diff options
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/unix_users/subplot.md | 3 | ||||
| -rw-r--r-- | roles/unix_users/subplot.py | 11 | ||||
| -rw-r--r-- | roles/unix_users/subplot.yaml | 3 |
3 files changed, 16 insertions, 1 deletions
diff --git a/roles/unix_users/subplot.md b/roles/unix_users/subplot.md index 35d53c4..9bd5f6e 100644 --- a/roles/unix_users/subplot.md +++ b/roles/unix_users/subplot.md @@ -13,6 +13,7 @@ and I run the playbook then the host has user foo and the user foo on host has encrypted password foopass and the user foo on host has shell /bin/true +and the user foo on host has authorized_keys containing "ssh-rsa" ~~~ ~~~{#foo.yml .file .yaml} @@ -21,4 +22,6 @@ unix_users: comment: Foo Bar shell: /bin/true password: foopass + authorized_keys: | + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKVaQfxzzwpwk763IcPBs308TpYYp6+NTOMvYaj3j3ewz8feYQg3lOlKo/5xaPug2ZywG6v6tpn/p0drovT5YAIPJitP7yJAfEzJe/gO7c9uwx0uIpe6cc8bwRG0XFdUVK0EneB6LpIec+3juj4zitGBm0ffIoLDhJ7J0daTzQN62rZaw/2SjSvgbfnu3a2BYRPz1NGiXdvOCbytVSLlUAR6SxNPrFdh/BJnS4umyDaBL/1j2yaw/WlkfZPn5Ni3USZLRcbHnBUUbo64iwBwJabhdpeh0xLGTqDkaeudUgZjlrRHFyCbwJTPtDzJsPLb5HKGGzdXPHP7Lk6PM2CIOz liw@exolobe1 ~~~ diff --git a/roles/unix_users/subplot.py b/roles/unix_users/subplot.py index 0735049..7bf921d 100644 --- a/roles/unix_users/subplot.py +++ b/roles/unix_users/subplot.py @@ -31,9 +31,18 @@ def host_user_has_shell(ctx, username=None, shell=None): def host_user_has_password(ctx, username=None, password=None): assert_eq = globals()["assert_eq"] qemu = ctx["qemu"] - output, exit = qemu.ssh(["sudo", "grep", f"^{username}:"]) + output, exit = qemu.ssh(["sudo", "grep", f"^{username}:", "/etc/shadow"]) assert_eq(exit, 0) for line in output.decode("UTF8").splitlines(): if line.startswith(f"{username}:"): parts = line.split(":") assert_eq(parts[1], password) + + +def host_user_has_authorized_keys_containing(ctx, username=None, substring=None): + assert_eq = globals()["assert_eq"] + qemu = ctx["qemu"] + output, exit = qemu.ssh(["sudo", "cat", f"/home/{username}/.ssh/authorized_keys"]) + assert_eq(exit, 0) + output = output.decode("UTF8") + assert substring in output diff --git a/roles/unix_users/subplot.yaml b/roles/unix_users/subplot.yaml index c0665aa..10ac86c 100644 --- a/roles/unix_users/subplot.yaml +++ b/roles/unix_users/subplot.yaml @@ -9,3 +9,6 @@ - then: the user {username} on host has shell {shell} function: host_user_has_shell + +- then: the user {username} on host has authorized_keys containing "{substring}" + function: host_user_has_authorized_keys_containing |