1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
|
#!/usr/bin/env rspec
require 'spec_helper'
ssh_authorized_key = Puppet::Type.type(:ssh_authorized_key)
describe ssh_authorized_key do
include PuppetSpec::Files
before do
@class = Puppet::Type.type(:ssh_authorized_key)
@provider_class = stub 'provider_class', :name => "fake", :suitable? => true, :supports_parameter? => true
@class.stubs(:defaultprovider).returns(@provider_class)
@class.stubs(:provider).returns(@provider_class)
@provider = stub 'provider', :class => @provider_class, :file_path => make_absolute("/tmp/whatever"), :clear => nil
@provider_class.stubs(:new).returns(@provider)
@catalog = Puppet::Resource::Catalog.new
end
it "should have :name be its namevar" do
@class.key_attributes.should == [:name]
end
describe "when validating attributes" do
[:name, :provider].each do |param|
it "should have a #{param} parameter" do
@class.attrtype(param).should == :param
end
end
[:type, :key, :user, :target, :options, :ensure].each do |property|
it "should have a #{property} property" do
@class.attrtype(property).should == :property
end
end
end
describe "when validating values" do
describe "for name" do
it "should support valid names" do
proc { @class.new(:name => "username", :ensure => :present, :user => "nobody") }.should_not raise_error
proc { @class.new(:name => "username@hostname", :ensure => :present, :user => "nobody") }.should_not raise_error
end
it "should not support whitespaces" do
proc { @class.new(:name => "my test", :ensure => :present, :user => "nobody") }.should raise_error(Puppet::Error,/Resourcename must not contain whitespace/)
proc { @class.new(:name => "my\ttest", :ensure => :present, :user => "nobody") }.should raise_error(Puppet::Error,/Resourcename must not contain whitespace/)
end
end
describe "for ensure" do
it "should support :present" do
proc { @class.new(:name => "whev", :ensure => :present, :user => "nobody") }.should_not raise_error
end
it "should support :absent" do
proc { @class.new(:name => "whev", :ensure => :absent, :user => "nobody") }.should_not raise_error
end
it "should not support other values" do
proc { @class.new(:name => "whev", :ensure => :foo, :user => "nobody") }.should raise_error(Puppet::Error, /Invalid value/)
end
end
describe "for type" do
it "should support ssh-dss" do
proc { @class.new(:name => "whev", :type => "ssh-dss", :user => "nobody") }.should_not raise_error
end
it "should support ssh-rsa" do
proc { @class.new(:name => "whev", :type => "ssh-rsa", :user => "nobody") }.should_not raise_error
end
it "should support :dsa" do
proc { @class.new(:name => "whev", :type => :dsa, :user => "nobody") }.should_not raise_error
end
it "should support :rsa" do
proc { @class.new(:name => "whev", :type => :rsa, :user => "nobody") }.should_not raise_error
end
it "should alias :rsa to :ssh-rsa" do
key = @class.new(:name => "whev", :type => :rsa, :user => "nobody")
key.should(:type).should == :'ssh-rsa'
end
it "should alias :dsa to :ssh-dss" do
key = @class.new(:name => "whev", :type => :dsa, :user => "nobody")
key.should(:type).should == :'ssh-dss'
end
it "should not support values other than ssh-dss, ssh-rsa, dsa, rsa" do
proc { @class.new(:name => "whev", :type => :something) }.should raise_error(Puppet::Error,/Invalid value/)
end
end
describe "for key" do
it "should support a valid key like a 1024 bit rsa key" do
proc { @class.new(:name => "whev", :type => :rsa, :user => "nobody", :key => 'AAAAB3NzaC1yc2EAAAADAQABAAAAgQDCPfzW2ry7XvMc6E5Kj2e5fF/YofhKEvsNMUogR3PGL/HCIcBlsEjKisrY0aYgD8Ikp7ZidpXLbz5dBsmPy8hJiBWs5px9ZQrB/EOQAwXljvj69EyhEoGawmxQMtYw+OAIKHLJYRuk1QiHAMHLp5piqem8ZCV2mLb9AsJ6f7zUVw==')}.should_not raise_error
end
it "should support a valid key like a 4096 bit rsa key" do
proc { @class.new(:name => "whev", :type => :rsa, :user => "nobody", :key => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQDEY4pZFyzSfRc9wVWI3DfkgT/EL033UZm/7x1M+d+lBD00qcpkZ6CPT7lD3Z+vylQlJ5S8Wcw6C5Smt6okZWY2WXA9RCjNJMIHQbJAzwuQwgnwU/1VMy9YPp0tNVslg0sUUgpXb13WW4mYhwxyGmIVLJnUrjrQmIFhtfHsJAH8ZVqCWaxKgzUoC/YIu1u1ScH93lEdoBPLlwm6J0aiM7KWXRb7Oq1nEDZtug1zpX5lhgkQWrs0BwceqpUbY+n9sqeHU5e7DCyX/yEIzoPRW2fe2Gx1Iq6JKM/5NNlFfaW8rGxh3Z3S1NpzPHTRjw8js3IeGiV+OPFoaTtM1LsWgPDSBlzIdyTbSQR7gKh0qWYCNV/7qILEfa0yIFB5wIo4667iSPZw2pNgESVtenm8uXyoJdk8iWQ4mecdoposV/znknNb2GPgH+n/2vme4btZ0Sl1A6rev22GQjVgbWOn8zaDglJ2vgCN1UAwmq41RXprPxENGeLnWQppTnibhsngu0VFllZR5kvSIMlekLRSOFLFt92vfd+tk9hZIiKm9exxcbVCGGQPsf6dZ27rTOmg0xM2Sm4J6RRKuz79HQgA4Eg18+bqRP7j/itb89DmtXEtoZFAsEJw8IgIfeGGDtHTkfAlAC92mtK8byeaxGq57XCTKbO/r5gcOMElZHy1AcB8kw==')}.should_not raise_error
end
it "should support a valid key like a 1024 bit dsa key" do
proc { @class.new(:name => "whev", :type => :dsa, :user => "nobody", :key => 'AAAAB3NzaC1kc3MAAACBAI80iR78QCgpO4WabVqHHdEDigOjUEHwIjYHIubR/7u7DYrXY+e+TUmZ0CVGkiwB/0yLHK5dix3Y/bpj8ZiWCIhFeunnXccOdE4rq5sT2V3l1p6WP33RpyVYbLmeuHHl5VQ1CecMlca24nHhKpfh6TO/FIwkMjghHBfJIhXK+0w/AAAAFQDYzLupuMY5uz+GVrcP+Kgd8YqMmwAAAIB3SVN71whLWjFPNTqGyyIlMy50624UfNOaH4REwO+Of3wm/cE6eP8n75vzTwQGBpJX3BPaBGW1S1Zp/DpTOxhCSAwZzAwyf4WgW7YyAOdxN3EwTDJZeyiyjWMAOjW9/AOWt9gtKg0kqaylbMHD4kfiIhBzo31ZY81twUzAfN7angAAAIBfva8sTSDUGKsWWIXkdbVdvM4X14K4gFdy0ZJVzaVOtZ6alysW6UQypnsl6jfnbKvsZ0tFgvcX/CPyqNY/gMR9lyh/TCZ4XQcbqeqYPuceGehz+jL5vArfqsW2fJYFzgCcklmr/VxtP5h6J/T0c9YcDgc/xIfWdZAlznOnphI/FA==')}.should_not raise_error
end
it "should not support whitespaces" do
proc { @class.new(:name => "whev", :type => :rsa, :user => "nobody", :key => 'AAA FA==')}.should raise_error(Puppet::Error,/Key must not contain whitespace/)
end
end
describe "for options" do
it "should support flags as options" do
proc { @class.new(:name => "whev", :type => :rsa, :user => "nobody", :options => 'cert-authority')}.should_not raise_error
proc { @class.new(:name => "whev", :type => :rsa, :user => "nobody", :options => 'no-port-forwarding')}.should_not raise_error
end
it "should support key-value pairs as options" do
proc { @class.new(:name => "whev", :type => :rsa, :user => "nobody", :options => 'command="command"')}.should_not raise_error
end
it "should support environments as options" do
proc { @class.new(:name => "whev", :type => :rsa, :user => "nobody", :options => 'environment="NAME=value"')}.should_not raise_error
end
it "should support multiple options as an array" do
proc { @class.new(:name => "whev", :type => :rsa, :user => "nobody", :options => ['cert-authority','environment="NAME=value"'])}.should_not raise_error
end
it "should not support a comma separated lists" do
proc { @class.new(:name => "whev", :type => :rsa, :user => "nobody", :options => 'cert-authority,no-port-forwarding')}.should raise_error(Puppet::Error, /must be provided as an array/)
end
it "should use :absent as a default value" do
@class.new(:name => "whev", :type => :rsa, :user => "nobody").should(:options).should == [:absent]
end
it "property should return well formed string of arrays from is_to_s" do
resource = @class.new(:name => "whev", :type => :rsa, :user => "nobody", :options => ["a","b","c"])
resource.property(:options).is_to_s(["a","b","c"]).should == "a,b,c"
end
it "property should return well formed string of arrays from is_to_s" do
resource = @class.new(:name => "whev", :type => :rsa, :user => "nobody", :options => ["a","b","c"])
resource.property(:options).should_to_s(["a","b","c"]).should == "a,b,c"
end
end
describe "for user" do
it "should support present users" do
proc { @class.new(:name => "whev", :type => :rsa, :user => "root") }.should_not raise_error
end
it "should support absent users" do
proc { @class.new(:name => "whev", :type => :rsa, :user => "ihopeimabsent") }.should_not raise_error
end
end
describe "for target" do
it "should support absolute paths" do
proc { @class.new(:name => "whev", :type => :rsa, :target => "/tmp/here") }.should_not raise_error
end
it "should use the user's path if not explicitly specified", :fails_on_windows => true do
@class.new(:name => "whev", :user => 'root').should(:target).should == File.expand_path("~root/.ssh/authorized_keys")
end
it "should not consider the user's path if explicitly specified" do
@class.new(:name => "whev", :user => 'root', :target => '/tmp/here').should(:target).should == '/tmp/here'
end
it "should inform about an absent user" do
Puppet::Log.level = :debug
@class.new(:name => "whev", :user => 'idontexist').should(:target)
@logs.map(&:message).should include("The required user is not yet present on the system")
end
end
end
describe "when neither user nor target is specified" do
it "should raise an error" do
proc do
@class.new(
:name => "Test",
:key => "AAA",
:type => "ssh-rsa",
:ensure => :present)
end.should raise_error(Puppet::Error,/user.*or.*target.*mandatory/)
end
end
describe "when both target and user are specified" do
it "should use target" do
resource = @class.new(
:name => "Test",
:user => "root",
:target => "/tmp/blah"
)
resource.should(:target).should == "/tmp/blah"
end
end
describe "when user is specified", :unless => Puppet.features.microsoft_windows? do
it "should determine target" do
resource = @class.create(
:name => "Test",
:user => "root"
)
target = File.expand_path("~root/.ssh/authorized_keys")
resource.should(:target).should == target
end
# Bug #2124 - ssh_authorized_key always changes target if target is not defined
it "should not raise spurious change events" do
resource = @class.new(:name => "Test", :user => "root")
target = File.expand_path("~root/.ssh/authorized_keys")
resource.property(:target).safe_insync?(target).should == true
end
end
describe "when calling validate" do
it "should not crash on a non-existant user" do
resource = @class.create(
:name => "Test",
:user => "ihopesuchuserdoesnotexist"
)
proc { resource.validate }.should_not raise_error
end
end
end
|