cloud-init

Merge ~marlinc/cloud-init:chpasswd-hash into cloud-init:master

  1. Git
  2. lp:~marlinc/cloud-init
  3. chpasswd-hash
  4. Merge into master
Proposed by Marlin Cremers
Status: Merged
Approved by: Chad Smith
Approved revision: adb453ab0f1299ad26634cd3df0ae078561a7df4
Merge reported by: Server Team CI bot
Merged at revision: not available
Proposed branch: ~marlinc/cloud-init:chpasswd-hash
Merge into: cloud-init:master
Diff against target: 62 lines (+41/-1)
2 files modified
cloudinit/config/cc_set_passwords.py (+1/-1)
cloudinit/config/tests/test_set_passwords.py (+40/-0)
Reviewer Review Type Date Requested Status
Server Team CI bot continuous-integration Approve
Chad Smith Approve
Scott Moser Pending
Review via email: mp+361683@code.launchpad.net

Commit message

cc_set_passwords: Fix regex when parsing hashed passwords

Correct invalid regex to match hashes starting with the following:
  - $1, $2a, $2y, $5 or $6

LP: #1811446

Author: Marlin Cremers <email address hidden>

To post a comment you must log in.
Revision history for this message
Marlin Cremers (marlinc) wrote :

I'm looking into how to best provide a test for this (and possibly the other hashing algorithms as there are no tests for those either).

Revision history for this message
Chad Smith (chad.smith) wrote :

Thanks for this proposal Marlin,

Here's a patch that adds a simple unit test to exercise that cloud-init passes the proper hashed keys to chpasswd -e

http://paste.ubuntu.com/p/KdX3ngFbVF/

review: Needs Fixing
Revision history for this message
Marlin Cremers (marlinc) wrote :

The test has been added

Revision history for this message
Server Team CI bot (server-team-bot) wrote :

FAILED: Continuous integration, rev:406dd59725c3a427152b0b84dcdcd8cf2c79e99e
https://jenkins.ubuntu.com/server/job/cloud-init-ci/517/
Executed test runs:
    SUCCESS: Checkout
    FAILED: Unit & Style Tests

Click here to trigger a rebuild:
https://jenkins.ubuntu.com/server/job/cloud-init-ci/517/rebuild

review: Needs Fixing (continuous-integration)
Revision history for this message
Server Team CI bot (server-team-bot) wrote :

PASSED: Continuous integration, rev:2ed5022f51febfbd590a6f27eb4959df39c9b59f
https://jenkins.ubuntu.com/server/job/cloud-init-ci/518/
Executed test runs:
    SUCCESS: Checkout
    SUCCESS: Unit & Style Tests
    SUCCESS: Ubuntu LTS: Build
    SUCCESS: Ubuntu LTS: Integration
    IN_PROGRESS: Declarative: Post Actions

Click here to trigger a rebuild:
https://jenkins.ubuntu.com/server/job/cloud-init-ci/518/rebuild

review: Approve (continuous-integration)
Revision history for this message
Chad Smith (chad.smith) :
review: Approve
Revision history for this message
Server Team CI bot (server-team-bot) wrote :

FAILED: Autolanding.
Unapproved changes made after approval.
https://jenkins.ubuntu.com/server/job/cloud-init-autoland-test/140/
Executed test runs:
    SUCCESS: Checkout
    SUCCESS: Unit & Style Tests
    SUCCESS: Ubuntu LTS: Build
    SUCCESS: Ubuntu LTS: Integration
    IN_PROGRESS: Declarative: Post Actions

review: Needs Fixing (continuous-integration)
Revision history for this message
Server Team CI bot (server-team-bot) wrote :

PASSED: Continuous integration, rev:adb453ab0f1299ad26634cd3df0ae078561a7df4
https://jenkins.ubuntu.com/server/job/cloud-init-ci/522/
Executed test runs:
    SUCCESS: Checkout
    SUCCESS: Unit & Style Tests
    SUCCESS: Ubuntu LTS: Build
    SUCCESS: Ubuntu LTS: Integration
    IN_PROGRESS: Declarative: Post Actions

Click here to trigger a rebuild:
https://jenkins.ubuntu.com/server/job/cloud-init-ci/522/rebuild

review: Approve (continuous-integration)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/cloudinit/config/cc_set_passwords.py b/cloudinit/config/cc_set_passwords.py
2index 5ef9737..4585e4d 100755
3--- a/cloudinit/config/cc_set_passwords.py
4+++ b/cloudinit/config/cc_set_passwords.py
5@@ -160,7 +160,7 @@ def handle(_name, cfg, cloud, log, args):
6 hashed_users = []
7 randlist = []
8 users = []
9- prog = re.compile(r'\$[1,2a,2y,5,6](\$.+){2}')
10+ prog = re.compile(r'\$(1|2a|2y|5|6)(\$.+){2}')
11 for line in plist:
12 u, p = line.split(':', 1)
13 if prog.match(p) is not None and ":" not in p:
14diff --git a/cloudinit/config/tests/test_set_passwords.py b/cloudinit/config/tests/test_set_passwords.py
15index b051ec8..a2ea5ec 100644
16--- a/cloudinit/config/tests/test_set_passwords.py
17+++ b/cloudinit/config/tests/test_set_passwords.py
18@@ -68,4 +68,44 @@ class TestHandleSshPwauth(CiTestCase):
19 m_update.assert_called_with({optname: optval})
20 m_subp.assert_not_called()
21
22+
23+class TestSetPasswordsHandle(CiTestCase):
24+ """Test cc_set_passwords.handle"""
25+
26+ with_logs = True
27+
28+ def test_handle_on_empty_config(self):
29+ """handle logs that no password has changed when config is empty."""
30+ cloud = self.tmp_cloud(distro='ubuntu')
31+ setpass.handle(
32+ 'IGNORED', cfg={}, cloud=cloud, log=self.logger, args=[])
33+ self.assertEqual(
34+ "DEBUG: Leaving ssh config 'PasswordAuthentication' unchanged. "
35+ 'ssh_pwauth=None\n',
36+ self.logs.getvalue())
37+
38+ @mock.patch(MODPATH + "util.subp")
39+ def test_handle_on_chpasswd_list_parses_common_hashes(self, m_subp):
40+ """handle parses command password hashes."""
41+ cloud = self.tmp_cloud(distro='ubuntu')
42+ valid_hashed_pwds = [
43+ 'root:$2y$10$8BQjxjVByHA/Ee.O1bCXtO8S7Y5WojbXWqnqYpUW.BrPx/'
44+ 'Dlew1Va',
45+ 'ubuntu:$6$5hOurLPO$naywm3Ce0UlmZg9gG2Fl9acWCVEoakMMC7dR52q'
46+ 'SDexZbrN9z8yHxhUM2b.sxpguSwOlbOQSW/HpXazGGx3oo1']
47+ cfg = {'chpasswd': {'list': valid_hashed_pwds}}
48+ with mock.patch(MODPATH + 'util.subp') as m_subp:
49+ setpass.handle(
50+ 'IGNORED', cfg=cfg, cloud=cloud, log=self.logger, args=[])
51+ self.assertIn(
52+ 'DEBUG: Handling input for chpasswd as list.',
53+ self.logs.getvalue())
54+ self.assertIn(
55+ "DEBUG: Setting hashed password for ['root', 'ubuntu']",
56+ self.logs.getvalue())
57+ self.assertEqual(
58+ [mock.call(['chpasswd', '-e'],
59+ '\n'.join(valid_hashed_pwds) + '\n')],
60+ m_subp.call_args_list)
61+
62 # vi: ts=4 expandtab

Subscribers

People subscribed via source and target branches