Vault SSH: Refactoring and fixes
This commit is contained in:
Vishal Nayak
parent
ef11dd99f7
commit
ed258f80c6
|
|
@ -55,6 +55,8 @@ var testPort string
|
|||
var testUserName string
|
||||
var testAdminUser string
|
||||
|
||||
// Starts the server and initializes the servers IP address,
|
||||
// port and usernames to be used by the test cases.
|
||||
func init() {
|
||||
addr, err := vault.StartTestServer()
|
||||
if err != nil {
|
||||
|
|
@ -83,6 +85,29 @@ func TestSSHBackend(t *testing.T) {
|
|||
})
|
||||
}
|
||||
|
||||
func testNamedKeys(t *testing.T) logicaltest.TestStep {
|
||||
return logicaltest.TestStep{
|
||||
Operation: logical.WriteOperation,
|
||||
Path: fmt.Sprintf("keys/%s", testKey),
|
||||
Data: map[string]interface{}{
|
||||
"key": testSharedPrivateKey,
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func testNewRole(t *testing.T) logicaltest.TestStep {
|
||||
return logicaltest.TestStep{
|
||||
Operation: logical.WriteOperation,
|
||||
Path: fmt.Sprintf("roles/%s", testRoleName),
|
||||
Data: map[string]interface{}{
|
||||
"key": testKey,
|
||||
"admin_user": testAdminUser,
|
||||
"cidr": testCidr,
|
||||
"port": testPort,
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func testRoleCreate(t *testing.T) logicaltest.TestStep {
|
||||
return logicaltest.TestStep{
|
||||
Operation: logical.WriteOperation,
|
||||
|
|
@ -110,26 +135,3 @@ func testRoleCreate(t *testing.T) logicaltest.TestStep {
|
|||
},
|
||||
}
|
||||
}
|
||||
|
||||
func testNewRole(t *testing.T) logicaltest.TestStep {
|
||||
return logicaltest.TestStep{
|
||||
Operation: logical.WriteOperation,
|
||||
Path: fmt.Sprintf("roles/%s", testRoleName),
|
||||
Data: map[string]interface{}{
|
||||
"key": testKey,
|
||||
"admin_user": testAdminUser,
|
||||
"cidr": testCidr,
|
||||
"port": testPort,
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func testNamedKeys(t *testing.T) logicaltest.TestStep {
|
||||
return logicaltest.TestStep{
|
||||
Operation: logical.WriteOperation,
|
||||
Path: fmt.Sprintf("keys/%s", testKey),
|
||||
Data: map[string]interface{}{
|
||||
"key": testSharedPrivateKey,
|
||||
},
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -55,6 +55,8 @@ var testPort string
|
|||
var testUserName string
|
||||
var testAdminUser string
|
||||
|
||||
// Starts the server and initializes the servers IP address,
|
||||
// port and usernames to be used by the test cases.
|
||||
func init() {
|
||||
addr, err := vault.StartTestServer()
|
||||
if err != nil {
|
||||
|
|
@ -73,6 +75,8 @@ func init() {
|
|||
}
|
||||
|
||||
func TestSSH(t *testing.T) {
|
||||
// Add the SSH backend to the unsealed test core.
|
||||
// This should be done before the unsealed core is created.
|
||||
err := vault.AddTestLogicalBackend("ssh", logicalssh.Factory)
|
||||
if err != nil {
|
||||
t.Fatalf("err: %s", err)
|
||||
|
|
@ -132,8 +136,7 @@ func TestSSH(t *testing.T) {
|
|||
t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
|
||||
}
|
||||
|
||||
// Create a role by supplying the needful along with the
|
||||
// named key created above
|
||||
// Create a role using the named key along with cidr, username and port
|
||||
args = []string{
|
||||
"-address", addr,
|
||||
"ssh/roles/" + testRoleName,
|
||||
|
|
@ -154,10 +157,10 @@ func TestSSH(t *testing.T) {
|
|||
}
|
||||
|
||||
// Get the dynamic key and establish an SSH connection with target.
|
||||
// Inline command when supplied runs on target and terminates the connection.
|
||||
// Use whoami as the inline command in target and get the result.
|
||||
// Compare the result with the username used to connect to target.
|
||||
// Test succeeds if they match.
|
||||
// Inline command when supplied, runs on target and terminates the
|
||||
// connection. Use whoami as the inline command in target and get
|
||||
// the result. Compare the result with the username used to connect
|
||||
// to target. Test succeeds if they match.
|
||||
args = []string{
|
||||
"-address", addr,
|
||||
"-role=" + testRoleName,
|
||||
|
|
@ -165,7 +168,7 @@ func TestSSH(t *testing.T) {
|
|||
"/usr/bin/whoami",
|
||||
}
|
||||
|
||||
// Pipe to get the result of the inline command run in target machine
|
||||
// Creating pipe to get the result of the inline command run in target machine.
|
||||
stdout := os.Stdout
|
||||
r, w, err := os.Pipe()
|
||||
if err != nil {
|
||||
|
|
@ -185,6 +188,7 @@ func TestSSH(t *testing.T) {
|
|||
os.Stdout = stdout
|
||||
userName := <-bufChan
|
||||
userName = strings.TrimSpace(userName)
|
||||
|
||||
// Comparing the username used to connect to target and
|
||||
// the username on the target, thereby verifying successful
|
||||
// execution
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ import (
|
|||
|
||||
const (
|
||||
testSharedPublicKey = `
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9i+hFxZHGo6KblVme4zrAcJstR6I0PTJozW286X4WyvPnkMYDQ5mnhEYC7UWCvjoTWbPEXPX7NjhRtwQTGD67bV+lrxgfyzK1JZbUXK4PwgKJvQD+XyyWYMzDgGSQY61KUSqCxymSm/9NZkPU3ElaQ9xQuTzPpztM4ROfb8f2Yv6/ZESZsTo0MTAkp8Pcy+WkioI/uJ1H7zqs0EA4OMY4aDJRu0UtP4rTVeYNEAuRXdX+eH4aW3KMvhzpFTjMbaJHJXlEeUm2SaX5TNQyTOvghCeQILfYIL/Ca2ij8iwCmulwdV6eQGfd4VDu40PvSnmfoaE38o6HaPnX0kUcnKiT root@viva
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9i+hFxZHGo6KblVme4zrAcJstR6I0PTJozW286X4WyvPnkMYDQ5mnhEYC7UWCvjoTWbPEXPX7NjhRtwQTGD67bV+lrxgfyzK1JZbUXK4PwgKJvQD+XyyWYMzDgGSQY61KUSqCxymSm/9NZkPU3ElaQ9xQuTzPpztM4ROfb8f2Yv6/ZESZsTo0MTAkp8Pcy+WkioI/uJ1H7zqs0EA4OMY4aDJRu0UtP4rTVeYNEAuRXdX+eH4aW3KMvhzpFTjMbaJHJXlEeUm2SaX5TNQyTOvghCeQILfYIL/Ca2ij8iwCmulwdV6eQGfd4VDu40PvSnmfoaE38o6HaPnX0kUcnKiT
|
||||
`
|
||||
testSharedPrivateKey = `
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
|
|
|
|||
Loading…
Reference in New Issue