expand JcloudsLoginLiveTest and one fix (all passing) there was a bug where if you supply a public key and a password it thought it was using a private key, picked up by one more Live test; also expanded and commented the yaml (still for manual testing, and still needed an AWS image with a password)
Project: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/commit/bdf6b1e3 Tree: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/tree/bdf6b1e3 Diff: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/diff/bdf6b1e3 Branch: refs/heads/master Commit: bdf6b1e301e601bfdbfa92a36cb83ceaa4bf1ae8 Parents: 315ba07 Author: Alex Heneveld <[email protected]> Authored: Fri Jan 23 13:10:47 2015 +0000 Committer: Alex Heneveld <[email protected]> Committed: Fri Jan 23 13:12:04 2015 +0000 ---------------------------------------------------------------------- .../location/jclouds/JcloudsLocation.java | 2 +- .../jclouds/AbstractJcloudsLiveTest.java | 2 + .../location/jclouds/JcloudsLoginLiveTest.java | 65 +++++++++++++------ ...location-test-various-login-credentials.yaml | 67 ++++++++++++++++++++ .../jclouds/various-login-credentials.yaml | 52 --------------- 5 files changed, 116 insertions(+), 72 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/bdf6b1e3/locations/jclouds/src/main/java/brooklyn/location/jclouds/JcloudsLocation.java ---------------------------------------------------------------------- diff --git a/locations/jclouds/src/main/java/brooklyn/location/jclouds/JcloudsLocation.java b/locations/jclouds/src/main/java/brooklyn/location/jclouds/JcloudsLocation.java index 8a4dc32..2547422 100644 --- a/locations/jclouds/src/main/java/brooklyn/location/jclouds/JcloudsLocation.java +++ b/locations/jclouds/src/main/java/brooklyn/location/jclouds/JcloudsLocation.java @@ -1430,7 +1430,7 @@ public class JcloudsLocation extends AbstractCloudMachineProvisioningLocation im if (Strings.isNonBlank(pubKey)) { adminBuilder.authorizeAdminPublicKey(true).adminPublicKey(pubKey); - useKey = true; + if (privKey!=null) useKey = true; } else { adminBuilder.authorizeAdminPublicKey(false).adminPublicKey(Identifiers.makeRandomId(12)+"-ignored"); } http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/bdf6b1e3/locations/jclouds/src/test/java/brooklyn/location/jclouds/AbstractJcloudsLiveTest.java ---------------------------------------------------------------------- diff --git a/locations/jclouds/src/test/java/brooklyn/location/jclouds/AbstractJcloudsLiveTest.java b/locations/jclouds/src/test/java/brooklyn/location/jclouds/AbstractJcloudsLiveTest.java index 221df5f..eb65251 100644 --- a/locations/jclouds/src/test/java/brooklyn/location/jclouds/AbstractJcloudsLiveTest.java +++ b/locations/jclouds/src/test/java/brooklyn/location/jclouds/AbstractJcloudsLiveTest.java @@ -116,6 +116,8 @@ public class AbstractJcloudsLiveTest { } protected void stripBrooklynProperties(BrooklynProperties props) { + // remove all location properties except for identity and credential + // (so key, scripts, etc settings don't interfere with tests) for (String key : ImmutableSet.copyOf(props.asMapWithStringKeys().keySet())) { if (key.startsWith(BROOKLYN_PROPERTIES_PREFIX) && !(key.endsWith("identity") || key.endsWith("credential"))) { props.remove(key); http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/bdf6b1e3/locations/jclouds/src/test/java/brooklyn/location/jclouds/JcloudsLoginLiveTest.java ---------------------------------------------------------------------- diff --git a/locations/jclouds/src/test/java/brooklyn/location/jclouds/JcloudsLoginLiveTest.java b/locations/jclouds/src/test/java/brooklyn/location/jclouds/JcloudsLoginLiveTest.java index 3cc3efe..ef0862f 100644 --- a/locations/jclouds/src/test/java/brooklyn/location/jclouds/JcloudsLoginLiveTest.java +++ b/locations/jclouds/src/test/java/brooklyn/location/jclouds/JcloudsLoginLiveTest.java @@ -25,10 +25,12 @@ import java.util.Map; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.testng.Assert; import org.testng.annotations.Test; import brooklyn.location.LocationSpec; import brooklyn.location.basic.SshMachineLocation; +import brooklyn.util.collections.MutableList; import brooklyn.util.collections.MutableMap; import brooklyn.util.os.Os; import brooklyn.util.stream.Streams; @@ -51,6 +53,10 @@ public class JcloudsLoginLiveTest extends AbstractJcloudsLiveTest { // Image: {id=us-east-1/ami-d0f89fb9, providerId=ami-d0f89fb9, name=ubuntu/images/ebs/ubuntu-precise-12.04-amd64-server-20130411.1, location={scope=REGION, id=us-east-1, description=us-east-1, parent=aws-ec2, iso3166Codes=[US-VA]}, os={family=ubuntu, arch=paravirtual, version=12.04, description=099720109477/ubuntu/images/ebs/ubuntu-precise-12.04-amd64-server-20130411.1, is64Bit=true}, description=099720109477/ubuntu/images/ebs/ubuntu-precise-12.04-amd64-server-20130411.1, version=20130411.1, status=AVAILABLE[available], loginUser=ubuntu, userMetadata={owner=099720109477, rootDeviceType=ebs, virtualizationType=paravirtual, hypervisor=xen}} public static final String AWS_EC2_UBUNTU_IMAGE_ID = "us-east-1/ami-d0f89fb9"; + + // Image: {id=us-east-1/ami-5e008437, providerId=ami-5e008437, name=RightImage_Ubuntu_10.04_x64_v5.8.8.3, location={scope=REGION, id=us-east-1, description=us-east-1, parent=aws-ec2, iso3166Codes=[US-VA]}, os={family=ubuntu, arch=paravirtual, version=10.04, description=rightscale-us-east/RightImage_Ubuntu_10.04_x64_v5.8.8.3.manifest.xml, is64Bit=true}, description=rightscale-us-east/RightImage_Ubuntu_10.04_x64_v5.8.8.3.manifest.xml, version=5.8.8.3, status=AVAILABLE[available], loginUser=root, userMetadata={owner=411009282317, rootDeviceType=instance-store, virtualizationType=paravirtual, hypervisor=xen}} + // Uses "root" as loginUser + public static final String AWS_EC2_UBUNTU_10_IMAGE_ID = "us-east-1/ami-5e008437"; public static final String RACKSPACE_LOCATION_SPEC = "jclouds:" + RACKSPACE_PROVIDER; @@ -188,7 +194,7 @@ public class JcloudsLoginLiveTest extends AbstractJcloudsLiveTest { } @Test(groups = {"Live"}) - protected void testSpecifyingPasswordWhenDefaultSshKeysExistPrefersKeys() throws Exception { + protected void testSpecifyingPasswordIgnoresDefaultSshKeys() throws Exception { brooklynProperties.put(BROOKLYN_PROPERTIES_PREFIX+JcloudsLocationConfig.USER.getName(), "myname"); brooklynProperties.put(BROOKLYN_PROPERTIES_PREFIX+JcloudsLocationConfig.PASSWORD.getName(), "mypassword"); jcloudsLocation = (JcloudsLocation) managementContext.getLocationRegistry().resolve(RACKSPACE_LOCATION_SPEC); @@ -199,6 +205,29 @@ public class JcloudsLoginLiveTest extends AbstractJcloudsLiveTest { assertSshable(ImmutableMap.builder() .put("address", machine.getAddress()) .put("user", "myname") + .put(SshMachineLocation.PASSWORD, "mypassword") + .build()); + + assertNotSshable(ImmutableMap.builder() + .put("address", machine.getAddress()) + .put("user", "myname") + .put(SshMachineLocation.PRIVATE_KEY_FILE, Os.tidyPath("~/.ssh/id_rsa")) + .build()); + } + + @Test(groups = {"Live"}) + protected void testSpecifyingPasswordWithPublicKeyAllowsKeyAccess() throws Exception { + brooklynProperties.put(BROOKLYN_PROPERTIES_PREFIX+JcloudsLocationConfig.USER.getName(), "myname"); + brooklynProperties.put(BROOKLYN_PROPERTIES_PREFIX+JcloudsLocationConfig.PASSWORD.getName(), "mypassword"); + brooklynProperties.put(BROOKLYN_PROPERTIES_PREFIX+JcloudsLocationConfig.PUBLIC_KEY_FILE.getName(), "~/.ssh/id_rsa.pub"); + jcloudsLocation = (JcloudsLocation) managementContext.getLocationRegistry().resolve(RACKSPACE_LOCATION_SPEC); + + machine = createRackspaceMachine(ImmutableMap.of("imageNameRegex", RACKSPACE_DEBIAN_IMAGE_NAME_REGEX)); + assertSshable(machine); + + assertSshable(ImmutableMap.builder() + .put("address", machine.getAddress()) + .put("user", "myname") .put(SshMachineLocation.PRIVATE_KEY_FILE, Os.tidyPath("~/.ssh/id_rsa")) .build()); @@ -234,16 +263,12 @@ public class JcloudsLoginLiveTest extends AbstractJcloudsLiveTest { @Test(groups = {"Live"}) protected void testAwsEc2SpecifyingRootUser() throws Exception { - // Image: {id=us-east-1/ami-5e008437, providerId=ami-5e008437, name=RightImage_Ubuntu_10.04_x64_v5.8.8.3, location={scope=REGION, id=us-east-1, description=us-east-1, parent=aws-ec2, iso3166Codes=[US-VA]}, os={family=ubuntu, arch=paravirtual, version=10.04, description=rightscale-us-east/RightImage_Ubuntu_10.04_x64_v5.8.8.3.manifest.xml, is64Bit=true}, description=rightscale-us-east/RightImage_Ubuntu_10.04_x64_v5.8.8.3.manifest.xml, version=5.8.8.3, status=AVAILABLE[available], loginUser=root, userMetadata={owner=411009282317, rootDeviceType=instance-store, virtualizationType=paravirtual, hypervisor=xen}} - // Uses "root" as loginUser - String imageId = "us-east-1/ami-5e008437"; - brooklynProperties.put(BROOKLYN_PROPERTIES_PREFIX+JcloudsLocationConfig.USER.getName(), "root"); brooklynProperties.put(BROOKLYN_PROPERTIES_PREFIX+JcloudsLocationConfig.PRIVATE_KEY_FILE.getName(), "~/.ssh/id_rsa"); brooklynProperties.put(BROOKLYN_PROPERTIES_PREFIX+JcloudsLocationConfig.PUBLIC_KEY_FILE.getName(), "~/.ssh/id_rsa.pub"); jcloudsLocation = (JcloudsLocation) managementContext.getLocationRegistry().resolve(AWS_EC2_LOCATION_SPEC); - machine = createEc2Machine(ImmutableMap.<String,Object>of("imageId", imageId)); + machine = createEc2Machine(ImmutableMap.<String,Object>of("imageId", AWS_EC2_UBUNTU_10_IMAGE_ID)); assertSshable(machine); assertSshable(ImmutableMap.builder() @@ -255,16 +280,12 @@ public class JcloudsLoginLiveTest extends AbstractJcloudsLiveTest { @Test(groups = {"Live"}) protected void testAwsEc2WhenBlankUserSoUsesRootLoginUser() throws Exception { - // Image: {id=us-east-1/ami-5e008437, providerId=ami-5e008437, name=RightImage_Ubuntu_10.04_x64_v5.8.8.3, location={scope=REGION, id=us-east-1, description=us-east-1, parent=aws-ec2, iso3166Codes=[US-VA]}, os={family=ubuntu, arch=paravirtual, version=10.04, description=rightscale-us-east/RightImage_Ubuntu_10.04_x64_v5.8.8.3.manifest.xml, is64Bit=true}, description=rightscale-us-east/RightImage_Ubuntu_10.04_x64_v5.8.8.3.manifest.xml, version=5.8.8.3, status=AVAILABLE[available], loginUser=root, userMetadata={owner=411009282317, rootDeviceType=instance-store, virtualizationType=paravirtual, hypervisor=xen}} - // Uses "root" as loginUser - String imageId = "us-east-1/ami-5e008437"; - brooklynProperties.put(BROOKLYN_PROPERTIES_PREFIX+JcloudsLocationConfig.USER.getName(), ""); brooklynProperties.put(BROOKLYN_PROPERTIES_PREFIX+JcloudsLocationConfig.PRIVATE_KEY_FILE.getName(), "~/.ssh/id_rsa"); brooklynProperties.put(BROOKLYN_PROPERTIES_PREFIX+JcloudsLocationConfig.PUBLIC_KEY_FILE.getName(), "~/.ssh/id_rsa.pub"); jcloudsLocation = (JcloudsLocation) managementContext.getLocationRegistry().resolve(AWS_EC2_LOCATION_SPEC); - machine = createEc2Machine(ImmutableMap.<String,Object>of("imageId", imageId)); + machine = createEc2Machine(ImmutableMap.<String,Object>of("imageId", AWS_EC2_UBUNTU_10_IMAGE_ID)); assertSshable(machine); assertSshable(ImmutableMap.builder() @@ -278,16 +299,12 @@ public class JcloudsLoginLiveTest extends AbstractJcloudsLiveTest { // That was very bad for if someone is running brooklyn on a new AWS VM, and just installs brooklyn+runs as the default ec2-user. @Test(groups = {"Live"}) protected void testAwsEc2SpecifyingSpecialUser() throws Exception { - // Image: {id=us-east-1/ami-5e008437, providerId=ami-5e008437, name=RightImage_Ubuntu_10.04_x64_v5.8.8.3, location={scope=REGION, id=us-east-1, description=us-east-1, parent=aws-ec2, iso3166Codes=[US-VA]}, os={family=ubuntu, arch=paravirtual, version=10.04, description=rightscale-us-east/RightImage_Ubuntu_10.04_x64_v5.8.8.3.manifest.xml, is64Bit=true}, description=rightscale-us-east/RightImage_Ubuntu_10.04_x64_v5.8.8.3.manifest.xml, version=5.8.8.3, status=AVAILABLE[available], loginUser=root, userMetadata={owner=411009282317, rootDeviceType=instance-store, virtualizationType=paravirtual, hypervisor=xen}} - // Uses "root" as loginUser - String imageId = "us-east-1/ami-5e008437"; - brooklynProperties.put(BROOKLYN_PROPERTIES_PREFIX+JcloudsLocationConfig.USER.getName(), "ec2-user"); brooklynProperties.put(BROOKLYN_PROPERTIES_PREFIX+JcloudsLocationConfig.PRIVATE_KEY_FILE.getName(), "~/.ssh/id_rsa"); brooklynProperties.put(BROOKLYN_PROPERTIES_PREFIX+JcloudsLocationConfig.PUBLIC_KEY_FILE.getName(), "~/.ssh/id_rsa.pub"); jcloudsLocation = (JcloudsLocation) managementContext.getLocationRegistry().resolve(AWS_EC2_LOCATION_SPEC); - machine = createEc2Machine(ImmutableMap.<String,Object>of("imageId", imageId)); + machine = createEc2Machine(ImmutableMap.<String,Object>of("imageId", AWS_EC2_UBUNTU_10_IMAGE_ID)); assertSshable(machine); assertSshable(ImmutableMap.builder() @@ -319,12 +336,22 @@ public class JcloudsLoginLiveTest extends AbstractJcloudsLiveTest { } protected void assertSshable(Map<?,?> machineConfig) { - SshMachineLocation machineUsingPassword = managementContext.getLocationManager().createLocation(LocationSpec.create(SshMachineLocation.class) + SshMachineLocation machineWithThatConfig = managementContext.getLocationManager().createLocation(LocationSpec.create(SshMachineLocation.class) .configure(machineConfig)); try { - assertSshable(machineUsingPassword); + assertSshable(machineWithThatConfig); } finally { - Streams.closeQuietly(machineUsingPassword); + Streams.closeQuietly(machineWithThatConfig); + } + } + + protected void assertNotSshable(Map<?,?> machineConfig) { + try { + assertSshable(machineConfig); + Assert.fail("ssh should not have succeeded "+machineConfig); + } catch (Exception e) { + // expected + LOG.debug("Exception as expected when testing sshable "+machineConfig); } } http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/bdf6b1e3/locations/jclouds/src/test/resources/brooklyn/location/jclouds/jclouds-location-test-various-login-credentials.yaml ---------------------------------------------------------------------- diff --git a/locations/jclouds/src/test/resources/brooklyn/location/jclouds/jclouds-location-test-various-login-credentials.yaml b/locations/jclouds/src/test/resources/brooklyn/location/jclouds/jclouds-location-test-various-login-credentials.yaml new file mode 100644 index 0000000..9230c4e --- /dev/null +++ b/locations/jclouds/src/test/resources/brooklyn/location/jclouds/jclouds-location-test-various-login-credentials.yaml @@ -0,0 +1,67 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +name: various-login-credentials-test + +# not live tested, but useful for manual tests +# assumes the keys listed here exist; +# some children should pass, some should fail... + +services: + +- type: brooklyn.entity.basic.EmptySoftwareProcess + name: GOOD-default-should-use-id-rsa-or-create + location: + jclouds:aws-ec2 + +# passphrases +- type: brooklyn.entity.basic.EmptySoftwareProcess + name: GOOD-key-w-passphrase-supplied + location: + jclouds:aws-ec2: + privateKeyFile: ~/.ssh/passphrase-id_rsa + privateKeyPassphrase: passphrase +- type: brooklyn.entity.basic.EmptySoftwareProcess + name: FAIL-missing-passphrase + location: + jclouds:aws-ec2: + privateKeyFile: ~/.ssh/passphrase-id_rsa + +# creating a new key +- type: brooklyn.entity.basic.EmptySoftwareProcess + name: GOOD-no-key-create-key + location: + jclouds:aws-ec2: + privateKeyFile: "" + +# passwords - TODO need an image which doesn't have password-ssh disabled by default! +- type: brooklyn.entity.basic.EmptySoftwareProcess + # depends if image allows password access + name: MAYBE-explicit-password + location: + jclouds:aws-ec2: + password: foo +- type: brooklyn.entity.basic.EmptySoftwareProcess + # depends if image allows password access + name: MAYBE-explicit-password-used-and-public-key-authed + location: + jclouds:aws-ec2 + password: foo + privateKeyFile: "" + publicKeyFile: "~/.ssh/id_rsa.pub" http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/bdf6b1e3/locations/jclouds/src/test/resources/brooklyn/location/jclouds/various-login-credentials.yaml ---------------------------------------------------------------------- diff --git a/locations/jclouds/src/test/resources/brooklyn/location/jclouds/various-login-credentials.yaml b/locations/jclouds/src/test/resources/brooklyn/location/jclouds/various-login-credentials.yaml deleted file mode 100644 index 1cfe09e..0000000 --- a/locations/jclouds/src/test/resources/brooklyn/location/jclouds/various-login-credentials.yaml +++ /dev/null @@ -1,52 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -name: various-login-credentials-test - -# not live tested, but useful for manual tests -# assumes the keys listed here exist; -# some children should pass, some should fail... - -services: -- type: brooklyn.entity.basic.EmptySoftwareProcess - name: FAIL-missing-passphrase - location: - jclouds:aws-ec2: - privateKeyFile: ~/.ssh/passphrase-id_rsa -- type: brooklyn.entity.basic.EmptySoftwareProcess - name: GOOD-key-w-passphrase-supplied - location: - jclouds:aws-ec2: - privateKeyFile: ~/.ssh/passphrase-id_rsa - privateKeyPassphrase: passphrase -- type: brooklyn.entity.basic.EmptySoftwareProcess - name: GOOD-no-key-create-key - location: - jclouds:aws-ec2: - privateKeyFile: "" -- type: brooklyn.entity.basic.EmptySoftwareProcess - # depends if image allows password access - name: MAYBE-explicit-password - location: - jclouds:aws-ec2: - password: foo -- type: brooklyn.entity.basic.EmptySoftwareProcess - name: GOOD-default-should-use-id-rsa-or-create - location: - jclouds:aws-ec2
