diff options
| author |   Corentin LABBE <clabbe@baylibre.com> | 2018-01-09 10:41:42 +0100 |
|---|---|---|
| committer | Corentin LABBE <clabbe@baylibre.com> | 2018-01-09 10:41:42 +0100 |
| commit | 01f55d2fd3ea0e9620bb631dd91e475444393099 (patch) | |
| tree | 8ba7d5048778d8335c4444584d68ca96e352266a | |
| parent | c856c35e30f4465f8d14834d672a0dcbf06567fb (diff) | |
Permit to create staff/superuser users
This patch add two user options staff and superuser.
This will permit to create users with thoses flag in LAVA.
In the process remove the hardcoded admin user from Dockerfile and move
it in tokens.yaml
| -rw-r--r-- | README.md | 2 | ||||
| -rw-r--r-- | lava-master/Dockerfile | 5 | ||||
| -rwxr-xr-x | lava-master/scripts/setup.sh | 13 | ||||
| -rwxr-xr-x | lavalab-gen.py | 11 | ||||
| -rw-r--r-- | tokens.yaml | 5 |
5 files changed, 28 insertions, 8 deletions
@@ -45,6 +45,8 @@ lava_server_users: - name: LAVA username token: The token of this use password: Password the this user (generated if not provided) + superuser: yes/no (default no) + staff: yes/no (default no) callback_tokens: - filename: The filename for storing the informations below, the name should be unique along other callback tokens username: The LAVA user owning the token below. (This user should be created via lava_server_users:) diff --git a/lava-master/Dockerfile b/lava-master/Dockerfile index be8a3b7..1e396d4 100644 --- a/lava-master/Dockerfile +++ b/lava-master/Dockerfile @@ -45,11 +45,6 @@ RUN service postgresql start \ && a2ensite lava-server \ && /stop.sh -# Create a admin user (Insecure note, this creates a default user, username: admin/admin) -RUN /start.sh \ - && lava-server manage users add --passwd admin --staff --superuser --email admin@example.com admin \ - && /stop.sh - # Install latest #RUN /start.sh \ # && git clone https://github.com/kernelci/lava-dispatcher.git -b master /root/lava-dispatcher \ diff --git a/lava-master/scripts/setup.sh b/lava-master/scripts/setup.sh index b60c93b..5b62c45 100755 --- a/lava-master/scripts/setup.sh +++ b/lava-master/scripts/setup.sh @@ -5,14 +5,23 @@ if [ -e /root/lava-users ];then do # User is the filename USER=$ut + USER_OPTION="" + STAFF=0 + SUPERUSER=0 . /root/lava-users/$ut if [ -z "$PASSWORD" -o "$PASSWORD" = "$TOKEN" ];then echo "Generating password..." #Could be very long, should be avoided PASSWORD=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1) fi - echo "Adding username $USER DEBUG(with $TOKEN / $PASSWORD)" - lava-server manage users add --passwd $PASSWORD $USER || exit 1 + if [ $STAFF -eq 1 ];then + USER_OPTION="$USER_OPTION --staff" + fi + if [ $SUPERUSER -eq 1 ];then + USER_OPTION="$USER_OPTION --superuser" + fi + echo "Adding username $USER DEBUG(with $TOKEN / $PASSWORD / $USER_OPTION)" + lava-server manage users add --passwd $PASSWORD $USER_OPTION $USER || exit 1 if [ ! -z "$TOKEN" ];then lava-server manage tokens add --user $USER --secret $TOKEN || exit 1 fi diff --git a/lavalab-gen.py b/lavalab-gen.py index 64a4b0b..e5f5db0 100755 --- a/lavalab-gen.py +++ b/lavalab-gen.py @@ -120,7 +120,16 @@ def main(args): ftok.write("TOKEN=" + token + "\n") if user.has_key("password"): password = user["password"] - ftok.write("PASSWORD=" + password) + ftok.write("PASSWORD=" + password + "\n") + # libyaml convert yes/no to true/false... + if user.has_key("staff"): + value = user["staff"] + if value is True: + ftok.write("STAFF=1\n") + if user.has_key("superuser"): + value = user["superuser"] + if value is True: + ftok.write("SUPERUSER=1\n") ftok.close() if section_name == "callback_tokens": for token in section: diff --git a/tokens.yaml b/tokens.yaml index c6a430f..d3a8760 100644 --- a/tokens.yaml +++ b/tokens.yaml @@ -1,4 +1,9 @@ lava_server_users: + - name: admin + token: longrandomtokenadmin + password: admin + superuser: yes + staff: yes - name: example token: longrandomtoken password: examplepassword |