From 9fc33dc1209f088575cd5dd64a69377a8fb8bdde Mon Sep 17 00:00:00 2001 From: Alex Heneveld Date: Thu, 20 Oct 2011 14:55:44 +0100 Subject: [PATCH 1/2] javadoc and code tidy around admin/user setup --- .../statements/login/AdminAccess.java | 29 ++++++++++++------- .../login/DefaultConfiguration.java | 6 ++-- .../statements/login/UserAdd.java | 9 ++++++ 3 files changed, 31 insertions(+), 13 deletions(-) diff --git a/scriptbuilder/src/main/java/org/jclouds/scriptbuilder/statements/login/AdminAccess.java b/scriptbuilder/src/main/java/org/jclouds/scriptbuilder/statements/login/AdminAccess.java index fad467c49f..f0be5bcee0 100644 --- a/scriptbuilder/src/main/java/org/jclouds/scriptbuilder/statements/login/AdminAccess.java +++ b/scriptbuilder/src/main/java/org/jclouds/scriptbuilder/statements/login/AdminAccess.java @@ -46,17 +46,26 @@ import com.google.inject.ImplementedBy; * Controls the administrative access to a node. By default, it will perform the following: * * * * @author Adrian Cole */ diff --git a/scriptbuilder/src/main/java/org/jclouds/scriptbuilder/statements/login/DefaultConfiguration.java b/scriptbuilder/src/main/java/org/jclouds/scriptbuilder/statements/login/DefaultConfiguration.java index 76e6f22d08..4d0e6410d8 100644 --- a/scriptbuilder/src/main/java/org/jclouds/scriptbuilder/statements/login/DefaultConfiguration.java +++ b/scriptbuilder/src/main/java/org/jclouds/scriptbuilder/statements/login/DefaultConfiguration.java @@ -51,9 +51,9 @@ public class DefaultConfiguration implements Configuration { @Override public Map get() { try { - return ImmutableMap.of("public", - Files.toString(new File(System.getProperty("user.home") + "/.ssh/id_rsa.pub"), UTF_8), "private", - Files.toString(new File(System.getProperty("user.home") + "/.ssh/id_rsa"), UTF_8)); + return ImmutableMap.of( + "public", Files.toString(new File(System.getProperty("user.home") + "/.ssh/id_rsa.pub"), UTF_8), + "private", Files.toString(new File(System.getProperty("user.home") + "/.ssh/id_rsa"), UTF_8)); } catch (IOException e) { return SshKeys.generate(); } diff --git a/scriptbuilder/src/main/java/org/jclouds/scriptbuilder/statements/login/UserAdd.java b/scriptbuilder/src/main/java/org/jclouds/scriptbuilder/statements/login/UserAdd.java index ce71168fd0..5fd68fbaa2 100644 --- a/scriptbuilder/src/main/java/org/jclouds/scriptbuilder/statements/login/UserAdd.java +++ b/scriptbuilder/src/main/java/org/jclouds/scriptbuilder/statements/login/UserAdd.java @@ -43,6 +43,13 @@ import com.google.common.collect.Lists; import com.google.inject.Inject; /** + * Creates a statement that will add a given user to a machine ("login"), with optional + * password, groups, private key, and authorized keys. + *

+ * This is supported on most *nix environments. Not currently supported on Windows. + *

+ * Note that some places where this is used may have stricter requirements on the parameters + * (for example {@link AdminAccess} requires password and keys). * * @author Adrian Cole */ @@ -65,11 +72,13 @@ public class UserAdd implements Statement { return this; } + /** the username of the user to add (not the login to use when performing the add) */ public UserAdd.Builder login(String login) { this.login = login; return this; } + /** the password to add for the user (not the password to use when logging in to perform the add) */ public UserAdd.Builder password(String password) { this.password = password; return this; From 181bc4ead8b9fa29d52efa391f0cda318f3e3234 Mon Sep 17 00:00:00 2001 From: Alex Heneveld Date: Thu, 20 Oct 2011 14:58:41 +0100 Subject: [PATCH 2/2] fix and test for 682, disallowing root as the AdminAccess target --- .../scriptbuilder/statements/login/AdminAccess.java | 3 +++ .../statements/login/AdminAccessTest.java | 12 ++++++++++++ 2 files changed, 15 insertions(+) diff --git a/scriptbuilder/src/main/java/org/jclouds/scriptbuilder/statements/login/AdminAccess.java b/scriptbuilder/src/main/java/org/jclouds/scriptbuilder/statements/login/AdminAccess.java index f0be5bcee0..c7c0bd4233 100644 --- a/scriptbuilder/src/main/java/org/jclouds/scriptbuilder/statements/login/AdminAccess.java +++ b/scriptbuilder/src/main/java/org/jclouds/scriptbuilder/statements/login/AdminAccess.java @@ -35,6 +35,7 @@ import org.jclouds.scriptbuilder.domain.StatementList; import org.jclouds.scriptbuilder.statements.ssh.SshStatements; import com.google.common.base.Function; +import com.google.common.base.Preconditions; import com.google.common.base.Supplier; import com.google.common.base.Throwables; import com.google.common.collect.ImmutableList; @@ -344,6 +345,8 @@ public class AdminAccess implements Statement { if (family == OsFamily.WINDOWS) throw new UnsupportedOperationException("windows not yet implemented"); checkNotNull(config.getAdminUsername(), "adminUsername"); + Preconditions.checkArgument(!"root".equals(config.getAdminUsername()), "cannot create admin user 'root'; " + + "ensure jclouds is not running as root, or specify an explicit non-root username in AdminAccess"); checkNotNull(config.getAdminPassword(), "adminPassword"); checkNotNull(config.getAdminPublicKey(), "adminPublicKey"); checkNotNull(config.getAdminPrivateKey(), "adminPrivateKey"); diff --git a/scriptbuilder/src/test/java/org/jclouds/scriptbuilder/statements/login/AdminAccessTest.java b/scriptbuilder/src/test/java/org/jclouds/scriptbuilder/statements/login/AdminAccessTest.java index 17496c6fb8..c3c599293b 100644 --- a/scriptbuilder/src/test/java/org/jclouds/scriptbuilder/statements/login/AdminAccessTest.java +++ b/scriptbuilder/src/test/java/org/jclouds/scriptbuilder/statements/login/AdminAccessTest.java @@ -76,4 +76,16 @@ public class AdminAccessTest { public void testCreateWheelWindowsNotSupported() { AdminAccess.standard().init(TestConfiguration.INSTANCE).render(OsFamily.WINDOWS); } + + @Test(expectedExceptions=IllegalArgumentException.class) + //for issue 682 + public void testRootNotAllowed() throws IOException { + TestConfiguration.INSTANCE.reset(); + try { + AdminAccess.builder().adminUsername("root").build().init(TestConfiguration.INSTANCE).render(OsFamily.UNIX); + } finally { + TestConfiguration.INSTANCE.reset(); + } + } + }