From 210f2e13ade80fbb39e6d1f9b2235ba098f2c780 Mon Sep 17 00:00:00 2001 From: Dorin Pleava Date: Mon, 25 May 2020 15:09:02 +0300 Subject: (MODULES-10671) New SSH key types for OpenSSH 8.2 Two new SSH key types were added on OpenSSH 8.2: sk-ecdsa-sha2-nistp256@openssh.com(alias ecdsa-sk) and sk-ssh-ed25519@openssh.com(alias ed25519-sk) --- spec/unit/type/ssh_authorized_key_spec.rb | 14 +++++++++++++- spec/unit/type/sshkey_spec.rb | 14 +++++++++++++- 2 files changed, 26 insertions(+), 2 deletions(-) (limited to 'spec/unit') diff --git a/spec/unit/type/ssh_authorized_key_spec.rb b/spec/unit/type/ssh_authorized_key_spec.rb index 457537c..cf4ae8a 100644 --- a/spec/unit/type/ssh_authorized_key_spec.rb +++ b/spec/unit/type/ssh_authorized_key_spec.rb @@ -85,7 +85,9 @@ describe Puppet::Type.type(:ssh_authorized_key), unless: Puppet.features.microso :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521', - :ed25519, :'ssh-ed25519' + :ed25519, :'ssh-ed25519', + :'ecdsa-sk', :'sk-ecdsa-sha2-nistp256@openssh.com', + :'ed25519-sk', :'sk-ssh-ed25519@openssh.com' ].each do |keytype| it "supports #{keytype}" do described_class.new(name: 'whev', type: keytype, user: 'nobody') @@ -102,6 +104,16 @@ describe Puppet::Type.type(:ssh_authorized_key), unless: Puppet.features.microso expect(key.should(:type)).to eq :'ssh-dss' end + it 'aliases :ecdsa-sk to :sk-ecdsa-sha2-nistp256@openssh.com' do + key = described_class.new(name: 'whev', type: :'ecdsa-sk', user: 'nobody') + expect(key.should(:type)).to eq :'sk-ecdsa-sha2-nistp256@openssh.com' + end + + it 'aliases :ed25519-sk to :sk-ssh-ed25519@openssh.com' do + key = described_class.new(name: 'whev', type: :'ed25519-sk', user: 'nobody') + expect(key.should(:type)).to eq :'sk-ssh-ed25519@openssh.com' + end + it "doesn't support values other than ssh-dss, ssh-rsa, dsa, rsa" do expect { described_class.new(name: 'whev', type: :something) }.to raise_error(Puppet::Error, %r{Invalid value}) end diff --git a/spec/unit/type/sshkey_spec.rb b/spec/unit/type/sshkey_spec.rb index 680d9ec..53448ed 100644 --- a/spec/unit/type/sshkey_spec.rb +++ b/spec/unit/type/sshkey_spec.rb @@ -27,7 +27,9 @@ describe Puppet::Type.type(:sshkey) do :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521', - :'ssh-ed25519', :ed25519 + :'ssh-ed25519', :ed25519, + :'ecdsa-sk', :'sk-ecdsa-sha2-nistp256@openssh.com', + :'ed25519-sk', :'sk-ssh-ed25519@openssh.com' ].each do |keytype| it "supports #{keytype} as a type value" do described_class.new(name: 'foo', type: keytype) @@ -44,6 +46,16 @@ describe Puppet::Type.type(:sshkey) do expect(key.parameter(:type).value).to eq :'ssh-dss' end + it 'aliases :ecdsa-sk to :sk-ecdsa-sha2-nistp256@openssh.com' do + key = described_class.new(name: 'foo', type: :'ecdsa-sk') + expect(key.parameter(:type).value).to eq :'sk-ecdsa-sha2-nistp256@openssh.com' + end + + it 'aliases :ed25519-sk to :ssh-dss' do + key = described_class.new(name: 'foo', type: :'ed25519-sk') + expect(key.parameter(:type).value).to eq :'sk-ssh-ed25519@openssh.com' + end + it "doesn't support values other than ssh-dss, ssh-rsa, dsa, rsa for type" do expect { described_class.new(name: 'whev', type: :'ssh-dsa') -- cgit v1.2.3