Merge pull request #415 from kikisdeliveryservice/remove-unnecessary-…

…user-check

mcd: remove unnecessary checks and simplify updateSSHKeys

pkg/daemon/update.go

@@ -31,6 +31,10 @@ const (
 	defaultDirectoryPermissions os.FileMode = 0755
 	// defaultFilePermissions houses the default mode to use when no file permissions are provided
 	defaultFilePermissions os.FileMode = 0644
+	// coreUser is "core" and currently the only permissible user name
+	coreUserName = "core"
+	// SSH Keys for user "core" will only be written at /home/core/.ssh
+	coreUserSSHPath = "/home/core/.ssh"
 )
 
 // Someone please tell me this actually lives in the stdlib somewhere
@@ -212,7 +216,7 @@ func (dn *Daemon) reconcilable(oldConfig, newConfig *mcfgv1.MachineConfig) error
 				// there is an update to Users, we must verify that it is ONLY making an acceptable
 				// change to the SSHAuthorizedKeys for the user "core"
 				for _, user := range newIgn.Passwd.Users {
-					if user.Name != "core" {
+					if user.Name != coreUserName {
 						return errors.New("Ignition passwd user section contains unsupported changes: non-core user")
 					}
 				}
@@ -269,7 +273,7 @@ func (dn *Daemon) reconcilable(oldConfig, newConfig *mcfgv1.MachineConfig) error
 func verifyUserFields(pwdUser ignv2_2types.PasswdUser) error {
 	emptyUser := ignv2_2types.PasswdUser{}
 	tempUser := pwdUser
-	if tempUser.Name == "core" && len(tempUser.SSHAuthorizedKeys) >= 1 {
+	if tempUser.Name == coreUserName && len(tempUser.SSHAuthorizedKeys) >= 1 {
 		tempUser.Name = ""
 		tempUser.SSHAuthorizedKeys = nil
 		if !reflect.DeepEqual(emptyUser, tempUser) {
@@ -603,19 +607,14 @@ func (dn *Daemon) updateSSHKeys(newUsers []ignv2_2types.PasswdUser) error {
 
 	// Keys should only be written to "/home/core/.ssh"
 	// Once Users are supported fully this should be writing to PasswdUser.HomeDir
-	if newUsers[0].Name != "core" {
-		// Double checking that we are only writing SSH Keys for user "core"
-		return fmt.Errorf("Expecting user core. Got %s instead", newUsers[0].Name)
-	}
-	sshDirPath := filepath.Join("/home", newUsers[0].Name, ".ssh")
-	// we are only dealing with the "core" User at this time, so only dealing with the first entry in Users[]
-	glog.Infof("Writing SSHKeys at %q", sshDirPath)
-	if err := dn.fileSystemClient.MkdirAll(filepath.Dir(sshDirPath), os.FileMode(0600)); err != nil {
-		return fmt.Errorf("Failed to create directory %q: %v", filepath.Dir(sshDirPath), err)
+	glog.Infof("Writing SSHKeys at %q", coreUserSSHPath)
+
+	if err := dn.fileSystemClient.MkdirAll(filepath.Dir(coreUserSSHPath), os.FileMode(0600)); err != nil {
+		return fmt.Errorf("Failed to create directory %q: %v", filepath.Dir(coreUserSSHPath), err)
 	}
-	glog.V(2).Infof("Created directory: %s", sshDirPath)
+	glog.V(2).Infof("Created directory: %s", coreUserSSHPath)
 
-	authkeypath := filepath.Join(sshDirPath, "authorized_keys")
+	authkeypath := filepath.Join(coreUserSSHPath, "authorized_keys")
 	var concatSSHKeys string
 	for _, k := range newUsers[len(newUsers)-1].SSHAuthorizedKeys {
 		concatSSHKeys = concatSSHKeys + string(k) + "\n"
@@ -625,7 +624,7 @@ func (dn *Daemon) updateSSHKeys(newUsers []ignv2_2types.PasswdUser) error {
 		return fmt.Errorf("Failed to write ssh key: %v", err)
 	}
 
-	glog.V(2).Infof("Wrote SSHKeys at %s", sshDirPath)
+	glog.V(2).Infof("Wrote SSHKeys at %s", coreUserSSHPath)
 
 	return nil
 }

pkg/daemon/update_test.go

@@ -309,12 +309,6 @@ func TestUpdateSSHKeys(t *testing.T) {
 		t.Errorf("Expected no error. Got %s.", err)
 
 	}
-	// Until users are supported should not be writing keys for any user not named "core"
-	newMcfg.Spec.Config.Passwd.Users[0].Name = "not_core"
-	err = d.updateSSHKeys(newMcfg.Spec.Config.Passwd.Users)
-	if err == nil {
-		t.Errorf("Expected error, user is not core")
-	}
 
 	// if Users is empty, nothing should happen and no error should ever be generated
 	newMcfg2 := &mcfgv1.MachineConfig{}