summaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorTatiana Kholkina <holkina@selectel.ru>2018-02-01 18:08:15 +0300
committerTatiana Kholkina <holkina@selectel.ru>2018-02-02 10:12:27 +0300
commit45289a00bf8c043c5783c527c4ea720e67e0524b (patch)
tree3a9d5504012cfd6851089be1f9eeac29490c6758 /tests
parentf7deaf15acf382d62554e2b1d70daa9a9109d542 (diff)
downloadvyos-cloud-init-45289a00bf8c043c5783c527c4ea720e67e0524b.tar.gz
vyos-cloud-init-45289a00bf8c043c5783c527c4ea720e67e0524b.zip
Fix ssh keys validation in ssh_util
This fixes a bug where invalid keys would sneak into authorized_keys.
Diffstat (limited to 'tests')
-rw-r--r--tests/unittests/test_sshutil.py42
1 files changed, 42 insertions, 0 deletions
diff --git a/tests/unittests/test_sshutil.py b/tests/unittests/test_sshutil.py
index 2a8e6abe..4c62c8be 100644
--- a/tests/unittests/test_sshutil.py
+++ b/tests/unittests/test_sshutil.py
@@ -126,6 +126,48 @@ class TestAuthKeyLineParser(test_helpers.TestCase):
self.assertFalse(key.valid())
+class TestUpdateAuthorizedKeys(test_helpers.TestCase):
+
+ def test_new_keys_replace(self):
+ """new entries with the same base64 should replace old."""
+ orig_entries = [
+ ' '.join(('rsa', VALID_CONTENT['rsa'], 'orig_comment1')),
+ ' '.join(('dsa', VALID_CONTENT['dsa'], 'orig_comment2'))]
+
+ new_entries = [
+ ' '.join(('rsa', VALID_CONTENT['rsa'], 'new_comment1')), ]
+
+ expected = '\n'.join([new_entries[0], orig_entries[1]]) + '\n'
+
+ parser = ssh_util.AuthKeyLineParser()
+ found = ssh_util.update_authorized_keys(
+ [parser.parse(p) for p in orig_entries],
+ [parser.parse(p) for p in new_entries])
+
+ self.assertEqual(expected, found)
+
+ def test_new_invalid_keys_are_ignored(self):
+ """new entries that are invalid should be skipped."""
+ orig_entries = [
+ ' '.join(('rsa', VALID_CONTENT['rsa'], 'orig_comment1')),
+ ' '.join(('dsa', VALID_CONTENT['dsa'], 'orig_comment2'))]
+
+ new_entries = [
+ ' '.join(('rsa', VALID_CONTENT['rsa'], 'new_comment1')),
+ 'xxx-invalid-thing1',
+ 'xxx-invalid-blob2'
+ ]
+
+ expected = '\n'.join([new_entries[0], orig_entries[1]]) + '\n'
+
+ parser = ssh_util.AuthKeyLineParser()
+ found = ssh_util.update_authorized_keys(
+ [parser.parse(p) for p in orig_entries],
+ [parser.parse(p) for p in new_entries])
+
+ self.assertEqual(expected, found)
+
+
class TestParseSSHConfig(test_helpers.TestCase):
def setUp(self):