From efeddc43a8861268116737c8b76946cdbab50959 Mon Sep 17 00:00:00 2001 From: Manoj Srivastava Date: Sun, 10 Jan 2016 02:12:58 -0800 Subject: [PATCH] [admin_user]: Update per comments As requested, this commit converts to tab indentation. Signed-off-by: Manoj Srivastava --- bootstrapvz/plugins/admin_user/__init__.py | 54 +++---- bootstrapvz/plugins/admin_user/tasks.py | 179 +++++++++++---------- 2 files changed, 120 insertions(+), 113 deletions(-) diff --git a/bootstrapvz/plugins/admin_user/__init__.py b/bootstrapvz/plugins/admin_user/__init__.py index 9a89022..e83088d 100644 --- a/bootstrapvz/plugins/admin_user/__init__.py +++ b/bootstrapvz/plugins/admin_user/__init__.py @@ -1,36 +1,36 @@ def validate_manifest(data, validator, error): - import os.path - schema_path = os.path.normpath(os.path.join(os.path.dirname(__file__), 'manifest-schema.yml')) - validator(data, schema_path) - if ('password' in data['plugins']['admin_user'] and 'pubkey' in data['plugins']['admin_user']): - msg = 'passwd and pubkey are mutually exclusive.' - error(msg, ['plugins', 'admin_user']) - full_path = data['plugins']['admin_user']['pubkey'] - if not os.path.exists(full_path): - msg = 'Could not find public key at %s' % full_path - error(msg, ['plugins', 'admin_user']) + import os.path + schema_path = os.path.normpath(os.path.join(os.path.dirname(__file__), 'manifest-schema.yml')) + validator(data, schema_path) + if ('password' in data['plugins']['admin_user'] and 'pubkey' in data['plugins']['admin_user']): + msg = 'passwd and pubkey are mutually exclusive.' + error(msg, ['plugins', 'admin_user']) + full_path = data['plugins']['admin_user']['pubkey'] + if not os.path.exists(full_path): + msg = 'Could not find public key at %s' % full_path + error(msg, ['plugins', 'admin_user']) def resolve_tasks(taskset, manifest): - import tasks - from bootstrapvz.common.tasks import ssh + import tasks + from bootstrapvz.common.tasks import ssh - from bootstrapvz.common.releases import jessie - if manifest.release < jessie: - taskset.update([ssh.DisableRootLogin]) + from bootstrapvz.common.releases import jessie + if manifest.release < jessie: + taskset.update([ssh.DisableRootLogin]) - if 'password' in manifest.plugins['admin_user']: - taskset.discard(ssh.DisableSSHPasswordAuthentication) - taskset.add(tasks.AdminUserCredentialsPassword) - else: - if 'pubkey' in manifest.plugins['admin_user']: - taskset.add(tasks.AdminUserCredentialsPublicKey) - else: - taskset.add(tasks.AdminUserCredentialsEc2) + if 'password' in manifest.plugins['admin_user']: + taskset.discard(ssh.DisableSSHPasswordAuthentication) + taskset.add(tasks.AdminUserCredentialsPassword) + else: + if 'pubkey' in manifest.plugins['admin_user']: + taskset.add(tasks.AdminUserCredentialsPublicKey) + else: + taskset.add(tasks.AdminUserCredentialsEc2) - taskset.update([tasks.AddSudoPackage, - tasks.CreateAdminUser, - tasks.PasswordlessSudo, - ]) + taskset.update([tasks.AddSudoPackage, + tasks.CreateAdminUser, + tasks.PasswordlessSudo, + ]) diff --git a/bootstrapvz/plugins/admin_user/tasks.py b/bootstrapvz/plugins/admin_user/tasks.py index d3e4c6c..4520986 100644 --- a/bootstrapvz/plugins/admin_user/tasks.py +++ b/bootstrapvz/plugins/admin_user/tasks.py @@ -8,118 +8,125 @@ import os class AddSudoPackage(Task): - description = 'Adding `sudo\' to the image packages' - phase = phases.preparation + description = 'Adding `sudo\' to the image packages' + phase = phases.preparation - @classmethod - def run(cls, info): - info.packages.add('sudo') + @classmethod + def run(cls, info): + info.packages.add('sudo') class CreateAdminUser(Task): - description = 'Creating the admin user' - phase = phases.system_modification + description = 'Creating the admin user' + phase = phases.system_modification - @classmethod - def run(cls, info): - from bootstrapvz.common.tools import log_check_call - log_check_call(['chroot', info.root, - 'useradd', - '--create-home', '--shell', '/bin/bash', - info.manifest.plugins['admin_user']['username']]) + @classmethod + def run(cls, info): + from bootstrapvz.common.tools import log_check_call + log_check_call(['chroot', info.root, + 'useradd', + '--create-home', '--shell', '/bin/bash', + info.manifest.plugins['admin_user']['username']]) class PasswordlessSudo(Task): - description = 'Allowing the admin user to use sudo without a password' - phase = phases.system_modification + description = 'Allowing the admin user to use sudo without a password' + phase = phases.system_modification - @classmethod - def run(cls, info): - sudo_admin_path = os.path.join(info.root, 'etc/sudoers.d/99_admin') - username = info.manifest.plugins['admin_user']['username'] - with open(sudo_admin_path, 'w') as sudo_admin: - sudo_admin.write('{username} ALL=(ALL) NOPASSWD:ALL'.format(username=username)) - import stat - ug_read_only = (stat.S_IRUSR | stat.S_IRGRP) - os.chmod(sudo_admin_path, ug_read_only) + @classmethod + def run(cls, info): + sudo_admin_path = os.path.join(info.root, 'etc/sudoers.d/99_admin') + username = info.manifest.plugins['admin_user']['username'] + with open(sudo_admin_path, 'w') as sudo_admin: + sudo_admin.write('{username} ALL=(ALL) NOPASSWD:ALL'.format(username=username)) + import stat + ug_read_only = (stat.S_IRUSR | stat.S_IRGRP) + os.chmod(sudo_admin_path, ug_read_only) class AdminUserCredentialsPassword(Task): - description = 'Set up access credentials for the admin user with a given password' - phase = phases.system_modification - predecessors = [InstallInitScripts, CreateAdminUser] + description = 'Set up access credentials for the admin user with a given password' + phase = phases.system_modification + predecessors = [InstallInitScripts, CreateAdminUser] - @classmethod - def run(cls, info): - from bootstrapvz.common.tools import log_check_call - log = logging.getLogger(__name__) + @classmethod + def run(cls, info): + from bootstrapvz.common.tools import log_check_call + log = logging.getLogger(__name__) - log.debug('Setting the password for the admin user.') - log_check_call(['chroot', info.root, 'chpasswd'], - info.manifest.plugins['admin_user']['username'] + - ':' + info.manifest.plugins['admin_user']['password']) - return + log.debug('Setting the password for the admin user.') + log_check_call( + ['chroot', info.root, 'chpasswd'], + info.manifest.plugins['admin_user']['username'] + + ':' + info.manifest.plugins['admin_user']['password'] + ) + return class AdminUserCredentialsPublicKey(Task): - description = 'Set up access credentials for the admin user with a given public key' - phase = phases.system_modification - predecessors = [AddEC2InitScripts, CreateAdminUser] - successors = [InstallInitScripts] + description = 'Set up access credentials for the admin user with a given public key' + phase = phases.system_modification + predecessors = [AddEC2InitScripts, CreateAdminUser] + successors = [InstallInitScripts] - @classmethod - def run(cls, info): - from bootstrapvz.common.tools import log_check_call + @classmethod + def run(cls, info): + from bootstrapvz.common.tools import log_check_call - log = logging.getLogger(__name__) + log = logging.getLogger(__name__) - import stat - from shutil import copy - full_path = info.manifest.plugins['admin_user']['pubkey'] - log.debug('Copying public key from {path}'.format(path=full_path)) + import stat + from shutil import copy + full_path = info.manifest.plugins['admin_user']['pubkey'] + log.debug('Copying public key from {path}'.format(path=full_path)) - if 'ec2-get-credentials' in info.initd['install']: - log.warn('You are using a static public key for the admin account.' - ' This will conflict with the ec2 public key injection mechanisn.' - ' The ec2-get-credentials startup script has therefore been disabled.') - del info.initd['install']['ec2-get-credentials'] + if 'ec2-get-credentials' in info.initd['install']: + log.warn( + 'You are using a static public key for the admin account.' + ' This will conflict with the ec2 public key injection mechanisn.' + ' The ec2-get-credentials startup script has therefore been disabled.') + del info.initd['install']['ec2-get-credentials'] - username = info.manifest.plugins['admin_user']['username'] + username = info.manifest.plugins['admin_user']['username'] - ssh_file = os.path.join('/home/', username, '/.ssh/authorized_keys') - rel_ssh_file = os.path.realpath(info.root + '/%s' % ssh_file) + ssh_file = os.path.join('/home/', username, '.ssh/authorized_keys') + rel_ssh_file = os.path.realpath(info.root + '/%s' % ssh_file) - ssh_dir = os.path.dirname(ssh_file) - rel_ssh_dir = os.path.realpath(info.root + '/%s' % ssh_dir) - if not os.path.exists(rel_ssh_dir): - log.debug('Creating %s mode 700' % rel_ssh_dir) - os.mkdir(rel_ssh_dir, 0700) - else: - log.debug('setting %s mode 700' % rel_ssh_dir) - os.chmod(rel_ssh_dir, 0700) - copy(full_path, rel_ssh_file) - mode = (stat.S_IRUSR | stat.S_IWUSR) - os.chmod(rel_ssh_file, mode) - log_check_call(['chroot', info.root, 'chown', '-R', username, ssh_dir]) - return + ssh_dir = os.path.dirname(ssh_file) + rel_ssh_dir = os.path.realpath(info.root + '/%s' % ssh_dir) + if not os.path.exists(rel_ssh_dir): + log.debug('Creating %s.' % rel_ssh_dir) + os.mkdir(rel_ssh_dir) + + log.debug('setting %s mode 700' % rel_ssh_dir) + mode = (stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR) + os.chmod(rel_ssh_dir, mode) + + copy(full_path, rel_ssh_file) + + mode = (stat.S_IRUSR | stat.S_IWUSR) + os.chmod(rel_ssh_file, mode) + + log_check_call(['chroot', info.root, 'chown', '-R', username, ssh_dir]) + return class AdminUserCredentialsEC2(Task): - description = 'Set up access credentials for the admin user using the EC2 credentials' - phase = phases.system_modification - predecessors = [InstallInitScripts, CreateAdminUser] + description = 'Set up access credentials for the admin user using the EC2 credentials' + phase = phases.system_modification + predecessors = [InstallInitScripts, CreateAdminUser] - @classmethod - def run(cls, info): - from bootstrapvz.common.exceptions import TaskError - from bootstrapvz.common.tools import sed_i - log = logging.getLogger(__name__) + @classmethod + def run(cls, info): + from bootstrapvz.common.exceptions import TaskError + from bootstrapvz.common.tools import sed_i + log = logging.getLogger(__name__) - getcreds_path = os.path.join(info.root, 'etc/init.d/ec2-get-credentials') - if os.path.exists(getcreds_path): - log.debug('Updating EC2 get credentials script.') - username = info.manifest.plugins['admin_user']['username'] - sed_i(getcreds_path, "username='root'", - "username='{username}'".format(username=username)) - else: - raise TaskError('Could not find EC2 get credentials script.') + getcreds_path = os.path.join(info.root, 'etc/init.d/ec2-get-credentials') + if os.path.exists(getcreds_path): + log.debug('Updating EC2 get credentials script.') + username = info.manifest.plugins['admin_user']['username'] + sed_i(getcreds_path, "username='root'", + "username='{username}'".format(username=username)) + else: + raise TaskError('Could not find EC2 get credentials script.')