github.com/vtorhonen/terraform@v0.9.0-beta2.0.20170307220345-5d894e4ffda7/builtin/providers/tls/resource_private_key_test.go (about) 1 package tls 2 3 import ( 4 "fmt" 5 "strings" 6 "testing" 7 8 r "github.com/hashicorp/terraform/helper/resource" 9 "github.com/hashicorp/terraform/terraform" 10 ) 11 12 func TestPrivateKeyRSA(t *testing.T) { 13 r.Test(t, r.TestCase{ 14 Providers: testProviders, 15 Steps: []r.TestStep{ 16 r.TestStep{ 17 Config: ` 18 resource "tls_private_key" "test" { 19 algorithm = "RSA" 20 } 21 output "private_key_pem" { 22 value = "${tls_private_key.test.private_key_pem}" 23 } 24 output "public_key_pem" { 25 value = "${tls_private_key.test.public_key_pem}" 26 } 27 output "public_key_openssh" { 28 value = "${tls_private_key.test.public_key_openssh}" 29 } 30 `, 31 Check: func(s *terraform.State) error { 32 gotPrivateUntyped := s.RootModule().Outputs["private_key_pem"].Value 33 gotPrivate, ok := gotPrivateUntyped.(string) 34 if !ok { 35 return fmt.Errorf("output for \"private_key_pem\" is not a string") 36 } 37 38 if !strings.HasPrefix(gotPrivate, "-----BEGIN RSA PRIVATE KEY----") { 39 return fmt.Errorf("private key is missing RSA key PEM preamble") 40 } 41 if len(gotPrivate) > 1700 { 42 return fmt.Errorf("private key PEM looks too long for a 2048-bit key (got %v characters)", len(gotPrivate)) 43 } 44 45 gotPublicUntyped := s.RootModule().Outputs["public_key_pem"].Value 46 gotPublic, ok := gotPublicUntyped.(string) 47 if !ok { 48 return fmt.Errorf("output for \"public_key_pem\" is not a string") 49 } 50 if !strings.HasPrefix(gotPublic, "-----BEGIN PUBLIC KEY----") { 51 return fmt.Errorf("public key is missing public key PEM preamble") 52 } 53 54 gotPublicSSHUntyped := s.RootModule().Outputs["public_key_openssh"].Value 55 gotPublicSSH, ok := gotPublicSSHUntyped.(string) 56 if !ok { 57 return fmt.Errorf("output for \"public_key_openssh\" is not a string") 58 } 59 if !strings.HasPrefix(gotPublicSSH, "ssh-rsa ") { 60 return fmt.Errorf("SSH public key is missing ssh-rsa prefix") 61 } 62 63 return nil 64 }, 65 }, 66 r.TestStep{ 67 Config: ` 68 resource "tls_private_key" "test" { 69 algorithm = "RSA" 70 rsa_bits = 4096 71 } 72 output "key_pem" { 73 value = "${tls_private_key.test.private_key_pem}" 74 } 75 `, 76 Check: func(s *terraform.State) error { 77 gotUntyped := s.RootModule().Outputs["key_pem"].Value 78 got, ok := gotUntyped.(string) 79 if !ok { 80 return fmt.Errorf("output for \"key_pem\" is not a string") 81 } 82 if !strings.HasPrefix(got, "-----BEGIN RSA PRIVATE KEY----") { 83 return fmt.Errorf("key is missing RSA key PEM preamble") 84 } 85 if len(got) < 1700 { 86 return fmt.Errorf("key PEM looks too short for a 4096-bit key (got %v characters)", len(got)) 87 } 88 return nil 89 }, 90 }, 91 }, 92 }) 93 } 94 95 func TestPrivateKeyECDSA(t *testing.T) { 96 r.Test(t, r.TestCase{ 97 Providers: testProviders, 98 Steps: []r.TestStep{ 99 r.TestStep{ 100 Config: ` 101 resource "tls_private_key" "test" { 102 algorithm = "ECDSA" 103 } 104 output "private_key_pem" { 105 value = "${tls_private_key.test.private_key_pem}" 106 } 107 output "public_key_pem" { 108 value = "${tls_private_key.test.public_key_pem}" 109 } 110 output "public_key_openssh" { 111 value = "${tls_private_key.test.public_key_openssh}" 112 } 113 `, 114 Check: func(s *terraform.State) error { 115 gotPrivateUntyped := s.RootModule().Outputs["private_key_pem"].Value 116 gotPrivate, ok := gotPrivateUntyped.(string) 117 if !ok { 118 return fmt.Errorf("output for \"private_key_pem\" is not a string") 119 } 120 121 if !strings.HasPrefix(gotPrivate, "-----BEGIN EC PRIVATE KEY----") { 122 return fmt.Errorf("Private key is missing EC key PEM preamble") 123 } 124 125 gotPublicUntyped := s.RootModule().Outputs["public_key_pem"].Value 126 gotPublic, ok := gotPublicUntyped.(string) 127 if !ok { 128 return fmt.Errorf("output for \"public_key_pem\" is not a string") 129 } 130 131 if !strings.HasPrefix(gotPublic, "-----BEGIN PUBLIC KEY----") { 132 return fmt.Errorf("public key is missing public key PEM preamble") 133 } 134 135 gotPublicSSH := s.RootModule().Outputs["public_key_openssh"].Value.(string) 136 if gotPublicSSH != "" { 137 return fmt.Errorf("P224 EC key should not generate OpenSSH public key") 138 } 139 140 return nil 141 }, 142 }, 143 r.TestStep{ 144 Config: ` 145 resource "tls_private_key" "test" { 146 algorithm = "ECDSA" 147 ecdsa_curve = "P256" 148 } 149 output "private_key_pem" { 150 value = "${tls_private_key.test.private_key_pem}" 151 } 152 output "public_key_pem" { 153 value = "${tls_private_key.test.public_key_pem}" 154 } 155 output "public_key_openssh" { 156 value = "${tls_private_key.test.public_key_openssh}" 157 } 158 `, 159 Check: func(s *terraform.State) error { 160 gotPrivateUntyped := s.RootModule().Outputs["private_key_pem"].Value 161 gotPrivate, ok := gotPrivateUntyped.(string) 162 if !ok { 163 return fmt.Errorf("output for \"private_key_pem\" is not a string") 164 } 165 if !strings.HasPrefix(gotPrivate, "-----BEGIN EC PRIVATE KEY----") { 166 return fmt.Errorf("Private key is missing EC key PEM preamble") 167 } 168 169 gotPublicUntyped := s.RootModule().Outputs["public_key_pem"].Value 170 gotPublic, ok := gotPublicUntyped.(string) 171 if !ok { 172 return fmt.Errorf("output for \"public_key_pem\" is not a string") 173 } 174 if !strings.HasPrefix(gotPublic, "-----BEGIN PUBLIC KEY----") { 175 return fmt.Errorf("public key is missing public key PEM preamble") 176 } 177 178 gotPublicSSHUntyped := s.RootModule().Outputs["public_key_openssh"].Value 179 gotPublicSSH, ok := gotPublicSSHUntyped.(string) 180 if !ok { 181 return fmt.Errorf("output for \"public_key_openssh\" is not a string") 182 } 183 if !strings.HasPrefix(gotPublicSSH, "ecdsa-sha2-nistp256 ") { 184 return fmt.Errorf("P256 SSH public key is missing ecdsa prefix") 185 } 186 187 return nil 188 }, 189 }, 190 }, 191 }) 192 }