This repository has been archived by the owner on Dec 4, 2018. It is now read-only.
prevent crowbar batch from locking itself and the user out #1336
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This is not right yet. |
aspiers
changed the title
aspiers
force-pushed
the
improve-batch-auth
branch
from
5e93c27
to
b698752
Compare
aspiers
changed the title
|
OK this should be right now - needs a quick test though. |
| #"from #{@password} to #{users[@username]['password']} " + \ | ||
| "which would lock myself out!" | ||
| end | ||
| to_merge['attributes'][barclamp]['users'].delete @username |
There was a problem hiding this comment.
While testing this I got a
/opt/dell/bin/barclamp_lib.rb:536:in `eval': undefined local variable or method `to_merge' for main:Object (NameError)
Changing it to an instance variable @to_merge (in all its lines ofc) fixes this.
Second issue in this line: barclamp is unknown as-well. Making it a method argument fixed it for me.
There was a problem hiding this comment.
Thanks for the catch but there is a better fix for than these ;-)
added 2 commits
August 4, 2015 16:19
If crowbar batch is used to export the crowbar proposal from one cloud and apply it to another, it will change the machine-install user's password, which is typically the one used to run crowbar batch. This would break any future HTTP digest authentications against the Crowbar REST API, including ones invoked immediately after the change, by the still running crowbar batch process. So if the user inadvertently attempts to change the password they're currently relying on, simply output a warning and ignore the attempt.
e.g. if the username/password is wrong, it needs to be clear to the user that authentication failed.
aspiers
force-pushed
the
improve-batch-auth
branch
from
b698752
to
d6e9a9a
Compare
|
Tested again. Works. |
|
LGTM but I have not much experience with crowbar_batch |
|
@aspiers, this repository got merged into crowbar-core. |
|
Superseded by crowbar/crowbar-core#35 |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
If crowbar batch is used to export the crowbar proposal from one cloud and apply it to another, it will change the machine-install user's password, which is typically the one used to run crowbar batch. This would break any future HTTP digest authentications against the Crowbar REST API, including ones invoked immediately after the change, by the still running crowbar batch process. So if the user inadvertently attempts to change the password they're currently relying on, simply output a warning and ignore the attempt.
Also improve error reporting when retrieving aliases.