Commit 7bb7fdf9 authored by Fabien Combernous's avatar Fabien Combernous

enclosing passwords with quotes

parent 67cdb066
Pipeline #4052 passed with stages
in 63 minutes and 52 seconds
......@@ -115,6 +115,7 @@ A full description can be found in `REFERENCE.md`.
## Limitations
This module will not work well if managed passwords contain `'` or `\`. They must be banned.
Acceptance tests are done :
......
......@@ -35,6 +35,8 @@ define freeipa::config::humanadmin(
case $_ensure {
'present': {
$_adminpassword = $adminsettings['password']
exec { "ipa user-add ${_adminname}":
command => "ipa user-add ${_adminname} --first=${_adminname} --last=${_adminname} ",
unless => "kinit admin -k -t /home/admin/admin.keytab; ipa user-show ${_adminname} | grep login",
......@@ -44,8 +46,8 @@ define freeipa::config::humanadmin(
unless => "kinit admin -k -t /home/admin/admin.keytab; ipa group-show admins | grep ${_adminname}",
}
-> exec { "ldappasswd uid=${_adminname},cn=users,cn=accounts,${_dc}":
command => "ldappasswd -Z -H ldap://localhost -x -D \"cn=Directory Manager\" -w ${freeipa::directory_services_password} -s ${adminsettings['password']} \"uid=${_adminname},cn=users,cn=accounts,${_dc}\"",
unless => "echo \"${adminsettings['password']}\" | kinit ${_adminname}"
command => "ldappasswd -Z -H ldap://localhost -x -D 'cn=Directory Manager' -w '${freeipa::directory_services_password}' -s '${_adminpassword}' 'uid=${_adminname},cn=users,cn=accounts,${_dc}'",
unless => "echo '${_adminpassword}' | kinit ${_adminname}"
}
}
'absent': {
......
......@@ -9,23 +9,23 @@ describe 'freeipa class' do
ipa_role => 'master',
domain => 'example.lan',
ipa_server_fqdn => 'ipa-server-1.example.lan',
puppet_admin_password => 'secret123',
directory_services_password => 'secret123',
puppet_admin_password => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
directory_services_password => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
install_ipa_server => true,
ip_address => '10.10.10.35',
enable_ip_address => true,
enable_hostname => true,
enable_manage_admins => true,
enable_manage_admins => true,
manage_host_entry => true,
install_epel => true,
ipa_master_fqdn => 'ipa-server-1.example.lan',
humanadmins => {
foo => {
ensure => 'present',
password => 'secr@et/123',
password => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
},
bar => {
password => '^#,secret123',
password => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
ensure => 'present',
},
},
......@@ -50,9 +50,9 @@ describe 'freeipa class' do
ipa_role => 'replica',
domain => 'example.lan',
ipa_server_fqdn => 'ipa-server-2.example.lan',
puppet_admin_password => 'secret123',
directory_services_password => 'secret123',
password_usedto_joindomain => 'secret123',
puppet_admin_password => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
directory_services_password => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
password_usedto_joindomain => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
install_ipa_server => true,
ip_address => '10.10.10.36',
enable_ip_address => true,
......@@ -81,9 +81,9 @@ describe 'freeipa class' do
class {'freeipa':
ipa_role => 'client',
domain => 'example.lan',
puppet_admin_password => 'secret123',
directory_services_password => 'secret123',
password_usedto_joindomain => 'secret123',
puppet_admin_password => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
directory_services_password => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
password_usedto_joindomain => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
ip_address => '10.10.10.37',
install_epel => true,
ipa_master_fqdn => 'ipa-server-1.example.lan'
......@@ -104,8 +104,8 @@ describe 'freeipa class' do
ipa_role => 'replica',
domain => 'example.lan',
ipa_server_fqdn => 'ipa-server-1.example.lan',
puppet_admin_password => 'secret123',
directory_services_password => 'secret123',
puppet_admin_password => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
directory_services_password => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
install_ipa_server => true,
ip_address => '10.10.10.35',
enable_ip_address => true,
......@@ -128,9 +128,9 @@ describe 'freeipa class' do
class { 'freeipa':
ipa_role => 'client',
domain => 'example.lan',
puppet_admin_password => 'secret123',
directory_services_password => 'secret123',
password_usedto_joindomain => 'secret123',
puppet_admin_password => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
directory_services_password => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
password_usedto_joindomain => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
ip_address => '10.10.10.35',
install_epel => true,
ipa_master_fqdn => 'ipa-server-1.example.lan'
......@@ -146,11 +146,11 @@ describe 'freeipa class' do
# Install ssh key on root on master
hosts_as('master').each do |master|
it 'doest a kinit with puppet admin user' do
on(master, "echo 'secret123' | kinit admin")
on(master, "echo 's^ecr@et.ea;R/O*=?j!.QsAu+$' | kinit admin")
end
it 'creates user jsmith in freeipa' do
on(master, "echo 'secret123' | ipa user-add jsmith --first=John --last=Smith --password")
on(master, "echo 's^ecr@et.ea;R/O*=?j!.QsAu+$' | ipa user-add jsmith --first=John --last=Smith --password")
end
it 'creates ssh key' do
......@@ -207,7 +207,7 @@ describe 'freeipa class' do
pp = <<-EOS
exec { 'kinit foo':
path => '/bin/',
command => 'echo "secr@et/123" | kinit foo',
command => 'echo "s^ecr@et.ea;R/O*=?j!.QsAu+$" | kinit foo',
}
EOS
......@@ -219,13 +219,13 @@ describe 'freeipa class' do
ipa_role => 'master',
domain => 'example.lan',
ipa_server_fqdn => 'ipa-server-1.example.lan',
puppet_admin_password => 'secret123',
directory_services_password => 'secret123',
puppet_admin_password => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
directory_services_password => 's^ecr@et.ea;R/O*=?j!.QsAu+$',
install_ipa_server => true,
ip_address => '10.10.10.35',
enable_ip_address => true,
enable_hostname => true,
enable_manage_admins => true,
enable_manage_admins => true,
manage_host_entry => true,
install_epel => true,
ipa_master_fqdn => 'ipa-server-1.example.lan',
......@@ -244,7 +244,7 @@ describe 'freeipa class' do
apply_manifest_on(master, pp, catch_failures: true)
apply_manifest_on(master, pp, catch_changes: true)
end
it 'kinit for account foo with new password and expect to work' do
it 'kinit for account foo with new password and expected to work' do
pp = <<-EOS
exec { 'kinit foo':
path => '/bin/',
......@@ -254,11 +254,11 @@ describe 'freeipa class' do
apply_manifest_on(master, pp, catch_failures: true)
end
it 'kinit for deleted account bar and expect to fail' do
it 'kinit for deleted account bar and expected to fail' do
pp = <<-EOS
exec { 'kinit bar':
path => '/bin/',
command => 'echo "^#,secret123" | kinit bar',
command => 'echo "s^ecr@et.ea;R/O*=?j!.QsAu+$" | kinit bar',
}
EOS
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment