GCE data source should only add "ubuntu" keys to the ubuntu user
Bug #1707037 reported by
Dan Watkins
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cloud-init |
Fix Released
|
Medium
|
Max Illfelder | ||
cloud-init (Ubuntu) |
Fix Released
|
Medium
|
Max Illfelder |
Bug Description
GCE supports specifying SSH keys for an instance as a tuple of (username, key). Currently, cloud-init will add all keys to the default (ubuntu) user, regardless of the user specified in metadata.
This is problematic because there may be users in the metadata who are not intended to have sudo access but could gain sudo privileges via the ubuntu user.
Related branches
~chad.smith/cloud-init:ubuntu/devel
- Server Team CI bot: Approve (continuous-integration)
- Scott Moser: Pending requested
-
Diff: 955 lines (+415/-129)14 files modifiedcloudinit/sources/DataSourceConfigDrive.py (+2/-2)
cloudinit/sources/DataSourceGCE.py (+95/-39)
cloudinit/util.py (+51/-43)
debian/changelog (+14/-0)
tests/cloud_tests/platforms/ec2/instance.py (+8/-2)
tests/cloud_tests/platforms/ec2/platform.py (+30/-3)
tests/cloud_tests/releases.yaml (+0/-16)
tests/cloud_tests/testcases/modules/ntp_pools.yaml (+1/-1)
tests/cloud_tests/testcases/modules/ntp_servers.yaml (+1/-1)
tests/unittests/test_datasource/test_configdrive.py (+6/-0)
tests/unittests/test_datasource/test_gce.py (+172/-21)
tests/unittests/test_ds_identify.py (+17/-0)
tests/unittests/test_util.py (+15/-0)
tools/ds-identify (+3/-1)
~illfelder/cloud-init:master
- Scott Moser: Approve
- Server Team CI bot: Approve (continuous-integration)
- Dan Watkins: Pending requested
-
Diff: 548 lines (+267/-60)2 files modifiedcloudinit/sources/DataSourceGCE.py (+95/-39)
tests/unittests/test_datasource/test_gce.py (+172/-21)
Changed in cloud-init: | |
status: | New → Fix Committed |
assignee: | nobody → Max Illfelder (illfelder) |
Changed in cloud-init (Ubuntu): | |
assignee: | nobody → Max Illfelder (illfelder) |
status: | New → Fix Committed |
Changed in cloud-init: | |
importance: | Undecided → Medium |
Changed in cloud-init (Ubuntu): | |
importance: | Undecided → Medium |
To post a comment you must log in.
This bug was fixed in the package cloud-init - 17.2-20- g32a6a176- 0ubuntu1
--------------- g32a6a176- 0ubuntu1) bionic; urgency=medium
cloud-init (17.2-20-
* New upstream snapshot. nError have expected types in stderr, stdout.
- tests: Fix EC2 Platform to return console output as bytes.
- tests: Fix attempted use of /run in a test case.
- GCE: Improvements and changes to ssh key behavior for default user.
[Max Illfelder] (LP: #1670456, #1707033, #1707037, #1707039)
- subp: make ProcessExecutio
- tests: when querying ntp server, do not do dns resolution.
- Recognize uppercase vfat disk labels [James Penick] (LP: #1598783)
- tests: remove zesty as supported OS to test
-- Chad Smith <email address hidden> Tue, 23 Jan 2018 20:10:44 -0700