github.com/mhilton/juju-juju@v0.0.0-20150901100907-a94dd2c73455/api/keymanager/client_test.go (about) 1 // Copyright 2013 Canonical Ltd. 2 // Licensed under the AGPLv3, see LICENCE file for details. 3 4 package keymanager_test 5 6 import ( 7 "strings" 8 9 jc "github.com/juju/testing/checkers" 10 gc "gopkg.in/check.v1" 11 12 "github.com/juju/juju/api/keymanager" 13 keymanagerserver "github.com/juju/juju/apiserver/keymanager" 14 keymanagertesting "github.com/juju/juju/apiserver/keymanager/testing" 15 "github.com/juju/juju/apiserver/params" 16 jujutesting "github.com/juju/juju/juju/testing" 17 "github.com/juju/juju/state" 18 "github.com/juju/juju/utils/ssh" 19 sshtesting "github.com/juju/juju/utils/ssh/testing" 20 ) 21 22 type keymanagerSuite struct { 23 jujutesting.JujuConnSuite 24 25 keymanager *keymanager.Client 26 } 27 28 var _ = gc.Suite(&keymanagerSuite{}) 29 30 func (s *keymanagerSuite) SetUpTest(c *gc.C) { 31 s.JujuConnSuite.SetUpTest(c) 32 s.keymanager = keymanager.NewClient(s.APIState) 33 c.Assert(s.keymanager, gc.NotNil) 34 35 } 36 37 func (s *keymanagerSuite) setAuthorisedKeys(c *gc.C, keys string) { 38 err := s.BackingState.UpdateEnvironConfig(map[string]interface{}{"authorized-keys": keys}, nil, nil) 39 c.Assert(err, jc.ErrorIsNil) 40 } 41 42 func (s *keymanagerSuite) TestListKeys(c *gc.C) { 43 key1 := sshtesting.ValidKeyOne.Key + " user@host" 44 key2 := sshtesting.ValidKeyTwo.Key 45 s.setAuthorisedKeys(c, strings.Join([]string{key1, key2}, "\n")) 46 47 keyResults, err := s.keymanager.ListKeys(ssh.Fingerprints, s.AdminUserTag(c).Name()) 48 c.Assert(err, jc.ErrorIsNil) 49 c.Assert(len(keyResults), gc.Equals, 1) 50 result := keyResults[0] 51 c.Assert(result.Error, gc.IsNil) 52 c.Assert(result.Result, gc.DeepEquals, 53 []string{sshtesting.ValidKeyOne.Fingerprint + " (user@host)", sshtesting.ValidKeyTwo.Fingerprint}) 54 } 55 56 func (s *keymanagerSuite) TestListKeysErrors(c *gc.C) { 57 c.Skip("the user name isn't checked for existence yet") 58 keyResults, err := s.keymanager.ListKeys(ssh.Fingerprints, "invalid") 59 c.Assert(err, jc.ErrorIsNil) 60 c.Assert(len(keyResults), gc.Equals, 1) 61 result := keyResults[0] 62 c.Assert(result.Error, gc.ErrorMatches, `permission denied`) 63 } 64 65 func clientError(message string) *params.Error { 66 return ¶ms.Error{ 67 Message: message, 68 Code: "", 69 } 70 } 71 72 func (s *keymanagerSuite) assertEnvironKeys(c *gc.C, expected []string) { 73 envConfig, err := s.State.EnvironConfig() 74 c.Assert(err, jc.ErrorIsNil) 75 keys := envConfig.AuthorizedKeys() 76 c.Assert(keys, gc.Equals, strings.Join(expected, "\n")) 77 } 78 79 func (s *keymanagerSuite) TestAddKeys(c *gc.C) { 80 key1 := sshtesting.ValidKeyOne.Key + " user@host" 81 s.setAuthorisedKeys(c, key1) 82 83 newKeys := []string{sshtesting.ValidKeyTwo.Key, sshtesting.ValidKeyThree.Key, "invalid"} 84 errResults, err := s.keymanager.AddKeys(s.AdminUserTag(c).Name(), newKeys...) 85 c.Assert(err, jc.ErrorIsNil) 86 c.Assert(errResults, gc.DeepEquals, []params.ErrorResult{ 87 {Error: nil}, 88 {Error: nil}, 89 {Error: clientError("invalid ssh key: invalid")}, 90 }) 91 s.assertEnvironKeys(c, append([]string{key1}, newKeys[:2]...)) 92 } 93 94 func (s *keymanagerSuite) TestAddSystemKey(c *gc.C) { 95 key1 := sshtesting.ValidKeyOne.Key + " user@host" 96 s.setAuthorisedKeys(c, key1) 97 98 apiState, _ := s.OpenAPIAsNewMachine(c, state.JobManageEnviron) 99 keyManager := keymanager.NewClient(apiState) 100 defer keyManager.Close() 101 newKey := sshtesting.ValidKeyTwo.Key 102 errResults, err := keyManager.AddKeys("juju-system-key", newKey) 103 c.Assert(err, jc.ErrorIsNil) 104 c.Assert(errResults, gc.DeepEquals, []params.ErrorResult{ 105 {Error: nil}, 106 }) 107 s.assertEnvironKeys(c, []string{key1, newKey}) 108 } 109 110 func (s *keymanagerSuite) TestAddSystemKeyWrongUser(c *gc.C) { 111 key1 := sshtesting.ValidKeyOne.Key + " user@host" 112 s.setAuthorisedKeys(c, key1) 113 114 apiState, _ := s.OpenAPIAsNewMachine(c, state.JobManageEnviron) 115 keyManager := keymanager.NewClient(apiState) 116 defer keyManager.Close() 117 newKey := sshtesting.ValidKeyTwo.Key 118 _, err := keyManager.AddKeys("some-user", newKey) 119 c.Assert(err, gc.ErrorMatches, "permission denied") 120 s.assertEnvironKeys(c, []string{key1}) 121 } 122 123 func (s *keymanagerSuite) TestDeleteKeys(c *gc.C) { 124 key1 := sshtesting.ValidKeyOne.Key + " user@host" 125 key2 := sshtesting.ValidKeyTwo.Key 126 key3 := sshtesting.ValidKeyThree.Key 127 initialKeys := []string{key1, key2, key3, "invalid"} 128 s.setAuthorisedKeys(c, strings.Join(initialKeys, "\n")) 129 130 errResults, err := s.keymanager.DeleteKeys(s.AdminUserTag(c).Name(), sshtesting.ValidKeyTwo.Fingerprint, "user@host", "missing") 131 c.Assert(err, jc.ErrorIsNil) 132 c.Assert(errResults, gc.DeepEquals, []params.ErrorResult{ 133 {Error: nil}, 134 {Error: nil}, 135 {Error: clientError("invalid ssh key: missing")}, 136 }) 137 s.assertEnvironKeys(c, []string{"invalid", key3}) 138 } 139 140 func (s *keymanagerSuite) TestImportKeys(c *gc.C) { 141 s.PatchValue(&keymanagerserver.RunSSHImportId, keymanagertesting.FakeImport) 142 143 key1 := sshtesting.ValidKeyOne.Key + " user@host" 144 s.setAuthorisedKeys(c, key1) 145 146 keyIds := []string{"lp:validuser", "invalid-key"} 147 errResults, err := s.keymanager.ImportKeys(s.AdminUserTag(c).Name(), keyIds...) 148 c.Assert(err, jc.ErrorIsNil) 149 c.Assert(errResults, gc.DeepEquals, []params.ErrorResult{ 150 {Error: nil}, 151 {Error: clientError("invalid ssh key id: invalid-key")}, 152 }) 153 s.assertEnvironKeys(c, []string{key1, sshtesting.ValidKeyThree.Key}) 154 } 155 156 func (s *keymanagerSuite) assertInvalidUserOperation(c *gc.C, test func(user string, keys []string) error) { 157 key1 := sshtesting.ValidKeyOne.Key + " user@host" 158 s.setAuthorisedKeys(c, key1) 159 160 // Run the required test code and check the error. 161 keys := []string{sshtesting.ValidKeyTwo.Key, sshtesting.ValidKeyThree.Key} 162 err := test("invalid", keys) 163 c.Assert(err, gc.ErrorMatches, `permission denied`) 164 165 // No environ changes. 166 s.assertEnvironKeys(c, []string{key1}) 167 } 168 169 func (s *keymanagerSuite) TestAddKeysInvalidUser(c *gc.C) { 170 c.Skip("no user validation done yet") 171 s.assertInvalidUserOperation(c, func(user string, keys []string) error { 172 _, err := s.keymanager.AddKeys(user, keys...) 173 return err 174 }) 175 } 176 177 func (s *keymanagerSuite) TestDeleteKeysInvalidUser(c *gc.C) { 178 c.Skip("no user validation done yet") 179 s.assertInvalidUserOperation(c, func(user string, keys []string) error { 180 _, err := s.keymanager.DeleteKeys(user, keys...) 181 return err 182 }) 183 } 184 185 func (s *keymanagerSuite) TestImportKeysInvalidUser(c *gc.C) { 186 c.Skip("no user validation done yet") 187 s.assertInvalidUserOperation(c, func(user string, keys []string) error { 188 _, err := s.keymanager.ImportKeys(user, keys...) 189 return err 190 }) 191 } 192 193 func (s *keymanagerSuite) TestExposesBestAPIVersion(c *gc.C) { 194 c.Check(s.keymanager.BestAPIVersion(), gc.Equals, 0) 195 }