Return-Path: <commits-return-18285-archive-asf-public=cust-asf.ponee.io@airavata.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 86331200D06
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Mon, 25 Sep 2017 23:10:44 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 84FAB1609EE; Mon, 25 Sep 2017 21:10:44 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id CA1711609B5
	for <archive-asf-public@cust-asf.ponee.io>; Mon, 25 Sep 2017 23:10:43 +0200 (CEST)
Received: (qmail 10317 invoked by uid 500); 25 Sep 2017 21:10:43 -0000
Mailing-List: contact commits-help@airavata.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@airavata.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@airavata.apache.org>
List-Post: <mailto:commits@airavata.apache.org>
List-Id: <commits.airavata.apache.org>
Reply-To: dev@airavata.apache.org
Delivered-To: mailing list commits@airavata.apache.org
Received: (qmail 10308 invoked by uid 99); 25 Sep 2017 21:10:42 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 25 Sep 2017 21:10:42 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33)
	id F1A45F5B12; Mon, 25 Sep 2017 21:10:41 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: machristie@apache.org
To: commits@airavata.apache.org
Date: Mon, 25 Sep 2017 21:10:41 -0000
Message-Id: <785ee1a680b84eadbf88e09674727f2e@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: [1/8] airavata git commit: AIRAVATA-2500 Disallow overwriting LDAP
 SSH key
archived-at: Mon, 25 Sep 2017 21:10:44 -0000

Repository: airavata
Updated Branches:
  refs/heads/AIRAVATA-2500 2425187bb -> 50d7bb6a5


AIRAVATA-2500 Disallow overwriting LDAP SSH key


Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/42059ecc
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/42059ecc
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/42059ecc

Branch: refs/heads/AIRAVATA-2500
Commit: 42059ecccc02eaf6493cda480a6edbaad0d09961
Parents: 2425187
Author: Marcus Christie <machristie@apache.org>
Authored: Wed Sep 20 16:29:26 2017 -0400
Committer: Marcus Christie <machristie@apache.org>
Committed: Wed Sep 20 16:29:26 2017 -0400

----------------------------------------------------------------------
 .../provisioner/IULdapSSHAccountProvisioner.java        | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/airavata/blob/42059ecc/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/provisioner/IULdapSSHAccountProvisioner.java
----------------------------------------------------------------------
diff --git a/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/provisioner/IULdapSSHAccountProvisioner.java b/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/provisioner/IULdapSSHAccountProvisioner.java
index 4f0ad07..69ed3f6 100644
--- a/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/provisioner/IULdapSSHAccountProvisioner.java
+++ b/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/provisioner/IULdapSSHAccountProvisioner.java
@@ -104,7 +104,17 @@ public class IULdapSSHAccountProvisioner implements SSHAccountProvisioner  {
                     modifyRequest.addModification(new DefaultAttribute(SSH_PUBLIC_KEY_ATTRIBUTE_NAME, sshPublicKey), ModificationOperation.ADD_ATTRIBUTE);
                 } else {
 
-                    modifyRequest.addModification(new DefaultAttribute(SSH_PUBLIC_KEY_ATTRIBUTE_NAME, sshPublicKey), ModificationOperation.REPLACE_ATTRIBUTE);
+                    String oldSshPublicKey = entry.get(SSH_PUBLIC_KEY_ATTRIBUTE_NAME).getString();
+                    if (!oldSshPublicKey.equals(sshPublicKey)) {
+                        // Disallow overwriting the SSH key
+                        throw new RuntimeException("User [" + username + "] already has an SSH public key in LDAP for ["
+                                + ldapBaseDN + "] and overwriting it isn't allowed.");
+                        // modifyRequest.addModification(new DefaultAttribute(SSH_PUBLIC_KEY_ATTRIBUTE_NAME,
+                        //        sshPublicKey), ModificationOperation.REPLACE_ATTRIBUTE);
+                    } else {
+                        // SSH key is already installed so just return
+                        return true;
+                    }
                 }
                 ModifyResponse modifyResponse = ldapConnection.modify(modifyRequest);
                 if (modifyResponse.getLdapResult().getResultCode() != ResultCodeEnum.SUCCESS) {