From e8b27dc7e011bcaca4a13775687a86d35f5e63d8 Mon Sep 17 00:00:00 2001
From: Doug Knight <doug.knight@karmix.org>
Date: Fri, 31 May 2019 21:07:03 -0800
Subject: [PATCH] redesign test for key retrieval via http

Signed-off-by: Doug Knight <doug.knight@karmix.org>
---
 resources/manage.rb                           |  2 +-
 .../cookbooks/users_test/recipes/default.rb   | 35 +++++++++++++++++++
 .../test_home_dir/test_user_keys_url.json     |  2 +-
 test/integration/default/default_spec.rb      |  6 ++--
 4 files changed, 39 insertions(+), 6 deletions(-)

diff --git a/resources/manage.rb b/resources/manage.rb
index 71004950..94728c68 100644
--- a/resources/manage.rb
+++ b/resources/manage.rb
@@ -91,7 +91,7 @@
       ssh_keys = []
       if u['ssh_keys']
         Array(u['ssh_keys']).each do |key|
-          if key.start_with?('https')
+          if key.start_with?('http')
             ssh_keys += keys_from_url(key)
           else
             ssh_keys << key
diff --git a/test/fixtures/cookbooks/users_test/recipes/default.rb b/test/fixtures/cookbooks/users_test/recipes/default.rb
index a44fd428..b9caf3bc 100644
--- a/test/fixtures/cookbooks/users_test/recipes/default.rb
+++ b/test/fixtures/cookbooks/users_test/recipes/default.rb
@@ -1,3 +1,33 @@
+# Stage a web service that will serve files out of the /_keys directory to
+# help validate that the user_manage resource can retrieve ssh keys via
+# HTTP.
+require 'webrick'
+keyserver_ready = false
+keyserver = WEBrick::HTTPServer.new(
+  DocumentRoot: '/_keys',
+  StartCallback: -> { keyserver_ready = true }
+)
+
+# Populate the /_keys directory with fake ssh keys for the tests.
+directory '/_keys'
+file '/_keys/test_user_keys_url.keys' do
+  content <<~END_OF_SSH_KEYS
+    ssh-rsa FAKE+RSA+KEY+DATA
+    ecdsa-sha2-nistp256 FAKE+ECDSA+KEY+DATA
+  END_OF_SSH_KEYS
+end
+
+# Start the web service and wait for it to begin accepting connections.
+ruby_block 'start key server' do
+  block do
+    Thread.new { keyserver.start }
+    [1..50].each do
+      break if keyserver_ready
+      sleep 0.1
+    end
+  end
+end
+
 user 'mwaddams' do
   manage_home true
 end
@@ -14,3 +44,8 @@
   data_bag 'test_home_dir'
   manage_nfs_home_dirs false
 end
+
+# Shutdown the web service.
+ruby_block 'stop key server' do
+  block { keyserver.shutdown }
+end
diff --git a/test/fixtures/data_bags/test_home_dir/test_user_keys_url.json b/test/fixtures/data_bags/test_home_dir/test_user_keys_url.json
index 60179427..ae0914ab 100644
--- a/test/fixtures/data_bags/test_home_dir/test_user_keys_url.json
+++ b/test/fixtures/data_bags/test_home_dir/test_user_keys_url.json
@@ -2,7 +2,7 @@
   "id": "test_user_keys_from_url",
   "password": "$1$5cE1rI/9$4p0fomh9U4kAI23qUlZVv/",
   "ssh_keys": [
-    "https://github.com/majormoses.keys",
+    "http://localhost/test_user_keys_url.keys",
     "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU\nGPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3\nPbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XA\nt3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/En\nmZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbx\nNQCPO0ZZEa1== chefuser@mylaptop.local"
   ],
   "groups": [ "testgroup", "nfsgroup" ],
diff --git a/test/integration/default/default_spec.rb b/test/integration/default/default_spec.rb
index f1b9d38b..b8688c1d 100644
--- a/test/integration/default/default_spec.rb
+++ b/test/integration/default/default_spec.rb
@@ -22,11 +22,9 @@
   its('shell') { should eq '/bin/bash' }
 end
 
-# NOTE: this test is super brittle and should probably create a specific github
-# user or mock an HTTP server with the keys
 ssh_keys = [
-  'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC4j6wHVxbs1FQXxV4DaG6RyXMgHfxTSB0tb2uA2Z8kNy9mwZ14zvT9kUCyniXwwTcxbGsxXtjR7qOKrhU0dUnyEu0k2dKIbg8lwkI7aILRnc8wmN7mhoLKifCDlcrNRhhtUjZFVd3Ddmvz8vVOOMElnTQUSy9bw8/WWN2LodFba4RN+9DdIG6nW8bjDbfD5+9jQMHDRbmyBh7FAOe1+T4AowjqRiPuwpxEs7YasQJCHgug0LR1vKF7ufPdUMmv7PxL5kWnZbwis58X/vzfPpOP4VMmhBWLhthrVEz7YFWByguHdnABdX3qM1lEHmb/B+trM7H0qd00Fx5Mg2YxrKOv2pxwX03yDWaJpZSk6WOueKOwPgd5BvOrJ6yZLT7KUJ4NgxnpKWJckoXyy5QfG89G1BWsaEXXQbzxLYLszYzi5YUnRxhZs6cljlGkkoU6qkcUyYcfQ2/7Gp2ElHOnIIQE5m5Tl8yCwGeumt9dwVgxRmVVLidu/NGFhjuQ2Th15V1mVGKPe4xibJATPJILzNPKAekAZqTFRlUm7+rTmg4+a8zWRGpkjq2mPF+pNvlqXFMXBMSleV9CWSpjyZqQI0tNCBUd8kE0ZR3Zn7OxXUvcanh5cgYRHiSeK10TKSd7BkzNUponUZTymZmHyeYLBZ8U1i83VJpQxQGOWbItJdD6MQ==',
-  'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCy3cbPekJYHAIa8J1fOr2iIqpx/7pl4giJYAG7HCfsunRRUq3dY1KhVw1BlmMGIDzNwcuNVIfBS5HS/wREqbHMXxbwAjWrMwUofWd09CTuKJZiyTLUC5pSQWKDXZrefH/Fwd7s+YKk1s78b49zkyDcHSnKxjN+5veinzeU+vaUF9duFAJ9OsL7kTDEzOUU0zJdSdUV0hH1lnljnvk8kXHLFl9sKS3iM2LRqW4B6wOc2RbXUnx+jwNaBsq1zd73F2q3Ta7GXdtW/q4oDYl3s72oW4ySL6TZfpLCiv/7txHicZiY1eqc591CON0k/Rh7eR7XsphwkUstoUPQcBuLqQPA529zBigD7A8PBmeHISxL2qirWjR2+PrEGn1b0yu8IHHz9ZgliX83Q4WpjXvJ3REj2jfM8hiFRV3lA/ovjQrmLLV8WUAZ8updcLE5mbhZzIsC4U/HKIJS02zoggHGHZauClwwcdBtIJnJqtP803yKNPO2sDudTpvEi8GZ8n6jSXo/N8nBVId2LZa5YY/g/v5kH0akn+/E3jXhw4CICNW8yICpeJO8dGYMOp3Bs9/cRK8QYomXqgpoFlvkgzT2h4Ie6lyRgNv5QnUyAnW43O5FdBnPk/XZ3LA462VU3uOfr0AQtEJzPccpFC6OCFYWdGwZQA/r1EZQES0yRfJLpx+uZQ==',
+  'ssh-rsa FAKE+RSA+KEY+DATA',
+  'ecdsa-sha2-nistp256 FAKE+ECDSA+KEY+DATA'
 ]
 
 describe file('/home/test_user_keys_from_url/.ssh/authorized_keys') do