luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Vault SSH: Refactoring and fixes

This commit is contained in:
Vishal Nayak 2015-07-10 17:27:21 -06:00
parent ef11dd99f7
commit ed258f80c6
3 changed files with 37 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
builtin/logical/ssh/backend_test.go
View File

@ -55,6 +55,8 @@ var testPort string
var testUserName string var testUserName string
var testAdminUser string var testAdminUser string
// Starts the server and initializes the servers IP address,
// port and usernames to be used by the test cases.
func init() { func init() {
addr, err := vault.StartTestServer() addr, err := vault.StartTestServer()
if err != nil { if err != nil {
@ -83,6 +85,29 @@ func TestSSHBackend(t *testing.T) {
}) })
} }
func testNamedKeys(t *testing.T) logicaltest.TestStep {
return logicaltest.TestStep{
Operation: logical.WriteOperation,
Path: fmt.Sprintf("keys/%s", testKey),
Data: map[string]interface{}{
"key": testSharedPrivateKey,
},
}
}
func testNewRole(t *testing.T) logicaltest.TestStep {
return logicaltest.TestStep{
Operation: logical.WriteOperation,
Path: fmt.Sprintf("roles/%s", testRoleName),
Data: map[string]interface{}{
"key": testKey,
"admin_user": testAdminUser,
"cidr": testCidr,
"port": testPort,
},
}
}
func testRoleCreate(t *testing.T) logicaltest.TestStep { func testRoleCreate(t *testing.T) logicaltest.TestStep {
return logicaltest.TestStep{ return logicaltest.TestStep{
Operation: logical.WriteOperation, Operation: logical.WriteOperation,
@ -110,26 +135,3 @@ func testRoleCreate(t *testing.T) logicaltest.TestStep {
}, },
} }
} }
func testNewRole(t *testing.T) logicaltest.TestStep {
return logicaltest.TestStep{
Operation: logical.WriteOperation,
Path: fmt.Sprintf("roles/%s", testRoleName),
Data: map[string]interface{}{
"key": testKey,
"admin_user": testAdminUser,
"cidr": testCidr,
"port": testPort,
},
}
}
func testNamedKeys(t *testing.T) logicaltest.TestStep {
return logicaltest.TestStep{
Operation: logical.WriteOperation,
Path: fmt.Sprintf("keys/%s", testKey),
Data: map[string]interface{}{
"key": testSharedPrivateKey,
},
}
}

18
command/ssh_test.go
View File

@ -55,6 +55,8 @@ var testPort string
var testUserName string var testUserName string
var testAdminUser string var testAdminUser string
// Starts the server and initializes the servers IP address,
// port and usernames to be used by the test cases.
func init() { func init() {
addr, err := vault.StartTestServer() addr, err := vault.StartTestServer()
if err != nil { if err != nil {
@ -73,6 +75,8 @@ func init() {
} }
func TestSSH(t *testing.T) { func TestSSH(t *testing.T) {
// Add the SSH backend to the unsealed test core.
// This should be done before the unsealed core is created.
err := vault.AddTestLogicalBackend("ssh", logicalssh.Factory) err := vault.AddTestLogicalBackend("ssh", logicalssh.Factory)
if err != nil { if err != nil {
t.Fatalf("err: %s", err) t.Fatalf("err: %s", err)
@ -132,8 +136,7 @@ func TestSSH(t *testing.T) {
t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String()) t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
} }
// Create a role by supplying the needful along with the // Create a role using the named key along with cidr, username and port
// named key created above
args = []string{ args = []string{
"-address", addr, "-address", addr,
"ssh/roles/" + testRoleName, "ssh/roles/" + testRoleName,
@ -154,10 +157,10 @@ func TestSSH(t *testing.T) {
} }
// Get the dynamic key and establish an SSH connection with target. // Get the dynamic key and establish an SSH connection with target.
// Inline command when supplied runs on target and terminates the connection. // Inline command when supplied, runs on target and terminates the
// Use whoami as the inline command in target and get the result. // connection. Use whoami as the inline command in target and get
// Compare the result with the username used to connect to target. // the result. Compare the result with the username used to connect
// Test succeeds if they match. // to target. Test succeeds if they match.
args = []string{ args = []string{
"-address", addr, "-address", addr,
"-role=" + testRoleName, "-role=" + testRoleName,
@ -165,7 +168,7 @@ func TestSSH(t *testing.T) {
"/usr/bin/whoami", "/usr/bin/whoami",
} }
// Pipe to get the result of the inline command run in target machine // Creating pipe to get the result of the inline command run in target machine.
stdout := os.Stdout stdout := os.Stdout
r, w, err := os.Pipe() r, w, err := os.Pipe()
if err != nil { if err != nil {
@ -185,6 +188,7 @@ func TestSSH(t *testing.T) {
os.Stdout = stdout os.Stdout = stdout
userName := <-bufChan userName := <-bufChan
userName = strings.TrimSpace(userName) userName = strings.TrimSpace(userName)
// Comparing the username used to connect to target and // Comparing the username used to connect to target and
// the username on the target, thereby verifying successful // the username on the target, thereby verifying successful
// execution // execution

2
vault/testing.go
View File

@ -20,7 +20,7 @@ import (
const ( const (
testSharedPublicKey = ` testSharedPublicKey = `
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9i+hFxZHGo6KblVme4zrAcJstR6I0PTJozW286X4WyvPnkMYDQ5mnhEYC7UWCvjoTWbPEXPX7NjhRtwQTGD67bV+lrxgfyzK1JZbUXK4PwgKJvQD+XyyWYMzDgGSQY61KUSqCxymSm/9NZkPU3ElaQ9xQuTzPpztM4ROfb8f2Yv6/ZESZsTo0MTAkp8Pcy+WkioI/uJ1H7zqs0EA4OMY4aDJRu0UtP4rTVeYNEAuRXdX+eH4aW3KMvhzpFTjMbaJHJXlEeUm2SaX5TNQyTOvghCeQILfYIL/Ca2ij8iwCmulwdV6eQGfd4VDu40PvSnmfoaE38o6HaPnX0kUcnKiT root@viva ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9i+hFxZHGo6KblVme4zrAcJstR6I0PTJozW286X4WyvPnkMYDQ5mnhEYC7UWCvjoTWbPEXPX7NjhRtwQTGD67bV+lrxgfyzK1JZbUXK4PwgKJvQD+XyyWYMzDgGSQY61KUSqCxymSm/9NZkPU3ElaQ9xQuTzPpztM4ROfb8f2Yv6/ZESZsTo0MTAkp8Pcy+WkioI/uJ1H7zqs0EA4OMY4aDJRu0UtP4rTVeYNEAuRXdX+eH4aW3KMvhzpFTjMbaJHJXlEeUm2SaX5TNQyTOvghCeQILfYIL/Ca2ij8iwCmulwdV6eQGfd4VDu40PvSnmfoaE38o6HaPnX0kUcnKiT
` `
testSharedPrivateKey = ` testSharedPrivateKey = `
-----BEGIN RSA PRIVATE KEY----- -----BEGIN RSA PRIVATE KEY-----