Merge pull request #388 from vollmerk/main

MODULES-11100 - Add sk-ecdsa public key support, and implement tests for sk-ecdsa and ecdsa keys

Author: adrianiurca

lib/puppet/functions/accounts_ssh_authorized_keys_line_parser.rb

@@ -16,7 +16,7 @@
   end
 
   def accounts_ssh_authorized_keys_line_parser_string(str)
-    matched = str.match(%r{((ssh-|ecdsa-)[^\s]+)\s+([^\s]+)\s+(.*)$})
+    matched = str.match(%r{((sk-ecdsa-|ssh-|ecdsa-)[^\s]+)\s+([^\s]+)\s+(.*)$})
     raise ArgumentError, 'Wrong Keyline format!' unless matched && matched.length == 5
     options = str[0, str.index(matched[0])].rstrip
     [options, matched[1], matched[3], matched[4]]

spec/acceptance/user_spec.rb

@@ -5,12 +5,29 @@
 test_key = 'AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8Hfd'\
            'OV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9W'\
            'hQ=='
+ecdsa_test_key = 'AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNlpEm6+RwCiQXgQAb0P1asEAxCJDVtm/YYyUbdSifCbri98fjs1C/03pm9yLRQ0W/S70S8AhDCMjVFA07WzjOQ='
+ecdsa_sk_test_key = 'AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBAjkGvdKC05udQc82xGWWSKHbmJyBoa/oCq+2FiU6udqQyx0uOEC3YZAjvygBSdIo5vCpDELqJxaNQGQEkeUyYYAAAAEc3NoOg=='
 
 pp_accounts_define = <<-PUPPETCODE
   file { '/test':
     ensure => directory,
     before => Accounts::User['hunner'],
   }
+  if $facts['puppetversion'][0] == '6' {
+    $key_test = [
+      'ssh-rsa #{test_key} vagrant',
+      'command="/bin/echo Hello",from="myhost.example.com,192.168.1.1" ssh-rsa #{test_key} vagrant2'
+    ]
+  }
+  else {
+    $key_test = [#{'      '}
+      'ssh-rsa #{test_key} vagrant',
+      'command="/bin/echo Hello",from="myhost.example.com,192.168.1.1" ssh-rsa #{test_key} vagrant2',
+      'ecdsa-sha2-nistp256 #{ecdsa_test_key} vagrant3',
+      '[email protected] #{ecdsa_sk_test_key} vagrant4'
+    ]
+  }
+
   accounts::user { 'hunner':
     groups               => ['root'],
     password             => 'hi',
@@ -20,10 +37,7 @@
     managevim            => false,
     bashrc_content       => file('accounts/shell/bashrc'),
     bash_profile_content => file('accounts/shell/bash_profile'),
-    sshkeys              => [
-      'ssh-rsa #{test_key} vagrant',
-      'command="/bin/echo Hello",from="myhost.example.com,192.168.1.1" ssh-rsa #{test_key} vagrant2'
-    ],
+    sshkeys              => $key_test,
   }
 PUPPETCODE
 
@@ -41,6 +55,21 @@
     ensure => directory,
     before => Accounts::User['hunner'],
   }
+  if $facts['puppetversion'][0] == '6' {
+    $key_test = [
+      'ssh-rsa #{test_key} vagrant',
+      'command="/bin/echo Hello",from="myhost.example.com,192.168.1.1" ssh-rsa #{test_key} vagrant2'
+    ]
+  }
+  else {
+    $key_test = [#{'      '}
+      'ssh-rsa #{test_key} vagrant',
+      'command="/bin/echo Hello",from="myhost.example.com,192.168.1.1" ssh-rsa #{test_key} vagrant2',
+      'ecdsa-sha2-nistp256 #{ecdsa_test_key} vagrant3',
+      '[email protected] #{ecdsa_sk_test_key} vagrant4'
+    ]
+  }
+
   accounts::user { 'hunner':
     groups               => ['root'],
     password             => 'hi',
@@ -50,10 +79,7 @@
     managevim            => true,
     bashrc_content       => file('accounts/shell/bashrc'),
     bash_profile_content => file('accounts/shell/bash_profile'),
-    sshkeys              => [
-      'ssh-rsa #{test_key} vagrant',
-      'from="myhost.example.com,192.168.1.1" ssh-rsa #{test_key} vagrant2'
-    ],
+    sshkeys              => $key_test,
   }
 PUPPETCODE