cloud-init

Merge ~tlashchova/cloud-init:fix-bug-add-unittest into cloud-init:master

  1. Git
  2. lp:~tlashchova/cloud-init
  3. fix-bug-add-unittest
  4. Merge into master
Proposed by Tatiana Kholkina
Status: Merged
Approved by: Scott Moser
Approved revision: 45289a00bf8c043c5783c527c4ea720e67e0524b
Merged at revision: 45289a00bf8c043c5783c527c4ea720e67e0524b
Proposed branch: ~tlashchova/cloud-init:fix-bug-add-unittest
Merge into: cloud-init:master
Diff against target: 75 lines (+43/-4)
2 files modified
cloudinit/ssh_util.py (+1/-4)
tests/unittests/test_sshutil.py (+42/-0)
Reviewer Review Type Date Requested Status
Scott Moser Approve
Server Team CI bot continuous-integration Approve
Server Team CI Pending
Review via email: mp+337003@code.launchpad.net

Commit message

Fix ssh keys validation in ssh_util

This fixes a bug where invalid keys would sneak into authorized_keys.

To post a comment you must log in.
Revision history for this message
Scott Moser (smoser) wrote :

improve your commit message, just have a 'messag'e part as well as subject.

Ie:
   Do not write invalid keys to authorized_keys

   This fixes a bug where invalid keys would sneak into authorized_keys.

Revision history for this message
Tatiana Kholkina (tlashchova) wrote :

> improve your commit message, just have a 'messag'e part as well as subject.
>
> Ie:
> Do not write invalid keys to authorized_keys
>
> This fixes a bug where invalid keys would sneak into authorized_keys.

Done

Revision history for this message
Scott Moser (smoser) wrote :

Tatiana, I'll get our c-i bot to test your branch, and pending success there, looks good!

Revision history for this message
Server Team CI bot (server-team-bot) wrote :

FAILED: Continuous integration, rev:
https://jenkins.ubuntu.com/server/job/cloud-init-ci/750/
Executed test runs:
    FAILED: Checkout

Click here to trigger a rebuild:
https://jenkins.ubuntu.com/server/job/cloud-init-ci/750/rebuild

review: Needs Fixing (continuous-integration)
Revision history for this message
Server Team CI bot (server-team-bot) wrote :

FAILED: Continuous integration, rev:6bf6d7df408249eb77cd57aed1c06571435cdbf3
https://jenkins.ubuntu.com/server/job/cloud-init-ci/751/
Executed test runs:
    FAILED: Checkout

Click here to trigger a rebuild:
https://jenkins.ubuntu.com/server/job/cloud-init-ci/751/rebuild

review: Needs Fixing (continuous-integration)
Revision history for this message
Server Team CI bot (server-team-bot) wrote :

FAILED: Continuous integration, rev:6bf6d7df408249eb77cd57aed1c06571435cdbf3
https://jenkins.ubuntu.com/server/job/cloud-init-ci/752/
Executed test runs:
    FAILED: Checkout

Click here to trigger a rebuild:
https://jenkins.ubuntu.com/server/job/cloud-init-ci/752/rebuild

review: Needs Fixing (continuous-integration)
Revision history for this message
Server Team CI bot (server-team-bot) wrote :

FAILED: Continuous integration, rev:6bf6d7df408249eb77cd57aed1c06571435cdbf3
https://jenkins.ubuntu.com/server/job/cloud-init-ci/753/
Executed test runs:
    SUCCESS: Checkout
    FAILED: Unit & Style Tests

Click here to trigger a rebuild:
https://jenkins.ubuntu.com/server/job/cloud-init-ci/753/rebuild

review: Needs Fixing (continuous-integration)
Revision history for this message
Joshua Powers (powersj) wrote :

Hi! Sorry about the extra failure messages, but it does look like in the last round of tests flake 8 found two issues:

tests/unittests/test_sshutil.py:138:68: E231 missing whitespace after ','
tests/unittests/test_sshutil.py:159:13: E123 closing bracket does not match indentation of opening bracket's line

Revision history for this message
Tatiana Kholkina (tlashchova) wrote :

Hi, Joshua! Thanks for the review and hints. I forgot to run flake8. Now it is fixed.

Revision history for this message
Tatiana Kholkina (tlashchova) wrote :

Looks like I've added incorrect reviewer

Revision history for this message
Server Team CI bot (server-team-bot) wrote :

PASSED: Continuous integration, rev:
https://jenkins.ubuntu.com/server/job/cloud-init-ci/754/
Executed test runs:
    SUCCESS: Checkout
    SUCCESS: Unit & Style Tests
    SUCCESS: Ubuntu LTS: Build
    SUCCESS: Ubuntu LTS: Integration
    SUCCESS: MAAS Compatability Testing
    IN_PROGRESS: Declarative: Post Actions

Click here to trigger a rebuild:
https://jenkins.ubuntu.com/server/job/cloud-init-ci/754/rebuild

review: Approve (continuous-integration)
Revision history for this message
Scott Moser (smoser) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/cloudinit/ssh_util.py b/cloudinit/ssh_util.py
index b95b956..882517f 100644
--- a/cloudinit/ssh_util.py
+++ b/cloudinit/ssh_util.py
@@ -171,16 +171,13 @@ def parse_authorized_keys(fname):
171171
172172
173def update_authorized_keys(old_entries, keys):173def update_authorized_keys(old_entries, keys):
174 to_add = list(keys)174 to_add = list([k for k in keys if k.valid()])
175
176 for i in range(0, len(old_entries)):175 for i in range(0, len(old_entries)):
177 ent = old_entries[i]176 ent = old_entries[i]
178 if not ent.valid():177 if not ent.valid():
179 continue178 continue
180 # Replace those with the same base64179 # Replace those with the same base64
181 for k in keys:180 for k in keys:
182 if not ent.valid():
183 continue
184 if k.base64 == ent.base64:181 if k.base64 == ent.base64:
185 # Replace it with our better one182 # Replace it with our better one
186 ent = k183 ent = k
diff --git a/tests/unittests/test_sshutil.py b/tests/unittests/test_sshutil.py
index 2a8e6ab..4c62c8b 100644
--- a/tests/unittests/test_sshutil.py
+++ b/tests/unittests/test_sshutil.py
@@ -126,6 +126,48 @@ class TestAuthKeyLineParser(test_helpers.TestCase):
126 self.assertFalse(key.valid())126 self.assertFalse(key.valid())
127127
128128
129class TestUpdateAuthorizedKeys(test_helpers.TestCase):
130
131 def test_new_keys_replace(self):
132 """new entries with the same base64 should replace old."""
133 orig_entries = [
134 ' '.join(('rsa', VALID_CONTENT['rsa'], 'orig_comment1')),
135 ' '.join(('dsa', VALID_CONTENT['dsa'], 'orig_comment2'))]
136
137 new_entries = [
138 ' '.join(('rsa', VALID_CONTENT['rsa'], 'new_comment1')), ]
139
140 expected = '\n'.join([new_entries[0], orig_entries[1]]) + '\n'
141
142 parser = ssh_util.AuthKeyLineParser()
143 found = ssh_util.update_authorized_keys(
144 [parser.parse(p) for p in orig_entries],
145 [parser.parse(p) for p in new_entries])
146
147 self.assertEqual(expected, found)
148
149 def test_new_invalid_keys_are_ignored(self):
150 """new entries that are invalid should be skipped."""
151 orig_entries = [
152 ' '.join(('rsa', VALID_CONTENT['rsa'], 'orig_comment1')),
153 ' '.join(('dsa', VALID_CONTENT['dsa'], 'orig_comment2'))]
154
155 new_entries = [
156 ' '.join(('rsa', VALID_CONTENT['rsa'], 'new_comment1')),
157 'xxx-invalid-thing1',
158 'xxx-invalid-blob2'
159 ]
160
161 expected = '\n'.join([new_entries[0], orig_entries[1]]) + '\n'
162
163 parser = ssh_util.AuthKeyLineParser()
164 found = ssh_util.update_authorized_keys(
165 [parser.parse(p) for p in orig_entries],
166 [parser.parse(p) for p in new_entries])
167
168 self.assertEqual(expected, found)
169
170
129class TestParseSSHConfig(test_helpers.TestCase):171class TestParseSSHConfig(test_helpers.TestCase):
130172
131 def setUp(self):173 def setUp(self):

Subscribers

People subscribed via source and target branches