# test code for the authorized_key module # (c) 2014, James Cammarata # This file is part of Ansible # # Ansible is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # Ansible is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with Ansible. If not, see . # ------------------------------------------------------------- # Setup steps - name: touch the authorized_keys file file: dest="{{output_dir}}/authorized_keys" state=touch register: result - name: assert that the authorized_keys file was created assert: that: - 'result.changed == True' - 'result.state == "file"' # ------------------------------------------------------------- # basic ssh-dss key - name: add basic ssh-dss key authorized_key: user=root key="{{ dss_key_basic }}" state=present path="{{output_dir|expanduser}}/authorized_keys" register: result - name: assert that the key was added assert: that: - 'result.changed == True' - 'result.key == dss_key_basic' - 'result.key_options == None' - name: re-add basic ssh-dss key authorized_key: user=root key="{{ dss_key_basic }}" state=present path="{{output_dir|expanduser}}/authorized_keys" register: result - name: assert that nothing changed assert: that: - 'result.changed == False' # ------------------------------------------------------------- # ssh-dss key with an unquoted option - name: add ssh-dss key with an unquoted option authorized_key: user: root key: "{{ dss_key_unquoted_option }}" state: present path: "{{output_dir|expanduser}}/authorized_keys" register: result - name: assert that the key was added assert: that: - 'result.changed == True' - 'result.key == dss_key_unquoted_option' - 'result.key_options == None' - name: re-add ssh-dss key with an unquoted option authorized_key: user: root key: "{{ dss_key_unquoted_option }}" state: present path: "{{output_dir|expanduser}}/authorized_keys" register: result - name: assert that nothing changed assert: that: - 'result.changed == False' # ------------------------------------------------------------- # ssh-dss key with a leading command="/bin/foo" - name: add ssh-dss key with a leading command authorized_key: user: root key: "{{ dss_key_command }}" state: present path: "{{output_dir|expanduser}}/authorized_keys" register: result - name: assert that the key was added assert: that: - 'result.changed == True' - 'result.key == dss_key_command' - 'result.key_options == None' - name: re-add ssh-dss key with a leading command authorized_key: user: root key: "{{ dss_key_command }}" state: present path: "{{output_dir|expanduser}}/authorized_keys" register: result - name: assert that nothing changed assert: that: - 'result.changed == False' # ------------------------------------------------------------- # ssh-dss key with a complex quoted leading command # ie. command="/bin/echo foo 'bar baz'" - name: add ssh-dss key with a complex quoted leading command authorized_key: user: root key: "{{ dss_key_complex_command }}" state: present path: "{{output_dir|expanduser}}/authorized_keys" register: result - name: assert that the key was added assert: that: - 'result.changed == True' - 'result.key == dss_key_complex_command' - 'result.key_options == None' - name: re-add ssh-dss key with a complex quoted leading command authorized_key: user: root key: "{{ dss_key_complex_command }}" state: present path: "{{output_dir|expanduser}}/authorized_keys" register: result - name: assert that nothing changed assert: that: - 'result.changed == False' # ------------------------------------------------------------- # ssh-dss key with a command and a single option, which are # in a comma-separated list - name: add ssh-dss key with a command and a single option authorized_key: user: root key: "{{ dss_key_command_single_option }}" state: present path: "{{output_dir|expanduser}}/authorized_keys" register: result - name: assert that the key was added assert: that: - 'result.changed == True' - 'result.key == dss_key_command_single_option' - 'result.key_options == None' - name: re-add ssh-dss key with a command and a single option authorized_key: user: root key: "{{ dss_key_command_single_option }}" state: present path: "{{output_dir|expanduser}}/authorized_keys" register: result - name: assert that nothing changed assert: that: - 'result.changed == False' # ------------------------------------------------------------- # ssh-dss key with a command and multiple other options - name: add ssh-dss key with a command and multiple options authorized_key: user: root key: "{{ dss_key_command_multiple_options }}" state: present path: "{{output_dir|expanduser}}/authorized_keys" register: result - name: assert that the key was added assert: that: - 'result.changed == True' - 'result.key == dss_key_command_multiple_options' - 'result.key_options == None' - name: re-add ssh-dss key with a command and multiple options authorized_key: user: root key: "{{ dss_key_command_multiple_options }}" state: present path: "{{output_dir|expanduser}}/authorized_keys" register: result - name: assert that nothing changed assert: that: - 'result.changed == False' # ------------------------------------------------------------- # ssh-dss key with multiple trailing parts, which are space- # separated and not quoted in any way - name: add ssh-dss key with trailing parts authorized_key: user: root key: "{{ dss_key_trailing }}" state: present path: "{{output_dir|expanduser}}/authorized_keys" register: result - name: assert that the key was added assert: that: - 'result.changed == True' - 'result.key == dss_key_trailing' - 'result.key_options == None' - name: re-add ssh-dss key with trailing parts authorized_key: user: root key: "{{ dss_key_trailing }}" state: present path: "{{output_dir|expanduser}}/authorized_keys" register: result - name: assert that nothing changed assert: that: - 'result.changed == False' # ------------------------------------------------------------- # basic ssh-dss key with mutliple permit-open options # https://github.com/ansible/ansible-modules-core/issues/1715 - name: add basic ssh-dss key with multi-opts authorized_key: user: root key: "{{ dss_key_basic }}" key_options: 'no-agent-forwarding,no-X11-forwarding,permitopen="10.9.8.1:8080",permitopen="10.9.8.1:9001"' state: present path: "{{output_dir|expanduser}}/authorized_keys" register: result - name: assert that the key with multi-opts was added assert: that: - 'result.changed == True' - 'result.key == dss_key_basic' - 'result.key_options == "no-agent-forwarding,no-X11-forwarding,permitopen=\"10.9.8.1:8080\",permitopen=\"10.9.8.1:9001\""' - name: get the file content shell: cat "{{output_dir|expanduser}}/authorized_keys" | fgrep DATA_BASIC register: content - name: validate content assert: that: - 'content.stdout == "no-agent-forwarding,no-X11-forwarding,permitopen=\"10.9.8.1:8080\",permitopen=\"10.9.8.1:9001\" ssh-dss DATA_BASIC root@testing"'