valitydev/salt
14
0
Fork 0
mirror of https://github.com/valitydev/salt.git synced 2024-11-07 08:58:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #23777 from jfindlay/merge_23665

Browse Source 
Merge #23665
This commit is contained in:
Justin Findlay 2015-05-15 12:16:21 -06:00
commit aab9c431d0
3 changed files with 90 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
salt/modules/ssh.py
View File

@ -78,6 +78,35 @@ def _format_auth_line(key, enc, comment, options):
return line
def _expand_authorized_keys_path(path, user, home):
'''
Expand the AuthorizedKeysFile expression. Defined in man sshd_config(5)
'''
converted_path = ''
had_escape = False
for char in path:
if had_escape:
had_escape = False
if char == '%':
converted_path += '%'
elif char == 'u':
converted_path += user
elif char == 'h':
converted_path += home
else:
error = 'AuthorizedKeysFile path: unknown token character "%{0}"'.format(char)
raise CommandExecutionError(error)
continue
elif char == '%':
had_escape = True
else:
converted_path += char
if had_escape:
error = "AuthorizedKeysFile path: Last character can't be escape character"
raise CommandExecutionError(error)
return converted_path
def _get_config_file(user, config):
'''
Get absolute path to a user's ssh_config.
@ -85,8 +114,10 @@ def _get_config_file(user, config):
uinfo = __salt__['user.info'](user)
if not uinfo:
raise CommandExecutionError('User {0!r} does not exist'.format(user))
home = uinfo['home']
if not os.path.isabs(config):
config = os.path.join(uinfo['home'], config)
config = os.path.join(home, config)
config = _expand_authorized_keys_path(config, user, home)
return config

8
salt/states/ssh_auth.py
View File

@ -29,6 +29,7 @@ to use a YAML 'explicit key', as demonstrated in the second example below.
ssh_auth.present:
- user: root
- source: salt://ssh_keys/thatch.id_rsa.pub
- config: %h/.ssh/authorized_keys
sshkeys:
ssh_auth.present:
@ -239,7 +240,8 @@ def present(
config
The location of the authorized keys file relative to the user's home
directory, defaults to ".ssh/authorized_keys"
directory, defaults to ".ssh/authorized_keys". Token expansion %u and
%h for username and home path supported.
'''
ret = {'name': name,
'changes': {},
@ -382,7 +384,9 @@ def absent(name,
config
The location of the authorized keys file relative to the user's home
directory, defaults to ".ssh/authorized_keys"
directory, defaults to ".ssh/authorized_keys". Token expansion %u and
%h for username and home path supported.
'''
ret = {'name': name,
'changes': {},

52
tests/unit/modules/ssh_test.py Normal file
View File

@ -0,0 +1,52 @@
# -*- coding: utf-8 -*-
# import Python Libs
from __future__ import absolute_import
# Import Salt Testing Libs
from salttesting import skipIf, TestCase
from salttesting.helpers import ensure_in_syspath
from salttesting.mock import (
NO_MOCK,
NO_MOCK_REASON
)
# Import Salt Libs
ensure_in_syspath('../../')
from salt.modules import ssh
from salt.exceptions import CommandExecutionError
@skipIf(NO_MOCK, NO_MOCK_REASON)
class SSHAuthKeyTestCase(TestCase):
'''
TestCase for salt.modules.ssh
'''
def test_expand_user_token(self):
'''
Test if the %u, %h, and %% tokens are correctly expanded
'''
output = ssh._expand_authorized_keys_path('/home/%u', 'user',
'/home/user')
self.assertEqual(output, '/home/user')
output = ssh._expand_authorized_keys_path('/home/%h', 'user',
'/home/user')
self.assertEqual(output, '/home//home/user')
output = ssh._expand_authorized_keys_path('/srv/%h/aaa/%u%%', 'user',
'/home/user')
self.assertEqual(output, '/srv//home/user/aaa/user%')
user = 'dude'
home = '/home/dude'
path = '/home/dude%'
self.assertRaises(CommandExecutionError, ssh._expand_authorized_keys_path, path, user, home)
path = '/home/%dude'
self.assertRaises(CommandExecutionError, ssh._expand_authorized_keys_path, path, user, home)
if __name__ == '__main__':
from integration import run_tests
run_tests(SSHAuthKeyTestCase, needs_daemon=False)