diff options
| author | Ciprian Badescu <ciprian.badescu@puppet.com> | 2020-02-20 15:32:52 +0200 |
|---|---|---|
| committer | Ciprian Badescu <ciprian.badescu@puppet.com> | 2020-02-25 14:27:27 +0200 |
| commit | 92a734a6620fcc51691d60347e344f87ac801bde (patch) | |
| tree | 8309796c9485c084ec87cd84d26d17ecfb904213 /spec | |
| parent | 9f710d8e502b5bf2ca3d213d2bddea13f7a4b7b8 (diff) | |
| download | puppet-sshkeys_core-92a734a6620fcc51691d60347e344f87ac801bde.tar.gz puppet-sshkeys_core-92a734a6620fcc51691d60347e344f87ac801bde.tar.bz2 | |
(MODULES-7613) use name and type as composite namevar
After this modification it will be possible to add two or more keys
of different types for the same host
Diffstat (limited to 'spec')
7 files changed, 221 insertions, 20 deletions
diff --git a/spec/acceptance/tests/resource/ssh_authorized_key/destroy_spec.rb b/spec/acceptance/tests/resource/ssh_authorized_key/destroy_spec.rb index a491eb6..a4d49c1 100644 --- a/spec/acceptance/tests/resource/ssh_authorized_key/destroy_spec.rb +++ b/spec/acceptance/tests/resource/ssh_authorized_key/destroy_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper_acceptance' -RSpec.context 'sshkeys: Destroy' do +RSpec.context 'ssh_authorized_key: Destroy' do confine :except, platform: ['windows'] let(:auth_keys) { '~/.ssh/authorized_keys' } diff --git a/spec/acceptance/tests/resource/ssh_authorized_key/modify_spec.rb b/spec/acceptance/tests/resource/ssh_authorized_key/modify_spec.rb index 711d2fc..2f090fb 100644 --- a/spec/acceptance/tests/resource/ssh_authorized_key/modify_spec.rb +++ b/spec/acceptance/tests/resource/ssh_authorized_key/modify_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper_acceptance' -RSpec.context 'sshkeys: Modify' do +RSpec.context 'ssh_authorized_key: Modify' do let(:auth_keys) { '~/.ssh/authorized_keys' } let(:name) { "pl#{rand(999_999).to_i}" } let(:custom_key_directory) { "/etc/ssh_authorized_keys_#{name}" } diff --git a/spec/acceptance/tests/resource/sshkey/create_spec.rb b/spec/acceptance/tests/resource/sshkey/create_spec.rb index f6534b8..9b8f793 100644 --- a/spec/acceptance/tests/resource/sshkey/create_spec.rb +++ b/spec/acceptance/tests/resource/sshkey/create_spec.rb @@ -4,17 +4,10 @@ RSpec.context 'sshkeys: Create' do let(:keyname) { "pl#{rand(999_999).to_i}" } # FIXME: This is bletcherous - let(:macos_version) { fact_on(agent, 'os.macosx.version.major') } - let(:ssh_known_hosts) do - if ['10.9', '10.10'].include? macos_version - '/etc/ssh_known_hosts' - else - '/etc/ssh/ssh_known_hosts' - end - end + let(:ssh_known_hosts) { '/etc/ssh/ssh_known_hosts' } before(:each) do - osx_agents.each do |agent| + posix_agents.agents.each do |agent| # The 'cp' might fail because the source file doesn't exist on( agent, @@ -25,7 +18,7 @@ RSpec.context 'sshkeys: Create' do end after(:each) do - osx_agents.each do |agent| + posix_agents.each do |agent| # Is it present? rc = on( agent, @@ -51,8 +44,8 @@ RSpec.context 'sshkeys: Create' do end end - osx_agents.each do |agent| - it "#{agent} should add an SSH key to the correct ssh_known_hosts file on OS X/macOS (PUP-5508)" do + posix_agents.each do |agent| + it "#{agent} should add an SSH key to the correct ssh_known_hosts file (OS X/macOS - PUP-5508)" do # Is it even there? rc = on( agent, @@ -78,4 +71,37 @@ RSpec.context 'sshkeys: Create' do end end end + + posix_agents.each do |agent| + it "#{agent} should allow to add two different type keys for the same host" do + # Is it even there? + rc = on( + agent, + "[ ! -e #{ssh_known_hosts} ]", + acceptable_exit_codes: [0, 1], + ) + if rc.exit_code == 1 + # If it's there, it should be empty + on(agent, "cat #{ssh_known_hosts}") do |_res| + expect(stdout).to be_empty + end + end + on agent, puppet('apply'), stdin: <<MANIFEST + sshkey { '#{keyname}@ssh-rsa': + ensure => 'present', + key => 'how_about_the_rsa_key_of_c', + } + + sshkey { '#{keyname}@ssh-dss': + ensure => 'present', + key => 'how_about_the_dss_key_of_c', + } +MANIFEST + + on(agent, "cat #{ssh_known_hosts}") do |_rc| + expect(stdout).to include("#{keyname} ssh-rsa") + expect(stdout).to include("#{keyname} ssh-dss") + end + end + end end diff --git a/spec/acceptance/tests/resource/sshkey/destroy_spec.rb b/spec/acceptance/tests/resource/sshkey/destroy_spec.rb new file mode 100644 index 0000000..11a1f10 --- /dev/null +++ b/spec/acceptance/tests/resource/sshkey/destroy_spec.rb @@ -0,0 +1,74 @@ +require 'spec_helper_acceptance' + +RSpec.context 'sshkeys: Destroy' do + let(:keyname) { "pl#{rand(999_999).to_i}" } + + # FIXME: This is bletcherous + let(:ssh_known_hosts) { '/etc/ssh/ssh_known_hosts' } + + before(:each) do + posix_agents.agents.each do |agent| + # The 'cp' might fail because the source file doesn't exist + on( + agent, + "cp -fv #{ssh_known_hosts} /tmp/ssh_known_hosts", + acceptable_exit_codes: [0, 1], + ) + cmd = <<-CMD +echo '' > #{ssh_known_hosts} +echo '#{keyname} ssh-rsa how_about_the_initial_rsa_key_of_c' >> #{ssh_known_hosts} +echo '#{keyname} ssh-dss how_about_the_initial_dss_key_of_c' >> #{ssh_known_hosts} +CMD + on(agent, cmd) + end + end + + after(:each) do + posix_agents.each do |agent| + # Is it present? + rc = on( + agent, + '[ -e /tmp/ssh_known_hosts ]', + accept_all_exit_codes: true, + ) + if rc.exit_code == 0 + # It's present, so restore the original + on( + agent, + "mv -fv /tmp/ssh_known_hosts #{ssh_known_hosts}", + accept_all_exit_codes: true, + ) + else + # It's missing, which means there wasn't one to backup; just + # delete the one we laid down + on( + agent, + "rm -fv #{ssh_known_hosts}", + accept_all_exit_codes: true, + ) + end + end + end + + posix_agents.each do |agent| + it "#{agent} should delete an rsa entry for an SSH known host key" do + args = ['ensure=absent', + "type='rsa'"] + on(agent, puppet_resource('sshkey', keyname.to_s, args)) + + on(agent, "cat #{ssh_known_hosts}") do |_res| + expect(stdout).not_to include('how_about_the_initial_rsa_key_of_c') + end + end + + it "#{agent} should delete an dss entry for an SSH known host key" do + args = ['ensure=absent', + "type='ssh-dss'"] + on(agent, puppet_resource('sshkey', keyname.to_s, args)) + + on(agent, "cat #{ssh_known_hosts}") do |_res| + expect(stdout).not_to include('how_about_the_initial_dss_key_of_c') + end + end + end +end diff --git a/spec/acceptance/tests/resource/sshkey/modify_spec.rb b/spec/acceptance/tests/resource/sshkey/modify_spec.rb new file mode 100644 index 0000000..92c0a9f --- /dev/null +++ b/spec/acceptance/tests/resource/sshkey/modify_spec.rb @@ -0,0 +1,78 @@ +require 'spec_helper_acceptance' + +RSpec.context 'sshkeys: Modify' do + let(:keyname) { "pl#{rand(999_999).to_i}" } + + # FIXME: This is bletcherous + let(:ssh_known_hosts) { '/etc/ssh/ssh_known_hosts' } + + before(:each) do + posix_agents.agents.each do |agent| + # The 'cp' might fail because the source file doesn't exist + on( + agent, + "cp -fv #{ssh_known_hosts} /tmp/ssh_known_hosts", + acceptable_exit_codes: [0, 1], + ) + cmd = <<-CMD +echo '' > #{ssh_known_hosts} +echo '#{keyname} ssh-rsa how_about_the_initial_rsa_key_of_c' >> #{ssh_known_hosts} +echo '#{keyname} ssh-dss how_about_the_initial_dss_key_of_c' >> #{ssh_known_hosts} +CMD + on(agent, cmd) + end + end + + after(:each) do + posix_agents.each do |agent| + # Is it present? + rc = on( + agent, + '[ -e /tmp/ssh_known_hosts ]', + accept_all_exit_codes: true, + ) + if rc.exit_code == 0 + # It's present, so restore the original + on( + agent, + "mv -fv /tmp/ssh_known_hosts #{ssh_known_hosts}", + accept_all_exit_codes: true, + ) + else + # It's missing, which means there wasn't one to backup; just + # delete the one we laid down + on( + agent, + "rm -fv #{ssh_known_hosts}", + accept_all_exit_codes: true, + ) + end + end + end + + posix_agents.each do |agent| + it "#{agent} should update an rsa entry for an SSH known host key" do + args = ['ensure=present', + "type='rsa'", + "key='how_about_the_updated_rsa_key_of_c'"] + on(agent, puppet_resource('sshkey', keyname.to_s, args)) + + on(agent, "cat #{ssh_known_hosts}") do |_res| + expect(stdout).to include('how_about_the_updated_rsa_key_of_c') + expect(stdout).not_to include('how_about_the_initial_rsa_key_of_c') + end + end + + it "#{agent} should update an dss entry for an SSH known host key" do + args = ['ensure=present', + "type='ssh-dss'", + "key='how_about_the_updated_dss_key_of_c'"] + on(agent, puppet_resource('sshkey', keyname.to_s, args)) + + on(agent, "cat #{ssh_known_hosts}") do |_res| + expect(stdout).to include('how_about_the_updated_dss_key_of_c') + expect(stdout).not_to include('how_about_the_initial_dss_key_of_c') + end + end + end +end diff --git a/spec/integration/provider/sshkey_spec.rb b/spec/integration/provider/sshkey_spec.rb index 4a3bf87..5f30db1 100644 --- a/spec/integration/provider/sshkey_spec.rb +++ b/spec/integration/provider/sshkey_spec.rb @@ -52,9 +52,29 @@ describe Puppet::Type.type(:sshkey).provider(:parsed), unless: Puppet.features.m expect(File.read(sshkey_file)).to match(%r{#{super_unique}.*mykey}) end + it 'creates two SSH host key entries with two keys (ensure present)' do + manifest = " + #{type_under_test} { '#{super_unique}_rsa': + ensure => 'present', + type => 'rsa', + name => '#{super_unique}', + key => 'myrsakey', + target => '#{sshkey_file}', } + #{type_under_test} { '#{super_unique}_dss': + ensure => 'present', + type => 'ssh-dss', + name => '#{super_unique}', + key => 'mydsskey', + target => '#{sshkey_file}' }" + apply_with_error_check(manifest) + expect(File.read(sshkey_file)).to match(%r{#{super_unique}.*myrsakey}) + expect(File.read(sshkey_file)).to match(%r{#{super_unique}.*mydsskey}) + end + it 'deletes an entry for an SSH host key' do manifest = "#{type_under_test} { '#{sshkey_name}': ensure => 'absent', + type => 'rsa', target => '#{sshkey_file}' }" apply_with_error_check(manifest) expect(File.read(sshkey_file)).not_to match(%r{#{sshkey_name}.*Yqk0=}) @@ -121,6 +141,7 @@ describe Puppet::Type.type(:sshkey).provider(:parsed), unless: Puppet.features.m it 'updates an entry with a single new host_alias' do manifest = "#{type_under_test} { '#{sshkey_name}': ensure => 'present', + type => 'rsa', host_aliases => '#{host_alias}', target => '#{sshkey_file}' }" apply_with_error_check(manifest) @@ -132,6 +153,7 @@ describe Puppet::Type.type(:sshkey).provider(:parsed), unless: Puppet.features.m it 'updates an entry with multiple new host_aliases' do manifest = "#{type_under_test} { '#{sshkey_name}': ensure => 'present', + type => 'rsa', host_aliases => [ 'r0ckdata.com', 'erict.net' ], target => '#{sshkey_file}' }" apply_with_error_check(manifest) diff --git a/spec/unit/type/sshkey_spec.rb b/spec/unit/type/sshkey_spec.rb index 452610e..680d9ec 100644 --- a/spec/unit/type/sshkey_spec.rb +++ b/spec/unit/type/sshkey_spec.rb @@ -1,18 +1,19 @@ require 'spec_helper' +require 'pry' describe Puppet::Type.type(:sshkey) do - it 'uses :name as its namevar' do - expect(described_class.key_attributes).to eq [:name] + it 'uses :name and :type as its namevar' do + expect(described_class.key_attributes).to eq [:type, :name] end describe 'when validating attributes' do - [:name, :provider].each do |param| + [:name, :provider, :type].each do |param| it "has a #{param} parameter" do expect(described_class.attrtype(param)).to eq :param end end - [:host_aliases, :ensure, :key, :type].each do |property| + [:host_aliases, :ensure, :key].each do |property| it "has a #{property} property" do expect(described_class.attrtype(property)).to eq :property end @@ -35,12 +36,12 @@ describe Puppet::Type.type(:sshkey) do it 'aliases :rsa to :ssh-rsa' do key = described_class.new(name: 'foo', type: :rsa) - expect(key.should(:type)).to eq :'ssh-rsa' + expect(key.parameter(:type).value).to eq :'ssh-rsa' end it 'aliases :dsa to :ssh-dss' do key = described_class.new(name: 'foo', type: :dsa) - expect(key.should(:type)).to eq :'ssh-dss' + expect(key.parameter(:type).value).to eq :'ssh-dss' end it "doesn't support values other than ssh-dss, ssh-rsa, dsa, rsa for type" do |