<!-- -*- markdown -*- -->

SSH key management
==================

Gitano is (primarily) managed via SSH.  This means that ssh keys are a critical
part of a user's configuration in Gitano.  SSH keys are used as the primary
means by which to identify the user when they try and perform actions on the
server.

    SCENARIO ssh key basics

    GIVEN a standard instance

The key we authenticate with is displayed as part of `whoami`.

    WHEN testinstance adminkey runs whoami
    THEN stdout contains adminkey

This information is also shown in `sshkey list`.

    WHEN testinstance adminkey runs sshkey list
    THEN the output contains adminkey

New keys can be added.
Default is rsa
New types of key can be added by using "of type <keytype>"

    GIVEN testinstance has keys called newkey
      AND testinstance has keys called edkey of type ed25519
     WHEN testinstance uses their ssh public key called newkey as stdin
      AND testinstance adminkey runs sshkey add newkey
     THEN the output contains SSH authorised key file updated
     WHEN testinstance uses their ssh public key called edkey as stdin
      AND testinstance adminkey runs sshkey add edkey
     THEN the output contains SSH authorised key file updated

Verify the new keys are listed for the user.

    WHEN testinstance adminkey runs sshkey list
    THEN the output contains newkey
     AND the output contains edkey

We can delete the old key and proceed with the new key in future.

    WHEN testinstance newkey runs sshkey del adminkey
    THEN the output contains SSH authorised key file updated
    WHEN testinstance newkey runs whoami
    THEN the output contains newkey
     AND the output does not contain adminkey

    FINALLY the instance is torn down

SSH key tracking
----------------

When we interact with gitano through ssh it tracks which key was used,
which is convenient when a user has multiple keys
and it matters which key is being used.

    SCENARIO gitano key awareness
    ASSUMING gitano is being accessed over ssh

    GIVEN a standard instance

When using the `whoami` and `sshkey list` commands
gitano appends "[*]" to the entry for the key that is in use.

    WHEN testinstance adminkey runs sshkey list
    THEN the output contains adminkey.*\[\*\]$

This is not just informational. Gitano uses this information
to prevent you removing the key that is being used to authenticate
as a protection against accidentally locking yourself out.

    WHEN testinstance adminkey, expecting failure, runs sshkey del adminkey
    THEN stderr contains is in use

If it is necessary to remove a key,
then a new key must be added first and the delete must be issued with that key.

    FINALLY the instance is torn down

Regression tests
================

At one point, there was a bug where key tags could not contain underscores
and dashes properly.  This was fixed and so we validate that here.

    SCENARIO sshkey underscores and dashes
    GIVEN a standard instance
      AND testinstance has keys called testkey

We should also be able to add keys with underscores and/or dashes in the tag
name.

    WHEN testinstance uses their ssh public key called testkey as stdin
     AND testinstance adminkey runs sshkey add test-key_
    THEN the output contains SSH authorised key file updated
    WHEN testinstance adminkey runs sshkey list
    THEN the output contains test-key_

    FINALLY the instance is torn down