Skip to content

Commit

Permalink
redesign key retrieval test to use local http service
Browse files Browse the repository at this point in the history
Signed-off-by: Doug Knight <[email protected]>
  • Loading branch information
karmix committed Jan 28, 2021
1 parent 73a4bf4 commit f5d5eb4
Show file tree
Hide file tree
Showing 4 changed files with 40 additions and 7 deletions.
4 changes: 2 additions & 2 deletions resources/manage.rb
Original file line number Diff line number Diff line change
Expand Up @@ -90,8 +90,8 @@
ssh_keys = []
if u['ssh_keys']
Array(u['ssh_keys']).each do |key|
if key.start_with?('https')
ssh_keys += keys_from_url(key)
if key.start_with?('https') || key.start_with?('INSECURE:http')
ssh_keys += keys_from_url(key.delete_prefix('INSECURE:'))
else
ssh_keys << key
end
Expand Down
35 changes: 35 additions & 0 deletions test/fixtures/cookbooks/users_test/recipes/default.rb
Original file line number Diff line number Diff line change
@@ -1,3 +1,33 @@
# Stage a web service that will serve files out of the /_keys directory to
# help validate that the user_manage resource can retrieve ssh keys via
# HTTP.
require 'webrick'
keyserver_ready = false
keyserver = WEBrick::HTTPServer.new(
DocumentRoot: '/_keys',
StartCallback: -> { keyserver_ready = true }
)

# Populate the /_keys directory with fake ssh keys for the tests.
directory '/_keys'
file '/_keys/test_user_keys_url.keys' do
content <<~END_OF_SSH_KEYS
ssh-rsa FAKE+RSA+KEY+DATA
ecdsa-sha2-nistp256 FAKE+ECDSA+KEY+DATA
END_OF_SSH_KEYS
end

# Start the web service and wait for it to begin accepting connections.
ruby_block 'start key server' do
block do
Thread.new { keyserver.start }
[1..50].each do
break if keyserver_ready
sleep 0.1
end
end
end

user 'mwaddams' do
manage_home true
action :nothing
Expand All @@ -16,3 +46,8 @@
data_bag 'test_home_dir'
manage_nfs_home_dirs false
end

# Shutdown the web service.
ruby_block 'stop key server' do
block { keyserver.shutdown }
end
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"id": "test_user_keys_from_url",
"password": "$1$5cE1rI/9$4p0fomh9U4kAI23qUlZVv/",
"ssh_keys": [
"https://github.com/majormoses.keys",
"INSECURE:http://localhost/test_user_keys_url.keys",
"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU\nGPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3\nPbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XA\nt3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/En\nmZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbx\nNQCPO0ZZEa1== [email protected]"
],
"groups": [ "testgroup", "nfsgroup" ],
Expand Down
6 changes: 2 additions & 4 deletions test/integration/default/default_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -32,11 +32,9 @@
its('shell') { should eq '/bin/bash' }
end

# NOTE: this test is super brittle and should probably create a specific github
# user or mock an HTTP server with the keys
ssh_keys = [
'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCy3cbPekJYHAIa8J1fOr2iIqpx/7pl4giJYAG7HCfsunRRUq3dY1KhVw1BlmMGIDzNwcuNVIfBS5HS/wREqbHMXxbwAjWrMwUofWd09CTuKJZiyTLUC5pSQWKDXZrefH/Fwd7s+YKk1s78b49zkyDcHSnKxjN+5veinzeU+vaUF9duFAJ9OsL7kTDEzOUU0zJdSdUV0hH1lnljnvk8kXHLFl9sKS3iM2LRqW4B6wOc2RbXUnx+jwNaBsq1zd73F2q3Ta7GXdtW/q4oDYl3s72oW4ySL6TZfpLCiv/7txHicZiY1eqc591CON0k/Rh7eR7XsphwkUstoUPQcBuLqQPA529zBigD7A8PBmeHISxL2qirWjR2+PrEGn1b0yu8IHHz9ZgliX83Q4WpjXvJ3REj2jfM8hiFRV3lA/ovjQrmLLV8WUAZ8updcLE5mbhZzIsC4U/HKIJS02zoggHGHZauClwwcdBtIJnJqtP803yKNPO2sDudTpvEi8GZ8n6jSXo/N8nBVId2LZa5YY/g/v5kH0akn+/E3jXhw4CICNW8yICpeJO8dGYMOp3Bs9/cRK8QYomXqgpoFlvkgzT2h4Ie6lyRgNv5QnUyAnW43O5FdBnPk/XZ3LA462VU3uOfr0AQtEJzPccpFC6OCFYWdGwZQA/r1EZQES0yRfJLpx+uZQ==',
'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCy3cbPekJYHAIa8J1fOr2iIqpx/7pl4giJYAG7HCfsunRRUq3dY1KhVw1BlmMGIDzNwcuNVIfBS5HS/wREqbHMXxbwAjWrMwUofWd09CTuKJZiyTLUC5pSQWKDXZrefH/Fwd7s+YKk1s78b49zkyDcHSnKxjN+5veinzeU+vaUF9duFAJ9OsL7kTDEzOUU0zJdSdUV0hH1lnljnvk8kXHLFl9sKS3iM2LRqW4B6wOc2RbXUnx+jwNaBsq1zd73F2q3Ta7GXdtW/q4oDYl3s72oW4ySL6TZfpLCiv/7txHicZiY1eqc591CON0k/Rh7eR7XsphwkUstoUPQcBuLqQPA529zBigD7A8PBmeHISxL2qirWjR2+PrEGn1b0yu8IHHz9ZgliX83Q4WpjXvJ3REj2jfM8hiFRV3lA/ovjQrmLLV8WUAZ8updcLE5mbhZzIsC4U/HKIJS02zoggHGHZauClwwcdBtIJnJqtP803yKNPO2sDudTpvEi8GZ8n6jSXo/N8nBVId2LZa5YY/g/v5kH0akn+/E3jXhw4CICNW8yICpeJO8dGYMOp3Bs9/cRK8QYomXqgpoFlvkgzT2h4Ie6lyRgNv5QnUyAnW43O5FdBnPk/XZ3LA462VU3uOfr0AQtEJzPccpFC6OCFYWdGwZQA/r1EZQES0yRfJLpx+uZQ==',
'ssh-rsa FAKE+RSA+KEY+DATA',
'ecdsa-sha2-nistp256 FAKE+ECDSA+KEY+DATA',
]

describe file('/home/test_user_keys_from_url/.ssh/authorized_keys') do
Expand Down

0 comments on commit f5d5eb4

Please sign in to comment.