Bug 1019980 - SSH keys are not added or removed to applications in a domain on membership change
Summary: SSH keys are not added or removed to applications in a domain on membership c...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: OpenShift Online
Classification: Red Hat
Component: oc
Version: 2.x
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: ---
Assignee: Clayton Coleman
QA Contact: libra bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-10-16 17:49 UTC by Clayton Coleman
Modified: 2015-05-15 02:25 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-10-17 13:36:03 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Clayton Coleman 2013-10-16 17:49:29 UTC 
Adding users to a domain does not correctly propagate their keys to the applications in a domain.  Removing a user does not remove their keys from their domain.

Reproduce scenario
1) On two separate linux user sessions, run rhc setup with two separate sets of SSH keys
2) Create a domain and application as user 1
3) Add user 2 to the domain as an editor or admin
4) Attempt to ssh to the application as user 2 - permission denied
5) Remove user 2 from the domain
6) Remove job does not execute a parallel key distribute, thus keys would not be removed

Needs to go to stage.
Comment 1 Clayton Coleman 2013-10-16 18:56:13 UTC 
Fixed for stage in https://github.com/openshift/origin-server/pull/3908, fixed for master in https://github.com/openshift/origin-server/pull/39
Comment 2 openshift-github-bot 2013-10-16 21:07:10 UTC 
Commit pushed to master at https://github.com/openshift/rhc

https://github.com/openshift/rhc/commit/9ceeafee17c9383bceb26ad0bfe2c654510046e8
Bug 1019980 - Add test cases for SSH access across multiple users
Comment 3 openshift-github-bot 2013-10-16 21:07:11 UTC 
Commit pushed to master at https://github.com/openshift/origin-server

https://github.com/openshift/origin-server/commit/494907d78b23c34f3029ba912e8dac160e59c5c6
Bug 1019980 - SSH keys not distributed on membership changes
Comment 5 Wei Sun 2013-10-17 07:31:24 UTC 
Verified on devenv_3907,rhc build from devenv_3907.

Step:
1.On two separate linux user sessions, run rhc setup with two separate sets of SSH keys
2.Create a domain and application as user 1(wsun)
3.Add user 2(wsun+1) to the domain as an editor
4.Check if user2(wsun+1)'s key is added in  $app/.ssh/authorized_keys
5.Attempt to ssh to the application as user 2(wsun+1)
6.Remove user 2 from the domain
7.Attempt to ssh to the application as user2(wsun+1)
8.Check if user2(wsun+1)'s key is removed in  $app/.ssh/authorized_keys

Result:
4.User2's key is added in  $app/.ssh/authorized_keys

5.Could ssh to app as user 2(wsun+1)
[wsun@dhcp-8-229 ~]$ rhc ssh r8s -n wsunjbt3907 -l wsun+1 -p x
Connecting to 525f7e24c9083ac6970000af.rhcloud.com ...

 
    Welcome to OpenShift shell

    This shell will assist you in managing OpenShift applications.

    !!! IMPORTANT !!! IMPORTANT !!! IMPORTANT !!!
    Shell access is quite powerful and it is possible for you to
    accidentally damage your application.  Proceed with care!
    If worse comes to worst, destroy your application with "rhc app delete"
    and recreate it
    !!! IMPORTANT !!! IMPORTANT !!! IMPORTANT !!!

    Type "help" for more info.

7.Could not ssh to app as user2(wsun+1)
[wsun@dhcp-8-229 ~]$ rhc ssh r8s -n wsunjbt3907 -l wsun+1 -p x
Domain 'wsunjbt3907' not found.

8.User2's key is removed from  $app/.ssh/authorized_keys
Note You need to log in before you can comment on or make changes to this bug.