ovh/the-bastion
1
1
Fork 0
mirror of https://github.com/ovh/the-bastion.git synced 2025-01-09 00:44:49 +08:00
Code Issues Projects Releases Packages Wiki Activity

enh: target_role.sh: tiny fixes

Browse source
This commit is contained in:
Stéphane Lesimple 2020-11-17 11:32:27 +01:00
parent 0b0200951e
commit ec0d4256b8
1 changed files with 15 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
tests/functional/docker/target_role.sh
View file

@ -3,15 +3,18 @@
# This entrypoint is ONLY for instances to run functional tests on # This entrypoint is ONLY for instances to run functional tests on
# DO NOT USE IN PROD (check docker/ under main dir for that) # DO NOT USE IN PROD (check docker/ under main dir for that)
set -e set -e
set -u
basedir=$(readlink -f "$(dirname "$0")"/../../..) basedir=$(readlink -f "$(dirname "$0")"/../../..)
# shellcheck source=lib/shell/functions.inc # shellcheck source=lib/shell/functions.inc
. "$basedir"/lib/shell/functions.inc . "$basedir"/lib/shell/functions.inc
# do we have a key? # do we have a key?
[ -n "$USER_PUBKEY_B64" ] && user_pubkey=$(base64 -d <<< "$USER_PUBKEY_B64") if [ -n "$USER_PUBKEY_B64" ]; then
[ -n "$ROOT_PUBKEY_B64" ] && root_pubkey=$(base64 -d <<< "$ROOT_PUBKEY_B64") user_pubkey=$(base64 -d <<< "$USER_PUBKEY_B64")
fi
if [ -n "$ROOT_PUBKEY_B64" ]; then
root_pubkey=$(base64 -d <<< "$ROOT_PUBKEY_B64")
fi
if [ -z "$user_pubkey" ] ; then if [ -z "$user_pubkey" ] ; then
echo "Missing ENV user_pubkey (or USER_PUBKEY_B64), aborting" >&2 echo "Missing ENV user_pubkey (or USER_PUBKEY_B64), aborting" >&2
exit 1 exit 1
@ -37,7 +40,9 @@ echo "Port 226" >> /etc/ssh/sshd_config
[ -d "$UID0HOME/.ssh" ] || mkdir "$UID0HOME/.ssh" [ -d "$UID0HOME/.ssh" ] || mkdir "$UID0HOME/.ssh"
echo "$root_pubkey" >> "$UID0HOME/.ssh/authorized_keys" echo "$root_pubkey" >> "$UID0HOME/.ssh/authorized_keys"
# also unlock the root account, which can sometimes prevent us connecting through SSH (CentOS 8) # also unlock the root account, which can sometimes prevent us connecting through SSH (CentOS 8)
usermod -U "$UID0" if [ "$OS_FAMILY" = Linux ]; then
usermod -U "$UID0"
fi
HOME="$UID0HOME" USER="$UID0" "$basedir"/bin/plugin/restricted/accountCreate '' '' '' '' --uid 5000 --account "$TARGET_USER" --public-key "$user_pubkey FOR_TESTS_ONLY" HOME="$UID0HOME" USER="$UID0" "$basedir"/bin/plugin/restricted/accountCreate '' '' '' '' --uid 5000 --account "$TARGET_USER" --public-key "$user_pubkey FOR_TESTS_ONLY"
HOME="$UID0HOME" USER="$UID0" "$basedir"/bin/plugin/restricted/accountGrantCommand '' '' '' '' --account "$TARGET_USER" --command accountGrantCommand HOME="$UID0HOME" USER="$UID0" "$basedir"/bin/plugin/restricted/accountGrantCommand '' '' '' '' --account "$TARGET_USER" --command accountGrantCommand
@ -70,7 +75,7 @@ fi
# now OS-specific things # now OS-specific things
if [ "$(uname -s)" = Linux ] ; then if [ "$OS_FAMILY" = Linux ] ; then
test -x /etc/init.d/ssh && /etc/init.d/ssh start test -x /etc/init.d/ssh && /etc/init.d/ssh start
test -x /etc/init.d/syslog-ng && /etc/init.d/syslog-ng start test -x /etc/init.d/syslog-ng && /etc/init.d/syslog-ng start
@ -89,7 +94,7 @@ if [ "$(uname -s)" = Linux ] ; then
/usr/sbin/syslog-ng /usr/sbin/syslog-ng
fi fi
elif [ "$(uname -s)" = OpenBSD ] || [ "$(uname -s)" = FreeBSD ] || [ "$(uname -s)" = NetBSD ] ; then elif [ "$OS_FAMILY" = OpenBSD ] || [ "$OS_FAMILY" = FreeBSD ] || [ "$OS_FAMILY" = NetBSD ] ; then
# setup some 127.0.0.x IPs (needed for our tests) # setup some 127.0.0.x IPs (needed for our tests)
# this automatically works under Linux on lo # this automatically works under Linux on lo
@ -110,6 +115,10 @@ elif [ "$(uname -s)" = OpenBSD ] || [ "$(uname -s)" = FreeBSD ] || [ "$(uname -
set -e set -e
fi fi
if [ -n "$NO_SLEEP" ]; then
exit 0
fi
echo "Now sleeping forever (docker mode)" echo "Now sleeping forever (docker mode)"
while : ; do while : ; do
sleep 3600 sleep 3600