salt/tests/integration/shell/test_key.py

312 lines
10 KiB
Python
Raw Normal View History

# -*- coding: utf-8 -*-
Use explicit unicode strings + break up salt.utils This PR is part of what will be an ongoing effort to use explicit unicode strings in Salt. Because Python 3 does not suport Python 2's raw unicode string syntax (i.e. `ur'\d+'`), we must use `salt.utils.locales.sdecode()` to ensure that the raw string is unicode. However, because of how `salt/utils/__init__.py` has evolved into the hulking monstrosity it is today, this means importing a large module in places where it is not needed, which could negatively impact performance. For this reason, this PR also breaks out some of the functions from `salt/utils/__init__.py` into new/existing modules under `salt/utils/`. The long term goal will be that the modules within this directory do not depend on importing `salt.utils`. A summary of the changes in this PR is as follows: * Moves the following functions from `salt.utils` to new locations (including a deprecation warning if invoked from `salt.utils`): `to_bytes`, `to_str`, `to_unicode`, `str_to_num`, `is_quoted`, `dequote`, `is_hex`, `is_bin_str`, `rand_string`, `contains_whitespace`, `clean_kwargs`, `invalid_kwargs`, `which`, `which_bin`, `path_join`, `shlex_split`, `rand_str`, `is_windows`, `is_proxy`, `is_linux`, `is_darwin`, `is_sunos`, `is_smartos`, `is_smartos_globalzone`, `is_smartos_zone`, `is_freebsd`, `is_netbsd`, `is_openbsd`, `is_aix` * Moves the functions already deprecated by @rallytime to the bottom of `salt/utils/__init__.py` for better organization, so we can keep the deprecated ones separate from the ones yet to be deprecated as we continue to break up `salt.utils` * Updates `salt/*.py` and all files under `salt/client/` to use explicit unicode string literals. * Gets rid of implicit imports of `salt.utils` (e.g. `from salt.utils import foo` becomes `import salt.utils.foo as foo`). * Renames the `test.rand_str` function to `test.random_hash` to more accurately reflect what it does * Modifies `salt.utils.stringutils.random()` (née `salt.utils.rand_string()`) such that it returns a string matching the passed size. Previously this function would get `size` bytes from `os.urandom()`, base64-encode it, and return the result, which would in most cases not be equal to the passed size.
2017-07-25 01:47:15 +00:00
# Import Python libs
from __future__ import absolute_import, print_function, unicode_literals
import os
import shutil
import tempfile
2017-11-21 15:40:25 +00:00
import textwrap
# Import Salt Testing libs
from tests.support.case import ShellCase
from tests.support.paths import TMP
from tests.support.mixins import ShellCaseCommonTestsMixin
# Import 3rd-party libs
import yaml
from salt.ext import six
Use explicit unicode strings + break up salt.utils This PR is part of what will be an ongoing effort to use explicit unicode strings in Salt. Because Python 3 does not suport Python 2's raw unicode string syntax (i.e. `ur'\d+'`), we must use `salt.utils.locales.sdecode()` to ensure that the raw string is unicode. However, because of how `salt/utils/__init__.py` has evolved into the hulking monstrosity it is today, this means importing a large module in places where it is not needed, which could negatively impact performance. For this reason, this PR also breaks out some of the functions from `salt/utils/__init__.py` into new/existing modules under `salt/utils/`. The long term goal will be that the modules within this directory do not depend on importing `salt.utils`. A summary of the changes in this PR is as follows: * Moves the following functions from `salt.utils` to new locations (including a deprecation warning if invoked from `salt.utils`): `to_bytes`, `to_str`, `to_unicode`, `str_to_num`, `is_quoted`, `dequote`, `is_hex`, `is_bin_str`, `rand_string`, `contains_whitespace`, `clean_kwargs`, `invalid_kwargs`, `which`, `which_bin`, `path_join`, `shlex_split`, `rand_str`, `is_windows`, `is_proxy`, `is_linux`, `is_darwin`, `is_sunos`, `is_smartos`, `is_smartos_globalzone`, `is_smartos_zone`, `is_freebsd`, `is_netbsd`, `is_openbsd`, `is_aix` * Moves the functions already deprecated by @rallytime to the bottom of `salt/utils/__init__.py` for better organization, so we can keep the deprecated ones separate from the ones yet to be deprecated as we continue to break up `salt.utils` * Updates `salt/*.py` and all files under `salt/client/` to use explicit unicode string literals. * Gets rid of implicit imports of `salt.utils` (e.g. `from salt.utils import foo` becomes `import salt.utils.foo as foo`). * Renames the `test.rand_str` function to `test.random_hash` to more accurately reflect what it does * Modifies `salt.utils.stringutils.random()` (née `salt.utils.rand_string()`) such that it returns a string matching the passed size. Previously this function would get `size` bytes from `os.urandom()`, base64-encode it, and return the result, which would in most cases not be equal to the passed size.
2017-07-25 01:47:15 +00:00
# Import Salt libs
import salt.utils.files
Use explicit unicode strings + break up salt.utils This PR is part of what will be an ongoing effort to use explicit unicode strings in Salt. Because Python 3 does not suport Python 2's raw unicode string syntax (i.e. `ur'\d+'`), we must use `salt.utils.locales.sdecode()` to ensure that the raw string is unicode. However, because of how `salt/utils/__init__.py` has evolved into the hulking monstrosity it is today, this means importing a large module in places where it is not needed, which could negatively impact performance. For this reason, this PR also breaks out some of the functions from `salt/utils/__init__.py` into new/existing modules under `salt/utils/`. The long term goal will be that the modules within this directory do not depend on importing `salt.utils`. A summary of the changes in this PR is as follows: * Moves the following functions from `salt.utils` to new locations (including a deprecation warning if invoked from `salt.utils`): `to_bytes`, `to_str`, `to_unicode`, `str_to_num`, `is_quoted`, `dequote`, `is_hex`, `is_bin_str`, `rand_string`, `contains_whitespace`, `clean_kwargs`, `invalid_kwargs`, `which`, `which_bin`, `path_join`, `shlex_split`, `rand_str`, `is_windows`, `is_proxy`, `is_linux`, `is_darwin`, `is_sunos`, `is_smartos`, `is_smartos_globalzone`, `is_smartos_zone`, `is_freebsd`, `is_netbsd`, `is_openbsd`, `is_aix` * Moves the functions already deprecated by @rallytime to the bottom of `salt/utils/__init__.py` for better organization, so we can keep the deprecated ones separate from the ones yet to be deprecated as we continue to break up `salt.utils` * Updates `salt/*.py` and all files under `salt/client/` to use explicit unicode string literals. * Gets rid of implicit imports of `salt.utils` (e.g. `from salt.utils import foo` becomes `import salt.utils.foo as foo`). * Renames the `test.rand_str` function to `test.random_hash` to more accurately reflect what it does * Modifies `salt.utils.stringutils.random()` (née `salt.utils.rand_string()`) such that it returns a string matching the passed size. Previously this function would get `size` bytes from `os.urandom()`, base64-encode it, and return the result, which would in most cases not be equal to the passed size.
2017-07-25 01:47:15 +00:00
import salt.utils.platform
USERA = 'saltdev'
USERA_PWD = 'saltdev'
HASHED_USERA_PWD = '$6$SALTsalt$ZZFD90fKFWq8AGmmX0L3uBtS9fXL62SrTk5zcnQ6EkD6zoiM3kB88G1Zvs0xm/gZ7WXJRs5nsTBybUvGSqZkT.'
2012-04-21 23:31:46 +00:00
class KeyTest(ShellCase, ShellCaseCommonTestsMixin):
2012-04-21 23:31:46 +00:00
'''
Test salt-key script
'''
_call_binary_ = 'salt-key'
def _add_user(self):
'''
helper method to add user
'''
try:
add_user = self.run_call('user.add {0} createhome=False'.format(USERA))
add_pwd = self.run_call('shadow.set_password {0} \'{1}\''.format(USERA,
Use explicit unicode strings + break up salt.utils This PR is part of what will be an ongoing effort to use explicit unicode strings in Salt. Because Python 3 does not suport Python 2's raw unicode string syntax (i.e. `ur'\d+'`), we must use `salt.utils.locales.sdecode()` to ensure that the raw string is unicode. However, because of how `salt/utils/__init__.py` has evolved into the hulking monstrosity it is today, this means importing a large module in places where it is not needed, which could negatively impact performance. For this reason, this PR also breaks out some of the functions from `salt/utils/__init__.py` into new/existing modules under `salt/utils/`. The long term goal will be that the modules within this directory do not depend on importing `salt.utils`. A summary of the changes in this PR is as follows: * Moves the following functions from `salt.utils` to new locations (including a deprecation warning if invoked from `salt.utils`): `to_bytes`, `to_str`, `to_unicode`, `str_to_num`, `is_quoted`, `dequote`, `is_hex`, `is_bin_str`, `rand_string`, `contains_whitespace`, `clean_kwargs`, `invalid_kwargs`, `which`, `which_bin`, `path_join`, `shlex_split`, `rand_str`, `is_windows`, `is_proxy`, `is_linux`, `is_darwin`, `is_sunos`, `is_smartos`, `is_smartos_globalzone`, `is_smartos_zone`, `is_freebsd`, `is_netbsd`, `is_openbsd`, `is_aix` * Moves the functions already deprecated by @rallytime to the bottom of `salt/utils/__init__.py` for better organization, so we can keep the deprecated ones separate from the ones yet to be deprecated as we continue to break up `salt.utils` * Updates `salt/*.py` and all files under `salt/client/` to use explicit unicode string literals. * Gets rid of implicit imports of `salt.utils` (e.g. `from salt.utils import foo` becomes `import salt.utils.foo as foo`). * Renames the `test.rand_str` function to `test.random_hash` to more accurately reflect what it does * Modifies `salt.utils.stringutils.random()` (née `salt.utils.rand_string()`) such that it returns a string matching the passed size. Previously this function would get `size` bytes from `os.urandom()`, base64-encode it, and return the result, which would in most cases not be equal to the passed size.
2017-07-25 01:47:15 +00:00
USERA_PWD if salt.utils.platform.is_darwin() else HASHED_USERA_PWD))
self.assertTrue(add_user)
self.assertTrue(add_pwd)
user_list = self.run_call('user.list_users')
self.assertIn(USERA, six.text_type(user_list))
except AssertionError:
self.run_call('user.delete {0} remove=True'.format(USERA))
self.skipTest(
'Could not add user or password, skipping test'
)
def _remove_user(self):
'''
helper method to remove user
'''
user_list = self.run_call('user.list_users')
for user in user_list:
if USERA in user:
self.run_call('user.delete {0} remove=True'.format(USERA))
2017-11-21 15:40:25 +00:00
def test_remove_key(self):
'''
test salt-key -d usage
'''
min_name = 'minibar'
pki_dir = self.master_opts['pki_dir']
key = os.path.join(pki_dir, 'minions', min_name)
with salt.utils.files.fopen(key, 'w') as fp:
2017-11-21 15:40:25 +00:00
fp.write(textwrap.dedent('''\
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqIZDtcQtqUNs0wC7qQz
JwFhXAVNT5C8M8zhI+pFtF/63KoN5k1WwAqP2j3LquTG68WpxcBwLtKfd7FVA/Kr
OF3kXDWFnDi+HDchW2lJObgfzLckWNRFaF8SBvFM2dys3CGSgCV0S/qxnRAjrJQb
B3uQwtZ64ncJAlkYpArv3GwsfRJ5UUQnYPDEJwGzMskZ0pHd60WwM1gMlfYmNX5O
RBEjybyNpYDzpda6e6Ypsn6ePGLkP/tuwUf+q9wpbRE3ZwqERC2XRPux+HX2rGP+
mkzpmuHkyi2wV33A9pDfMgRHdln2CLX0KgfRGixUQhW1o+Kmfv2rq4sGwpCgLbTh
NwIDAQAB
-----END PUBLIC KEY-----
'''))
check_key = self.run_key('-p {0}'.format(min_name))
self.assertIn('Accepted Keys:', check_key)
self.assertIn('minibar: -----BEGIN PUBLIC KEY-----', check_key)
remove_key = self.run_key('-d {0} -y'.format(min_name))
check_key = self.run_key('-p {0}'.format(min_name))
self.assertEqual([], check_key)
def test_list_accepted_args(self):
'''
test salt-key -l for accepted arguments
'''
for key in ('acc', 'pre', 'den', 'un', 'rej'):
# These should not trigger any error
data = self.run_key('-l {0}'.format(key), catch_stderr=True)
self.assertNotIn('error:', '\n'.join(data[1]))
data = self.run_key('-l foo-{0}'.format(key), catch_stderr=True)
self.assertIn('error:', '\n'.join(data[1]))
def test_list_all(self):
2012-04-21 23:31:46 +00:00
'''
test salt-key -L
'''
data = self.run_key('-L')
expect = None
2015-07-20 23:02:25 +00:00
if self.master_opts['transport'] in ('zeromq', 'tcp'):
expect = [
'Accepted Keys:',
'minion',
'sub_minion',
'Denied Keys:',
'Unaccepted Keys:',
'Rejected Keys:'
]
elif self.master_opts['transport'] == 'raet':
expect = [
'Accepted Keys:',
'minion',
'sub_minion',
'Unaccepted Keys:',
'Rejected Keys:'
]
2012-04-21 23:31:46 +00:00
self.assertEqual(data, expect)
2012-04-21 23:47:04 +00:00
def test_list_json_out(self):
'''
test salt-key -L --json-out
'''
data = self.run_key('-L --out json')
2016-08-01 11:20:33 +00:00
ret = {}
try:
import json
ret = json.loads('\n'.join(data))
except ValueError:
pass
expect = None
2015-07-20 23:02:25 +00:00
if self.master_opts['transport'] in ('zeromq', 'tcp'):
2016-08-01 11:20:33 +00:00
expect = {'minions_rejected': [],
'minions_denied': [],
'minions_pre': [],
'minions': ['minion', 'sub_minion']}
elif self.master_opts['transport'] == 'raet':
2016-08-01 11:20:33 +00:00
expect = {'accepted': ['minion', 'sub_minion'],
'rejected': [],
'pending': []}
self.assertEqual(ret, expect)
def test_list_yaml_out(self):
'''
test salt-key -L --yaml-out
'''
data = self.run_key('-L --out yaml')
2016-08-01 11:20:33 +00:00
ret = {}
try:
import yaml
ret = yaml.load('\n'.join(data))
except Exception:
pass
expect = []
2015-07-20 23:02:25 +00:00
if self.master_opts['transport'] in ('zeromq', 'tcp'):
2016-08-01 11:20:33 +00:00
expect = {'minions_rejected': [],
'minions_denied': [],
'minions_pre': [],
'minions': ['minion', 'sub_minion']}
elif self.master_opts['transport'] == 'raet':
2016-08-01 11:20:33 +00:00
expect = {'accepted': ['minion', 'sub_minion'],
'rejected': [],
'pending': []}
self.assertEqual(ret, expect)
2012-05-29 16:40:20 +00:00
def test_list_raw_out(self):
'''
test salt-key -L --raw-out
'''
data = self.run_key('-L --out raw')
2016-08-01 11:20:33 +00:00
self.assertEqual(len(data), 1)
ret = {}
try:
import ast
ret = ast.literal_eval(data[0])
except ValueError:
pass
expect = None
2015-07-20 23:02:25 +00:00
if self.master_opts['transport'] in ('zeromq', 'tcp'):
2016-08-01 11:20:33 +00:00
expect = {'minions_rejected': [],
'minions_denied': [],
'minions_pre': [],
'minions': ['minion', 'sub_minion']}
elif self.master_opts['transport'] == 'raet':
2016-08-01 11:20:33 +00:00
expect = {'accepted': ['minion', 'sub_minion'],
'rejected': [],
'pending': []}
self.assertEqual(ret, expect)
2012-04-21 23:47:04 +00:00
def test_list_acc(self):
'''
test salt-key -l
'''
data = self.run_key('-l acc')
2016-08-01 11:20:33 +00:00
expect = ['Accepted Keys:', 'minion', 'sub_minion']
self.assertEqual(data, expect)
2012-04-21 23:47:04 +00:00
def test_list_acc_eauth(self):
'''
test salt-key -l with eauth
'''
self._add_user()
data = self.run_key('-l acc --eauth pam --username {0} --password {1}'.format(USERA, USERA_PWD))
expect = ['Accepted Keys:', 'minion', 'sub_minion']
self.assertEqual(data, expect)
self._remove_user()
def test_list_acc_eauth_bad_creds(self):
'''
test salt-key -l with eauth and bad creds
'''
self._add_user()
data = self.run_key('-l acc --eauth pam --username {0} --password wrongpassword'.format(USERA))
expect = ['Authentication failure of type "eauth" occurred for user {0}.'.format(USERA)]
self.assertEqual(data, expect)
self._remove_user()
def test_list_acc_wrong_eauth(self):
'''
test salt-key -l with wrong eauth
'''
data = self.run_key('-l acc --eauth wrongeauth --username {0} --password {1}'.format(USERA, USERA_PWD))
expect = ['The specified external authentication system "wrongeauth" is not available']
self.assertEqual(data, expect)
2012-04-21 23:47:04 +00:00
def test_list_un(self):
'''
test salt-key -l
'''
data = self.run_key('-l un')
2016-08-01 11:20:33 +00:00
expect = ['Unaccepted Keys:']
self.assertEqual(data, expect)
def test_keys_generation(self):
tempdir = tempfile.mkdtemp(dir=TMP)
arg_str = '--gen-keys minibar --gen-keys-dir {0}'.format(tempdir)
self.run_key(arg_str)
try:
key_names = None
2015-07-20 23:02:25 +00:00
if self.master_opts['transport'] in ('zeromq', 'tcp'):
key_names = ('minibar.pub', 'minibar.pem')
elif self.master_opts['transport'] == 'raet':
key_names = ('minibar.key',)
for fname in key_names:
self.assertTrue(os.path.isfile(os.path.join(tempdir, fname)))
finally:
shutil.rmtree(tempdir)
def test_keys_generation_keysize_minmax(self):
tempdir = tempfile.mkdtemp(dir=TMP)
arg_str = '--gen-keys minion --gen-keys-dir {0}'.format(tempdir)
try:
data, error = self.run_key(
arg_str + ' --keysize=1024', catch_stderr=True
)
self.assertIn(
'salt-key: error: The minimum value for keysize is 2048', error
)
data, error = self.run_key(
arg_str + ' --keysize=32769', catch_stderr=True
)
self.assertIn(
'salt-key: error: The maximum value for keysize is 32768',
error
)
finally:
shutil.rmtree(tempdir)
def test_issue_7754(self):
old_cwd = os.getcwd()
config_dir = os.path.join(TMP, 'issue-7754')
if not os.path.isdir(config_dir):
os.makedirs(config_dir)
os.chdir(config_dir)
config_file_name = 'master'
with salt.utils.files.fopen(self.get_config_file_path(config_file_name), 'r') as fhr:
2014-11-26 23:13:19 +00:00
config = yaml.load(fhr.read())
config['log_file'] = 'file:///dev/log/LOG_LOCAL3'
with salt.utils.files.fopen(os.path.join(config_dir, config_file_name), 'w') as fhw:
fhw.write(
yaml.dump(config, default_flow_style=False)
)
2013-10-15 23:05:04 +00:00
ret = self.run_script(
self._call_binary_,
'--config-dir {0} -L'.format(
config_dir
),
timeout=60
)
try:
self.assertIn('minion', '\n'.join(ret))
self.assertFalse(os.path.isdir(os.path.join(config_dir, 'file:')))
finally:
self.chdir(old_cwd)
if os.path.isdir(config_dir):
shutil.rmtree(config_dir)