forked from oamg/leapp-repository
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add actor inhibiting upgrade if deprecated directive found in ssh con…
…fig.
- Loading branch information
Showing
3 changed files
with
99 additions
and
0 deletions.
There are no files selected for viewing
23 changes: 23 additions & 0 deletions
23
repos/system_upgrade/el7toel8/actors/opensshdeprecateddirectivescheck/actor.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| from leapp.actors import Actor | ||
| from leapp.libraries.actor.opensshdeprecateddirectivescheck import inhibit_if_deprecated_directives_used | ||
| from leapp.models import Report, OpenSshConfig | ||
| from leapp.tags import ChecksPhaseTag, IPUWorkflowTag | ||
|
|
||
|
|
||
| class OpenSshDeprecatedDirectivesCheck(Actor): | ||
| """ | ||
| Check for any deprecated directives in the OpenSSH configuration. | ||
| Checks the directives used in the OpenSSH configuration for ones that have | ||
| been deprecated and their usage in newer versions would result in the sshd | ||
| service failing to start after the upgrade. | ||
| """ | ||
|
|
||
| name = 'open_ssh_deprecated_directives_check' | ||
| consumes = (OpenSshConfig,) | ||
| produces = (Report,) | ||
| tags = (ChecksPhaseTag, IPUWorkflowTag) | ||
|
|
||
| def process(self): | ||
| ssh_config = next(self.consume(OpenSshConfig)) | ||
| inhibit_if_deprecated_directives_used(ssh_config) |
26 changes: 26 additions & 0 deletions
26
...el8/actors/opensshdeprecateddirectivescheck/libraries/opensshdeprecateddirectivescheck.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| from leapp import reporting | ||
|
|
||
|
|
||
| LIST_SEPARATOR_FMT = '\n - ' | ||
|
|
||
|
|
||
| def inhibit_if_deprecated_directives_used(ssh_config_msg): | ||
| """ Inhibits the upgrade if any deprecated directives were found in the sshd configuration. """ | ||
|
|
||
| if ssh_config_msg.deprecated_directives: | ||
| # Prepare the output of the deprecated directives for the user | ||
| deprecated_directives_report_text = '' | ||
| for deprecated_directive in ssh_config_msg.deprecated_directives: | ||
| deprecated_directives_report_text += '{0}{1}'.format(LIST_SEPARATOR_FMT, deprecated_directive) | ||
|
|
||
| reporting.create_report([ | ||
| reporting.Title('A deprecated directive in the sshd configuration'), | ||
| reporting.Summary( | ||
| 'The following deprecated directives were found in the sshd configuration:{0}' | ||
| .format(deprecated_directives_report_text) | ||
| ), | ||
| reporting.Severity(reporting.Severity.HIGH), | ||
| reporting.Tags([reporting.Tags.SERVICES]), | ||
| reporting.Flags([reporting.Flags.INHIBITOR]), | ||
| reporting.Remediation(hint='Remove the deprecated directives from the sshd configuration.') | ||
| ]) |
50 changes: 50 additions & 0 deletions
50
...l8/actors/opensshdeprecateddirectivescheck/tests/test_opensshdeprecateddirectivescheck.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,50 @@ | ||
| import pytest | ||
|
|
||
| from leapp import reporting | ||
| from leapp.libraries.common.testutils import create_report_mocked, logger_mocked | ||
| from leapp.libraries.actor.opensshdeprecateddirectivescheck import inhibit_if_deprecated_directives_used | ||
| from leapp.models import OpenSshConfig | ||
|
|
||
|
|
||
| def test_inhibit_if_deprecated_directives_used(monkeypatch): | ||
| """Tests whether the upgrade is inhibited when deprecated directives are used in config.""" | ||
| created_report = create_report_mocked() | ||
| monkeypatch.setattr(reporting, 'create_report', created_report) | ||
|
|
||
| ssh_config = OpenSshConfig( | ||
| permit_root_login=[], | ||
| deprecated_directives=['ShowPatchLevel'] | ||
| ) | ||
|
|
||
| inhibit_if_deprecated_directives_used(ssh_config) | ||
|
|
||
| fail_description = 'Report entry was not created when deprecated directive found in the ssh config.' | ||
| assert created_report.called == 1, fail_description | ||
|
|
||
| fail_description = 'Report doesn\'t have information about deprecated directive in the title.' | ||
| assert 'deprecated directive' in created_report.report_fields['title'].lower(), fail_description | ||
|
|
||
| fail_description = 'Report doesn\'t contain the (mocked) deprecated directive present in the config.' | ||
| # The report should have the directive in a preserved form (same as found in configuration) | ||
| assert 'ShowPatchLevel' in created_report.report_fields['summary'], fail_description | ||
|
|
||
| assert created_report.report_fields['severity'] == 'high', 'Report has incorrect severity.' | ||
|
|
||
| fail_description = 'Report should have the inhibition flag set when deprecated directive is present.' | ||
| assert 'inhibitor' in created_report.report_fields['flags'], fail_description | ||
|
|
||
| assert created_report.report_fields['remediations'], 'Report should carry some remediation information.' | ||
|
|
||
|
|
||
| def test_inhibit_if_deprecated_directives_used_no_deprecated_directives(monkeypatch): | ||
| """Tests whether the upgrade is not inhibited when no deprecated directives are used in config.""" | ||
| created_report = create_report_mocked() | ||
| monkeypatch.setattr(reporting, 'create_report', created_report) | ||
|
|
||
| ssh_config = OpenSshConfig( | ||
| permit_root_login=[], | ||
| deprecated_directives=[] | ||
| ) | ||
|
|
||
| inhibit_if_deprecated_directives_used(ssh_config) | ||
| assert created_report.called == 0, 'No report should be created if no deprecated directive present in the config.' |