Merge branch 'master' into abelch/remove-sa-connection-string

Azure · May 29, 2024 · f4edf00 · f4edf00
2 parents cdb8e5f + 4834afa
commit f4edf00
Show file tree

Hide file tree

Showing 5 changed files with 33 additions and 48 deletions.
diff --git a/parts/linux/cloud-init/artifacts/components.json b/parts/linux/cloud-init/artifacts/components.json
@@ -353,20 +353,7 @@
       "downloadLocation": "/opt/cni/downloads",
       "downloadURL": "https://acs-mirror.azureedge.net/azure-cni/v*/binaries",
       "versions": [
-        "1.4.52",
         "1.4.54",
-        "1.5.23",
-        "1.5.28"
-      ]
-    },
-    {
-      "fileName": "azure-vnet-cni-swift-linux-amd64-v*",
-      "downloadLocation": "/opt/cni/downloads",
-      "downloadURL": "https://acs-mirror.azureedge.net/azure-cni/v*/binaries",
-      "versions": [
-        "1.4.52",
-        "1.4.54",
-        "1.5.23",
         "1.5.28"
       ]
     },

diff --git a/vhdbuilder/packer/install-dependencies.sh b/vhdbuilder/packer/install-dependencies.sh
@@ -356,9 +356,7 @@ unpackAzureCNI() {
 
 #must be both amd64/arm64 images
 VNET_CNI_VERSIONS="
-1.4.52
 1.4.54
-1.5.23
 1.5.28
 "
 
@@ -370,22 +368,6 @@ for VNET_CNI_VERSION in $VNET_CNI_VERSIONS; do
     echo "  - Azure CNI version ${VNET_CNI_VERSION}" >> ${VHD_LOGS_FILEPATH}
 done
 
-#UNITE swift and overlay versions?
-#Please add new version (>=1.4.13) in this section in order that it can be pulled by both AMD64/ARM64 vhd
-SWIFT_CNI_VERSIONS="
-1.4.52
-1.4.54
-1.5.23
-1.5.28
-"
-
-for SWIFT_CNI_VERSION in $SWIFT_CNI_VERSIONS; do
-    VNET_CNI_PLUGINS_URL="https://acs-mirror.azureedge.net/azure-cni/v${SWIFT_CNI_VERSION}/binaries/azure-vnet-cni-swift-linux-${CPU_ARCH}-v${SWIFT_CNI_VERSION}.tgz"
-    downloadAzureCNI
-    unpackAzureCNI $VNET_CNI_PLUGINS_URL
-    echo "  - Azure Swift CNI version ${SWIFT_CNI_VERSION}" >> ${VHD_LOGS_FILEPATH}
-done
-
 # After v0.7.6, URI was changed to renamed to https://acs-mirror.azureedge.net/cni-plugins/v*/binaries/cni-plugins-linux-arm64-v*.tgz
 MULTI_ARCH_CNI_PLUGIN_VERSIONS="
 1.4.1

diff --git a/vhdbuilder/packer/test/pam/conftest.py b/vhdbuilder/packer/test/pam/conftest.py
@@ -1,4 +1,12 @@
 def pytest_configure(config):
     config.addinivalue_line(
         "markers", "user_data(name): mark test to run with user data"
-    )
+    )
+
+def pytest_addoption(parser):
+    parser.addoption(
+        "--fedramp",
+        action="store_true",
+        default=False,
+        help="FedRAMP remediations have been applied",
+    )
diff --git a/vhdbuilder/packer/test/pam/test_pam.py b/vhdbuilder/packer/test/pam/test_pam.py
@@ -63,30 +63,31 @@ def gen_pw(length=24, use_lowercase=True, use_uppercase=True, use_numbers=True,
       The generated password
     """
     print("\n-----Generating password")
-    charset = ''
+    allowed_charsets = []
     pw = ''
 
     # Ensure at least one of each type of character requested character type
     # is used
     if use_lowercase:
-        charset += string.ascii_lowercase
+        allowed_charsets += [string.ascii_lowercase]
         pw += random.choice(string.ascii_lowercase)
     if use_uppercase:
-        charset += string.ascii_uppercase
+        allowed_charsets += [string.ascii_uppercase]
         pw += random.choice(string.ascii_uppercase)
     if use_numbers:
-        charset += string.digits
+        allowed_charsets += [string.digits]
         pw += random.choice(string.digits)
     if use_specials:
-        charset += "!@#"
+        allowed_charsets += ["!@#"]
         pw += random.choice("!@#")
     if len(pw) > length:
         raise Exception("Password length is greater than specified length")
 
-    # Add random characters from the character set until the password is the
-    # specified length
-    length -= len(pw)
-    pw += ''.join(random.choices(charset, k=length))
+    # Add random characters from the character sets until the password is the
+    # specified length, making sure we don't have enough repeated characters
+    # or character classes to violate the password policy.
+    for i in range(length - len(pw)):
+        pw += random.choice(allowed_charsets[i % len(allowed_charsets)])
 
     return pw
 
@@ -216,6 +217,13 @@ def create_user(request):
     yield user
     user.delete()
 
+@pytest.fixture
+def get_deny_count(request):
+    option = request.config.getoption("--fedramp")
+    if option:
+        return 3
+    else:
+        return 5
 
 def login(user, pw=None):
     """
@@ -392,11 +400,11 @@ def test_user_auth_fails_w_bad_password(create_user):
 
 
 @pytest.mark.user_data("testuser3")
-def test_user_auth_locks_after_5_failures(create_user):
+def test_user_auth_locks_after_deny_count_failures(create_user, get_deny_count):
     user = create_user
 
     # fail five times, which should trigger the faillock
-    for i in range(5):
+    for i in range(get_deny_count):
         assert not login(user, "invalid"), f"Login attempt {i} with \
             invalid password succeeded"
 
@@ -406,12 +414,12 @@ def test_user_auth_locks_after_5_failures(create_user):
 
 
 @pytest.mark.user_data("testuser4")
-def test_user_auth_faillock_resets_after_success(create_user):
+def test_user_auth_faillock_resets_after_success(create_user, get_deny_count):
     user = create_user
 
-    # use an invalid password so we fail four times in a row which should
-    # put the account into one try away from a faillock
-    for i in range(4):
+    # use an invalid password so we fail enough times to put the account
+    # into one try away from a faillock
+    for i in range(get_deny_count - 1):
         assert not login(user, "invalid"), f"Login attempt {i} with invalid \
             password succeeded"
 

diff --git a/vhdbuilder/packer/test/windows-files-check.ps1 b/vhdbuilder/packer/test/windows-files-check.ps1
@@ -324,4 +324,4 @@ function Test-PullImages {
 
 Test-CompareFiles
 Test-ValidateAllSignature
-Test-PullImages
+Test-PullImages