def testOsloginEnabledOnProjectButDisabledOnInstance(self, oslogin_mock):
# Should fall through to alternate authentication.
properties.VALUES.core.account.Set('*****@*****.**')
self.remote = ssh.Remote('23.251.133.75', user='******')
oslogin_mock.return_value = test_resources.MakeOsloginClient('v1')
self.make_requests.side_effect = iter([
[INSTANCE_WITH_OSLOGIN_DISABLED],
[self.project_resource_with_oslogin_enabled],
[],
])
self.Run("""
compute ssh instance-1 --zone zone-1
""")
self.CheckRequests(
[(self.compute.instances, 'Get',
self.messages.ComputeInstancesGetRequest(instance='instance-1',
project='my-project',
zone='zone-1'))],
[(self.compute.projects, 'Get',
self.messages.ComputeProjectsGetRequest(project='my-project'))],
[(self.compute.projects, 'SetCommonInstanceMetadata',
self.messages.ComputeProjectsSetCommonInstanceMetadataRequest(
metadata=self.messages.Metadata(items=[
self.messages.Metadata.ItemsValueListEntry(
key='enable-oslogin', value='true'),
self.messages.Metadata.ItemsValueListEntry(
key='ssh-keys',
value='me:' + self.public_key_material),
]),
project='my-project'))],
)
# Require SSH keys
self.ensure_keys.assert_called_once_with(self.keys,
None,
allow_passphrase=True)
# SSH Command
self.ssh_init.assert_called_once_with(
mock_matchers.TypeMatcher(ssh.SSHCommand),
remote=self.remote,
identity_file=self.private_key_file,
extra_flags=[],
tty=None,
options=dict(self.options, HostKeyAlias='compute.55555'),
remote_command=None,
iap_tunnel_args=None,
remainder=[])
self.ssh_run.assert_called_once_with(mock_matchers.TypeMatcher(
ssh.SSHCommand),
self.env,
force_connect=True)
def testOverrideUsername(self, oslogin_mock):
properties.VALUES.core.account.Set('*****@*****.**')
self.remote = ssh.Remote.FromArg('[email protected]')
self.remote_file = ssh.FileReference('~/remote-file',
remote=self.remote)
self.local_dir = ssh.FileReference('~/local-dir')
oslogin_mock.return_value = test_resources.MakeOsloginClient('v1beta')
self.make_requests.side_effect = iter([
[self.instance_with_oslogin_enabled],
[self.project_resource],
])
self.Run("""\
compute scp
someotheruser@instance-1:~/remote-file
~/local-dir --zone zone-1
""")
self.CheckRequests(
[(self.compute.instances, 'Get',
self.messages.ComputeInstancesGetRequest(instance='instance-1',
project='my-project',
zone='zone-1'))],
[(self.compute.projects, 'Get',
self.messages.ComputeProjectsGetRequest(project='my-project'))],
)
# Require SSH keys
self.ensure_keys.assert_called_once_with(self.keys,
None,
allow_passphrase=True)
# No polling
self.poller_poll.assert_not_called()
# SCP Command
self.scp_init.assert_called_once_with(
mock_matchers.TypeMatcher(ssh.SCPCommand), [self.remote_file],
self.local_dir,
identity_file=self.private_key_file,
extra_flags=[],
port=None,
recursive=False,
compress=False,
options=dict(self.options, HostKeyAlias='compute.44444'),
iap_tunnel_args=None)
self.scp_run.assert_called_once_with(mock_matchers.TypeMatcher(
ssh.SCPCommand),
self.env,
force_connect=True)
self.AssertErrContains('Using OS Login user [user_google_com] instead '
'of requested user [someotheruser]')
def testInstanceWithOsloginEnabled(self, oslogin_mock):
properties.VALUES.core.account.Set('*****@*****.**')
oslogin_mock.return_value = test_resources.MakeOsloginClient('v1')
self.mock_http_request.request.return_value = PUBLIC_KEY_RESPONSE
self.make_requests.side_effect = iter([
[INSTANCE_WITH_OSLOGIN_ENABLED],
[self.project_resource],
])
self.Run("""
compute connect-to-serial-port instance-4 --zone zone-1
""")
self.CheckRequests(
[(self.GetCompute().instances,
'Get',
self.GetMessages().ComputeInstancesGetRequest(
instance='instance-4',
project='my-project',
zone='zone-1'))],
[(self.GetCompute().projects,
'Get',
self.GetMessages().ComputeProjectsGetRequest(
project='my-project'))],
)
# Require SSH keys
self.ensure_keys.assert_called_once_with(
self.keys, None, allow_passphrase=True)
# No polling
self.poller_poll.assert_not_called()
# SSH Command
self.ssh_init.assert_called_once_with(
mock_matchers.TypeMatcher(ssh.SSHCommand),
ssh.Remote(self.gateway,
user='******'),
identity_file=self.private_key_file,
options=self.options,
port='9600')
self.ssh_run.assert_called_once_with(
mock_matchers.TypeMatcher(ssh.SSHCommand),
self.env, force_connect=True)
# Known Hosts
self.known_hosts_add.assert_called_once_with(
mock_matchers.TypeMatcher(ssh.KnownHosts),
'[ssh-serialport.googleapis.com]:9600', PUBLIC_KEY, overwrite=True)
self.known_hosts_write.assert_called_once()
self.make_requests.assert_not_called()
def testRequestNonOsloginUser(self, oslogin_mock):
properties.VALUES.core.account.Set('*****@*****.**')
self.remote = ssh.Remote('23.251.133.75', user='******')
oslogin_mock.return_value = test_resources.MakeOsloginClient('v1')
self.make_requests.side_effect = iter([
[INSTANCE_WITH_OSLOGIN_ENABLED],
[self.project_resource],
])
self.Run("""
compute ssh someotheruser@instance-1 --zone zone-1
""")
self.CheckRequests(
[(self.compute.instances, 'Get',
self.messages.ComputeInstancesGetRequest(instance='instance-1',
project='my-project',
zone='zone-1'))],
[(self.compute.projects, 'Get',
self.messages.ComputeProjectsGetRequest(project='my-project'))],
)
# Require SSH keys
self.ensure_keys.assert_called_once_with(self.keys,
None,
allow_passphrase=True)
# No polling
self.poller_poll.assert_not_called()
# SSH Command
self.ssh_init.assert_called_once_with(
mock_matchers.TypeMatcher(ssh.SSHCommand),
remote=self.remote,
identity_file=self.private_key_file,
extra_flags=[],
tty=None,
options=dict(self.options, HostKeyAlias='compute.44444'),
remote_command=None,
iap_tunnel_args=None,
remainder=[])
self.ssh_run.assert_called_once_with(mock_matchers.TypeMatcher(
ssh.SSHCommand),
self.env,
force_connect=True)
self.AssertErrContains('Using OS Login user [user_google_com] instead '
'of requested user [someotheruser]')