From 2c23d4fbbbaece4c162c95efdf1baf088b58f9c0 Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Sat, 10 Oct 2020 11:46:06 +0300
Subject: test(unix_users): verify setting authorized_keys

---
 roles/unix_users/subplot.md   |  3 +++
 roles/unix_users/subplot.py   | 11 ++++++++++-
 roles/unix_users/subplot.yaml |  3 +++
 3 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/roles/unix_users/subplot.md b/roles/unix_users/subplot.md
index 35d53c4..9bd5f6e 100644
--- a/roles/unix_users/subplot.md
+++ b/roles/unix_users/subplot.md
@@ -13,6 +13,7 @@ and I run the playbook
 then the host has user foo
 and the user foo on host has encrypted password foopass
 and the user foo on host has shell /bin/true
+and the user foo on host has authorized_keys containing "ssh-rsa"
 ~~~
 
 ~~~{#foo.yml .file .yaml}
@@ -21,4 +22,6 @@ unix_users:
   comment: Foo Bar
   shell: /bin/true
   password: foopass
+  authorized_keys: |
+    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKVaQfxzzwpwk763IcPBs308TpYYp6+NTOMvYaj3j3ewz8feYQg3lOlKo/5xaPug2ZywG6v6tpn/p0drovT5YAIPJitP7yJAfEzJe/gO7c9uwx0uIpe6cc8bwRG0XFdUVK0EneB6LpIec+3juj4zitGBm0ffIoLDhJ7J0daTzQN62rZaw/2SjSvgbfnu3a2BYRPz1NGiXdvOCbytVSLlUAR6SxNPrFdh/BJnS4umyDaBL/1j2yaw/WlkfZPn5Ni3USZLRcbHnBUUbo64iwBwJabhdpeh0xLGTqDkaeudUgZjlrRHFyCbwJTPtDzJsPLb5HKGGzdXPHP7Lk6PM2CIOz liw@exolobe1
 ~~~
diff --git a/roles/unix_users/subplot.py b/roles/unix_users/subplot.py
index 0735049..7bf921d 100644
--- a/roles/unix_users/subplot.py
+++ b/roles/unix_users/subplot.py
@@ -31,9 +31,18 @@ def host_user_has_shell(ctx, username=None, shell=None):
 def host_user_has_password(ctx, username=None, password=None):
     assert_eq = globals()["assert_eq"]
     qemu = ctx["qemu"]
-    output, exit = qemu.ssh(["sudo", "grep", f"^{username}:"])
+    output, exit = qemu.ssh(["sudo", "grep", f"^{username}:", "/etc/shadow"])
     assert_eq(exit, 0)
     for line in output.decode("UTF8").splitlines():
         if line.startswith(f"{username}:"):
             parts = line.split(":")
             assert_eq(parts[1], password)
+
+
+def host_user_has_authorized_keys_containing(ctx, username=None, substring=None):
+    assert_eq = globals()["assert_eq"]
+    qemu = ctx["qemu"]
+    output, exit = qemu.ssh(["sudo", "cat", f"/home/{username}/.ssh/authorized_keys"])
+    assert_eq(exit, 0)
+    output = output.decode("UTF8")
+    assert substring in output
diff --git a/roles/unix_users/subplot.yaml b/roles/unix_users/subplot.yaml
index c0665aa..10ac86c 100644
--- a/roles/unix_users/subplot.yaml
+++ b/roles/unix_users/subplot.yaml
@@ -9,3 +9,6 @@
 
 - then: the user {username} on host has shell {shell}
   function: host_user_has_shell
+
+- then: the user {username} on host has authorized_keys containing "{substring}"
+  function: host_user_has_authorized_keys_containing
-- 
cgit v1.2.1