diff --git a/containers/types.go b/containers/types.go index 0138a72..30e71c0 100644 --- a/containers/types.go +++ b/containers/types.go @@ -242,6 +242,23 @@ func (c *Container) SetPassword(password string) error { return err } +// ClearPassword removes password for system user app in the container +func (c *Container) ClearPassword() error { + driver := c.getDriver() + + _, err := driver.Exec(c.App.Name, []string{"passwd", "-d", "app"}, "", []string{}, false) + if err != nil { + return err + } + + _, err = driver.Exec(c.App.Name, []string{"rm", "-f", passwordFile}, "", []string{}, false) + if err != nil { + return err + } + + return err +} + // Generate SSH keys and copies it into authorized keys // Returns true if the key was generated in this call and error if there is any. // The container has to run for this to work. diff --git a/glue/main.go b/glue/main.go index 99d3ea5..05ae960 100644 --- a/glue/main.go +++ b/glue/main.go @@ -591,6 +591,26 @@ func (p *Processor) SetPassword(password string) error { return nil } +// ClearPassword removes password from the SSH user +func (p *Processor) ClearPassword() error { + err := p.waitForApp() + if err != nil { + return err + } + + container, err := p.getContainer() + if err != nil { + return err + } + + err = container.ClearPassword() + if err != nil { + return err + } + + return nil +} + // Generate SSH key and adds it into authorized_keys // These pair of keys is used for deployment. // Returns private key, pubkey and error. diff --git a/handlers.go b/handlers.go index 7313a7f..21cd481 100644 --- a/handlers.go +++ b/handlers.go @@ -212,6 +212,26 @@ func setPasswordHandler(c echo.Context) error { return c.JSON(http.StatusOK, Message{Message: "ok"}) } +// Clear password for the app user in the container +func clearPasswordHandler(c echo.Context) error { + name := c.Param("name") + + processor := glue.Processor{ + AppName: name, + DB: common.GetDBConnection(), + DockerSock: config.DockerSocket, + BindIPHTTP: config.AppsBindIPHTTP, + BindIPSSH: config.AppsBindIPSSH, + AppsPath: config.AppsPath, + } + err := processor.ClearPassword() + if err != nil { + return c.JSONPretty(http.StatusInternalServerError, Message{Message: err.Error()}, JSONIndent) + } + + return c.JSON(http.StatusOK, Message{Message: "ok"}) +} + // Copies body of the request into /srv/.ssh/authorized_keys func setKeysHandler(c echo.Context) error { name := c.Param("name") diff --git a/handlers_nats.go b/handlers_nats.go index b12b12d..fb8fad6 100644 --- a/handlers_nats.go +++ b/handlers_nats.go @@ -57,6 +57,7 @@ func _messageHandler(m *nats.Msg) error { "get_active_tech": getActiveTechHandler, "update_keys": updateKeysEventHandler, "set_password": setPasswordEventHandler, + "clear_password": clearPasswordEventHandler, "processes": processesEventHandler, "enable_tech": enableTechEventHandler, "rebuild": rebuildEventHandler, @@ -538,6 +539,30 @@ func setPasswordEventHandler(m *nats.Msg, message *RequestMessage) error { return nil } +// Clear password for the app user in the container +func clearPasswordEventHandler(m *nats.Msg, message *RequestMessage) error { + processor := glue.Processor{ + AppName: message.AppName, + DB: common.GetDBConnection(), + SnapshotProcessor: &snapshotProcessor, + DockerSock: config.DockerSocket, + BindIPHTTP: config.AppsBindIPHTTP, + BindIPSSH: config.AppsBindIPSSH, + AppsPath: config.AppsPath, + } + err := processor.ClearPassword() + + if err != nil { + log.Println("ERROR password clearing problem: " + err.Error()) + publish(message.AppName, "backend problem", true) + return err + } + + publish(message.AppName, "password deleted", false) + + return nil +} + // Application processes func processesEventHandler(m *nats.Msg, message *RequestMessage) error { processor := glue.Processor{ diff --git a/main.go b/main.go index fed8381..0898d75 100644 --- a/main.go +++ b/main.go @@ -174,6 +174,9 @@ func main() { // Set password for the app user in the container e.PUT("/v1/apps/:name/password", setPasswordHandler) + // Clear password for the app user in the container + e.DELETE("/v1/apps/:name/password", clearPasswordHandler) + // Copies body of the request into /srv/.ssh/authorized_keys e.PUT("/v1/apps/:name/keys", setKeysHandler)