aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorCorentin LABBE <clabbe@baylibre.com>2018-01-09 10:41:42 +0100
committerCorentin LABBE <clabbe@baylibre.com>2018-01-09 10:41:42 +0100
commit01f55d2fd3ea0e9620bb631dd91e475444393099 (patch)
tree8ba7d5048778d8335c4444584d68ca96e352266a
parentc856c35e30f4465f8d14834d672a0dcbf06567fb (diff)
Permit to create staff/superuser users
This patch add two user options staff and superuser. This will permit to create users with thoses flag in LAVA. In the process remove the hardcoded admin user from Dockerfile and move it in tokens.yaml
-rw-r--r--README.md2
-rw-r--r--lava-master/Dockerfile5
-rwxr-xr-xlava-master/scripts/setup.sh13
-rwxr-xr-xlavalab-gen.py11
-rw-r--r--tokens.yaml5
5 files changed, 28 insertions, 8 deletions
diff --git a/README.md b/README.md
index 11c2aa9..b8bb503 100644
--- a/README.md
+++ b/README.md
@@ -45,6 +45,8 @@ lava_server_users:
- name: LAVA username
token: The token of this use
password: Password the this user (generated if not provided)
+ superuser: yes/no (default no)
+ staff: yes/no (default no)
callback_tokens:
- filename: The filename for storing the informations below, the name should be unique along other callback tokens
username: The LAVA user owning the token below. (This user should be created via lava_server_users:)
diff --git a/lava-master/Dockerfile b/lava-master/Dockerfile
index be8a3b7..1e396d4 100644
--- a/lava-master/Dockerfile
+++ b/lava-master/Dockerfile
@@ -45,11 +45,6 @@ RUN service postgresql start \
&& a2ensite lava-server \
&& /stop.sh
-# Create a admin user (Insecure note, this creates a default user, username: admin/admin)
-RUN /start.sh \
- && lava-server manage users add --passwd admin --staff --superuser --email admin@example.com admin \
- && /stop.sh
-
# Install latest
#RUN /start.sh \
# && git clone https://github.com/kernelci/lava-dispatcher.git -b master /root/lava-dispatcher \
diff --git a/lava-master/scripts/setup.sh b/lava-master/scripts/setup.sh
index b60c93b..5b62c45 100755
--- a/lava-master/scripts/setup.sh
+++ b/lava-master/scripts/setup.sh
@@ -5,14 +5,23 @@ if [ -e /root/lava-users ];then
do
# User is the filename
USER=$ut
+ USER_OPTION=""
+ STAFF=0
+ SUPERUSER=0
. /root/lava-users/$ut
if [ -z "$PASSWORD" -o "$PASSWORD" = "$TOKEN" ];then
echo "Generating password..."
#Could be very long, should be avoided
PASSWORD=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
fi
- echo "Adding username $USER DEBUG(with $TOKEN / $PASSWORD)"
- lava-server manage users add --passwd $PASSWORD $USER || exit 1
+ if [ $STAFF -eq 1 ];then
+ USER_OPTION="$USER_OPTION --staff"
+ fi
+ if [ $SUPERUSER -eq 1 ];then
+ USER_OPTION="$USER_OPTION --superuser"
+ fi
+ echo "Adding username $USER DEBUG(with $TOKEN / $PASSWORD / $USER_OPTION)"
+ lava-server manage users add --passwd $PASSWORD $USER_OPTION $USER || exit 1
if [ ! -z "$TOKEN" ];then
lava-server manage tokens add --user $USER --secret $TOKEN || exit 1
fi
diff --git a/lavalab-gen.py b/lavalab-gen.py
index 64a4b0b..e5f5db0 100755
--- a/lavalab-gen.py
+++ b/lavalab-gen.py
@@ -120,7 +120,16 @@ def main(args):
ftok.write("TOKEN=" + token + "\n")
if user.has_key("password"):
password = user["password"]
- ftok.write("PASSWORD=" + password)
+ ftok.write("PASSWORD=" + password + "\n")
+ # libyaml convert yes/no to true/false...
+ if user.has_key("staff"):
+ value = user["staff"]
+ if value is True:
+ ftok.write("STAFF=1\n")
+ if user.has_key("superuser"):
+ value = user["superuser"]
+ if value is True:
+ ftok.write("SUPERUSER=1\n")
ftok.close()
if section_name == "callback_tokens":
for token in section:
diff --git a/tokens.yaml b/tokens.yaml
index c6a430f..d3a8760 100644
--- a/tokens.yaml
+++ b/tokens.yaml
@@ -1,4 +1,9 @@
lava_server_users:
+ - name: admin
+ token: longrandomtokenadmin
+ password: admin
+ superuser: yes
+ staff: yes
- name: example
token: longrandomtoken
password: examplepassword