def test_parse_with_options_passed_in(self): # test key line with key type and base64 only parser = ssh_util.AuthKeyLineParser() baseline = ' '.join(("rsa", VALID_CONTENT['rsa'], "user@host")) myopts = "no-port-forwarding,no-agent-forwarding" key = parser.parse("allowedopt" + " " + baseline) self.assertEqual(key.options, "allowedopt") key = parser.parse("overridden_opt " + baseline, options=myopts) self.assertEqual(key.options, myopts)
def test_parse_no_comment(self): # test key line with key type and base64 only parser = ssh_util.AuthKeyLineParser() for ktype in ['rsa', 'ecdsa', 'dsa']: content = VALID_CONTENT[ktype] line = ' '.join((ktype, content,)) key = parser.parse(line) self.assertEqual(key.base64, content) self.assertFalse(key.options) self.assertFalse(key.comment) self.assertEqual(key.keytype, ktype)
def test_simple_parse(self): # test key line with common 3 fields (keytype, base64, comment) parser = ssh_util.AuthKeyLineParser() for ktype in KEY_TYPES: content = VALID_CONTENT[ktype] comment = 'user-%s@host' % ktype line = ' '.join((ktype, content, comment,)) key = parser.parse(line) self.assertEqual(key.base64, content) self.assertFalse(key.options) self.assertEqual(key.comment, comment) self.assertEqual(key.keytype, ktype)
def inject_public_ssh_keys(keys): """Injects discovered and metadata supplied SSH keys into the root account""" keys_to_add = {} parser = ssh_util.AuthKeyLineParser() for k in keys: authkeyline = parser.parse(str(k)) keys_to_add[authkeyline.base64] = k existing_keys = ssh_util.parse_authorized_keys(SSH_KEY_FILE) for existing_key in existing_keys: if existing_key.base64 in keys_to_add: del keys_to_add[existing_key.base64] with open(SSH_KEY_FILE, 'a+') as keyfile: for k in keys_to_add: keyfile.write(keys_to_add[k] + '\n')
def test_parse_with_keyoptions(self): # test key line with options in it parser = ssh_util.AuthKeyLineParser() options = TEST_OPTIONS for ktype in ['rsa', 'ecdsa', 'dsa']: content = VALID_CONTENT[ktype] comment = 'user-%s@host' % ktype line = ' '.join((options, ktype, content, comment,)) key = parser.parse(line) self.assertEqual(key.base64, content) self.assertEqual(key.options, options) self.assertEqual(key.comment, comment) self.assertEqual(key.keytype, ktype)
def test_new_keys_replace(self): """new entries with the same base64 should replace old.""" orig_entries = [ ' '.join(('rsa', VALID_CONTENT['rsa'], 'orig_comment1')), ' '.join(('dsa', VALID_CONTENT['dsa'], 'orig_comment2'))] new_entries = [ ' '.join(('rsa', VALID_CONTENT['rsa'], 'new_comment1')), ] expected = '\n'.join([new_entries[0], orig_entries[1]]) + '\n' parser = ssh_util.AuthKeyLineParser() found = ssh_util.update_authorized_keys( [parser.parse(p) for p in orig_entries], [parser.parse(p) for p in new_entries]) self.assertEqual(expected, found)
def test_simple_parse(self): # test key line with common 3 fields (keytype, base64, comment) parser = ssh_util.AuthKeyLineParser() ecdsa_types = [ 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', 'ecdsa-sha2-nistp521', ] for ktype in ['rsa', 'ecdsa', 'dsa'] + ecdsa_types: content = VALID_CONTENT[ktype] comment = 'user-%s@host' % ktype line = ' '.join((ktype, content, comment,)) key = parser.parse(line) self.assertEqual(key.base64, content) self.assertFalse(key.options) self.assertEqual(key.comment, comment) self.assertEqual(key.keytype, ktype)
def test_new_invalid_keys_are_ignored(self): """new entries that are invalid should be skipped.""" orig_entries = [ ' '.join(('rsa', VALID_CONTENT['rsa'], 'orig_comment1')), ' '.join( ('dsa', VALID_CONTENT['dsa'], 'orig_comment2')) ] new_entries = [ ' '.join(('rsa', VALID_CONTENT['rsa'], 'new_comment1')), 'xxx-invalid-thing1', 'xxx-invalid-blob2' ] expected = '\n'.join([new_entries[0], orig_entries[1]]) + '\n' parser = ssh_util.AuthKeyLineParser() found = ssh_util.update_authorized_keys( [parser.parse(p) for p in orig_entries], [parser.parse(p) for p in new_entries]) self.assertEqual(expected, found)
def test_new_keys_replace(self): """new entries with the same base64 should replace old.""" orig_entries = [ " ".join(("rsa", VALID_CONTENT["rsa"], "orig_comment1")), " ".join(("dsa", VALID_CONTENT["dsa"], "orig_comment2")), ] new_entries = [ " ".join(("rsa", VALID_CONTENT["rsa"], "new_comment1")), ] expected = "\n".join([new_entries[0], orig_entries[1]]) + "\n" parser = ssh_util.AuthKeyLineParser() found = ssh_util.update_authorized_keys( [parser.parse(p) for p in orig_entries], [parser.parse(p) for p in new_entries], ) self.assertEqual(expected, found)
def test_new_invalid_keys_are_ignored(self): """new entries that are invalid should be skipped.""" orig_entries = [ " ".join(("rsa", VALID_CONTENT["rsa"], "orig_comment1")), " ".join(("dsa", VALID_CONTENT["dsa"], "orig_comment2")), ] new_entries = [ " ".join(("rsa", VALID_CONTENT["rsa"], "new_comment1")), "xxx-invalid-thing1", "xxx-invalid-blob2", ] expected = "\n".join([new_entries[0], orig_entries[1]]) + "\n" parser = ssh_util.AuthKeyLineParser() found = ssh_util.update_authorized_keys( [parser.parse(p) for p in orig_entries], [parser.parse(p) for p in new_entries], ) self.assertEqual(expected, found)
def test_parse_invalid_keytype(self): parser = ssh_util.AuthKeyLineParser() key = parser.parse(' '.join(["badkeytype", VALID_CONTENT['rsa']])) self.assertFalse(key.valid())