1
0

test_ssh_auth.py 3.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116
  1. # -*- coding: utf-8 -*-
  2. '''
  3. Test the ssh_auth states
  4. '''
  5. # Import python libs
  6. from __future__ import absolute_import, unicode_literals, print_function
  7. import os
  8. # Import Salt Testing libs
  9. from tests.support.case import ModuleCase
  10. from tests.support.mixins import SaltReturnAssertsMixin
  11. from tests.support.runtests import RUNTIME_VARS
  12. from tests.support.helpers import (
  13. destructiveTest,
  14. with_system_user,
  15. skip_if_not_root
  16. )
  17. # Import salt libs
  18. import salt.utils.files
  19. class SSHAuthStateTests(ModuleCase, SaltReturnAssertsMixin):
  20. @destructiveTest
  21. @skip_if_not_root
  22. @with_system_user('issue_7409', on_existing='delete', delete=True)
  23. def test_issue_7409_no_linebreaks_between_keys(self, username):
  24. userdetails = self.run_function('user.info', [username])
  25. user_ssh_dir = os.path.join(userdetails['home'], '.ssh')
  26. authorized_keys_file = os.path.join(user_ssh_dir, 'authorized_keys')
  27. ret = self.run_state(
  28. 'file.managed',
  29. name=authorized_keys_file,
  30. user=username,
  31. makedirs=True,
  32. contents_newline=False,
  33. # Explicit no ending line break
  34. contents='ssh-rsa AAAAB3NzaC1kc3MAAACBAL0sQ9fJ5bYTEyY== root'
  35. )
  36. ret = self.run_state(
  37. 'ssh_auth.present',
  38. name='AAAAB3NzaC1kcQ9J5bYTEyZ==',
  39. enc='ssh-rsa',
  40. user=username,
  41. comment=username
  42. )
  43. self.assertSaltTrueReturn(ret)
  44. self.assertSaltStateChangesEqual(
  45. ret, {'AAAAB3NzaC1kcQ9J5bYTEyZ==': 'New'}
  46. )
  47. with salt.utils.files.fopen(authorized_keys_file, 'r') as fhr:
  48. self.assertEqual(
  49. fhr.read(),
  50. 'ssh-rsa AAAAB3NzaC1kc3MAAACBAL0sQ9fJ5bYTEyY== root\n'
  51. 'ssh-rsa AAAAB3NzaC1kcQ9J5bYTEyZ== {0}\n'.format(username)
  52. )
  53. @destructiveTest
  54. @skip_if_not_root
  55. @with_system_user('issue_10198', on_existing='delete', delete=True)
  56. def test_issue_10198_keyfile_from_another_env(self, username=None):
  57. userdetails = self.run_function('user.info', [username])
  58. user_ssh_dir = os.path.join(userdetails['home'], '.ssh')
  59. authorized_keys_file = os.path.join(user_ssh_dir, 'authorized_keys')
  60. key_fname = 'issue_10198.id_rsa.pub'
  61. # Create the keyfile that we expect to get back on the state call
  62. with salt.utils.files.fopen(os.path.join(RUNTIME_VARS.TMP_PRODENV_STATE_TREE, key_fname), 'w') as kfh:
  63. kfh.write(
  64. 'ssh-rsa AAAAB3NzaC1kcQ9J5bYTEyZ== {0}\n'.format(username)
  65. )
  66. # Create a bogus key file on base environment
  67. with salt.utils.files.fopen(os.path.join(RUNTIME_VARS.TMP_STATE_TREE, key_fname), 'w') as kfh:
  68. kfh.write(
  69. 'ssh-rsa BAAAB3NzaC1kcQ9J5bYTEyZ== {0}\n'.format(username)
  70. )
  71. ret = self.run_state(
  72. 'ssh_auth.present',
  73. name='Setup Keys',
  74. source='salt://{0}?saltenv=prod'.format(key_fname),
  75. enc='ssh-rsa',
  76. user=username,
  77. comment=username
  78. )
  79. self.assertSaltTrueReturn(ret)
  80. with salt.utils.files.fopen(authorized_keys_file, 'r') as fhr:
  81. self.assertEqual(
  82. fhr.read(),
  83. 'ssh-rsa AAAAB3NzaC1kcQ9J5bYTEyZ== {0}\n'.format(username)
  84. )
  85. os.unlink(authorized_keys_file)
  86. ret = self.run_state(
  87. 'ssh_auth.present',
  88. name='Setup Keys',
  89. source='salt://{0}'.format(key_fname),
  90. enc='ssh-rsa',
  91. user=username,
  92. comment=username,
  93. saltenv='prod'
  94. )
  95. self.assertSaltTrueReturn(ret)
  96. with salt.utils.files.fopen(authorized_keys_file, 'r') as fhr:
  97. self.assertEqual(
  98. fhr.read(),
  99. 'ssh-rsa AAAAB3NzaC1kcQ9J5bYTEyZ== {0}\n'.format(username)
  100. )