redesign test for key retrieval via http

Signed-off-by: Doug Knight <[email protected]>
sous-chefs · Jan 28, 2021 · 4cb60b0 · 4cb60b0
1 parent 73a4bf4
commit 4cb60b0
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 7 deletions.
diff --git a/resources/manage.rb b/resources/manage.rb
@@ -90,8 +90,8 @@
       ssh_keys = []
       if u['ssh_keys']
         Array(u['ssh_keys']).each do |key|
-          if key.start_with?('https')
-            ssh_keys += keys_from_url(key)
+          if key.start_with?('https') or key.start_with?('INSECURE:http')
+            ssh_keys += keys_from_url(key.delete_prefix('INSECURE:'))
           else
             ssh_keys << key
           end

diff --git a/test/fixtures/cookbooks/users_test/recipes/default.rb b/test/fixtures/cookbooks/users_test/recipes/default.rb
@@ -1,3 +1,33 @@
+# Stage a web service that will serve files out of the /_keys directory to
+# help validate that the user_manage resource can retrieve ssh keys via
+# HTTP.
+require 'webrick'
+keyserver_ready = false
+keyserver = WEBrick::HTTPServer.new(
+  DocumentRoot: '/_keys',
+  StartCallback: -> { keyserver_ready = true }
+)
+
+# Populate the /_keys directory with fake ssh keys for the tests.
+directory '/_keys'
+file '/_keys/test_user_keys_url.keys' do
+  content <<~END_OF_SSH_KEYS
+    ssh-rsa FAKE+RSA+KEY+DATA
+    ecdsa-sha2-nistp256 FAKE+ECDSA+KEY+DATA
+  END_OF_SSH_KEYS
+end
+
+# Start the web service and wait for it to begin accepting connections.
+ruby_block 'start key server' do
+  block do
+    Thread.new { keyserver.start }
+    [1..50].each do
+      break if keyserver_ready
+      sleep 0.1
+    end
+  end
+end
+
 user 'mwaddams' do
   manage_home true
   action :nothing
@@ -16,3 +46,8 @@
   data_bag 'test_home_dir'
   manage_nfs_home_dirs false
 end
+
+# Shutdown the web service.
+ruby_block 'stop key server' do
+  block { keyserver.shutdown }
+end
diff --git a/test/fixtures/data_bags/test_home_dir/test_user_keys_url.json b/test/fixtures/data_bags/test_home_dir/test_user_keys_url.json
@@ -2,7 +2,7 @@
   "id": "test_user_keys_from_url",
   "password": "$1$5cE1rI/9$4p0fomh9U4kAI23qUlZVv/",
   "ssh_keys": [
-    "https://github.com/majormoses.keys",
+    "INSECURE:http://localhost/test_user_keys_url.keys",
     "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU\nGPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3\nPbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XA\nt3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/En\nmZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbx\nNQCPO0ZZEa1== [email protected]"
   ],
   "groups": [ "testgroup", "nfsgroup" ],

diff --git a/test/integration/default/default_spec.rb b/test/integration/default/default_spec.rb
@@ -32,11 +32,9 @@
   its('shell') { should eq '/bin/bash' }
 end
 
-# NOTE: this test is super brittle and should probably create a specific github
-# user or mock an HTTP server with the keys
 ssh_keys = [
-  'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCy3cbPekJYHAIa8J1fOr2iIqpx/7pl4giJYAG7HCfsunRRUq3dY1KhVw1BlmMGIDzNwcuNVIfBS5HS/wREqbHMXxbwAjWrMwUofWd09CTuKJZiyTLUC5pSQWKDXZrefH/Fwd7s+YKk1s78b49zkyDcHSnKxjN+5veinzeU+vaUF9duFAJ9OsL7kTDEzOUU0zJdSdUV0hH1lnljnvk8kXHLFl9sKS3iM2LRqW4B6wOc2RbXUnx+jwNaBsq1zd73F2q3Ta7GXdtW/q4oDYl3s72oW4ySL6TZfpLCiv/7txHicZiY1eqc591CON0k/Rh7eR7XsphwkUstoUPQcBuLqQPA529zBigD7A8PBmeHISxL2qirWjR2+PrEGn1b0yu8IHHz9ZgliX83Q4WpjXvJ3REj2jfM8hiFRV3lA/ovjQrmLLV8WUAZ8updcLE5mbhZzIsC4U/HKIJS02zoggHGHZauClwwcdBtIJnJqtP803yKNPO2sDudTpvEi8GZ8n6jSXo/N8nBVId2LZa5YY/g/v5kH0akn+/E3jXhw4CICNW8yICpeJO8dGYMOp3Bs9/cRK8QYomXqgpoFlvkgzT2h4Ie6lyRgNv5QnUyAnW43O5FdBnPk/XZ3LA462VU3uOfr0AQtEJzPccpFC6OCFYWdGwZQA/r1EZQES0yRfJLpx+uZQ==',
-  'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCy3cbPekJYHAIa8J1fOr2iIqpx/7pl4giJYAG7HCfsunRRUq3dY1KhVw1BlmMGIDzNwcuNVIfBS5HS/wREqbHMXxbwAjWrMwUofWd09CTuKJZiyTLUC5pSQWKDXZrefH/Fwd7s+YKk1s78b49zkyDcHSnKxjN+5veinzeU+vaUF9duFAJ9OsL7kTDEzOUU0zJdSdUV0hH1lnljnvk8kXHLFl9sKS3iM2LRqW4B6wOc2RbXUnx+jwNaBsq1zd73F2q3Ta7GXdtW/q4oDYl3s72oW4ySL6TZfpLCiv/7txHicZiY1eqc591CON0k/Rh7eR7XsphwkUstoUPQcBuLqQPA529zBigD7A8PBmeHISxL2qirWjR2+PrEGn1b0yu8IHHz9ZgliX83Q4WpjXvJ3REj2jfM8hiFRV3lA/ovjQrmLLV8WUAZ8updcLE5mbhZzIsC4U/HKIJS02zoggHGHZauClwwcdBtIJnJqtP803yKNPO2sDudTpvEi8GZ8n6jSXo/N8nBVId2LZa5YY/g/v5kH0akn+/E3jXhw4CICNW8yICpeJO8dGYMOp3Bs9/cRK8QYomXqgpoFlvkgzT2h4Ie6lyRgNv5QnUyAnW43O5FdBnPk/XZ3LA462VU3uOfr0AQtEJzPccpFC6OCFYWdGwZQA/r1EZQES0yRfJLpx+uZQ==',
+  'ssh-rsa FAKE+RSA+KEY+DATA',
+  'ecdsa-sha2-nistp256 FAKE+ECDSA+KEY+DATA',
 ]
 
 describe file('/home/test_user_keys_from_url/.ssh/authorized_keys') do