ansible/test/integration/targets/ios_user/tests/cli/auth.yaml
Nathaniel Case 1db54dd6a1
Fix ios_user auth test ssh key usage (#44170)
* Set PasswordAuthentication=no for ios_user pubkey login

* Set ssh key to 0600 to avoid ssh failure

* Swap PasswordAuthentication for BatchMode
2018-08-15 11:34:36 -04:00

83 lines
2.3 KiB
YAML

---
- block:
- name: Create user with password
ios_user:
name: auth_user
privilege: 15
role: network-operator
state: present
provider: "{{ cli }}"
configured_password: pass123
- name: test login
expect:
command: "ssh auth_user@{{ ansible_ssh_host }} -p {{ ansible_ssh_port|default(22) }} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o PubkeyAuthentication=no show version"
responses:
(?i)password: "pass123"
- name: test login with invalid password (should fail)
expect:
command: "ssh auth_user@{{ ansible_ssh_host }} -p {{ ansible_ssh_port|default(22) }} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o PubkeyAuthentication=no show version"
responses:
(?i)password: "badpass"
ignore_errors: yes
register: results
- name: check that attempt failed
assert:
that:
- results.failed
always:
- name: delete user
ios_user:
name: auth_user
state: absent
provider: "{{ cli }}"
register: result
- name: reset connection
meta: reset_connection
- block:
- name: Ensure ssh key is not world readable
file:
path: "{{ role_path }}/files/test_rsa"
mode: 0600
- name: Create user with sshkey
ios_user:
name: ssh_user
privilege: 15
role: network-operator
state: present
provider: "{{ cli }}"
sshkey: "{{ lookup('file', 'files/test_rsa.pub') }}"
- name: test sshkey login
shell: "ssh ssh_user@{{ ansible_ssh_host }} -p {{ ansible_ssh_port|default(22) }} -o IdentityFile={{ role_path }}/files/test_rsa -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o BatchMode=yes -o PubkeyAuthentication=yes show version"
- name: test login without sshkey (should fail)
expect:
command: "ssh ssh_user@{{ ansible_ssh_host }} -p {{ ansible_ssh_port|default(22) }} -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o PubkeyAuthentication=no show version"
responses:
(?i)password: badpass
ignore_errors: yes
register: results
- name: check that attempt failed
assert:
that:
- results.failed
always:
- name: delete user
ios_user:
name: ssh_user
state: absent
provider: "{{ cli }}"
register: result
- name: reset connection
meta: reset_connection