diff --git a/spec/unit/type/ssh_authorized_key_spec.rb b/spec/unit/type/ssh_authorized_key_spec.rb index a5f167165..71b8a9ab0 100755 --- a/spec/unit/type/ssh_authorized_key_spec.rb +++ b/spec/unit/type/ssh_authorized_key_spec.rb @@ -1,151 +1,261 @@ #!/usr/bin/env rspec require 'spec_helper' ssh_authorized_key = Puppet::Type.type(:ssh_authorized_key) describe ssh_authorized_key do before do @class = Puppet::Type.type(:ssh_authorized_key) @provider_class = stub 'provider_class', :name => "fake", :suitable? => true, :supports_parameter? => true @class.stubs(:defaultprovider).returns(@provider_class) @class.stubs(:provider).returns(@provider_class) @provider = stub 'provider', :class => @provider_class, :file_path => "/tmp/whatever", :clear => nil @provider_class.stubs(:new).returns(@provider) @catalog = Puppet::Resource::Catalog.new end - it "should have a name parameter" do - @class.attrtype(:name).should == :param - end - it "should have :name be its namevar" do @class.key_attributes.should == [:name] end - it "should have a :provider parameter" do - @class.attrtype(:provider).should == :param - end + describe "when validating attributes" do - it "should have an ensure property" do - @class.attrtype(:ensure).should == :property - end + [:name, :provider].each do |param| + it "should have a #{param} parameter" do + @class.attrtype(param).should == :param + end + end - it "should support :present as a value for :ensure" do - proc { @class.new(:name => "whev", :ensure => :present, :user => "nobody") }.should_not raise_error - end + [:type, :key, :user, :target, :options, :ensure].each do |property| + it "should have a #{property} property" do + @class.attrtype(property).should == :property + end + end - it "should support :absent as a value for :ensure" do - proc { @class.new(:name => "whev", :ensure => :absent, :user => "nobody") }.should_not raise_error end - it "should have an type property" do - @class.attrtype(:type).should == :property - end - it "should support ssh-dss as an type value" do - proc { @class.new(:name => "whev", :type => "ssh-dss", :user => "nobody") }.should_not raise_error - end - it "should support ssh-rsa as an type value" do - proc { @class.new(:name => "whev", :type => "ssh-rsa", :user => "nobody") }.should_not raise_error - end - it "should support :dsa as an type value" do - proc { @class.new(:name => "whev", :type => :dsa, :user => "nobody") }.should_not raise_error - end - it "should support :rsa as an type value" do - proc { @class.new(:name => "whev", :type => :rsa, :user => "nobody") }.should_not raise_error - end + describe "when validating values" do - it "should not support values other than ssh-dss, ssh-rsa, dsa, rsa in the ssh_authorized_key_type" do - proc { @class.new(:name => "whev", :type => :something) }.should raise_error(Puppet::Error) - end + describe "for name" do - it "should have an key property" do - @class.attrtype(:key).should == :property - end + it "should support valid names" do + proc { @class.new(:name => "username", :ensure => :present, :user => "nobody") }.should_not raise_error + proc { @class.new(:name => "username@hostname", :ensure => :present, :user => "nobody") }.should_not raise_error + end - it "should have an user property" do - @class.attrtype(:user).should == :property - end + it "should not support whitespaces" do + proc { @class.new(:name => "my test", :ensure => :present, :user => "nobody") }.should raise_error(Puppet::Error,/Resourcename must not contain whitespace/) + proc { @class.new(:name => "my\ttest", :ensure => :present, :user => "nobody") }.should raise_error(Puppet::Error,/Resourcename must not contain whitespace/) + end - it "should have an options property" do - @class.attrtype(:options).should == :property - end + end - it "'s options property should return well formed string of arrays from is_to_s" do - resource = @class.new(:name => "whev", :type => :rsa, :user => "nobody", :options => ["a","b","c"]) + describe "for ensure" do - resource.property(:options).is_to_s(["a","b","c"]).should == "a,b,c" - end + it "should support :present" do + proc { @class.new(:name => "whev", :ensure => :present, :user => "nobody") }.should_not raise_error + end - it "'s options property should return well formed string of arrays from is_to_s" do - resource = @class.new(:name => "whev", :type => :rsa, :user => "nobody", :options => ["a","b","c"]) + it "should support :absent" do + proc { @class.new(:name => "whev", :ensure => :absent, :user => "nobody") }.should_not raise_error + end - resource.property(:options).should_to_s(["a","b","c"]).should == "a,b,c" - end + it "should not support other values" do + proc { @class.new(:name => "whev", :ensure => :foo, :user => "nobody") }.should raise_error(Puppet::Error, /Invalid value/) + end + + end + + describe "for type" do + + + it "should support ssh-dss" do + proc { @class.new(:name => "whev", :type => "ssh-dss", :user => "nobody") }.should_not raise_error + end + + it "should support ssh-rsa" do + proc { @class.new(:name => "whev", :type => "ssh-rsa", :user => "nobody") }.should_not raise_error + end + + it "should support :dsa" do + proc { @class.new(:name => "whev", :type => :dsa, :user => "nobody") }.should_not raise_error + end + + it "should support :rsa" do + proc { @class.new(:name => "whev", :type => :rsa, :user => "nobody") }.should_not raise_error + end + + it "should alias :rsa to :ssh-rsa" do + key = @class.new(:name => "whev", :type => :rsa, :user => "nobody") + key.should(:type).should == :'ssh-rsa' + end + + it "should alias :dsa to :ssh-dss" do + key = @class.new(:name => "whev", :type => :dsa, :user => "nobody") + key.should(:type).should == :'ssh-dss' + end + + it "should not support values other than ssh-dss, ssh-rsa, dsa, rsa" do + proc { @class.new(:name => "whev", :type => :something) }.should raise_error(Puppet::Error,/Invalid value/) + end + + end + + describe "for key" do + + it "should support a valid key like a 1024 bit rsa key" do + proc { @class.new(:name => "whev", :type => :rsa, :user => "nobody", :key => 'AAAAB3NzaC1yc2EAAAADAQABAAAAgQDCPfzW2ry7XvMc6E5Kj2e5fF/YofhKEvsNMUogR3PGL/HCIcBlsEjKisrY0aYgD8Ikp7ZidpXLbz5dBsmPy8hJiBWs5px9ZQrB/EOQAwXljvj69EyhEoGawmxQMtYw+OAIKHLJYRuk1QiHAMHLp5piqem8ZCV2mLb9AsJ6f7zUVw==')}.should_not raise_error + end + + it "should support a valid key like a 4096 bit rsa key" do + proc { @class.new(:name => "whev", :type => :rsa, :user => "nobody", :key => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQDEY4pZFyzSfRc9wVWI3DfkgT/EL033UZm/7x1M+d+lBD00qcpkZ6CPT7lD3Z+vylQlJ5S8Wcw6C5Smt6okZWY2WXA9RCjNJMIHQbJAzwuQwgnwU/1VMy9YPp0tNVslg0sUUgpXb13WW4mYhwxyGmIVLJnUrjrQmIFhtfHsJAH8ZVqCWaxKgzUoC/YIu1u1ScH93lEdoBPLlwm6J0aiM7KWXRb7Oq1nEDZtug1zpX5lhgkQWrs0BwceqpUbY+n9sqeHU5e7DCyX/yEIzoPRW2fe2Gx1Iq6JKM/5NNlFfaW8rGxh3Z3S1NpzPHTRjw8js3IeGiV+OPFoaTtM1LsWgPDSBlzIdyTbSQR7gKh0qWYCNV/7qILEfa0yIFB5wIo4667iSPZw2pNgESVtenm8uXyoJdk8iWQ4mecdoposV/znknNb2GPgH+n/2vme4btZ0Sl1A6rev22GQjVgbWOn8zaDglJ2vgCN1UAwmq41RXprPxENGeLnWQppTnibhsngu0VFllZR5kvSIMlekLRSOFLFt92vfd+tk9hZIiKm9exxcbVCGGQPsf6dZ27rTOmg0xM2Sm4J6RRKuz79HQgA4Eg18+bqRP7j/itb89DmtXEtoZFAsEJw8IgIfeGGDtHTkfAlAC92mtK8byeaxGq57XCTKbO/r5gcOMElZHy1AcB8kw==')}.should_not raise_error + end + + it "should support a valid key like a 1024 bit dsa key" do + proc { @class.new(:name => "whev", :type => :dsa, :user => "nobody", :key => 'AAAAB3NzaC1kc3MAAACBAI80iR78QCgpO4WabVqHHdEDigOjUEHwIjYHIubR/7u7DYrXY+e+TUmZ0CVGkiwB/0yLHK5dix3Y/bpj8ZiWCIhFeunnXccOdE4rq5sT2V3l1p6WP33RpyVYbLmeuHHl5VQ1CecMlca24nHhKpfh6TO/FIwkMjghHBfJIhXK+0w/AAAAFQDYzLupuMY5uz+GVrcP+Kgd8YqMmwAAAIB3SVN71whLWjFPNTqGyyIlMy50624UfNOaH4REwO+Of3wm/cE6eP8n75vzTwQGBpJX3BPaBGW1S1Zp/DpTOxhCSAwZzAwyf4WgW7YyAOdxN3EwTDJZeyiyjWMAOjW9/AOWt9gtKg0kqaylbMHD4kfiIhBzo31ZY81twUzAfN7angAAAIBfva8sTSDUGKsWWIXkdbVdvM4X14K4gFdy0ZJVzaVOtZ6alysW6UQypnsl6jfnbKvsZ0tFgvcX/CPyqNY/gMR9lyh/TCZ4XQcbqeqYPuceGehz+jL5vArfqsW2fJYFzgCcklmr/VxtP5h6J/T0c9YcDgc/xIfWdZAlznOnphI/FA==')}.should_not raise_error + end + + it "should not support whitespaces" do + proc { @class.new(:name => "whev", :type => :rsa, :user => "nobody", :key => 'AAA FA==')}.should raise_error(Puppet::Error,/Key must not contain whitespace/) + end + + end + + describe "for options" do + + it "should support flags as options" do + proc { @class.new(:name => "whev", :type => :rsa, :user => "nobody", :options => 'cert-authority')}.should_not raise_error + proc { @class.new(:name => "whev", :type => :rsa, :user => "nobody", :options => 'no-port-forwarding')}.should_not raise_error + end + + it "should support key-value pairs as options" do + proc { @class.new(:name => "whev", :type => :rsa, :user => "nobody", :options => 'command="command"')}.should_not raise_error + end + + it "should support environments as options" do + proc { @class.new(:name => "whev", :type => :rsa, :user => "nobody", :options => 'environment="NAME=value"')}.should_not raise_error + end + + it "should support multiple options as an array" do + proc { @class.new(:name => "whev", :type => :rsa, :user => "nobody", :options => ['cert-authority','environment="NAME=value"'])}.should_not raise_error + end + + it "should not support a comma separated lists" do + proc { @class.new(:name => "whev", :type => :rsa, :user => "nobody", :options => 'cert-authority,no-port-forwarding')}.should raise_error(Puppet::Error, /must be provided as an array/) + end + + it "should use :absent as a default value" do + @class.new(:name => "whev", :type => :rsa, :user => "nobody").should(:options).should == [:absent] + end + + it "property should return well formed string of arrays from is_to_s" do + resource = @class.new(:name => "whev", :type => :rsa, :user => "nobody", :options => ["a","b","c"]) + resource.property(:options).is_to_s(["a","b","c"]).should == "a,b,c" + end + + it "property should return well formed string of arrays from is_to_s" do + resource = @class.new(:name => "whev", :type => :rsa, :user => "nobody", :options => ["a","b","c"]) + resource.property(:options).should_to_s(["a","b","c"]).should == "a,b,c" + end + + end + + describe "for user" do + + it "should support present users" do + proc { @class.new(:name => "whev", :type => :rsa, :user => "root") }.should_not raise_error + end + + it "should support absent users" do + proc { @class.new(:name => "whev", :type => :rsa, :user => "ihopeimabsent") }.should_not raise_error + end + + end + + describe "for target" do + + it "should support absolute paths" do + proc { @class.new(:name => "whev", :type => :rsa, :target => "/tmp/here") }.should_not raise_error + end + + it "should use the user's path if not explicitly specified" do + @class.new(:name => "whev", :user => 'root').should(:target).should == File.expand_path("~root/.ssh/authorized_keys") + end + + it "should not consider the user's path if explicitly specified" do + @class.new(:name => "whev", :user => 'root', :target => '/tmp/here').should(:target).should == '/tmp/here' + end + + it "should inform about an absent user" do + Puppet::Log.level = :debug + @class.new(:name => "whev", :user => 'idontexist').should(:target) + @logs.map(&:message).should include("The required user is not yet present on the system") + end + + end - it "should have a target property" do - @class.attrtype(:target).should == :property end describe "when neither user nor target is specified" do + it "should raise an error" do proc do - - @class.create( - + @class.new( :name => "Test", :key => "AAA", :type => "ssh-rsa", - :ensure => :present) - end.should raise_error(Puppet::Error) + end.should raise_error(Puppet::Error,/user.*or.*target.*mandatory/) end + end describe "when both target and user are specified" do - it "should use target" do - - resource = @class.create( + it "should use target" do + resource = @class.new( :name => "Test", :user => "root", - - :target => "/tmp/blah") + :target => "/tmp/blah" + ) resource.should(:target).should == "/tmp/blah" end + end describe "when user is specified" do - it "should determine target" do + it "should determine target" do resource = @class.create( - :name => "Test", - - :user => "root") + :user => "root" + ) target = File.expand_path("~root/.ssh/authorized_keys") resource.should(:target).should == target end # Bug #2124 - ssh_authorized_key always changes target if target is not defined it "should not raise spurious change events" do resource = @class.new(:name => "Test", :user => "root") target = File.expand_path("~root/.ssh/authorized_keys") resource.property(:target).safe_insync?(target).should == true end + end describe "when calling validate" do - it "should not crash on a non-existant user" do + it "should not crash on a non-existant user" do resource = @class.create( - :name => "Test", - - :user => "ihopesuchuserdoesnotexist") + :user => "ihopesuchuserdoesnotexist" + ) proc { resource.validate }.should_not raise_error end + end + end