summaryrefslogtreecommitdiff
path: root/tests/integration_tests/modules/test_keys_to_console.py
blob: 56dff9a08905a2b0059172a8e8c8fe744e362984 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
"""Integration tests for the cc_keys_to_console module.

(This is ported from
``tests/cloud_tests/testcases/modules/keys_to_console.yaml``.)"""
import pytest

BLACKLIST_USER_DATA = """\
#cloud-config
ssh_fp_console_blacklist: [ssh-dss, ssh-dsa, ecdsa-sha2-nistp256]
ssh_key_console_blacklist: [ssh-dss, ssh-dsa, ecdsa-sha2-nistp256]
"""

BLACKLIST_ALL_KEYS_USER_DATA = """\
#cloud-config
ssh_fp_console_blacklist: [ssh-dsa, ssh-ecdsa, ssh-ed25519, ssh-rsa, ssh-dss, ecdsa-sha2-nistp256]
"""  # noqa: E501

DISABLED_USER_DATA = """\
#cloud-config
ssh:
  emit_keys_to_console: false
"""


@pytest.mark.user_data(BLACKLIST_USER_DATA)
class TestKeysToConsoleBlacklist:
    """Test that the blacklist options work as expected."""
    @pytest.mark.parametrize("key_type", ["DSA", "ECDSA"])
    def test_excluded_keys(self, class_client, key_type):
        syslog = class_client.read_from_file("/var/log/syslog")
        assert "({})".format(key_type) not in syslog

    @pytest.mark.parametrize("key_type", ["ED25519", "RSA"])
    def test_included_keys(self, class_client, key_type):
        syslog = class_client.read_from_file("/var/log/syslog")
        assert "({})".format(key_type) in syslog


@pytest.mark.user_data(BLACKLIST_ALL_KEYS_USER_DATA)
class TestAllKeysToConsoleBlacklist:
    """Test that when key blacklist contains all key types that
    no header/footer are output.
    """
    def test_header_excluded(self, class_client):
        syslog = class_client.read_from_file("/var/log/syslog")
        assert "BEGIN SSH HOST KEY FINGERPRINTS" not in syslog

    def test_footer_excluded(self, class_client):
        syslog = class_client.read_from_file("/var/log/syslog")
        assert "END SSH HOST KEY FINGERPRINTS" not in syslog


@pytest.mark.user_data(DISABLED_USER_DATA)
class TestKeysToConsoleDisabled:
    """Test that output can be fully disabled."""
    @pytest.mark.parametrize("key_type", ["DSA", "ECDSA", "ED25519", "RSA"])
    def test_keys_excluded(self, class_client, key_type):
        syslog = class_client.read_from_file("/var/log/syslog")
        assert "({})".format(key_type) not in syslog

    def test_header_excluded(self, class_client):
        syslog = class_client.read_from_file("/var/log/syslog")
        assert "BEGIN SSH HOST KEY FINGERPRINTS" not in syslog

    def test_footer_excluded(self, class_client):
        syslog = class_client.read_from_file("/var/log/syslog")
        assert "END SSH HOST KEY FINGERPRINTS" not in syslog