daemon: update.go/reconcilable block deleting users

Previously we allowed users to fully delete Passwd.Users but correctly though silently did not clear the authorized_keys on disk. This should have been unreconcilable since it violates the MCO rules for ssh updates instead of silently failing.
kikisdeliveryservice · Feb 5, 2021 · 6cf8b95 · 6cf8b95
1 parent 5205078
commit 6cf8b95
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/pkg/daemon/update.go b/pkg/daemon/update.go
@@ -828,6 +828,8 @@ func reconcilable(oldConfig, newConfig *mcfgv1.MachineConfig) (*machineConfigDif
 				if err := verifyUserFields(newIgn.Passwd.Users[len(newIgn.Passwd.Users)-1]); err != nil {
 					return nil, err
 				}
+			} else if len(oldIgn.Passwd.Users) > 0 && len(newIgn.Passwd.Users) == 0 {
+				return nil, errors.New("ignition passwd user section contains unsupported changes: user core may not be deleted")
 			}
 		}
 	}

diff --git a/pkg/daemon/update_test.go b/pkg/daemon/update_test.go
@@ -325,11 +325,11 @@ func TestReconcilableSSH(t *testing.T) {
 	_, errMsg = reconcilable(oldMcfg, newMcfg)
 	checkIrreconcilableResults(t, "SSH", errMsg)
 
-	//check that empty Users does not generate error/degrade node
+	//check that empty Users does not cause panic
 	newIgnCfg.Passwd.Users = nil
 	newMcfg = helpers.CreateMachineConfigFromIgnition(newIgnCfg)
 	_, errMsg = reconcilable(oldMcfg, newMcfg)
-	checkReconcilableResults(t, "SSH", errMsg)
+	checkIrreconcilableResults(t, "SSH", errMsg)
 }
 
 func TestUpdateSSHKeys(t *testing.T) {