forked from clan/clan-core
Merge pull request 'clan-cli: Fix user-password without user-prompt. Remove newlines from user-password and root-password. Improve test_generate_secret' (#1653) from Qubasa/clan-core:Qubasa-main into main
This commit is contained in:
commit
690a1fe64c
@ -13,8 +13,8 @@
|
||||
mkpasswd
|
||||
];
|
||||
generator.script = ''
|
||||
xkcdpass --numwords 3 --delimiter - --count 1 > $secrets/password
|
||||
cat $secrets/password | mkpasswd -s -m sha-512 > $secrets/password-hash
|
||||
xkcdpass --numwords 3 --delimiter - --count 1 | tr -d "\n" > $secrets/password
|
||||
cat $secrets/password | mkpasswd -s -m sha-512 | tr -d "\n" > $secrets/password-hash
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
@ -37,12 +37,12 @@
|
||||
mkpasswd
|
||||
];
|
||||
generator.script = ''
|
||||
if [[ -n $prompt_value ]]; then
|
||||
echo $prompt_value | tr -d '\n' > $secrets/user-password
|
||||
if [[ -n ''${prompt_value-} ]]; then
|
||||
echo $prompt_value | tr -d "\n" > $secrets/user-password
|
||||
else
|
||||
xkcdpass --numwords 3 --delimiter - --count 1 | tr -d '\n' > $secrets/user-password
|
||||
xkcdpass --numwords 3 --delimiter - --count 1 | tr -d "\n" > $secrets/user-password
|
||||
fi
|
||||
cat $secrets/user-password | mkpasswd -s -m sha-512 > $secrets/user-password-hash
|
||||
cat $secrets/user-password | mkpasswd -s -m sha-512 | tr -d "\n" > $secrets/user-password-hash
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
@ -41,7 +41,10 @@
|
||||
imports = [
|
||||
clan-core.clanModules.sshd
|
||||
clan-core.clanModules.root-password
|
||||
clan-core.clanModules.user-password
|
||||
];
|
||||
clan.user-password.user = "alice";
|
||||
clan.user-password.prompt = false;
|
||||
clan.networking.targetHost = "__CLAN_TARGET_ADDRESS__";
|
||||
system.stateVersion = lib.version;
|
||||
sops.age.keyFile = "__CLAN_SOPS_KEY_PATH__";
|
||||
|
@ -83,6 +83,7 @@ def test_generate_secret(
|
||||
|
||||
# Assert that the age key is valid
|
||||
age_secret = decrypt_secret(test_flake_with_core.path, "vm1-age.key")
|
||||
assert age_secret.isprintable()
|
||||
assert is_valid_age_key(age_secret)
|
||||
|
||||
# # Assert that the ssh key is valid
|
||||
@ -100,6 +101,9 @@ def test_generate_secret(
|
||||
).exists()
|
||||
|
||||
assert has_secret(test_flake_with_core.path, "vm2-password")
|
||||
assert has_secret(test_flake_with_core.path, "vm2-password-hash")
|
||||
assert has_secret(test_flake_with_core.path, "vm2-user-password")
|
||||
assert has_secret(test_flake_with_core.path, "vm2-user-password-hash")
|
||||
assert has_secret(test_flake_with_core.path, "vm2-ssh.id_ed25519")
|
||||
assert has_secret(test_flake_with_core.path, "vm2-age.key")
|
||||
assert has_secret(test_flake_with_core.path, "vm2-zerotier-identity-secret")
|
||||
@ -109,6 +113,7 @@ def test_generate_secret(
|
||||
|
||||
# Assert that the age key is valid
|
||||
age_secret = decrypt_secret(test_flake_with_core.path, "vm2-age.key")
|
||||
assert age_secret.isprintable()
|
||||
assert is_valid_age_key(age_secret)
|
||||
|
||||
# Assert that the ssh key is valid
|
||||
@ -116,8 +121,18 @@ def test_generate_secret(
|
||||
ssh_pub = machine_get_fact(test_flake_with_core.path, "vm2", "ssh.id_ed25519.pub")
|
||||
assert is_valid_ssh_key(ssh_secret, ssh_pub)
|
||||
|
||||
# Assert that root-password is valid
|
||||
pwd_secret = decrypt_secret(test_flake_with_core.path, "vm2-password")
|
||||
# remove last newline
|
||||
pwd_secret = pwd_secret[:-1]
|
||||
assert pwd_secret.isprintable()
|
||||
assert pwd_secret.isascii()
|
||||
pwd_hash = decrypt_secret(test_flake_with_core.path, "vm2-password-hash")
|
||||
assert pwd_hash.isprintable()
|
||||
assert pwd_hash.isascii()
|
||||
|
||||
# Assert that user-password is valid
|
||||
pwd_secret = decrypt_secret(test_flake_with_core.path, "vm2-user-password")
|
||||
assert pwd_secret.isprintable()
|
||||
assert pwd_secret.isascii()
|
||||
pwd_hash = decrypt_secret(test_flake_with_core.path, "vm2-user-password-hash")
|
||||
assert pwd_hash.isprintable()
|
||||
assert pwd_hash.isascii()
|
||||
|
Loading…
Reference in New Issue
Block a user