diff options
| author | James Falcon <james.falcon@canonical.com> | 2021-12-15 20:16:38 -0600 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-12-15 19:16:38 -0700 |
| commit | bae9b11da9ed7dd0b16fe5adeaf4774b7cc628cf (patch) | |
| tree | 1fbb3269fc87e39832e3286ef42eefd2b23fcd44 /tests/integration_tests/modules/test_ssh_keysfile.py | |
| parent | 2bcf4fa972fde686c2e3141c58e640640b44dd00 (diff) | |
| download | vyos-cloud-init-bae9b11da9ed7dd0b16fe5adeaf4774b7cc628cf.tar.gz vyos-cloud-init-bae9b11da9ed7dd0b16fe5adeaf4774b7cc628cf.zip | |
Adopt Black and isort (SC-700) (#1157)
Applied Black and isort, fixed any linting issues, updated tox.ini
and CI.
Diffstat (limited to 'tests/integration_tests/modules/test_ssh_keysfile.py')
| -rw-r--r-- | tests/integration_tests/modules/test_ssh_keysfile.py | 159 |
1 files changed, 93 insertions, 66 deletions
diff --git a/tests/integration_tests/modules/test_ssh_keysfile.py b/tests/integration_tests/modules/test_ssh_keysfile.py index b39454e6..8330a1ce 100644 --- a/tests/integration_tests/modules/test_ssh_keysfile.py +++ b/tests/integration_tests/modules/test_ssh_keysfile.py @@ -1,15 +1,16 @@ +from io import StringIO + import paramiko import pytest -from io import StringIO from paramiko.ssh_exception import SSHException from tests.integration_tests.clouds import ImageSpecification from tests.integration_tests.instances import IntegrationInstance from tests.integration_tests.util import get_test_rsa_keypair -TEST_USER1_KEYS = get_test_rsa_keypair('test1') -TEST_USER2_KEYS = get_test_rsa_keypair('test2') -TEST_DEFAULT_KEYS = get_test_rsa_keypair('test3') +TEST_USER1_KEYS = get_test_rsa_keypair("test1") +TEST_USER2_KEYS = get_test_rsa_keypair("test2") +TEST_DEFAULT_KEYS = get_test_rsa_keypair("test3") _USERDATA = """\ #cloud-config @@ -26,7 +27,7 @@ users: ssh_authorized_keys: - {user2} """.format( - bootcmd='{bootcmd}', + bootcmd="{bootcmd}", default=TEST_DEFAULT_KEYS.public_key, user1=TEST_USER1_KEYS.public_key, user2=TEST_USER2_KEYS.public_key, @@ -37,9 +38,9 @@ def common_verify(client, expected_keys): for user, filename, keys in expected_keys: # Ensure key is in the key file contents = client.read_from_file(filename) - if user in ['ubuntu', 'root']: - lines = contents.split('\n') - if user == 'root': + if user in ["ubuntu", "root"]: + lines = contents.split("\n") + if user == "root": # Our personal public key gets added by pycloudlib in # addition to the default `ssh_authorized_keys` assert len(lines) == 2 @@ -54,8 +55,9 @@ def common_verify(client, expected_keys): # Ensure we can actually connect ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) - paramiko_key = paramiko.RSAKey.from_private_key(StringIO( - keys.private_key)) + paramiko_key = paramiko.RSAKey.from_private_key( + StringIO(keys.private_key) + ) # Will fail with AuthenticationException if # we cannot connect @@ -71,8 +73,11 @@ def common_verify(client, expected_keys): other_users = [u[0] for u in expected_keys if u[2] != keys] for other_user in other_users: with pytest.raises(SSHException): - print('trying to connect as {} with key from {}'.format( - other_user, user)) + print( + "trying to connect as {} with key from {}".format( + other_user, user + ) + ) ssh.connect( client.instance.ip, username=other_user, @@ -83,37 +88,38 @@ def common_verify(client, expected_keys): # Ensure we haven't messed with any /home permissions # See LP: #1940233 - home_dir = '/home/{}'.format(user) + home_dir = "/home/{}".format(user) # Home permissions aren't consistent between releases. On ubuntu # this can change to 750 once focal is unsupported. if ImageSpecification.from_os_image().release in ("bionic", "focal"): - home_perms = '755' + home_perms = "755" else: - home_perms = '750' - if user == 'root': - home_dir = '/root' - home_perms = '700' - assert '{} {}'.format(user, home_perms) == client.execute( + home_perms = "750" + if user == "root": + home_dir = "/root" + home_perms = "700" + assert "{} {}".format(user, home_perms) == client.execute( 'stat -c "%U %a" {}'.format(home_dir) ) if client.execute("test -d {}/.ssh".format(home_dir)).ok: - assert '{} 700'.format(user) == client.execute( + assert "{} 700".format(user) == client.execute( 'stat -c "%U %a" {}/.ssh'.format(home_dir) ) - assert '{} 600'.format(user) == client.execute( + assert "{} 600".format(user) == client.execute( 'stat -c "%U %a" {}'.format(filename) ) # Also ensure ssh-keygen works as expected - client.execute('mkdir {}/.ssh'.format(home_dir)) + client.execute("mkdir {}/.ssh".format(home_dir)) assert client.execute( "ssh-keygen -b 2048 -t rsa -f {}/.ssh/id_rsa -q -N ''".format( - home_dir) + home_dir + ) ).ok - assert client.execute('test -f {}/.ssh/id_rsa'.format(home_dir)) - assert client.execute('test -f {}/.ssh/id_rsa.pub'.format(home_dir)) + assert client.execute("test -f {}/.ssh/id_rsa".format(home_dir)) + assert client.execute("test -f {}/.ssh/id_rsa.pub".format(home_dir)) - assert 'root 755' == client.execute('stat -c "%U %a" /home') + assert "root 755" == client.execute('stat -c "%U %a" /home') DEFAULT_KEYS_USERDATA = _USERDATA.format(bootcmd='""') @@ -123,75 +129,96 @@ DEFAULT_KEYS_USERDATA = _USERDATA.format(bootcmd='""') @pytest.mark.user_data(DEFAULT_KEYS_USERDATA) def test_authorized_keys_default(client: IntegrationInstance): expected_keys = [ - ('test_user1', '/home/test_user1/.ssh/authorized_keys', - TEST_USER1_KEYS), - ('test_user2', '/home/test_user2/.ssh/authorized_keys', - TEST_USER2_KEYS), - ('ubuntu', '/home/ubuntu/.ssh/authorized_keys', - TEST_DEFAULT_KEYS), - ('root', '/root/.ssh/authorized_keys', TEST_DEFAULT_KEYS), + ( + "test_user1", + "/home/test_user1/.ssh/authorized_keys", + TEST_USER1_KEYS, + ), + ( + "test_user2", + "/home/test_user2/.ssh/authorized_keys", + TEST_USER2_KEYS, + ), + ("ubuntu", "/home/ubuntu/.ssh/authorized_keys", TEST_DEFAULT_KEYS), + ("root", "/root/.ssh/authorized_keys", TEST_DEFAULT_KEYS), ] common_verify(client, expected_keys) -AUTHORIZED_KEYS2_USERDATA = _USERDATA.format(bootcmd=( - "sed -i 's;#AuthorizedKeysFile.*;AuthorizedKeysFile " - "/etc/ssh/authorized_keys %h/.ssh/authorized_keys2;' " - "/etc/ssh/sshd_config")) +AUTHORIZED_KEYS2_USERDATA = _USERDATA.format( + bootcmd=( + "sed -i 's;#AuthorizedKeysFile.*;AuthorizedKeysFile " + "/etc/ssh/authorized_keys %h/.ssh/authorized_keys2;' " + "/etc/ssh/sshd_config" + ) +) @pytest.mark.ubuntu @pytest.mark.user_data(AUTHORIZED_KEYS2_USERDATA) def test_authorized_keys2(client: IntegrationInstance): expected_keys = [ - ('test_user1', '/home/test_user1/.ssh/authorized_keys2', - TEST_USER1_KEYS), - ('test_user2', '/home/test_user2/.ssh/authorized_keys2', - TEST_USER2_KEYS), - ('ubuntu', '/home/ubuntu/.ssh/authorized_keys2', - TEST_DEFAULT_KEYS), - ('root', '/root/.ssh/authorized_keys2', TEST_DEFAULT_KEYS), + ( + "test_user1", + "/home/test_user1/.ssh/authorized_keys2", + TEST_USER1_KEYS, + ), + ( + "test_user2", + "/home/test_user2/.ssh/authorized_keys2", + TEST_USER2_KEYS, + ), + ("ubuntu", "/home/ubuntu/.ssh/authorized_keys2", TEST_DEFAULT_KEYS), + ("root", "/root/.ssh/authorized_keys2", TEST_DEFAULT_KEYS), ] common_verify(client, expected_keys) -NESTED_KEYS_USERDATA = _USERDATA.format(bootcmd=( - "sed -i 's;#AuthorizedKeysFile.*;AuthorizedKeysFile " - "/etc/ssh/authorized_keys %h/foo/bar/ssh/keys;' " - "/etc/ssh/sshd_config")) +NESTED_KEYS_USERDATA = _USERDATA.format( + bootcmd=( + "sed -i 's;#AuthorizedKeysFile.*;AuthorizedKeysFile " + "/etc/ssh/authorized_keys %h/foo/bar/ssh/keys;' " + "/etc/ssh/sshd_config" + ) +) @pytest.mark.ubuntu @pytest.mark.user_data(NESTED_KEYS_USERDATA) def test_nested_keys(client: IntegrationInstance): expected_keys = [ - ('test_user1', '/home/test_user1/foo/bar/ssh/keys', - TEST_USER1_KEYS), - ('test_user2', '/home/test_user2/foo/bar/ssh/keys', - TEST_USER2_KEYS), - ('ubuntu', '/home/ubuntu/foo/bar/ssh/keys', - TEST_DEFAULT_KEYS), - ('root', '/root/foo/bar/ssh/keys', TEST_DEFAULT_KEYS), + ("test_user1", "/home/test_user1/foo/bar/ssh/keys", TEST_USER1_KEYS), + ("test_user2", "/home/test_user2/foo/bar/ssh/keys", TEST_USER2_KEYS), + ("ubuntu", "/home/ubuntu/foo/bar/ssh/keys", TEST_DEFAULT_KEYS), + ("root", "/root/foo/bar/ssh/keys", TEST_DEFAULT_KEYS), ] common_verify(client, expected_keys) -EXTERNAL_KEYS_USERDATA = _USERDATA.format(bootcmd=( - "sed -i 's;#AuthorizedKeysFile.*;AuthorizedKeysFile " - "/etc/ssh/authorized_keys /etc/ssh/authorized_keys/%u/keys;' " - "/etc/ssh/sshd_config")) +EXTERNAL_KEYS_USERDATA = _USERDATA.format( + bootcmd=( + "sed -i 's;#AuthorizedKeysFile.*;AuthorizedKeysFile " + "/etc/ssh/authorized_keys /etc/ssh/authorized_keys/%u/keys;' " + "/etc/ssh/sshd_config" + ) +) @pytest.mark.ubuntu @pytest.mark.user_data(EXTERNAL_KEYS_USERDATA) def test_external_keys(client: IntegrationInstance): expected_keys = [ - ('test_user1', '/etc/ssh/authorized_keys/test_user1/keys', - TEST_USER1_KEYS), - ('test_user2', '/etc/ssh/authorized_keys/test_user2/keys', - TEST_USER2_KEYS), - ('ubuntu', '/etc/ssh/authorized_keys/ubuntu/keys', - TEST_DEFAULT_KEYS), - ('root', '/etc/ssh/authorized_keys/root/keys', TEST_DEFAULT_KEYS), + ( + "test_user1", + "/etc/ssh/authorized_keys/test_user1/keys", + TEST_USER1_KEYS, + ), + ( + "test_user2", + "/etc/ssh/authorized_keys/test_user2/keys", + TEST_USER2_KEYS, + ), + ("ubuntu", "/etc/ssh/authorized_keys/ubuntu/keys", TEST_DEFAULT_KEYS), + ("root", "/etc/ssh/authorized_keys/root/keys", TEST_DEFAULT_KEYS), ] common_verify(client, expected_keys) |