Fix issue where 'as' wasn't resetting keytag in _prep()

2 files changed, 23 insertions, 0 deletions

diff --git a/lib/gitano/admincommand.lua b/lib/gitano/admincommand.lua
index e74d605..52379a0 100644
--- a/lib/gitano/admincommand.lua
+++ b/lib/gitano/admincommand.lua
@@ -103,6 +103,7 @@ local function builtin_as_prep(conf, _, cmdline, context)
       context["as_" .. k] = v
    end
    context.user = cmdline[2]
+   context.keytag = "<*>"
    local target_user_name = cmdline[2]
    local target_user_exists = conf.users[cmdline[2]] ~= nil
    if not target_user_exists then
diff --git a/testing/02-commands-as.yarn b/testing/02-commands-as.yarn
index 15f82ff..41fcb63 100644
--- a/testing/02-commands-as.yarn
+++ b/testing/02-commands-as.yarn
@@ -91,3 +91,25 @@ so a user with elevated permissions must not be able to frame another user.
       AND stdout contains committer Administrator
 
     FINALLY the instance is torn down
+
+Regression checks
+=================
+
+When running `as` with commands which consider the keytag during `_prep()` it's
+essential that `as` resets it to the "<*>" token which is used during `_run()`
+too.  This used not to be the case, making it hard to manage SSH keys of users
+whose sshkeys had the same names as the keys used by the admin trying to manage
+them.
+
+    SCENARIO Ensuring 'as' replaces keytag during '_prep()'
+
+    GIVEN a standard instance
+      AND testinstance has keys called other
+      AND testinstance has keys called spare
+     WHEN testinstance, using adminkey, adds user other, using testinstance other
+      AND testinstance adminkey runs as other whoami
+     THEN stderr is empty
+     WHEN testinstance uses their ssh public key called spare as stdin
+      AND testinstance other runs sshkey add adminkey
+      AND testinstance adminkey runs as other sshkey del adminkey
+     THEN the output contains SSH authorised key file updated