aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormihaibuzgau <mihaibuzgau@users.noreply.github.com>2020-05-29 15:13:15 +0300
committerGitHub <noreply@github.com>2020-05-29 15:13:15 +0300
commitdc49d7ef173d61d5b4d499ef19212d927da86c6a (patch)
tree6241ad16b4c30f4bca2f4190ecd5db9604246210
parent9b2d2aab210360b785370cd982f50ba5ffd2b53f (diff)
parent210f2e13ade80fbb39e6d1f9b2235ba098f2c780 (diff)
downloadpuppet-sshkeys_core-dc49d7ef173d61d5b4d499ef19212d927da86c6a.tar.gz
puppet-sshkeys_core-dc49d7ef173d61d5b4d499ef19212d927da86c6a.tar.bz2
Merge pull request #31 from Dorin-Pleava/MODULES-10671/New_ssh_keys_types_open_ssh_8.2
(MODULES-10671) New SSH key types for OpenSSH 8.2
-rw-r--r--lib/puppet/type/ssh_authorized_key.rb9
-rw-r--r--lib/puppet/type/sshkey.rb7
-rw-r--r--spec/integration/provider/sshkey_spec.rb31
-rw-r--r--spec/unit/type/ssh_authorized_key_spec.rb14
-rw-r--r--spec/unit/type/sshkey_spec.rb14
5 files changed, 65 insertions, 10 deletions
diff --git a/lib/puppet/type/ssh_authorized_key.rb b/lib/puppet/type/ssh_authorized_key.rb
index 648055c..953b1a6 100644
--- a/lib/puppet/type/ssh_authorized_key.rb
+++ b/lib/puppet/type/ssh_authorized_key.rb
@@ -62,11 +62,14 @@ module Puppet
newproperty(:type) do
desc 'The encryption type used.'
- newvalues :'ssh-dss', :'ssh-rsa', :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521', :'ssh-ed25519'
+ newvalues :'ssh-dss', :'ssh-rsa', :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521', :'ssh-ed25519',
+ :'sk-ecdsa-sha2-nistp256@openssh.com', :'sk-ssh-ed25519@openssh.com'
aliasvalue(:dsa, :'ssh-dss')
aliasvalue(:ed25519, :'ssh-ed25519')
aliasvalue(:rsa, :'ssh-rsa')
+ aliasvalue(:'ecdsa-sk', :'sk-ecdsa-sha2-nistp256@openssh.com')
+ aliasvalue(:'ed25519-sk', :'sk-ssh-ed25519@openssh.com')
end
newproperty(:key) do
@@ -159,7 +162,9 @@ module Puppet
end
# regular expression suitable for use by a ParsedFile based provider
- REGEX = %r{^(?:(.+)\s+)?(ssh-dss|ssh-ed25519|ssh-rsa|ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521)\s+([^ ]+)\s*(.*)$}
+ REGEX = %r{^(?:(.+)\s+)?(ssh-dss|ssh-ed25519|ssh-rsa|ecdsa-sha2-nistp256|
+ ecdsa-sha2-nistp384|ecdsa-sha2-nistp521|ecdsa-sk|ed25519-sk|
+ sk-ecdsa-sha2-nistp256@openssh.com|sk-ssh-ed25519@openssh.com)\s+([^ ]+)\s*(.*)$}x
def self.keyline_regex
REGEX
end
diff --git a/lib/puppet/type/sshkey.rb b/lib/puppet/type/sshkey.rb
index c3cce5d..eeca5fe 100644
--- a/lib/puppet/type/sshkey.rb
+++ b/lib/puppet/type/sshkey.rb
@@ -15,7 +15,7 @@ module Puppet
def self.title_patterns
[
[
- %r{^(.*)@(.*)$},
+ %r{^(.*?)@(.*)$},
[
[:name],
[:type],
@@ -35,11 +35,14 @@ module Puppet
isnamevar
- newvalues :'ssh-dss', :'ssh-ed25519', :'ssh-rsa', :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521'
+ newvalues :'ssh-dss', :'ssh-ed25519', :'ssh-rsa', :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521',
+ :'sk-ecdsa-sha2-nistp256@openssh.com', :'sk-ssh-ed25519@openssh.com'
aliasvalue(:dsa, :'ssh-dss')
aliasvalue(:ed25519, :'ssh-ed25519')
aliasvalue(:rsa, :'ssh-rsa')
+ aliasvalue(:'ecdsa-sk', :'sk-ecdsa-sha2-nistp256@openssh.com')
+ aliasvalue(:'ed25519-sk', :'sk-ssh-ed25519@openssh.com')
end
newproperty(:key) do
diff --git a/spec/integration/provider/sshkey_spec.rb b/spec/integration/provider/sshkey_spec.rb
index 5f30db1..74e56a7 100644
--- a/spec/integration/provider/sshkey_spec.rb
+++ b/spec/integration/provider/sshkey_spec.rb
@@ -91,6 +91,25 @@ describe Puppet::Type.type(:sshkey).provider(:parsed), unless: Puppet.features.m
expect(File.read(sshkey_file)).not_to match(%r{#{sshkey_name}.*Yqk0=})
end
+ it 'prioritizes the specified type instead of type in the name' do
+ manifest = "#{type_under_test} { '#{super_unique}@rsa':
+ ensure => 'present',
+ type => 'dsa',
+ key => 'mykey',
+ target => '#{sshkey_file}' }"
+ apply_with_error_check(manifest)
+ expect(File.read(sshkey_file)).to match(%r{#{super_unique} ssh-dss.*mykey})
+ end
+
+ it 'can parse SSH key type that contains @openssh.com in name' do
+ manifest = "#{type_under_test} { '#{super_unique}@sk-ssh-ed25519@openssh.com':
+ ensure => 'present',
+ key => 'mykey',
+ target => '#{sshkey_file}' }"
+ apply_with_error_check(manifest)
+ expect(File.read(sshkey_file)).to match(%r{#{super_unique} sk-ssh-ed25519@openssh.com.*mykey})
+ end
+
# test all key types
types = [
'ssh-dss', 'dsa',
@@ -98,14 +117,18 @@ describe Puppet::Type.type(:sshkey).provider(:parsed), unless: Puppet.features.m
'ssh-rsa', 'rsa',
'ecdsa-sha2-nistp256',
'ecdsa-sha2-nistp384',
- 'ecdsa-sha2-nistp521'
+ 'ecdsa-sha2-nistp521',
+ 'ecdsa-sk', 'sk-ecdsa-sha2-nistp256@openssh.com',
+ 'ed25519-sk', 'sk-ssh-ed25519@openssh.com'
]
# these types are treated as aliases for sshkey <ahem> type
# so they are populated as the *values* below
aliases = {
- 'dsa' => 'ssh-dss',
- 'ed25519' => 'ssh-ed25519',
- 'rsa' => 'ssh-rsa',
+ 'dsa' => 'ssh-dss',
+ 'ed25519' => 'ssh-ed25519',
+ 'rsa' => 'ssh-rsa',
+ 'ecdsa-sk' => 'sk-ecdsa-sha2-nistp256@openssh.com',
+ 'ed25519-sk' => 'sk-ssh-ed25519@openssh.com',
}
types.each do |type|
it "should update an entry with #{type} type" do
diff --git a/spec/unit/type/ssh_authorized_key_spec.rb b/spec/unit/type/ssh_authorized_key_spec.rb
index 457537c..cf4ae8a 100644
--- a/spec/unit/type/ssh_authorized_key_spec.rb
+++ b/spec/unit/type/ssh_authorized_key_spec.rb
@@ -85,7 +85,9 @@ describe Puppet::Type.type(:ssh_authorized_key), unless: Puppet.features.microso
:'ecdsa-sha2-nistp256',
:'ecdsa-sha2-nistp384',
:'ecdsa-sha2-nistp521',
- :ed25519, :'ssh-ed25519'
+ :ed25519, :'ssh-ed25519',
+ :'ecdsa-sk', :'sk-ecdsa-sha2-nistp256@openssh.com',
+ :'ed25519-sk', :'sk-ssh-ed25519@openssh.com'
].each do |keytype|
it "supports #{keytype}" do
described_class.new(name: 'whev', type: keytype, user: 'nobody')
@@ -102,6 +104,16 @@ describe Puppet::Type.type(:ssh_authorized_key), unless: Puppet.features.microso
expect(key.should(:type)).to eq :'ssh-dss'
end
+ it 'aliases :ecdsa-sk to :sk-ecdsa-sha2-nistp256@openssh.com' do
+ key = described_class.new(name: 'whev', type: :'ecdsa-sk', user: 'nobody')
+ expect(key.should(:type)).to eq :'sk-ecdsa-sha2-nistp256@openssh.com'
+ end
+
+ it 'aliases :ed25519-sk to :sk-ssh-ed25519@openssh.com' do
+ key = described_class.new(name: 'whev', type: :'ed25519-sk', user: 'nobody')
+ expect(key.should(:type)).to eq :'sk-ssh-ed25519@openssh.com'
+ end
+
it "doesn't support values other than ssh-dss, ssh-rsa, dsa, rsa" do
expect { described_class.new(name: 'whev', type: :something) }.to raise_error(Puppet::Error, %r{Invalid value})
end
diff --git a/spec/unit/type/sshkey_spec.rb b/spec/unit/type/sshkey_spec.rb
index 680d9ec..53448ed 100644
--- a/spec/unit/type/sshkey_spec.rb
+++ b/spec/unit/type/sshkey_spec.rb
@@ -27,7 +27,9 @@ describe Puppet::Type.type(:sshkey) do
:'ecdsa-sha2-nistp256',
:'ecdsa-sha2-nistp384',
:'ecdsa-sha2-nistp521',
- :'ssh-ed25519', :ed25519
+ :'ssh-ed25519', :ed25519,
+ :'ecdsa-sk', :'sk-ecdsa-sha2-nistp256@openssh.com',
+ :'ed25519-sk', :'sk-ssh-ed25519@openssh.com'
].each do |keytype|
it "supports #{keytype} as a type value" do
described_class.new(name: 'foo', type: keytype)
@@ -44,6 +46,16 @@ describe Puppet::Type.type(:sshkey) do
expect(key.parameter(:type).value).to eq :'ssh-dss'
end
+ it 'aliases :ecdsa-sk to :sk-ecdsa-sha2-nistp256@openssh.com' do
+ key = described_class.new(name: 'foo', type: :'ecdsa-sk')
+ expect(key.parameter(:type).value).to eq :'sk-ecdsa-sha2-nistp256@openssh.com'
+ end
+
+ it 'aliases :ed25519-sk to :ssh-dss' do
+ key = described_class.new(name: 'foo', type: :'ed25519-sk')
+ expect(key.parameter(:type).value).to eq :'sk-ssh-ed25519@openssh.com'
+ end
+
it "doesn't support values other than ssh-dss, ssh-rsa, dsa, rsa for type" do
expect {
described_class.new(name: 'whev', type: :'ssh-dsa')