Bug 1019980 - SSH keys are not added or removed to applications in a domain on membership change
SSH keys are not added or removed to applications in a domain on membership c...
Status: CLOSED CURRENTRELEASE
Product: OpenShift Online
Classification: Red Hat
Component: Command Line Interface (Show other bugs)
2.x
Unspecified Unspecified
unspecified Severity high
: ---
: ---
Assigned To: Clayton Coleman
libra bugs
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-16 13:49 EDT by Clayton Coleman
Modified: 2015-05-14 22:25 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-10-17 09:36:03 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Clayton Coleman 2013-10-16 13:49:29 EDT
Adding users to a domain does not correctly propagate their keys to the applications in a domain.  Removing a user does not remove their keys from their domain.

Reproduce scenario
1) On two separate linux user sessions, run rhc setup with two separate sets of SSH keys
2) Create a domain and application as user 1
3) Add user 2 to the domain as an editor or admin
4) Attempt to ssh to the application as user 2 - permission denied
5) Remove user 2 from the domain
6) Remove job does not execute a parallel key distribute, thus keys would not be removed

Needs to go to stage.
Comment 1 Clayton Coleman 2013-10-16 14:56:13 EDT
Fixed for stage in https://github.com/openshift/origin-server/pull/3908, fixed for master in https://github.com/openshift/origin-server/pull/39
Comment 2 openshift-github-bot 2013-10-16 17:07:10 EDT
Commit pushed to master at https://github.com/openshift/rhc

https://github.com/openshift/rhc/commit/9ceeafee17c9383bceb26ad0bfe2c654510046e8
Bug 1019980 - Add test cases for SSH access across multiple users
Comment 3 openshift-github-bot 2013-10-16 17:07:11 EDT
Commit pushed to master at https://github.com/openshift/origin-server

https://github.com/openshift/origin-server/commit/494907d78b23c34f3029ba912e8dac160e59c5c6
Bug 1019980 - SSH keys not distributed on membership changes
Comment 5 Wei Sun 2013-10-17 03:31:24 EDT
Verified on devenv_3907,rhc build from devenv_3907.

Step:
1.On two separate linux user sessions, run rhc setup with two separate sets of SSH keys
2.Create a domain and application as user 1(wsun@redhat.com)
3.Add user 2(wsun+1@redhat.com) to the domain as an editor
4.Check if user2(wsun+1@redhat.com)'s key is added in  $app/.ssh/authorized_keys
5.Attempt to ssh to the application as user 2(wsun+1@redhat.com)
6.Remove user 2 from the domain
7.Attempt to ssh to the application as user2(wsun+1@redhat.com)
8.Check if user2(wsun+1@redhat.com)'s key is removed in  $app/.ssh/authorized_keys

Result:
4.User2's key is added in  $app/.ssh/authorized_keys

5.Could ssh to app as user 2(wsun+1@redhat.com)
[wsun@dhcp-8-229 ~]$ rhc ssh r8s -n wsunjbt3907 -l wsun+1@redhat.com -p x
Connecting to 525f7e24c9083ac6970000af@r8s-wsunjbt3907.dev.rhcloud.com ...

 
    Welcome to OpenShift shell

    This shell will assist you in managing OpenShift applications.

    !!! IMPORTANT !!! IMPORTANT !!! IMPORTANT !!!
    Shell access is quite powerful and it is possible for you to
    accidentally damage your application.  Proceed with care!
    If worse comes to worst, destroy your application with "rhc app delete"
    and recreate it
    !!! IMPORTANT !!! IMPORTANT !!! IMPORTANT !!!

    Type "help" for more info.

7.Could not ssh to app as user2(wsun+1@redhat.com)
[wsun@dhcp-8-229 ~]$ rhc ssh r8s -n wsunjbt3907 -l wsun+1@redhat.com -p x
Domain 'wsunjbt3907' not found.

8.User2's key is removed from  $app/.ssh/authorized_keys

Note You need to log in before you can comment on or make changes to this bug.