cloud-init

Merge ~tlashchova/cloud-init:fix-bug-add-unittest into cloud-init:master

  1. Git
  2. lp:~tlashchova/cloud-init
  3. fix-bug-add-unittest
  4. Merge into master
Proposed by Tatiana Kholkina
Status: Merged
Approved by: Scott Moser
Approved revision: 45289a00bf8c043c5783c527c4ea720e67e0524b
Merged at revision: 45289a00bf8c043c5783c527c4ea720e67e0524b
Proposed branch: ~tlashchova/cloud-init:fix-bug-add-unittest
Merge into: cloud-init:master
Diff against target: 75 lines (+43/-4)
2 files modified
cloudinit/ssh_util.py (+1/-4)
tests/unittests/test_sshutil.py (+42/-0)
Reviewer Review Type Date Requested Status
Scott Moser Approve
Server Team CI bot continuous-integration Approve
Server Team CI Pending
Review via email: mp+337003@code.launchpad.net

Commit message

Fix ssh keys validation in ssh_util

This fixes a bug where invalid keys would sneak into authorized_keys.

To post a comment you must log in.
Revision history for this message
Scott Moser (smoser) wrote :

improve your commit message, just have a 'messag'e part as well as subject.

Ie:
   Do not write invalid keys to authorized_keys

   This fixes a bug where invalid keys would sneak into authorized_keys.

Revision history for this message
Tatiana Kholkina (tlashchova) wrote :

> improve your commit message, just have a 'messag'e part as well as subject.
>
> Ie:
> Do not write invalid keys to authorized_keys
>
> This fixes a bug where invalid keys would sneak into authorized_keys.

Done

Revision history for this message
Scott Moser (smoser) wrote :

Tatiana, I'll get our c-i bot to test your branch, and pending success there, looks good!

Revision history for this message
Server Team CI bot (server-team-bot) wrote :

FAILED: Continuous integration, rev:
https://jenkins.ubuntu.com/server/job/cloud-init-ci/750/
Executed test runs:
    FAILED: Checkout

Click here to trigger a rebuild:
https://jenkins.ubuntu.com/server/job/cloud-init-ci/750/rebuild

review: Needs Fixing (continuous-integration)
Revision history for this message
Server Team CI bot (server-team-bot) wrote :

FAILED: Continuous integration, rev:6bf6d7df408249eb77cd57aed1c06571435cdbf3
https://jenkins.ubuntu.com/server/job/cloud-init-ci/751/
Executed test runs:
    FAILED: Checkout

Click here to trigger a rebuild:
https://jenkins.ubuntu.com/server/job/cloud-init-ci/751/rebuild

review: Needs Fixing (continuous-integration)
Revision history for this message
Server Team CI bot (server-team-bot) wrote :

FAILED: Continuous integration, rev:6bf6d7df408249eb77cd57aed1c06571435cdbf3
https://jenkins.ubuntu.com/server/job/cloud-init-ci/752/
Executed test runs:
    FAILED: Checkout

Click here to trigger a rebuild:
https://jenkins.ubuntu.com/server/job/cloud-init-ci/752/rebuild

review: Needs Fixing (continuous-integration)
Revision history for this message
Server Team CI bot (server-team-bot) wrote :

FAILED: Continuous integration, rev:6bf6d7df408249eb77cd57aed1c06571435cdbf3
https://jenkins.ubuntu.com/server/job/cloud-init-ci/753/
Executed test runs:
    SUCCESS: Checkout
    FAILED: Unit & Style Tests

Click here to trigger a rebuild:
https://jenkins.ubuntu.com/server/job/cloud-init-ci/753/rebuild

review: Needs Fixing (continuous-integration)
Revision history for this message
Joshua Powers (powersj) wrote :

Hi! Sorry about the extra failure messages, but it does look like in the last round of tests flake 8 found two issues:

tests/unittests/test_sshutil.py:138:68: E231 missing whitespace after ','
tests/unittests/test_sshutil.py:159:13: E123 closing bracket does not match indentation of opening bracket's line

Revision history for this message
Tatiana Kholkina (tlashchova) wrote :

Hi, Joshua! Thanks for the review and hints. I forgot to run flake8. Now it is fixed.

Revision history for this message
Tatiana Kholkina (tlashchova) wrote :

Looks like I've added incorrect reviewer

Revision history for this message
Server Team CI bot (server-team-bot) wrote :

PASSED: Continuous integration, rev:
https://jenkins.ubuntu.com/server/job/cloud-init-ci/754/
Executed test runs:
    SUCCESS: Checkout
    SUCCESS: Unit & Style Tests
    SUCCESS: Ubuntu LTS: Build
    SUCCESS: Ubuntu LTS: Integration
    SUCCESS: MAAS Compatability Testing
    IN_PROGRESS: Declarative: Post Actions

Click here to trigger a rebuild:
https://jenkins.ubuntu.com/server/job/cloud-init-ci/754/rebuild

review: Approve (continuous-integration)
Revision history for this message
Scott Moser (smoser) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/cloudinit/ssh_util.py b/cloudinit/ssh_util.py
2index b95b956..882517f 100644
3--- a/cloudinit/ssh_util.py
4+++ b/cloudinit/ssh_util.py
5@@ -171,16 +171,13 @@ def parse_authorized_keys(fname):
6
7
8 def update_authorized_keys(old_entries, keys):
9- to_add = list(keys)
10-
11+ to_add = list([k for k in keys if k.valid()])
12 for i in range(0, len(old_entries)):
13 ent = old_entries[i]
14 if not ent.valid():
15 continue
16 # Replace those with the same base64
17 for k in keys:
18- if not ent.valid():
19- continue
20 if k.base64 == ent.base64:
21 # Replace it with our better one
22 ent = k
23diff --git a/tests/unittests/test_sshutil.py b/tests/unittests/test_sshutil.py
24index 2a8e6ab..4c62c8b 100644
25--- a/tests/unittests/test_sshutil.py
26+++ b/tests/unittests/test_sshutil.py
27@@ -126,6 +126,48 @@ class TestAuthKeyLineParser(test_helpers.TestCase):
28 self.assertFalse(key.valid())
29
30
31+class TestUpdateAuthorizedKeys(test_helpers.TestCase):
32+
33+ def test_new_keys_replace(self):
34+ """new entries with the same base64 should replace old."""
35+ orig_entries = [
36+ ' '.join(('rsa', VALID_CONTENT['rsa'], 'orig_comment1')),
37+ ' '.join(('dsa', VALID_CONTENT['dsa'], 'orig_comment2'))]
38+
39+ new_entries = [
40+ ' '.join(('rsa', VALID_CONTENT['rsa'], 'new_comment1')), ]
41+
42+ expected = '\n'.join([new_entries[0], orig_entries[1]]) + '\n'
43+
44+ parser = ssh_util.AuthKeyLineParser()
45+ found = ssh_util.update_authorized_keys(
46+ [parser.parse(p) for p in orig_entries],
47+ [parser.parse(p) for p in new_entries])
48+
49+ self.assertEqual(expected, found)
50+
51+ def test_new_invalid_keys_are_ignored(self):
52+ """new entries that are invalid should be skipped."""
53+ orig_entries = [
54+ ' '.join(('rsa', VALID_CONTENT['rsa'], 'orig_comment1')),
55+ ' '.join(('dsa', VALID_CONTENT['dsa'], 'orig_comment2'))]
56+
57+ new_entries = [
58+ ' '.join(('rsa', VALID_CONTENT['rsa'], 'new_comment1')),
59+ 'xxx-invalid-thing1',
60+ 'xxx-invalid-blob2'
61+ ]
62+
63+ expected = '\n'.join([new_entries[0], orig_entries[1]]) + '\n'
64+
65+ parser = ssh_util.AuthKeyLineParser()
66+ found = ssh_util.update_authorized_keys(
67+ [parser.parse(p) for p in orig_entries],
68+ [parser.parse(p) for p in new_entries])
69+
70+ self.assertEqual(expected, found)
71+
72+
73 class TestParseSSHConfig(test_helpers.TestCase):
74
75 def setUp(self):

Subscribers

People subscribed via source and target branches