[PATCH/puppet 1/1] Fixing 2812 authorized_keys without comments fail
2 views
Skip to first unread message
Jesse Wolfe
Nov 19, 2009, 4:37:56 AM11/19/09
to puppe...@googlegroups.com
This is technically a duplicate of #1531, I think this change prevents
the problem that appears in #2812, without touching the underlying issues
of #1531.
ssh_authorized_key was failing on keys in ~/.ssh/authorized_keys that
lack a comment field - it would generate a Ssh_authorized_key resource
with the name set to nil, which raises "ArgumentError: Field 'name' is
required."
Fixed by setting such keys' name fields to an empty string.
This prevents the error from being raised and the authorized_keys files
round-trip successfully.
Signed-off-by: Jesse Wolfe <jes...@gmail.com>
---
lib/puppet/provider/ssh_authorized_key/parsed.rb | 3 ++-
spec/unit/provider/ssh_authorized_key/parsed.rb | 6 ++++++
.../ssh_authorized_key/parsed/authorized_keys | 1 +
3 files changed, 9 insertions(+), 1 deletions(-)
diff --git a/lib/puppet/provider/ssh_authorized_key/parsed.rb b/lib/puppet/provider/ssh_authorized_key/parsed.rb
index 69eec9f..b435c51 100644
--- a/lib/puppet/provider/ssh_authorized_key/parsed.rb
+++ b/lib/puppet/provider/ssh_authorized_key/parsed.rb
@@ -14,8 +14,9 @@ Puppet::Type.type(:ssh_authorized_key).provide(:parsed,
:fields => %w{options type key name},
:optional => %w{options},
:rts => /^\s+/,
- :match => /^(?:(.+) )?(ssh-dss|ssh-rsa) ([^ ]+)(?: (.+))?$/,
+ :match => /^(?:(.+) )?(ssh-dss|ssh-rsa) ([^ ]+) ?(.*)$/,
:post_parse => proc { |h|
+ h[:name] = "" if h[:name] == :absent
h[:options] ||= [:absent]
h[:options] = Puppet::Type::Ssh_authorized_key::ProviderParsed.parse_options(h[:options]) if h[:options].is_a? String
},
diff --git a/spec/unit/provider/ssh_authorized_key/parsed.rb b/spec/unit/provider/ssh_authorized_key/parsed.rb
index 13bd08b..49abc13 100755
--- a/spec/unit/provider/ssh_authorized_key/parsed.rb
+++ b/spec/unit/provider/ssh_authorized_key/parsed.rb
@@ -78,6 +78,12 @@ describe provider_class do
@provider.parse_options(optionstr).should == options
end
+
+ it "should use '' as name for entries that lack a comment" do
+ line = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAut8aOSxenjOqF527dlsdHWV4MNoAsX14l9M297+SQXaQ5Z3BedIxZaoQthkDALlV/25A1COELrg9J2MqJNQc8Xe9XQOIkBQWWinUlD/BXwoOTWEy8C8zSZPHZ3getMMNhGTBO+q/O+qiJx3y5cA4MTbw2zSxukfWC87qWwcZ64UUlegIM056vPsdZWFclS9hsROVEa57YUMrehQ1EGxT4Z5j6zIopufGFiAPjZigq/vqgcAqhAKP6yu4/gwO6S9tatBeEjZ8fafvj1pmvvIplZeMr96gHE7xS3pEEQqnB3nd4RY7AF6j9kFixnsytAUO7STPh/M3pLiVQBN89TvWPQ=="
+
+ @provider.parse(line)[0][:name].should == ""
+ end
end
describe provider_class do
diff --git a/test/data/providers/ssh_authorized_key/parsed/authorized_keys b/test/data/providers/ssh_authorized_key/parsed/authorized_keys
index a2a85d9..b22329d 100644
--- a/test/data/providers/ssh_authorized_key/parsed/authorized_keys
+++ b/test/data/providers/ssh_authorized_key/parsed/authorized_keys
@@ -4,3 +4,4 @@ from="192.168.1.1",command="/bin/false",no-pty,no-port-forwarding ssh-dss AAAAB3
from="192.168.1.1, www.reductivelabs.com",command="/bin/false",no-pty,no-port-forwarding ssh-dss AAAAB3NzaC1kc3MAAACBAJkupmdsJSDXfUy5EU5NTRBDr9Woo3w0YnB8KmnJW9ghU8C7SkWPB1fIHVe+esFfd3qWBseb83PoFX63geZJAg6bjV4/Rdn1zEoa9EO2QyUdYUen4+rpsh3vVKZ6HFNsn3+W5+kPYgE1F/N4INqkbjY3sqCkP/W1BL9+sbVVbuJFAAAAFQCfjWDk5XhvGUkPjNWWVqltBYzHtwAAAIEAg/XL7ky7x9Ad5banzPFAfmM+DGFe0A/JEbLDjKmr5KBM5x4RFohtEvZ8ECuVGUOqBWdgAjyYwsG4oRVjLnKrf/rgmbNRzSFgEWkcAye3BVwk7Dt6hh4knEl+mNfOLq+FH0011UhecOiqTcESMzQDtgQ1vJh2VchElBLjl3x/ZugAAACAAh5jGQC338t5ObP8trSlOefkx0sXmmEzUbo3Mt8mGUuGJPx8m+X0L8Xd+l5rQxytqE3SmV/RD+6REqBuPqHM8RQuqAzfjdOeg/Ajdggx1CRMTVhltZsgQoxO30cz9Qo0SdPoL+Jp1fLuaLZq7m/RmsWYvoLT3jebBlpvvQE8YlI= Francois Deppierraz
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2Vi+TdC3iOGYcIo5vGTvC9P9rjHl9RxCuZmSfn+YDFQ35RXf0waijtjp9I7GYh6R4hBjA5z0u/Pzi95LET5NfRM0Gdc0DJyvBI7K+ALBxIT383Iz6Yz4iKxe1TEJgHGM2he4+7BHkjc3kdIZqIpZjucCk4VsXSxujO4MKKvtaKK2l+kahlLQHHw/vZkDpIgL52iGVsjW9l8RLJaKHZ4mDHJN/Q/Rzn2W4EvcdHUzwhvGMwZlm8clDwITBrSsawYtnivJrQSYcmTRqJuS8wprNDrLIhTGjrwFg5WpruUuMt6fLuCqwe6TeEL+nh3DQ4g554c5aRp3oU6LGBKTvNZGWQ== francois@korn
ssh-dss AAAAB3NzaC1kc3MAAACBAMPpCYnjywOemd8LqbbmC+bePNR3/H1rXsiFwjSLhYE3bbOpvclvOzN1DruFc34m0FopVnMkP+aubjdIYF8pijl+5hg9ggB7Kno2dl0Dd1rGN/swvmhA8OpLAQv7Qt7UnXKVho3as08zYZsrHxYFu0wlnkdbsv4cy4aXyQKd4MPVAAAAFQDSyQFWg8Qt3wU05buhZ10psoR7tQAAAIEAmAhguXwUnI3P2FF5NAW/mpJUmUERdL4pyZARUyAgpf7ezwrh9TJqrvGTQNBF97Xqaivyncm5JWQdMIsTBxEFaXZGkmBta02KnWcn447qvIh7iv8XpNL6M9flCkBEZOJ4t9El0ytTSHHaiCz8A20Et+E8evWyi1kXkFDt8ML2dGgAAACBAK0X4ympbdEjgV/ZyOc+BU22u7vOnfSOUJmyar4Ax1MIDNnoyNWKnGvxRutydQcQOKQHZEU0fE8MhPFn6nLF6CoVfEl/oz0EYz3hjV4WPFpHrF5DY/rhvNj8iuneKJ5P0dy/rG6m5qey25PnHyGFVoIRlkHJvBCJT40dHs40YEjI francois@korn
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAut8aOSxenjOqF527dlsdHWV4MNoAsX14l9M297+SQXaQ5Z3BedIxZaoQthkDALlV/25A1COELrg9J2MqJNQc8Xe9XQOIkBQWWinUlD/BXwoOTWEy8C8zSZPHZ3getMMNhGTBO+q/O+qiJx3y5cA4MTbw2zSxukfWC87qWwcZ64UUlegIM056vPsdZWFclS9hsROVEa57YUMrehQ1EGxT4Z5j6zIopufGFiAPjZigq/vqgcAqhAKP6yu4/gwO6S9tatBeEjZ8fafvj1pmvvIplZeMr96gHE7xS3pEEQqnB3nd4RY7AF6j9kFixnsytAUO7STPh/M3pLiVQBN89TvWPQ==
--
1.6.3.3
the problem that appears in #2812, without touching the underlying issues
of #1531.
ssh_authorized_key was failing on keys in ~/.ssh/authorized_keys that
lack a comment field - it would generate a Ssh_authorized_key resource
with the name set to nil, which raises "ArgumentError: Field 'name' is
required."
Fixed by setting such keys' name fields to an empty string.
This prevents the error from being raised and the authorized_keys files
round-trip successfully.
Signed-off-by: Jesse Wolfe <jes...@gmail.com>
---
lib/puppet/provider/ssh_authorized_key/parsed.rb | 3 ++-
spec/unit/provider/ssh_authorized_key/parsed.rb | 6 ++++++
.../ssh_authorized_key/parsed/authorized_keys | 1 +
3 files changed, 9 insertions(+), 1 deletions(-)
diff --git a/lib/puppet/provider/ssh_authorized_key/parsed.rb b/lib/puppet/provider/ssh_authorized_key/parsed.rb
index 69eec9f..b435c51 100644
--- a/lib/puppet/provider/ssh_authorized_key/parsed.rb
+++ b/lib/puppet/provider/ssh_authorized_key/parsed.rb
@@ -14,8 +14,9 @@ Puppet::Type.type(:ssh_authorized_key).provide(:parsed,
:fields => %w{options type key name},
:optional => %w{options},
:rts => /^\s+/,
- :match => /^(?:(.+) )?(ssh-dss|ssh-rsa) ([^ ]+)(?: (.+))?$/,
+ :match => /^(?:(.+) )?(ssh-dss|ssh-rsa) ([^ ]+) ?(.*)$/,
:post_parse => proc { |h|
+ h[:name] = "" if h[:name] == :absent
h[:options] ||= [:absent]
h[:options] = Puppet::Type::Ssh_authorized_key::ProviderParsed.parse_options(h[:options]) if h[:options].is_a? String
},
diff --git a/spec/unit/provider/ssh_authorized_key/parsed.rb b/spec/unit/provider/ssh_authorized_key/parsed.rb
index 13bd08b..49abc13 100755
--- a/spec/unit/provider/ssh_authorized_key/parsed.rb
+++ b/spec/unit/provider/ssh_authorized_key/parsed.rb
@@ -78,6 +78,12 @@ describe provider_class do
@provider.parse_options(optionstr).should == options
end
+
+ it "should use '' as name for entries that lack a comment" do
+ line = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAut8aOSxenjOqF527dlsdHWV4MNoAsX14l9M297+SQXaQ5Z3BedIxZaoQthkDALlV/25A1COELrg9J2MqJNQc8Xe9XQOIkBQWWinUlD/BXwoOTWEy8C8zSZPHZ3getMMNhGTBO+q/O+qiJx3y5cA4MTbw2zSxukfWC87qWwcZ64UUlegIM056vPsdZWFclS9hsROVEa57YUMrehQ1EGxT4Z5j6zIopufGFiAPjZigq/vqgcAqhAKP6yu4/gwO6S9tatBeEjZ8fafvj1pmvvIplZeMr96gHE7xS3pEEQqnB3nd4RY7AF6j9kFixnsytAUO7STPh/M3pLiVQBN89TvWPQ=="
+
+ @provider.parse(line)[0][:name].should == ""
+ end
end
describe provider_class do
diff --git a/test/data/providers/ssh_authorized_key/parsed/authorized_keys b/test/data/providers/ssh_authorized_key/parsed/authorized_keys
index a2a85d9..b22329d 100644
--- a/test/data/providers/ssh_authorized_key/parsed/authorized_keys
+++ b/test/data/providers/ssh_authorized_key/parsed/authorized_keys
@@ -4,3 +4,4 @@ from="192.168.1.1",command="/bin/false",no-pty,no-port-forwarding ssh-dss AAAAB3
from="192.168.1.1, www.reductivelabs.com",command="/bin/false",no-pty,no-port-forwarding ssh-dss AAAAB3NzaC1kc3MAAACBAJkupmdsJSDXfUy5EU5NTRBDr9Woo3w0YnB8KmnJW9ghU8C7SkWPB1fIHVe+esFfd3qWBseb83PoFX63geZJAg6bjV4/Rdn1zEoa9EO2QyUdYUen4+rpsh3vVKZ6HFNsn3+W5+kPYgE1F/N4INqkbjY3sqCkP/W1BL9+sbVVbuJFAAAAFQCfjWDk5XhvGUkPjNWWVqltBYzHtwAAAIEAg/XL7ky7x9Ad5banzPFAfmM+DGFe0A/JEbLDjKmr5KBM5x4RFohtEvZ8ECuVGUOqBWdgAjyYwsG4oRVjLnKrf/rgmbNRzSFgEWkcAye3BVwk7Dt6hh4knEl+mNfOLq+FH0011UhecOiqTcESMzQDtgQ1vJh2VchElBLjl3x/ZugAAACAAh5jGQC338t5ObP8trSlOefkx0sXmmEzUbo3Mt8mGUuGJPx8m+X0L8Xd+l5rQxytqE3SmV/RD+6REqBuPqHM8RQuqAzfjdOeg/Ajdggx1CRMTVhltZsgQoxO30cz9Qo0SdPoL+Jp1fLuaLZq7m/RmsWYvoLT3jebBlpvvQE8YlI= Francois Deppierraz
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2Vi+TdC3iOGYcIo5vGTvC9P9rjHl9RxCuZmSfn+YDFQ35RXf0waijtjp9I7GYh6R4hBjA5z0u/Pzi95LET5NfRM0Gdc0DJyvBI7K+ALBxIT383Iz6Yz4iKxe1TEJgHGM2he4+7BHkjc3kdIZqIpZjucCk4VsXSxujO4MKKvtaKK2l+kahlLQHHw/vZkDpIgL52iGVsjW9l8RLJaKHZ4mDHJN/Q/Rzn2W4EvcdHUzwhvGMwZlm8clDwITBrSsawYtnivJrQSYcmTRqJuS8wprNDrLIhTGjrwFg5WpruUuMt6fLuCqwe6TeEL+nh3DQ4g554c5aRp3oU6LGBKTvNZGWQ== francois@korn
ssh-dss AAAAB3NzaC1kc3MAAACBAMPpCYnjywOemd8LqbbmC+bePNR3/H1rXsiFwjSLhYE3bbOpvclvOzN1DruFc34m0FopVnMkP+aubjdIYF8pijl+5hg9ggB7Kno2dl0Dd1rGN/swvmhA8OpLAQv7Qt7UnXKVho3as08zYZsrHxYFu0wlnkdbsv4cy4aXyQKd4MPVAAAAFQDSyQFWg8Qt3wU05buhZ10psoR7tQAAAIEAmAhguXwUnI3P2FF5NAW/mpJUmUERdL4pyZARUyAgpf7ezwrh9TJqrvGTQNBF97Xqaivyncm5JWQdMIsTBxEFaXZGkmBta02KnWcn447qvIh7iv8XpNL6M9flCkBEZOJ4t9El0ytTSHHaiCz8A20Et+E8evWyi1kXkFDt8ML2dGgAAACBAK0X4ympbdEjgV/ZyOc+BU22u7vOnfSOUJmyar4Ax1MIDNnoyNWKnGvxRutydQcQOKQHZEU0fE8MhPFn6nLF6CoVfEl/oz0EYz3hjV4WPFpHrF5DY/rhvNj8iuneKJ5P0dy/rG6m5qey25PnHyGFVoIRlkHJvBCJT40dHs40YEjI francois@korn
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAut8aOSxenjOqF527dlsdHWV4MNoAsX14l9M297+SQXaQ5Z3BedIxZaoQthkDALlV/25A1COELrg9J2MqJNQc8Xe9XQOIkBQWWinUlD/BXwoOTWEy8C8zSZPHZ3getMMNhGTBO+q/O+qiJx3y5cA4MTbw2zSxukfWC87qWwcZ64UUlegIM056vPsdZWFclS9hsROVEa57YUMrehQ1EGxT4Z5j6zIopufGFiAPjZigq/vqgcAqhAKP6yu4/gwO6S9tatBeEjZ8fafvj1pmvvIplZeMr96gHE7xS3pEEQqnB3nd4RY7AF6j9kFixnsytAUO7STPh/M3pLiVQBN89TvWPQ==
--
1.6.3.3
Peter Meier
Nov 19, 2009, 4:50:46 AM11/19/09
to puppe...@googlegroups.com
> ssh_authorized_key was failing on keys in ~/.ssh/authorized_keys that
> lack a comment field - it would generate a Ssh_authorized_key resource
> with the name set to nil, which raises "ArgumentError: Field 'name' is
> required."
doesn't that give a duplicate resource problem if more than one key
> lack a comment field - it would generate a Ssh_authorized_key resource
> with the name set to nil, which raises "ArgumentError: Field 'name' is
> required."
lacks a comment?
cheers pete
Jesse A Wolfe
Nov 19, 2009, 12:56:59 PM11/19/09
to puppe...@googlegroups.com
For one thing, it's already possible to have collisions if the comments are identical.
It seems to me that as long as we aren't trying to actually manage the resource, duplicate names shouldn't be a problem - and it's currently impossible to manage these keys with
ssh_authorized_key.
~Jesse Wolfe
It seems to me that as long as we aren't trying to actually manage the resource, duplicate names shouldn't be a problem - and it's currently impossible to manage these keys with
ssh_authorized_key.
~Jesse Wolfe
--
You received this message because you are subscribed to the Google Groups "Puppet Developers" group.
To post to this group, send email to puppe...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=.
Luke Kanies
Nov 19, 2009, 7:36:52 PM11/19/09
to puppe...@googlegroups.com
Correct - as long as we're not trying to manage them, there's no
duplication concern.
--
You've achieved success in your field when you don't know whether what
you're doing is work or play. -- Warren Beatty
---------------------------------------------------------------------
Luke Kanies | http://reductivelabs.com | http://madstop.com
duplication concern.
You've achieved success in your field when you don't know whether what
you're doing is work or play. -- Warren Beatty
---------------------------------------------------------------------
Luke Kanies | http://reductivelabs.com | http://madstop.com
Luke Kanies
Nov 19, 2009, 7:36:58 PM11/19/09
to puppe...@googlegroups.com
+1
up in the morning and does not stop until you get into the office.
--Robert Frost
> --
>
> You received this message because you are subscribed to the Google
> Groups "Puppet Developers" group.
> To post to this group, send email to puppe...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=
> .
>
>
--
The brain is a wonderful organ. It starts working the moment you get
>
> You received this message because you are subscribed to the Google
> Groups "Puppet Developers" group.
> To post to this group, send email to puppe...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=
> .
>
>
--
up in the morning and does not stop until you get into the office.
--Robert Frost
Peter Meier
Nov 20, 2009, 3:31:14 AM11/20/09
to puppe...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> Correct - as long as we're not trying to manage them, there's no
> duplication concern.
I see. So constraints are evualted when starting to manage a resource,
not when "building" them?
cheers pete
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAksGU80ACgkQbwltcAfKi3+/aACbB4bUQrzK4BoUzBQRHSyb+WAh
vCEAnRzn96pGrfgv5WMQxT8wJf9l1tf9
=AQLD
-----END PGP SIGNATURE-----
Hash: SHA1
> Correct - as long as we're not trying to manage them, there's no
> duplication concern.
not when "building" them?
cheers pete
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAksGU80ACgkQbwltcAfKi3+/aACbB4bUQrzK4BoUzBQRHSyb+WAh
vCEAnRzn96pGrfgv5WMQxT8wJf9l1tf9
=AQLD
-----END PGP SIGNATURE-----
Luke Kanies
Nov 20, 2009, 2:39:54 PM11/20/09
to puppe...@googlegroups.com
On Nov 20, 2009, at 12:31 AM, Peter Meier wrote:
>> Correct - as long as we're not trying to manage them, there's no
>> duplication concern.
>
> I see. So constraints are evualted when starting to manage a resource,
> not when "building" them?
Right. This is one of the big changes 0.25 made - you can make as
>> Correct - as long as we're not trying to manage them, there's no
>> duplication concern.
>
> I see. So constraints are evualted when starting to manage a resource,
> not when "building" them?
many resources as you want, there are only restrictions on adding them
to the catalog.
--
A cult is a religion with no political power. -- Tom Wolfe
Reply all
Reply to author
Forward
0 new messages