github.com/mattyw/juju@v0.0.0-20140610034352-732aecd63861/state/api/keymanager/client_test.go

github.com/mattyw/juju@v0.0.0-20140610034352-732aecd63861/state/api/keymanager/client_test.go (about)

     1  // Copyright 2013 Canonical Ltd.
     2  // Licensed under the AGPLv3, see LICENCE file for details.
     3  
     4  package keymanager_test
     5  
     6  import (
     7  	"strings"
     8  
     9  	gc "launchpad.net/gocheck"
    10  
    11  	jujutesting "github.com/juju/juju/juju/testing"
    12  	"github.com/juju/juju/state"
    13  	"github.com/juju/juju/state/api/keymanager"
    14  	"github.com/juju/juju/state/api/params"
    15  	keymanagerserver "github.com/juju/juju/state/apiserver/keymanager"
    16  	keymanagertesting "github.com/juju/juju/state/apiserver/keymanager/testing"
    17  	"github.com/juju/juju/utils/ssh"
    18  	sshtesting "github.com/juju/juju/utils/ssh/testing"
    19  )
    20  
    21  type keymanagerSuite struct {
    22  	jujutesting.JujuConnSuite
    23  
    24  	keymanager *keymanager.Client
    25  }
    26  
    27  var _ = gc.Suite(&keymanagerSuite{})
    28  
    29  func (s *keymanagerSuite) SetUpTest(c *gc.C) {
    30  	s.JujuConnSuite.SetUpTest(c)
    31  	s.keymanager = keymanager.NewClient(s.APIState)
    32  	c.Assert(s.keymanager, gc.NotNil)
    33  
    34  }
    35  
    36  func (s *keymanagerSuite) setAuthorisedKeys(c *gc.C, keys string) {
    37  	err := s.BackingState.UpdateEnvironConfig(map[string]interface{}{"authorized-keys": keys}, nil, nil)
    38  	c.Assert(err, gc.IsNil)
    39  }
    40  
    41  func (s *keymanagerSuite) TestListKeys(c *gc.C) {
    42  	key1 := sshtesting.ValidKeyOne.Key + " user@host"
    43  	key2 := sshtesting.ValidKeyTwo.Key
    44  	s.setAuthorisedKeys(c, strings.Join([]string{key1, key2}, "\n"))
    45  
    46  	keyResults, err := s.keymanager.ListKeys(ssh.Fingerprints, state.AdminUser)
    47  	c.Assert(err, gc.IsNil)
    48  	c.Assert(len(keyResults), gc.Equals, 1)
    49  	result := keyResults[0]
    50  	c.Assert(result.Error, gc.IsNil)
    51  	c.Assert(result.Result, gc.DeepEquals,
    52  		[]string{sshtesting.ValidKeyOne.Fingerprint + " (user@host)", sshtesting.ValidKeyTwo.Fingerprint})
    53  }
    54  
    55  func (s *keymanagerSuite) TestListKeysErrors(c *gc.C) {
    56  	keyResults, err := s.keymanager.ListKeys(ssh.Fingerprints, "invalid")
    57  	c.Assert(err, gc.IsNil)
    58  	c.Assert(len(keyResults), gc.Equals, 1)
    59  	result := keyResults[0]
    60  	c.Assert(result.Error, gc.ErrorMatches, `permission denied`)
    61  }
    62  
    63  func clientError(message string) *params.Error {
    64  	return &params.Error{
    65  		Message: message,
    66  		Code:    "",
    67  	}
    68  }
    69  
    70  func (s *keymanagerSuite) assertEnvironKeys(c *gc.C, expected []string) {
    71  	envConfig, err := s.State.EnvironConfig()
    72  	c.Assert(err, gc.IsNil)
    73  	keys := envConfig.AuthorizedKeys()
    74  	c.Assert(keys, gc.Equals, strings.Join(expected, "\n"))
    75  }
    76  
    77  func (s *keymanagerSuite) TestAddKeys(c *gc.C) {
    78  	key1 := sshtesting.ValidKeyOne.Key + " user@host"
    79  	s.setAuthorisedKeys(c, key1)
    80  
    81  	newKeys := []string{sshtesting.ValidKeyTwo.Key, sshtesting.ValidKeyThree.Key, "invalid"}
    82  	errResults, err := s.keymanager.AddKeys(state.AdminUser, newKeys...)
    83  	c.Assert(err, gc.IsNil)
    84  	c.Assert(errResults, gc.DeepEquals, []params.ErrorResult{
    85  		{Error: nil},
    86  		{Error: nil},
    87  		{Error: clientError("invalid ssh key: invalid")},
    88  	})
    89  	s.assertEnvironKeys(c, append([]string{key1}, newKeys[:2]...))
    90  }
    91  
    92  func (s *keymanagerSuite) TestAddSystemKey(c *gc.C) {
    93  	key1 := sshtesting.ValidKeyOne.Key + " user@host"
    94  	s.setAuthorisedKeys(c, key1)
    95  
    96  	apiState, _ := s.OpenAPIAsNewMachine(c, state.JobManageEnviron)
    97  	keyManager := keymanager.NewClient(apiState)
    98  	newKey := sshtesting.ValidKeyTwo.Key
    99  	errResults, err := keyManager.AddKeys("juju-system-key", newKey)
   100  	c.Assert(err, gc.IsNil)
   101  	c.Assert(errResults, gc.DeepEquals, []params.ErrorResult{
   102  		{Error: nil},
   103  	})
   104  	s.assertEnvironKeys(c, []string{key1, newKey})
   105  }
   106  
   107  func (s *keymanagerSuite) TestAddSystemKeyWrongUser(c *gc.C) {
   108  	key1 := sshtesting.ValidKeyOne.Key + " user@host"
   109  	s.setAuthorisedKeys(c, key1)
   110  
   111  	apiState, _ := s.OpenAPIAsNewMachine(c, state.JobManageEnviron)
   112  	keyManager := keymanager.NewClient(apiState)
   113  	newKey := sshtesting.ValidKeyTwo.Key
   114  	_, err := keyManager.AddKeys("some-user", newKey)
   115  	c.Assert(err, gc.ErrorMatches, "permission denied")
   116  	s.assertEnvironKeys(c, []string{key1})
   117  }
   118  
   119  func (s *keymanagerSuite) TestDeleteKeys(c *gc.C) {
   120  	key1 := sshtesting.ValidKeyOne.Key + " user@host"
   121  	key2 := sshtesting.ValidKeyTwo.Key
   122  	key3 := sshtesting.ValidKeyThree.Key
   123  	initialKeys := []string{key1, key2, key3, "invalid"}
   124  	s.setAuthorisedKeys(c, strings.Join(initialKeys, "\n"))
   125  
   126  	errResults, err := s.keymanager.DeleteKeys(state.AdminUser, sshtesting.ValidKeyTwo.Fingerprint, "user@host", "missing")
   127  	c.Assert(err, gc.IsNil)
   128  	c.Assert(errResults, gc.DeepEquals, []params.ErrorResult{
   129  		{Error: nil},
   130  		{Error: nil},
   131  		{Error: clientError("invalid ssh key: missing")},
   132  	})
   133  	s.assertEnvironKeys(c, []string{"invalid", key3})
   134  }
   135  
   136  func (s *keymanagerSuite) TestImportKeys(c *gc.C) {
   137  	s.PatchValue(&keymanagerserver.RunSSHImportId, keymanagertesting.FakeImport)
   138  
   139  	key1 := sshtesting.ValidKeyOne.Key + " user@host"
   140  	s.setAuthorisedKeys(c, key1)
   141  
   142  	keyIds := []string{"lp:validuser", "invalid-key"}
   143  	errResults, err := s.keymanager.ImportKeys(state.AdminUser, keyIds...)
   144  	c.Assert(err, gc.IsNil)
   145  	c.Assert(errResults, gc.DeepEquals, []params.ErrorResult{
   146  		{Error: nil},
   147  		{Error: clientError("invalid ssh key id: invalid-key")},
   148  	})
   149  	s.assertEnvironKeys(c, []string{key1, sshtesting.ValidKeyThree.Key})
   150  }
   151  
   152  func (s *keymanagerSuite) assertInvalidUserOperation(c *gc.C, test func(user string, keys []string) error) {
   153  	key1 := sshtesting.ValidKeyOne.Key + " user@host"
   154  	s.setAuthorisedKeys(c, key1)
   155  
   156  	// Run the required test code and check the error.
   157  	keys := []string{sshtesting.ValidKeyTwo.Key, sshtesting.ValidKeyThree.Key}
   158  	err := test("invalid", keys)
   159  	c.Assert(err, gc.ErrorMatches, `permission denied`)
   160  
   161  	// No environ changes.
   162  	s.assertEnvironKeys(c, []string{key1})
   163  }
   164  
   165  func (s *keymanagerSuite) TestAddKeysInvalidUser(c *gc.C) {
   166  	s.assertInvalidUserOperation(c, func(user string, keys []string) error {
   167  		_, err := s.keymanager.AddKeys(user, keys...)
   168  		return err
   169  	})
   170  }
   171  
   172  func (s *keymanagerSuite) TestDeleteKeysInvalidUser(c *gc.C) {
   173  	s.assertInvalidUserOperation(c, func(user string, keys []string) error {
   174  		_, err := s.keymanager.DeleteKeys(user, keys...)
   175  		return err
   176  	})
   177  }
   178  
   179  func (s *keymanagerSuite) TestImportKeysInvalidUser(c *gc.C) {
   180  	s.assertInvalidUserOperation(c, func(user string, keys []string) error {
   181  		_, err := s.keymanager.ImportKeys(user, keys...)
   182  		return err
   183  	})
   184  }