# vim: set filetype=sh ts=4 sw=4 sts=4 et: # shellcheck shell=bash # shellcheck disable=SC2086,SC2016,SC2046 # below: convoluted way that forces shellcheck to source our caller # shellcheck source=tests/functional/launch_tests_on_instance.sh . "$(dirname "${BASH_SOURCE[0]}")"/dummy # now try adding a key with a from="" when server has allowOverride=1 and ingressKeyFrom="x" # also try creating an account with it (code paths from selfAddIngressKey and accountCreate differ) _ingress_from_test() { name="$1" ip1="$2" ip2="$3" keytoadd="$4" fingerprint="$5" script selfAddIngressKey $name "echo '$keytoadd' | $a1 --osh selfAddIngressKey" retvalshouldbe 0 json .value.connect_only_from[0] $ip1 json .value.connect_only_from[1] $ip2 json .value.key.from_list[0] $ip1 json .value.key.from_list[1] $ip2 if [ "$ip1" = null ] && [ "$ip2" = null ]; then json .value.key.prefix "" else json .value.key.prefix "from=\"$ip1,$ip2\"" fi success selfListIngressKeys $name $a1 --osh selfListIngressKeys json .value.keys[1].from_list[0] $ip1 json .value.keys[1].from_list[1] $ip2 if [ "$ip1" = null ] && [ "$ip2" = null ]; then json .value.keys[1].prefix "" else json .value.keys[1].prefix "from=\"$ip1,$ip2\"" fi success selfDelIngressKey $name $a1 --osh selfDelIngressKey -f "$fingerprint" # now on account creation grant accountCreate script accountCreate $name "echo '$keytoadd' | $a0 --osh accountCreate --account $account2 --uid $uid2" json .error_code OK .command accountCreate .value null revoke accountCreate grant accountListIngressKeys success accountListIngressKeys $name $a0 --osh accountListIngressKeys --account $account2 json .value.keys[0].from_list[0] $ip1 json .value.keys[0].from_list[1] $ip2 if [ "$ip1" = null ] && [ "$ip2" = null ]; then json .value.keys[0].prefix "" else json .value.keys[0].prefix "from=\"$ip1,$ip2\"" fi revoke accountListIngressKeys grant accountDelete script accountDelete $name "$a0 --osh accountDelete --account $account2" "<<< \"Yes, do as I say and delete $account2, kthxbye\"" retvalshouldbe 0 json .error_code OK .command accountDelete revoke accountDelete } testsuite_selfkeys() { grant accountCreate success osh accountCreate $a0 --osh accountCreate --always-active --account $account1 --uid $uid1 --public-key \""$(cat $account1key1file.pub)"\" json .error_code OK .command accountCreate .value null revoke accountCreate grant accountModify # grant accountInfo grant auditor configchg 's=^\\\\x22minimumIngressRsaKeySize\\\\x22.+=\\\\x22minimumIngressRsaKeySize\\\\x22:4096,=' success accountssh info0 $a0 --osh accountInfo --account $account1 json .error_code OK .command accountInfo json .value.account_egress_ssh_config.type default success accountssh modifyssh1 $a0 --osh accountModify --account $account1 --egress-strict-host-key-checking no json .error_code OK .command accountModify success accountssh info1 $a0 --osh accountInfo --account $account1 json .error_code OK .command accountInfo json .value.account_egress_ssh_config.type custom json .value.account_egress_ssh_config.items.stricthostkeychecking no success accountssh modifyssh2 $a0 --osh accountModify --account $account1 --egress-strict-host-key-checking accept-new json .error_code OK .command accountModify success accountssh info2 $a0 --osh accountInfo --account $account1 json .error_code OK .command accountInfo json .value.account_egress_ssh_config.type custom json .value.account_egress_ssh_config.items.stricthostkeychecking accept-new success accountssh modifyssh2 $a0 --osh accountModify --account $account1 --egress-strict-host-key-checking yes json .error_code OK .command accountModify success accountssh info2 $a0 --osh accountInfo --account $account1 json .error_code OK .command accountInfo json .value.account_egress_ssh_config.type custom json .value.account_egress_ssh_config.items.stricthostkeychecking yes success accountssh modifyssh3 $a0 --osh accountModify --account $account1 --egress-strict-host-key-checking ask json .error_code OK .command accountModify success accountssh info3 $a0 --osh accountInfo --account $account1 json .error_code OK .command accountInfo json .value.account_egress_ssh_config.type custom json .value.account_egress_ssh_config.items.stricthostkeychecking ask success accountssh modifyssh4 $a0 --osh accountModify --account $account1 --egress-strict-host-key-checking bypass json .error_code OK .command accountModify success accountssh info4 $a0 --osh accountInfo --account $account1 json .error_code OK .command accountInfo json .value.account_egress_ssh_config.type custom json .value.account_egress_ssh_config.items.stricthostkeychecking no json .value.account_egress_ssh_config.items.userknownhostsfile /dev/null success accountssh modifyssh5 $a0 --osh accountModify --account $account1 --egress-strict-host-key-checking default json .error_code OK .command accountModify success accountssh info5 $a0 --osh accountInfo --account $account1 json .error_code OK .command accountInfo json .value.account_egress_ssh_config.type default revoke auditor revoke accountInfo # success realm modify_account1 $a0 --osh accountModify --pam-auth-bypass yes --account $account1 json .error_code OK .command accountModify revoke accountModify grant accountListEgressKeys success osh accountListEgressKeys $a0 --osh accountListEgressKeys --account $account1 contain "keyline" json .error_code OK .command accountListEgressKeys set +e local tmpfp tmpfp=$(get_json | $jq '.value|keys[0]') set -e json $(cat <