(maint) Import the User type unit tests specific to ssh_authorized_keys

Since these tests require both the User & Ssh_authorized_keys types are
available, they are unlikely to be run as part of the Puppet test suite as
this module is unlikely to be installed & available to Puppet's test
suite. By moving the tests into this module, we can ensure that they're at
least run as part of development of the module.

2 files changed, 151 insertions, 0 deletions

diff --git a/spec/fixtures/unit/type/user/authorized_keys b/spec/fixtures/unit/type/user/authorized_keys
new file mode 100644
index 0000000..d58c620
--- /dev/null
+++ b/spec/fixtures/unit/type/user/authorized_keys
@@ -0,0 +1,6 @@
+# fixture for testing ssh key purging
+
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTXvM7AslzjNUYrPLiNVBsF5VnqL2RmqrkzscdVdHzVxvieNwmLGeUkg8EfXPiz7j5F/Lr0J8oItTCWzyN2KmM+DhUMjvP4AbELO/VYbnVrZICRiUNYSO3EN9/uapKAuiev88d7ynbonCU0VZoTPg/ug4OondOrLCtcGri5ltF+mausGfAYiFAQVEWqXV+1tyejoawJ884etb3n4ilpsrH9JK6AtOkEWVD3TDrNi29O1mQQ/Cn88g472zAJ+DhsIn+iehtfX5nmOtDNN/1t1bGMIBzkSYEAYwUiRJbRXvbobT7qKZQPA3dh0m8AYQS5/hd4/c4pmlxL8kgr24SnBY5 key1 name
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTXvM7AslzjNUYrPLiNVBsF5VnqL2RmqrkzscdVdHzVxvieNwmLGeUkg8EfXPiz7j5F/Lr0J8oItTCWzyN2KmM+DhUMjvP4AbELO/VYbnVrZICRiUNYSO3EN9/uapKAuiev88d7ynbonCU0VZoTPg/ug4OondOrLCtcGri5ltF+mausGfAYiFAQVEWqXV+1tyejoawJ884etb3n4ilpsrH9JK6AtOkEWVD3TDrNi29O1mQQ/Cn88g472zAJ+DhsIn+iehtfX5nmOtDNN/1t1bGMIBzkSYEAYwUiRJbRXvbobT7qKZQPA3dh0m8AYQS5/hd4/c4pmlxL8kgr24SnBY5 keyname2
+#ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTXvM7AslzjNUYrPLiNVBsF5VnqL2RmqrkzscdVdHzVxvieNwmLGeUkg8EfXPiz7j5F/Lr0J8oItTCWzyN2KmM+DhUMjvP4AbELO/VYbnVrZICRiUNYSO3EN9/uapKAuiev88d7ynbonCU0VZoTPg/ug4OondOrLCtcGri5ltF+mausGfAYiFAQVEWqXV+1tyejoawJ884etb3n4ilpsrH9JK6AtOkEWVD3TDrNi29O1mQQ/Cn88g472zAJ+DhsIn+iehtfX5nmOtDNN/1t1bGMIBzkSYEAYwUiRJbRXvbobT7qKZQPA3dh0m8AYQS5/hd4/c4pmlxL8kgr24SnBY5 keyname3
+ssh-rsa KEY-WITH-NO-NAME
diff --git a/spec/unit/type/user_spec.rb b/spec/unit/type/user_spec.rb
new file mode 100644
index 0000000..122434f
--- /dev/null
+++ b/spec/unit/type/user_spec.rb
@@ -0,0 +1,145 @@
+# encoding: UTF-8
+
+require 'spec_helper'
+
+describe Puppet::Type.type(:user) do
+  let(:provider_class) do
+    described_class.provide(:simple) do
+      has_features :manages_expiry, :manages_password_age, :manages_passwords, :manages_solaris_rbac, :manages_shell
+      mk_resource_methods
+
+      def create; end
+
+      def delete; end
+
+      def exists?
+        get(:ensure) != :absent
+      end
+
+      def flush; end
+
+      def self.instances
+        []
+      end
+    end
+  end
+
+  before :each do
+    described_class.stubs(:defaultprovider).returns provider_class
+  end
+
+  describe 'when purging ssh keys' do
+    it 'does not accept a keyfile with a relative path' do
+      expect {
+        described_class.new(name: 'a', purge_ssh_keys: 'keys')
+      }.to raise_error(Puppet::Error, %r{Paths to keyfiles must be absolute, not keys})
+    end
+
+    context 'with a home directory specified' do
+      it 'accepts true' do
+        described_class.new(name: 'a', home: '/tmp', purge_ssh_keys: true)
+      end
+
+      it 'accepts the ~ wildcard' do
+        described_class.new(name: 'a', home: '/tmp', purge_ssh_keys: '~/keys')
+      end
+
+      it 'accepts the %h wildcard' do
+        described_class.new(name: 'a', home: '/tmp', purge_ssh_keys: '%h/keys')
+      end
+
+      it 'raises when given a relative path' do
+        expect {
+          described_class.new(name: 'a', home: '/tmp', purge_ssh_keys: 'keys')
+        }.to raise_error(Puppet::Error, %r{Paths to keyfiles must be absolute})
+      end
+    end
+
+    context 'with no home directory specified' do
+      it 'does not accept true' do
+        expect {
+          described_class.new(name: 'a', purge_ssh_keys: true)
+        }.to raise_error(Puppet::Error, %r{purge_ssh_keys can only be true for users with a defined home directory})
+      end
+
+      it 'does not accept the ~ wildcard' do
+        expect {
+          described_class.new(name: 'a', purge_ssh_keys: '~/keys')
+        }.to raise_error(Puppet::Error, %r{meta character ~ or %h only allowed for users with a defined home directory})
+      end
+
+      it 'does not accept the %h wildcard' do
+        expect {
+          described_class.new(name: 'a', purge_ssh_keys: '%h/keys')
+        }.to raise_error(Puppet::Error, %r{meta character ~ or %h only allowed for users with a defined home directory})
+      end
+    end
+
+    context 'with a valid parameter' do
+      subject do
+        res = described_class.new(name: 'test', purge_ssh_keys: paths)
+        res.catalog = Puppet::Resource::Catalog.new
+        res
+      end
+
+      let(:paths) do
+        ['/dev/null', '/tmp/keyfile'].map { |path| File.expand_path(path) }
+      end
+
+      it 'does not just return from generate' do
+        subject.expects :find_unmanaged_keys
+        subject.generate
+      end
+
+      it 'checks each keyfile for readability' do
+        paths.each do |path|
+          File.expects(:readable?).with(path)
+        end
+        subject.generate
+      end
+    end
+
+    describe 'generated keys' do
+      subject do
+        res = described_class.new(name: 'test_user_name', purge_ssh_keys: purge_param)
+        res.catalog = Puppet::Resource::Catalog.new
+        res
+      end
+
+      context 'when purging is disabled' do
+        let(:purge_param) { false }
+
+        it 'has an empty generate' do
+          expect(subject.generate).to be_empty
+        end
+      end
+
+      context 'when purging is enabled' do
+        let(:purge_param) { File.expand_path(my_fixture('authorized_keys')) }
+        let(:resources) { subject.generate }
+
+        it 'contains a resource for each key' do
+          names = resources.map { |res| res.name }
+          expect(names).to include('key1 name')
+          expect(names).to include('keyname2')
+        end
+
+        it 'does not include keys in comment lines' do
+          names = resources.map { |res| res.name }
+          expect(names).not_to include('keyname3')
+        end
+
+        it 'generates names for unnamed keys' do
+          names = resources.map { |res| res.name }
+          fixture_path = File.expand_path(File.join(my_fixture_dir, 'authorized_keys'))
+          expect(names).to include("#{fixture_path}:unnamed-1")
+        end
+
+        it 'has a value for the user property on each resource' do
+          resource_users = resources.map { |res| res[:user] }.reject { |user_name| user_name == 'test_user_name' }
+          expect(resource_users).to be_empty
+        end
+      end
+    end
+  end
+end