def test_provide_user(request, salt_factories, configure_kwargs):
master_config = salt_factories.configure_master(request, "master-1", **configure_kwargs)
if not configure_kwargs:
# salt-factories injects the current username
assert master_config["user"] is not None
assert master_config["user"] == running_username()
else:
# salt-factories does not override the passed user value
assert master_config["user"] != running_username()
assert master_config["user"] == "blah"
def test_provide_user(salt_factories, configure_kwargs):
minion_config = salt_factories.get_salt_minion_daemon(
random_string("minion-"), **configure_kwargs).config
if not configure_kwargs:
# salt-factories injects the current username
assert minion_config["user"] is not None
assert minion_config["user"] == running_username()
else:
# salt-factories does not override the passed user value
assert minion_config["user"] != running_username()
assert minion_config["user"] == "blah"
def final_common_config_tweaks(self, config, role):
config.setdefault("engines", [])
if "pytest" not in config["engines"]:
config["engines"].append("pytest")
if "engines_dirs" not in config:
config["engines_dirs"] = []
config["engines_dirs"].insert(
0, str(FactoriesManager.get_salt_engines_path()))
config.setdefault("user", running_username())
if not config["user"]:
# If this value is empty, None, False, just remove it
config.pop("user")
if "log_forwarding_consumer" not in config:
# Still using old logging, let's add our custom log handler
if "log_handlers_dirs" not in config:
config["log_handlers_dirs"] = []
config["log_handlers_dirs"].insert(
0, str(FactoriesManager.get_salt_log_handlers_path()))
pytest_key = "pytest-{}".format(role)
if pytest_key not in config:
config[pytest_key] = {}
pytest_config = config[pytest_key]
if "log" not in pytest_config:
pytest_config["log"] = {}
log_config = pytest_config["log"]
log_config.setdefault("host", self.log_server_host)
log_config.setdefault("port", self.log_server_port)
log_config.setdefault("level", self.log_server_level)
def verify_config(cls, config):
salt.utils.verify.verify_env(
[str(pathlib.Path(config["log_file"]).parent)],
running_username(),
pki_dir=config.get("pki_dir") or "",
root_dir=config["root_dir"],
)
def final_common_config_tweaks(self, config, role):
"""
Final common tweaks to the configuration.
"""
config.setdefault("engines", [])
if "pytest" not in config["engines"]:
config["engines"].append("pytest")
config.setdefault("user", running_username())
if not config["user"]: # pragma: no cover
# If this value is empty, None, False, just remove it
config.pop("user")
pytest_key = "pytest-{}".format(role)
if pytest_key not in config:
config[pytest_key] = {}
pytest_config = config[pytest_key]
if "log" not in pytest_config: # pragma: no cover
pytest_config["log"] = {}
log_config = pytest_config["log"]
log_config.setdefault("host", self.log_server_host)
log_config.setdefault("port", self.log_server_port)
log_config.setdefault("level", "debug")
def verify_config(cls, config):
salt.utils.verify.verify_env(
cls._get_verify_config_entries(config),
running_username(),
pki_dir=config.get("pki_dir") or "",
root_dir=config["root_dir"],
)
def get_salt_ssh_cli(self,
factory_class=cli.ssh.SaltSshCliFactory,
roster_file=None,
target_host=None,
client_key=None,
ssh_user=None,
**factory_class_kwargs):
"""
Return a `salt-ssh` CLI process for this master instance
Args:
roster_file(str):
The roster file to use
target_host(str):
The target host address to connect to
client_key(str):
The path to the private ssh key to use to connect
ssh_user(str):
The remote username to connect as
"""
script_path = cli_scripts.generate_script(
self.factories_manager.scripts_dir,
"salt-ssh",
code_dir=self.factories_manager.code_dir,
inject_coverage=self.factories_manager.inject_coverage,
inject_sitecustomize=self.factories_manager.inject_sitecustomize,
)
return factory_class(cli_script_name=script_path,
config=self.config.copy(),
roster_file=roster_file,
target_host=target_host,
client_key=client_key,
ssh_user=ssh_user or running_username(),
**factory_class_kwargs)
def verify_config(cls, config):
"""
Verify the configuration dictionary.
"""
salt.utils.verify.verify_env(
cls._get_verify_config_entries(config),
running_username(),
pki_dir=config.get("pki_dir") or "",
root_dir=config["root_dir"],
)
def __attrs_post_init__(self):
"""
Post attrs initialization routines.
"""
if self.authorized_keys is None:
self.authorized_keys = []
if self.sshd_config_dict is None:
self.sshd_config_dict = {}
if self.listen_address is None:
self.listen_address = "127.0.0.1"
if self.listen_port is None:
self.listen_port = ports.get_unused_localhost_port()
self.check_ports = [self.listen_port]
if isinstance(self.config_dir, str):
self.config_dir = pathlib.Path(self.config_dir)
elif not isinstance(self.config_dir, pathlib.Path):
# A py local path?
self.config_dir = pathlib.Path(self.config_dir.strpath)
self.config_dir.chmod(0o0700)
authorized_keys_file = self.config_dir / "authorized_keys"
# Let's generate the client key
self.client_key = self._generate_client_ecdsa_key()
with open("{}.pub".format(self.client_key)) as rfh:
pubkey = rfh.read().strip()
log.debug("SSH client pub key: %r", pubkey)
self.authorized_keys.append(pubkey)
# Write the authorized pub keys to file
with open(str(authorized_keys_file), "w") as wfh:
wfh.write("\n".join(self.authorized_keys))
authorized_keys_file.chmod(0o0600)
with open(str(authorized_keys_file)) as rfh:
log.debug("AuthorizedKeysFile contents:\n%s", rfh.read())
_default_config = {
"ListenAddress": self.listen_address,
"PermitRootLogin": "******" if running_username() == "root" else "no",
"ChallengeResponseAuthentication": "no",
"PasswordAuthentication": "no",
"PubkeyAuthentication": "yes",
"PrintMotd": "no",
"PidFile": self.config_dir / "sshd.pid",
"AuthorizedKeysFile": authorized_keys_file,
}
if self.sshd_config_dict:
_default_config.update(self.sshd_config_dict)
self.sshd_config = _default_config
self._write_config()
super().__attrs_post_init__()
def verify_config(cls, config):
prepend_root_dirs = []
for config_key in ("log_file", ):
if urllib.parse.urlparse(config.get(config_key, "")).scheme == "":
prepend_root_dirs.append(config_key)
if prepend_root_dirs:
salt.config.prepend_root_dir(config, prepend_root_dirs)
salt.utils.verify.verify_env(
[str(pathlib.Path(config["log_file"]).parent)],
running_username(),
pki_dir=config.get("pki_dir") or "",
root_dir=config["root_dir"],
)
def _ssh_keygen(self, key_filename, key_type, bits, comment=None):
try:
ssh_keygen = self._ssh_keygen_path
except AttributeError:
ssh_keygen = self._ssh_keygen_path = shutil.which("ssh-keygen")
if comment is None:
comment = "{user}@{host}-{date}".format(
user=running_username(),
host=socket.gethostname(),
date=datetime.utcnow().strftime("%Y-%m-%d"),
)
cmdline = [
ssh_keygen,
"-t",
key_type,
"-b",
bits,
"-C",
comment,
"-f",
key_filename,
"-P",
"",
]
try:
subprocess.run(
cmdline,
cwd=str(self.config_dir),
check=True,
universal_newlines=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
)
except subprocess.CalledProcessError as exc:
raise FactoryFailure(
"Failed to generate ssh key.",
cmdline=exc.args,
stdout=exc.stdout,
stderr=exc.stderr,
exitcode=exc.returncode,
)
def test_provide_user(salt_factories, mom, configure_kwargs):
syndic_id = random_string("syndic-")
syndic = mom.get_salt_syndic_daemon(syndic_id, **configure_kwargs)
if not configure_kwargs:
# salt-factories injects the current username
assert syndic.master.config["user"] is not None
assert syndic.master.config["user"] == running_username()
assert syndic.minion.config["user"] is not None
assert syndic.minion.config["user"] == running_username()
assert syndic.config["user"] is not None
assert syndic.config["user"] == running_username()
else:
assert syndic.master.config["user"] != running_username()
assert syndic.master.config["user"] == "blah"
assert syndic.minion.config["user"] != running_username()
assert syndic.minion.config["user"] == "blah"
# salt-factories does not override the passed user value
assert syndic.config["user"] != running_username()
assert syndic.config["user"] == "blah"
