diff options
| author | Stephen Finucane <sfinucan@redhat.com> | 2023-04-28 11:28:56 +0100 |
|---|---|---|
| committer | Stephen Finucane <sfinucan@redhat.com> | 2023-05-02 12:18:52 +0100 |
| commit | 2454636386d443473dedff1f07f8623108e87298 (patch) | |
| tree | 204f54a811b80170e87941c68b3f942b39c8b2f7 /openstackclient/tests | |
| parent | a2f877f70c460769337fab5fd2d65cca0ba9091c (diff) | |
| download | python-openstackclient-2454636386d443473dedff1f07f8623108e87298.tar.gz | |
compute: Generate SSH keypairs ourselves
Starting with the 2.92 microversion, nova will no longer generate SSH
keys. Avoid breaking users by generating keypairs ourselves using the
cryptography library, which was already an indirect dependency through
openstacksdk.
Change-Id: I3ad2732f70854ab72da0947f00847351dda23944
Implements: blueprint keypair-generation-removal
Diffstat (limited to 'openstackclient/tests')
| -rw-r--r-- | openstackclient/tests/functional/compute/v2/test_keypair.py | 14 | ||||
| -rw-r--r-- | openstackclient/tests/unit/compute/v2/fakes.py | 4 | ||||
| -rw-r--r-- | openstackclient/tests/unit/compute/v2/test_keypair.py | 49 |
3 files changed, 35 insertions, 32 deletions
diff --git a/openstackclient/tests/functional/compute/v2/test_keypair.py b/openstackclient/tests/functional/compute/v2/test_keypair.py index 828d5dad..e1d12977 100644 --- a/openstackclient/tests/functional/compute/v2/test_keypair.py +++ b/openstackclient/tests/functional/compute/v2/test_keypair.py @@ -117,24 +117,28 @@ class KeypairTests(KeypairBase): self.assertIsNotNone(cmd_output.get('user_id')) self.assertIsNotNone(cmd_output.get('fingerprint')) pk_content = f.read() - self.assertInOutput('-----BEGIN RSA PRIVATE KEY-----', pk_content) + self.assertInOutput( + '-----BEGIN OPENSSH PRIVATE KEY-----', pk_content, + ) self.assertRegex(pk_content, "[0-9A-Za-z+/]+[=]{0,3}\n") - self.assertInOutput('-----END RSA PRIVATE KEY-----', pk_content) + self.assertInOutput( + '-----END OPENSSH PRIVATE KEY-----', pk_content, + ) def test_keypair_create(self): """Test keypair create command. Test steps: 1) Create keypair in setUp - 2) Check RSA private key in output + 2) Check Ed25519 private key in output 3) Check for new keypair in keypairs list """ NewName = data_utils.rand_name('TestKeyPairCreated') raw_output = self.openstack('keypair create ' + NewName) self.addCleanup(self.openstack, 'keypair delete ' + NewName) - self.assertInOutput('-----BEGIN RSA PRIVATE KEY-----', raw_output) + self.assertInOutput('-----BEGIN OPENSSH PRIVATE KEY-----', raw_output) self.assertRegex(raw_output, "[0-9A-Za-z+/]+[=]{0,3}\n") - self.assertInOutput('-----END RSA PRIVATE KEY-----', raw_output) + self.assertInOutput('-----END OPENSSH PRIVATE KEY-----', raw_output) self.assertIn(NewName, self.keypair_list()) def test_keypair_delete_not_existing(self): diff --git a/openstackclient/tests/unit/compute/v2/fakes.py b/openstackclient/tests/unit/compute/v2/fakes.py index 08d4a574..356cc29c 100644 --- a/openstackclient/tests/unit/compute/v2/fakes.py +++ b/openstackclient/tests/unit/compute/v2/fakes.py @@ -793,7 +793,7 @@ class FakeKeypair(object): """Fake one or more keypairs.""" @staticmethod - def create_one_keypair(attrs=None, no_pri=False): + def create_one_keypair(attrs=None): """Create a fake keypair :param dict attrs: @@ -811,8 +811,6 @@ class FakeKeypair(object): 'public_key': 'dummy', 'user_id': 'user' } - if not no_pri: - keypair_info['private_key'] = 'private_key' # Overwrite default attributes. keypair_info.update(attrs) diff --git a/openstackclient/tests/unit/compute/v2/test_keypair.py b/openstackclient/tests/unit/compute/v2/test_keypair.py index 65d9396a..1c2923b2 100644 --- a/openstackclient/tests/unit/compute/v2/test_keypair.py +++ b/openstackclient/tests/unit/compute/v2/test_keypair.py @@ -54,10 +54,10 @@ class TestKeypair(compute_fakes.TestComputev2): class TestKeypairCreate(TestKeypair): - keypair = compute_fakes.FakeKeypair.create_one_keypair() - def setUp(self): - super(TestKeypairCreate, self).setUp() + super().setUp() + + self.keypair = compute_fakes.FakeKeypair.create_one_keypair() self.columns = ( 'fingerprint', @@ -77,8 +77,11 @@ class TestKeypairCreate(TestKeypair): self.sdk_client.create_keypair.return_value = self.keypair - def test_key_pair_create_no_options(self): - + @mock.patch.object( + keypair, '_generate_keypair', + return_value=keypair.Keypair('private', 'public'), + ) + def test_key_pair_create_no_options(self, mock_generate): arglist = [ self.keypair.name, ] @@ -90,18 +93,14 @@ class TestKeypairCreate(TestKeypair): columns, data = self.cmd.take_action(parsed_args) self.sdk_client.create_keypair.assert_called_with( - name=self.keypair.name + name=self.keypair.name, + public_key=mock_generate.return_value.public_key, ) self.assertEqual({}, columns) self.assertEqual({}, data) def test_keypair_create_public_key(self): - # overwrite the setup one because we want to omit private_key - self.keypair = compute_fakes.FakeKeypair.create_one_keypair( - no_pri=True) - self.sdk_client.create_keypair.return_value = self.keypair - self.data = ( self.keypair.fingerprint, self.keypair.name, @@ -135,7 +134,11 @@ class TestKeypairCreate(TestKeypair): self.assertEqual(self.columns, columns) self.assertEqual(self.data, data) - def test_keypair_create_private_key(self): + @mock.patch.object( + keypair, '_generate_keypair', + return_value=keypair.Keypair('private', 'public'), + ) + def test_keypair_create_private_key(self, mock_generate): tmp_pk_file = '/tmp/kp-file-' + uuid.uuid4().hex arglist = [ '--private-key', tmp_pk_file, @@ -156,10 +159,13 @@ class TestKeypairCreate(TestKeypair): self.sdk_client.create_keypair.assert_called_with( name=self.keypair.name, + public_key=mock_generate.return_value.public_key, ) mock_open.assert_called_once_with(tmp_pk_file, 'w+') - m_file.write.assert_called_once_with(self.keypair.private_key) + m_file.write.assert_called_once_with( + mock_generate.return_value.private_key, + ) self.assertEqual(self.columns, columns) self.assertEqual(self.data, data) @@ -167,8 +173,6 @@ class TestKeypairCreate(TestKeypair): @mock.patch.object(sdk_utils, 'supports_microversion', return_value=True) def test_keypair_create_with_key_type(self, sm_mock): for key_type in ['x509', 'ssh']: - self.keypair = compute_fakes.FakeKeypair.create_one_keypair( - no_pri=True) self.sdk_client.create_keypair.return_value = self.keypair self.data = ( @@ -233,8 +237,12 @@ class TestKeypairCreate(TestKeypair): '--os-compute-api-version 2.2 or greater is required', str(ex)) + @mock.patch.object( + keypair, '_generate_keypair', + return_value=keypair.Keypair('private', 'public'), + ) @mock.patch.object(sdk_utils, 'supports_microversion', return_value=True) - def test_key_pair_create_with_user(self, sm_mock): + def test_key_pair_create_with_user(self, sm_mock, mock_generate): arglist = [ '--user', identity_fakes.user_name, self.keypair.name, @@ -250,6 +258,7 @@ class TestKeypairCreate(TestKeypair): self.sdk_client.create_keypair.assert_called_with( name=self.keypair.name, user_id=identity_fakes.user_id, + public_key=mock_generate.return_value.public_key, ) self.assertEqual({}, columns) @@ -673,9 +682,6 @@ class TestKeypairShow(TestKeypair): self.cmd, arglist, verifylist) def test_keypair_show(self): - # overwrite the setup one because we want to omit private_key - self.keypair = compute_fakes.FakeKeypair.create_one_keypair( - no_pri=True) self.sdk_client.find_keypair.return_value = self.keypair self.data = ( @@ -704,7 +710,6 @@ class TestKeypairShow(TestKeypair): self.assertEqual(self.data, data) def test_keypair_show_public(self): - arglist = [ '--public-key', self.keypair.name @@ -723,10 +728,6 @@ class TestKeypairShow(TestKeypair): @mock.patch.object(sdk_utils, 'supports_microversion', return_value=True) def test_keypair_show_with_user(self, sm_mock): - - # overwrite the setup one because we want to omit private_key - self.keypair = compute_fakes.FakeKeypair.create_one_keypair( - no_pri=True) self.sdk_client.find_keypair.return_value = self.keypair self.data = ( |