* Mon Jul 01 2024 Miroslav Rezanina <mrezanin@redhat.com> - 24.1.4-11
- ci-Deprecate-the-users-ssh-authorized-keys-property-516.patch [RHEL-45263] - ci-docs-Add-deprecated-system_info-to-schema-5168.patch [RHEL-45263] - ci-fix-schema-permit-deprecated-hyphenated-keys-under-u.patch [RHEL-45263] - Resolves: RHEL-45263 (Deprecate the users ssh-authorized-keys property and permit deprecated hyphenated keys under users key [rhel-10])
This commit is contained in:
parent
421b4f21fd
commit
e4ad52664a
108
ci-Deprecate-the-users-ssh-authorized-keys-property-516.patch
Normal file
108
ci-Deprecate-the-users-ssh-authorized-keys-property-516.patch
Normal file
@ -0,0 +1,108 @@
|
|||||||
|
From 50c4b5575d9f8d93f1d55448dd59b2fce827e4b9 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Anders=20Bj=C3=B6rklund?= <anders.f.bjorklund@gmail.com>
|
||||||
|
Date: Mon, 22 Apr 2024 17:52:44 +0200
|
||||||
|
Subject: [PATCH 1/3] Deprecate the users ssh-authorized-keys property (#5162)
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Ani Sinha <anisinha@redhat.com>
|
||||||
|
RH-MergeRequest: 94: Deprecate the users ssh-authorized-keys property (#5162)
|
||||||
|
RH-Jira: RHEL-45263
|
||||||
|
RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||||
|
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
RH-Commit: [1/3] 79e1b116a8c60ebe7e70a9670ff7626fb204d6a1 (anisinha/cloud-init)
|
||||||
|
|
||||||
|
Deprecate the users ssh-authorized-keys property
|
||||||
|
|
||||||
|
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
||||||
|
(cherry picked from commit 5205b4dd74eb2168ebbeba56579b6f116a272937)
|
||||||
|
---
|
||||||
|
.../schemas/schema-cloud-config-v1.json | 16 ++++++++++
|
||||||
|
.../unittests/config/test_cc_users_groups.py | 30 +++++++++++++++++++
|
||||||
|
tools/.github-cla-signers | 1 +
|
||||||
|
3 files changed, 47 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/cloudinit/config/schemas/schema-cloud-config-v1.json b/cloudinit/config/schemas/schema-cloud-config-v1.json
|
||||||
|
index c47e7c4f..24b6c4bd 100644
|
||||||
|
--- a/cloudinit/config/schemas/schema-cloud-config-v1.json
|
||||||
|
+++ b/cloudinit/config/schemas/schema-cloud-config-v1.json
|
||||||
|
@@ -361,6 +361,22 @@
|
||||||
|
},
|
||||||
|
"minItems": 1
|
||||||
|
},
|
||||||
|
+ "ssh-authorized-keys": {
|
||||||
|
+ "allOf": [
|
||||||
|
+ {
|
||||||
|
+ "type": "array",
|
||||||
|
+ "items": {
|
||||||
|
+ "type": "string"
|
||||||
|
+ },
|
||||||
|
+ "minItems": 1
|
||||||
|
+ },
|
||||||
|
+ {
|
||||||
|
+ "deprecated": true,
|
||||||
|
+ "deprecated_version": "18.3",
|
||||||
|
+ "deprecated_description": "Use ``ssh_authorized_keys`` instead."
|
||||||
|
+ }
|
||||||
|
+ ]
|
||||||
|
+ },
|
||||||
|
"ssh_import_id": {
|
||||||
|
"description": "List of ssh ids to import for user. Can not be combined with ``ssh_redirect_user``. See the man page[1] for more details. [1] https://manpages.ubuntu.com/manpages/noble/en/man1/ssh-import-id.1.html",
|
||||||
|
"type": "array",
|
||||||
|
diff --git a/tests/unittests/config/test_cc_users_groups.py b/tests/unittests/config/test_cc_users_groups.py
|
||||||
|
index 3300b77b..53e231e1 100644
|
||||||
|
--- a/tests/unittests/config/test_cc_users_groups.py
|
||||||
|
+++ b/tests/unittests/config/test_cc_users_groups.py
|
||||||
|
@@ -503,6 +503,36 @@ class TestUsersGroupsSchema:
|
||||||
|
),
|
||||||
|
True,
|
||||||
|
),
|
||||||
|
+ (
|
||||||
|
+ {
|
||||||
|
+ "users": [
|
||||||
|
+ {
|
||||||
|
+ "name": "lima",
|
||||||
|
+ "uid": "1000",
|
||||||
|
+ "homedir": "/home/lima.linux",
|
||||||
|
+ "shell": "/bin/bash",
|
||||||
|
+ "sudo": "ALL=(ALL) NOPASSWD:ALL",
|
||||||
|
+ "lock_passwd": True,
|
||||||
|
+ "ssh-authorized-keys": ["ssh-ed25519 ..."],
|
||||||
|
+ }
|
||||||
|
+ ]
|
||||||
|
+ },
|
||||||
|
+ pytest.raises(
|
||||||
|
+ SchemaValidationError,
|
||||||
|
+ match=(
|
||||||
|
+ "Cloud config schema deprecations: "
|
||||||
|
+ "users.0.ssh-authorized-keys: "
|
||||||
|
+ " Deprecated in version 18.3."
|
||||||
|
+ " Use ``ssh_authorized_keys`` instead."
|
||||||
|
+ ", "
|
||||||
|
+ "users.0.uid: "
|
||||||
|
+ " Changed in version 22.3."
|
||||||
|
+ " The use of ``string`` type is deprecated."
|
||||||
|
+ " Use an ``integer`` instead."
|
||||||
|
+ ),
|
||||||
|
+ ),
|
||||||
|
+ False,
|
||||||
|
+ ),
|
||||||
|
],
|
||||||
|
)
|
||||||
|
@skipUnlessJsonSchema()
|
||||||
|
diff --git a/tools/.github-cla-signers b/tools/.github-cla-signers
|
||||||
|
index bd50dc84..8da1e3a3 100644
|
||||||
|
--- a/tools/.github-cla-signers
|
||||||
|
+++ b/tools/.github-cla-signers
|
||||||
|
@@ -3,6 +3,7 @@ aciba90
|
||||||
|
acourdavAkamai
|
||||||
|
ader1990
|
||||||
|
adobley
|
||||||
|
+afbjorklund
|
||||||
|
ajmyyra
|
||||||
|
akutz
|
||||||
|
AlexBaranowski
|
||||||
|
--
|
||||||
|
2.39.3
|
||||||
|
|
170
ci-docs-Add-deprecated-system_info-to-schema-5168.patch
Normal file
170
ci-docs-Add-deprecated-system_info-to-schema-5168.patch
Normal file
@ -0,0 +1,170 @@
|
|||||||
|
From d64a8c310bd73c00ad88898be507d48ef653bfe4 Mon Sep 17 00:00:00 2001
|
||||||
|
From: James Falcon <james.falcon@canonical.com>
|
||||||
|
Date: Thu, 18 Apr 2024 20:21:14 -0500
|
||||||
|
Subject: [PATCH 2/3] docs: Add deprecated system_info to schema (#5168)
|
||||||
|
|
||||||
|
RH-Author: Ani Sinha <anisinha@redhat.com>
|
||||||
|
RH-MergeRequest: 94: Deprecate the users ssh-authorized-keys property (#5162)
|
||||||
|
RH-Jira: RHEL-45263
|
||||||
|
RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||||
|
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
RH-Commit: [2/3] c3454815e569896df0368ddbda0c648216363ed0 (anisinha/cloud-init)
|
||||||
|
|
||||||
|
In some cases, `system_info` can be passed via user data or vendor data
|
||||||
|
to override the system_info in /etc/cloud/cloud.cfg . While this
|
||||||
|
technically can work, this is a use case we no longer support and should
|
||||||
|
indicate that it is deprecated.
|
||||||
|
|
||||||
|
Also remove/update examples.
|
||||||
|
|
||||||
|
(cherry picked from commit 7c67f7732f04b41600934818f7d5bcb4d085ed7c)
|
||||||
|
---
|
||||||
|
.../schemas/schema-cloud-config-v1.json | 7 ++++++
|
||||||
|
doc/examples/cloud-config-apt.txt | 23 -------------------
|
||||||
|
doc/examples/cloud-config-user-groups.txt | 12 ++--------
|
||||||
|
tests/data/user_data.1.txt | 10 --------
|
||||||
|
tests/unittests/runs/test_merge_run.py | 16 ++++++++++++-
|
||||||
|
tests/unittests/sources/test_vultr.py | 3 ---
|
||||||
|
6 files changed, 24 insertions(+), 47 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/cloudinit/config/schemas/schema-cloud-config-v1.json b/cloudinit/config/schemas/schema-cloud-config-v1.json
|
||||||
|
index 24b6c4bd..23573583 100644
|
||||||
|
--- a/cloudinit/config/schemas/schema-cloud-config-v1.json
|
||||||
|
+++ b/cloudinit/config/schemas/schema-cloud-config-v1.json
|
||||||
|
@@ -602,6 +602,12 @@
|
||||||
|
},
|
||||||
|
"merge_type": {
|
||||||
|
"$ref": "#/$defs/merge_definition"
|
||||||
|
+ },
|
||||||
|
+ "system_info": {
|
||||||
|
+ "type": "object",
|
||||||
|
+ "description": "System and/or distro specific settings. This is not intended to be overridden by user data or vendor data.",
|
||||||
|
+ "deprecated": true,
|
||||||
|
+ "deprecated_version": "24.2"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
@@ -3894,6 +3900,7 @@
|
||||||
|
"ssh_pwauth": {},
|
||||||
|
"ssh_quiet_keygen": {},
|
||||||
|
"swap": {},
|
||||||
|
+ "system_info": {},
|
||||||
|
"timezone": {},
|
||||||
|
"ubuntu_advantage": {},
|
||||||
|
"ubuntu_pro": {},
|
||||||
|
diff --git a/doc/examples/cloud-config-apt.txt b/doc/examples/cloud-config-apt.txt
|
||||||
|
index dd6a0f6a..04968035 100644
|
||||||
|
--- a/doc/examples/cloud-config-apt.txt
|
||||||
|
+++ b/doc/examples/cloud-config-apt.txt
|
||||||
|
@@ -8,29 +8,6 @@
|
||||||
|
# Number: Set pipelining to some number (not recommended)
|
||||||
|
apt_pipelining: False
|
||||||
|
|
||||||
|
-## apt config via system_info:
|
||||||
|
-# under the 'system_info', you can customize cloud-init's interaction
|
||||||
|
-# with apt.
|
||||||
|
-# system_info:
|
||||||
|
-# apt_get_command: [command, argument, argument]
|
||||||
|
-# apt_get_upgrade_subcommand: dist-upgrade
|
||||||
|
-#
|
||||||
|
-# apt_get_command:
|
||||||
|
-# To specify a different 'apt-get' command, set 'apt_get_command'.
|
||||||
|
-# This must be a list, and the subcommand (update, upgrade) is appended to it.
|
||||||
|
-# default is:
|
||||||
|
-# ['apt-get', '--option=Dpkg::Options::=--force-confold',
|
||||||
|
-# '--option=Dpkg::options::=--force-unsafe-io', '--assume-yes', '--quiet']
|
||||||
|
-#
|
||||||
|
-# apt_get_upgrade_subcommand: "dist-upgrade"
|
||||||
|
-# Specify a different subcommand for 'upgrade. The default is 'dist-upgrade'.
|
||||||
|
-# This is the subcommand that is invoked for package_upgrade.
|
||||||
|
-#
|
||||||
|
-# apt_get_wrapper:
|
||||||
|
-# command: eatmydata
|
||||||
|
-# enabled: [True, False, "auto"]
|
||||||
|
-#
|
||||||
|
-
|
||||||
|
# Install additional packages on first boot
|
||||||
|
#
|
||||||
|
# Default: none
|
||||||
|
diff --git a/doc/examples/cloud-config-user-groups.txt b/doc/examples/cloud-config-user-groups.txt
|
||||||
|
index 56eb674f..2cafef88 100644
|
||||||
|
--- a/doc/examples/cloud-config-user-groups.txt
|
||||||
|
+++ b/doc/examples/cloud-config-user-groups.txt
|
||||||
|
@@ -143,13 +143,5 @@ users:
|
||||||
|
#
|
||||||
|
# users[0] (the first user in users) overrides the user directive.
|
||||||
|
#
|
||||||
|
-# The 'default' user above references the distro's config:
|
||||||
|
-# system_info:
|
||||||
|
-# default_user:
|
||||||
|
-# name: Ubuntu
|
||||||
|
-# plain_text_passwd: 'ubuntu'
|
||||||
|
-# home: /home/ubuntu
|
||||||
|
-# shell: /bin/bash
|
||||||
|
-# lock_passwd: True
|
||||||
|
-# gecos: Ubuntu
|
||||||
|
-# groups: [adm, cdrom, dip, lxd, sudo]
|
||||||
|
+# The 'default' user above references the distro's config set in
|
||||||
|
+# /etc/cloud/cloud.cfg.
|
||||||
|
diff --git a/tests/data/user_data.1.txt b/tests/data/user_data.1.txt
|
||||||
|
index 4c4543de..a1b5aa60 100644
|
||||||
|
--- a/tests/data/user_data.1.txt
|
||||||
|
+++ b/tests/data/user_data.1.txt
|
||||||
|
@@ -3,13 +3,3 @@ write_files:
|
||||||
|
- content: blah
|
||||||
|
path: /etc/blah.ini
|
||||||
|
permissions: 493
|
||||||
|
-
|
||||||
|
-system_info:
|
||||||
|
- package_mirrors:
|
||||||
|
- - arches: [i386, amd64, blah]
|
||||||
|
- failsafe:
|
||||||
|
- primary: http://my.archive.mydomain.com/ubuntu
|
||||||
|
- security: http://my.security.mydomain.com/ubuntu
|
||||||
|
- search:
|
||||||
|
- primary: []
|
||||||
|
- security: []
|
||||||
|
diff --git a/tests/unittests/runs/test_merge_run.py b/tests/unittests/runs/test_merge_run.py
|
||||||
|
index 7b1559b9..e7f32d03 100644
|
||||||
|
--- a/tests/unittests/runs/test_merge_run.py
|
||||||
|
+++ b/tests/unittests/runs/test_merge_run.py
|
||||||
|
@@ -22,7 +22,21 @@ class TestMergeRun(helpers.FilesystemMockingTestCase):
|
||||||
|
cfg = {
|
||||||
|
"datasource_list": ["None"],
|
||||||
|
"cloud_init_modules": ["write_files"],
|
||||||
|
- "system_info": {"paths": {"run_dir": new_root}},
|
||||||
|
+ "system_info": {
|
||||||
|
+ "paths": {"run_dir": new_root},
|
||||||
|
+ "package_mirrors": [
|
||||||
|
+ {
|
||||||
|
+ "arches": ["i386", "amd64", "blah"],
|
||||||
|
+ "failsafe": {
|
||||||
|
+ "primary": "http://my.archive.mydomain.com/ubuntu",
|
||||||
|
+ "security": (
|
||||||
|
+ "http://my.security.mydomain.com/ubuntu"
|
||||||
|
+ ),
|
||||||
|
+ },
|
||||||
|
+ "search": {"primary": [], "security": []},
|
||||||
|
+ },
|
||||||
|
+ ],
|
||||||
|
+ },
|
||||||
|
}
|
||||||
|
ud = helpers.readResource("user_data.1.txt")
|
||||||
|
cloud_cfg = safeyaml.dumps(cfg)
|
||||||
|
diff --git a/tests/unittests/sources/test_vultr.py b/tests/unittests/sources/test_vultr.py
|
||||||
|
index 117fdab0..e5f1c39e 100644
|
||||||
|
--- a/tests/unittests/sources/test_vultr.py
|
||||||
|
+++ b/tests/unittests/sources/test_vultr.py
|
||||||
|
@@ -22,9 +22,6 @@ chpasswd:
|
||||||
|
expire: false
|
||||||
|
list:
|
||||||
|
- root:$6$SxXx...k2mJNIzZB5vMCDBlYT1
|
||||||
|
-system_info:
|
||||||
|
- default_user:
|
||||||
|
- name: root
|
||||||
|
"""
|
||||||
|
|
||||||
|
# Vultr metadata test data
|
||||||
|
--
|
||||||
|
2.39.3
|
||||||
|
|
417
ci-fix-schema-permit-deprecated-hyphenated-keys-under-u.patch
Normal file
417
ci-fix-schema-permit-deprecated-hyphenated-keys-under-u.patch
Normal file
@ -0,0 +1,417 @@
|
|||||||
|
From 2b7a984fc57443c7ea1f5cab0e9a85878ef1a847 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Chad Smith <chad.smith@canonical.com>
|
||||||
|
Date: Thu, 27 Jun 2024 18:12:31 -0600
|
||||||
|
Subject: [PATCH 3/3] fix(schema): permit deprecated hyphenated keys under
|
||||||
|
users key (#5456)
|
||||||
|
|
||||||
|
RH-Author: Ani Sinha <anisinha@redhat.com>
|
||||||
|
RH-MergeRequest: 94: Deprecate the users ssh-authorized-keys property (#5162)
|
||||||
|
RH-Jira: RHEL-45263
|
||||||
|
RH-Acked-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
|
||||||
|
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||||
|
RH-Commit: [3/3] 88c8502922e2f85f5ce04d170fdd6b7596117a1f (anisinha/cloud-init)
|
||||||
|
|
||||||
|
Both hyphenated and underscore delimited key names are permitted
|
||||||
|
by cloudinit/distros/ug_util.py#L114 due to magic replacement
|
||||||
|
of key names.
|
||||||
|
|
||||||
|
Since this is still valid json schema, add the necessary hyphenated
|
||||||
|
aliases for all users/groups keys. Because the goal in the future is
|
||||||
|
to only support one config key for a given configuraion option, add
|
||||||
|
deprecated keys to those schema definitions.
|
||||||
|
|
||||||
|
Also drop the description key from the deprecates lock-passwd schema
|
||||||
|
key.
|
||||||
|
|
||||||
|
Any deprecated schema key which provides a suggested replacement should
|
||||||
|
not provide duplicated key descriptions as the preferred replacement
|
||||||
|
will provided the necessary context.
|
||||||
|
|
||||||
|
Fixes GH-5454
|
||||||
|
|
||||||
|
Conflicts:
|
||||||
|
tests/unittests/config/test_schema.py
|
||||||
|
- due to absence of change 7f98af900f ("test: Add unit tests for features.DEPRECATION_INFO_BOUNDARY")
|
||||||
|
which in turn depends on change e80514b56139 ("feat: Add deprecation boundary to logger (#5411)")
|
||||||
|
|
||||||
|
(cherry picked from commit b3618d44a37ae6345f0c3d935b77ae0ae9dd1c92)
|
||||||
|
---
|
||||||
|
.../schemas/schema-cloud-config-v1.json | 103 +++++++++++++-----
|
||||||
|
tests/unittests/config/test_cc_grub_dpkg.py | 4 +-
|
||||||
|
.../test_cc_package_update_upgrade_install.py | 11 +-
|
||||||
|
.../unittests/config/test_cc_users_groups.py | 33 +++---
|
||||||
|
tests/unittests/config/test_schema.py | 15 ++-
|
||||||
|
5 files changed, 108 insertions(+), 58 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/cloudinit/config/schemas/schema-cloud-config-v1.json b/cloudinit/config/schemas/schema-cloud-config-v1.json
|
||||||
|
index 23573583..3cf7aaf8 100644
|
||||||
|
--- a/cloudinit/config/schemas/schema-cloud-config-v1.json
|
||||||
|
+++ b/cloudinit/config/schemas/schema-cloud-config-v1.json
|
||||||
|
@@ -267,9 +267,9 @@
|
||||||
|
"patternProperties": {
|
||||||
|
"^.+$": {
|
||||||
|
"label": "<group_name>",
|
||||||
|
- "description": "When providing an object for users.groups the ``<group_name>`` keys are the groups to add this user to",
|
||||||
|
"deprecated": true,
|
||||||
|
"deprecated_version": "23.1",
|
||||||
|
+ "deprecated_description": "The use of ``object`` type is deprecated. Use ``string`` or ``array`` of ``string`` instead.",
|
||||||
|
"type": [
|
||||||
|
"null"
|
||||||
|
],
|
||||||
|
@@ -292,9 +292,7 @@
|
||||||
|
"type": "string"
|
||||||
|
},
|
||||||
|
"lock-passwd": {
|
||||||
|
- "default": true,
|
||||||
|
"type": "boolean",
|
||||||
|
- "description": "Default: ``true``",
|
||||||
|
"deprecated": true,
|
||||||
|
"deprecated_version": "22.3",
|
||||||
|
"deprecated_description": "Use ``lock_passwd`` instead."
|
||||||
|
@@ -304,16 +302,34 @@
|
||||||
|
"description": "Disable password login. Default: ``true``",
|
||||||
|
"type": "boolean"
|
||||||
|
},
|
||||||
|
+ "no-create-home": {
|
||||||
|
+ "type": "boolean",
|
||||||
|
+ "deprecated": true,
|
||||||
|
+ "deprecated_version": "24.2",
|
||||||
|
+ "deprecated_description": "Use ``no_create_home`` instead."
|
||||||
|
+ },
|
||||||
|
"no_create_home": {
|
||||||
|
"default": false,
|
||||||
|
"description": "Do not create home directory. Default: ``false``",
|
||||||
|
"type": "boolean"
|
||||||
|
},
|
||||||
|
+ "no-log-init": {
|
||||||
|
+ "type": "boolean",
|
||||||
|
+ "deprecated": true,
|
||||||
|
+ "deprecated_version": "24.2",
|
||||||
|
+ "deprecated_description": "Use ``no_log_init`` instead."
|
||||||
|
+ },
|
||||||
|
"no_log_init": {
|
||||||
|
"default": false,
|
||||||
|
"description": "Do not initialize lastlog and faillog for user. Default: ``false``",
|
||||||
|
"type": "boolean"
|
||||||
|
},
|
||||||
|
+ "no-user-group": {
|
||||||
|
+ "type": "boolean",
|
||||||
|
+ "deprecated": true,
|
||||||
|
+ "deprecated_version": "24.2",
|
||||||
|
+ "deprecated_description": "Use ``no_user_group`` instead."
|
||||||
|
+ },
|
||||||
|
"no_user_group": {
|
||||||
|
"default": false,
|
||||||
|
"description": "Do not create group named after user. Default: ``false``",
|
||||||
|
@@ -323,24 +339,54 @@
|
||||||
|
"description": "Hash of user password applied when user does not exist. This will NOT be applied if the user already exists. To generate this hash, run: ``mkpasswd --method=SHA-512 --rounds=500000`` **Note:** Your password might possibly be visible to unprivileged users on your system, depending on your cloud's security model. Check if your cloud's IMDS server is visible from an unprivileged user to evaluate risk.",
|
||||||
|
"type": "string"
|
||||||
|
},
|
||||||
|
+ "hashed-passwd": {
|
||||||
|
+ "type": "string",
|
||||||
|
+ "deprecated": true,
|
||||||
|
+ "deprecated_version": "24.2",
|
||||||
|
+ "deprecated_description": "Use ``hashed_passwd`` instead."
|
||||||
|
+ },
|
||||||
|
"hashed_passwd": {
|
||||||
|
"description": "Hash of user password to be applied. This will be applied even if the user is preexisting. To generate this hash, run: ``mkpasswd --method=SHA-512 --rounds=500000``. **Note:** Your password might possibly be visible to unprivileged users on your system, depending on your cloud's security model. Check if your cloud's IMDS server is visible from an unprivileged user to evaluate risk.",
|
||||||
|
"type": "string"
|
||||||
|
},
|
||||||
|
+ "plain-text-passwd": {
|
||||||
|
+ "type": "string",
|
||||||
|
+ "deprecated": true,
|
||||||
|
+ "deprecated_version": "24.2",
|
||||||
|
+ "deprecated_description": "Use ``plain_text_passwd`` instead."
|
||||||
|
+ },
|
||||||
|
"plain_text_passwd": {
|
||||||
|
"description": "Clear text of user password to be applied. This will be applied even if the user is preexisting. **Note:** SSH keys or certificates are a safer choice for logging in to your system. For local escalation, supplying a hashed password is a safer choice than plain text. Your password might possibly be visible to unprivileged users on your system, depending on your cloud's security model. An exposed plain text password is an immediate security concern. Check if your cloud's IMDS server is visible from an unprivileged user to evaluate risk.",
|
||||||
|
"type": "string"
|
||||||
|
},
|
||||||
|
+ "create-groups": {
|
||||||
|
+ "type": "boolean",
|
||||||
|
+ "deprecated": true,
|
||||||
|
+ "deprecated_version": "24.2",
|
||||||
|
+ "deprecated_description": "Use ``create_groups`` instead."
|
||||||
|
+ },
|
||||||
|
"create_groups": {
|
||||||
|
"default": true,
|
||||||
|
"description": "Boolean set ``false`` to disable creation of specified user ``groups``. Default: ``true``.",
|
||||||
|
"type": "boolean"
|
||||||
|
},
|
||||||
|
+ "primary-group": {
|
||||||
|
+ "type": "string",
|
||||||
|
+ "deprecated": true,
|
||||||
|
+ "deprecated_version": "24.2",
|
||||||
|
+ "deprecated_description": "Use ``primary_group`` instead."
|
||||||
|
+ },
|
||||||
|
"primary_group": {
|
||||||
|
"default": "``<username>``",
|
||||||
|
"description": "Primary group for user. Default: ``<username>``",
|
||||||
|
"type": "string"
|
||||||
|
},
|
||||||
|
+ "selinux-user": {
|
||||||
|
+ "type": "string",
|
||||||
|
+ "deprecated": true,
|
||||||
|
+ "deprecated_version": "24.2",
|
||||||
|
+ "deprecated_description": "Use ``selinux_user`` instead."
|
||||||
|
+ },
|
||||||
|
"selinux_user": {
|
||||||
|
"description": "SELinux user for user's login. Default: the default SELinux user.",
|
||||||
|
"type": "string"
|
||||||
|
@@ -362,20 +408,24 @@
|
||||||
|
"minItems": 1
|
||||||
|
},
|
||||||
|
"ssh-authorized-keys": {
|
||||||
|
- "allOf": [
|
||||||
|
- {
|
||||||
|
- "type": "array",
|
||||||
|
- "items": {
|
||||||
|
- "type": "string"
|
||||||
|
- },
|
||||||
|
- "minItems": 1
|
||||||
|
- },
|
||||||
|
- {
|
||||||
|
- "deprecated": true,
|
||||||
|
- "deprecated_version": "18.3",
|
||||||
|
- "deprecated_description": "Use ``ssh_authorized_keys`` instead."
|
||||||
|
- }
|
||||||
|
- ]
|
||||||
|
+ "type": "array",
|
||||||
|
+ "items": {
|
||||||
|
+ "type": "string"
|
||||||
|
+ },
|
||||||
|
+ "minItems": 1,
|
||||||
|
+ "deprecated": true,
|
||||||
|
+ "deprecated_version": "18.3",
|
||||||
|
+ "deprecated_description": "Use ``ssh_authorized_keys`` instead."
|
||||||
|
+ },
|
||||||
|
+ "ssh-import-id": {
|
||||||
|
+ "type": "array",
|
||||||
|
+ "items": {
|
||||||
|
+ "type": "string"
|
||||||
|
+ },
|
||||||
|
+ "minItems": 1,
|
||||||
|
+ "deprecated": true,
|
||||||
|
+ "deprecated_version": "24.2",
|
||||||
|
+ "deprecated_description": "Use ``ssh_import_id`` instead."
|
||||||
|
},
|
||||||
|
"ssh_import_id": {
|
||||||
|
"description": "List of ssh ids to import for user. Can not be combined with ``ssh_redirect_user``. See the man page[1] for more details. [1] https://manpages.ubuntu.com/manpages/noble/en/man1/ssh-import-id.1.html",
|
||||||
|
@@ -385,6 +435,12 @@
|
||||||
|
},
|
||||||
|
"minItems": 1
|
||||||
|
},
|
||||||
|
+ "ssh-redirect-user": {
|
||||||
|
+ "type": "boolean",
|
||||||
|
+ "deprecated": true,
|
||||||
|
+ "deprecated_version": "24.2",
|
||||||
|
+ "deprecated_description": "Use ``ssh_redirect_user`` instead."
|
||||||
|
+ },
|
||||||
|
"ssh_redirect_user": {
|
||||||
|
"type": "boolean",
|
||||||
|
"default": false,
|
||||||
|
@@ -487,7 +543,6 @@
|
||||||
|
"properties": {
|
||||||
|
"remove-defaults": {
|
||||||
|
"type": "boolean",
|
||||||
|
- "default": false,
|
||||||
|
"deprecated": true,
|
||||||
|
"deprecated_version": "22.3",
|
||||||
|
"deprecated_description": "Use ``remove_defaults`` instead."
|
||||||
|
@@ -605,9 +660,9 @@
|
||||||
|
},
|
||||||
|
"system_info": {
|
||||||
|
"type": "object",
|
||||||
|
- "description": "System and/or distro specific settings. This is not intended to be overridden by user data or vendor data.",
|
||||||
|
"deprecated": true,
|
||||||
|
- "deprecated_version": "24.2"
|
||||||
|
+ "deprecated_version": "24.2",
|
||||||
|
+ "deprecated_description": "System and/or distro specific settings. This is not intended to be overridden by user data or vendor data."
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
@@ -1572,7 +1627,6 @@
|
||||||
|
},
|
||||||
|
"grub-dpkg": {
|
||||||
|
"type": "object",
|
||||||
|
- "description": "An alias for ``grub_dpkg``",
|
||||||
|
"deprecated": true,
|
||||||
|
"deprecated_version": "22.2",
|
||||||
|
"deprecated_description": "Use ``grub_dpkg`` instead."
|
||||||
|
@@ -2159,24 +2213,18 @@
|
||||||
|
},
|
||||||
|
"apt_update": {
|
||||||
|
"type": "boolean",
|
||||||
|
- "default": false,
|
||||||
|
- "description": "Default: ``false``.",
|
||||||
|
"deprecated": true,
|
||||||
|
"deprecated_version": "22.2",
|
||||||
|
"deprecated_description": "Use ``package_update`` instead."
|
||||||
|
},
|
||||||
|
"apt_upgrade": {
|
||||||
|
"type": "boolean",
|
||||||
|
- "default": false,
|
||||||
|
- "description": "Default: ``false``.",
|
||||||
|
"deprecated": true,
|
||||||
|
"deprecated_version": "22.2",
|
||||||
|
"deprecated_description": "Use ``package_upgrade`` instead."
|
||||||
|
},
|
||||||
|
"apt_reboot_if_required": {
|
||||||
|
"type": "boolean",
|
||||||
|
- "default": false,
|
||||||
|
- "description": "Default: ``false``.",
|
||||||
|
"deprecated": true,
|
||||||
|
"deprecated_version": "22.2",
|
||||||
|
"deprecated_description": "Use ``package_reboot_if_required`` instead."
|
||||||
|
@@ -2874,7 +2922,6 @@
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"minItems": 1,
|
||||||
|
- "description": "List of ``username:password`` pairs. Each user will have the corresponding password set. A password can be randomly generated by specifying ``RANDOM`` or ``R`` as a user's password. A hashed password, created by a tool like ``mkpasswd``, can be specified. A regex (``r'\\$(1|2a|2y|5|6)(\\$.+){2}'``) is used to determine if a password value should be treated as a hash.",
|
||||||
|
"deprecated": true,
|
||||||
|
"deprecated_version": "22.2",
|
||||||
|
"deprecated_description": "Use ``users`` instead."
|
||||||
|
diff --git a/tests/unittests/config/test_cc_grub_dpkg.py b/tests/unittests/config/test_cc_grub_dpkg.py
|
||||||
|
index b4bd48df..36ef7fd9 100644
|
||||||
|
--- a/tests/unittests/config/test_cc_grub_dpkg.py
|
||||||
|
+++ b/tests/unittests/config/test_cc_grub_dpkg.py
|
||||||
|
@@ -300,8 +300,8 @@ class TestGrubDpkgSchema:
|
||||||
|
pytest.raises(
|
||||||
|
SchemaValidationError,
|
||||||
|
match=(
|
||||||
|
- "Cloud config schema deprecations: grub-dpkg: An alias"
|
||||||
|
- " for ``grub_dpkg`` Deprecated in version 22.2. Use "
|
||||||
|
+ "Cloud config schema deprecations: grub-dpkg:"
|
||||||
|
+ " Deprecated in version 22.2. Use "
|
||||||
|
"``grub_dpkg`` instead."
|
||||||
|
),
|
||||||
|
),
|
||||||
|
diff --git a/tests/unittests/config/test_cc_package_update_upgrade_install.py b/tests/unittests/config/test_cc_package_update_upgrade_install.py
|
||||||
|
index 08db05a0..ad3651ad 100644
|
||||||
|
--- a/tests/unittests/config/test_cc_package_update_upgrade_install.py
|
||||||
|
+++ b/tests/unittests/config/test_cc_package_update_upgrade_install.py
|
||||||
|
@@ -300,16 +300,16 @@ class TestPackageUpdateUpgradeSchema:
|
||||||
|
(
|
||||||
|
{"apt_update": False},
|
||||||
|
(
|
||||||
|
- "Cloud config schema deprecations: apt_update: "
|
||||||
|
- "Default: ``false``. Deprecated in version 22.2. "
|
||||||
|
+ "Cloud config schema deprecations: apt_update: "
|
||||||
|
+ "Deprecated in version 22.2. "
|
||||||
|
"Use ``package_update`` instead."
|
||||||
|
),
|
||||||
|
),
|
||||||
|
(
|
||||||
|
{"apt_upgrade": False},
|
||||||
|
(
|
||||||
|
- "Cloud config schema deprecations: apt_upgrade: "
|
||||||
|
- "Default: ``false``. Deprecated in version 22.2. "
|
||||||
|
+ "Cloud config schema deprecations: apt_upgrade: "
|
||||||
|
+ "Deprecated in version 22.2. "
|
||||||
|
"Use ``package_upgrade`` instead."
|
||||||
|
),
|
||||||
|
),
|
||||||
|
@@ -317,8 +317,7 @@ class TestPackageUpdateUpgradeSchema:
|
||||||
|
{"apt_reboot_if_required": False},
|
||||||
|
(
|
||||||
|
"Cloud config schema deprecations: "
|
||||||
|
- "apt_reboot_if_required: Default: ``false``. "
|
||||||
|
- "Deprecated in version 22.2. Use "
|
||||||
|
+ "apt_reboot_if_required: Deprecated in version 22.2. Use "
|
||||||
|
"``package_reboot_if_required`` instead."
|
||||||
|
),
|
||||||
|
),
|
||||||
|
diff --git a/tests/unittests/config/test_cc_users_groups.py b/tests/unittests/config/test_cc_users_groups.py
|
||||||
|
index 53e231e1..4ca67f77 100644
|
||||||
|
--- a/tests/unittests/config/test_cc_users_groups.py
|
||||||
|
+++ b/tests/unittests/config/test_cc_users_groups.py
|
||||||
|
@@ -371,9 +371,20 @@ class TestUsersGroupsSchema:
|
||||||
|
SchemaValidationError,
|
||||||
|
match=(
|
||||||
|
"Cloud config schema deprecations: "
|
||||||
|
- "users.0.lock-passwd: Default: ``true`` "
|
||||||
|
- "Deprecated in version 22.3. Use "
|
||||||
|
- "``lock_passwd`` instead."
|
||||||
|
+ "users.0.lock-passwd: Deprecated in version 22.3."
|
||||||
|
+ " Use ``lock_passwd`` instead."
|
||||||
|
+ ),
|
||||||
|
+ ),
|
||||||
|
+ False,
|
||||||
|
+ ),
|
||||||
|
+ (
|
||||||
|
+ {"users": [{"name": "bbsw", "no-create-home": True}]},
|
||||||
|
+ pytest.raises(
|
||||||
|
+ SchemaValidationError,
|
||||||
|
+ match=(
|
||||||
|
+ "Cloud config schema deprecations: "
|
||||||
|
+ "users.0.no-create-home: Deprecated in version 24.2."
|
||||||
|
+ " Use ``no_create_home`` instead."
|
||||||
|
),
|
||||||
|
),
|
||||||
|
False,
|
||||||
|
@@ -394,13 +405,10 @@ class TestUsersGroupsSchema:
|
||||||
|
SchemaValidationError,
|
||||||
|
match=(
|
||||||
|
"Cloud config schema deprecations: "
|
||||||
|
- "users.0.groups.adm: When providing an object "
|
||||||
|
- "for users.groups the ``<group_name>`` keys "
|
||||||
|
- "are the groups to add this user to Deprecated"
|
||||||
|
- " in version 23.1., users.0.groups.sudo: When "
|
||||||
|
- "providing an object for users.groups the "
|
||||||
|
- "``<group_name>`` keys are the groups to add "
|
||||||
|
- "this user to Deprecated in version 23.1."
|
||||||
|
+ "users.0.groups.adm: Deprecated in version 23.1. "
|
||||||
|
+ "The use of ``object`` type is deprecated. Use "
|
||||||
|
+ "``string`` or ``array`` of ``string`` instead., "
|
||||||
|
+ "users.0.groups.sudo: Deprecated in version 23.1."
|
||||||
|
),
|
||||||
|
),
|
||||||
|
False,
|
||||||
|
@@ -456,10 +464,7 @@ class TestUsersGroupsSchema:
|
||||||
|
SchemaValidationError,
|
||||||
|
match=(
|
||||||
|
"Cloud config schema deprecations: "
|
||||||
|
- "user.groups.sbuild: When providing an object "
|
||||||
|
- "for users.groups the ``<group_name>`` keys "
|
||||||
|
- "are the groups to add this user to Deprecated"
|
||||||
|
- " in version 23.1."
|
||||||
|
+ "user.groups.sbuild: Deprecated in version 23.1."
|
||||||
|
),
|
||||||
|
),
|
||||||
|
False,
|
||||||
|
diff --git a/tests/unittests/config/test_schema.py b/tests/unittests/config/test_schema.py
|
||||||
|
index ce55534b..d175083b 100644
|
||||||
|
--- a/tests/unittests/config/test_schema.py
|
||||||
|
+++ b/tests/unittests/config/test_schema.py
|
||||||
|
@@ -2542,9 +2542,9 @@ class TestHandleSchemaArgs:
|
||||||
|
apt_reboot_if_required: true # D3
|
||||||
|
|
||||||
|
# Deprecations: -------------
|
||||||
|
- # D1: Default: ``false``. Deprecated in version 22.2. Use ``package_update`` instead.
|
||||||
|
- # D2: Default: ``false``. Deprecated in version 22.2. Use ``package_upgrade`` instead.
|
||||||
|
- # D3: Default: ``false``. Deprecated in version 22.2. Use ``package_reboot_if_required`` instead.
|
||||||
|
+ # D1: Deprecated in version 22.2. Use ``package_update`` instead.
|
||||||
|
+ # D2: Deprecated in version 22.2. Use ``package_upgrade`` instead.
|
||||||
|
+ # D3: Deprecated in version 22.2. Use ``package_reboot_if_required`` instead.
|
||||||
|
|
||||||
|
Valid schema {cfg_file}
|
||||||
|
""" # noqa: E501
|
||||||
|
@@ -2555,11 +2555,10 @@ class TestHandleSchemaArgs:
|
||||||
|
dedent(
|
||||||
|
"""\
|
||||||
|
Cloud config schema deprecations: \
|
||||||
|
-apt_reboot_if_required: Default: ``false``. Deprecated in version 22.2.\
|
||||||
|
- Use ``package_reboot_if_required`` instead., apt_update: Default: \
|
||||||
|
-``false``. Deprecated in version 22.2. Use ``package_update`` instead.,\
|
||||||
|
- apt_upgrade: Default: ``false``. Deprecated in version 22.2. Use \
|
||||||
|
-``package_upgrade`` instead.\
|
||||||
|
+apt_reboot_if_required: Deprecated in version 22.2. Use\
|
||||||
|
+ ``package_reboot_if_required`` instead., apt_update: Deprecated in version\
|
||||||
|
+ 22.2. Use ``package_update`` instead., apt_upgrade: Deprecated in version\
|
||||||
|
+ 22.2. Use ``package_upgrade`` instead.\
|
||||||
|
Valid schema {cfg_file}
|
||||||
|
""" # noqa: E501
|
||||||
|
),
|
||||||
|
--
|
||||||
|
2.39.3
|
||||||
|
|
@ -6,7 +6,7 @@
|
|||||||
|
|
||||||
Name: cloud-init
|
Name: cloud-init
|
||||||
Version: 24.1.4
|
Version: 24.1.4
|
||||||
Release: 10%{?dist}
|
Release: 11%{?dist}
|
||||||
Summary: Cloud instance init scripts
|
Summary: Cloud instance init scripts
|
||||||
License: Apache-2.0 OR GPL-3.0-only
|
License: Apache-2.0 OR GPL-3.0-only
|
||||||
URL: https://github.com/canonical/cloud-init
|
URL: https://github.com/canonical/cloud-init
|
||||||
@ -33,6 +33,12 @@ Patch11: ci-fix-jsonschema-Add-missing-sudo-definition-5418.patch
|
|||||||
Patch12: ci-doc-update-examples-to-reflect-alternative-ways-to-p.patch
|
Patch12: ci-doc-update-examples-to-reflect-alternative-ways-to-p.patch
|
||||||
# For RHEL-44599 - [rhel-10] fix pylint error and support python 3.12
|
# For RHEL-44599 - [rhel-10] fix pylint error and support python 3.12
|
||||||
Patch13: ci-Update-pylint-version-to-support-python-3.12-5338.patch
|
Patch13: ci-Update-pylint-version-to-support-python-3.12-5338.patch
|
||||||
|
# For RHEL-45263 - Deprecate the users ssh-authorized-keys property and permit deprecated hyphenated keys under users key [rhel-10]
|
||||||
|
Patch14: ci-Deprecate-the-users-ssh-authorized-keys-property-516.patch
|
||||||
|
# For RHEL-45263 - Deprecate the users ssh-authorized-keys property and permit deprecated hyphenated keys under users key [rhel-10]
|
||||||
|
Patch15: ci-docs-Add-deprecated-system_info-to-schema-5168.patch
|
||||||
|
# For RHEL-45263 - Deprecate the users ssh-authorized-keys property and permit deprecated hyphenated keys under users key [rhel-10]
|
||||||
|
Patch16: ci-fix-schema-permit-deprecated-hyphenated-keys-under-u.patch
|
||||||
|
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
|
|
||||||
@ -244,6 +250,13 @@ fi
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jul 01 2024 Miroslav Rezanina <mrezanin@redhat.com> - 24.1.4-11
|
||||||
|
- ci-Deprecate-the-users-ssh-authorized-keys-property-516.patch [RHEL-45263]
|
||||||
|
- ci-docs-Add-deprecated-system_info-to-schema-5168.patch [RHEL-45263]
|
||||||
|
- ci-fix-schema-permit-deprecated-hyphenated-keys-under-u.patch [RHEL-45263]
|
||||||
|
- Resolves: RHEL-45263
|
||||||
|
(Deprecate the users ssh-authorized-keys property and permit deprecated hyphenated keys under users key [rhel-10])
|
||||||
|
|
||||||
* Wed Jun 26 2024 Miroslav Rezanina <mrezanin@redhat.com> - 24.1.4-10
|
* Wed Jun 26 2024 Miroslav Rezanina <mrezanin@redhat.com> - 24.1.4-10
|
||||||
- ci-feat-sysconfig-Add-DNS-from-interface-config-to-reso.patch [RHEL-44334]
|
- ci-feat-sysconfig-Add-DNS-from-interface-config-to-reso.patch [RHEL-44334]
|
||||||
- ci-fix-jsonschema-Add-missing-sudo-definition-5418.patch [RHEL-44338]
|
- ci-fix-jsonschema-Add-missing-sudo-definition-5418.patch [RHEL-44338]
|
||||||
|
Loading…
Reference in New Issue
Block a user