test_ssh_auth.py 3.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116
  1. # -*- coding: utf-8 -*-
  2. '''
  3. Test the ssh_auth states
  4. '''
  5. # Import python libs
  6. from __future__ import absolute_import, unicode_literals, print_function
  7. import os
  8. import pytest
  9. # Import Salt Testing libs
  10. from tests.support.case import ModuleCase
  11. from tests.support.mixins import SaltReturnAssertsMixin
  12. from tests.support.runtime import RUNTIME_VARS
  13. from tests.support.helpers import (
  14. with_system_user,
  15. )
  16. # Import salt libs
  17. import salt.utils.files
  18. class SSHAuthStateTests(ModuleCase, SaltReturnAssertsMixin):
  19. @pytest.mark.destructive_test
  20. @pytest.mark.skip_if_not_root
  21. @with_system_user('issue_7409', on_existing='delete', delete=True)
  22. def test_issue_7409_no_linebreaks_between_keys(self, username):
  23. userdetails = self.run_function('user.info', [username])
  24. user_ssh_dir = os.path.join(userdetails['home'], '.ssh')
  25. authorized_keys_file = os.path.join(user_ssh_dir, 'authorized_keys')
  26. ret = self.run_state(
  27. 'file.managed',
  28. name=authorized_keys_file,
  29. user=username,
  30. makedirs=True,
  31. contents_newline=False,
  32. # Explicit no ending line break
  33. contents='ssh-rsa AAAAB3NzaC1kc3MAAACBAL0sQ9fJ5bYTEyY== root'
  34. )
  35. ret = self.run_state(
  36. 'ssh_auth.present',
  37. name='AAAAB3NzaC1kcQ9J5bYTEyZ==',
  38. enc='ssh-rsa',
  39. user=username,
  40. comment=username
  41. )
  42. self.assertSaltTrueReturn(ret)
  43. self.assertSaltStateChangesEqual(
  44. ret, {'AAAAB3NzaC1kcQ9J5bYTEyZ==': 'New'}
  45. )
  46. with salt.utils.files.fopen(authorized_keys_file, 'r') as fhr:
  47. self.assertEqual(
  48. fhr.read(),
  49. 'ssh-rsa AAAAB3NzaC1kc3MAAACBAL0sQ9fJ5bYTEyY== root\n'
  50. 'ssh-rsa AAAAB3NzaC1kcQ9J5bYTEyZ== {0}\n'.format(username)
  51. )
  52. @pytest.mark.destructive_test
  53. @pytest.mark.skip_if_not_root
  54. @with_system_user('issue_10198', on_existing='delete', delete=True)
  55. def test_issue_10198_keyfile_from_another_env(self, username=None):
  56. userdetails = self.run_function('user.info', [username])
  57. user_ssh_dir = os.path.join(userdetails['home'], '.ssh')
  58. authorized_keys_file = os.path.join(user_ssh_dir, 'authorized_keys')
  59. key_fname = 'issue_10198.id_rsa.pub'
  60. # Create the keyfile that we expect to get back on the state call
  61. with salt.utils.files.fopen(os.path.join(RUNTIME_VARS.TMP_PRODENV_STATE_TREE, key_fname), 'w') as kfh:
  62. kfh.write(
  63. 'ssh-rsa AAAAB3NzaC1kcQ9J5bYTEyZ== {0}\n'.format(username)
  64. )
  65. # Create a bogus key file on base environment
  66. with salt.utils.files.fopen(os.path.join(RUNTIME_VARS.TMP_STATE_TREE, key_fname), 'w') as kfh:
  67. kfh.write(
  68. 'ssh-rsa BAAAB3NzaC1kcQ9J5bYTEyZ== {0}\n'.format(username)
  69. )
  70. ret = self.run_state(
  71. 'ssh_auth.present',
  72. name='Setup Keys',
  73. source='salt://{0}?saltenv=prod'.format(key_fname),
  74. enc='ssh-rsa',
  75. user=username,
  76. comment=username
  77. )
  78. self.assertSaltTrueReturn(ret)
  79. with salt.utils.files.fopen(authorized_keys_file, 'r') as fhr:
  80. self.assertEqual(
  81. fhr.read(),
  82. 'ssh-rsa AAAAB3NzaC1kcQ9J5bYTEyZ== {0}\n'.format(username)
  83. )
  84. os.unlink(authorized_keys_file)
  85. ret = self.run_state(
  86. 'ssh_auth.present',
  87. name='Setup Keys',
  88. source='salt://{0}'.format(key_fname),
  89. enc='ssh-rsa',
  90. user=username,
  91. comment=username,
  92. saltenv='prod'
  93. )
  94. self.assertSaltTrueReturn(ret)
  95. with salt.utils.files.fopen(authorized_keys_file, 'r') as fhr:
  96. self.assertEqual(
  97. fhr.read(),
  98. 'ssh-rsa AAAAB3NzaC1kcQ9J5bYTEyZ== {0}\n'.format(username)
  99. )