Skip to content

Allow host user creation when host_groups contain login name#46039

Merged
eriktate merged 1 commit intomasterfrom
eriktate/35142/allow-existing-group-user-creation
Sep 12, 2024
Merged

Allow host user creation when host_groups contain login name#46039
eriktate merged 1 commit intomasterfrom
eriktate/35142/allow-existing-group-user-creation

Conversation

@eriktate
Copy link
Copy Markdown
Contributor

@eriktate eriktate commented Aug 29, 2024

Fixes #35142

This adds some additonal logic around resolving a primary GID while creating new host users. The expected invariants are:

  • A host user should have a primary group generated for them if it doesn't already exist and their username isn't present in host_groups.
  • A host user should be assigned the existing GID of the group sharing their username if it's present in host_groups.
  • A host user should fail creation if their generated primary group already exists, but isn't present in host_groups.

I'm not entirely sure that last one should be included, but it seemed safer not to automatically assign a user to a group that isn't also managed/mentioned in the role. This can be circumvented by either adding the group name to the host_groups in the role, or by explicitly assigning a GID to the user's traits.

changelog: Fixed an issue that prevented host user creation when the username was also listed in host_groups.

@eriktate eriktate force-pushed the eriktate/35142/allow-existing-group-user-creation branch from 9b24a2e to a7252bf Compare August 29, 2024 19:20
@eriktate eriktate force-pushed the eriktate/35142/allow-existing-group-user-creation branch from a7252bf to 8af8702 Compare August 30, 2024 20:36
@eriktate eriktate requested a review from rosstimothy September 3, 2024 15:50
avatus
avatus approved these changes Sep 3, 2024
View reviewed changes
Comment thread lib/srv/usermgmt.go Outdated
rosstimothy
rosstimothy reviewed Sep 4, 2024
View reviewed changes
Comment thread lib/srv/usermgmt.go Outdated
Comment thread lib/srv/usermgmt.go
Comment thread lib/srv/usermgmt.go Outdated
@eriktate eriktate force-pushed the eriktate/35142/allow-existing-group-user-creation branch 3 times, most recently from f9a6166 to d6d6f5a Compare September 11, 2024 17:16
rosstimothy
rosstimothy reviewed Sep 11, 2024
View reviewed changes
Comment thread lib/srv/usermgmt_test.go Outdated
capnspacehook
capnspacehook approved these changes Sep 11, 2024
View reviewed changes
Comment thread lib/utils/host/hostusers.go Outdated
@eriktate eriktate force-pushed the eriktate/35142/allow-existing-group-user-creation branch 2 times, most recently from d2e55aa to 7315ec4 Compare September 12, 2024 19:52
@eriktate eriktate force-pushed the eriktate/35142/allow-existing-group-user-creation branch from 7315ec4 to e973c8f Compare September 12, 2024 20:05
@eriktate eriktate added this pull request to the merge queue Sep 12, 2024
Merged via the queue into master with commit 2d02f05 Sep 12, 2024
@eriktate eriktate deleted the eriktate/35142/allow-existing-group-user-creation branch September 12, 2024 20:40
@public-teleport-github-review-bot
Copy link
Copy Markdown

public-teleport-github-review-bot Bot commented Sep 12, 2024

@eriktate See the table below for backport results.

Branch Result
branch/v14 Failed
branch/v15 Failed
branch/v16 Create PR

This was referenced Sep 16, 2024
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@avatus avatus avatus approved these changes

@rosstimothy rosstimothy rosstimothy left review comments

@capnspacehook capnspacehook capnspacehook approved these changes

Assignees

No one assigned

Labels

size/sm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Host user creation fails if host_groups includes username/login

4 participants

@eriktate @avatus @capnspacehook @rosstimothy