diff options
| author | Gaige B Paulsen <gaige@cluetrust.com> | 2025-01-02 14:06:58 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-01-02 19:06:58 +0000 |
| commit | 9e159990f949652ec1b22f9a9a6e72828bdd1e80 (patch) | |
| tree | f3f580083415d4ea48cf81b86e02f08df8f9f26a /tests | |
| parent | dbd87e3ab89b7839e41df76c2fa7712855853fd3 (diff) | |
| download | vyos.vyos-9e159990f949652ec1b22f9a9a6e72828bdd1e80.tar.gz vyos.vyos-9e159990f949652ec1b22f9a9a6e72828bdd1e80.zip | |
T6988: fix: remove role/level, fix tests (#371)
* T6988: fix: remove role/level, fix tests
* feature: add support for SSH keys
* tests: add integration tests for public_keys
* feat: add encrypted password support
* tests: add unit for encrypted
* tests: fix wrapping in YAML
* tests: fix smoke tests
Diffstat (limited to 'tests')
8 files changed, 424 insertions, 31 deletions
diff --git a/tests/integration/targets/vyos_smoke/tests/cli/caching.yaml b/tests/integration/targets/vyos_smoke/tests/cli/caching.yaml index 9afea2e0..b7e7e1fd 100644 --- a/tests/integration/targets/vyos_smoke/tests/cli/caching.yaml +++ b/tests/integration/targets/vyos_smoke/tests/cli/caching.yaml @@ -6,11 +6,9 @@ interface_cmds: - set interfaces ethernet eth1 description 'Configured by Ansible - Interface 1' - set interfaces ethernet eth1 mtu '1500' - - set interfaces ethernet eth1 duplex 'auto' - - set interfaces ethernet eth1 speed 'auto' - set interfaces ethernet eth1 vif 101 description 'Eth1 - VIF 101' - set interfaces ethernet eth2 description 'Configured by Ansible - Interface 2 (ADMIN DOWN)' - - set interfaces ethernet eth2 mtu '600' + - set interfaces ethernet eth2 mtu '1280' l3_interface_cmds: - set interfaces ethernet eth1 address '192.0.2.10/24' - set interfaces ethernet eth1 address '2001:db8::10/32' @@ -31,15 +29,13 @@ - name: eth1 description: Configured by Ansible - Interface 1 mtu: 1500 - speed: auto - duplex: auto vifs: - vlan_id: 101 description: Eth1 - VIF 101 - name: eth2 description: Configured by Ansible - Interface 2 (ADMIN DOWN) - mtu: 600 + mtu: 1280 state: merged - assert: diff --git a/tests/integration/targets/vyos_user/tests/cli/auth.yaml b/tests/integration/targets/vyos_user/tests/cli/auth.yaml index a3178bf0..98a3d170 100644 --- a/tests/integration/targets/vyos_user/tests/cli/auth.yaml +++ b/tests/integration/targets/vyos_user/tests/cli/auth.yaml @@ -3,25 +3,24 @@ - name: Create user with password vyos.vyos.vyos_user: name: auth_user - role: admin state: present configured_password: pass123 - name: test login via ssh with new user expect: command: >- - ssh auth_user@{{ ansible_ssh_host }} -p {{ ansible_port | default(22) }} \ - -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no '/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper - show version' + ssh auth_user@{{ ansible_ssh_host }} -p {{ ansible_port | default(22) }} + -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no + '/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper show version' responses: (?i)password: pass123 - name: test login via ssh with invalid password (should fail) expect: command: >- - ssh auth_user@{{ ansible_ssh_host }} -p {{ ansible_port | default(22) }} \ - -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no '/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper - show version' + ssh auth_user@{{ ansible_ssh_host }} -p {{ ansible_port | default(22) }} + -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no + '/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper show version' responses: (?i)password: badpass ignore_errors: true diff --git a/tests/integration/targets/vyos_user/tests/cli/basic.yaml b/tests/integration/targets/vyos_user/tests/cli/basic.yaml index 096edc0b..381f0db1 100644 --- a/tests/integration/targets/vyos_user/tests/cli/basic.yaml +++ b/tests/integration/targets/vyos_user/tests/cli/basic.yaml @@ -26,15 +26,14 @@ vyos.vyos.vyos_user: aggregate: - name: ansibletest2 - - name: ansibletest3 - level: operator + full_name: "test user" state: present - assert: that: - result.changed == true - - result.commands == ["set system login user ansibletest2 level operator", "set system login user ansibletest3 level operator"] + - result.commands == ["set system login user ansibletest2 full-name 'test user'", "set system login user ansibletest3 full-name 'test user'"] - name: Add user again (Idempotent) register: result @@ -56,7 +55,6 @@ - name: ansibletest2 - name: ansibletest3 - level: operator state: present - assert: diff --git a/tests/integration/targets/vyos_user/tests/cli/encrypted.yaml b/tests/integration/targets/vyos_user/tests/cli/encrypted.yaml new file mode 100644 index 00000000..39fbf61f --- /dev/null +++ b/tests/integration/targets/vyos_user/tests/cli/encrypted.yaml @@ -0,0 +1,97 @@ +--- +- debug: msg="START cli/basic.yaml on connection={{ ansible_connection }}" + +- name: Setup + vyos.vyos.vyos_config: + lines: + - delete system login user ansibletest1 + - delete system login user ansibletest2 + - delete system login user ansibletest3 + +- name: Create user + register: result + vyos.vyos.vyos_user: + name: ansibletest1 + encrypted_password: "{{ encrypted_password }}" + state: present + +- assert: + that: + - result.changed == true + - "{{ encrypted_add['commands'] | symmetric_difference(result['commands']) |length == 0 }}" + +- name: Collection of users (SetUp) + register: result + vyos.vyos.vyos_user: + aggregate: + - name: ansibletest2 + - name: ansibletest3 + full_name: "test user" + encrypted_password: "{{ encrypted_password }}" + state: present + +- assert: + that: + - result.changed == true + - "{{ encrypted_aggregate_add['commands'] | symmetric_difference(result['commands']) |length == 0 }}" + +- name: Add user again (Idempotent) + register: result + vyos.vyos.vyos_user: + name: ansibletest1 + encrypted_password: "{{ encrypted_password }}" + state: present + +- assert: + that: + - result.changed == false + - result.commands | length == 0 + +- name: Add collection of users (Idempotent) + register: result + vyos.vyos.vyos_user: + aggregate: + - name: ansibletest2 + - name: ansibletest3 + encrypted_password: "{{ encrypted_password }}" + state: present + +- name: Change user password + register: result + vyos.vyos.vyos_user: + name: ansibletest1 + encrypted_password: "{{ encrypted_password_2 }}" + state: present + +- assert: + that: + - result.changed == true + - "{{ encrypted_change['commands'] | symmetric_difference(result['commands']) |length == 0 }}" + +- name: Change collection of users + register: result + vyos.vyos.vyos_user: + aggregate: + - name: ansibletest2 + - name: ansibletest3 + encrypted_password: "{{ encrypted_password_2 }}" + state: present + +- assert: + that: + - result.changed == true + - "{{ encrypted_aggregate_change['commands'] | symmetric_difference(result['commands']) |length == 0 }}" + +- name: tearDown + register: result + vyos.vyos.vyos_user: + users: + - name: ansibletest1 + - name: ansibletest2 + - name: ansibletest3 + state: absent + +- assert: + that: + - result.changed == true + - result.commands == ["delete system login user ansibletest1", "delete system login user ansibletest2", "delete system login user ansibletest3"] diff --git a/tests/integration/targets/vyos_user/tests/cli/public_keys.yaml b/tests/integration/targets/vyos_user/tests/cli/public_keys.yaml new file mode 100644 index 00000000..9ffa41eb --- /dev/null +++ b/tests/integration/targets/vyos_user/tests/cli/public_keys.yaml @@ -0,0 +1,129 @@ +--- +- debug: msg="START cli/basic.yaml on connection={{ ansible_connection }}" + +- name: Setup + vyos.vyos.vyos_config: + lines: + - delete system login user ssh_test_1 + - delete system login user ssh_test_2 + - delete system login user ssh_test_3 + +- name: Create first user + register: result + vyos.vyos.vyos_user: + name: ssh_test_1 + public_keys: + - name: test_key + key: "AAAAC3NzaC1lZDI1NTE5AAAAIFIR0jrMvBdmvTJNY5EDhOD+eixvbOinhY1eBU2uyuhu" + type: ssh-ed25519 + state: present + +- debug: + var: result +- debug: + var: ssh_add['commands'] + +- assert: + that: + - result.changed == true + - "{{ ssh_add['commands'] | symmetric_difference(result['commands']) |length == 0 }}" + +- name: Collection of users (SetUp) + register: result + vyos.vyos.vyos_user: + aggregate: + - name: ssh_test_2 + - name: ssh_test_3 + full_name: "test user" + public_keys: + - name: test_key_2 + key: "AAAAC3NzaC1lZDI1NTE5AAAAIFIR0jrMvBdmvTJNY5EDhOD+eixvbOinhY1eBU2uyuhu" + type: ssh-ed25519 + state: present + +- debug: + var: result +- debug: + var: ssh_aggregate_add['commands'] + +- assert: + that: + - result.changed == true + - "{{ ssh_aggregate_add['commands'] | symmetric_difference(result['commands']) |length == 0 }}" + +- name: Add user again (Idempotent) + register: result + vyos.vyos.vyos_user: + name: ssh_test_1 + public_keys: + - name: test_key + key: "AAAAC3NzaC1lZDI1NTE5AAAAIFIR0jrMvBdmvTJNY5EDhOD+eixvbOinhY1eBU2uyuhu" + type: ssh-ed25519 + state: present + +- assert: + that: + - result.changed == false + - result.commands | length == 0 + +- name: Add collection of users (Idempotent) + register: result + vyos.vyos.vyos_user: + aggregate: + - name: ssh_test_2 + - name: ssh_test_3 + public_keys: + - name: test_key_2 + key: "AAAAC3NzaC1lZDI1NTE5AAAAIFIR0jrMvBdmvTJNY5EDhOD+eixvbOinhY1eBU2uyuhu" + type: ssh-ed25519 + state: present + +- assert: + that: + - result.changed == false + - result.commands | length == 0 + +- name: Change user key + register: result + vyos.vyos.vyos_user: + name: ssh_test_1 + public_keys: + - name: test_key_3 + key: "AAAAC3NzaC1lZDI1NTE5AAAAIFIR0jrMvBdmvTJNY5EDhOD+eixvbOinhY1eBU2uyuhu" + type: ssh-ed25519 + state: present + +- assert: + that: + - result.changed == True + - "{{ ssh_change_key['commands'] | symmetric_difference(result['commands']) |length == 0 }}" + +- name: change collection of users keys + register: result + vyos.vyos.vyos_user: + aggregate: + - name: ssh_test_2 + - name: ssh_test_3 + public_keys: + - name: test_key_4 + key: "AAAAC3NzaC1lZDI1NTE5AAAAIFIR0jrMvBdmvTJNY5EDhOD+eixvbOinhY1eBU2uyuhu" + type: ssh-ed25519 + state: present +- assert: + that: + - result.changed == True + - "{{ ssh_aggregate_change['commands'] | symmetric_difference(result['commands']) |length == 0 }}" + +- name: tearDown + register: result + vyos.vyos.vyos_user: + users: + - name: ssh_test_1 + - name: ssh_test_2 + - name: ssh_test_3 + state: absent + +- assert: + that: + - result.changed == true + - result.commands == ["delete system login user ssh_test_1", "delete system login user ssh_test_2", "delete system login user ssh_test_3"] diff --git a/tests/integration/targets/vyos_user/vars/main.yaml b/tests/integration/targets/vyos_user/vars/main.yaml new file mode 100644 index 00000000..89163faf --- /dev/null +++ b/tests/integration/targets/vyos_user/vars/main.yaml @@ -0,0 +1,64 @@ +--- +ssh_add: + commands: + - set system login user ssh_test_1 authentication public-keys test_key key 'AAAAC3NzaC1lZDI1NTE5AAAAIFIR0jrMvBdmvTJNY5EDhOD+eixvbOinhY1eBU2uyuhu' + - set system login user ssh_test_1 authentication public-keys test_key type 'ssh-ed25519' + +ssh_aggregate_add: + commands: + - set system login user ssh_test_2 full-name 'test user' + - set system login user ssh_test_2 authentication public-keys test_key_2 key 'AAAAC3NzaC1lZDI1NTE5AAAAIFIR0jrMvBdmvTJNY5EDhOD+eixvbOinhY1eBU2uyuhu' + - set system login user ssh_test_2 authentication public-keys test_key_2 type 'ssh-ed25519' + - set system login user ssh_test_3 full-name 'test user' + - set system login user ssh_test_3 authentication public-keys test_key_2 key 'AAAAC3NzaC1lZDI1NTE5AAAAIFIR0jrMvBdmvTJNY5EDhOD+eixvbOinhY1eBU2uyuhu' + - set system login user ssh_test_3 authentication public-keys test_key_2 type 'ssh-ed25519' + +ssh_change_key: + commands: + - delete system login user ssh_test_1 authentication public-keys test_key + - set system login user ssh_test_1 authentication public-keys test_key_3 key 'AAAAC3NzaC1lZDI1NTE5AAAAIFIR0jrMvBdmvTJNY5EDhOD+eixvbOinhY1eBU2uyuhu' + - set system login user ssh_test_1 authentication public-keys test_key_3 type 'ssh-ed25519' + +ssh_aggregate_change: + commands: + - delete system login user ssh_test_2 authentication public-keys test_key_2 + - set system login user ssh_test_2 authentication public-keys test_key_4 key 'AAAAC3NzaC1lZDI1NTE5AAAAIFIR0jrMvBdmvTJNY5EDhOD+eixvbOinhY1eBU2uyuhu' + - set system login user ssh_test_2 authentication public-keys test_key_4 type 'ssh-ed25519' + - delete system login user ssh_test_3 authentication public-keys test_key_2 + - set system login user ssh_test_3 authentication public-keys test_key_4 key 'AAAAC3NzaC1lZDI1NTE5AAAAIFIR0jrMvBdmvTJNY5EDhOD+eixvbOinhY1eBU2uyuhu' + - set system login user ssh_test_3 authentication public-keys test_key_4 type 'ssh-ed25519' + +encrypted_password: "$6$x6SQ/zSxNwIEuqnL$hHmU/NXfAK/pFWXoCi91kKPAiQtf/cyckOlBUDUIL44QOUZHnqipHtz2znwYHQVM0Lqm6aFnm7Qs9WFlRf4mW/" + +encrypted_add: + commands: + - >- + set system login user ansibletest1 authentication encrypted-password + '$6$x6SQ/zSxNwIEuqnL$hHmU/NXfAK/pFWXoCi91kKPAiQtf/cyckOlBUDUIL44QOUZHnqipHtz2znwYHQVM0Lqm6aFnm7Qs9WFlRf4mW/' +encrypted_aggregate_add: + commands: + - set system login user ansibletest2 full-name 'test user' + - >- + set system login user ansibletest2 authentication encrypted-password + '$6$x6SQ/zSxNwIEuqnL$hHmU/NXfAK/pFWXoCi91kKPAiQtf/cyckOlBUDUIL44QOUZHnqipHtz2znwYHQVM0Lqm6aFnm7Qs9WFlRf4mW/' + - set system login user ansibletest3 full-name 'test user' + - >- + set system login user ansibletest3 authentication encrypted-password + '$6$x6SQ/zSxNwIEuqnL$hHmU/NXfAK/pFWXoCi91kKPAiQtf/cyckOlBUDUIL44QOUZHnqipHtz2znwYHQVM0Lqm6aFnm7Qs9WFlRf4mW/' + +encrypted_password_2: "$6$drNuMGFEgJ6Vremv$ukdc1trPwatKTUFVA9J1rAJsoWU.9ssgyZBoM7/ReK/yVAcxGbwx7.7VrKwF.Bag.thXXoXSduLtTzTlcJnU6." + +encrypted_change: + commands: + - >- + set system login user ansibletest1 authentication encrypted-password + '$6$drNuMGFEgJ6Vremv$ukdc1trPwatKTUFVA9J1rAJsoWU.9ssgyZBoM7/ReK/yVAcxGbwx7.7VrKwF.Bag.thXXoXSduLtTzTlcJnU6.' + +encrypted_aggregate_change: + commands: + - >- + set system login user ansibletest2 authentication encrypted-password + '$6$drNuMGFEgJ6Vremv$ukdc1trPwatKTUFVA9J1rAJsoWU.9ssgyZBoM7/ReK/yVAcxGbwx7.7VrKwF.Bag.thXXoXSduLtTzTlcJnU6.' + - >- + set system login user ansibletest3 authentication encrypted-password + '$6$drNuMGFEgJ6Vremv$ukdc1trPwatKTUFVA9J1rAJsoWU.9ssgyZBoM7/ReK/yVAcxGbwx7.7VrKwF.Bag.thXXoXSduLtTzTlcJnU6.' diff --git a/tests/unit/modules/network/vyos/fixtures/vyos_user_config.cfg b/tests/unit/modules/network/vyos/fixtures/vyos_user_config.cfg index 81cd1a48..9b73106e 100644 --- a/tests/unit/modules/network/vyos/fixtures/vyos_user_config.cfg +++ b/tests/unit/modules/network/vyos/fixtures/vyos_user_config.cfg @@ -1,2 +1,4 @@ -set system login user admin level operator authentication encrypted-password '$6$V5oWW3JM9NFAwOG$P2L4raFvIrZjjs3g0qmH4Ns5ti7flRpSs6aEqy4TrGZYXGeBiYzwi2A6jy' -set system login user ansible level operator authentication encrypted-password '$6$ZfvSv6A50W6yNPYX$4HP5eg2sywcXYxTqhApQ7zvUvx0HsQHrI9xuJoFLy2gM/' +set system login user admin authentication encrypted-password '$6$V5oWW3JM9NFAwOG$P2L4raFvIrZjjs3g0qmH4Ns5ti7flRpSs6aEqy4TrGZYXGeBiYzwi2A6jy' +set system login user ansible authentication encrypted-password '$6$ZfvSv6A50W6yNPYX$4HP5eg2sywcXYxTqhApQ7zvUvx0HsQHrI9xuJoFLy2gM/' +set system login user ssh authentication public-keys user@host key 'AAAAB3NzaC1yc2EAAAADAQABAAABAQD' +set system login user ssh authentication public-keys user@host type 'ssh-rsa' diff --git a/tests/unit/modules/network/vyos/test_vyos_user.py b/tests/unit/modules/network/vyos/test_vyos_user.py index 70297207..e8c50783 100644 --- a/tests/unit/modules/network/vyos/test_vyos_user.py +++ b/tests/unit/modules/network/vyos/test_vyos_user.py @@ -67,18 +67,6 @@ class TestVyosUserModule(TestVyosModule): result = self.execute_module(changed=True) self.assertEqual(result["commands"], ["delete system login user ansible"]) - def test_vyos_user_level(self): - set_module_args(dict(name="ansible", level="operator")) - result = self.execute_module(changed=True) - self.assertEqual( - result["commands"], - ["set system login user ansible level operator"], - ) - - def test_vyos_user_level_invalid(self): - set_module_args(dict(name="ansible", level="sysadmin")) - self.execute_module(failed=True) - def test_vyos_user_purge(self): set_module_args(dict(purge=True)) result = self.execute_module(changed=True) @@ -88,6 +76,7 @@ class TestVyosUserModule(TestVyosModule): [ "delete system login user ansible", "delete system login user admin", + "delete system login user ssh", ], ), ) @@ -129,3 +118,122 @@ class TestVyosUserModule(TestVyosModule): result["commands"], ["set system login user ansible authentication plaintext-password test"], ) + + def test_vyos_user_set_ssh_key(self): + set_module_args( + dict( + name="ansible", + public_keys=[ + dict( + name="user@host", + key="AAAAC3NzaC1lZDI1NTE5AAAAIFIR0jrMvBdmvTJNY5EDhOD+eixvbOinhY1eBU2uyuhu", + type="ssh-ed25519", + ), + ], + ), + ) + result = self.execute_module(changed=True) + self.assertEqual( + result["commands"], + [ + "set system login user ansible authentication public-keys user@host key 'AAAAC3NzaC1lZDI1NTE5AAAAIFIR0jrMvBdmvTJNY5EDhOD+eixvbOinhY1eBU2uyuhu'", + "set system login user ansible authentication public-keys user@host type 'ssh-ed25519'", + ], + ) + + def test_vyos_user_set_ssh_key_idempotent(self): + set_module_args( + dict( + name="ssh", + public_keys=[ + dict( + name="user@host", + key="AAAAB3NzaC1yc2EAAAADAQABAAABAQD", + type="ssh-rsa", + ), + ], + ), + ) + self.load_fixtures() + result = self.execute_module(changed=False) + self.assertEqual(result["commands"], []) + + def test_vyos_user_set_ssh_key_change(self): + set_module_args( + dict( + name="ssh", + public_keys=[ + dict( + name="user@host", + key="AAAAC3NzaC1lZDI1NTE5AAAAIFIR0jrMvBdmvTJNY5EDhOD+eixvbOinhY1eBU2uyuhu", + type="ssh-ed25519", + ), + ], + ), + ) + self.load_fixtures() + result = self.execute_module( + changed=True, + commands=[ + "set system login user ssh authentication public-keys user@host key 'AAAAC3NzaC1lZDI1NTE5AAAAIFIR0jrMvBdmvTJNY5EDhOD+eixvbOinhY1eBU2uyuhu'", + "set system login user ssh authentication public-keys user@host type 'ssh-ed25519'", + ], + ) + + def test_vyos_user_set_ssh_key_add_and_remove(self): + set_module_args( + dict( + name="ssh", + public_keys=[ + dict( + name="noone@nowhere", + key="AAAAC3NzaC1lZDI1NTE5AAAAIFIR0jrMvBdmvTJNY5EDhOD+eixvbOinhY1eBU2uyuhu", + type="ssh-ed25519", + ), + ], + ), + ) + self.load_fixtures() + result = self.execute_module( + changed=True, + commands=[ + "delete system login user ssh authentication public-keys user@host", + "set system login user ssh authentication public-keys noone@nowhere key 'AAAAC3NzaC1lZDI1NTE5AAAAIFIR0jrMvBdmvTJNY5EDhOD+eixvbOinhY1eBU2uyuhu'", + "set system login user ssh authentication public-keys noone@nowhere type 'ssh-ed25519'", + ], + ) + + def test_vyos_user_set_ssh_key_empty(self): + # empty public_keys has no effect (for setting passwords, user names, etc.) + set_module_args( + dict( + name="ssh", + public_keys=[], + ), + ) + self.load_fixtures() + result = self.execute_module(changed=False) + + def test_vyos_user_set_encrypted_password(self): + set_module_args( + dict( + name="ansible", + encrypted_password="$6$rounds=656000$SALT$HASH", + ), + ) + result = self.execute_module(changed=True) + self.assertEqual( + result["commands"], + [ + "set system login user ansible authentication encrypted-password '$6$rounds=656000$SALT$HASH'", + ], + ) + + def test_vyos_user_set_encrypted_password_idem(self): + set_module_args( + dict( + name="ansible", + encrypted_password="$6$ZfvSv6A50W6yNPYX$4HP5eg2sywcXYxTqhApQ7zvUvx0HsQHrI9xuJoFLy2gM/", + ), + ) + result = self.execute_module(changed=False) |