Please review pull request #597: ssh_authorized_keys should support new key types opened by (stschulte)
Description:
Add support for the new keytypes ecdsa-sha2-nistp256, ecdsa-sha2-nistp384 and ecdsa-sha2-nistp521 to sshkey and ssh_authorized_key
Redmine ticket:
https://projects.puppetlabs.com/issues/8193
- Opened: Sun Mar 25 10:14:37 UTC 2012
- Based on: puppetlabs:2.7.x (2b62839e54a815734db50f07ea902b367b306558)
- Requested merge: stschulte:ticket/2.7.x/8193 (a62f71105055b5e0ecefcdeed307ec6ae8d32da3)
Diff follows:
diff --git a/lib/puppet/provider/ssh_authorized_key/parsed.rb b/lib/puppet/provider/ssh_authorized_key/parsed.rb
index 81b1fbc..f1c230f 100644
--- a/lib/puppet/provider/ssh_authorized_key/parsed.rb
+++ b/lib/puppet/provider/ssh_authorized_key/parsed.rb
@@ -17,7 +17,7 @@
:fields => %w{options type key name},
:optional => %w{options},
:rts => /^\s+/,
- :match => /^(?:(.+) )?(ssh-dss|ssh-rsa) ([^ ]+) ?(.*)$/,
+ :match => /^(?:(.+) )?(ssh-dss|ssh-rsa|ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521) ([^ ]+) ?(.*)$/,
:post_parse => proc { |h|
h[:name] = "" if h[:name] == :absent
h[:options] ||= [:absent]
diff --git a/lib/puppet/type/ssh_authorized_key.rb b/lib/puppet/type/ssh_authorized_key.rb
index 170dc83..80bc60e 100644
--- a/lib/puppet/type/ssh_authorized_key.rb
+++ b/lib/puppet/type/ssh_authorized_key.rb
@@ -23,11 +23,10 @@ module Puppet
newproperty(:type) do
desc "The encryption type used: ssh-dss or ssh-rsa."
- newvalue("ssh-dss")
- newvalue("ssh-rsa")
+ newvalues :'ssh-dss', :'ssh-rsa', :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521'
- aliasvalue(:dsa, "ssh-dss")
- aliasvalue(:rsa, "ssh-rsa")
+ aliasvalue(:dsa, :'ssh-dss')
+ aliasvalue(:rsa, :'ssh-rsa')
end
newproperty(:key) do
diff --git a/lib/puppet/type/sshkey.rb b/lib/puppet/type/sshkey.rb
index 59a1a12..41b3dde 100755
--- a/lib/puppet/type/sshkey.rb
+++ b/lib/puppet/type/sshkey.rb
@@ -9,10 +9,10 @@ module Puppet
newproperty(:type) do
desc "The encryption type used. Probably ssh-dss or ssh-rsa."
- newvalue("ssh-dss")
- newvalue("ssh-rsa")
- aliasvalue(:dsa, "ssh-dss")
- aliasvalue(:rsa, "ssh-rsa")
+ newvalues :'ssh-dss', :'ssh-rsa', :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521'
+
+ aliasvalue(:dsa, :'ssh-dss')
+ aliasvalue(:rsa, :'ssh-rsa')
end
newproperty(:key) do
diff --git a/spec/unit/provider/ssh_authorized_key/parsed_spec.rb b/spec/unit/provider/ssh_authorized_key/parsed_spec.rb
index bd5e55a..bd15e29 100755
--- a/spec/unit/provider/ssh_authorized_key/parsed_spec.rb
+++ b/spec/unit/provider/ssh_authorized_key/parsed_spec.rb
@@ -75,6 +75,34 @@ def genkey(key)
@provider_class.parse(line)[0][:name].should == ""
end
+
+ ['ssh-dss', 'ssh-rsa', 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', 'ecdsa-sha2-nistp521'].each do |keytype|
+ it "should be able to parse a #{keytype} key entry" do
+ # use some real world examples generated with ssh-keygen
+ key = case keytype
+ when 'ssh-dss' # ssh-keygen -t dsa -b 1024
+ 'AAAAB3NzaC1kc3MAAACBANGTefWMXS780qLMMgysq3GNMKzg55LXZODif6Tqv1vtTh4Wuk3J5X5u644jTyNdAIn1RiBI9MnwnZMZ6nXKvucMcMQWMibYS9W2MhkRj3oqsLWMMsdGXJL18SWM5A6oC3oIRC4JHJZtkm0OctR2trKxmX+MGhdCd+Xpsh9CNK8XAAAAFQD4olFiwv+QQUFdaZbWUy1CLEG9xQAAAIByCkXKgoriZF8bQ0OX1sKuR69M/6n5ngmQGVBKB7BQkpUjbK/OggB6iJgst5utKkDcaqYRnrTYG9q3jJ/flv7yYePuoSreS0nCMMx9gpEYuq+7Sljg9IecmN/IHrNd9qdYoASy5iuROQMvEZM7KFHA8vBv0tWdBOsp4hZKyiL1DAAAAIEAjkZlOps9L+cD/MTzxDj7toYYypdLOvjlcPBaglkPZoFZ0MAKTI0zXlVX1cWAnkd0Yfo4EpP+6XAjlZkod+QXKXM4Tb4PnR34ASMeU6sEjM61Na24S7JD3gpPKataFU/oH3hzXsBdK2ttKYmoqvf61h32IA/3Z5PjCCD9pPLPpAY'
+ when 'ssh-rsa' # ssh-keygen -t rsa -b 2048
+ 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDYtEaWa1mlxaAh9vtiz6RCVKDiJHDY15nsqqWU7F7A1+U1498+sWDyRDkZ8vXWQpzyOMBzBSHIxhsprlKhkjomy8BuJP+bHDBIKx4zgSFDrklrPIf467Iuug8J0qqDLxO4rOOjeAiLEyC0t2ZGnsTEea+rmat0bJ2cv3g5L4gH/OFz2pI4ZLp1HGN83ipl5UH8CjXQKwo3Db1E3WJCqKgszVX0Z4/qjnBRxFMoqky/1mGb/mX1eoT9JyQ8OhU9uENZOShkksSpgUqjlrjpj0Yd14hBlnE3M18pE4ivxjzectA/XRKNZaxOL1YREtU8sXusAwmlEY4aJ64aR0JrXfgx'
+ when 'ecdsa-sha2-nistp256' # ssh-keygen -t ecdsa -b 256
+ 'AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBO5PfBf0c2jAuqD+Lj3j+SuXOXNT2uqESLVOn5jVQfEF9GzllOw+CMOpUvV1CiOOn+F1ET15vcsfmD7z05WUTA='
+ when 'ecdsa-sha2-nistp384' # ssh-keygen -t ecdsa -b 384
+ 'AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBJIfxNoVK4FX3RuMlkHOwwxXwAh6Fqx5uAp4ftXrJ+64qYuIzb+/zSAkJV698Sre1b1lb0G4LyDdVAvXwaYK9kN25vy8umV3WdfZeHKXJGCcrplMCbbOERWARlpiPNEblg=='
+ when 'ecdsa-sha2-nistp521' #ssh-keygen -t ecdsa -b 521
+ 'AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBADLK+u12xwB0JOwpmaxYXv8KnPK4p+SE2405qoo+vpAQ569fMwPMgKzltd770amdeuFogw/MJu17PN9LDdrD3o0uwHMjWee6TpHQDkuEetaxiou6K0WAzgbxx9QsY0MsJgXf1BuMLqdK+xT183wOSXwwumv99G7T32dOJZ5tYrH0y4XMw=='
+ else
+ pending("No sample key for #{keytype} yet")
+ end
+ comment = 'sample_key'
+
+ record = @provider_class.parse_line("#{keytype} #{key} #{comment}")
+ record.should_not be_nil
+ record[:name].should == comment
+ record[:key].should == key
+ record[:type].should == keytype
+ end
+ end
+
end
describe provider_class do
diff --git a/spec/unit/type/ssh_authorized_key_spec.rb b/spec/unit/type/ssh_authorized_key_spec.rb
index 71b8a9a..fe66b97 100755
--- a/spec/unit/type/ssh_authorized_key_spec.rb
+++ b/spec/unit/type/ssh_authorized_key_spec.rb
@@ -70,21 +70,10 @@
describe "for type" do
-
- it "should support ssh-dss" do
- proc { @class.new(:name => "whev", :type => "ssh-dss", :user => "nobody") }.should_not raise_error
- end
-
- it "should support ssh-rsa" do
- proc { @class.new(:name => "whev", :type => "ssh-rsa", :user => "nobody") }.should_not raise_error
- end
-
- it "should support :dsa" do
- proc { @class.new(:name => "whev", :type => :dsa, :user => "nobody") }.should_not raise_error
- end
-
- it "should support :rsa" do
- proc { @class.new(:name => "whev", :type => :rsa, :user => "nobody") }.should_not raise_error
+ [:'ssh-dss', :'ssh-rsa', :rsa, :dsa, :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521'].each do |keytype|
+ it "should support #{keytype}" do
+ proc { @class.new(:name => "whev", :type => keytype, :user => "nobody") }.should_not raise_error
+ end
end
it "should alias :rsa to :ssh-rsa" do
diff --git a/spec/unit/type/sshkey_spec.rb b/spec/unit/type/sshkey_spec.rb
index ba34069..ae49678 100755
--- a/spec/unit/type/sshkey_spec.rb
+++ b/spec/unit/type/sshkey_spec.rb
@@ -28,24 +28,22 @@
describe "when validating values" do
- it "should support ssh-dss as a type value" do
- proc { @class.new(:name => "foo", :type => "ssh-dss") }.should_not raise_error
+ [:'ssh-dss', :'ssh-rsa', :rsa, :dsa, :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521'].each do |keytype|
+ it "should support #{keytype} as a type value" do
+ proc { @class.new(:name => "foo", :type => keytype) }.should_not raise_error
+ end
end
- it "should support ssh-rsa as a type value" do
- proc { @class.new(:name => "whev", :type => "ssh-rsa") }.should_not raise_error
+ it "should alias :rsa to :ssh-rsa" do
+ key = @class.new(:name => "foo", :type => :rsa)
+ key.should(:type).should == :'ssh-rsa'
end
- it "should alias :dsa to ssh-dss as a value for type" do
- key = @class.new(:name => "whev", :type => :dsa)
+ it "should alias :dsa to :ssh-dss" do
+ key = @class.new(:name => "foo", :type => :dsa)
key.should(:type).should == :'ssh-dss'
end
- it "should alias :rsa to ssh-rsa as a value for type" do
- key = @class.new(:name => "whev", :type => :rsa)
- key.should(:type).should == :'ssh-rsa'
- end
-
it "should not support values other than ssh-dss, ssh-rsa, dsa, rsa for type" do
proc { @class.new(:name => "whev", :type => :'ssh-dsa') }.should raise_error(Puppet::Error)
end
-- You received this message because you are subscribed to the Google Groups "Puppet Developers" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to [email protected].
For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
