cloud-init

Merge ~marlinc/cloud-init:chpasswd-hash into cloud-init:master

  1. Git
  2. lp:~marlinc/cloud-init
  3. chpasswd-hash
  4. Merge into master
Proposed by Marlin Cremers
Status: Merged
Approved by: Chad Smith
Approved revision: adb453ab0f1299ad26634cd3df0ae078561a7df4
Merge reported by: Server Team CI bot
Merged at revision: not available
Proposed branch: ~marlinc/cloud-init:chpasswd-hash
Merge into: cloud-init:master
Diff against target: 62 lines (+41/-1)
2 files modified
cloudinit/config/cc_set_passwords.py (+1/-1)
cloudinit/config/tests/test_set_passwords.py (+40/-0)
Reviewer Review Type Date Requested Status
Server Team CI bot continuous-integration Approve
Chad Smith Approve
Scott Moser Pending
Review via email: mp+361683@code.launchpad.net

Commit message

cc_set_passwords: Fix regex when parsing hashed passwords

Correct invalid regex to match hashes starting with the following:
  - $1, $2a, $2y, $5 or $6

LP: #1811446

Author: Marlin Cremers <email address hidden>

To post a comment you must log in.
Revision history for this message
Marlin Cremers (marlinc) wrote :

I'm looking into how to best provide a test for this (and possibly the other hashing algorithms as there are no tests for those either).

Revision history for this message
Chad Smith (chad.smith) wrote :

Thanks for this proposal Marlin,

Here's a patch that adds a simple unit test to exercise that cloud-init passes the proper hashed keys to chpasswd -e

http://paste.ubuntu.com/p/KdX3ngFbVF/

review: Needs Fixing
Revision history for this message
Marlin Cremers (marlinc) wrote :

The test has been added

Revision history for this message
Server Team CI bot (server-team-bot) wrote :

FAILED: Continuous integration, rev:406dd59725c3a427152b0b84dcdcd8cf2c79e99e
https://jenkins.ubuntu.com/server/job/cloud-init-ci/517/
Executed test runs:
    SUCCESS: Checkout
    FAILED: Unit & Style Tests

Click here to trigger a rebuild:
https://jenkins.ubuntu.com/server/job/cloud-init-ci/517/rebuild

review: Needs Fixing (continuous-integration)
Revision history for this message
Server Team CI bot (server-team-bot) wrote :

PASSED: Continuous integration, rev:2ed5022f51febfbd590a6f27eb4959df39c9b59f
https://jenkins.ubuntu.com/server/job/cloud-init-ci/518/
Executed test runs:
    SUCCESS: Checkout
    SUCCESS: Unit & Style Tests
    SUCCESS: Ubuntu LTS: Build
    SUCCESS: Ubuntu LTS: Integration
    IN_PROGRESS: Declarative: Post Actions

Click here to trigger a rebuild:
https://jenkins.ubuntu.com/server/job/cloud-init-ci/518/rebuild

review: Approve (continuous-integration)
Revision history for this message
Chad Smith (chad.smith) :
review: Approve
Revision history for this message
Server Team CI bot (server-team-bot) wrote :

FAILED: Autolanding.
Unapproved changes made after approval.
https://jenkins.ubuntu.com/server/job/cloud-init-autoland-test/140/
Executed test runs:
    SUCCESS: Checkout
    SUCCESS: Unit & Style Tests
    SUCCESS: Ubuntu LTS: Build
    SUCCESS: Ubuntu LTS: Integration
    IN_PROGRESS: Declarative: Post Actions

review: Needs Fixing (continuous-integration)
Revision history for this message
Server Team CI bot (server-team-bot) wrote :

PASSED: Continuous integration, rev:adb453ab0f1299ad26634cd3df0ae078561a7df4
https://jenkins.ubuntu.com/server/job/cloud-init-ci/522/
Executed test runs:
    SUCCESS: Checkout
    SUCCESS: Unit & Style Tests
    SUCCESS: Ubuntu LTS: Build
    SUCCESS: Ubuntu LTS: Integration
    IN_PROGRESS: Declarative: Post Actions

Click here to trigger a rebuild:
https://jenkins.ubuntu.com/server/job/cloud-init-ci/522/rebuild

review: Approve (continuous-integration)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/cloudinit/config/cc_set_passwords.py b/cloudinit/config/cc_set_passwords.py
index 5ef9737..4585e4d 100755
--- a/cloudinit/config/cc_set_passwords.py
+++ b/cloudinit/config/cc_set_passwords.py
@@ -160,7 +160,7 @@ def handle(_name, cfg, cloud, log, args):
160 hashed_users = []160 hashed_users = []
161 randlist = []161 randlist = []
162 users = []162 users = []
163 prog = re.compile(r'\$[1,2a,2y,5,6](\$.+){2}')163 prog = re.compile(r'\$(1|2a|2y|5|6)(\$.+){2}')
164 for line in plist:164 for line in plist:
165 u, p = line.split(':', 1)165 u, p = line.split(':', 1)
166 if prog.match(p) is not None and ":" not in p:166 if prog.match(p) is not None and ":" not in p:
diff --git a/cloudinit/config/tests/test_set_passwords.py b/cloudinit/config/tests/test_set_passwords.py
index b051ec8..a2ea5ec 100644
--- a/cloudinit/config/tests/test_set_passwords.py
+++ b/cloudinit/config/tests/test_set_passwords.py
@@ -68,4 +68,44 @@ class TestHandleSshPwauth(CiTestCase):
68 m_update.assert_called_with({optname: optval})68 m_update.assert_called_with({optname: optval})
69 m_subp.assert_not_called()69 m_subp.assert_not_called()
7070
71
72class TestSetPasswordsHandle(CiTestCase):
73 """Test cc_set_passwords.handle"""
74
75 with_logs = True
76
77 def test_handle_on_empty_config(self):
78 """handle logs that no password has changed when config is empty."""
79 cloud = self.tmp_cloud(distro='ubuntu')
80 setpass.handle(
81 'IGNORED', cfg={}, cloud=cloud, log=self.logger, args=[])
82 self.assertEqual(
83 "DEBUG: Leaving ssh config 'PasswordAuthentication' unchanged. "
84 'ssh_pwauth=None\n',
85 self.logs.getvalue())
86
87 @mock.patch(MODPATH + "util.subp")
88 def test_handle_on_chpasswd_list_parses_common_hashes(self, m_subp):
89 """handle parses command password hashes."""
90 cloud = self.tmp_cloud(distro='ubuntu')
91 valid_hashed_pwds = [
92 'root:$2y$10$8BQjxjVByHA/Ee.O1bCXtO8S7Y5WojbXWqnqYpUW.BrPx/'
93 'Dlew1Va',
94 'ubuntu:$6$5hOurLPO$naywm3Ce0UlmZg9gG2Fl9acWCVEoakMMC7dR52q'
95 'SDexZbrN9z8yHxhUM2b.sxpguSwOlbOQSW/HpXazGGx3oo1']
96 cfg = {'chpasswd': {'list': valid_hashed_pwds}}
97 with mock.patch(MODPATH + 'util.subp') as m_subp:
98 setpass.handle(
99 'IGNORED', cfg=cfg, cloud=cloud, log=self.logger, args=[])
100 self.assertIn(
101 'DEBUG: Handling input for chpasswd as list.',
102 self.logs.getvalue())
103 self.assertIn(
104 "DEBUG: Setting hashed password for ['root', 'ubuntu']",
105 self.logs.getvalue())
106 self.assertEqual(
107 [mock.call(['chpasswd', '-e'],
108 '\n'.join(valid_hashed_pwds) + '\n')],
109 m_subp.call_args_list)
110
71# vi: ts=4 expandtab111# vi: ts=4 expandtab

Subscribers

People subscribed via source and target branches