| Server IP : 66.29.132.122 / Your IP : 18.223.171.168 Web Server : LiteSpeed System : Linux business142.web-hosting.com 4.18.0-553.lve.el8.x86_64 #1 SMP Mon May 27 15:27:34 UTC 2024 x86_64 User : admazpex ( 531) PHP Version : 7.2.34 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : OFF | Pkexec : OFF Directory : /proc/self/root/opt/puppetlabs/puppet/vendor_modules/sshkeys_core/spec/integration/provider/ |
Upload File : |
require 'spec_helper'
require 'puppet/file_bucket/dipper'
describe Puppet::Type.type(:ssh_authorized_key).provider(:parsed), unless: Puppet.features.microsoft_windows? do
include PuppetSpec::Files
let :fake_userfile do
tmpfile('authorized_keys.user')
end
let :fake_rootfile do
tmpfile('authorized_keys.root')
end
# rubocop:disable Layout/LineLength
let :sample_rsa_keys do
[
'AAAAB3NzaC1yc2EAAAADAQABAAAAgQCi18JBZOq10X3w4f67nVhO0O3s5Y1vHH4UgMSM3ZnQwbC5hjGyYSi9UULOoQQoQynI/a0I9NL423/Xk/XJVIKCHcS8q6V2Wmjd+fLNelOjxxoW6mbIytEt9rDvwgq3Mof3/m21L3t2byvegR00a+ikKbmInPmKwjeWZpexCIsHzQ==', # 1024 bit
'AAAAB3NzaC1yc2EAAAADAQABAAAAgQDLClyvi3CsJw5Id6khZs2/+s11qOH4Gdp6iDioDsrIp0m8kSiPr71VGyQYAfPzzvHemHS7Xg0NkG1Kc8u9tRqBQfTvz7ubq0AT/g01+4P2hQ/soFkuwlUG/HVnnaYb6N0Qp5SHWvD5vBE2nFFQVpP5GrSctPtHSjzJq/i+6LYhmQ==', # 1024 bit
'AAAAB3NzaC1yc2EAAAADAQABAAABAQDLygAO6txXkh9FNV8xSsBkATeqLbHzS7sFjGI3gt0Dx6q3LjyKwbhQ1RLf28kd5G6VWiXmClU/RtiPdUz8nrGuun++2mrxzrXrvpR9dq1lygLQ2wn2cI35dN5bjRMtXy3decs6HUhFo9MoNwX250rUWfdCyNPhGIp6OOfmjdy+UeLGNxq9wDx6i4bT5tVVSqVRtsEfw9+ICXchzl85QudjneVVpP+thriPZXfXA5eaGwAo/dmoKOIhUwF96gpdLqzNtrGQuxPbV80PTbGv9ZtAtTictxaDz8muXO7he9pXmchUpxUKtMFjHkL0FAZ9tRPmv3RA30sEr2fZ8+LKvnE50w0', # 2048 Bit
]
end
# rubocop:enable Layout/LineLength
# rubocop:disable Layout/LineLength
let :sample_dsa_keys do
[
'AAAAB3NzaC1kc3MAAACBAOPck2O8MIDSqxPSnvENt6tzRrKJ5oOhB6Nc6oEcWm+VEH1gvuxdiRqwoMgRwyEf1yUd+UAcLw3a6Jn+EtFyEBN/5WF+4Tt4xTxZ0Pfik2Wc5uqHbQ2dkmOoXiAOYPiD3JUQ1Xwm/J0CgetjitoLfzAGdCNhMqguqAuHcVJ78ZZbAAAAFQCIBKFYZ+I18I+dtgteirXh+VVEEwAAAIEAs1yvQ/wnLLrRCM660pF4kBiw3D6dJfMdCXWQpn0hZmkBQSIzZv4Wuk3giei5luxscDxNc+y3CTXtnyG4Kt1Yi2sOdvhRI3rX8tD+ejn8GHazM05l5VIo9uu4AQPIE32iV63IqgApSBbJ6vDJW91oDH0J492WdLCar4BS/KE3cRwAAACBAN0uSDyJqYLRsfYcFn4HyVf6TJxQm1IcwEt6GcJVzgjri9VtW7FqY5iBqa9B9Zdh5XXAYJ0XLsWQCcrmMHM2XGHGpA4gL9VlCJ/0QvOcXxD2uK7IXwAVUA7g4V4bw8EVnFv2Flufozhsp+4soo1xiYc5jiFVHwVlk21sMhAtKAeF', # 1024 Bit
]
end
# rubocop:enable Layout/LineLength
let :sample_lines do
[
"ssh-rsa #{sample_rsa_keys[1]} root@someotherhost",
"ssh-dss #{sample_dsa_keys[0]} root@anywhere",
"ssh-rsa #{sample_rsa_keys[2]} paul",
"ssh-rsa #{sample_rsa_keys[2]} dummy",
]
end
let :dummy do
Puppet::Type.type(:ssh_authorized_key).new(
name: 'dummy',
target: fake_userfile,
user: 'nobody',
ensure: :absent,
)
end
before :each do
allow(File).to receive(:chown)
allow(File).to receive(:chmod)
allow(Puppet::Util::SUIDManager).to receive(:asuser).and_yield
end
after :each do
described_class.clear # Work around bug #6628
end
def create_fake_key(username, content)
filename = ((username == :root) ? fake_rootfile : fake_userfile)
File.open(filename, 'w') do |f|
content.each do |line|
f.puts line
end
end
end
def check_fake_key(username, expected_content)
filename = ((username == :root) ? fake_rootfile : fake_userfile)
content = File.readlines(filename).map(&:chomp).sort.reject { |x| x =~ %r{^# HEADER:} }
expect(content.join("\n")).to eq(expected_content.sort.join("\n"))
end
def run_in_catalog(*resources)
allow_any_instance_of(Puppet::FileBucket::Dipper).to receive(:backup) # rubocop:disable RSpec/AnyInstance
catalog = Puppet::Resource::Catalog.new
catalog.host_config = false
resources.each do |resource|
expect(resource).not_to receive(:err)
catalog.add_resource(resource)
end
catalog.apply
end
it 'does not complain about empty lines and comments' do
expect(described_class).not_to receive(:flush)
sample = ['', sample_lines[0], ' ', sample_lines[1], '# just a comment', '#and another']
create_fake_key(:user, sample)
run_in_catalog(dummy)
check_fake_key(:user, sample)
end
it 'keeps empty lines and comments when modifying a file' do
create_fake_key(:user, ['', sample_lines[0], ' ', sample_lines[3], '# just a comment', '#and another'])
run_in_catalog(dummy)
check_fake_key(:user, ['', sample_lines[0], ' ', '# just a comment', '#and another'])
end
describe 'when managing one resource' do
describe 'with ensure set to absent' do
let :resource do
Puppet::Type.type(:ssh_authorized_key).new(
name: 'root@hostname',
type: :rsa,
key: sample_rsa_keys[0],
target: fake_rootfile,
user: 'root',
ensure: :absent,
)
end
it "does not modify root's keyfile if resource is currently not present" do
create_fake_key(:root, sample_lines)
run_in_catalog(resource)
check_fake_key(:root, sample_lines)
end
it "remove the key from root's keyfile if resource is currently present" do
create_fake_key(:root, sample_lines + ["ssh-rsa #{sample_rsa_keys[0]} root@hostname"])
run_in_catalog(resource)
check_fake_key(:root, sample_lines)
end
end
describe 'when ensure is present' do
let :resource do
Puppet::Type.type(:ssh_authorized_key).new(
name: 'root@hostname',
type: :rsa,
key: sample_rsa_keys[0],
target: fake_rootfile,
user: 'root',
ensure: :present,
)
end
# just a dummy so the parsedfile provider is aware
# of the user's authorized_keys file
it 'adds the key if it is not present' do
create_fake_key(:root, sample_lines)
run_in_catalog(resource)
check_fake_key(:root, sample_lines + ["ssh-rsa #{sample_rsa_keys[0]} root@hostname"])
end
it 'modifies the type if type is out of sync' do
create_fake_key(:root, sample_lines + ["ssh-dss #{sample_rsa_keys[0]} root@hostname"])
run_in_catalog(resource)
check_fake_key(:root, sample_lines + ["ssh-rsa #{sample_rsa_keys[0]} root@hostname"])
end
it 'modifies the key if key is out of sync' do
create_fake_key(:root, sample_lines + ["ssh-rsa #{sample_rsa_keys[1]} root@hostname"])
run_in_catalog(resource)
check_fake_key(:root, sample_lines + ["ssh-rsa #{sample_rsa_keys[0]} root@hostname"])
end
it 'removes the key from old file if target is out of sync' do
create_fake_key(:user, [sample_lines[0], "ssh-rsa #{sample_rsa_keys[0]} root@hostname"])
create_fake_key(:root, [sample_lines[1], sample_lines[2]])
run_in_catalog(resource, dummy)
check_fake_key(:user, [sample_lines[0]])
# check_fake_key(:root, [ sample_lines[1], sample_lines[2], "ssh-rsa #{sample_rsa_keys[0]} root@hostname" ])
end
it 'adds the key to new file if target is out of sync' do
create_fake_key(:user, [sample_lines[0], "ssh-rsa #{sample_rsa_keys[0]} root@hostname"])
create_fake_key(:root, [sample_lines[1], sample_lines[2]])
run_in_catalog(resource, dummy)
# check_fake_key(:user, [ sample_lines[0] ])
check_fake_key(:root, [sample_lines[1], sample_lines[2], "ssh-rsa #{sample_rsa_keys[0]} root@hostname"])
end
it 'modifies options if options are out of sync' do
resource[:options] = ['from="*.domain1,host1.domain2"', 'no-port-forwarding', 'no-pty']
create_fake_key(:root, sample_lines + ["from=\"*.false,*.false2\",no-port-forwarding,no-pty ssh-rsa #{sample_rsa_keys[0]} root@hostname"])
run_in_catalog(resource)
check_fake_key(:root, sample_lines + ["from=\"*.domain1,host1.domain2\",no-port-forwarding,no-pty ssh-rsa #{sample_rsa_keys[0]} root@hostname"])
end
end
end
describe 'when managing two resource' do
let :examples do
resources = []
resources << Puppet::Type.type(:ssh_authorized_key).new(
name: 'root@hostname',
type: :rsa,
key: sample_rsa_keys[0],
target: fake_rootfile,
user: 'root',
ensure: :present,
)
resources << Puppet::Type.type(:ssh_authorized_key).new(
name: 'user@hostname',
key: sample_rsa_keys[1],
type: :rsa,
target: fake_userfile,
user: 'nobody',
ensure: :present,
)
resources
end
describe 'and both keys are absent' do
before :each do
create_fake_key(:root, sample_lines)
create_fake_key(:user, sample_lines)
end
it 'adds both keys' do
run_in_catalog(*examples)
check_fake_key(:root, sample_lines + ["ssh-rsa #{sample_rsa_keys[0]} root@hostname"])
check_fake_key(:user, sample_lines + ["ssh-rsa #{sample_rsa_keys[1]} user@hostname"])
end
end
end
end