blob: 023228a34562408d25f32a4626b2c6bfc729fd99 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
|
<!-- -*- markdown -*- -->
SSH key management
==================
Gitano is (primarily) managed via SSH. This means that ssh keys are a critical
part of a user's configuration in Gitano. SSH keys are used as the primary
means by which to identify the user when they try and perform actions on the
server.
SCENARIO ssh key basics
GIVEN a standard instance
The key we authenticate with is displayed as part of `whoami`.
WHEN testinstance adminkey runs whoami
THEN stdout contains adminkey
This information is also shown in `sshkey list`.
WHEN testinstance adminkey runs sshkey list
THEN the output contains adminkey
New keys can be added.
Default is rsa
New types of key can be added by using "of type <keytype>"
GIVEN testinstance has keys called newkey
AND testinstance has keys called edkey of type ed25519
WHEN testinstance uses their ssh public key called newkey as stdin
AND testinstance adminkey runs sshkey add newkey
THEN the output contains SSH authorised key file updated
WHEN testinstance uses their ssh public key called edkey as stdin
AND testinstance adminkey runs sshkey add edkey
THEN the output contains SSH authorised key file updated
Verify the new keys are listed for the user.
WHEN testinstance adminkey runs sshkey list
THEN the output contains newkey
AND the output contains edkey
We can delete the old key and proceed with the new key in future.
WHEN testinstance newkey runs sshkey del adminkey
THEN the output contains SSH authorised key file updated
WHEN testinstance newkey runs whoami
THEN the output contains newkey
AND the output does not contain adminkey
FINALLY the instance is torn down
SSH key tracking
----------------
When we interact with gitano through ssh it tracks which key was used,
which is convenient when a user has multiple keys
and it matters which key is being used.
SCENARIO gitano key awareness
ASSUMING gitano is being accessed over ssh
GIVEN a standard instance
When using the `whoami` and `sshkey list` commands
gitano appends "[*]" to the entry for the key that is in use.
WHEN testinstance adminkey runs sshkey list
THEN the output contains adminkey.*\[\*\]$
This is not just informational. Gitano uses this information
to prevent you removing the key that is being used to authenticate
as a protection against accidentally locking yourself out.
WHEN testinstance adminkey, expecting failure, runs sshkey del adminkey
THEN stderr contains is in use
If it is necessary to remove a key,
then a new key must be added first and the delete must be issued with that key.
FINALLY the instance is torn down
Regression tests
================
At one point, there was a bug where key tags could not contain underscores
and dashes properly. This was fixed and so we validate that here.
SCENARIO sshkey underscores and dashes
GIVEN a standard instance
AND testinstance has keys called testkey
We should also be able to add keys with underscores and/or dashes in the tag
name.
WHEN testinstance uses their ssh public key called testkey as stdin
AND testinstance adminkey runs sshkey add test-key_
THEN the output contains SSH authorised key file updated
WHEN testinstance adminkey runs sshkey list
THEN the output contains test-key_
FINALLY the instance is torn down
|