diff options
author | mihaibuzgau <mihaibuzgau@users.noreply.github.com> | 2020-05-29 15:13:15 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-05-29 15:13:15 +0300 |
commit | dc49d7ef173d61d5b4d499ef19212d927da86c6a (patch) | |
tree | 6241ad16b4c30f4bca2f4190ecd5db9604246210 | |
parent | 9b2d2aab210360b785370cd982f50ba5ffd2b53f (diff) | |
parent | 210f2e13ade80fbb39e6d1f9b2235ba098f2c780 (diff) | |
download | puppet-sshkeys_core-dc49d7ef173d61d5b4d499ef19212d927da86c6a.tar.gz puppet-sshkeys_core-dc49d7ef173d61d5b4d499ef19212d927da86c6a.tar.bz2 |
Merge pull request #31 from Dorin-Pleava/MODULES-10671/New_ssh_keys_types_open_ssh_8.2
(MODULES-10671) New SSH key types for OpenSSH 8.2
-rw-r--r-- | lib/puppet/type/ssh_authorized_key.rb | 9 | ||||
-rw-r--r-- | lib/puppet/type/sshkey.rb | 7 | ||||
-rw-r--r-- | spec/integration/provider/sshkey_spec.rb | 31 | ||||
-rw-r--r-- | spec/unit/type/ssh_authorized_key_spec.rb | 14 | ||||
-rw-r--r-- | spec/unit/type/sshkey_spec.rb | 14 |
5 files changed, 65 insertions, 10 deletions
diff --git a/lib/puppet/type/ssh_authorized_key.rb b/lib/puppet/type/ssh_authorized_key.rb index 648055c..953b1a6 100644 --- a/lib/puppet/type/ssh_authorized_key.rb +++ b/lib/puppet/type/ssh_authorized_key.rb @@ -62,11 +62,14 @@ module Puppet newproperty(:type) do desc 'The encryption type used.' - newvalues :'ssh-dss', :'ssh-rsa', :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521', :'ssh-ed25519' + newvalues :'ssh-dss', :'ssh-rsa', :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521', :'ssh-ed25519', + :'sk-ecdsa-sha2-nistp256@openssh.com', :'sk-ssh-ed25519@openssh.com' aliasvalue(:dsa, :'ssh-dss') aliasvalue(:ed25519, :'ssh-ed25519') aliasvalue(:rsa, :'ssh-rsa') + aliasvalue(:'ecdsa-sk', :'sk-ecdsa-sha2-nistp256@openssh.com') + aliasvalue(:'ed25519-sk', :'sk-ssh-ed25519@openssh.com') end newproperty(:key) do @@ -159,7 +162,9 @@ module Puppet end # regular expression suitable for use by a ParsedFile based provider - REGEX = %r{^(?:(.+)\s+)?(ssh-dss|ssh-ed25519|ssh-rsa|ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521)\s+([^ ]+)\s*(.*)$} + REGEX = %r{^(?:(.+)\s+)?(ssh-dss|ssh-ed25519|ssh-rsa|ecdsa-sha2-nistp256| + ecdsa-sha2-nistp384|ecdsa-sha2-nistp521|ecdsa-sk|ed25519-sk| + sk-ecdsa-sha2-nistp256@openssh.com|sk-ssh-ed25519@openssh.com)\s+([^ ]+)\s*(.*)$}x def self.keyline_regex REGEX end diff --git a/lib/puppet/type/sshkey.rb b/lib/puppet/type/sshkey.rb index c3cce5d..eeca5fe 100644 --- a/lib/puppet/type/sshkey.rb +++ b/lib/puppet/type/sshkey.rb @@ -15,7 +15,7 @@ module Puppet def self.title_patterns [ [ - %r{^(.*)@(.*)$}, + %r{^(.*?)@(.*)$}, [ [:name], [:type], @@ -35,11 +35,14 @@ module Puppet isnamevar - newvalues :'ssh-dss', :'ssh-ed25519', :'ssh-rsa', :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521' + newvalues :'ssh-dss', :'ssh-ed25519', :'ssh-rsa', :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521', + :'sk-ecdsa-sha2-nistp256@openssh.com', :'sk-ssh-ed25519@openssh.com' aliasvalue(:dsa, :'ssh-dss') aliasvalue(:ed25519, :'ssh-ed25519') aliasvalue(:rsa, :'ssh-rsa') + aliasvalue(:'ecdsa-sk', :'sk-ecdsa-sha2-nistp256@openssh.com') + aliasvalue(:'ed25519-sk', :'sk-ssh-ed25519@openssh.com') end newproperty(:key) do diff --git a/spec/integration/provider/sshkey_spec.rb b/spec/integration/provider/sshkey_spec.rb index 5f30db1..74e56a7 100644 --- a/spec/integration/provider/sshkey_spec.rb +++ b/spec/integration/provider/sshkey_spec.rb @@ -91,6 +91,25 @@ describe Puppet::Type.type(:sshkey).provider(:parsed), unless: Puppet.features.m expect(File.read(sshkey_file)).not_to match(%r{#{sshkey_name}.*Yqk0=}) end + it 'prioritizes the specified type instead of type in the name' do + manifest = "#{type_under_test} { '#{super_unique}@rsa': + ensure => 'present', + type => 'dsa', + key => 'mykey', + target => '#{sshkey_file}' }" + apply_with_error_check(manifest) + expect(File.read(sshkey_file)).to match(%r{#{super_unique} ssh-dss.*mykey}) + end + + it 'can parse SSH key type that contains @openssh.com in name' do + manifest = "#{type_under_test} { '#{super_unique}@sk-ssh-ed25519@openssh.com': + ensure => 'present', + key => 'mykey', + target => '#{sshkey_file}' }" + apply_with_error_check(manifest) + expect(File.read(sshkey_file)).to match(%r{#{super_unique} sk-ssh-ed25519@openssh.com.*mykey}) + end + # test all key types types = [ 'ssh-dss', 'dsa', @@ -98,14 +117,18 @@ describe Puppet::Type.type(:sshkey).provider(:parsed), unless: Puppet.features.m 'ssh-rsa', 'rsa', 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', - 'ecdsa-sha2-nistp521' + 'ecdsa-sha2-nistp521', + 'ecdsa-sk', 'sk-ecdsa-sha2-nistp256@openssh.com', + 'ed25519-sk', 'sk-ssh-ed25519@openssh.com' ] # these types are treated as aliases for sshkey <ahem> type # so they are populated as the *values* below aliases = { - 'dsa' => 'ssh-dss', - 'ed25519' => 'ssh-ed25519', - 'rsa' => 'ssh-rsa', + 'dsa' => 'ssh-dss', + 'ed25519' => 'ssh-ed25519', + 'rsa' => 'ssh-rsa', + 'ecdsa-sk' => 'sk-ecdsa-sha2-nistp256@openssh.com', + 'ed25519-sk' => 'sk-ssh-ed25519@openssh.com', } types.each do |type| it "should update an entry with #{type} type" do diff --git a/spec/unit/type/ssh_authorized_key_spec.rb b/spec/unit/type/ssh_authorized_key_spec.rb index 457537c..cf4ae8a 100644 --- a/spec/unit/type/ssh_authorized_key_spec.rb +++ b/spec/unit/type/ssh_authorized_key_spec.rb @@ -85,7 +85,9 @@ describe Puppet::Type.type(:ssh_authorized_key), unless: Puppet.features.microso :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521', - :ed25519, :'ssh-ed25519' + :ed25519, :'ssh-ed25519', + :'ecdsa-sk', :'sk-ecdsa-sha2-nistp256@openssh.com', + :'ed25519-sk', :'sk-ssh-ed25519@openssh.com' ].each do |keytype| it "supports #{keytype}" do described_class.new(name: 'whev', type: keytype, user: 'nobody') @@ -102,6 +104,16 @@ describe Puppet::Type.type(:ssh_authorized_key), unless: Puppet.features.microso expect(key.should(:type)).to eq :'ssh-dss' end + it 'aliases :ecdsa-sk to :sk-ecdsa-sha2-nistp256@openssh.com' do + key = described_class.new(name: 'whev', type: :'ecdsa-sk', user: 'nobody') + expect(key.should(:type)).to eq :'sk-ecdsa-sha2-nistp256@openssh.com' + end + + it 'aliases :ed25519-sk to :sk-ssh-ed25519@openssh.com' do + key = described_class.new(name: 'whev', type: :'ed25519-sk', user: 'nobody') + expect(key.should(:type)).to eq :'sk-ssh-ed25519@openssh.com' + end + it "doesn't support values other than ssh-dss, ssh-rsa, dsa, rsa" do expect { described_class.new(name: 'whev', type: :something) }.to raise_error(Puppet::Error, %r{Invalid value}) end diff --git a/spec/unit/type/sshkey_spec.rb b/spec/unit/type/sshkey_spec.rb index 680d9ec..53448ed 100644 --- a/spec/unit/type/sshkey_spec.rb +++ b/spec/unit/type/sshkey_spec.rb @@ -27,7 +27,9 @@ describe Puppet::Type.type(:sshkey) do :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521', - :'ssh-ed25519', :ed25519 + :'ssh-ed25519', :ed25519, + :'ecdsa-sk', :'sk-ecdsa-sha2-nistp256@openssh.com', + :'ed25519-sk', :'sk-ssh-ed25519@openssh.com' ].each do |keytype| it "supports #{keytype} as a type value" do described_class.new(name: 'foo', type: keytype) @@ -44,6 +46,16 @@ describe Puppet::Type.type(:sshkey) do expect(key.parameter(:type).value).to eq :'ssh-dss' end + it 'aliases :ecdsa-sk to :sk-ecdsa-sha2-nistp256@openssh.com' do + key = described_class.new(name: 'foo', type: :'ecdsa-sk') + expect(key.parameter(:type).value).to eq :'sk-ecdsa-sha2-nistp256@openssh.com' + end + + it 'aliases :ed25519-sk to :ssh-dss' do + key = described_class.new(name: 'foo', type: :'ed25519-sk') + expect(key.parameter(:type).value).to eq :'sk-ssh-ed25519@openssh.com' + end + it "doesn't support values other than ssh-dss, ssh-rsa, dsa, rsa for type" do expect { described_class.new(name: 'whev', type: :'ssh-dsa') |