Initial sshkey type import from Puppet repository

Imported from dbf5a8964af9b87446542d24f46534cf90f11f59 in the Puppet repo.

5 files changed, 236 insertions, 0 deletions

diff --git a/spec/acceptance/tests/resource/ssh_authorized_key/create.rb b/spec/acceptance/tests/resource/ssh_authorized_key/create.rb
new file mode 100644
index 0000000..6b4c879
--- /dev/null
+++ b/spec/acceptance/tests/resource/ssh_authorized_key/create.rb
@@ -0,0 +1,39 @@
+test_name "should create an entry for an SSH authorized key"
+
+tag 'audit:medium',
+    'audit:refactor',  # Use block style `test_run`
+    'audit:acceptance' # Could be done at the integration (or unit) layer though
+                       # actual changing of resources could irreparably damage a
+                       # host running this, or require special permissions.
+
+confine :except, :platform => ['windows']
+
+auth_keys = '~/.ssh/authorized_keys'
+name = "pl#{rand(999999).to_i}"
+
+agents.each do |agent|
+  teardown do
+    #(teardown) restore the #{auth_keys} file
+    on(agent, "mv /tmp/auth_keys #{auth_keys}", :acceptable_exit_codes => [0,1])
+  end
+
+  #------- SETUP -------#
+  step "(setup) backup #{auth_keys} file"
+  on(agent, "cp #{auth_keys} /tmp/auth_keys", :acceptable_exit_codes => [0,1])
+  on(agent, "chown $LOGNAME #{auth_keys}")
+
+  #------- TESTS -------#
+  step "create an authorized key entry with puppet (present)"
+  args = ['ensure=present',
+          "user=$LOGNAME",
+          "type='rsa'",
+          "key='mykey'",
+         ]
+  on(agent, puppet_resource('ssh_authorized_key', "#{name}", args))
+
+  step "verify entry in #{auth_keys}"
+  on(agent, "cat #{auth_keys}")  do |res|
+    fail_test "didn't find the ssh_authorized_key for #{name}" unless stdout.include? "#{name}"
+  end
+
+end
diff --git a/spec/acceptance/tests/resource/ssh_authorized_key/destroy.rb b/spec/acceptance/tests/resource/ssh_authorized_key/destroy.rb
new file mode 100644
index 0000000..c80e967
--- /dev/null
+++ b/spec/acceptance/tests/resource/ssh_authorized_key/destroy.rb
@@ -0,0 +1,42 @@
+test_name "should delete an entry for an SSH authorized key"
+
+tag 'audit:medium',
+    'audit:refactor',  # Use block style `test_run`
+    'audit:acceptance' # Could be done at the integration (or unit) layer though
+                       # actual changing of resources could irreparably damage a
+                       # host running this, or require special permissions.
+
+confine :except, :platform => ['windows']
+
+auth_keys = '~/.ssh/authorized_keys'
+name = "pl#{rand(999999).to_i}"
+
+agents.each do |agent|
+  teardown do
+    #(teardown) restore the #{auth_keys} file
+    on(agent, "mv /tmp/auth_keys #{auth_keys}", :acceptable_exit_codes => [0,1])
+  end
+
+  #------- SETUP -------#
+  step "(setup) backup #{auth_keys} file"
+  on(agent, "cp #{auth_keys} /tmp/auth_keys", :acceptable_exit_codes => [0,1])
+
+  step "(setup) create an authorized key in the #{auth_keys} file"
+  on(agent, "echo '' >> #{auth_keys} && echo 'ssh-rsa mykey #{name}' >> #{auth_keys}")
+  on(agent, "chown $LOGNAME #{auth_keys}")
+
+  #------- TESTS -------#
+  step "delete an authorized key entry with puppet (absent)"
+  args = ['ensure=absent',
+          "user=$LOGNAME",
+          "type='rsa'",
+          "key='mykey'",
+         ]
+  on(agent, puppet_resource('ssh_authorized_key', "#{name}", args))
+
+  step "verify entry deleted from #{auth_keys}"
+  on(agent, "cat #{auth_keys}")  do |res|
+    fail_test "found the ssh_authorized_key for #{name}" if stdout.include? "#{name}"
+  end
+
+end
diff --git a/spec/acceptance/tests/resource/ssh_authorized_key/modify.rb b/spec/acceptance/tests/resource/ssh_authorized_key/modify.rb
new file mode 100644
index 0000000..0a50c31
--- /dev/null
+++ b/spec/acceptance/tests/resource/ssh_authorized_key/modify.rb
@@ -0,0 +1,43 @@
+test_name "should update an entry for an SSH authorized key"
+
+tag 'audit:medium',
+    'audit:refactor',  # Use block style `test_run`
+    'audit:acceptance' # Could be done at the integration (or unit) layer though
+                       # actual changing of resources could irreparably damage a
+                       # host running this, or require special permissions.
+
+confine :except, :platform => ['windows']
+
+auth_keys = '~/.ssh/authorized_keys'
+name = "pl#{rand(999999).to_i}"
+
+agents.each do |agent|
+  teardown do
+    #(teardown) restore the #{auth_keys} file
+    on(agent, "mv /tmp/auth_keys #{auth_keys}", :acceptable_exit_codes => [0,1])
+  end
+
+  #------- SETUP -------#
+  step "(setup) backup #{auth_keys} file"
+  on(agent, "cp #{auth_keys} /tmp/auth_keys", :acceptable_exit_codes => [0,1])
+
+  step "(setup) create an authorized key in the #{auth_keys} file"
+  on(agent, "echo '' >> #{auth_keys} && echo 'ssh-rsa mykey #{name}' >> #{auth_keys}")
+  on(agent, "chown $LOGNAME #{auth_keys}")
+
+  #------- TESTS -------#
+  step "update an authorized key entry with puppet (present)"
+  args = ['ensure=present',
+          "user=$LOGNAME",
+          "type='rsa'",
+          "key='mynewshinykey'",
+         ]
+  on(agent, puppet_resource('ssh_authorized_key', "#{name}", args))
+
+  step "verify entry updated in #{auth_keys}"
+  on(agent, "cat #{auth_keys}")  do |res|
+    fail_test "didn't find the updated key for #{name}" unless stdout.include? "mynewshinykey #{name}"
+    fail_test "Found old key mykey #{name}" if stdout.include? "mykey #{name}"
+  end
+
+end
diff --git a/spec/acceptance/tests/resource/ssh_authorized_key/query.rb b/spec/acceptance/tests/resource/ssh_authorized_key/query.rb
new file mode 100644
index 0000000..8caff85
--- /dev/null
+++ b/spec/acceptance/tests/resource/ssh_authorized_key/query.rb
@@ -0,0 +1,35 @@
+test_name "should be able to find an existing SSH authorized key"
+
+tag 'audit:medium',
+    'audit:refactor',  # Use block style `test_run`
+    'audit:acceptance' # Could be done at the integration (or unit) layer though
+                       # actual changing of resources could irreparably damage a
+                       # host running this, or require special permissions.
+
+skip_test("This test is blocked by PUP-1605")
+
+confine :except, :platform => ['windows']
+
+auth_keys = '~/.ssh/authorized_keys'
+name = "pl#{rand(999999).to_i}"
+
+agents.each do |agent|
+  teardown do
+    #(teardown) restore the #{auth_keys} file
+    on(agent, "mv /tmp/auth_keys #{auth_keys}", :acceptable_exit_codes => [0,1])
+  end
+
+  #------- SETUP -------#
+  step "(setup) backup #{auth_keys} file"
+  on(agent, "cp #{auth_keys} /tmp/auth_keys", :acceptable_exit_codes => [0,1])
+
+  step "(setup) create an authorized key in the #{auth_keys} file"
+  on(agent, "echo '' >> #{auth_keys} && echo 'ssh-rsa mykey #{name}' >> #{auth_keys}")
+
+  #------- TESTS -------#
+  step "verify SSH authorized key query with puppet"
+  on(agent, puppet_resource('ssh_authorized_key', "/#{name}")) do |res|
+    fail_test "Didn't find the ssh_authorized_key for #{name}" unless stdout.include? "#{name}"
+  end
+
+end
diff --git a/spec/acceptance/tests/resource/sshkey/create.rb b/spec/acceptance/tests/resource/sshkey/create.rb
new file mode 100644
index 0000000..4e75379
--- /dev/null
+++ b/spec/acceptance/tests/resource/sshkey/create.rb
@@ -0,0 +1,77 @@
+test_name "(PUP-5508) Should add an SSH key to the correct ssh_known_hosts file on OS X/macOS" do
+# TestRail test case C93370
+
+tag 'audit:medium',
+    'audit:acceptance' # Could be done at the integration (or unit) layer though
+                       # actual changing of resources could irreparably damage a
+                       # host running this, or require special permissions.
+
+confine :to, :platform => /osx/
+
+keyname = "pl#{rand(999999).to_i}"
+
+# FIXME: This is bletcherous
+macos_version = fact_on(agent, "os.macosx.version.major")
+if ["10.9","10.10"].include? macos_version
+  ssh_known_hosts = '/etc/ssh_known_hosts'
+else
+  ssh_known_hosts = '/etc/ssh/ssh_known_hosts'
+end
+
+teardown do
+  puts "Restore the #{ssh_known_hosts} file"
+  agents.each do |agent|
+    # Is it present?
+    rc = on(agent, "[ -e /tmp/ssh_known_hosts ]",
+            :accept_all_exit_codes => true)
+    if rc.exit_code == 0
+      # It's present, so restore the original
+      on(agent, "mv -fv /tmp/ssh_known_hosts #{ssh_known_hosts}",
+         :accept_all_exit_codes => true)
+    else
+      # It's missing, which means there wasn't one to backup; just
+      # delete the one we laid down
+      on(agent, "rm -fv #{ssh_known_hosts}",
+         :accept_all_exit_codes => true)
+    end
+  end
+end
+
+#------- SETUP -------#
+step "Backup #{ssh_known_hosts} file, if present" do
+  # The 'cp' might fail because the source file doesn't exist
+  on(agent, "cp -fv #{ssh_known_hosts} /tmp/ssh_known_hosts",
+     :acceptable_exit_codes => [0,1])
+end
+
+#------- TESTS -------#
+step 'Verify that the default file is empty or non-existent' do
+  # Is it even there?
+  rc = on(agent, "[ ! -e #{ssh_known_hosts} ]",
+          :acceptable_exit_codes => [0, 1])
+  if rc.exit_code == 1 
+    # If it's there, it should be empty
+    on(agent, "cat #{ssh_known_hosts}") do |res|
+      fail_test "Default #{ssh_known_hosts} file not empty" \
+        unless stdout.empty?
+    end
+  end
+end
+
+step "Add an sshkey to the default file" do
+  args = [
+          "ensure=present",
+          "key=how_about_the_key_of_c",
+          "type=ssh-rsa",
+         ]
+  on(agent, puppet_resource("sshkey", "#{keyname}", args))
+end
+
+step 'Verify the new entry in the default file' do
+  on(agent, "cat #{ssh_known_hosts}") do |rc|
+    fail_test "Didn't find the ssh_known_host entry for #{keyname}" \
+      unless stdout.include? "#{keyname}"
+  end
+end
+
+end