org.jclouds.scriptbuilder.statements.login
Class AdminAccess

java.lang.Object
  org.jclouds.scriptbuilder.statements.login.AdminAccess

All Implemented Interfaces:

Statement

public class AdminAccess
extends Object
implements Statement

Controls the administrative access to a node. By default, it will perform the following:

• setup a new admin user which folks should use as opposed to any built-in account
• associate a random (or given) password to that account
  • securely (using sha 512 on client side and literally rewriting the shadow entry, rather than sending password plaintext to OS in a script)
  • but note password access is often blocked in any case, see below
• associate the users' ssh public key with the account for login
• associate it with the os group wheel
• set up sudoers for password-less access to root for this user (shouldGrantSudo)
• creating os group wheel and assigning the new admin user to it
• create (overwriting) sudoers file to grant root access for wheel members
• reset password for the user logging in (e.g. root, because root password is sometimes known to the provider), securely and randomly as described above (resetLoginPassword)
• lockdown sshd_config for no root login, nor passwords allowed (lockSsh)

Author:

Adrian Cole

Nested Class Summary

static class	AdminAccess.Builder
protected static class	AdminAccess.Config
static interface	AdminAccess.Configuration

Constructor Summary

protected

AdminAccess(AdminAccess.Config in)

Method Summary

static AdminAccess.Builder	builder()
static AdminAccess.Builder	builder(com.google.common.base.Function<String,String> cryptFunction)
Iterable<String>	functionDependencies(OsFamily family)
Credentials	getAdminCredentials()
String	getAdminPassword()
AdminAccess	init(AdminAccess.Configuration configuration)
String	render(OsFamily family)
boolean	shouldGrantSudoToAdminUser()
static AdminAccess	standard()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AdminAccess

protected AdminAccess(AdminAccess.Config in)

Method Detail

builder

public static AdminAccess.Builder builder()

builder

public static AdminAccess.Builder builder(com.google.common.base.Function<String,String> cryptFunction)

standard

public static AdminAccess standard()

getAdminCredentials

@Nullable
public Credentials getAdminCredentials()

Returns:

new credentials or null if unchanged or unavailable

getAdminPassword

@Nullable
public String getAdminPassword()

shouldGrantSudoToAdminUser

public boolean shouldGrantSudoToAdminUser()

functionDependencies

public Iterable<String> functionDependencies(OsFamily family)

Specified by:

functionDependencies in interface Statement

init

public AdminAccess init(AdminAccess.Configuration configuration)

render

public String render(OsFamily family)

Specified by:

render in interface Statement