diff options
| -rw-r--r-- | CHANGELOG.md | 14 | ||||
| -rw-r--r-- | lib/puppet/provider/sshkey/parsed.rb | 4 | ||||
| -rw-r--r-- | lib/puppet/type/sshkey.rb | 4 | ||||
| -rw-r--r-- | metadata.json | 2 | ||||
| -rw-r--r-- | spec/acceptance/tests/resource/sshkey/purge_spec.rb | 73 | ||||
| -rw-r--r-- | spec/unit/type/user_spec.rb | 32 |
6 files changed, 115 insertions, 14 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index cfae002..bd806b7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,19 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org). -## [2.0.0](https://github.com/puppetlabs/puppetlabs-sshkeys_core/tree/2.0.0) (2020-03-12) +## [2.1.0](https://github.com/puppetlabs/puppetlabs-sshkeys_core/tree/2.1.0) (2020-06-22) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-sshkeys_core/compare/2.0.0...2.1.0) + +### Added + +- \(MODULES-10671\) New SSH key types for OpenSSH 8.2 [\#31](https://github.com/puppetlabs/puppetlabs-sshkeys_core/pull/31) ([Dorin-Pleava](https://github.com/Dorin-Pleava)) + +### Fixed + +- \(PUP-10510\) Fix sshkeys not being correctly purged [\#32](https://github.com/puppetlabs/puppetlabs-sshkeys_core/pull/32) ([GabrielNagy](https://github.com/GabrielNagy)) + +## [2.0.0](https://github.com/puppetlabs/puppetlabs-sshkeys_core/tree/2.0.0) (2020-03-13) [Full Changelog](https://github.com/puppetlabs/puppetlabs-sshkeys_core/compare/1.0.3...2.0.0) diff --git a/lib/puppet/provider/sshkey/parsed.rb b/lib/puppet/provider/sshkey/parsed.rb index 965c20d..3ed0873 100644 --- a/lib/puppet/provider/sshkey/parsed.rb +++ b/lib/puppet/provider/sshkey/parsed.rb @@ -28,6 +28,10 @@ Puppet::Type.type(:sshkey).provide( 0o644 end + def title + "#{property_hash[:name]}@#{property_hash[:type]}" + end + def self.default_target case Facter.value(:operatingsystem) when 'Darwin' diff --git a/lib/puppet/type/sshkey.rb b/lib/puppet/type/sshkey.rb index eeca5fe..d45c059 100644 --- a/lib/puppet/type/sshkey.rb +++ b/lib/puppet/type/sshkey.rb @@ -12,6 +12,10 @@ module Puppet "#{self[:name]}@#{self[:type]}" end + def self.parameters_to_include + [:name, :type] + end + def self.title_patterns [ [ diff --git a/metadata.json b/metadata.json index 06ade51..f9a84ef 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-sshkeys_core", - "version": "2.0.0", + "version": "2.1.0", "author": "puppetlabs", "summary": "Manage SSH authorized keys, and known hosts.", "license": "Apache-2.0", diff --git a/spec/acceptance/tests/resource/sshkey/purge_spec.rb b/spec/acceptance/tests/resource/sshkey/purge_spec.rb new file mode 100644 index 0000000..23ce37b --- /dev/null +++ b/spec/acceptance/tests/resource/sshkey/purge_spec.rb @@ -0,0 +1,73 @@ +require 'spec_helper_acceptance' + +RSpec.context 'sshkeys: Purge' do + let(:keyname) { "pl#{rand(999_999).to_i}" } + + # FIXME: This is bletcherous + let(:ssh_known_hosts) { '/etc/ssh/ssh_known_hosts' } + + let(:purge_manifest) do + <<-MANIFEST + resources { 'sshkey': + purge => true, + } + MANIFEST + end + + before(:each) do + posix_agents.agents.each do |agent| + # The 'cp' might fail because the source file doesn't exist + on( + agent, + "cp -fv #{ssh_known_hosts} /tmp/ssh_known_hosts", + acceptable_exit_codes: [0, 1], + ) + cmd = <<-CMD +echo '' > #{ssh_known_hosts} +echo '#{keyname} ssh-rsa how_about_the_initial_rsa_key_of_c' >> #{ssh_known_hosts} +echo '#{keyname} ssh-dss how_about_the_initial_dss_key_of_c' >> #{ssh_known_hosts} +CMD + on(agent, cmd) + end + end + + after(:each) do + posix_agents.each do |agent| + # Is it present? + rc = on( + agent, + '[ -e /tmp/ssh_known_hosts ]', + accept_all_exit_codes: true, + ) + if rc.exit_code == 0 + # It's present, so restore the original + on( + agent, + "mv -fv /tmp/ssh_known_hosts #{ssh_known_hosts}", + accept_all_exit_codes: true, + ) + else + # It's missing, which means there wasn't one to backup; just + # delete the one we laid down + on( + agent, + "rm -fv #{ssh_known_hosts}", + accept_all_exit_codes: true, + ) + end + end + end + + posix_agents.each do |agent| + it "#{agent} should be able to purge all SSH known host keys" do + apply_manifest_on(agent, purge_manifest, catch_failures: true) + + # expect purging to be idempotent + apply_manifest_on(agent, purge_manifest, catch_changes: true) + + on(agent, "cat #{ssh_known_hosts}") do |_res| + expect(stdout).not_to include('how_about_the_initial') + end + end + end +end diff --git a/spec/unit/type/user_spec.rb b/spec/unit/type/user_spec.rb index 122434f..449f3dd 100644 --- a/spec/unit/type/user_spec.rb +++ b/spec/unit/type/user_spec.rb @@ -55,23 +55,23 @@ describe Puppet::Type.type(:user) do end end - context 'with no home directory specified' do - it 'does not accept true' do - expect { + if Puppet.version.start_with?('6') + context 'with no home directory specified' do + before(:each) do + Dir.stubs(:home).with('a').returns('/home/a') + end + + it 'does accept true' do described_class.new(name: 'a', purge_ssh_keys: true) - }.to raise_error(Puppet::Error, %r{purge_ssh_keys can only be true for users with a defined home directory}) - end + end - it 'does not accept the ~ wildcard' do - expect { + it 'does accept the ~ wildcard' do described_class.new(name: 'a', purge_ssh_keys: '~/keys') - }.to raise_error(Puppet::Error, %r{meta character ~ or %h only allowed for users with a defined home directory}) - end + end - it 'does not accept the %h wildcard' do - expect { + it 'does accept the %h wildcard' do described_class.new(name: 'a', purge_ssh_keys: '%h/keys') - }.to raise_error(Puppet::Error, %r{meta character ~ or %h only allowed for users with a defined home directory}) + end end end @@ -82,6 +82,10 @@ describe Puppet::Type.type(:user) do res end + before(:each) do + Dir.stubs(:home).with('test').returns('/home/test') + end + let(:paths) do ['/dev/null', '/tmp/keyfile'].map { |path| File.expand_path(path) } end @@ -106,6 +110,10 @@ describe Puppet::Type.type(:user) do res end + before(:each) do + Dir.stubs(:home).with('test_user_name').returns('/home/test_user_name') + end + context 'when purging is disabled' do let(:purge_param) { false } |