Fix ssh keys validation in ssh_util

This fixes a bug where invalid keys would sneak into authorized_keys.
author: Tatiana Kholkina <holkina@selectel.ru> 2018-02-01 18:08:15 +0300
committer: Tatiana Kholkina <holkina@selectel.ru> 2018-02-02 10:12:27 +0300
commit: 45289a00bf8c043c5783c527c4ea720e67e0524b (patch)
tree: 3a9d5504012cfd6851089be1f9eeac29490c6758 /tests/unittests/test_sshutil.py
parent: f7deaf15acf382d62554e2b1d70daa9a9109d542 (diff)
download: vyos-cloud-init-45289a00bf8c043c5783c527c4ea720e67e0524b.tar.gz
vyos-cloud-init-45289a00bf8c043c5783c527c4ea720e67e0524b.zip
1 files changed, 42 insertions, 0 deletions
diff --git a/tests/unittests/test_sshutil.py b/tests/unittests/test_sshutil.py
index 2a8e6abe..4c62c8be 100644
--- a/tests/unittests/test_sshutil.py
+++ b/tests/unittests/test_sshutil.py
@@ -126,6 +126,48 @@ class TestAuthKeyLineParser(test_helpers.TestCase):
         self.assertFalse(key.valid())
 
 
+class TestUpdateAuthorizedKeys(test_helpers.TestCase):
+
+    def test_new_keys_replace(self):
+        """new entries with the same base64 should replace old."""
+        orig_entries = [
+            ' '.join(('rsa', VALID_CONTENT['rsa'], 'orig_comment1')),
+            ' '.join(('dsa', VALID_CONTENT['dsa'], 'orig_comment2'))]
+
+        new_entries = [
+            ' '.join(('rsa', VALID_CONTENT['rsa'], 'new_comment1')), ]
+
+        expected = '\n'.join([new_entries[0], orig_entries[1]]) + '\n'
+
+        parser = ssh_util.AuthKeyLineParser()
+        found = ssh_util.update_authorized_keys(
+            [parser.parse(p) for p in orig_entries],
+            [parser.parse(p) for p in new_entries])
+
+        self.assertEqual(expected, found)
+
+    def test_new_invalid_keys_are_ignored(self):
+        """new entries that are invalid should be skipped."""
+        orig_entries = [
+            ' '.join(('rsa', VALID_CONTENT['rsa'], 'orig_comment1')),
+            ' '.join(('dsa', VALID_CONTENT['dsa'], 'orig_comment2'))]
+
+        new_entries = [
+            ' '.join(('rsa', VALID_CONTENT['rsa'], 'new_comment1')),
+            'xxx-invalid-thing1',
+            'xxx-invalid-blob2'
+        ]
+
+        expected = '\n'.join([new_entries[0], orig_entries[1]]) + '\n'
+
+        parser = ssh_util.AuthKeyLineParser()
+        found = ssh_util.update_authorized_keys(
+            [parser.parse(p) for p in orig_entries],
+            [parser.parse(p) for p in new_entries])
+
+        self.assertEqual(expected, found)
+
+
 class TestParseSSHConfig(test_helpers.TestCase):
 
     def setUp(self):
author	Tatiana Kholkina <holkina@selectel.ru>	2018-02-01 18:08:15 +0300
committer	Tatiana Kholkina <holkina@selectel.ru>	2018-02-02 10:12:27 +0300
commit	45289a00bf8c043c5783c527c4ea720e67e0524b (patch)
tree	3a9d5504012cfd6851089be1f9eeac29490c6758 /tests/unittests/test_sshutil.py
parent	f7deaf15acf382d62554e2b1d70daa9a9109d542 (diff)
download	vyos-cloud-init-45289a00bf8c043c5783c527c4ea720e67e0524b.tar.gz vyos-cloud-init-45289a00bf8c043c5783c527c4ea720e67e0524b.zip