aboutsummaryrefslogtreecommitdiff
path: root/spec/acceptance
diff options
context:
space:
mode:
authorJacob Helwig <jacob@technosorcery.net>2018-06-04 11:30:09 -0700
committerJacob Helwig <jacob@technosorcery.net>2018-06-21 14:27:04 -0700
commitd1719de1d77b9c139b1b5f5832330807c0fe11fe (patch)
tree69c541233bc64c5d47746e062e0efcba0c5436b5 /spec/acceptance
downloadpuppet-sshkeys_core-d1719de1d77b9c139b1b5f5832330807c0fe11fe.tar.gz
puppet-sshkeys_core-d1719de1d77b9c139b1b5f5832330807c0fe11fe.tar.bz2
Initial sshkey type import from Puppet repository
Imported from dbf5a8964af9b87446542d24f46534cf90f11f59 in the Puppet repo.
Diffstat (limited to 'spec/acceptance')
-rw-r--r--spec/acceptance/tests/resource/ssh_authorized_key/create.rb39
-rw-r--r--spec/acceptance/tests/resource/ssh_authorized_key/destroy.rb42
-rw-r--r--spec/acceptance/tests/resource/ssh_authorized_key/modify.rb43
-rw-r--r--spec/acceptance/tests/resource/ssh_authorized_key/query.rb35
-rw-r--r--spec/acceptance/tests/resource/sshkey/create.rb77
5 files changed, 236 insertions, 0 deletions
diff --git a/spec/acceptance/tests/resource/ssh_authorized_key/create.rb b/spec/acceptance/tests/resource/ssh_authorized_key/create.rb
new file mode 100644
index 0000000..6b4c879
--- /dev/null
+++ b/spec/acceptance/tests/resource/ssh_authorized_key/create.rb
@@ -0,0 +1,39 @@
+test_name "should create an entry for an SSH authorized key"
+
+tag 'audit:medium',
+ 'audit:refactor', # Use block style `test_run`
+ 'audit:acceptance' # Could be done at the integration (or unit) layer though
+ # actual changing of resources could irreparably damage a
+ # host running this, or require special permissions.
+
+confine :except, :platform => ['windows']
+
+auth_keys = '~/.ssh/authorized_keys'
+name = "pl#{rand(999999).to_i}"
+
+agents.each do |agent|
+ teardown do
+ #(teardown) restore the #{auth_keys} file
+ on(agent, "mv /tmp/auth_keys #{auth_keys}", :acceptable_exit_codes => [0,1])
+ end
+
+ #------- SETUP -------#
+ step "(setup) backup #{auth_keys} file"
+ on(agent, "cp #{auth_keys} /tmp/auth_keys", :acceptable_exit_codes => [0,1])
+ on(agent, "chown $LOGNAME #{auth_keys}")
+
+ #------- TESTS -------#
+ step "create an authorized key entry with puppet (present)"
+ args = ['ensure=present',
+ "user=$LOGNAME",
+ "type='rsa'",
+ "key='mykey'",
+ ]
+ on(agent, puppet_resource('ssh_authorized_key', "#{name}", args))
+
+ step "verify entry in #{auth_keys}"
+ on(agent, "cat #{auth_keys}") do |res|
+ fail_test "didn't find the ssh_authorized_key for #{name}" unless stdout.include? "#{name}"
+ end
+
+end
diff --git a/spec/acceptance/tests/resource/ssh_authorized_key/destroy.rb b/spec/acceptance/tests/resource/ssh_authorized_key/destroy.rb
new file mode 100644
index 0000000..c80e967
--- /dev/null
+++ b/spec/acceptance/tests/resource/ssh_authorized_key/destroy.rb
@@ -0,0 +1,42 @@
+test_name "should delete an entry for an SSH authorized key"
+
+tag 'audit:medium',
+ 'audit:refactor', # Use block style `test_run`
+ 'audit:acceptance' # Could be done at the integration (or unit) layer though
+ # actual changing of resources could irreparably damage a
+ # host running this, or require special permissions.
+
+confine :except, :platform => ['windows']
+
+auth_keys = '~/.ssh/authorized_keys'
+name = "pl#{rand(999999).to_i}"
+
+agents.each do |agent|
+ teardown do
+ #(teardown) restore the #{auth_keys} file
+ on(agent, "mv /tmp/auth_keys #{auth_keys}", :acceptable_exit_codes => [0,1])
+ end
+
+ #------- SETUP -------#
+ step "(setup) backup #{auth_keys} file"
+ on(agent, "cp #{auth_keys} /tmp/auth_keys", :acceptable_exit_codes => [0,1])
+
+ step "(setup) create an authorized key in the #{auth_keys} file"
+ on(agent, "echo '' >> #{auth_keys} && echo 'ssh-rsa mykey #{name}' >> #{auth_keys}")
+ on(agent, "chown $LOGNAME #{auth_keys}")
+
+ #------- TESTS -------#
+ step "delete an authorized key entry with puppet (absent)"
+ args = ['ensure=absent',
+ "user=$LOGNAME",
+ "type='rsa'",
+ "key='mykey'",
+ ]
+ on(agent, puppet_resource('ssh_authorized_key', "#{name}", args))
+
+ step "verify entry deleted from #{auth_keys}"
+ on(agent, "cat #{auth_keys}") do |res|
+ fail_test "found the ssh_authorized_key for #{name}" if stdout.include? "#{name}"
+ end
+
+end
diff --git a/spec/acceptance/tests/resource/ssh_authorized_key/modify.rb b/spec/acceptance/tests/resource/ssh_authorized_key/modify.rb
new file mode 100644
index 0000000..0a50c31
--- /dev/null
+++ b/spec/acceptance/tests/resource/ssh_authorized_key/modify.rb
@@ -0,0 +1,43 @@
+test_name "should update an entry for an SSH authorized key"
+
+tag 'audit:medium',
+ 'audit:refactor', # Use block style `test_run`
+ 'audit:acceptance' # Could be done at the integration (or unit) layer though
+ # actual changing of resources could irreparably damage a
+ # host running this, or require special permissions.
+
+confine :except, :platform => ['windows']
+
+auth_keys = '~/.ssh/authorized_keys'
+name = "pl#{rand(999999).to_i}"
+
+agents.each do |agent|
+ teardown do
+ #(teardown) restore the #{auth_keys} file
+ on(agent, "mv /tmp/auth_keys #{auth_keys}", :acceptable_exit_codes => [0,1])
+ end
+
+ #------- SETUP -------#
+ step "(setup) backup #{auth_keys} file"
+ on(agent, "cp #{auth_keys} /tmp/auth_keys", :acceptable_exit_codes => [0,1])
+
+ step "(setup) create an authorized key in the #{auth_keys} file"
+ on(agent, "echo '' >> #{auth_keys} && echo 'ssh-rsa mykey #{name}' >> #{auth_keys}")
+ on(agent, "chown $LOGNAME #{auth_keys}")
+
+ #------- TESTS -------#
+ step "update an authorized key entry with puppet (present)"
+ args = ['ensure=present',
+ "user=$LOGNAME",
+ "type='rsa'",
+ "key='mynewshinykey'",
+ ]
+ on(agent, puppet_resource('ssh_authorized_key', "#{name}", args))
+
+ step "verify entry updated in #{auth_keys}"
+ on(agent, "cat #{auth_keys}") do |res|
+ fail_test "didn't find the updated key for #{name}" unless stdout.include? "mynewshinykey #{name}"
+ fail_test "Found old key mykey #{name}" if stdout.include? "mykey #{name}"
+ end
+
+end
diff --git a/spec/acceptance/tests/resource/ssh_authorized_key/query.rb b/spec/acceptance/tests/resource/ssh_authorized_key/query.rb
new file mode 100644
index 0000000..8caff85
--- /dev/null
+++ b/spec/acceptance/tests/resource/ssh_authorized_key/query.rb
@@ -0,0 +1,35 @@
+test_name "should be able to find an existing SSH authorized key"
+
+tag 'audit:medium',
+ 'audit:refactor', # Use block style `test_run`
+ 'audit:acceptance' # Could be done at the integration (or unit) layer though
+ # actual changing of resources could irreparably damage a
+ # host running this, or require special permissions.
+
+skip_test("This test is blocked by PUP-1605")
+
+confine :except, :platform => ['windows']
+
+auth_keys = '~/.ssh/authorized_keys'
+name = "pl#{rand(999999).to_i}"
+
+agents.each do |agent|
+ teardown do
+ #(teardown) restore the #{auth_keys} file
+ on(agent, "mv /tmp/auth_keys #{auth_keys}", :acceptable_exit_codes => [0,1])
+ end
+
+ #------- SETUP -------#
+ step "(setup) backup #{auth_keys} file"
+ on(agent, "cp #{auth_keys} /tmp/auth_keys", :acceptable_exit_codes => [0,1])
+
+ step "(setup) create an authorized key in the #{auth_keys} file"
+ on(agent, "echo '' >> #{auth_keys} && echo 'ssh-rsa mykey #{name}' >> #{auth_keys}")
+
+ #------- TESTS -------#
+ step "verify SSH authorized key query with puppet"
+ on(agent, puppet_resource('ssh_authorized_key', "/#{name}")) do |res|
+ fail_test "Didn't find the ssh_authorized_key for #{name}" unless stdout.include? "#{name}"
+ end
+
+end
diff --git a/spec/acceptance/tests/resource/sshkey/create.rb b/spec/acceptance/tests/resource/sshkey/create.rb
new file mode 100644
index 0000000..4e75379
--- /dev/null
+++ b/spec/acceptance/tests/resource/sshkey/create.rb
@@ -0,0 +1,77 @@
+test_name "(PUP-5508) Should add an SSH key to the correct ssh_known_hosts file on OS X/macOS" do
+# TestRail test case C93370
+
+tag 'audit:medium',
+ 'audit:acceptance' # Could be done at the integration (or unit) layer though
+ # actual changing of resources could irreparably damage a
+ # host running this, or require special permissions.
+
+confine :to, :platform => /osx/
+
+keyname = "pl#{rand(999999).to_i}"
+
+# FIXME: This is bletcherous
+macos_version = fact_on(agent, "os.macosx.version.major")
+if ["10.9","10.10"].include? macos_version
+ ssh_known_hosts = '/etc/ssh_known_hosts'
+else
+ ssh_known_hosts = '/etc/ssh/ssh_known_hosts'
+end
+
+teardown do
+ puts "Restore the #{ssh_known_hosts} file"
+ agents.each do |agent|
+ # Is it present?
+ rc = on(agent, "[ -e /tmp/ssh_known_hosts ]",
+ :accept_all_exit_codes => true)
+ if rc.exit_code == 0
+ # It's present, so restore the original
+ on(agent, "mv -fv /tmp/ssh_known_hosts #{ssh_known_hosts}",
+ :accept_all_exit_codes => true)
+ else
+ # It's missing, which means there wasn't one to backup; just
+ # delete the one we laid down
+ on(agent, "rm -fv #{ssh_known_hosts}",
+ :accept_all_exit_codes => true)
+ end
+ end
+end
+
+#------- SETUP -------#
+step "Backup #{ssh_known_hosts} file, if present" do
+ # The 'cp' might fail because the source file doesn't exist
+ on(agent, "cp -fv #{ssh_known_hosts} /tmp/ssh_known_hosts",
+ :acceptable_exit_codes => [0,1])
+end
+
+#------- TESTS -------#
+step 'Verify that the default file is empty or non-existent' do
+ # Is it even there?
+ rc = on(agent, "[ ! -e #{ssh_known_hosts} ]",
+ :acceptable_exit_codes => [0, 1])
+ if rc.exit_code == 1
+ # If it's there, it should be empty
+ on(agent, "cat #{ssh_known_hosts}") do |res|
+ fail_test "Default #{ssh_known_hosts} file not empty" \
+ unless stdout.empty?
+ end
+ end
+end
+
+step "Add an sshkey to the default file" do
+ args = [
+ "ensure=present",
+ "key=how_about_the_key_of_c",
+ "type=ssh-rsa",
+ ]
+ on(agent, puppet_resource("sshkey", "#{keyname}", args))
+end
+
+step 'Verify the new entry in the default file' do
+ on(agent, "cat #{ssh_known_hosts}") do |rc|
+ fail_test "Didn't find the ssh_known_host entry for #{keyname}" \
+ unless stdout.include? "#{keyname}"
+ end
+end
+
+end