SSH key management ================== Gitano is (primarily) managed via SSH. This means that ssh keys are a critical part of a user's configuration in Gitano. SSH keys are used as the primary means by which to identify the user when they try and perform actions on the server. SCENARIO ssh key basics GIVEN a standard instance The key we authenticate with is displayed as part of `whoami`. WHEN testinstance adminkey runs whoami THEN stdout contains adminkey This information is also shown in `sshkey list`. WHEN testinstance adminkey runs sshkey list THEN the output contains adminkey New keys can be added. GIVEN testinstance has keys called newkey WHEN testinstance uses their ssh public key called newkey as stdin AND testinstance adminkey runs sshkey add newkey THEN the output contains SSH authorised key file updated Verify the new keys are listed for the user. WHEN testinstance adminkey runs sshkey list THEN the output contains newkey We can delete the old key and proceed with the new key in future. WHEN testinstance newkey runs sshkey del adminkey THEN the output contains SSH authorised key file updated WHEN testinstance newkey runs whoami THEN the output contains newkey AND the output does not contain adminkey FINALLY the instance is torn down SSH key tracking ---------------- When we interact with gitano through ssh it tracks which key was used, which is convenient when a user has multiple keys and it matters which key is being used. SCENARIO gitano key awareness ASSUMING gitano is being accessed over ssh GIVEN a standard instance When using the `whoami` and `sshkey list` commands gitano appends "[*]" to the entry for the key that is in use. WHEN testinstance adminkey runs sshkey list THEN the output contains adminkey.*\[\*\]$ This is not just informational. Gitano uses this information to prevent you removing the key that is being used to authenticate as a protection against accidentally locking yourself out. WHEN testinstance adminkey, expecting failure, runs sshkey del adminkey THEN stderr contains is in use If it is necessary to remove a key, then a new key must be added first and the delete must be issued with that key. FINALLY the instance is torn down Regression tests ================ At one point, there was a bug where key tags could not contain underscores and dashes properly. This was fixed and so we validate that here. SCENARIO sshkey underscores and dashes GIVEN a standard instance AND testinstance has keys called testkey We should also be able to add keys with underscores and/or dashes in the tag name. WHEN testinstance uses their ssh public key called testkey as stdin AND testinstance adminkey runs sshkey add test-key_ THEN the output contains SSH authorised key file updated WHEN testinstance adminkey runs sshkey list THEN the output contains test-key_ FINALLY the instance is torn down