From ed258f80c68058c9cb757c266600e2a220caefeb Mon Sep 17 00:00:00 2001 From: Vishal Nayak Date: Fri, 10 Jul 2015 17:27:21 -0600 Subject: [PATCH] Vault SSH: Refactoring and fixes --- builtin/logical/ssh/backend_test.go | 48 +++++++++++++++-------------- command/ssh_test.go | 18 ++++++----- vault/testing.go | 2 +- 3 files changed, 37 insertions(+), 31 deletions(-) diff --git a/builtin/logical/ssh/backend_test.go b/builtin/logical/ssh/backend_test.go index cc3a29d66..885939029 100644 --- a/builtin/logical/ssh/backend_test.go +++ b/builtin/logical/ssh/backend_test.go @@ -55,6 +55,8 @@ var testPort string var testUserName string var testAdminUser string +// Starts the server and initializes the servers IP address, +// port and usernames to be used by the test cases. func init() { addr, err := vault.StartTestServer() if err != nil { @@ -83,6 +85,29 @@ func TestSSHBackend(t *testing.T) { }) } +func testNamedKeys(t *testing.T) logicaltest.TestStep { + return logicaltest.TestStep{ + Operation: logical.WriteOperation, + Path: fmt.Sprintf("keys/%s", testKey), + Data: map[string]interface{}{ + "key": testSharedPrivateKey, + }, + } +} + +func testNewRole(t *testing.T) logicaltest.TestStep { + return logicaltest.TestStep{ + Operation: logical.WriteOperation, + Path: fmt.Sprintf("roles/%s", testRoleName), + Data: map[string]interface{}{ + "key": testKey, + "admin_user": testAdminUser, + "cidr": testCidr, + "port": testPort, + }, + } +} + func testRoleCreate(t *testing.T) logicaltest.TestStep { return logicaltest.TestStep{ Operation: logical.WriteOperation, @@ -110,26 +135,3 @@ func testRoleCreate(t *testing.T) logicaltest.TestStep { }, } } - -func testNewRole(t *testing.T) logicaltest.TestStep { - return logicaltest.TestStep{ - Operation: logical.WriteOperation, - Path: fmt.Sprintf("roles/%s", testRoleName), - Data: map[string]interface{}{ - "key": testKey, - "admin_user": testAdminUser, - "cidr": testCidr, - "port": testPort, - }, - } -} - -func testNamedKeys(t *testing.T) logicaltest.TestStep { - return logicaltest.TestStep{ - Operation: logical.WriteOperation, - Path: fmt.Sprintf("keys/%s", testKey), - Data: map[string]interface{}{ - "key": testSharedPrivateKey, - }, - } -} diff --git a/command/ssh_test.go b/command/ssh_test.go index 54dc97a7a..f813e6b9f 100644 --- a/command/ssh_test.go +++ b/command/ssh_test.go @@ -55,6 +55,8 @@ var testPort string var testUserName string var testAdminUser string +// Starts the server and initializes the servers IP address, +// port and usernames to be used by the test cases. func init() { addr, err := vault.StartTestServer() if err != nil { @@ -73,6 +75,8 @@ func init() { } func TestSSH(t *testing.T) { + // Add the SSH backend to the unsealed test core. + // This should be done before the unsealed core is created. err := vault.AddTestLogicalBackend("ssh", logicalssh.Factory) if err != nil { t.Fatalf("err: %s", err) @@ -132,8 +136,7 @@ func TestSSH(t *testing.T) { t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String()) } - // Create a role by supplying the needful along with the - // named key created above + // Create a role using the named key along with cidr, username and port args = []string{ "-address", addr, "ssh/roles/" + testRoleName, @@ -154,10 +157,10 @@ func TestSSH(t *testing.T) { } // Get the dynamic key and establish an SSH connection with target. - // Inline command when supplied runs on target and terminates the connection. - // Use whoami as the inline command in target and get the result. - // Compare the result with the username used to connect to target. - // Test succeeds if they match. + // Inline command when supplied, runs on target and terminates the + // connection. Use whoami as the inline command in target and get + // the result. Compare the result with the username used to connect + // to target. Test succeeds if they match. args = []string{ "-address", addr, "-role=" + testRoleName, @@ -165,7 +168,7 @@ func TestSSH(t *testing.T) { "/usr/bin/whoami", } - // Pipe to get the result of the inline command run in target machine + // Creating pipe to get the result of the inline command run in target machine. stdout := os.Stdout r, w, err := os.Pipe() if err != nil { @@ -185,6 +188,7 @@ func TestSSH(t *testing.T) { os.Stdout = stdout userName := <-bufChan userName = strings.TrimSpace(userName) + // Comparing the username used to connect to target and // the username on the target, thereby verifying successful // execution diff --git a/vault/testing.go b/vault/testing.go index 926f9f3e9..cdea18d0d 100644 --- a/vault/testing.go +++ b/vault/testing.go @@ -20,7 +20,7 @@ import ( const ( testSharedPublicKey = ` -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9i+hFxZHGo6KblVme4zrAcJstR6I0PTJozW286X4WyvPnkMYDQ5mnhEYC7UWCvjoTWbPEXPX7NjhRtwQTGD67bV+lrxgfyzK1JZbUXK4PwgKJvQD+XyyWYMzDgGSQY61KUSqCxymSm/9NZkPU3ElaQ9xQuTzPpztM4ROfb8f2Yv6/ZESZsTo0MTAkp8Pcy+WkioI/uJ1H7zqs0EA4OMY4aDJRu0UtP4rTVeYNEAuRXdX+eH4aW3KMvhzpFTjMbaJHJXlEeUm2SaX5TNQyTOvghCeQILfYIL/Ca2ij8iwCmulwdV6eQGfd4VDu40PvSnmfoaE38o6HaPnX0kUcnKiT root@viva +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9i+hFxZHGo6KblVme4zrAcJstR6I0PTJozW286X4WyvPnkMYDQ5mnhEYC7UWCvjoTWbPEXPX7NjhRtwQTGD67bV+lrxgfyzK1JZbUXK4PwgKJvQD+XyyWYMzDgGSQY61KUSqCxymSm/9NZkPU3ElaQ9xQuTzPpztM4ROfb8f2Yv6/ZESZsTo0MTAkp8Pcy+WkioI/uJ1H7zqs0EA4OMY4aDJRu0UtP4rTVeYNEAuRXdX+eH4aW3KMvhzpFTjMbaJHJXlEeUm2SaX5TNQyTOvghCeQILfYIL/Ca2ij8iwCmulwdV6eQGfd4VDu40PvSnmfoaE38o6HaPnX0kUcnKiT ` testSharedPrivateKey = ` -----BEGIN RSA PRIVATE KEY-----