Vault SSH: Refactoring and fixes
This commit is contained in:
parent
ef11dd99f7
commit
ed258f80c6
|
@ -55,6 +55,8 @@ var testPort string
|
||||||
var testUserName string
|
var testUserName string
|
||||||
var testAdminUser string
|
var testAdminUser string
|
||||||
|
|
||||||
|
// Starts the server and initializes the servers IP address,
|
||||||
|
// port and usernames to be used by the test cases.
|
||||||
func init() {
|
func init() {
|
||||||
addr, err := vault.StartTestServer()
|
addr, err := vault.StartTestServer()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -83,6 +85,29 @@ func TestSSHBackend(t *testing.T) {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func testNamedKeys(t *testing.T) logicaltest.TestStep {
|
||||||
|
return logicaltest.TestStep{
|
||||||
|
Operation: logical.WriteOperation,
|
||||||
|
Path: fmt.Sprintf("keys/%s", testKey),
|
||||||
|
Data: map[string]interface{}{
|
||||||
|
"key": testSharedPrivateKey,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func testNewRole(t *testing.T) logicaltest.TestStep {
|
||||||
|
return logicaltest.TestStep{
|
||||||
|
Operation: logical.WriteOperation,
|
||||||
|
Path: fmt.Sprintf("roles/%s", testRoleName),
|
||||||
|
Data: map[string]interface{}{
|
||||||
|
"key": testKey,
|
||||||
|
"admin_user": testAdminUser,
|
||||||
|
"cidr": testCidr,
|
||||||
|
"port": testPort,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func testRoleCreate(t *testing.T) logicaltest.TestStep {
|
func testRoleCreate(t *testing.T) logicaltest.TestStep {
|
||||||
return logicaltest.TestStep{
|
return logicaltest.TestStep{
|
||||||
Operation: logical.WriteOperation,
|
Operation: logical.WriteOperation,
|
||||||
|
@ -110,26 +135,3 @@ func testRoleCreate(t *testing.T) logicaltest.TestStep {
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func testNewRole(t *testing.T) logicaltest.TestStep {
|
|
||||||
return logicaltest.TestStep{
|
|
||||||
Operation: logical.WriteOperation,
|
|
||||||
Path: fmt.Sprintf("roles/%s", testRoleName),
|
|
||||||
Data: map[string]interface{}{
|
|
||||||
"key": testKey,
|
|
||||||
"admin_user": testAdminUser,
|
|
||||||
"cidr": testCidr,
|
|
||||||
"port": testPort,
|
|
||||||
},
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func testNamedKeys(t *testing.T) logicaltest.TestStep {
|
|
||||||
return logicaltest.TestStep{
|
|
||||||
Operation: logical.WriteOperation,
|
|
||||||
Path: fmt.Sprintf("keys/%s", testKey),
|
|
||||||
Data: map[string]interface{}{
|
|
||||||
"key": testSharedPrivateKey,
|
|
||||||
},
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
|
@ -55,6 +55,8 @@ var testPort string
|
||||||
var testUserName string
|
var testUserName string
|
||||||
var testAdminUser string
|
var testAdminUser string
|
||||||
|
|
||||||
|
// Starts the server and initializes the servers IP address,
|
||||||
|
// port and usernames to be used by the test cases.
|
||||||
func init() {
|
func init() {
|
||||||
addr, err := vault.StartTestServer()
|
addr, err := vault.StartTestServer()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -73,6 +75,8 @@ func init() {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestSSH(t *testing.T) {
|
func TestSSH(t *testing.T) {
|
||||||
|
// Add the SSH backend to the unsealed test core.
|
||||||
|
// This should be done before the unsealed core is created.
|
||||||
err := vault.AddTestLogicalBackend("ssh", logicalssh.Factory)
|
err := vault.AddTestLogicalBackend("ssh", logicalssh.Factory)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("err: %s", err)
|
t.Fatalf("err: %s", err)
|
||||||
|
@ -132,8 +136,7 @@ func TestSSH(t *testing.T) {
|
||||||
t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
|
t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
|
||||||
}
|
}
|
||||||
|
|
||||||
// Create a role by supplying the needful along with the
|
// Create a role using the named key along with cidr, username and port
|
||||||
// named key created above
|
|
||||||
args = []string{
|
args = []string{
|
||||||
"-address", addr,
|
"-address", addr,
|
||||||
"ssh/roles/" + testRoleName,
|
"ssh/roles/" + testRoleName,
|
||||||
|
@ -154,10 +157,10 @@ func TestSSH(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get the dynamic key and establish an SSH connection with target.
|
// Get the dynamic key and establish an SSH connection with target.
|
||||||
// Inline command when supplied runs on target and terminates the connection.
|
// Inline command when supplied, runs on target and terminates the
|
||||||
// Use whoami as the inline command in target and get the result.
|
// connection. Use whoami as the inline command in target and get
|
||||||
// Compare the result with the username used to connect to target.
|
// the result. Compare the result with the username used to connect
|
||||||
// Test succeeds if they match.
|
// to target. Test succeeds if they match.
|
||||||
args = []string{
|
args = []string{
|
||||||
"-address", addr,
|
"-address", addr,
|
||||||
"-role=" + testRoleName,
|
"-role=" + testRoleName,
|
||||||
|
@ -165,7 +168,7 @@ func TestSSH(t *testing.T) {
|
||||||
"/usr/bin/whoami",
|
"/usr/bin/whoami",
|
||||||
}
|
}
|
||||||
|
|
||||||
// Pipe to get the result of the inline command run in target machine
|
// Creating pipe to get the result of the inline command run in target machine.
|
||||||
stdout := os.Stdout
|
stdout := os.Stdout
|
||||||
r, w, err := os.Pipe()
|
r, w, err := os.Pipe()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -185,6 +188,7 @@ func TestSSH(t *testing.T) {
|
||||||
os.Stdout = stdout
|
os.Stdout = stdout
|
||||||
userName := <-bufChan
|
userName := <-bufChan
|
||||||
userName = strings.TrimSpace(userName)
|
userName = strings.TrimSpace(userName)
|
||||||
|
|
||||||
// Comparing the username used to connect to target and
|
// Comparing the username used to connect to target and
|
||||||
// the username on the target, thereby verifying successful
|
// the username on the target, thereby verifying successful
|
||||||
// execution
|
// execution
|
||||||
|
|
|
@ -20,7 +20,7 @@ import (
|
||||||
|
|
||||||
const (
|
const (
|
||||||
testSharedPublicKey = `
|
testSharedPublicKey = `
|
||||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9i+hFxZHGo6KblVme4zrAcJstR6I0PTJozW286X4WyvPnkMYDQ5mnhEYC7UWCvjoTWbPEXPX7NjhRtwQTGD67bV+lrxgfyzK1JZbUXK4PwgKJvQD+XyyWYMzDgGSQY61KUSqCxymSm/9NZkPU3ElaQ9xQuTzPpztM4ROfb8f2Yv6/ZESZsTo0MTAkp8Pcy+WkioI/uJ1H7zqs0EA4OMY4aDJRu0UtP4rTVeYNEAuRXdX+eH4aW3KMvhzpFTjMbaJHJXlEeUm2SaX5TNQyTOvghCeQILfYIL/Ca2ij8iwCmulwdV6eQGfd4VDu40PvSnmfoaE38o6HaPnX0kUcnKiT root@viva
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9i+hFxZHGo6KblVme4zrAcJstR6I0PTJozW286X4WyvPnkMYDQ5mnhEYC7UWCvjoTWbPEXPX7NjhRtwQTGD67bV+lrxgfyzK1JZbUXK4PwgKJvQD+XyyWYMzDgGSQY61KUSqCxymSm/9NZkPU3ElaQ9xQuTzPpztM4ROfb8f2Yv6/ZESZsTo0MTAkp8Pcy+WkioI/uJ1H7zqs0EA4OMY4aDJRu0UtP4rTVeYNEAuRXdX+eH4aW3KMvhzpFTjMbaJHJXlEeUm2SaX5TNQyTOvghCeQILfYIL/Ca2ij8iwCmulwdV6eQGfd4VDu40PvSnmfoaE38o6HaPnX0kUcnKiT
|
||||||
`
|
`
|
||||||
testSharedPrivateKey = `
|
testSharedPrivateKey = `
|
||||||
-----BEGIN RSA PRIVATE KEY-----
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
|
Loading…
Reference in a new issue