diff options
Diffstat (limited to 'spec/acceptance/tests')
5 files changed, 236 insertions, 0 deletions
diff --git a/spec/acceptance/tests/resource/ssh_authorized_key/create.rb b/spec/acceptance/tests/resource/ssh_authorized_key/create.rb new file mode 100644 index 0000000..6b4c879 --- /dev/null +++ b/spec/acceptance/tests/resource/ssh_authorized_key/create.rb @@ -0,0 +1,39 @@ +test_name "should create an entry for an SSH authorized key" + +tag 'audit:medium', + 'audit:refactor', # Use block style `test_run` + 'audit:acceptance' # Could be done at the integration (or unit) layer though + # actual changing of resources could irreparably damage a + # host running this, or require special permissions. + +confine :except, :platform => ['windows'] + +auth_keys = '~/.ssh/authorized_keys' +name = "pl#{rand(999999).to_i}" + +agents.each do |agent| + teardown do + #(teardown) restore the #{auth_keys} file + on(agent, "mv /tmp/auth_keys #{auth_keys}", :acceptable_exit_codes => [0,1]) + end + + #------- SETUP -------# + step "(setup) backup #{auth_keys} file" + on(agent, "cp #{auth_keys} /tmp/auth_keys", :acceptable_exit_codes => [0,1]) + on(agent, "chown $LOGNAME #{auth_keys}") + + #------- TESTS -------# + step "create an authorized key entry with puppet (present)" + args = ['ensure=present', + "user=$LOGNAME", + "type='rsa'", + "key='mykey'", + ] + on(agent, puppet_resource('ssh_authorized_key', "#{name}", args)) + + step "verify entry in #{auth_keys}" + on(agent, "cat #{auth_keys}") do |res| + fail_test "didn't find the ssh_authorized_key for #{name}" unless stdout.include? "#{name}" + end + +end diff --git a/spec/acceptance/tests/resource/ssh_authorized_key/destroy.rb b/spec/acceptance/tests/resource/ssh_authorized_key/destroy.rb new file mode 100644 index 0000000..c80e967 --- /dev/null +++ b/spec/acceptance/tests/resource/ssh_authorized_key/destroy.rb @@ -0,0 +1,42 @@ +test_name "should delete an entry for an SSH authorized key" + +tag 'audit:medium', + 'audit:refactor', # Use block style `test_run` + 'audit:acceptance' # Could be done at the integration (or unit) layer though + # actual changing of resources could irreparably damage a + # host running this, or require special permissions. + +confine :except, :platform => ['windows'] + +auth_keys = '~/.ssh/authorized_keys' +name = "pl#{rand(999999).to_i}" + +agents.each do |agent| + teardown do + #(teardown) restore the #{auth_keys} file + on(agent, "mv /tmp/auth_keys #{auth_keys}", :acceptable_exit_codes => [0,1]) + end + + #------- SETUP -------# + step "(setup) backup #{auth_keys} file" + on(agent, "cp #{auth_keys} /tmp/auth_keys", :acceptable_exit_codes => [0,1]) + + step "(setup) create an authorized key in the #{auth_keys} file" + on(agent, "echo '' >> #{auth_keys} && echo 'ssh-rsa mykey #{name}' >> #{auth_keys}") + on(agent, "chown $LOGNAME #{auth_keys}") + + #------- TESTS -------# + step "delete an authorized key entry with puppet (absent)" + args = ['ensure=absent', + "user=$LOGNAME", + "type='rsa'", + "key='mykey'", + ] + on(agent, puppet_resource('ssh_authorized_key', "#{name}", args)) + + step "verify entry deleted from #{auth_keys}" + on(agent, "cat #{auth_keys}") do |res| + fail_test "found the ssh_authorized_key for #{name}" if stdout.include? "#{name}" + end + +end diff --git a/spec/acceptance/tests/resource/ssh_authorized_key/modify.rb b/spec/acceptance/tests/resource/ssh_authorized_key/modify.rb new file mode 100644 index 0000000..0a50c31 --- /dev/null +++ b/spec/acceptance/tests/resource/ssh_authorized_key/modify.rb @@ -0,0 +1,43 @@ +test_name "should update an entry for an SSH authorized key" + +tag 'audit:medium', + 'audit:refactor', # Use block style `test_run` + 'audit:acceptance' # Could be done at the integration (or unit) layer though + # actual changing of resources could irreparably damage a + # host running this, or require special permissions. + +confine :except, :platform => ['windows'] + +auth_keys = '~/.ssh/authorized_keys' +name = "pl#{rand(999999).to_i}" + +agents.each do |agent| + teardown do + #(teardown) restore the #{auth_keys} file + on(agent, "mv /tmp/auth_keys #{auth_keys}", :acceptable_exit_codes => [0,1]) + end + + #------- SETUP -------# + step "(setup) backup #{auth_keys} file" + on(agent, "cp #{auth_keys} /tmp/auth_keys", :acceptable_exit_codes => [0,1]) + + step "(setup) create an authorized key in the #{auth_keys} file" + on(agent, "echo '' >> #{auth_keys} && echo 'ssh-rsa mykey #{name}' >> #{auth_keys}") + on(agent, "chown $LOGNAME #{auth_keys}") + + #------- TESTS -------# + step "update an authorized key entry with puppet (present)" + args = ['ensure=present', + "user=$LOGNAME", + "type='rsa'", + "key='mynewshinykey'", + ] + on(agent, puppet_resource('ssh_authorized_key', "#{name}", args)) + + step "verify entry updated in #{auth_keys}" + on(agent, "cat #{auth_keys}") do |res| + fail_test "didn't find the updated key for #{name}" unless stdout.include? "mynewshinykey #{name}" + fail_test "Found old key mykey #{name}" if stdout.include? "mykey #{name}" + end + +end diff --git a/spec/acceptance/tests/resource/ssh_authorized_key/query.rb b/spec/acceptance/tests/resource/ssh_authorized_key/query.rb new file mode 100644 index 0000000..8caff85 --- /dev/null +++ b/spec/acceptance/tests/resource/ssh_authorized_key/query.rb @@ -0,0 +1,35 @@ +test_name "should be able to find an existing SSH authorized key" + +tag 'audit:medium', + 'audit:refactor', # Use block style `test_run` + 'audit:acceptance' # Could be done at the integration (or unit) layer though + # actual changing of resources could irreparably damage a + # host running this, or require special permissions. + +skip_test("This test is blocked by PUP-1605") + +confine :except, :platform => ['windows'] + +auth_keys = '~/.ssh/authorized_keys' +name = "pl#{rand(999999).to_i}" + +agents.each do |agent| + teardown do + #(teardown) restore the #{auth_keys} file + on(agent, "mv /tmp/auth_keys #{auth_keys}", :acceptable_exit_codes => [0,1]) + end + + #------- SETUP -------# + step "(setup) backup #{auth_keys} file" + on(agent, "cp #{auth_keys} /tmp/auth_keys", :acceptable_exit_codes => [0,1]) + + step "(setup) create an authorized key in the #{auth_keys} file" + on(agent, "echo '' >> #{auth_keys} && echo 'ssh-rsa mykey #{name}' >> #{auth_keys}") + + #------- TESTS -------# + step "verify SSH authorized key query with puppet" + on(agent, puppet_resource('ssh_authorized_key', "/#{name}")) do |res| + fail_test "Didn't find the ssh_authorized_key for #{name}" unless stdout.include? "#{name}" + end + +end diff --git a/spec/acceptance/tests/resource/sshkey/create.rb b/spec/acceptance/tests/resource/sshkey/create.rb new file mode 100644 index 0000000..4e75379 --- /dev/null +++ b/spec/acceptance/tests/resource/sshkey/create.rb @@ -0,0 +1,77 @@ +test_name "(PUP-5508) Should add an SSH key to the correct ssh_known_hosts file on OS X/macOS" do +# TestRail test case C93370 + +tag 'audit:medium', + 'audit:acceptance' # Could be done at the integration (or unit) layer though + # actual changing of resources could irreparably damage a + # host running this, or require special permissions. + +confine :to, :platform => /osx/ + +keyname = "pl#{rand(999999).to_i}" + +# FIXME: This is bletcherous +macos_version = fact_on(agent, "os.macosx.version.major") +if ["10.9","10.10"].include? macos_version + ssh_known_hosts = '/etc/ssh_known_hosts' +else + ssh_known_hosts = '/etc/ssh/ssh_known_hosts' +end + +teardown do + puts "Restore the #{ssh_known_hosts} file" + agents.each do |agent| + # Is it present? + rc = on(agent, "[ -e /tmp/ssh_known_hosts ]", + :accept_all_exit_codes => true) + if rc.exit_code == 0 + # It's present, so restore the original + on(agent, "mv -fv /tmp/ssh_known_hosts #{ssh_known_hosts}", + :accept_all_exit_codes => true) + else + # It's missing, which means there wasn't one to backup; just + # delete the one we laid down + on(agent, "rm -fv #{ssh_known_hosts}", + :accept_all_exit_codes => true) + end + end +end + +#------- SETUP -------# +step "Backup #{ssh_known_hosts} file, if present" do + # The 'cp' might fail because the source file doesn't exist + on(agent, "cp -fv #{ssh_known_hosts} /tmp/ssh_known_hosts", + :acceptable_exit_codes => [0,1]) +end + +#------- TESTS -------# +step 'Verify that the default file is empty or non-existent' do + # Is it even there? + rc = on(agent, "[ ! -e #{ssh_known_hosts} ]", + :acceptable_exit_codes => [0, 1]) + if rc.exit_code == 1 + # If it's there, it should be empty + on(agent, "cat #{ssh_known_hosts}") do |res| + fail_test "Default #{ssh_known_hosts} file not empty" \ + unless stdout.empty? + end + end +end + +step "Add an sshkey to the default file" do + args = [ + "ensure=present", + "key=how_about_the_key_of_c", + "type=ssh-rsa", + ] + on(agent, puppet_resource("sshkey", "#{keyname}", args)) +end + +step 'Verify the new entry in the default file' do + on(agent, "cat #{ssh_known_hosts}") do |rc| + fail_test "Didn't find the ssh_known_host entry for #{keyname}" \ + unless stdout.include? "#{keyname}" + end +end + +end |