Merge branch 'hotfix/option_lists'

markolson · Jun 6, 2016 · 4a612cc · 4a612cc
2 parents ebdf5c2 + 0d326f8
commit 4a612cc
Show file tree

Hide file tree

Showing 6 changed files with 34 additions and 43 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,4 +1,8 @@
 # CHANGELOG for ssh
+## 0.10.12
+* Updated authorized_keys to allow for commas, quotes, and spaces inside the options.
+* fixed a bug that was adding a single space to the end of entries.
+
 ## 0.10.10
 * Fixed default key type for authorized keys
 * Added some basic validation to ssh keys in authorized_keys provider

diff --git a/libraries/ssh_config_helpers.rb b/libraries/ssh_config_helpers.rb
@@ -12,7 +12,7 @@ def default?(path)
         File.expand_path(path).eql? File.expand_path(node['ssh']['config_path'])
       end
 
-      def parse_file(path)
+      def parse_file(path) # rubocop:disable Style/CyclomaticComplexity
         entries = {}
         return entries unless ::File.exist?(path)
         name = nil

diff --git a/metadata.rb b/metadata.rb
@@ -4,7 +4,7 @@
 license          'Apache 2.0'
 description      'LWRPs for managing SSH known_hosts and config files'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version          '0.10.10'
+version          '0.10.12'
 
 supports 'ubuntu'
 supports 'rhel'
diff --git a/providers/authorized_keys.rb b/providers/authorized_keys.rb
@@ -52,19 +52,14 @@ def update_file
 
 def format_lines
   @lines.collect do |line|
-    joined = ''
-    if line[:options]
-      joined << line[:options].collect do |key, value|
-        if value.nil? || value.empty?
-          key.to_s
-        elsif value.include?(' ') && !value.include?('"')
-          "#{key}=\"#{value}\""
-        else
-          "#{key}=#{value}"
-        end
+    if line[:options].nil?
+      joined = ''
+    else
+      joined = line[:options].collect do |key, value|
+        (value.nil? || value.empty?) ? key.to_s : "#{key}=\"#{value}\""
       end.join(',')
-      joined << ' '
     end
+    joined << ' ' unless joined.empty?
     joined << line[:type] << ' ' << line[:key]
     line[:comment] && (joined << ' ' << line[:comment])
     joined
@@ -92,45 +87,31 @@ def load_current_resource
 def parse(current)
   current.reduce([]) do |memo, row|
     line = {}
-    fields = extract_fields(row)
+    # split on whitespace that is not inside of quotes
+    fields = row.split(/(?!\B"[^"]*)\s(?![^"]*"\B)/)
     line[:options] = parse_options(fields.shift) unless types.include? fields[0]
     validate_type(fields[0], @path)
     line[:type] = fields[0]
     line[:key] = fields[1]
-    line[:comment] = fields[2..-1].join(' ') if row[2]
+    line[:comment] = fields[2..-1].join(' ') if fields[2]
     memo << line
   end
 end
 
-def extract_fields(row)
-  return :comment => row if row.empty? || row[0] == '#'
-
-  quotes = 0
-  fields = []
-  row.scan(/\S+/) do |match|
-    if quotes.even? || quotes == 0
-      fields << match
-    else
-      fields[-1] << " #{match}"
-    end
-    quotes += match.count('"')
-  end
-  fields
-end
-
 def parse_options(text)
   options = {}
-  split = text.split(',')
+  # split on commas that are not inside quotes
+  split = text.split(/(?!\B"[^"]*),(?![^"]*"\B)/)
   split.each do |group|
     validate_options(group, @path)
     group = group.split('=')
-    options[group[0]] = group[1]
+    options[group[0]] = group[1].nil? ? nil : group[1].gsub(/\A"|"\Z/, '')
   end
   options
 end
 
 def types
-  %w(ssh-rsa ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-ed25519 ssh-dss)
+  @types ||= %w(ssh-rsa ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-ed25519 ssh-dss)
 end
 
 def validate_type(type, source)
@@ -142,16 +123,22 @@ def validate_options(option, source)
   if option.is_a? Hash
     option.each { |o| validate_options o, source }
     return
-  elsif option.is_a? String
-    option = option.split('=')
   end
-
-  binary_options = %w(cert-authority no-agent-forwarding no-port-forwarding no-pty no-user-rc no-X11-forwarding)
-  other_options = %w(command environment from permitopen principals tunnel)
+  option = option.split('=') if option.is_a? String
 
   if option[1].nil? || option[1].empty?
-    fail "Invalid Option in #{source}: #{option}" unless binary_options.include? option[0].to_s
+    validate_binary_option option[0]
   else
-    fail "Invalid Option in #{source}: #{option}" unless other_options.include? option[0].to_s
+    validate_valued_option option[0]
   end
 end
+
+def validate_binary_option(option)
+  @binary_options ||= %w(cert-authority no-agent-forwarding no-port-forwarding no-pty no-user-rc no-X11-forwarding)
+  fail "Invalid Option in #{source}: #{option}" unless @binary_options.include? option.to_s
+end
+
+def validate_valued_option(option)
+  @other_options ||= %w(command environment from permitopen principals tunnel)
+  fail "Invalid Option in #{source}: #{option}" unless @other_options.include? option.to_s
+end
diff --git a/test/cookbooks/ssh_test/recipes/authorized_keys.rb b/test/cookbooks/ssh_test/recipes/authorized_keys.rb
@@ -8,7 +8,7 @@
 ssh_authorized_keys 'first' do
   user 'test-user'
   type 'ssh-rsa'
-  options 'no-agent-forwarding' => nil, 'no-pty' => nil, :command => 'ls /root'
+  options 'no-agent-forwarding' => nil, 'no-pty' => nil, :command => 'ls /root', :from => '10.10.1.2,10.4.2.1'
   comment 'I left a comment'
   key 'AAAAB3NzaC1yc2EAAAADAQABAAACAQCeCRfSzGWGNsisAZpuFIS0GmHJfgms3g8okwL9h9AvoQPwgyhyri/Wlcz3eyZMvuR4/vwh9FgWpRwLxot7QSGry58GYR9tHkDT9o3m0Hlx28E+K2gbNK5SyFROx5lSfOZkCSyPjBEBmTAadpVYZBJj789oeAT3dDvsxMAqokCIjV5Ey9xBIWKapbsDiTdOHmtDhlrFZfBc75I6tTnW9WGVG6gCQtzyC/tJ2DmWJhtEz9UjxhAOUzazHM2CJ2IlF3SHm+nz7xjTWmGVRzpiellmN+2StmibuFkoZP8L//9v06gDKqp2lNSsi2SJujAsEiKAGtQu6Aa4hdxRFt87m6WSN9lusAazZvnX5s93lAmUAG+wWPnAsujkRSDwv2Ju+GdQFW3ncML7aXFOhIMViG6B98X2h9f3W6XdwQseh10QfvFZ3fAmcAvWvlEM0pGXdfKeFY0LfD7UFxTvzEfqPKnbV6SKlAIMAQ3CX+Q1sZ4nfqopZVJwHDHSL/KQeVKePdyFbZcFVE4L/zruS/fLDqiDMq9yZqMu3WkP5bp4crzguaVwHmrTG4k1XOH5jkMrUj7javMLQHWu56bj0heynhXw7gzXnC/DSgY58/1BPEy7ejsGr0RX2LBRulh84UkV0cjLs8MZyBrhS4dYwyBmtcYlh+OVVVwFimg4ayR7UlkVMw==' # rubocop:disable all
 end

diff --git a/test/integration/authorized_keys/serverspec/authorized_keys_spec.rb b/test/integration/authorized_keys/serverspec/authorized_keys_spec.rb
@@ -3,7 +3,7 @@
 describe user('test-user') do
   it { should exist }
   # rubocop:disable all
-  it { should have_authorized_key 'no-agent-forwarding,no-pty,command="ls /root" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCeCRfSzGWGNsisAZpuFIS0GmHJfgms3g8okwL9h9AvoQPwgyhyri/Wlcz3eyZMvuR4/vwh9FgWpRwLxot7QSGry58GYR9tHkDT9o3m0Hlx28E+K2gbNK5SyFROx5lSfOZkCSyPjBEBmTAadpVYZBJj789oeAT3dDvsxMAqokCIjV5Ey9xBIWKapbsDiTdOHmtDhlrFZfBc75I6tTnW9WGVG6gCQtzyC/tJ2DmWJhtEz9UjxhAOUzazHM2CJ2IlF3SHm+nz7xjTWmGVRzpiellmN+2StmibuFkoZP8L//9v06gDKqp2lNSsi2SJujAsEiKAGtQu6Aa4hdxRFt87m6WSN9lusAazZvnX5s93lAmUAG+wWPnAsujkRSDwv2Ju+GdQFW3ncML7aXFOhIMViG6B98X2h9f3W6XdwQseh10QfvFZ3fAmcAvWvlEM0pGXdfKeFY0LfD7UFxTvzEfqPKnbV6SKlAIMAQ3CX+Q1sZ4nfqopZVJwHDHSL/KQeVKePdyFbZcFVE4L/zruS/fLDqiDMq9yZqMu3WkP5bp4crzguaVwHmrTG4k1XOH5jkMrUj7javMLQHWu56bj0heynhXw7gzXnC/DSgY58/1BPEy7ejsGr0RX2LBRulh84UkV0cjLs8MZyBrhS4dYwyBmtcYlh+OVVVwFimg4ayR7UlkVMw== I left a comment' }
+  it { should have_authorized_key 'no-agent-forwarding,no-pty,command="ls /root",from="10.10.1.2,10.4.2.1" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCeCRfSzGWGNsisAZpuFIS0GmHJfgms3g8okwL9h9AvoQPwgyhyri/Wlcz3eyZMvuR4/vwh9FgWpRwLxot7QSGry58GYR9tHkDT9o3m0Hlx28E+K2gbNK5SyFROx5lSfOZkCSyPjBEBmTAadpVYZBJj789oeAT3dDvsxMAqokCIjV5Ey9xBIWKapbsDiTdOHmtDhlrFZfBc75I6tTnW9WGVG6gCQtzyC/tJ2DmWJhtEz9UjxhAOUzazHM2CJ2IlF3SHm+nz7xjTWmGVRzpiellmN+2StmibuFkoZP8L//9v06gDKqp2lNSsi2SJujAsEiKAGtQu6Aa4hdxRFt87m6WSN9lusAazZvnX5s93lAmUAG+wWPnAsujkRSDwv2Ju+GdQFW3ncML7aXFOhIMViG6B98X2h9f3W6XdwQseh10QfvFZ3fAmcAvWvlEM0pGXdfKeFY0LfD7UFxTvzEfqPKnbV6SKlAIMAQ3CX+Q1sZ4nfqopZVJwHDHSL/KQeVKePdyFbZcFVE4L/zruS/fLDqiDMq9yZqMu3WkP5bp4crzguaVwHmrTG4k1XOH5jkMrUj7javMLQHWu56bj0heynhXw7gzXnC/DSgY58/1BPEy7ejsGr0RX2LBRulh84UkV0cjLs8MZyBrhS4dYwyBmtcYlh+OVVVwFimg4ayR7UlkVMw== I left a comment' }
   it { should have_authorized_key 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDzB76TOkrDRaevO3I1qzosRXliAuYdjcMejHwwL5v2hRqTrBePlMW6nqz8/JgLTzHn/KxzkrKLb0GlpPDrJ1KByWGYZsfydUfv7n1+5ogoA7UW7dUc4DoQtGPuy4Xe0enr88VfALlT11aWKAw8K/I39zWiPvJNX3Mks0f3/3smjLaQEnDWWWiawp5YgzJmyzsqZFZrrFCUgv7AP1EjZofWUcRvYEEjMhKsK+G2H2VCN7MpH0cJ97E0bKNQjHBrwGyMLQZUOndGakCuOuTLpikOXSpUUz5LwqCiRIj6iUtWevwk+AYLZwxPYQpCxFceVFDhPDaJQ85vweSq+HEg7hRujq9jO7vM9LIgjqg7fwQ2Ql6zO9NjXv2UalzBi0H2AbKT1V/PpNufPgolyb/dK7Jqpqu7Ytggctl2fGyLe8yVaC9gD+/BBeCl82LZI142kdXmf4WYcZgOgcRgGJrbSZjeMzX6zZpiD1AG3T7xyEn2twmC/TqptmQEAG2BBzGum+S6pU0rnOt2UJngRnviK2vptAWtRlSlsopySOXv+VbqUXhRjHRT/+2nq5Q4BWcjsZaaoo1uWh2glATRnGK995A1zJ3gWrBA+IaC6stKzjSG0KPwLjzHfPKbWjDX76D/qdo0qBN5hBiHDRfmiNqpNYS9NHACDZNVPBS5N1d5BUkyKw==' }
   it { should have_authorized_key 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5ulpHLJfGxi/sMjqOSWVKbW4yeNzWF2VAZYM/QYqH/9LUuEwBAgxFB96dxDn+AY9UxM2lmiYajsHHF6qqnRPuK2SVHKZ8SSR/yEWL6AtkeX5z0QgzCqXLAgMUbzRy6TRb/SM8tqQ+ybVGiVaSK+UGT5saFY3WLmhq2wJva5TzRhxtL+vnQMNUDaFylTZDqw9Y0GFHkqEvcU2L0bcLlhEr0NVUFwz0M2yW0mx+Y8wwwUxxFhbTsjxV2c6Fa/bmqSN1I6z5K0hYQRyPlNpjEKlKT57TTHrlSCsf+Id2DOC1EbEVcCtIT6tIlahys9qayYM/36nbD0ru0NgDY2NliWlTk+F7L9gBncPdCib9euz3JqyftnNGT9OzpK8A9U4nKDVdaQKVN6Eat4ViEmwBnO8CeaT2XDKVLOJcRnaZu6pYFvbZcyBC0DPThksvl1pTlnBr7aypW/15lkXY1vNPa6mvyfFjO5SHDCBvMRSaCB4NqGreaVaomvnvMv+wwn+PCNmvTSv2PfZzjWHbp5wip7x9bNmF8s1w2knOR3appjEDnJm6YR4KuXMRxr4zsAxVvC5uOhs4JVh91Ujtec/aVKXBQuggT8tX00M6rSamMbvNkmlA6WIVrwmYvCRIo8GqKKxU8lJJcdt/y/qa4jIdd5Z6mWQmhy8Jw8La7J2GWvX3Ow==' }
   # rubocop:enable all