T6988: fix: remove role/level, fix tests (#371)

* T6988: fix: remove role/level, fix tests

* feature: add support for SSH keys

* tests: add integration tests for public_keys

* feat: add encrypted password support

* tests: add unit for encrypted

* tests: fix wrapping in YAML

* tests: fix smoke tests

2 files changed, 124 insertions, 14 deletions

diff --git a/tests/unit/modules/network/vyos/fixtures/vyos_user_config.cfg b/tests/unit/modules/network/vyos/fixtures/vyos_user_config.cfg
index 81cd1a48..9b73106e 100644
--- a/tests/unit/modules/network/vyos/fixtures/vyos_user_config.cfg
+++ b/tests/unit/modules/network/vyos/fixtures/vyos_user_config.cfg
@@ -1,2 +1,4 @@
-set system login user admin level operator authentication encrypted-password '$6$V5oWW3JM9NFAwOG$P2L4raFvIrZjjs3g0qmH4Ns5ti7flRpSs6aEqy4TrGZYXGeBiYzwi2A6jy'
-set system login user ansible level operator authentication encrypted-password '$6$ZfvSv6A50W6yNPYX$4HP5eg2sywcXYxTqhApQ7zvUvx0HsQHrI9xuJoFLy2gM/'
+set system login user admin authentication encrypted-password '$6$V5oWW3JM9NFAwOG$P2L4raFvIrZjjs3g0qmH4Ns5ti7flRpSs6aEqy4TrGZYXGeBiYzwi2A6jy'
+set system login user ansible authentication encrypted-password '$6$ZfvSv6A50W6yNPYX$4HP5eg2sywcXYxTqhApQ7zvUvx0HsQHrI9xuJoFLy2gM/'
+set system login user ssh authentication public-keys user@host key 'AAAAB3NzaC1yc2EAAAADAQABAAABAQD'
+set system login user ssh authentication public-keys user@host type 'ssh-rsa'
diff --git a/tests/unit/modules/network/vyos/test_vyos_user.py b/tests/unit/modules/network/vyos/test_vyos_user.py
index 70297207..e8c50783 100644
--- a/tests/unit/modules/network/vyos/test_vyos_user.py
+++ b/tests/unit/modules/network/vyos/test_vyos_user.py
@@ -67,18 +67,6 @@ class TestVyosUserModule(TestVyosModule):
         result = self.execute_module(changed=True)
         self.assertEqual(result["commands"], ["delete system login user ansible"])
 
-    def test_vyos_user_level(self):
-        set_module_args(dict(name="ansible", level="operator"))
-        result = self.execute_module(changed=True)
-        self.assertEqual(
-            result["commands"],
-            ["set system login user ansible level operator"],
-        )
-
-    def test_vyos_user_level_invalid(self):
-        set_module_args(dict(name="ansible", level="sysadmin"))
-        self.execute_module(failed=True)
-
     def test_vyos_user_purge(self):
         set_module_args(dict(purge=True))
         result = self.execute_module(changed=True)
@@ -88,6 +76,7 @@ class TestVyosUserModule(TestVyosModule):
                 [
                     "delete system login user ansible",
                     "delete system login user admin",
+                    "delete system login user ssh",
                 ],
             ),
         )
@@ -129,3 +118,122 @@ class TestVyosUserModule(TestVyosModule):
             result["commands"],
             ["set system login user ansible authentication plaintext-password test"],
         )
+
+    def test_vyos_user_set_ssh_key(self):
+        set_module_args(
+            dict(
+                name="ansible",
+                public_keys=[
+                    dict(
+                        name="user@host",
+                        key="AAAAC3NzaC1lZDI1NTE5AAAAIFIR0jrMvBdmvTJNY5EDhOD+eixvbOinhY1eBU2uyuhu",
+                        type="ssh-ed25519",
+                    ),
+                ],
+            ),
+        )
+        result = self.execute_module(changed=True)
+        self.assertEqual(
+            result["commands"],
+            [
+                "set system login user ansible authentication public-keys user@host key 'AAAAC3NzaC1lZDI1NTE5AAAAIFIR0jrMvBdmvTJNY5EDhOD+eixvbOinhY1eBU2uyuhu'",
+                "set system login user ansible authentication public-keys user@host type 'ssh-ed25519'",
+            ],
+        )
+
+    def test_vyos_user_set_ssh_key_idempotent(self):
+        set_module_args(
+            dict(
+                name="ssh",
+                public_keys=[
+                    dict(
+                        name="user@host",
+                        key="AAAAB3NzaC1yc2EAAAADAQABAAABAQD",
+                        type="ssh-rsa",
+                    ),
+                ],
+            ),
+        )
+        self.load_fixtures()
+        result = self.execute_module(changed=False)
+        self.assertEqual(result["commands"], [])
+
+    def test_vyos_user_set_ssh_key_change(self):
+        set_module_args(
+            dict(
+                name="ssh",
+                public_keys=[
+                    dict(
+                        name="user@host",
+                        key="AAAAC3NzaC1lZDI1NTE5AAAAIFIR0jrMvBdmvTJNY5EDhOD+eixvbOinhY1eBU2uyuhu",
+                        type="ssh-ed25519",
+                    ),
+                ],
+            ),
+        )
+        self.load_fixtures()
+        result = self.execute_module(
+            changed=True,
+            commands=[
+                "set system login user ssh authentication public-keys user@host key 'AAAAC3NzaC1lZDI1NTE5AAAAIFIR0jrMvBdmvTJNY5EDhOD+eixvbOinhY1eBU2uyuhu'",
+                "set system login user ssh authentication public-keys user@host type 'ssh-ed25519'",
+            ],
+        )
+
+    def test_vyos_user_set_ssh_key_add_and_remove(self):
+        set_module_args(
+            dict(
+                name="ssh",
+                public_keys=[
+                    dict(
+                        name="noone@nowhere",
+                        key="AAAAC3NzaC1lZDI1NTE5AAAAIFIR0jrMvBdmvTJNY5EDhOD+eixvbOinhY1eBU2uyuhu",
+                        type="ssh-ed25519",
+                    ),
+                ],
+            ),
+        )
+        self.load_fixtures()
+        result = self.execute_module(
+            changed=True,
+            commands=[
+                "delete system login user ssh authentication public-keys user@host",
+                "set system login user ssh authentication public-keys noone@nowhere key 'AAAAC3NzaC1lZDI1NTE5AAAAIFIR0jrMvBdmvTJNY5EDhOD+eixvbOinhY1eBU2uyuhu'",
+                "set system login user ssh authentication public-keys noone@nowhere type 'ssh-ed25519'",
+            ],
+        )
+
+    def test_vyos_user_set_ssh_key_empty(self):
+        # empty public_keys has no effect (for setting passwords, user names, etc.)
+        set_module_args(
+            dict(
+                name="ssh",
+                public_keys=[],
+            ),
+        )
+        self.load_fixtures()
+        result = self.execute_module(changed=False)
+
+    def test_vyos_user_set_encrypted_password(self):
+        set_module_args(
+            dict(
+                name="ansible",
+                encrypted_password="$6$rounds=656000$SALT$HASH",
+            ),
+        )
+        result = self.execute_module(changed=True)
+        self.assertEqual(
+            result["commands"],
+            [
+                "set system login user ansible authentication encrypted-password '$6$rounds=656000$SALT$HASH'",
+            ],
+        )
+
+    def test_vyos_user_set_encrypted_password_idem(self):
+        set_module_args(
+            dict(
+                name="ansible",
+                encrypted_password="$6$ZfvSv6A50W6yNPYX$4HP5eg2sywcXYxTqhApQ7zvUvx0HsQHrI9xuJoFLy2gM/",
+            ),
+        )
+        result = self.execute_module(changed=False)