Comments (5)
illfelder
commented on June 23, 2024
The OS Login API isn't appropriate for that check. In your script that runs inside a VM, you can poll against the metadata server's authorize endpoint.
EMAIL=<service account Login Profile name or email>
curl "http://metadata.google.internal/computeMetadata/v1/oslogin/authorize?email=${EMAIL}&policy=login" -H "Metadata-Flavor: Google"
curl "http://metadata.google.internal/computeMetadata/v1/oslogin/authorize?email=${EMAIL}&policy=adminLogin" -H "Metadata-Flavor: Google"
from compute-image-tools.
helen-fornazier
commented on June 23, 2024
Great, thanks
from compute-image-tools.
helen-fornazier
commented on June 23, 2024
Hi, sorry about reopening this. I found the issue regarding tests on u16, tests fails because ssh-guard blocks the connection from the testers after some attempts, so polling metadata before trying ssh is the best alternative.
I would like to ask if I can retrieve this same information but using https://www.googleapis.com/ instead of http://metadata.google.internal/ to allow me to poll this information from a tester machine without the need to add logic on the testee.
I was using:
https://www.googleapis.com/compute/v1/projects/myproject/zones/us-central1-a/instances/example-instance
But is seems this doesn't show the oslogin/authorize information
Otherwise I can use a python script in the testee
from compute-image-tools.
illfelder
commented on June 23, 2024
The authorize endpoint is only available from inside the VM. You won't be able to do the polling check from outside of the instance. You can determine whether OS Login is (theoretically) enabled from outside of the instance by checking instance and project level metadata.
from compute-image-tools.
helen-fornazier
commented on June 23, 2024
If you mean checking enable-oslogin in instance and project level metadata, then this doesn't work for me because is the test script who sets or unsets enable-oslogin and tests if ssh gained or lost access accordingly, so I already know the state of enable-oslogin in the metadata.
I solved it in another way by disabling sshguard at boot using service sshguard stop and I ignore if this command fails (in case the service doesn't exist), but this won't work in case the distro doesn't have the service command, but most of distros do provide the service command and those who doesn't provide it probably don't use sshguard.
from compute-image-tools.
Related Issues (20)
- Adding ability to export fixed-sized VHDs HOT 2
- Incorrect hostname for VMs with multiple network interfaces
- panic: runtime error: invalid memory address or nil pointer dereference on Ubuntu 20.04
- Issue with bootstrap_install.ps1 HOT 2
- `import_precheck` fails on CentOS 7 HOT 2
- importing process interrupted when `/etc/netplan` contains subdirectory (Ubuntu 18+) HOT 1
- getting error while importing my ubuntu 2004vmdk into compute instance HOT 1
- Execution fails when shielded VMs org policy is enforced HOT 3
- GCE_Export Release Version access_denied HOT 1
- daisy release version has access denied HOT 1
- Should this be more than 1 GB?
- gcloud compute images import does not allow centos-8 in option --os HOT 1
- Compute engine create with container + SSD
- Could not fetch resource
- Semidev1
- Shared VPC issue during build
- Deployments of UBUNTU with "snapd" (google tool use this snapd?) HOT 3
- windows-startup-script-url: Message: Either the Name or Index parameter is required HOT 2
- Workflow update required for windows-10-20h2-ent-x86
- Fix the setting for 'x86_build' and maybe 'uefi_build' on the 'windows-build-bios.wf.json'
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from compute-image-tools.