Allow httpd password to have dollar sign in it #257
Conversation
|
@miq-bot add-label fine/yes |
| @@ -128,7 +128,7 @@ def configure_sssd | |||
|
|
|||
| def configure_ipa_http_service | |||
| say("Configuring IPA HTTP Service and Keytab ...") | |||
| AwesomeSpawn.run!("/bin/echo \"#{@password}\" | /usr/bin/kinit #{@principal}") | |||
| AwesomeSpawn.run!("/bin/echo '#{@password}' | /usr/bin/kinit #{@principal}") | |||
There was a problem hiding this comment.
@yrudman Is it possible to add some tests for this?
yrudman
force-pushed
the
allow-httpd-password-to-have-dollar-sign
branch
from
4a14b47 to
0ca205b
Compare
yrudman
force-pushed
the
allow-httpd-password-to-have-dollar-sign
branch
from
0ca205b to
94fcb0c
Compare
|
Then you can't have AwesomeSpawn.run!("/usr/bin/kinit", :params => [@principal], :stdin_data => @password)EDIT: Additionally this keeps the password off of the command line so it's not snoopable via |
…ted as variable which need to be resolved. Single quotation need to be used to keep '$'. https://bugzilla.redhat.com/show_bug.cgi?id=1438974
yrudman
force-pushed
the
allow-httpd-password-to-have-dollar-sign
branch
2 times, most recently
from
d3f2d9a to
03e313e
Compare
|
thank you @Fryguy |
| @@ -162,4 +163,26 @@ | |||
| subject.post_activation | |||
| end | |||
| end | |||
|
|
|||
| context "#configure_ipa_http_service" do | |||
| before do | |||
There was a problem hiding this comment.
Why use a before block when there is only one test?
There was a problem hiding this comment.
I think it looks more clean to separate what we are testing from what is not important
|
|
||
| context "#configure_ipa_http_service" do | ||
| before do | ||
| allow(subject).to receive(:say) |
There was a problem hiding this comment.
Shouldn't we expect all of these things to happen?
There was a problem hiding this comment.
I was thinking that before block is setting-up environment for executing expectation in it block. I am not sure what is the right way (expect vs allow) to mock some behavior which is not tested in it.
@bdunne, do you think it make sense to remove before and replace all allow with expect here?
| allow(ApplianceConsole::Principal).to receive(:new).and_return(service) | ||
| allow(service).to receive(:register) | ||
| allow(service).to receive(:name) | ||
| allow(service).to receive(:name) |
There was a problem hiding this comment.
Prefer expect(service).to receive(:name).twice
There was a problem hiding this comment.
my mistake, forgot to delete that line, we need that only once
yrudman
force-pushed
the
allow-httpd-password-to-have-dollar-sign
branch
from
03e313e to
782e12a
Compare
|
Checked commits yrudman/manageiq-gems-pending@71b068c~...782e12a with ruby 2.2.6, rubocop 0.47.1, and haml-lint 0.20.0 |
…lar-sign Allow httpd password to have dollar sign in it (cherry picked from commit 7bea4f3) https://bugzilla.redhat.com/show_bug.cgi?id=1481846
|
Fine backport details: |
Having
$sign inside double quotation for echo argument is interpreted as variable which need to be resolved.https://bugzilla.redhat.com/show_bug.cgi?id=1438974
@miq-bot add-label bug
\cc @bdunne