self-hosted/teleport
self-hosted/teleport
1
0
Fork 0
mirror of https://github.com/gravitational/teleport synced 2024-10-21 01:34:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
teleport/lib/openssh/sshd_test.go
Alex McGrath 237954aa21
Add certificate rotation to teleport openssh join oneshot command (#24194) 
* Add certificate rotation to `teleport openssh join`

Fix agentless test

Resolve comments

refactor to use existing rotation/backend

resolve comments

resolve comments

Use a comma separated additional-principals

resolve comments

resolve some comments

resolve comments

resolve comments

add sshd_test

remove openssh from config.Configure

just use current time for registerServer rotation

resolve comments

* resolve comments

* fix having to .Shutdown and .Close

* make check command configurable

* typo

* Add a timeout to shutdown
2023-05-22 12:22:37 +00:00

116 lines
3.2 KiB
Go
Raw Blame History

/*
Copyright 2023 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package openssh
import (
"fmt"
"os"
"path/filepath"
"testing"
"github.com/stretchr/testify/require"
)
type testSSHDBackend struct {
didRestart bool
}
func (b *testSSHDBackend) restart() error {
b.didRestart = true
return nil
}
func (b *testSSHDBackend) checkConfig(path string) error {
return nil
}
func TestSSHD(t *testing.T) {
t.Parallel()
for _, tc := range []struct {
name string
initialSSHDConfig string
expectedSSHDConfigPrefix string
expectedTeleportSSHDConfig string
restart bool
}{
{
name: "sshd config update with restart",
initialSSHDConfig: "SomeSSHConfig Hello",
expectedSSHDConfigPrefix: "Include %s/sshd.conf",
expectedTeleportSSHDConfig: `# Created by 'teleport join openssh', do not edit
TrustedUserCAKeys %s/teleport_openssh_ca.pub
HostKey %s/ssh_host_teleport_key
HostCertificate %s/ssh_host_teleport_key-cert.pub
`,
restart: true,
},
{
name: "sshd config update without restart",
initialSSHDConfig: "SomeSSHConfig Hello",
expectedSSHDConfigPrefix: "Include %s/sshd.conf",
expectedTeleportSSHDConfig: `# Created by 'teleport join openssh', do not edit
TrustedUserCAKeys %s/teleport_openssh_ca.pub
HostKey %s/ssh_host_teleport_key
HostCertificate %s/ssh_host_teleport_key-cert.pub
`,
restart: false,
},
} {
t.Run(tc.name, func(t *testing.T) {
testDir := t.TempDir()
backend := &testSSHDBackend{}
sshd := SSHD{
sshd: backend,
}
openSSHConfigFile := filepath.Join(testDir, "sshd_config")
if tc.initialSSHDConfig != "" {
require.NoError(t, os.WriteFile(openSSHConfigFile, []byte(tc.initialSSHDConfig), 0o700))
}
dataDir := filepath.Join(testDir, "teleport")
require.NoError(t, os.MkdirAll(dataDir, 0o700))
err := sshd.UpdateConfig(SSHDConfigUpdate{
SSHDConfigPath: openSSHConfigFile,
DataDir: dataDir,
}, tc.restart)
require.NoError(t, err)
teleportSSHDPath := filepath.Join(dataDir, "sshd.conf")
actualSSHDConfig, err := os.ReadFile(openSSHConfigFile)
require.NoError(t, err)
expectedPrefix := fmt.Sprintf(tc.expectedSSHDConfigPrefix+"\n", dataDir)
require.Equal(t, expectedPrefix+tc.initialSSHDConfig, string(actualSSHDConfig))
actualTeleportSSHDConfig, err := os.ReadFile(teleportSSHDPath)
require.NoError(t, err)
openSSHKeyDir := filepath.Join(dataDir, "openssh")
expectedTeleportSSHDConfig := fmt.Sprintf(tc.expectedTeleportSSHDConfig, openSSHKeyDir, openSSHKeyDir, openSSHKeyDir)
require.Equal(t, expectedTeleportSSHDConfig, string(actualTeleportSSHDConfig))
require.Equal(t, tc.restart, backend.didRestart)
})
}
}
Reference in a new issue View git blame Copy permalink