From 77f63f04b407dce25f2f5533601075c580a9d727 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Thu, 6 Aug 2020 20:25:21 +0200 Subject: (MODULES-10765) Implement ssh-rsa-cert-v01@openssh.com support --- lib/puppet/type/ssh_authorized_key.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/puppet/type/ssh_authorized_key.rb b/lib/puppet/type/ssh_authorized_key.rb index 953b1a6..2cc7a33 100644 --- a/lib/puppet/type/ssh_authorized_key.rb +++ b/lib/puppet/type/ssh_authorized_key.rb @@ -63,7 +63,7 @@ module Puppet desc 'The encryption type used.' newvalues :'ssh-dss', :'ssh-rsa', :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521', :'ssh-ed25519', - :'sk-ecdsa-sha2-nistp256@openssh.com', :'sk-ssh-ed25519@openssh.com' + :'sk-ecdsa-sha2-nistp256@openssh.com', :'sk-ssh-ed25519@openssh.com', :'ssh-rsa-cert-v01@openssh.com' aliasvalue(:dsa, :'ssh-dss') aliasvalue(:ed25519, :'ssh-ed25519') @@ -164,7 +164,8 @@ module Puppet # regular expression suitable for use by a ParsedFile based provider REGEX = %r{^(?:(.+)\s+)?(ssh-dss|ssh-ed25519|ssh-rsa|ecdsa-sha2-nistp256| ecdsa-sha2-nistp384|ecdsa-sha2-nistp521|ecdsa-sk|ed25519-sk| - sk-ecdsa-sha2-nistp256@openssh.com|sk-ssh-ed25519@openssh.com)\s+([^ ]+)\s*(.*)$}x + sk-ecdsa-sha2-nistp256@openssh.com|sk-ssh-ed25519@openssh.com| + ssh-rsa-cert-v01@openssh.com)\s+([^ ]+)\s*(.*)$}x def self.keyline_regex REGEX end -- cgit v1.2.3 From 1e31895d63571ec2752a6faf2d9515ea4ce1c816 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Thu, 6 Aug 2020 21:13:53 +0200 Subject: (MODULES-10765) Implement ssh-ed25519-cert-v01@openssh.com support --- lib/puppet/type/ssh_authorized_key.rb | 5 +++-- spec/unit/type/ssh_authorized_key_spec.rb | 9 ++++++++- 2 files changed, 11 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/puppet/type/ssh_authorized_key.rb b/lib/puppet/type/ssh_authorized_key.rb index 2cc7a33..483fb51 100644 --- a/lib/puppet/type/ssh_authorized_key.rb +++ b/lib/puppet/type/ssh_authorized_key.rb @@ -63,7 +63,8 @@ module Puppet desc 'The encryption type used.' newvalues :'ssh-dss', :'ssh-rsa', :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521', :'ssh-ed25519', - :'sk-ecdsa-sha2-nistp256@openssh.com', :'sk-ssh-ed25519@openssh.com', :'ssh-rsa-cert-v01@openssh.com' + :'sk-ecdsa-sha2-nistp256@openssh.com', :'sk-ssh-ed25519@openssh.com', :'ssh-rsa-cert-v01@openssh.com', + :'ssh-ed25519-cert-v01@openssh.com' aliasvalue(:dsa, :'ssh-dss') aliasvalue(:ed25519, :'ssh-ed25519') @@ -165,7 +166,7 @@ module Puppet REGEX = %r{^(?:(.+)\s+)?(ssh-dss|ssh-ed25519|ssh-rsa|ecdsa-sha2-nistp256| ecdsa-sha2-nistp384|ecdsa-sha2-nistp521|ecdsa-sk|ed25519-sk| sk-ecdsa-sha2-nistp256@openssh.com|sk-ssh-ed25519@openssh.com| - ssh-rsa-cert-v01@openssh.com)\s+([^ ]+)\s*(.*)$}x + ssh-rsa-cert-v01@openssh.com|ssh-ed25519-cert-v01@openssh.com)\s+([^ ]+)\s*(.*)$}x def self.keyline_regex REGEX end diff --git a/spec/unit/type/ssh_authorized_key_spec.rb b/spec/unit/type/ssh_authorized_key_spec.rb index b4017ba..164fb05 100644 --- a/spec/unit/type/ssh_authorized_key_spec.rb +++ b/spec/unit/type/ssh_authorized_key_spec.rb @@ -88,7 +88,8 @@ describe Puppet::Type.type(:ssh_authorized_key), unless: Puppet.features.microso :ed25519, :'ssh-ed25519', :'ecdsa-sk', :'sk-ecdsa-sha2-nistp256@openssh.com', :'ed25519-sk', :'sk-ssh-ed25519@openssh.com', - :'ssh-rsa-cert-v01@openssh.com' + :'ssh-rsa-cert-v01@openssh.com', + :'ssh-ed25519-cert-v01@openssh.com' ].each do |keytype| it "supports #{keytype}" do described_class.new(name: 'whev', type: keytype, user: 'nobody') @@ -144,6 +145,12 @@ describe Puppet::Type.type(:ssh_authorized_key), unless: Puppet.features.microso expect { described_class.new(name: 'bastelfreakwashere', type: :'ssh-rsa-cert-v01@openssh.com', user: 'opensshrulez', key: 'AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg07B03uArzrZbW5YYiH8y+mT5NNjbKOfDVz13rBPyiDAAAAADAQABAAABgQCltzNwldRtt+sn0EXx9IMPeeoGRQUpOD2KyLW7BfJSf+40SJnsVE4MkuH1WiJnow9nwhTMtBEIkx7ocqw6bBXxrXmnqMV50DbLYZiEVz1UDRdXx5RMnNb3bbmmsyf/doNeyDjiIHAwNM4cSyUppTwLw3sU/YcdeNSBbFcUDt5dJpZw6OjiD+V3OTdvpbmBeG7sftNM6871SRmNyc2T79bwG0QxBd1XMMwgK8ZjRkCPDLVl63Jy1vbV00mT65Gd+2enSC9Lb63XHS9ixZQ+vPqn9cw8ESNq3M3tNMvLUj4HdjopaEO8CAMMIjXWIJz8oOPUGWu2oFkSpWAo9r/lW+ox6s1QGbjp0l86Ve9KybHpaVKkWn9wJUDqcF04n82PHYJFs0srn397iN5FC/DHpviEBmT/GAzLeqnslf2f9lGXA/UleVE6fI3WUwlzcEgIy6rrozxh4lEPe7f5CqDIkjv6cIrid9StzqBPQE7U10yjlr/U3EKYajv5Il7gIg/qRaMAAAAAAAAAAAAAAAIAAAAQaG9zdC5leGFtcGxlLmNvbQAAABQAAAAQaG9zdC5leGFtcGxlLmNvbQAAAABfLFAkAAAAAGEMMoEAAAAAAAAAAAAAAAAAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQCltzNwldRtt+sn0EXx9IMPeeoGRQUpOD2KyLW7BfJSf+40SJnsVE4MkuH1WiJnow9nwhTMtBEIkx7ocqw6bBXxrXmnqMV50DbLYZiEVz1UDRdXx5RMnNb3bbmmsyf/doNeyDjiIHAwNM4cSyUppTwLw3sU/YcdeNSBbFcUDt5dJpZw6OjiD+V3OTdvpbmBeG7sftNM6871SRmNyc2T79bwG0QxBd1XMMwgK8ZjRkCPDLVl63Jy1vbV00mT65Gd+2enSC9Lb63XHS9ixZQ+vPqn9cw8ESNq3M3tNMvLUj4HdjopaEO8CAMMIjXWIJz8oOPUGWu2oFkSpWAo9r/lW+ox6s1QGbjp0l86Ve9KybHpaVKkWn9wJUDqcF04n82PHYJFs0srn397iN5FC/DHpviEBmT/GAzLeqnslf2f9lGXA/UleVE6fI3WUwlzcEgIy6rrozxh4lEPe7f5CqDIkjv6cIrid9StzqBPQE7U10yjlr/U3EKYajv5Il7gIg/qRaMAAAGUAAAADHJzYS1zaGEyLTUxMgAAAYAdrQYxs/y/eYGBLQJIDQkCN5MumF3s14rpivxdkow6hc3fClLiVF0KE8viyENPpYmhUMOPFqpm/acCz9ueP1kigHw1P8la2E7FFDyAOveD8qLE+y2MigjRq1ZGzc8C4mjZutA3v+MO2Jxa+X9ZBs99wYDfAsD/3LeNFQfHJK7PlxZCFF//ZOkOfR3nLHyIWF1XHLzZlXgM5pQbsrrZF2I0VCU+BhsBI0gBrmvSflEgBlZqCipChGPBaRybK+OLa4rUq+HzCnHsaJ3KMri8aN5TMlMd2tZPq3ZaaaBRgg67nqm7B76c0kBI9vApB4KvvPxReJTAL9YUMXRzrNLSxbraQXhx8JYKEyIad1o4TXqKZBj+qzpR0L+w8RGkNZ+OhJiisP5WMuR1oTgZNPqNYDmpU84GAnzXgdjR5NpTxneQPRGD8SfRC+RsNqI5Vs5J5n5Ap5MoqlttiY86C+Ofe4/6GVIWVQuDpSMzhaRbgEVj4XxT9VLuDSWy8/l85UxKkQ8=') }.not_to raise_error # rubocop:disable Metrics/LineLength end # rubocop:enable Metrics/LineLength + + # rubocop:disable Metrics/LineLength + it 'supports a valid ssh-ed25519-cert-v01@openssh.com key' do + expect { described_class.new(name: 'bastelfreakwashere', type: :'ssh-ed25519-cert-v01@openssh.com', user: 'opensshrulez', key: 'AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAII03FWZnj5mlByzlCf6DrreuQ1xd4P06OpWVtTv1LA8tAAAAIAELyKZcNagkQdfPc484zFekxiBOfkTYW5WQp8ZEQ0yRAAAAAAAAAAAAAAACAAAAEGhvc3QuZXhhbXBsZS5jb20AAAAUAAAAEGhvc3QuZXhhbXBsZS5jb20AAAAAXyxVTAAAAABhDDeOAAAAAAAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACABC8imXDWoJEHXz3OPOMxXpMYgTn5E2FuVkKfGRENMkQAAAFMAAAALc3NoLWVkMjU1MTkAAABAMeOkwGO8xK4xLWXemAtcwyFkBT+I57PdBI9Y+6r2MpU8WqpvY8BpR8eohwzrSyTaxt/SeRrrQ+npfMY1g2z5DA==') }.not_to raise_error # rubocop:disable Metrics/LineLength + end + # rubocop:enable Metrics/LineLength it "doesn't support whitespaces" do expect { described_class.new(name: 'whev', type: :rsa, user: 'nobody', key: 'AAA FA==') }.to raise_error(Puppet::Error, %r{Key must not contain whitespace}) end -- cgit v1.2.3 From 1743b72e06d33e85b8eec11582f4b13fb59bfa3c Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Thu, 6 Aug 2020 21:18:41 +0200 Subject: (MODULES-10765) Implement ssh-dss-cert-v01@openssh.com support --- lib/puppet/type/ssh_authorized_key.rb | 5 +++-- spec/unit/type/ssh_authorized_key_spec.rb | 10 +++++++++- 2 files changed, 12 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/puppet/type/ssh_authorized_key.rb b/lib/puppet/type/ssh_authorized_key.rb index 483fb51..4a4fb24 100644 --- a/lib/puppet/type/ssh_authorized_key.rb +++ b/lib/puppet/type/ssh_authorized_key.rb @@ -64,7 +64,7 @@ module Puppet newvalues :'ssh-dss', :'ssh-rsa', :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521', :'ssh-ed25519', :'sk-ecdsa-sha2-nistp256@openssh.com', :'sk-ssh-ed25519@openssh.com', :'ssh-rsa-cert-v01@openssh.com', - :'ssh-ed25519-cert-v01@openssh.com' + :'ssh-ed25519-cert-v01@openssh.com', :'ssh-dss-cert-v01@openssh.com' aliasvalue(:dsa, :'ssh-dss') aliasvalue(:ed25519, :'ssh-ed25519') @@ -166,7 +166,8 @@ module Puppet REGEX = %r{^(?:(.+)\s+)?(ssh-dss|ssh-ed25519|ssh-rsa|ecdsa-sha2-nistp256| ecdsa-sha2-nistp384|ecdsa-sha2-nistp521|ecdsa-sk|ed25519-sk| sk-ecdsa-sha2-nistp256@openssh.com|sk-ssh-ed25519@openssh.com| - ssh-rsa-cert-v01@openssh.com|ssh-ed25519-cert-v01@openssh.com)\s+([^ ]+)\s*(.*)$}x + ssh-rsa-cert-v01@openssh.com|ssh-ed25519-cert-v01@openssh.com| + ssh-dss-cert-v01@openssh.com)\s+([^ ]+)\s*(.*)$}x def self.keyline_regex REGEX end diff --git a/spec/unit/type/ssh_authorized_key_spec.rb b/spec/unit/type/ssh_authorized_key_spec.rb index 164fb05..90c1dc3 100644 --- a/spec/unit/type/ssh_authorized_key_spec.rb +++ b/spec/unit/type/ssh_authorized_key_spec.rb @@ -89,7 +89,8 @@ describe Puppet::Type.type(:ssh_authorized_key), unless: Puppet.features.microso :'ecdsa-sk', :'sk-ecdsa-sha2-nistp256@openssh.com', :'ed25519-sk', :'sk-ssh-ed25519@openssh.com', :'ssh-rsa-cert-v01@openssh.com', - :'ssh-ed25519-cert-v01@openssh.com' + :'ssh-ed25519-cert-v01@openssh.com', + :'ssh-dss-cert-v01@openssh.com' ].each do |keytype| it "supports #{keytype}" do described_class.new(name: 'whev', type: keytype, user: 'nobody') @@ -151,6 +152,13 @@ describe Puppet::Type.type(:ssh_authorized_key), unless: Puppet.features.microso expect { described_class.new(name: 'bastelfreakwashere', type: :'ssh-ed25519-cert-v01@openssh.com', user: 'opensshrulez', key: 'AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAII03FWZnj5mlByzlCf6DrreuQ1xd4P06OpWVtTv1LA8tAAAAIAELyKZcNagkQdfPc484zFekxiBOfkTYW5WQp8ZEQ0yRAAAAAAAAAAAAAAACAAAAEGhvc3QuZXhhbXBsZS5jb20AAAAUAAAAEGhvc3QuZXhhbXBsZS5jb20AAAAAXyxVTAAAAABhDDeOAAAAAAAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACABC8imXDWoJEHXz3OPOMxXpMYgTn5E2FuVkKfGRENMkQAAAFMAAAALc3NoLWVkMjU1MTkAAABAMeOkwGO8xK4xLWXemAtcwyFkBT+I57PdBI9Y+6r2MpU8WqpvY8BpR8eohwzrSyTaxt/SeRrrQ+npfMY1g2z5DA==') }.not_to raise_error # rubocop:disable Metrics/LineLength end # rubocop:enable Metrics/LineLength + + # rubocop:disable Metrics/LineLength + it 'supports a valid ssh-dss-cert-v01@openssh.com key' do + expect { described_class.new(name: 'bastelfreakwashere', type: :'ssh-dss-cert-v01@openssh.com', user: 'opensshrulez', key: 'AAAAHHNzaC1kc3MtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgcCc5I4UIAZWRjnkQx/IiMadlKaM8AncxZnEepHrJU7QAAACBAK+gMKBIurFf2QdcVgf+PVJBJlGcC61ej2pFSaZURhgcyhAzf0PAxWwWmeSb5m89PXy09Q4ufDV/iDTKCLV2/tM/fk8Nqk8zT8R92SCdVLy5mN7q8seFhrDeZ1zsWRU6nQHFYiwoS0VhtMyGp1J39mX7wJqbdnIuG/1cqhB4Lxh7AAAAFQDPYY2uOe2WOrQQQY50KUjsUUdrrwAAAIBOio9RBHQasCGAuXGczY2ORp3P0rsUlPR7pLJ9C1+wN1tLfTmOkn9iNmRR3O1xButRs1gBkhlTz7zRreWHOtcXOEoZmj1wIvPqFdmvKv4KX5krq2Dd6vcmTO1LW5CZXvlPM5hYK+IE5+bER1K68xjDIIZfiM0tEmBhnME8nXENeAAAAIEAlHywsFzvdR8VP3acZSHdy82iiKslTn1fOeS10uk+qYZXP7NOhUf+b9WhGSCcv3IzlCGSHs5ClfmABBWUDJyOxF3Fwlmx1z/detbJYgrSBc6bzrqqofac7pWjf3lN7pB/bX4zpN27BjIUwDxYvLRdHlrwA5vZTN98187wOt7D1cwAAAAAAAAAAAAAAAIAAAAQaG9zdC5leGFtcGxlLmNvbQAAABQAAAAQaG9zdC5leGFtcGxlLmNvbQAAAABfLFZ4AAAAAGEMOLkAAAAAAAAAAAAAAAAAAAGyAAAAB3NzaC1kc3MAAACBAK+gMKBIurFf2QdcVgf+PVJBJlGcC61ej2pFSaZURhgcyhAzf0PAxWwWmeSb5m89PXy09Q4ufDV/iDTKCLV2/tM/fk8Nqk8zT8R92SCdVLy5mN7q8seFhrDeZ1zsWRU6nQHFYiwoS0VhtMyGp1J39mX7wJqbdnIuG/1cqhB4Lxh7AAAAFQDPYY2uOe2WOrQQQY50KUjsUUdrrwAAAIBOio9RBHQasCGAuXGczY2ORp3P0rsUlPR7pLJ9C1+wN1tLfTmOkn9iNmRR3O1xButRs1gBkhlTz7zRreWHOtcXOEoZmj1wIvPqFdmvKv4KX5krq2Dd6vcmTO1LW5CZXvlPM5hYK+IE5+bER1K68xjDIIZfiM0tEmBhnME8nXENeAAAAIEAlHywsFzvdR8VP3acZSHdy82iiKslTn1fOeS10uk+qYZXP7NOhUf+b9WhGSCcv3IzlCGSHs5ClfmABBWUDJyOxF3Fwlmx1z/detbJYgrSBc6bzrqqofac7pWjf3lN7pB/bX4zpN27BjIUwDxYvLRdHlrwA5vZTN98187wOt7D1cwAAAA3AAAAB3NzaC1kc3MAAAAoqdL2M2Q5R6xBk1mym3GrtmF7EbAh0PX0LiQ78c4+eQaWHJ71cEIe6A==') }.not_to raise_error # rubocop:disable Metrics/LineLength + end + # rubocop:enable Metrics/LineLength + it "doesn't support whitespaces" do expect { described_class.new(name: 'whev', type: :rsa, user: 'nobody', key: 'AAA FA==') }.to raise_error(Puppet::Error, %r{Key must not contain whitespace}) end -- cgit v1.2.3 From eef4923bebf6ea2c2dc9e37526b95782cb63089c Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Thu, 6 Aug 2020 21:31:27 +0200 Subject: (MODULES-10765) Implement ecdsa-sha2-nistp256-cert-v01@openssh.com support --- lib/puppet/type/ssh_authorized_key.rb | 4 ++-- spec/unit/type/ssh_authorized_key_spec.rb | 9 ++++++++- 2 files changed, 10 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/puppet/type/ssh_authorized_key.rb b/lib/puppet/type/ssh_authorized_key.rb index 4a4fb24..ce8fd92 100644 --- a/lib/puppet/type/ssh_authorized_key.rb +++ b/lib/puppet/type/ssh_authorized_key.rb @@ -64,7 +64,7 @@ module Puppet newvalues :'ssh-dss', :'ssh-rsa', :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521', :'ssh-ed25519', :'sk-ecdsa-sha2-nistp256@openssh.com', :'sk-ssh-ed25519@openssh.com', :'ssh-rsa-cert-v01@openssh.com', - :'ssh-ed25519-cert-v01@openssh.com', :'ssh-dss-cert-v01@openssh.com' + :'ssh-ed25519-cert-v01@openssh.com', :'ssh-dss-cert-v01@openssh.com', :'ecdsa-sha2-nistp256-cert-v01@openssh.com' aliasvalue(:dsa, :'ssh-dss') aliasvalue(:ed25519, :'ssh-ed25519') @@ -167,7 +167,7 @@ module Puppet ecdsa-sha2-nistp384|ecdsa-sha2-nistp521|ecdsa-sk|ed25519-sk| sk-ecdsa-sha2-nistp256@openssh.com|sk-ssh-ed25519@openssh.com| ssh-rsa-cert-v01@openssh.com|ssh-ed25519-cert-v01@openssh.com| - ssh-dss-cert-v01@openssh.com)\s+([^ ]+)\s*(.*)$}x + ssh-dss-cert-v01@openssh.com|ecdsa-sha2-nistp256-cert-v01@openssh.com)\s+([^ ]+)\s*(.*)$}x def self.keyline_regex REGEX end diff --git a/spec/unit/type/ssh_authorized_key_spec.rb b/spec/unit/type/ssh_authorized_key_spec.rb index 90c1dc3..6d1d391 100644 --- a/spec/unit/type/ssh_authorized_key_spec.rb +++ b/spec/unit/type/ssh_authorized_key_spec.rb @@ -90,7 +90,8 @@ describe Puppet::Type.type(:ssh_authorized_key), unless: Puppet.features.microso :'ed25519-sk', :'sk-ssh-ed25519@openssh.com', :'ssh-rsa-cert-v01@openssh.com', :'ssh-ed25519-cert-v01@openssh.com', - :'ssh-dss-cert-v01@openssh.com' + :'ssh-dss-cert-v01@openssh.com', + :'ecdsa-sha2-nistp256-cert-v01@openssh.com' ].each do |keytype| it "supports #{keytype}" do described_class.new(name: 'whev', type: keytype, user: 'nobody') @@ -159,6 +160,12 @@ describe Puppet::Type.type(:ssh_authorized_key), unless: Puppet.features.microso end # rubocop:enable Metrics/LineLength + # rubocop:disable Metrics/LineLength + it 'supports a valid ecdsa-sha2-nistp256-cert-v01@openssh.com key' do + expect { described_class.new(name: 'bastelfreakwashere', type: :'ecdsa-sha2-nistp256-cert-v01@openssh.com', user: 'opensshrulez', key: 'AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgQUGk9Pzd+RqECXZMmgj8bFEumUGfZPEhJhyUusF7hvwAAAAIbmlzdHAyNTYAAABBBBmo/Yw8pVDSObTkJxlpYL5s9tVnpj7ubeky+PKY2zJ8pRYIHS3XJ6x/NyB/iFoYlGxrn4CaMPwNvYxvSEdTj60AAAAAAAAAAAAAAAIAAAAQaG9zdC5leGFtcGxlLmNvbQAAABQAAAAQaG9zdC5leGFtcGxlLmNvbQAAAABfLFfgAAAAAGEMOkIAAAAAAAAAAAAAAAAAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBmo/Yw8pVDSObTkJxlpYL5s9tVnpj7ubeky+PKY2zJ8pRYIHS3XJ6x/NyB/iFoYlGxrn4CaMPwNvYxvSEdTj60AAABjAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAABIAAAAIGkErINcPm1MpBhKuUmdR0KAPJGZCSeGT9E6FafcVhlFAAAAIERD5WsflI5QdJETz3n64tIDcdPbUF0GQW8iP8EV+Nf5') }.not_to raise_error # rubocop:disable Metrics/LineLength + end + # rubocop:enable Metrics/LineLength + it "doesn't support whitespaces" do expect { described_class.new(name: 'whev', type: :rsa, user: 'nobody', key: 'AAA FA==') }.to raise_error(Puppet::Error, %r{Key must not contain whitespace}) end -- cgit v1.2.3 From c33e9e02d8374441eb9feef20613a7a9da8c62ca Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Thu, 6 Aug 2020 21:35:33 +0200 Subject: (MODULES-10765) Implement ecdsa-sha2-nistp384-cert-v01@openssh.com support --- lib/puppet/type/ssh_authorized_key.rb | 6 ++++-- spec/unit/type/ssh_authorized_key_spec.rb | 9 ++++++++- 2 files changed, 12 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/puppet/type/ssh_authorized_key.rb b/lib/puppet/type/ssh_authorized_key.rb index ce8fd92..f34ef9c 100644 --- a/lib/puppet/type/ssh_authorized_key.rb +++ b/lib/puppet/type/ssh_authorized_key.rb @@ -64,7 +64,8 @@ module Puppet newvalues :'ssh-dss', :'ssh-rsa', :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521', :'ssh-ed25519', :'sk-ecdsa-sha2-nistp256@openssh.com', :'sk-ssh-ed25519@openssh.com', :'ssh-rsa-cert-v01@openssh.com', - :'ssh-ed25519-cert-v01@openssh.com', :'ssh-dss-cert-v01@openssh.com', :'ecdsa-sha2-nistp256-cert-v01@openssh.com' + :'ssh-ed25519-cert-v01@openssh.com', :'ssh-dss-cert-v01@openssh.com', :'ecdsa-sha2-nistp256-cert-v01@openssh.com', + :'ecdsa-sha2-nistp384-cert-v01@openssh.com' aliasvalue(:dsa, :'ssh-dss') aliasvalue(:ed25519, :'ssh-ed25519') @@ -167,7 +168,8 @@ module Puppet ecdsa-sha2-nistp384|ecdsa-sha2-nistp521|ecdsa-sk|ed25519-sk| sk-ecdsa-sha2-nistp256@openssh.com|sk-ssh-ed25519@openssh.com| ssh-rsa-cert-v01@openssh.com|ssh-ed25519-cert-v01@openssh.com| - ssh-dss-cert-v01@openssh.com|ecdsa-sha2-nistp256-cert-v01@openssh.com)\s+([^ ]+)\s*(.*)$}x + ssh-dss-cert-v01@openssh.com|ecdsa-sha2-nistp256-cert-v01@openssh.com| + ecdsa-sha2-nistp384-cert-v01@openssh.com)\s+([^ ]+)\s*(.*)$}x def self.keyline_regex REGEX end diff --git a/spec/unit/type/ssh_authorized_key_spec.rb b/spec/unit/type/ssh_authorized_key_spec.rb index 6d1d391..14c65f7 100644 --- a/spec/unit/type/ssh_authorized_key_spec.rb +++ b/spec/unit/type/ssh_authorized_key_spec.rb @@ -91,7 +91,8 @@ describe Puppet::Type.type(:ssh_authorized_key), unless: Puppet.features.microso :'ssh-rsa-cert-v01@openssh.com', :'ssh-ed25519-cert-v01@openssh.com', :'ssh-dss-cert-v01@openssh.com', - :'ecdsa-sha2-nistp256-cert-v01@openssh.com' + :'ecdsa-sha2-nistp256-cert-v01@openssh.com', + :'ecdsa-sha2-nistp384-cert-v01@openssh.com' ].each do |keytype| it "supports #{keytype}" do described_class.new(name: 'whev', type: keytype, user: 'nobody') @@ -166,6 +167,12 @@ describe Puppet::Type.type(:ssh_authorized_key), unless: Puppet.features.microso end # rubocop:enable Metrics/LineLength + # rubocop:disable Metrics/LineLength + it 'supports a valid ecdsa-sha2-nistp384-cert-v01@openssh.com key' do + expect { described_class.new(name: 'bastelfreakwashere', type: :'ecdsa-sha2-nistp384-cert-v01@openssh.com', user: 'opensshrulez', key: 'AAAAKGVjZHNhLXNoYTItbmlzdHAzODQtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgh+/K6gv7WlwX9qVlKLH8Vurzo5xfc8/glVcT7auQOhIAAAAIbmlzdHAzODQAAABhBDouPHnR+OD4jfdqMbhFXTfB8vTjpZYLQSl0HxEXRAs8AgqDEZI1lJEVwdxtJUbczyu1Wj7wM45YpSpgUQVU38rmVkpxujqhhMMmqMWf87gnjm9oVLLFvJHdauKNnXjJQQAAAAAAAAAAAAAAAgAAABBob3N0LmV4YW1wbGUuY29tAAAAFAAAABBob3N0LmV4YW1wbGUuY29tAAAAAF8sWnQAAAAAYQw85wAAAAAAAAAAAAAAAAAAAIgAAAATZWNkc2Etc2hhMi1uaXN0cDM4NAAAAAhuaXN0cDM4NAAAAGEEOi48edH44PiN92oxuEVdN8Hy9OOllgtBKXQfERdECzwCCoMRkjWUkRXB3G0lRtzPK7VaPvAzjlilKmBRBVTfyuZWSnG6OqGEwyaoxZ/zuCeOb2hUssW8kd1q4o2deMlBAAAAgwAAABNlY2RzYS1zaGEyLW5pc3RwMzg0AAAAaAAAADBJccfmOaYjNVbqkx0X7cLpl53EzTAMdv9k159mBLYaepMnLYmhKx+LvfA5bAUTar4AAAAwSO7n770NIdhhMZjGio4GKDyKq2WW6QLRXleY6QcynBaQ90rkMVnt+jeIEs30h6F8') }.not_to raise_error # rubocop:disable Metrics/LineLength + end + # rubocop:enable Metrics/LineLength + it "doesn't support whitespaces" do expect { described_class.new(name: 'whev', type: :rsa, user: 'nobody', key: 'AAA FA==') }.to raise_error(Puppet::Error, %r{Key must not contain whitespace}) end -- cgit v1.2.3 From 53b29db4a99f970b99141ae143cddb60f263de72 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Thu, 6 Aug 2020 21:55:48 +0200 Subject: (MODULES-10765) Implement ecdsa-sha2-nistp521-cert-v01@openssh.com support --- lib/puppet/type/ssh_authorized_key.rb | 4 ++-- spec/unit/type/ssh_authorized_key_spec.rb | 9 ++++++++- 2 files changed, 10 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/puppet/type/ssh_authorized_key.rb b/lib/puppet/type/ssh_authorized_key.rb index f34ef9c..9749e29 100644 --- a/lib/puppet/type/ssh_authorized_key.rb +++ b/lib/puppet/type/ssh_authorized_key.rb @@ -65,7 +65,7 @@ module Puppet newvalues :'ssh-dss', :'ssh-rsa', :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521', :'ssh-ed25519', :'sk-ecdsa-sha2-nistp256@openssh.com', :'sk-ssh-ed25519@openssh.com', :'ssh-rsa-cert-v01@openssh.com', :'ssh-ed25519-cert-v01@openssh.com', :'ssh-dss-cert-v01@openssh.com', :'ecdsa-sha2-nistp256-cert-v01@openssh.com', - :'ecdsa-sha2-nistp384-cert-v01@openssh.com' + :'ecdsa-sha2-nistp384-cert-v01@openssh.com', :'ecdsa-sha2-nistp521-cert-v01@openssh.com' aliasvalue(:dsa, :'ssh-dss') aliasvalue(:ed25519, :'ssh-ed25519') @@ -169,7 +169,7 @@ module Puppet sk-ecdsa-sha2-nistp256@openssh.com|sk-ssh-ed25519@openssh.com| ssh-rsa-cert-v01@openssh.com|ssh-ed25519-cert-v01@openssh.com| ssh-dss-cert-v01@openssh.com|ecdsa-sha2-nistp256-cert-v01@openssh.com| - ecdsa-sha2-nistp384-cert-v01@openssh.com)\s+([^ ]+)\s*(.*)$}x + ecdsa-sha2-nistp384-cert-v01@openssh.com|ecdsa-sha2-nistp521-cert-v01@openssh.com)\s+([^ ]+)\s*(.*)$}x def self.keyline_regex REGEX end diff --git a/spec/unit/type/ssh_authorized_key_spec.rb b/spec/unit/type/ssh_authorized_key_spec.rb index 14c65f7..37981a4 100644 --- a/spec/unit/type/ssh_authorized_key_spec.rb +++ b/spec/unit/type/ssh_authorized_key_spec.rb @@ -92,7 +92,8 @@ describe Puppet::Type.type(:ssh_authorized_key), unless: Puppet.features.microso :'ssh-ed25519-cert-v01@openssh.com', :'ssh-dss-cert-v01@openssh.com', :'ecdsa-sha2-nistp256-cert-v01@openssh.com', - :'ecdsa-sha2-nistp384-cert-v01@openssh.com' + :'ecdsa-sha2-nistp384-cert-v01@openssh.com', + :'ecdsa-sha2-nistp521-cert-v01@openssh.com' ].each do |keytype| it "supports #{keytype}" do described_class.new(name: 'whev', type: keytype, user: 'nobody') @@ -173,6 +174,12 @@ describe Puppet::Type.type(:ssh_authorized_key), unless: Puppet.features.microso end # rubocop:enable Metrics/LineLength + # rubocop:disable Metrics/LineLength + it 'supports a valid ecdsa-sha2-nistp521-cert-v01@openssh.com key' do + expect { described_class.new(name: 'bastelfreakwashere', type: :'ecdsa-sha2-nistp521-cert-v01@openssh.com', user: 'opensshrulez', key: 'AAAAKGVjZHNhLXNoYTItbmlzdHA1MjEtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg2xMe+Z9AuETNwM88pTDRpEtKbGRarajtZ5UaxSmmaQoAAAAIbmlzdHA1MjEAAACFBAFGg1vGsCq5kEzivd0s/kf0x5/TDzb0DwPzGz5YRsUtDlhT7+F7r2lVRvEEXCagc/UjTisIQ0kcG4IgMoI3VsaFEAHrBgF4whI/bhh6i+WzIHnT3NWkjqhdX+kLBXtlm+uFXyslmFlda4gGmjGeHvsDHgC2rN7cSuGh//3DBXtelkB+uQAAAAAAAAAAAAAAAgAAABBob3N0LmV4YW1wbGUuY29tAAAAFAAAABBob3N0LmV4YW1wbGUuY29tAAAAAF8sW9wAAAAAYQw+QgAAAAAAAAAAAAAAAAAAAKwAAAATZWNkc2Etc2hhMi1uaXN0cDUyMQAAAAhuaXN0cDUyMQAAAIUEAUaDW8awKrmQTOK93Sz+R/THn9MPNvQPA/MbPlhGxS0OWFPv4XuvaVVG8QRcJqBz9SNOKwhDSRwbgiAygjdWxoUQAesGAXjCEj9uGHqL5bMgedPc1aSOqF1f6QsFe2Wb64VfKyWYWV1riAaaMZ4e+wMeALas3txK4aH//cMFe16WQH65AAAApwAAABNlY2RzYS1zaGEyLW5pc3RwNTIxAAAAjAAAAEIA92a8QL5J/EMxRaKh9fSysTaEyyN/3KesBC8tI1rwytKILtfrcAIGxXtDQF6eZ72BWUvu6aqHIM6pmIHlnpzsROgAAABCAJHPzoeANenL8ZdlEf0jz8aEiGlGt02Z+vzsajQakKclFL4P8Nm5fojR2Mo2C45CQfO+kfkRQM1UUfDrVZcPzN0S') }.not_to raise_error # rubocop:disable Metrics/LineLength + end + # rubocop:enable Metrics/LineLength + it "doesn't support whitespaces" do expect { described_class.new(name: 'whev', type: :rsa, user: 'nobody', key: 'AAA FA==') }.to raise_error(Puppet::Error, %r{Key must not contain whitespace}) end -- cgit v1.2.3