terraform/internal/communicator/ssh/provisioner_test.go

package ssh

import (
	"testing"

	"github.com/zclconf/go-cty/cty"
)

func TestProvisioner_connInfo(t *testing.T) {
	v := cty.ObjectVal(map[string]cty.Value{
		"type":         cty.StringVal("ssh"),
		"user":         cty.StringVal("root"),
		"password":     cty.StringVal("supersecret"),
		"private_key":  cty.StringVal("someprivatekeycontents"),
		"certificate":  cty.StringVal("somecertificate"),
		"host":         cty.StringVal("127.0.0.1"),
		"port":         cty.StringVal("22"),
		"timeout":      cty.StringVal("30s"),
		"bastion_host": cty.StringVal("127.0.1.1"),
		"bastion_port": cty.NumberIntVal(20022),
	})

	conf, err := parseConnectionInfo(v)
	if err != nil {
		t.Fatalf("err: %v", err)
	}

	if conf.User != "root" {
		t.Fatalf("bad: %v", conf)
	}
	if conf.Password != "supersecret" {
		t.Fatalf("bad: %v", conf)
	}
	if conf.PrivateKey != "someprivatekeycontents" {
		t.Fatalf("bad: %v", conf)
	}
	if conf.Certificate != "somecertificate" {
		t.Fatalf("bad: %v", conf)
	}
	if conf.Host != "127.0.0.1" {
		t.Fatalf("bad: %v", conf)
	}
	if conf.Port != 22 {
		t.Fatalf("bad: %v", conf)
	}
	if conf.Timeout != "30s" {
		t.Fatalf("bad: %v", conf)
	}
	if conf.ScriptPath != DefaultUnixScriptPath {
		t.Fatalf("bad: %v", conf)
	}
	if conf.TargetPlatform != TargetPlatformUnix {
		t.Fatalf("bad: %v", conf)
	}
	if conf.BastionHost != "127.0.1.1" {
		t.Fatalf("bad: %v", conf)
	}
	if conf.BastionPort != 20022 {
		t.Fatalf("bad: %v", conf)
	}
	if conf.BastionUser != "root" {
		t.Fatalf("bad: %v", conf)
	}
	if conf.BastionPassword != "supersecret" {
		t.Fatalf("bad: %v", conf)
	}
	if conf.BastionPrivateKey != "someprivatekeycontents" {
		t.Fatalf("bad: %v", conf)
	}
}

func TestProvisioner_connInfoIpv6(t *testing.T) {
	v := cty.ObjectVal(map[string]cty.Value{
		"type":         cty.StringVal("ssh"),
		"user":         cty.StringVal("root"),
		"password":     cty.StringVal("supersecret"),
		"private_key":  cty.StringVal("someprivatekeycontents"),
		"host":         cty.StringVal("::1"),
		"port":         cty.StringVal("22"),
		"timeout":      cty.StringVal("30s"),
		"bastion_host": cty.StringVal("::1"),
	})

	conf, err := parseConnectionInfo(v)
	if err != nil {
		t.Fatalf("err: %v", err)
	}

	if conf.Host != "[::1]" {
		t.Fatalf("bad: %v", conf)
	}

	if conf.BastionHost != "[::1]" {
		t.Fatalf("bad %v", conf)
	}
}

func TestProvisioner_connInfoHostname(t *testing.T) {
	v := cty.ObjectVal(map[string]cty.Value{
		"type":         cty.StringVal("ssh"),
		"user":         cty.StringVal("root"),
		"password":     cty.StringVal("supersecret"),
		"private_key":  cty.StringVal("someprivatekeycontents"),
		"host":         cty.StringVal("example.com"),
		"port":         cty.StringVal("22"),
		"timeout":      cty.StringVal("30s"),
		"bastion_host": cty.StringVal("example.com"),
	})

	conf, err := parseConnectionInfo(v)
	if err != nil {
		t.Fatalf("err: %v", err)
	}

	if conf.Host != "example.com" {
		t.Fatalf("bad: %v", conf)
	}

	if conf.BastionHost != "example.com" {
		t.Fatalf("bad %v", conf)
	}
}

func TestProvisioner_connInfoEmptyHostname(t *testing.T) {
	v := cty.ObjectVal(map[string]cty.Value{
		"type":        cty.StringVal("ssh"),
		"user":        cty.StringVal("root"),
		"password":    cty.StringVal("supersecret"),
		"private_key": cty.StringVal("someprivatekeycontents"),
		"port":        cty.StringVal("22"),
		"timeout":     cty.StringVal("30s"),
	})

	_, err := parseConnectionInfo(v)
	if err == nil {
		t.Fatalf("bad: should not allow empty host")
	}
}

func TestProvisioner_stringBastionPort(t *testing.T) {
	v := cty.ObjectVal(map[string]cty.Value{
		"type":         cty.StringVal("ssh"),
		"user":         cty.StringVal("root"),
		"password":     cty.StringVal("supersecret"),
		"private_key":  cty.StringVal("someprivatekeycontents"),
		"host":         cty.StringVal("example.com"),
		"port":         cty.StringVal("22"),
		"timeout":      cty.StringVal("30s"),
		"bastion_host": cty.StringVal("example.com"),
		"bastion_port": cty.StringVal("12345"),
	})

	conf, err := parseConnectionInfo(v)
	if err != nil {
		t.Fatalf("err: %v", err)
	}

	if conf.BastionPort != 12345 {
		t.Fatalf("bad %v", conf)
	}
}

func TestProvisioner_invalidPortNumber(t *testing.T) {
	v := cty.ObjectVal(map[string]cty.Value{
		"type":        cty.StringVal("ssh"),
		"user":        cty.StringVal("root"),
		"password":    cty.StringVal("supersecret"),
		"private_key": cty.StringVal("someprivatekeycontents"),
		"host":        cty.StringVal("example.com"),
		"port":        cty.NumberIntVal(123456789),
	})

	_, err := parseConnectionInfo(v)
	if err == nil {
		t.Fatalf("bad: should not allow invalid port number")
	}
	if got, want := err.Error(), "value must be a whole number, between 0 and 65535 inclusive"; got != want {
		t.Errorf("unexpected error\n got: %s\nwant: %s", got, want)
	}
}
Adding some abstractions for the communicators This is needed as preperation for adding WinRM support. There is still one error in the tests which needs another look, but other than that it seems like were now ready to start working on the WinRM part… 2015-04-09 21:58:00 +02:00			`package ssh`

			`import (`
			`"testing"`

update ssh communicator to use new types remove the legacy types and mapstructure from the ssh communicator 2020-11-25 18:40:42 +01:00			`"github.com/zclconf/go-cty/cty"`
Adding some abstractions for the communicators This is needed as preperation for adding WinRM support. There is still one error in the tests which needs another look, but other than that it seems like were now ready to start working on the WinRM part… 2015-04-09 21:58:00 +02:00			`)`

			`func TestProvisioner_connInfo(t *testing.T) {`
update ssh communicator to use new types remove the legacy types and mapstructure from the ssh communicator 2020-11-25 18:40:42 +01:00			`v := cty.ObjectVal(map[string]cty.Value{`
			`"type": cty.StringVal("ssh"),`
			`"user": cty.StringVal("root"),`
			`"password": cty.StringVal("supersecret"),`
			`"private_key": cty.StringVal("someprivatekeycontents"),`
			`"certificate": cty.StringVal("somecertificate"),`
			`"host": cty.StringVal("127.0.0.1"),`
			`"port": cty.StringVal("22"),`
			`"timeout": cty.StringVal("30s"),`
			`"bastion_host": cty.StringVal("127.0.1.1"),`
communicator/ssh: Fix crash with SSH bastion port The connection block schema defines the bastion_port argument as a number, but we were incorrectly trying to convert it from a string. This commit fixes that by attempting to convert the cty.Number to the int result type, returning the error on failure. An alternative approach would be to change the bastion_port argument in the schema to be a string, matching the port argument. I'm less sure about the secondary effects of that change, though. 2021-05-10 17:46:07 +02:00			`"bastion_port": cty.NumberIntVal(20022),`
update ssh communicator to use new types remove the legacy types and mapstructure from the ssh communicator 2020-11-25 18:40:42 +01:00			`})`

			`conf, err := parseConnectionInfo(v)`
Adding some abstractions for the communicators This is needed as preperation for adding WinRM support. There is still one error in the tests which needs another look, but other than that it seems like were now ready to start working on the WinRM part… 2015-04-09 21:58:00 +02:00			`if err != nil {`
			`t.Fatalf("err: %v", err)`
			`}`

			`if conf.User != "root" {`
			`t.Fatalf("bad: %v", conf)`
			`}`
			`if conf.Password != "supersecret" {`
			`t.Fatalf("bad: %v", conf)`
			`}`
ssh: accept private key contents instead of path We've been moving away from config fields expecting file paths that Terraform will load, instead prefering fields that expect file contents, leaning on `file()` to do loading from a path. This helps with consistency and also flexibility - since this makes it easier to shift sensitive files into environment variables. Here we add a little helper package to manage the transitional period for these fields where we support both behaviors. Also included is the first of several fields being shifted over - SSH private keys in provisioner connection config. We're moving to new field names so the behavior is more intuitive, so instead of `key_file` it's `private_key` now. Additional field shifts will be included in follow up PRs so they can be reviewed and discussed individually. 2015-11-12 21:39:41 +01:00			`if conf.PrivateKey != "someprivatekeycontents" {`
Adding some abstractions for the communicators This is needed as preperation for adding WinRM support. There is still one error in the tests which needs another look, but other than that it seems like were now ready to start working on the WinRM part… 2015-04-09 21:58:00 +02:00			`t.Fatalf("bad: %v", conf)`
			`}`
updated ssh authentication and testing for ssh 2018-09-19 02:36:39 +02:00			`if conf.Certificate != "somecertificate" {`
			`t.Fatalf("bad: %v", conf)`
			`}`
Adding some abstractions for the communicators This is needed as preperation for adding WinRM support. There is still one error in the tests which needs another look, but other than that it seems like were now ready to start working on the WinRM part… 2015-04-09 21:58:00 +02:00			`if conf.Host != "127.0.0.1" {`
			`t.Fatalf("bad: %v", conf)`
			`}`
			`if conf.Port != 22 {`
			`t.Fatalf("bad: %v", conf)`
			`}`
			`if conf.Timeout != "30s" {`
			`t.Fatalf("bad: %v", conf)`
			`}`
communicator/ssh: Add support for Windows targets (#26865) 2020-11-12 16:00:48 +01:00			`if conf.ScriptPath != DefaultUnixScriptPath {`
			`t.Fatalf("bad: %v", conf)`
			`}`
			`if conf.TargetPlatform != TargetPlatformUnix {`
Adding some abstractions for the communicators This is needed as preperation for adding WinRM support. There is still one error in the tests which needs another look, but other than that it seems like were now ready to start working on the WinRM part… 2015-04-09 21:58:00 +02:00			`t.Fatalf("bad: %v", conf)`
			`}`
communicator/ssh: bastion host support * adds `bastion_` fields to `connection` which add configuration for a bastion host if `bastion_host` is set, connect to that host first, then jump through it to make the SSH connection to `host` * enables SSH Agent forwarding by default 2015-06-22 18:34:02 +02:00			`if conf.BastionHost != "127.0.1.1" {`
			`t.Fatalf("bad: %v", conf)`
			`}`
communicator/ssh: Fix crash with SSH bastion port The connection block schema defines the bastion_port argument as a number, but we were incorrectly trying to convert it from a string. This commit fixes that by attempting to convert the cty.Number to the int result type, returning the error on failure. An alternative approach would be to change the bastion_port argument in the schema to be a string, matching the port argument. I'm less sure about the secondary effects of that change, though. 2021-05-10 17:46:07 +02:00			`if conf.BastionPort != 20022 {`
communicator/ssh: bastion host support * adds `bastion_` fields to `connection` which add configuration for a bastion host if `bastion_host` is set, connect to that host first, then jump through it to make the SSH connection to `host` * enables SSH Agent forwarding by default 2015-06-22 18:34:02 +02:00			`t.Fatalf("bad: %v", conf)`
			`}`
			`if conf.BastionUser != "root" {`
			`t.Fatalf("bad: %v", conf)`
			`}`
			`if conf.BastionPassword != "supersecret" {`
			`t.Fatalf("bad: %v", conf)`
			`}`
ssh: accept private key contents instead of path We've been moving away from config fields expecting file paths that Terraform will load, instead prefering fields that expect file contents, leaning on `file()` to do loading from a path. This helps with consistency and also flexibility - since this makes it easier to shift sensitive files into environment variables. Here we add a little helper package to manage the transitional period for these fields where we support both behaviors. Also included is the first of several fields being shifted over - SSH private keys in provisioner connection config. We're moving to new field names so the behavior is more intuitive, so instead of `key_file` it's `private_key` now. Additional field shifts will be included in follow up PRs so they can be reviewed and discussed individually. 2015-11-12 21:39:41 +01:00			`if conf.BastionPrivateKey != "someprivatekeycontents" {`
			`t.Fatalf("bad: %v", conf)`
			`}`
			`}`

provisioners: Allow provisioning over IPv6 2016-09-04 00:45:24 +02:00			`func TestProvisioner_connInfoIpv6(t *testing.T) {`
update ssh communicator to use new types remove the legacy types and mapstructure from the ssh communicator 2020-11-25 18:40:42 +01:00			`v := cty.ObjectVal(map[string]cty.Value{`
			`"type": cty.StringVal("ssh"),`
			`"user": cty.StringVal("root"),`
			`"password": cty.StringVal("supersecret"),`
			`"private_key": cty.StringVal("someprivatekeycontents"),`
			`"host": cty.StringVal("::1"),`
			`"port": cty.StringVal("22"),`
			`"timeout": cty.StringVal("30s"),`
			`"bastion_host": cty.StringVal("::1"),`
			`})`

			`conf, err := parseConnectionInfo(v)`
provisioners: Allow provisioning over IPv6 2016-09-04 00:45:24 +02:00			`if err != nil {`
			`t.Fatalf("err: %v", err)`
			`}`

			`if conf.Host != "[::1]" {`
			`t.Fatalf("bad: %v", conf)`
			`}`

			`if conf.BastionHost != "[::1]" {`
			`t.Fatalf("bad %v", conf)`
			`}`
			`}`

			`func TestProvisioner_connInfoHostname(t *testing.T) {`
update ssh communicator to use new types remove the legacy types and mapstructure from the ssh communicator 2020-11-25 18:40:42 +01:00			`v := cty.ObjectVal(map[string]cty.Value{`
			`"type": cty.StringVal("ssh"),`
			`"user": cty.StringVal("root"),`
			`"password": cty.StringVal("supersecret"),`
			`"private_key": cty.StringVal("someprivatekeycontents"),`
			`"host": cty.StringVal("example.com"),`
			`"port": cty.StringVal("22"),`
			`"timeout": cty.StringVal("30s"),`
			`"bastion_host": cty.StringVal("example.com"),`
			`})`

			`conf, err := parseConnectionInfo(v)`
provisioners: Allow provisioning over IPv6 2016-09-04 00:45:24 +02:00			`if err != nil {`
			`t.Fatalf("err: %v", err)`
			`}`

			`if conf.Host != "example.com" {`
			`t.Fatalf("bad: %v", conf)`
			`}`

			`if conf.BastionHost != "example.com" {`
			`t.Fatalf("bad %v", conf)`
			`}`
			`}`
ssh: return error if host is empty 2020-02-11 22:18:04 +01:00
			`func TestProvisioner_connInfoEmptyHostname(t *testing.T) {`
update ssh communicator to use new types remove the legacy types and mapstructure from the ssh communicator 2020-11-25 18:40:42 +01:00			`v := cty.ObjectVal(map[string]cty.Value{`
			`"type": cty.StringVal("ssh"),`
			`"user": cty.StringVal("root"),`
			`"password": cty.StringVal("supersecret"),`
			`"private_key": cty.StringVal("someprivatekeycontents"),`
			`"port": cty.StringVal("22"),`
			`"timeout": cty.StringVal("30s"),`
			`})`

			`_, err := parseConnectionInfo(v)`
ssh: return error if host is empty 2020-02-11 22:18:04 +01:00			`if err == nil {`
			`t.Fatalf("bad: should not allow empty host")`
			`}`
			`}`
communicator/ssh: Fix crash with SSH bastion port The connection block schema defines the bastion_port argument as a number, but we were incorrectly trying to convert it from a string. This commit fixes that by attempting to convert the cty.Number to the int result type, returning the error on failure. An alternative approach would be to change the bastion_port argument in the schema to be a string, matching the port argument. I'm less sure about the secondary effects of that change, though. 2021-05-10 17:46:07 +02:00
			`func TestProvisioner_stringBastionPort(t *testing.T) {`
			`v := cty.ObjectVal(map[string]cty.Value{`
			`"type": cty.StringVal("ssh"),`
			`"user": cty.StringVal("root"),`
			`"password": cty.StringVal("supersecret"),`
			`"private_key": cty.StringVal("someprivatekeycontents"),`
			`"host": cty.StringVal("example.com"),`
			`"port": cty.StringVal("22"),`
			`"timeout": cty.StringVal("30s"),`
			`"bastion_host": cty.StringVal("example.com"),`
			`"bastion_port": cty.StringVal("12345"),`
			`})`

			`conf, err := parseConnectionInfo(v)`
			`if err != nil {`
			`t.Fatalf("err: %v", err)`
			`}`

			`if conf.BastionPort != 12345 {`
			`t.Fatalf("bad %v", conf)`
			`}`
			`}`
core: Use number for port in connection schema This commit makes two changes to the provisioner connection block code: - Change the `port` argument type from string to number, which is technically more correct and consistent with `bastion_port`; - Use `uint16` as the struct member type for both ports instead of `int`, which gets us free range validation from the gocty package. Includes a test of the validation message when the port number is an invalid integer. 2021-05-10 19:57:11 +02:00
			`func TestProvisioner_invalidPortNumber(t *testing.T) {`
			`v := cty.ObjectVal(map[string]cty.Value{`
			`"type": cty.StringVal("ssh"),`
			`"user": cty.StringVal("root"),`
			`"password": cty.StringVal("supersecret"),`
			`"private_key": cty.StringVal("someprivatekeycontents"),`
			`"host": cty.StringVal("example.com"),`
			`"port": cty.NumberIntVal(123456789),`
			`})`

			`_, err := parseConnectionInfo(v)`
			`if err == nil {`
			`t.Fatalf("bad: should not allow invalid port number")`
			`}`
			`if got, want := err.Error(), "value must be a whole number, between 0 and 65535 inclusive"; got != want {`
			`t.Errorf("unexpected error\n got: %s\nwant: %s", got, want)`
			`}`
			`}`