newproperty(:type) do
desc 'The encryption type used.'
- newvalues :'ssh-dss', :'ssh-rsa', :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521', :'ssh-ed25519'
+ newvalues :'ssh-dss', :'ssh-rsa', :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521', :'ssh-ed25519',
+ :'sk-ecdsa-sha2-nistp256@openssh.com', :'sk-ssh-ed25519@openssh.com'
aliasvalue(:dsa, :'ssh-dss')
aliasvalue(:ed25519, :'ssh-ed25519')
aliasvalue(:rsa, :'ssh-rsa')
+ aliasvalue(:'ecdsa-sk', :'sk-ecdsa-sha2-nistp256@openssh.com')
+ aliasvalue(:'ed25519-sk', :'sk-ssh-ed25519@openssh.com')
end
newproperty(:key) do
end
# regular expression suitable for use by a ParsedFile based provider
- REGEX = %r{^(?:(.+)\s+)?(ssh-dss|ssh-ed25519|ssh-rsa|ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521)\s+([^ ]+)\s*(.*)$}
+ REGEX = %r{^(?:(.+)\s+)?(ssh-dss|ssh-ed25519|ssh-rsa|ecdsa-sha2-nistp256|
+ ecdsa-sha2-nistp384|ecdsa-sha2-nistp521|ecdsa-sk|ed25519-sk|
+ sk-ecdsa-sha2-nistp256@openssh.com|sk-ssh-ed25519@openssh.com)\s+([^ ]+)\s*(.*)$}x
def self.keyline_regex
REGEX
end
def self.title_patterns
[
[
- %r{^(.*)@(.*)$},
+ %r{^(.*?)@(.*)$},
[
[:name],
[:type],
isnamevar
- newvalues :'ssh-dss', :'ssh-ed25519', :'ssh-rsa', :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521'
+ newvalues :'ssh-dss', :'ssh-ed25519', :'ssh-rsa', :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521',
+ :'sk-ecdsa-sha2-nistp256@openssh.com', :'sk-ssh-ed25519@openssh.com'
aliasvalue(:dsa, :'ssh-dss')
aliasvalue(:ed25519, :'ssh-ed25519')
aliasvalue(:rsa, :'ssh-rsa')
+ aliasvalue(:'ecdsa-sk', :'sk-ecdsa-sha2-nistp256@openssh.com')
+ aliasvalue(:'ed25519-sk', :'sk-ssh-ed25519@openssh.com')
end
newproperty(:key) do
expect(File.read(sshkey_file)).not_to match(%r{#{sshkey_name}.*Yqk0=})
end
+ it 'prioritizes the specified type instead of type in the name' do
+ manifest = "#{type_under_test} { '#{super_unique}@rsa':
+ ensure => 'present',
+ type => 'dsa',
+ key => 'mykey',
+ target => '#{sshkey_file}' }"
+ apply_with_error_check(manifest)
+ expect(File.read(sshkey_file)).to match(%r{#{super_unique} ssh-dss.*mykey})
+ end
+
+ it 'can parse SSH key type that contains @openssh.com in name' do
+ manifest = "#{type_under_test} { '#{super_unique}@sk-ssh-ed25519@openssh.com':
+ ensure => 'present',
+ key => 'mykey',
+ target => '#{sshkey_file}' }"
+ apply_with_error_check(manifest)
+ expect(File.read(sshkey_file)).to match(%r{#{super_unique} sk-ssh-ed25519@openssh.com.*mykey})
+ end
+
# test all key types
types = [
'ssh-dss', 'dsa',
'ssh-rsa', 'rsa',
'ecdsa-sha2-nistp256',
'ecdsa-sha2-nistp384',
- 'ecdsa-sha2-nistp521'
+ 'ecdsa-sha2-nistp521',
+ 'ecdsa-sk', 'sk-ecdsa-sha2-nistp256@openssh.com',
+ 'ed25519-sk', 'sk-ssh-ed25519@openssh.com'
]
# these types are treated as aliases for sshkey <ahem> type
# so they are populated as the *values* below
aliases = {
- 'dsa' => 'ssh-dss',
- 'ed25519' => 'ssh-ed25519',
- 'rsa' => 'ssh-rsa',
+ 'dsa' => 'ssh-dss',
+ 'ed25519' => 'ssh-ed25519',
+ 'rsa' => 'ssh-rsa',
+ 'ecdsa-sk' => 'sk-ecdsa-sha2-nistp256@openssh.com',
+ 'ed25519-sk' => 'sk-ssh-ed25519@openssh.com',
}
types.each do |type|
it "should update an entry with #{type} type" do
:'ecdsa-sha2-nistp256',
:'ecdsa-sha2-nistp384',
:'ecdsa-sha2-nistp521',
- :ed25519, :'ssh-ed25519'
+ :ed25519, :'ssh-ed25519',
+ :'ecdsa-sk', :'sk-ecdsa-sha2-nistp256@openssh.com',
+ :'ed25519-sk', :'sk-ssh-ed25519@openssh.com'
].each do |keytype|
it "supports #{keytype}" do
described_class.new(name: 'whev', type: keytype, user: 'nobody')
expect(key.should(:type)).to eq :'ssh-dss'
end
+ it 'aliases :ecdsa-sk to :sk-ecdsa-sha2-nistp256@openssh.com' do
+ key = described_class.new(name: 'whev', type: :'ecdsa-sk', user: 'nobody')
+ expect(key.should(:type)).to eq :'sk-ecdsa-sha2-nistp256@openssh.com'
+ end
+
+ it 'aliases :ed25519-sk to :sk-ssh-ed25519@openssh.com' do
+ key = described_class.new(name: 'whev', type: :'ed25519-sk', user: 'nobody')
+ expect(key.should(:type)).to eq :'sk-ssh-ed25519@openssh.com'
+ end
+
it "doesn't support values other than ssh-dss, ssh-rsa, dsa, rsa" do
expect { described_class.new(name: 'whev', type: :something) }.to raise_error(Puppet::Error, %r{Invalid value})
end
:'ecdsa-sha2-nistp256',
:'ecdsa-sha2-nistp384',
:'ecdsa-sha2-nistp521',
- :'ssh-ed25519', :ed25519
+ :'ssh-ed25519', :ed25519,
+ :'ecdsa-sk', :'sk-ecdsa-sha2-nistp256@openssh.com',
+ :'ed25519-sk', :'sk-ssh-ed25519@openssh.com'
].each do |keytype|
it "supports #{keytype} as a type value" do
described_class.new(name: 'foo', type: keytype)
expect(key.parameter(:type).value).to eq :'ssh-dss'
end
+ it 'aliases :ecdsa-sk to :sk-ecdsa-sha2-nistp256@openssh.com' do
+ key = described_class.new(name: 'foo', type: :'ecdsa-sk')
+ expect(key.parameter(:type).value).to eq :'sk-ecdsa-sha2-nistp256@openssh.com'
+ end
+
+ it 'aliases :ed25519-sk to :ssh-dss' do
+ key = described_class.new(name: 'foo', type: :'ed25519-sk')
+ expect(key.parameter(:type).value).to eq :'sk-ssh-ed25519@openssh.com'
+ end
+
it "doesn't support values other than ssh-dss, ssh-rsa, dsa, rsa for type" do
expect {
described_class.new(name: 'whev', type: :'ssh-dsa')
projects / puppet-sshkeys_core.git / commitdiff