def create_user(self, name, **kwargs): """ Creates users for the system using the GNU passwd tools. This will work on an GNU system. This should be overriden on distros where useradd is not desirable or not available. """ # Add the user self.add_user(name, **kwargs) # Set password if plain-text password provided and non-empty if 'plain_text_passwd' in kwargs and kwargs['plain_text_passwd']: self.set_passwd(name, kwargs['plain_text_passwd']) # Default locking down the account. 'lock_passwd' defaults to True. # lock account unless lock_password is False. if kwargs.get('lock_passwd', True): self.lock_passwd(name) # Configure sudo access if 'sudo' in kwargs: self.write_sudo_rules(name, kwargs['sudo']) # Import SSH keys if 'ssh_authorized_keys' in kwargs: keys = set(kwargs['ssh_authorized_keys']) or [] ssh_util.setup_user_keys(keys, name, options=None) return True
def apply_credentials(keys, user, disable_root, disable_root_opts): keys = set(keys) if user: ssh_util.setup_user_keys(keys, user) if disable_root: if not user: user = "******" key_prefix = disable_root_opts.replace('$USER', user) else: key_prefix = '' ssh_util.setup_user_keys(keys, 'root', options=key_prefix)
def create_user(self, name, **kwargs): """ Creates users for the system using the GNU passwd tools. This will work on an GNU system. This should be overriden on distros where useradd is not desirable or not available. """ # Add the user self.add_user(name, **kwargs) # Set password if plain-text password provided and non-empty if 'plain_text_passwd' in kwargs and kwargs['plain_text_passwd']: self.set_passwd(name, kwargs['plain_text_passwd']) # Set password if hashed password is provided and non-empty if 'hashed_passwd' in kwargs and kwargs['hashed_passwd']: self.set_passwd(name, kwargs['hashed_passwd'], hashed=True) # Default locking down the account. 'lock_passwd' defaults to True. # lock account unless lock_password is False. if kwargs.get('lock_passwd', True): self.lock_passwd(name) # Configure sudo access if 'sudo' in kwargs: self.write_sudo_rules(name, kwargs['sudo']) # Import SSH keys if 'ssh_authorized_keys' in kwargs: # Try to handle this in a smart manner. keys = kwargs['ssh_authorized_keys'] if isinstance(keys, six.string_types): keys = [keys] if isinstance(keys, dict): keys = list(keys.values()) if keys is not None: if not isinstance(keys, (tuple, list, set)): LOG.warn("Invalid type '%s' detected for" " 'ssh_authorized_keys', expected list," " string, dict, or set.", type(keys)) else: keys = set(keys) or [] ssh_util.setup_user_keys(keys, name, options=None) return True
def create_user(self, name, **kwargs): self.add_user(name, **kwargs) # Set password if plain-text password provided and non-empty if 'plain_text_passwd' in kwargs and kwargs['plain_text_passwd']: self.set_passwd(name, kwargs['plain_text_passwd']) # Default locking down the account. 'lock_passwd' defaults to True. # lock account unless lock_password is False. if kwargs.get('lock_passwd', True): self.lock_passwd(name) # Configure sudo access if 'sudo' in kwargs: self.write_sudo_rules(name, kwargs['sudo']) # Import SSH keys if 'ssh_authorized_keys' in kwargs: keys = set(kwargs['ssh_authorized_keys']) or [] ssh_util.setup_user_keys(keys, name, options=None)
def create_user(self, name, **kwargs): """ Creates users for the system using the GNU passwd tools. This will work on an GNU system. This should be overriden on distros where useradd is not desirable or not available. """ # Add the user self.add_user(name, **kwargs) # Set password if plain-text password provided and non-empty if 'plain_text_passwd' in kwargs and kwargs['plain_text_passwd']: self.set_passwd(name, kwargs['plain_text_passwd']) # Default locking down the account. 'lock_passwd' defaults to True. # lock account unless lock_password is False. if kwargs.get('lock_passwd', True): self.lock_passwd(name) # Configure sudo access if 'sudo' in kwargs: self.write_sudo_rules(name, kwargs['sudo']) # Import SSH keys if 'ssh_authorized_keys' in kwargs: # Try to handle this in a smart manner. keys = kwargs['ssh_authorized_keys'] if isinstance(keys, six.string_types): keys = [keys] if isinstance(keys, dict): keys = list(keys.values()) if keys is not None: if not isinstance(keys, (tuple, list, set)): LOG.warn("Invalid type '%s' detected for" " 'ssh_authorized_keys', expected list," " string, dict, or set.", type(keys)) else: keys = set(keys) or [] ssh_util.setup_user_keys(keys, name, options=None) return True
def create_user(self, name, **kwargs): """ Creates users for the system using the GNU passwd tools. This will work on an GNU system. This should be overriden on distros where useradd is not desirable or not available. """ # Add a snap user, if requested if 'snapuser' in kwargs: return self.add_snap_user(name, **kwargs) # Add the user self.add_user(name, **kwargs) # Set password if plain-text password provided and non-empty if 'plain_text_passwd' in kwargs and kwargs['plain_text_passwd']: self.set_passwd(name, kwargs['plain_text_passwd']) # Set password if hashed password is provided and non-empty if 'hashed_passwd' in kwargs and kwargs['hashed_passwd']: self.set_passwd(name, kwargs['hashed_passwd'], hashed=True) # Default locking down the account. 'lock_passwd' defaults to True. # lock account unless lock_password is False. if kwargs.get('lock_passwd', True): self.lock_passwd(name) # Configure sudo access if 'sudo' in kwargs and kwargs['sudo'] is not False: self.write_sudo_rules(name, kwargs['sudo']) # Import SSH keys if 'ssh_authorized_keys' in kwargs: # Try to handle this in a smart manner. keys = kwargs['ssh_authorized_keys'] if isinstance(keys, str): keys = [keys] elif isinstance(keys, dict): keys = list(keys.values()) if keys is not None: if not isinstance(keys, (tuple, list, set)): LOG.warning( "Invalid type '%s' detected for" " 'ssh_authorized_keys', expected list," " string, dict, or set.", type(keys)) keys = [] else: keys = set(keys) or [] ssh_util.setup_user_keys(set(keys), name) if 'ssh_redirect_user' in kwargs: cloud_keys = kwargs.get('cloud_public_ssh_keys', []) if not cloud_keys: LOG.warning( 'Unable to disable SSH logins for %s given' ' ssh_redirect_user: %s. No cloud public-keys present.', name, kwargs['ssh_redirect_user']) else: redirect_user = kwargs['ssh_redirect_user'] disable_option = ssh_util.DISABLE_USER_OPTS disable_option = disable_option.replace('$USER', redirect_user) disable_option = disable_option.replace('$DISABLE_USER', name) ssh_util.setup_user_keys(set(cloud_keys), name, options=disable_option) return True
def create_user(self, name, **kwargs): """ Creates or partially updates the ``name`` user in the system. This defers the actual user creation to ``self.add_user`` or ``self.add_snap_user``, and most of the keys in ``kwargs`` will be processed there if and only if the user does not already exist. Once the existence of the ``name`` user has been ensured, this method then processes these keys (for both just-created and pre-existing users): * ``plain_text_passwd`` * ``hashed_passwd`` * ``lock_passwd`` * ``sudo`` * ``ssh_authorized_keys`` * ``ssh_redirect_user`` """ # Add a snap user, if requested if "snapuser" in kwargs: return self.add_snap_user(name, **kwargs) # Add the user self.add_user(name, **kwargs) # Set password if plain-text password provided and non-empty if "plain_text_passwd" in kwargs and kwargs["plain_text_passwd"]: self.set_passwd(name, kwargs["plain_text_passwd"]) # Set password if hashed password is provided and non-empty if "hashed_passwd" in kwargs and kwargs["hashed_passwd"]: self.set_passwd(name, kwargs["hashed_passwd"], hashed=True) # Default locking down the account. 'lock_passwd' defaults to True. # lock account unless lock_password is False. if kwargs.get("lock_passwd", True): self.lock_passwd(name) # Configure sudo access if "sudo" in kwargs and kwargs["sudo"] is not False: self.write_sudo_rules(name, kwargs["sudo"]) # Import SSH keys if "ssh_authorized_keys" in kwargs: # Try to handle this in a smart manner. keys = kwargs["ssh_authorized_keys"] if isinstance(keys, str): keys = [keys] elif isinstance(keys, dict): keys = list(keys.values()) if keys is not None: if not isinstance(keys, (tuple, list, set)): LOG.warning( "Invalid type '%s' detected for" " 'ssh_authorized_keys', expected list," " string, dict, or set.", type(keys), ) keys = [] else: keys = set(keys) or [] ssh_util.setup_user_keys(set(keys), name) if "ssh_redirect_user" in kwargs: cloud_keys = kwargs.get("cloud_public_ssh_keys", []) if not cloud_keys: LOG.warning( "Unable to disable SSH logins for %s given" " ssh_redirect_user: %s. No cloud public-keys present.", name, kwargs["ssh_redirect_user"], ) else: redirect_user = kwargs["ssh_redirect_user"] disable_option = ssh_util.DISABLE_USER_OPTS disable_option = disable_option.replace("$USER", redirect_user) disable_option = disable_option.replace("$DISABLE_USER", name) ssh_util.setup_user_keys( set(cloud_keys), name, options=disable_option ) return True
def apply_credentials(keys, user): keys = set(keys) if user: ssh_util.setup_user_keys(keys, user)
def create_user(self, name, **kwargs): """ Creates users for the system using the GNU passwd tools. This will work on an GNU system. This should be overriden on distros where useradd is not desirable or not available. """ # Add a snap user, if requested if 'snapuser' in kwargs: return self.add_snap_user(name, **kwargs) # Add the user self.add_user(name, **kwargs) # Set password if plain-text password provided and non-empty if 'plain_text_passwd' in kwargs and kwargs['plain_text_passwd']: self.set_passwd(name, kwargs['plain_text_passwd']) # Set password if hashed password is provided and non-empty if 'hashed_passwd' in kwargs and kwargs['hashed_passwd']: self.set_passwd(name, kwargs['hashed_passwd'], hashed=True) # Default locking down the account. 'lock_passwd' defaults to True. # lock account unless lock_password is False. if kwargs.get('lock_passwd', True): self.lock_passwd(name) # Configure sudo access if 'sudo' in kwargs and kwargs['sudo'] is not False: self.write_sudo_rules(name, kwargs['sudo']) # Import SSH keys if 'ssh_authorized_keys' in kwargs: # Try to handle this in a smart manner. keys = kwargs['ssh_authorized_keys'] if isinstance(keys, six.string_types): keys = [keys] elif isinstance(keys, dict): keys = list(keys.values()) if keys is not None: if not isinstance(keys, (tuple, list, set)): LOG.warning("Invalid type '%s' detected for" " 'ssh_authorized_keys', expected list," " string, dict, or set.", type(keys)) keys = [] else: keys = set(keys) or [] ssh_util.setup_user_keys(set(keys), name) if 'ssh_redirect_user' in kwargs: cloud_keys = kwargs.get('cloud_public_ssh_keys', []) if not cloud_keys: LOG.warning( 'Unable to disable ssh logins for %s given' ' ssh_redirect_user: %s. No cloud public-keys present.', name, kwargs['ssh_redirect_user']) else: redirect_user = kwargs['ssh_redirect_user'] disable_option = ssh_util.DISABLE_USER_OPTS disable_option = disable_option.replace('$USER', redirect_user) disable_option = disable_option.replace('$DISABLE_USER', name) ssh_util.setup_user_keys( set(cloud_keys), name, options=disable_option) return True