted"
|
rm -v "${sudo_file}"
|
||||||
done
|
log.INFO "Sudoers file '${sudo_file}' has been deleted"
|
||||||
|
done
|
||||||
|
unset IFS
|
||||||
|
fi
|
||||||
|
|
||||||
if [ -n "${builtin_acct}" ] && [ -n "$(getent passwd ${builtin_acct})" ]; then
|
if [ -n "${builtin_acct}" ] && [ -n "$(getent passwd ${builtin_acct})" ]; then
|
||||||
# Disable built-in account as long as there was at least one account defined
|
# Disable built-in account as long as there was at least one account defined
|
||||||
|
@ -147,6 +153,8 @@ if [ -n "${builtin_acct}" ] && [ -n "$(getent passwd ${builtin_acct})" ]; then
|
||||||
if [ "$(chage -l ${builtin_acct} | grep 'Account expires' | cut -d':' -f2 |
|
if [ "$(chage -l ${builtin_acct} | grep 'Account expires' | cut -d':' -f2 |
|
||||||
tr -d '[:space:]')" = "never" ]; then
|
tr -d '[:space:]')" = "never" ]; then
|
||||||
usermod --expiredate 1 ${builtin_acct}
|
usermod --expiredate 1 ${builtin_acct}
|
||||||
|
log.INFO "Built-in account '${builtin_acct}' was expired because at least"
|
||||||
|
log.INFO "one other account was defined with an SSH key."
|
||||||
fi
|
fi
|
||||||
# Re-enable built-in account as a fallback in the event that are no other
|
# Re-enable built-in account as a fallback in the event that are no other
|
||||||
# accounts defined in this chart with a ssh key present
|
# accounts defined in this chart with a ssh key present
|
||||||
|
@ -154,8 +162,12 @@ if [ -n "${builtin_acct}" ] && [ -n "$(getent passwd ${builtin_acct})" ]; then
|
||||||
if [ "$(chage -l ${builtin_acct} | grep 'Account expires' | cut -d':' -f2 |
|
if [ "$(chage -l ${builtin_acct} | grep 'Account expires' | cut -d':' -f2 |
|
||||||
tr -d '[:space:]')" != "never" ]; then
|
tr -d '[:space:]')" != "never" ]; then
|
||||||
usermod --expiredate "" ${builtin_acct}
|
usermod --expiredate "" ${builtin_acct}
|
||||||
|
log.INFO "Built-in account '${builtin_acct}' was un-expired because there"
|
||||||
|
log.INFO "were no other accounts defined with an SSH key."
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
elif [ -n "${builtin_acct}" ]; then
|
||||||
|
log.WARN "Could not find built-in account '${builtin_acct}'."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -n "${curr_userlist}" ]; then
|
if [ -n "${curr_userlist}" ]; then
|
||||||
|
|
|
@ -728,9 +728,9 @@ test_overrides(){
|
||||||
|
|
||||||
# Compare against expected number of generated daemonsets
|
# Compare against expected number of generated daemonsets
|
||||||
daemonset_count="$(echo "${tc_output}" | grep 'kind: DaemonSet' | wc -l)"
|
daemonset_count="$(echo "${tc_output}" | grep 'kind: DaemonSet' | wc -l)"
|
||||||
if [ "${daemonset_count}" != "11" ]; then
|
if [ "${daemonset_count}" != "12" ]; then
|
||||||
echo '[FAILURE] overrides test 1 failed' >> "${TEST_RESULTS}"
|
echo '[FAILURE] overrides test 1 failed' >> "${TEST_RESULTS}"
|
||||||
echo "Expected 11 daemonsets; got '${daemonset_count}'" >> "${TEST_RESULTS}"
|
echo "Expected 12 daemonsets; got '${daemonset_count}'" >> "${TEST_RESULTS}"
|
||||||
exit 1
|
exit 1
|
||||||
else
|
else
|
||||||
echo '[SUCCESS] overrides test 1 passed successfully' >> "${TEST_RESULTS}"
|
echo '[SUCCESS] overrides test 1 passed successfully' >> "${TEST_RESULTS}"
|
||||||
|
|
Loading…
Reference in New Issue