fix(reboot): probe explicit windows99 ssh users
Some checks failed
CD Pipeline / workflow-shape (push) Successful in 1s
CD Pipeline / cancel-stale-cd (push) Has been skipped
CD Pipeline / tests (push) Successful in 1m3s
CD Pipeline / build-and-deploy (push) Successful in 4m28s
E2E Health Check / e2e-health (push) Failing after 40s
CD Pipeline / post-deploy-checks (push) Has been cancelled
Some checks failed
CD Pipeline / workflow-shape (push) Successful in 1s
CD Pipeline / cancel-stale-cd (push) Has been skipped
CD Pipeline / tests (push) Successful in 1m3s
CD Pipeline / build-and-deploy (push) Successful in 4m28s
E2E Health Check / e2e-health (push) Failing after 40s
CD Pipeline / post-deploy-checks (push) Has been cancelled
This commit is contained in:
@@ -7,13 +7,19 @@ CONNECT_TIMEOUT="${WINDOWS99_CONNECT_TIMEOUT:-3}"
|
||||
SSH_TIMEOUT="${WINDOWS99_SSH_TIMEOUT:-3}"
|
||||
SSH_PORT="${WINDOWS99_SSH_PORT:-22}"
|
||||
MAX_AUTH_USERS="${WINDOWS99_MAX_AUTH_USERS:-2}"
|
||||
MAX_AUTH_USERS_EXPLICIT=0
|
||||
if [[ -n "${WINDOWS99_MAX_AUTH_USERS:-}" ]]; then
|
||||
MAX_AUTH_USERS_EXPLICIT=1
|
||||
fi
|
||||
KNOWN_HOSTS_FILE="${WINDOWS99_KNOWN_HOSTS_FILE:-/tmp/awoooi-windows99-known_hosts}"
|
||||
REMOTE_VERIFY_COMMAND="${WINDOWS99_REMOTE_VERIFY_COMMAND:-powershell -NoProfile -ExecutionPolicy Bypass -File .\\windows99-vmware-autostart.ps1 -Mode Verify}"
|
||||
SSH_USERS=(ogt wooo ooo administrator Administrator)
|
||||
SSH_USERS_EXPLICIT=0
|
||||
|
||||
if [[ -n "${WINDOWS99_SSH_USERS:-}" ]]; then
|
||||
# shellcheck disable=SC2206
|
||||
SSH_USERS=(${WINDOWS99_SSH_USERS})
|
||||
SSH_USERS_EXPLICIT=1
|
||||
fi
|
||||
|
||||
is_positive_int() {
|
||||
@@ -50,6 +56,7 @@ while [[ $# -gt 0 ]]; do
|
||||
shift
|
||||
# shellcheck disable=SC2206
|
||||
SSH_USERS=(${1:-})
|
||||
SSH_USERS_EXPLICIT=1
|
||||
;;
|
||||
--timeout)
|
||||
shift
|
||||
@@ -78,6 +85,12 @@ fi
|
||||
if ! is_positive_int "${MAX_AUTH_USERS}"; then
|
||||
MAX_AUTH_USERS=2
|
||||
fi
|
||||
if [[ "${SSH_USERS_EXPLICIT}" == "1" && "${MAX_AUTH_USERS_EXPLICIT}" != "1" ]]; then
|
||||
MAX_AUTH_USERS="${#SSH_USERS[@]}"
|
||||
fi
|
||||
if ! is_positive_int "${MAX_AUTH_USERS}"; then
|
||||
MAX_AUTH_USERS=2
|
||||
fi
|
||||
|
||||
if [[ "${MODE}" != "check" && "${MODE}" != "collect" ]]; then
|
||||
printf '%s\n' "error=invalid_mode:${MODE}" >&2
|
||||
|
||||
@@ -111,6 +111,45 @@ def test_check_mode_reports_open_ports_and_missing_publickey_auth(tmp_path: Path
|
||||
assert values["windows_update_policy_apply_performed"] == "false"
|
||||
|
||||
|
||||
def test_check_mode_probes_all_explicit_users_without_secret_prompt(tmp_path: Path) -> None:
|
||||
fake_bin = tmp_path / "bin"
|
||||
fake_bin.mkdir()
|
||||
_write_executable(
|
||||
fake_bin / "nc",
|
||||
"""
|
||||
#!/usr/bin/env bash
|
||||
port="${!#}"
|
||||
if [[ "$port" == "22" || "$port" == "3389" ]]; then
|
||||
exit 0
|
||||
fi
|
||||
exit 1
|
||||
""",
|
||||
)
|
||||
_write_executable(
|
||||
fake_bin / "ssh",
|
||||
"""
|
||||
#!/usr/bin/env bash
|
||||
exit 255
|
||||
""",
|
||||
)
|
||||
|
||||
result = _run_collector(
|
||||
fake_bin,
|
||||
"--check",
|
||||
"--users",
|
||||
"ogt wooo ooo administrator Administrator",
|
||||
)
|
||||
|
||||
assert result.returncode == 0
|
||||
values = _key_values(result.stdout)
|
||||
assert values["ssh_auth_probe_user_limit"] == "5"
|
||||
assert values["ssh_auth_probed_users"] == "5"
|
||||
assert values["ssh_batchmode_auth_ready"] == "0"
|
||||
assert values["verify_collection_status"] == "blocked_ssh_publickey_auth_missing"
|
||||
assert values["secret_value_read"] == "false"
|
||||
assert values["password_prompt_allowed"] == "false"
|
||||
|
||||
|
||||
def test_collect_mode_blocks_without_publickey_auth(tmp_path: Path) -> None:
|
||||
fake_bin = tmp_path / "bin"
|
||||
fake_bin.mkdir()
|
||||
|
||||
Reference in New Issue
Block a user