github.com/niedbalski/juju@v0.0.0-20190215020005-8ff100488e47/api/keymanager/client_test.go

github.com/niedbalski/juju@v0.0.0-20190215020005-8ff100488e47/api/keymanager/client_test.go (about)

     1  // Copyright 2013 Canonical Ltd.
     2  // Licensed under the AGPLv3, see LICENCE file for details.
     3  
     4  package keymanager_test
     5  
     6  import (
     7  	"strings"
     8  
     9  	"github.com/juju/errors"
    10  	jc "github.com/juju/testing/checkers"
    11  	"github.com/juju/utils/ssh"
    12  	sshtesting "github.com/juju/utils/ssh/testing"
    13  	gc "gopkg.in/check.v1"
    14  
    15  	"github.com/juju/juju/api/keymanager"
    16  	keymanagerserver "github.com/juju/juju/apiserver/facades/client/keymanager"
    17  	keymanagertesting "github.com/juju/juju/apiserver/facades/client/keymanager/testing"
    18  	"github.com/juju/juju/apiserver/params"
    19  	jujutesting "github.com/juju/juju/juju/testing"
    20  	"github.com/juju/juju/rpc"
    21  )
    22  
    23  type keymanagerSuite struct {
    24  	jujutesting.JujuConnSuite
    25  
    26  	keymanager *keymanager.Client
    27  }
    28  
    29  var _ = gc.Suite(&keymanagerSuite{})
    30  
    31  func (s *keymanagerSuite) SetUpTest(c *gc.C) {
    32  	s.JujuConnSuite.SetUpTest(c)
    33  	s.keymanager = keymanager.NewClient(s.APIState)
    34  	c.Assert(s.keymanager, gc.NotNil)
    35  
    36  }
    37  
    38  func (s *keymanagerSuite) setAuthorisedKeys(c *gc.C, keys string) {
    39  	err := s.Model.UpdateModelConfig(map[string]interface{}{"authorized-keys": keys}, nil)
    40  	c.Assert(err, jc.ErrorIsNil)
    41  }
    42  
    43  func (s *keymanagerSuite) TestListKeys(c *gc.C) {
    44  	key1 := sshtesting.ValidKeyOne.Key + " user@host"
    45  	key2 := sshtesting.ValidKeyTwo.Key
    46  	s.setAuthorisedKeys(c, strings.Join([]string{key1, key2}, "\n"))
    47  
    48  	keyResults, err := s.keymanager.ListKeys(ssh.Fingerprints, s.AdminUserTag(c).Name())
    49  	c.Assert(err, jc.ErrorIsNil)
    50  	c.Assert(len(keyResults), gc.Equals, 1)
    51  	result := keyResults[0]
    52  	c.Assert(result.Error, gc.IsNil)
    53  	c.Assert(result.Result, gc.DeepEquals,
    54  		[]string{sshtesting.ValidKeyOne.Fingerprint + " (user@host)", sshtesting.ValidKeyTwo.Fingerprint})
    55  }
    56  
    57  func (s *keymanagerSuite) TestListKeysErrors(c *gc.C) {
    58  	c.Skip("the user name isn't checked for existence yet")
    59  	keyResults, err := s.keymanager.ListKeys(ssh.Fingerprints, "invalid")
    60  	c.Assert(err, jc.ErrorIsNil)
    61  	c.Assert(len(keyResults), gc.Equals, 1)
    62  	result := keyResults[0]
    63  	c.Assert(result.Error, gc.ErrorMatches, `permission denied`)
    64  }
    65  
    66  func clientError(message string) *params.Error {
    67  	return &params.Error{
    68  		Message: message,
    69  		Code:    "",
    70  	}
    71  }
    72  
    73  func (s *keymanagerSuite) assertModelKeys(c *gc.C, expected []string) {
    74  	modelConfig, err := s.Model.ModelConfig()
    75  	c.Assert(err, jc.ErrorIsNil)
    76  	keys := modelConfig.AuthorizedKeys()
    77  	c.Assert(keys, gc.Equals, strings.Join(expected, "\n"))
    78  }
    79  
    80  func (s *keymanagerSuite) TestAddKeys(c *gc.C) {
    81  	key1 := sshtesting.ValidKeyOne.Key + " user@host"
    82  	s.setAuthorisedKeys(c, key1)
    83  
    84  	newKeys := []string{sshtesting.ValidKeyTwo.Key, sshtesting.ValidKeyThree.Key, "invalid"}
    85  	errResults, err := s.keymanager.AddKeys(s.AdminUserTag(c).Name(), newKeys...)
    86  	c.Assert(err, jc.ErrorIsNil)
    87  	c.Assert(errResults, gc.DeepEquals, []params.ErrorResult{
    88  		{Error: nil},
    89  		{Error: nil},
    90  		{Error: clientError("invalid ssh key: invalid")},
    91  	})
    92  	s.assertModelKeys(c, append([]string{key1}, newKeys[:2]...))
    93  }
    94  
    95  func (s *keymanagerSuite) TestAddSystemKeyForbidden(c *gc.C) {
    96  	key1 := sshtesting.ValidKeyOne.Key + " user@host"
    97  	s.setAuthorisedKeys(c, key1)
    98  
    99  	newKey := sshtesting.ValidKeyTwo.Key
   100  	_, err := s.keymanager.AddKeys("juju-system-key", newKey)
   101  	c.Assert(errors.Cause(err), gc.DeepEquals, &rpc.RequestError{
   102  		Message: "permission denied",
   103  		Code:    "unauthorized access",
   104  	})
   105  	s.assertModelKeys(c, []string{key1})
   106  }
   107  
   108  func (s *keymanagerSuite) TestDeleteKeys(c *gc.C) {
   109  	key1 := sshtesting.ValidKeyOne.Key + " user@host"
   110  	key2 := sshtesting.ValidKeyTwo.Key
   111  	key3 := sshtesting.ValidKeyThree.Key
   112  	initialKeys := []string{key1, key2, key3, "invalid"}
   113  	s.setAuthorisedKeys(c, strings.Join(initialKeys, "\n"))
   114  
   115  	errResults, err := s.keymanager.DeleteKeys(s.AdminUserTag(c).Name(), sshtesting.ValidKeyTwo.Fingerprint, "user@host", "missing")
   116  	c.Assert(err, jc.ErrorIsNil)
   117  	c.Assert(errResults, gc.DeepEquals, []params.ErrorResult{
   118  		{Error: nil},
   119  		{Error: nil},
   120  		{Error: clientError("invalid ssh key: missing")},
   121  	})
   122  	s.assertModelKeys(c, []string{key3, "invalid"})
   123  }
   124  
   125  func (s *keymanagerSuite) TestImportKeys(c *gc.C) {
   126  	s.PatchValue(&keymanagerserver.RunSSHImportId, keymanagertesting.FakeImport)
   127  
   128  	key1 := sshtesting.ValidKeyOne.Key + " user@host"
   129  	s.setAuthorisedKeys(c, key1)
   130  
   131  	keyIds := []string{"lp:validuser", "invalid-key"}
   132  	errResults, err := s.keymanager.ImportKeys(s.AdminUserTag(c).Name(), keyIds...)
   133  	c.Assert(err, jc.ErrorIsNil)
   134  	c.Assert(errResults, gc.DeepEquals, []params.ErrorResult{
   135  		{Error: nil},
   136  		{Error: clientError("invalid ssh key id: invalid-key")},
   137  	})
   138  	s.assertModelKeys(c, []string{key1, sshtesting.ValidKeyThree.Key})
   139  }
   140  
   141  func (s *keymanagerSuite) assertInvalidUserOperation(c *gc.C, test func(user string, keys []string) error) {
   142  	key1 := sshtesting.ValidKeyOne.Key + " user@host"
   143  	s.setAuthorisedKeys(c, key1)
   144  
   145  	// Run the required test code and check the error.
   146  	keys := []string{sshtesting.ValidKeyTwo.Key, sshtesting.ValidKeyThree.Key}
   147  	err := test("invalid", keys)
   148  	c.Assert(err, gc.ErrorMatches, `permission denied`)
   149  
   150  	// No model changes.
   151  	s.assertModelKeys(c, []string{key1})
   152  }
   153  
   154  func (s *keymanagerSuite) TestAddKeysInvalidUser(c *gc.C) {
   155  	c.Skip("no user validation done yet")
   156  	s.assertInvalidUserOperation(c, func(user string, keys []string) error {
   157  		_, err := s.keymanager.AddKeys(user, keys...)
   158  		return err
   159  	})
   160  }
   161  
   162  func (s *keymanagerSuite) TestDeleteKeysInvalidUser(c *gc.C) {
   163  	c.Skip("no user validation done yet")
   164  	s.assertInvalidUserOperation(c, func(user string, keys []string) error {
   165  		_, err := s.keymanager.DeleteKeys(user, keys...)
   166  		return err
   167  	})
   168  }
   169  
   170  func (s *keymanagerSuite) TestImportKeysInvalidUser(c *gc.C) {
   171  	c.Skip("no user validation done yet")
   172  	s.assertInvalidUserOperation(c, func(user string, keys []string) error {
   173  		_, err := s.keymanager.ImportKeys(user, keys...)
   174  		return err
   175  	})
   176  }
   177  
   178  func (s *keymanagerSuite) TestExposesBestAPIVersion(c *gc.C) {
   179  	c.Check(s.keymanager.BestAPIVersion(), gc.Equals, 1)
   180  }