From 92a734a6620fcc51691d60347e344f87ac801bde Mon Sep 17 00:00:00 2001 From: Ciprian Badescu Date: Thu, 20 Feb 2020 15:32:52 +0200 Subject: (MODULES-7613) use name and type as composite namevar After this modification it will be possible to add two or more keys of different types for the same host --- .../resource/ssh_authorized_key/destroy_spec.rb | 2 +- .../resource/ssh_authorized_key/modify_spec.rb | 2 +- .../tests/resource/sshkey/create_spec.rb | 50 ++++++++++---- .../tests/resource/sshkey/destroy_spec.rb | 74 ++++++++++++++++++++ .../tests/resource/sshkey/modify_spec.rb | 78 ++++++++++++++++++++++ 5 files changed, 192 insertions(+), 14 deletions(-) create mode 100644 spec/acceptance/tests/resource/sshkey/destroy_spec.rb create mode 100644 spec/acceptance/tests/resource/sshkey/modify_spec.rb (limited to 'spec/acceptance/tests') diff --git a/spec/acceptance/tests/resource/ssh_authorized_key/destroy_spec.rb b/spec/acceptance/tests/resource/ssh_authorized_key/destroy_spec.rb index a491eb6..a4d49c1 100644 --- a/spec/acceptance/tests/resource/ssh_authorized_key/destroy_spec.rb +++ b/spec/acceptance/tests/resource/ssh_authorized_key/destroy_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper_acceptance' -RSpec.context 'sshkeys: Destroy' do +RSpec.context 'ssh_authorized_key: Destroy' do confine :except, platform: ['windows'] let(:auth_keys) { '~/.ssh/authorized_keys' } diff --git a/spec/acceptance/tests/resource/ssh_authorized_key/modify_spec.rb b/spec/acceptance/tests/resource/ssh_authorized_key/modify_spec.rb index 711d2fc..2f090fb 100644 --- a/spec/acceptance/tests/resource/ssh_authorized_key/modify_spec.rb +++ b/spec/acceptance/tests/resource/ssh_authorized_key/modify_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper_acceptance' -RSpec.context 'sshkeys: Modify' do +RSpec.context 'ssh_authorized_key: Modify' do let(:auth_keys) { '~/.ssh/authorized_keys' } let(:name) { "pl#{rand(999_999).to_i}" } let(:custom_key_directory) { "/etc/ssh_authorized_keys_#{name}" } diff --git a/spec/acceptance/tests/resource/sshkey/create_spec.rb b/spec/acceptance/tests/resource/sshkey/create_spec.rb index f6534b8..9b8f793 100644 --- a/spec/acceptance/tests/resource/sshkey/create_spec.rb +++ b/spec/acceptance/tests/resource/sshkey/create_spec.rb @@ -4,17 +4,10 @@ RSpec.context 'sshkeys: Create' do let(:keyname) { "pl#{rand(999_999).to_i}" } # FIXME: This is bletcherous - let(:macos_version) { fact_on(agent, 'os.macosx.version.major') } - let(:ssh_known_hosts) do - if ['10.9', '10.10'].include? macos_version - '/etc/ssh_known_hosts' - else - '/etc/ssh/ssh_known_hosts' - end - end + let(:ssh_known_hosts) { '/etc/ssh/ssh_known_hosts' } before(:each) do - osx_agents.each do |agent| + posix_agents.agents.each do |agent| # The 'cp' might fail because the source file doesn't exist on( agent, @@ -25,7 +18,7 @@ RSpec.context 'sshkeys: Create' do end after(:each) do - osx_agents.each do |agent| + posix_agents.each do |agent| # Is it present? rc = on( agent, @@ -51,8 +44,8 @@ RSpec.context 'sshkeys: Create' do end end - osx_agents.each do |agent| - it "#{agent} should add an SSH key to the correct ssh_known_hosts file on OS X/macOS (PUP-5508)" do + posix_agents.each do |agent| + it "#{agent} should add an SSH key to the correct ssh_known_hosts file (OS X/macOS - PUP-5508)" do # Is it even there? rc = on( agent, @@ -78,4 +71,37 @@ RSpec.context 'sshkeys: Create' do end end end + + posix_agents.each do |agent| + it "#{agent} should allow to add two different type keys for the same host" do + # Is it even there? + rc = on( + agent, + "[ ! -e #{ssh_known_hosts} ]", + acceptable_exit_codes: [0, 1], + ) + if rc.exit_code == 1 + # If it's there, it should be empty + on(agent, "cat #{ssh_known_hosts}") do |_res| + expect(stdout).to be_empty + end + end + on agent, puppet('apply'), stdin: < 'present', + key => 'how_about_the_rsa_key_of_c', + } + + sshkey { '#{keyname}@ssh-dss': + ensure => 'present', + key => 'how_about_the_dss_key_of_c', + } +MANIFEST + + on(agent, "cat #{ssh_known_hosts}") do |_rc| + expect(stdout).to include("#{keyname} ssh-rsa") + expect(stdout).to include("#{keyname} ssh-dss") + end + end + end end diff --git a/spec/acceptance/tests/resource/sshkey/destroy_spec.rb b/spec/acceptance/tests/resource/sshkey/destroy_spec.rb new file mode 100644 index 0000000..11a1f10 --- /dev/null +++ b/spec/acceptance/tests/resource/sshkey/destroy_spec.rb @@ -0,0 +1,74 @@ +require 'spec_helper_acceptance' + +RSpec.context 'sshkeys: Destroy' do + let(:keyname) { "pl#{rand(999_999).to_i}" } + + # FIXME: This is bletcherous + let(:ssh_known_hosts) { '/etc/ssh/ssh_known_hosts' } + + before(:each) do + posix_agents.agents.each do |agent| + # The 'cp' might fail because the source file doesn't exist + on( + agent, + "cp -fv #{ssh_known_hosts} /tmp/ssh_known_hosts", + acceptable_exit_codes: [0, 1], + ) + cmd = <<-CMD +echo '' > #{ssh_known_hosts} +echo '#{keyname} ssh-rsa how_about_the_initial_rsa_key_of_c' >> #{ssh_known_hosts} +echo '#{keyname} ssh-dss how_about_the_initial_dss_key_of_c' >> #{ssh_known_hosts} +CMD + on(agent, cmd) + end + end + + after(:each) do + posix_agents.each do |agent| + # Is it present? + rc = on( + agent, + '[ -e /tmp/ssh_known_hosts ]', + accept_all_exit_codes: true, + ) + if rc.exit_code == 0 + # It's present, so restore the original + on( + agent, + "mv -fv /tmp/ssh_known_hosts #{ssh_known_hosts}", + accept_all_exit_codes: true, + ) + else + # It's missing, which means there wasn't one to backup; just + # delete the one we laid down + on( + agent, + "rm -fv #{ssh_known_hosts}", + accept_all_exit_codes: true, + ) + end + end + end + + posix_agents.each do |agent| + it "#{agent} should delete an rsa entry for an SSH known host key" do + args = ['ensure=absent', + "type='rsa'"] + on(agent, puppet_resource('sshkey', keyname.to_s, args)) + + on(agent, "cat #{ssh_known_hosts}") do |_res| + expect(stdout).not_to include('how_about_the_initial_rsa_key_of_c') + end + end + + it "#{agent} should delete an dss entry for an SSH known host key" do + args = ['ensure=absent', + "type='ssh-dss'"] + on(agent, puppet_resource('sshkey', keyname.to_s, args)) + + on(agent, "cat #{ssh_known_hosts}") do |_res| + expect(stdout).not_to include('how_about_the_initial_dss_key_of_c') + end + end + end +end diff --git a/spec/acceptance/tests/resource/sshkey/modify_spec.rb b/spec/acceptance/tests/resource/sshkey/modify_spec.rb new file mode 100644 index 0000000..92c0a9f --- /dev/null +++ b/spec/acceptance/tests/resource/sshkey/modify_spec.rb @@ -0,0 +1,78 @@ +require 'spec_helper_acceptance' + +RSpec.context 'sshkeys: Modify' do + let(:keyname) { "pl#{rand(999_999).to_i}" } + + # FIXME: This is bletcherous + let(:ssh_known_hosts) { '/etc/ssh/ssh_known_hosts' } + + before(:each) do + posix_agents.agents.each do |agent| + # The 'cp' might fail because the source file doesn't exist + on( + agent, + "cp -fv #{ssh_known_hosts} /tmp/ssh_known_hosts", + acceptable_exit_codes: [0, 1], + ) + cmd = <<-CMD +echo '' > #{ssh_known_hosts} +echo '#{keyname} ssh-rsa how_about_the_initial_rsa_key_of_c' >> #{ssh_known_hosts} +echo '#{keyname} ssh-dss how_about_the_initial_dss_key_of_c' >> #{ssh_known_hosts} +CMD + on(agent, cmd) + end + end + + after(:each) do + posix_agents.each do |agent| + # Is it present? + rc = on( + agent, + '[ -e /tmp/ssh_known_hosts ]', + accept_all_exit_codes: true, + ) + if rc.exit_code == 0 + # It's present, so restore the original + on( + agent, + "mv -fv /tmp/ssh_known_hosts #{ssh_known_hosts}", + accept_all_exit_codes: true, + ) + else + # It's missing, which means there wasn't one to backup; just + # delete the one we laid down + on( + agent, + "rm -fv #{ssh_known_hosts}", + accept_all_exit_codes: true, + ) + end + end + end + + posix_agents.each do |agent| + it "#{agent} should update an rsa entry for an SSH known host key" do + args = ['ensure=present', + "type='rsa'", + "key='how_about_the_updated_rsa_key_of_c'"] + on(agent, puppet_resource('sshkey', keyname.to_s, args)) + + on(agent, "cat #{ssh_known_hosts}") do |_res| + expect(stdout).to include('how_about_the_updated_rsa_key_of_c') + expect(stdout).not_to include('how_about_the_initial_rsa_key_of_c') + end + end + + it "#{agent} should update an dss entry for an SSH known host key" do + args = ['ensure=present', + "type='ssh-dss'", + "key='how_about_the_updated_dss_key_of_c'"] + on(agent, puppet_resource('sshkey', keyname.to_s, args)) + + on(agent, "cat #{ssh_known_hosts}") do |_res| + expect(stdout).to include('how_about_the_updated_dss_key_of_c') + expect(stdout).not_to include('how_about_the_initial_dss_key_of_c') + end + end + end +end -- cgit v1.2.3