forked from clan/clan-core
Merge pull request 'clan-cli: Fix user-password without user-prompt. Remove newlines from user-password and root-password. Improve test_generate_secret' (#1653) from Qubasa/clan-core:Qubasa-main into main
This commit is contained in:
commit
690a1fe64c
@ -13,8 +13,8 @@
|
|||||||
mkpasswd
|
mkpasswd
|
||||||
];
|
];
|
||||||
generator.script = ''
|
generator.script = ''
|
||||||
xkcdpass --numwords 3 --delimiter - --count 1 > $secrets/password
|
xkcdpass --numwords 3 --delimiter - --count 1 | tr -d "\n" > $secrets/password
|
||||||
cat $secrets/password | mkpasswd -s -m sha-512 > $secrets/password-hash
|
cat $secrets/password | mkpasswd -s -m sha-512 | tr -d "\n" > $secrets/password-hash
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -37,12 +37,12 @@
|
|||||||
mkpasswd
|
mkpasswd
|
||||||
];
|
];
|
||||||
generator.script = ''
|
generator.script = ''
|
||||||
if [[ -n $prompt_value ]]; then
|
if [[ -n ''${prompt_value-} ]]; then
|
||||||
echo $prompt_value | tr -d '\n' > $secrets/user-password
|
echo $prompt_value | tr -d "\n" > $secrets/user-password
|
||||||
else
|
else
|
||||||
xkcdpass --numwords 3 --delimiter - --count 1 | tr -d '\n' > $secrets/user-password
|
xkcdpass --numwords 3 --delimiter - --count 1 | tr -d "\n" > $secrets/user-password
|
||||||
fi
|
fi
|
||||||
cat $secrets/user-password | mkpasswd -s -m sha-512 > $secrets/user-password-hash
|
cat $secrets/user-password | mkpasswd -s -m sha-512 | tr -d "\n" > $secrets/user-password-hash
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -41,7 +41,10 @@
|
|||||||
imports = [
|
imports = [
|
||||||
clan-core.clanModules.sshd
|
clan-core.clanModules.sshd
|
||||||
clan-core.clanModules.root-password
|
clan-core.clanModules.root-password
|
||||||
|
clan-core.clanModules.user-password
|
||||||
];
|
];
|
||||||
|
clan.user-password.user = "alice";
|
||||||
|
clan.user-password.prompt = false;
|
||||||
clan.networking.targetHost = "__CLAN_TARGET_ADDRESS__";
|
clan.networking.targetHost = "__CLAN_TARGET_ADDRESS__";
|
||||||
system.stateVersion = lib.version;
|
system.stateVersion = lib.version;
|
||||||
sops.age.keyFile = "__CLAN_SOPS_KEY_PATH__";
|
sops.age.keyFile = "__CLAN_SOPS_KEY_PATH__";
|
||||||
|
@ -83,6 +83,7 @@ def test_generate_secret(
|
|||||||
|
|
||||||
# Assert that the age key is valid
|
# Assert that the age key is valid
|
||||||
age_secret = decrypt_secret(test_flake_with_core.path, "vm1-age.key")
|
age_secret = decrypt_secret(test_flake_with_core.path, "vm1-age.key")
|
||||||
|
assert age_secret.isprintable()
|
||||||
assert is_valid_age_key(age_secret)
|
assert is_valid_age_key(age_secret)
|
||||||
|
|
||||||
# # Assert that the ssh key is valid
|
# # Assert that the ssh key is valid
|
||||||
@ -100,6 +101,9 @@ def test_generate_secret(
|
|||||||
).exists()
|
).exists()
|
||||||
|
|
||||||
assert has_secret(test_flake_with_core.path, "vm2-password")
|
assert has_secret(test_flake_with_core.path, "vm2-password")
|
||||||
|
assert has_secret(test_flake_with_core.path, "vm2-password-hash")
|
||||||
|
assert has_secret(test_flake_with_core.path, "vm2-user-password")
|
||||||
|
assert has_secret(test_flake_with_core.path, "vm2-user-password-hash")
|
||||||
assert has_secret(test_flake_with_core.path, "vm2-ssh.id_ed25519")
|
assert has_secret(test_flake_with_core.path, "vm2-ssh.id_ed25519")
|
||||||
assert has_secret(test_flake_with_core.path, "vm2-age.key")
|
assert has_secret(test_flake_with_core.path, "vm2-age.key")
|
||||||
assert has_secret(test_flake_with_core.path, "vm2-zerotier-identity-secret")
|
assert has_secret(test_flake_with_core.path, "vm2-zerotier-identity-secret")
|
||||||
@ -109,6 +113,7 @@ def test_generate_secret(
|
|||||||
|
|
||||||
# Assert that the age key is valid
|
# Assert that the age key is valid
|
||||||
age_secret = decrypt_secret(test_flake_with_core.path, "vm2-age.key")
|
age_secret = decrypt_secret(test_flake_with_core.path, "vm2-age.key")
|
||||||
|
assert age_secret.isprintable()
|
||||||
assert is_valid_age_key(age_secret)
|
assert is_valid_age_key(age_secret)
|
||||||
|
|
||||||
# Assert that the ssh key is valid
|
# Assert that the ssh key is valid
|
||||||
@ -116,8 +121,18 @@ def test_generate_secret(
|
|||||||
ssh_pub = machine_get_fact(test_flake_with_core.path, "vm2", "ssh.id_ed25519.pub")
|
ssh_pub = machine_get_fact(test_flake_with_core.path, "vm2", "ssh.id_ed25519.pub")
|
||||||
assert is_valid_ssh_key(ssh_secret, ssh_pub)
|
assert is_valid_ssh_key(ssh_secret, ssh_pub)
|
||||||
|
|
||||||
|
# Assert that root-password is valid
|
||||||
pwd_secret = decrypt_secret(test_flake_with_core.path, "vm2-password")
|
pwd_secret = decrypt_secret(test_flake_with_core.path, "vm2-password")
|
||||||
# remove last newline
|
|
||||||
pwd_secret = pwd_secret[:-1]
|
|
||||||
assert pwd_secret.isprintable()
|
assert pwd_secret.isprintable()
|
||||||
assert pwd_secret.isascii()
|
assert pwd_secret.isascii()
|
||||||
|
pwd_hash = decrypt_secret(test_flake_with_core.path, "vm2-password-hash")
|
||||||
|
assert pwd_hash.isprintable()
|
||||||
|
assert pwd_hash.isascii()
|
||||||
|
|
||||||
|
# Assert that user-password is valid
|
||||||
|
pwd_secret = decrypt_secret(test_flake_with_core.path, "vm2-user-password")
|
||||||
|
assert pwd_secret.isprintable()
|
||||||
|
assert pwd_secret.isascii()
|
||||||
|
pwd_hash = decrypt_secret(test_flake_with_core.path, "vm2-user-password-hash")
|
||||||
|
assert pwd_hash.isprintable()
|
||||||
|
assert pwd_hash.isascii()
|
||||||
|
Loading…
Reference in New Issue
Block a user