def test_parse_with_options_passed_in(self):
# test key line with key type and base64 only
parser = ssh_util.AuthKeyLineParser()
baseline = ' '.join(("rsa", VALID_CONTENT['rsa'], "user@host"))
myopts = "no-port-forwarding,no-agent-forwarding"
key = parser.parse("allowedopt" + " " + baseline)
self.assertEqual(key.options, "allowedopt")
key = parser.parse("overridden_opt " + baseline, options=myopts)
self.assertEqual(key.options, myopts)
def test_parse_no_comment(self):
# test key line with key type and base64 only
parser = ssh_util.AuthKeyLineParser()
for ktype in ['rsa', 'ecdsa', 'dsa']:
content = VALID_CONTENT[ktype]
line = ' '.join((ktype, content,))
key = parser.parse(line)
self.assertEqual(key.base64, content)
self.assertFalse(key.options)
self.assertFalse(key.comment)
self.assertEqual(key.keytype, ktype)
def test_simple_parse(self):
# test key line with common 3 fields (keytype, base64, comment)
parser = ssh_util.AuthKeyLineParser()
for ktype in KEY_TYPES:
content = VALID_CONTENT[ktype]
comment = 'user-%s@host' % ktype
line = ' '.join((ktype, content, comment,))
key = parser.parse(line)
self.assertEqual(key.base64, content)
self.assertFalse(key.options)
self.assertEqual(key.comment, comment)
self.assertEqual(key.keytype, ktype)
def inject_public_ssh_keys(keys):
"""Injects discovered and metadata supplied SSH keys into the root account"""
keys_to_add = {}
parser = ssh_util.AuthKeyLineParser()
for k in keys:
authkeyline = parser.parse(str(k))
keys_to_add[authkeyline.base64] = k
existing_keys = ssh_util.parse_authorized_keys(SSH_KEY_FILE)
for existing_key in existing_keys:
if existing_key.base64 in keys_to_add:
del keys_to_add[existing_key.base64]
with open(SSH_KEY_FILE, 'a+') as keyfile:
for k in keys_to_add:
keyfile.write(keys_to_add[k] + '\n')
def test_parse_with_keyoptions(self):
# test key line with options in it
parser = ssh_util.AuthKeyLineParser()
options = TEST_OPTIONS
for ktype in ['rsa', 'ecdsa', 'dsa']:
content = VALID_CONTENT[ktype]
comment = 'user-%s@host' % ktype
line = ' '.join((options, ktype, content, comment,))
key = parser.parse(line)
self.assertEqual(key.base64, content)
self.assertEqual(key.options, options)
self.assertEqual(key.comment, comment)
self.assertEqual(key.keytype, ktype)
def test_new_keys_replace(self):
"""new entries with the same base64 should replace old."""
orig_entries = [
' '.join(('rsa', VALID_CONTENT['rsa'], 'orig_comment1')),
' '.join(('dsa', VALID_CONTENT['dsa'], 'orig_comment2'))]
new_entries = [
' '.join(('rsa', VALID_CONTENT['rsa'], 'new_comment1')), ]
expected = '\n'.join([new_entries[0], orig_entries[1]]) + '\n'
parser = ssh_util.AuthKeyLineParser()
found = ssh_util.update_authorized_keys(
[parser.parse(p) for p in orig_entries],
[parser.parse(p) for p in new_entries])
self.assertEqual(expected, found)
def test_simple_parse(self):
# test key line with common 3 fields (keytype, base64, comment)
parser = ssh_util.AuthKeyLineParser()
ecdsa_types = [
'ecdsa-sha2-nistp256',
'ecdsa-sha2-nistp384',
'ecdsa-sha2-nistp521',
]
for ktype in ['rsa', 'ecdsa', 'dsa'] + ecdsa_types:
content = VALID_CONTENT[ktype]
comment = 'user-%s@host' % ktype
line = ' '.join((ktype, content, comment,))
key = parser.parse(line)
self.assertEqual(key.base64, content)
self.assertFalse(key.options)
self.assertEqual(key.comment, comment)
self.assertEqual(key.keytype, ktype)
def test_new_invalid_keys_are_ignored(self):
"""new entries that are invalid should be skipped."""
orig_entries = [
' '.join(('rsa', VALID_CONTENT['rsa'], 'orig_comment1')), ' '.join(
('dsa', VALID_CONTENT['dsa'], 'orig_comment2'))
]
new_entries = [
' '.join(('rsa', VALID_CONTENT['rsa'], 'new_comment1')),
'xxx-invalid-thing1', 'xxx-invalid-blob2'
]
expected = '\n'.join([new_entries[0], orig_entries[1]]) + '\n'
parser = ssh_util.AuthKeyLineParser()
found = ssh_util.update_authorized_keys(
[parser.parse(p) for p in orig_entries],
[parser.parse(p) for p in new_entries])
self.assertEqual(expected, found)
def test_new_keys_replace(self):
"""new entries with the same base64 should replace old."""
orig_entries = [
" ".join(("rsa", VALID_CONTENT["rsa"], "orig_comment1")),
" ".join(("dsa", VALID_CONTENT["dsa"], "orig_comment2")),
]
new_entries = [
" ".join(("rsa", VALID_CONTENT["rsa"], "new_comment1")),
]
expected = "\n".join([new_entries[0], orig_entries[1]]) + "\n"
parser = ssh_util.AuthKeyLineParser()
found = ssh_util.update_authorized_keys(
[parser.parse(p) for p in orig_entries],
[parser.parse(p) for p in new_entries],
)
self.assertEqual(expected, found)
def test_new_invalid_keys_are_ignored(self):
"""new entries that are invalid should be skipped."""
orig_entries = [
" ".join(("rsa", VALID_CONTENT["rsa"], "orig_comment1")),
" ".join(("dsa", VALID_CONTENT["dsa"], "orig_comment2")),
]
new_entries = [
" ".join(("rsa", VALID_CONTENT["rsa"], "new_comment1")),
"xxx-invalid-thing1",
"xxx-invalid-blob2",
]
expected = "\n".join([new_entries[0], orig_entries[1]]) + "\n"
parser = ssh_util.AuthKeyLineParser()
found = ssh_util.update_authorized_keys(
[parser.parse(p) for p in orig_entries],
[parser.parse(p) for p in new_entries],
)
self.assertEqual(expected, found)
def test_parse_invalid_keytype(self):
parser = ssh_util.AuthKeyLineParser()
key = parser.parse(' '.join(["badkeytype", VALID_CONTENT['rsa']]))
self.assertFalse(key.valid())
