Fix ssh keys validation in ssh_util

This fixes a bug where invalid keys would sneak into authorized_keys.
author: Tatiana Kholkina <holkina@selectel.ru> 2018-02-01 18:08:15 +0300
committer: Chad Smith <chad.smith@canonical.com> 2018-02-12 10:20:09 -0700
commit: 89fc8ea847302b45884aa3ac7dbc6e2e261c7462 (patch)
tree: 1eadb6490641b14fac8ded9bcc919f6134a71e76 /tests
parent: a48cab85b23b542f4bfe9072282b573aa59987ab (diff)
download: vyos-cloud-init-89fc8ea847302b45884aa3ac7dbc6e2e261c7462.tar.gz
vyos-cloud-init-89fc8ea847302b45884aa3ac7dbc6e2e261c7462.zip
1 files changed, 42 insertions, 0 deletions
diff --git a/tests/unittests/test_sshutil.py b/tests/unittests/test_sshutil.py
index 2a8e6abe..4c62c8be 100644
--- a/tests/unittests/test_sshutil.py
+++ b/tests/unittests/test_sshutil.py
@@ -126,6 +126,48 @@ class TestAuthKeyLineParser(test_helpers.TestCase):
         self.assertFalse(key.valid())
 
 
+class TestUpdateAuthorizedKeys(test_helpers.TestCase):
+
+    def test_new_keys_replace(self):
+        """new entries with the same base64 should replace old."""
+        orig_entries = [
+            ' '.join(('rsa', VALID_CONTENT['rsa'], 'orig_comment1')),
+            ' '.join(('dsa', VALID_CONTENT['dsa'], 'orig_comment2'))]
+
+        new_entries = [
+            ' '.join(('rsa', VALID_CONTENT['rsa'], 'new_comment1')), ]
+
+        expected = '\n'.join([new_entries[0], orig_entries[1]]) + '\n'
+
+        parser = ssh_util.AuthKeyLineParser()
+        found = ssh_util.update_authorized_keys(
+            [parser.parse(p) for p in orig_entries],
+            [parser.parse(p) for p in new_entries])
+
+        self.assertEqual(expected, found)
+
+    def test_new_invalid_keys_are_ignored(self):
+        """new entries that are invalid should be skipped."""
+        orig_entries = [
+            ' '.join(('rsa', VALID_CONTENT['rsa'], 'orig_comment1')),
+            ' '.join(('dsa', VALID_CONTENT['dsa'], 'orig_comment2'))]
+
+        new_entries = [
+            ' '.join(('rsa', VALID_CONTENT['rsa'], 'new_comment1')),
+            'xxx-invalid-thing1',
+            'xxx-invalid-blob2'
+        ]
+
+        expected = '\n'.join([new_entries[0], orig_entries[1]]) + '\n'
+
+        parser = ssh_util.AuthKeyLineParser()
+        found = ssh_util.update_authorized_keys(
+            [parser.parse(p) for p in orig_entries],
+            [parser.parse(p) for p in new_entries])
+
+        self.assertEqual(expected, found)
+
+
 class TestParseSSHConfig(test_helpers.TestCase):
 
     def setUp(self):
author	Tatiana Kholkina <holkina@selectel.ru>	2018-02-01 18:08:15 +0300
committer	Chad Smith <chad.smith@canonical.com>	2018-02-12 10:20:09 -0700
commit	89fc8ea847302b45884aa3ac7dbc6e2e261c7462 (patch)
tree	1eadb6490641b14fac8ded9bcc919f6134a71e76 /tests
parent	a48cab85b23b542f4bfe9072282b573aa59987ab (diff)
download	vyos-cloud-init-89fc8ea847302b45884aa3ac7dbc6e2e261c7462.tar.gz vyos-cloud-init-89fc8ea847302b45884aa3ac7dbc6e2e261c7462.zip