x/cloudbase-init
Code Issues Proposed changes

Merge "Enable password set in case of rescued instances"

Browse Source
This commit is contained in:
Jenkins 2015-02-12 15:45:07 +00:00 committed by Gerrit Code Review
commit 4ed717f7ff
2 changed files with 27 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
cloudbaseinit/plugins/windows/setuserpassword.py
View File

@ -70,14 +70,19 @@ class SetUserPasswordPlugin(base.BasePlugin):
return password return password
def _set_metadata_password(self, password, service): def _set_metadata_password(self, password, service):
ssh_pub_key = self._get_ssh_public_key(service) if service.is_password_set:
if ssh_pub_key: LOG.debug('User\'s password already set in the instance metadata '
enc_password_b64 = self._encrypt_password(ssh_pub_key, 'and it cannot be updated in the instance metadata')
password)
return service.post_password(enc_password_b64)
else:
LOG.info('No SSH public key available for password encryption')
return True return True
else:
ssh_pub_key = self._get_ssh_public_key(service)
if ssh_pub_key:
enc_password_b64 = self._encrypt_password(ssh_pub_key,
password)
return service.post_password(enc_password_b64)
else:
LOG.info('No SSH public key available for password encryption')
return True
def _set_password(self, service, osutils, user_name): def _set_password(self, service, osutils, user_name):
password = self._get_password(service, osutils) password = self._get_password(service, osutils)
@ -91,20 +96,17 @@ class SetUserPasswordPlugin(base.BasePlugin):
user_name = shared_data.get(constants.SHARED_DATA_USERNAME, user_name = shared_data.get(constants.SHARED_DATA_USERNAME,
CONF.username) CONF.username)
if service.can_post_password and service.is_password_set: osutils = osutils_factory.get_os_utils()
LOG.debug('User\'s password already set in the instance metadata') if osutils.user_exists(user_name):
else: password = self._set_password(service, osutils, user_name)
osutils = osutils_factory.get_os_utils() LOG.info('Password succesfully updated for user %s' % user_name)
if osutils.user_exists(user_name): # TODO(alexpilotti): encrypt with DPAPI
password = self._set_password(service, osutils, user_name) shared_data[constants.SHARED_DATA_PASSWORD] = password
# TODO(alexpilotti): encrypt with DPAPI
shared_data[constants.SHARED_DATA_PASSWORD] = password
if not service.can_post_password: if not service.can_post_password:
LOG.info('Cannot set the password in the metadata as it ' LOG.info('Cannot set the password in the metadata as it is '
'is not supported by this service') 'not supported by this service')
return (base.PLUGIN_EXECUTION_DONE, False) else:
else: self._set_metadata_password(password, service)
self._set_metadata_password(password, service)
return (base.PLUGIN_EXECUTE_ON_NEXT_BOOT, False) return (base.PLUGIN_EXECUTION_DONE, False)

4
cloudbaseinit/tests/plugins/windows/test_setuserpassword.py
View File

@ -101,6 +101,8 @@ class SetUserPasswordPluginTests(unittest.TestCase):
mock_get_key.return_value = ssh_pub_key mock_get_key.return_value = ssh_pub_key
mock_encrypt_password.return_value = 'encrypted password' mock_encrypt_password.return_value = 'encrypted password'
mock_service.post_password.return_value = 'value' mock_service.post_password.return_value = 'value'
mock_service.can_post_password = True
mock_service.is_password_set = False
response = self._setpassword_plugin._set_metadata_password( response = self._setpassword_plugin._set_metadata_password(
fake_passw0rd, mock_service) fake_passw0rd, mock_service)
if ssh_pub_key is None: if ssh_pub_key is None:
@ -160,4 +162,4 @@ class SetUserPasswordPluginTests(unittest.TestCase):
'fake username') 'fake username')
mock_set_metadata_password.assert_called_once_with('fake password', mock_set_metadata_password.assert_called_once_with('fake password',
mock_service) mock_service)
self.assertEqual((2, False), response) self.assertEqual((1, False), response)