From 210f2e13ade80fbb39e6d1f9b2235ba098f2c780 Mon Sep 17 00:00:00 2001
From: Dorin Pleava <dorin.pleava@puppet.com>
Date: Mon, 25 May 2020 15:09:02 +0300
Subject: (MODULES-10671) New SSH key types for OpenSSH 8.2

Two new SSH key types were added on OpenSSH 8.2:
sk-ecdsa-sha2-nistp256@openssh.com(alias ecdsa-sk) and
sk-ssh-ed25519@openssh.com(alias ed25519-sk)
---
 spec/integration/provider/sshkey_spec.rb | 31 +++++++++++++++++++++++++++----
 1 file changed, 27 insertions(+), 4 deletions(-)

(limited to 'spec/integration')

diff --git a/spec/integration/provider/sshkey_spec.rb b/spec/integration/provider/sshkey_spec.rb
index 5f30db1..74e56a7 100644
--- a/spec/integration/provider/sshkey_spec.rb
+++ b/spec/integration/provider/sshkey_spec.rb
@@ -91,6 +91,25 @@ describe Puppet::Type.type(:sshkey).provider(:parsed), unless: Puppet.features.m
       expect(File.read(sshkey_file)).not_to match(%r{#{sshkey_name}.*Yqk0=})
     end
 
+    it 'prioritizes the specified type instead of type in the name' do
+      manifest = "#{type_under_test} { '#{super_unique}@rsa':
+      ensure => 'present',
+      type   => 'dsa',
+      key    => 'mykey',
+      target => '#{sshkey_file}' }"
+      apply_with_error_check(manifest)
+      expect(File.read(sshkey_file)).to match(%r{#{super_unique} ssh-dss.*mykey})
+    end
+
+    it 'can parse SSH key type that contains @openssh.com in name' do
+      manifest = "#{type_under_test} { '#{super_unique}@sk-ssh-ed25519@openssh.com':
+      ensure => 'present',
+      key    => 'mykey',
+      target => '#{sshkey_file}' }"
+      apply_with_error_check(manifest)
+      expect(File.read(sshkey_file)).to match(%r{#{super_unique} sk-ssh-ed25519@openssh.com.*mykey})
+    end
+
     # test all key types
     types = [
       'ssh-dss',     'dsa',
@@ -98,14 +117,18 @@ describe Puppet::Type.type(:sshkey).provider(:parsed), unless: Puppet.features.m
       'ssh-rsa',     'rsa',
       'ecdsa-sha2-nistp256',
       'ecdsa-sha2-nistp384',
-      'ecdsa-sha2-nistp521'
+      'ecdsa-sha2-nistp521',
+      'ecdsa-sk', 'sk-ecdsa-sha2-nistp256@openssh.com',
+      'ed25519-sk', 'sk-ssh-ed25519@openssh.com'
     ]
     # these types are treated as aliases for sshkey <ahem> type
     #   so they are populated as the *values* below
     aliases = {
-      'dsa'     => 'ssh-dss',
-      'ed25519' => 'ssh-ed25519',
-      'rsa'     => 'ssh-rsa',
+      'dsa'        => 'ssh-dss',
+      'ed25519'    => 'ssh-ed25519',
+      'rsa'        => 'ssh-rsa',
+      'ecdsa-sk'   => 'sk-ecdsa-sha2-nistp256@openssh.com',
+      'ed25519-sk' => 'sk-ssh-ed25519@openssh.com',
     }
     types.each do |type|
       it "should update an entry with #{type} type" do
-- 
cgit v1.2.3