diff options
-rw-r--r-- | spec/fixtures/unit/type/user/authorized_keys | 6 | ||||
-rw-r--r-- | spec/unit/type/user_spec.rb | 145 |
2 files changed, 151 insertions, 0 deletions
diff --git a/spec/fixtures/unit/type/user/authorized_keys b/spec/fixtures/unit/type/user/authorized_keys new file mode 100644 index 0000000..d58c620 --- /dev/null +++ b/spec/fixtures/unit/type/user/authorized_keys @@ -0,0 +1,6 @@ +# fixture for testing ssh key purging + +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTXvM7AslzjNUYrPLiNVBsF5VnqL2RmqrkzscdVdHzVxvieNwmLGeUkg8EfXPiz7j5F/Lr0J8oItTCWzyN2KmM+DhUMjvP4AbELO/VYbnVrZICRiUNYSO3EN9/uapKAuiev88d7ynbonCU0VZoTPg/ug4OondOrLCtcGri5ltF+mausGfAYiFAQVEWqXV+1tyejoawJ884etb3n4ilpsrH9JK6AtOkEWVD3TDrNi29O1mQQ/Cn88g472zAJ+DhsIn+iehtfX5nmOtDNN/1t1bGMIBzkSYEAYwUiRJbRXvbobT7qKZQPA3dh0m8AYQS5/hd4/c4pmlxL8kgr24SnBY5 key1 name +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTXvM7AslzjNUYrPLiNVBsF5VnqL2RmqrkzscdVdHzVxvieNwmLGeUkg8EfXPiz7j5F/Lr0J8oItTCWzyN2KmM+DhUMjvP4AbELO/VYbnVrZICRiUNYSO3EN9/uapKAuiev88d7ynbonCU0VZoTPg/ug4OondOrLCtcGri5ltF+mausGfAYiFAQVEWqXV+1tyejoawJ884etb3n4ilpsrH9JK6AtOkEWVD3TDrNi29O1mQQ/Cn88g472zAJ+DhsIn+iehtfX5nmOtDNN/1t1bGMIBzkSYEAYwUiRJbRXvbobT7qKZQPA3dh0m8AYQS5/hd4/c4pmlxL8kgr24SnBY5 keyname2 +#ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTXvM7AslzjNUYrPLiNVBsF5VnqL2RmqrkzscdVdHzVxvieNwmLGeUkg8EfXPiz7j5F/Lr0J8oItTCWzyN2KmM+DhUMjvP4AbELO/VYbnVrZICRiUNYSO3EN9/uapKAuiev88d7ynbonCU0VZoTPg/ug4OondOrLCtcGri5ltF+mausGfAYiFAQVEWqXV+1tyejoawJ884etb3n4ilpsrH9JK6AtOkEWVD3TDrNi29O1mQQ/Cn88g472zAJ+DhsIn+iehtfX5nmOtDNN/1t1bGMIBzkSYEAYwUiRJbRXvbobT7qKZQPA3dh0m8AYQS5/hd4/c4pmlxL8kgr24SnBY5 keyname3 +ssh-rsa KEY-WITH-NO-NAME diff --git a/spec/unit/type/user_spec.rb b/spec/unit/type/user_spec.rb new file mode 100644 index 0000000..122434f --- /dev/null +++ b/spec/unit/type/user_spec.rb @@ -0,0 +1,145 @@ +# encoding: UTF-8 + +require 'spec_helper' + +describe Puppet::Type.type(:user) do + let(:provider_class) do + described_class.provide(:simple) do + has_features :manages_expiry, :manages_password_age, :manages_passwords, :manages_solaris_rbac, :manages_shell + mk_resource_methods + + def create; end + + def delete; end + + def exists? + get(:ensure) != :absent + end + + def flush; end + + def self.instances + [] + end + end + end + + before :each do + described_class.stubs(:defaultprovider).returns provider_class + end + + describe 'when purging ssh keys' do + it 'does not accept a keyfile with a relative path' do + expect { + described_class.new(name: 'a', purge_ssh_keys: 'keys') + }.to raise_error(Puppet::Error, %r{Paths to keyfiles must be absolute, not keys}) + end + + context 'with a home directory specified' do + it 'accepts true' do + described_class.new(name: 'a', home: '/tmp', purge_ssh_keys: true) + end + + it 'accepts the ~ wildcard' do + described_class.new(name: 'a', home: '/tmp', purge_ssh_keys: '~/keys') + end + + it 'accepts the %h wildcard' do + described_class.new(name: 'a', home: '/tmp', purge_ssh_keys: '%h/keys') + end + + it 'raises when given a relative path' do + expect { + described_class.new(name: 'a', home: '/tmp', purge_ssh_keys: 'keys') + }.to raise_error(Puppet::Error, %r{Paths to keyfiles must be absolute}) + end + end + + context 'with no home directory specified' do + it 'does not accept true' do + expect { + described_class.new(name: 'a', purge_ssh_keys: true) + }.to raise_error(Puppet::Error, %r{purge_ssh_keys can only be true for users with a defined home directory}) + end + + it 'does not accept the ~ wildcard' do + expect { + described_class.new(name: 'a', purge_ssh_keys: '~/keys') + }.to raise_error(Puppet::Error, %r{meta character ~ or %h only allowed for users with a defined home directory}) + end + + it 'does not accept the %h wildcard' do + expect { + described_class.new(name: 'a', purge_ssh_keys: '%h/keys') + }.to raise_error(Puppet::Error, %r{meta character ~ or %h only allowed for users with a defined home directory}) + end + end + + context 'with a valid parameter' do + subject do + res = described_class.new(name: 'test', purge_ssh_keys: paths) + res.catalog = Puppet::Resource::Catalog.new + res + end + + let(:paths) do + ['/dev/null', '/tmp/keyfile'].map { |path| File.expand_path(path) } + end + + it 'does not just return from generate' do + subject.expects :find_unmanaged_keys + subject.generate + end + + it 'checks each keyfile for readability' do + paths.each do |path| + File.expects(:readable?).with(path) + end + subject.generate + end + end + + describe 'generated keys' do + subject do + res = described_class.new(name: 'test_user_name', purge_ssh_keys: purge_param) + res.catalog = Puppet::Resource::Catalog.new + res + end + + context 'when purging is disabled' do + let(:purge_param) { false } + + it 'has an empty generate' do + expect(subject.generate).to be_empty + end + end + + context 'when purging is enabled' do + let(:purge_param) { File.expand_path(my_fixture('authorized_keys')) } + let(:resources) { subject.generate } + + it 'contains a resource for each key' do + names = resources.map { |res| res.name } + expect(names).to include('key1 name') + expect(names).to include('keyname2') + end + + it 'does not include keys in comment lines' do + names = resources.map { |res| res.name } + expect(names).not_to include('keyname3') + end + + it 'generates names for unnamed keys' do + names = resources.map { |res| res.name } + fixture_path = File.expand_path(File.join(my_fixture_dir, 'authorized_keys')) + expect(names).to include("#{fixture_path}:unnamed-1") + end + + it 'has a value for the user property on each resource' do + resource_users = resources.map { |res| res[:user] }.reject { |user_name| user_name == 'test_user_name' } + expect(resource_users).to be_empty + end + end + end + end +end |