diff options
| author | mihaibuzgau <mihaibuzgau@users.noreply.github.com> | 2019-10-24 14:38:54 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-10-24 14:38:54 +0300 |
| commit | f78b81b829cb46dffe8fd93065d99d739f51cd46 (patch) | |
| tree | 14325ebd9557118ca4d3215acbc57d050d54fbd6 /spec/acceptance/tests | |
| parent | e3edf941df7b81d6f2abc32505247e0482c85dec (diff) | |
| parent | b2c153b6ff070d620d47c83265992f7226646ee8 (diff) | |
| download | puppet-sshkeys_core-f78b81b829cb46dffe8fd93065d99d739f51cd46.tar.gz puppet-sshkeys_core-f78b81b829cb46dffe8fd93065d99d739f51cd46.tar.bz2 | |
Merge pull request #20 from GabrielNagy/MODULES-9578/create-file-as-root
(MODULES-9578) Create ssh_authorized_key in root path
Diffstat (limited to 'spec/acceptance/tests')
3 files changed, 95 insertions, 7 deletions
diff --git a/spec/acceptance/tests/resource/ssh_authorized_key/create_spec.rb b/spec/acceptance/tests/resource/ssh_authorized_key/create_spec.rb index 5cf35fb..bfc75a7 100644 --- a/spec/acceptance/tests/resource/ssh_authorized_key/create_spec.rb +++ b/spec/acceptance/tests/resource/ssh_authorized_key/create_spec.rb @@ -5,11 +5,13 @@ RSpec.context 'ssh_authorized_key: Create' do let(:auth_keys) { '~/.ssh/authorized_keys' } let(:name) { "pl#{rand(999_999).to_i}" } + let(:custom_key_directory) { "/etc/ssh_authorized_keys_#{name}" } + let(:custom_key) { "#{custom_key_directory}/authorized_keys_#{name}" } before(:each) do posix_agents.each do |agent| - on(agent, "cp #{auth_keys} /tmp/auth_keys", acceptable_exit_codes: [0, 1]) - on(agent, "chown $LOGNAME #{auth_keys}") + on(agent, "cp -a #{auth_keys} /tmp/auth_keys", acceptable_exit_codes: [0, 1]) + on(agent, "rm -f #{auth_keys}") end end @@ -32,5 +34,55 @@ RSpec.context 'ssh_authorized_key: Create' do fail_test "didn't find the ssh_authorized_key for #{name}" unless stdout.include? name.to_s end end + + it "#{agent} should create an entry for an SSH authorized key in a custom location" do + on(agent, "mkdir #{custom_key_directory}") + args = ['ensure=present', + 'user=$LOGNAME', + "type='rsa'", + "key='mykey'", + "target='#{custom_key}'"] + on(agent, puppet_resource('ssh_authorized_key', name.to_s, args)) + + on(agent, "cat #{custom_key}") do |_res| + fail_test "didn't find the ssh_authorized_key for #{name}" unless stdout.include? name.to_s + end + on(agent, "rm -rf #{custom_key_directory}") + end + + it "#{agent} should fail if target user doesn't have permissions for symlinked path" do + # create a dummy user + on(agent, puppet_resource('user', 'testuser', 'ensure=present', 'managehome=true')) + + on(agent, "mkdir #{custom_key_directory}") + + # as the user, symlink an owned directory to something inside /root + on(agent, puppet_resource('file', '/home/testuser/tmp', ['ensure=/etc', 'owner=testuser'])) + args = ['ensure=present', + 'user=testuser', + "type='rsa'", + "key='mykey'", + 'drop_privileges=false', + "target=/home/testuser/tmp/ssh_authorized_keys_#{name}/authorized_keys_#{name}"] + on(agent, puppet_resource('ssh_authorized_key', name.to_s, args)) do |_res| + fail_test unless stderr =~ %r{the target path is not trusted} + end + on(agent, "rm -rf #{custom_key_directory}") + + # purge the user + on(agent, puppet_resource('user', 'testuser', 'ensure=absent')) + end + + it "#{agent} should not create directories for SSH authorized key in a custom location" do + args = ['ensure=present', + 'user=$LOGNAME', + "type='rsa'", + "key='mykey'", + 'drop_privileges=false', + "target='#{custom_key}'"] + on(agent, puppet_resource('ssh_authorized_key', name.to_s, args), acceptable_exit_codes: [0, 1]) do |_res| + fail_test unless stderr =~ %r{the target path is not trusted} + end + end end end diff --git a/spec/acceptance/tests/resource/ssh_authorized_key/destroy_spec.rb b/spec/acceptance/tests/resource/ssh_authorized_key/destroy_spec.rb index af160ce..a491eb6 100644 --- a/spec/acceptance/tests/resource/ssh_authorized_key/destroy_spec.rb +++ b/spec/acceptance/tests/resource/ssh_authorized_key/destroy_spec.rb @@ -5,13 +5,14 @@ RSpec.context 'sshkeys: Destroy' do let(:auth_keys) { '~/.ssh/authorized_keys' } let(:name) { "pl#{rand(999_999).to_i}" } + let(:custom_key_directory) { "/etc/ssh_authorized_keys_#{name}" } + let(:custom_key) { "#{custom_key_directory}/authorized_keys_#{name}" } before(:each) do posix_agents.each do |agent| - on(agent, "cp #{auth_keys} /tmp/auth_keys", acceptable_exit_codes: [0, 1]) - + on(agent, "cp -a #{auth_keys} /tmp/auth_keys", acceptable_exit_codes: [0, 1]) + on(agent, "rm -f #{auth_keys}") on(agent, "echo '' >> #{auth_keys} && echo 'ssh-rsa mykey #{name}' >> #{auth_keys}") - on(agent, "chown $LOGNAME #{auth_keys}") end end @@ -34,5 +35,21 @@ RSpec.context 'sshkeys: Destroy' do expect(stdout).not_to include(name.to_s) end end + + it "#{agent} should delete an entry for an SSH authorized key in a custom location" do + on(agent, "mkdir #{custom_key_directory}") + on(agent, "echo '' >> #{custom_key} && echo 'ssh-rsa mykey #{name}' >> #{custom_key}") + args = ['ensure=absent', + 'user=$LOGNAME', + "type='rsa'", + "key='mykey'", + "target='#{custom_key}'"] + on(agent, puppet_resource('ssh_authorized_key', name.to_s, args)) + + on(agent, "cat #{custom_key}") do |_res| + expect(stdout).not_to include(name.to_s) + end + on(agent, "rm -rf #{custom_key_directory}") + end end end diff --git a/spec/acceptance/tests/resource/ssh_authorized_key/modify_spec.rb b/spec/acceptance/tests/resource/ssh_authorized_key/modify_spec.rb index 3a46374..711d2fc 100644 --- a/spec/acceptance/tests/resource/ssh_authorized_key/modify_spec.rb +++ b/spec/acceptance/tests/resource/ssh_authorized_key/modify_spec.rb @@ -3,12 +3,14 @@ require 'spec_helper_acceptance' RSpec.context 'sshkeys: Modify' do let(:auth_keys) { '~/.ssh/authorized_keys' } let(:name) { "pl#{rand(999_999).to_i}" } + let(:custom_key_directory) { "/etc/ssh_authorized_keys_#{name}" } + let(:custom_key) { "#{custom_key_directory}/authorized_keys_#{name}" } before(:each) do posix_agents.each do |agent| - on(agent, "cp #{auth_keys} /tmp/auth_keys", acceptable_exit_codes: [0, 1]) + on(agent, "cp -a #{auth_keys} /tmp/auth_keys", acceptable_exit_codes: [0, 1]) + on(agent, "rm -f #{auth_keys}") on(agent, "echo '' >> #{auth_keys} && echo 'ssh-rsa mykey #{name}' >> #{auth_keys}") - on(agent, "chown $LOGNAME #{auth_keys}") end end @@ -32,5 +34,22 @@ RSpec.context 'sshkeys: Modify' do expect(stdout).not_to include("mykey #{name}") end end + + it "#{agent} should update an entry for an SSH authorized key in a custom location" do + on(agent, "mkdir #{custom_key_directory}") + on(agent, "echo '' >> #{custom_key} && echo 'ssh-rsa mykey #{name}' >> #{custom_key}") + args = ['ensure=present', + 'user=$LOGNAME', + "type='rsa'", + "key='mynewshinykey'", + "target='#{custom_key}'"] + on(agent, puppet_resource('ssh_authorized_key', name.to_s, args)) + + on(agent, "cat #{custom_key}") do |_res| + expect(stdout).to include("mynewshinykey #{name}") + expect(stdout).not_to include("mykey #{name}") + end + on(agent, "rm -rf #{custom_key_directory}") + end end end |