freeipa/ipatests/pytest_ipa/integration/transport.py

#
# Copyright (C) 2020  FreeIPA Contributors see COPYING for license
#
"""Enhanced SSH transport for pytest multihost

Provides SSH password login for OpenSSH transport
"""
import os

from .expect import IpaTestExpect

from pytest_multihost.transport import OpenSSHTransport


class IPAOpenSSHTransport(OpenSSHTransport):
    def _get_ssh_argv(self):
        """Return the path to SSH and options needed for every call"""
        control_file = os.path.join(self.control_dir.path, "control")
        known_hosts_file = os.path.join(self.control_dir.path, "known_hosts")

        argv = [
            "ssh",
            "-l",
            self.host.ssh_username,
            "-o",
            "ControlPath=%s" % control_file,
            "-o",
            "StrictHostKeyChecking=no",
            "-o",
            "UserKnownHostsFile=%s" % known_hosts_file,
        ]

        if self.host.ssh_key_filename:
            key_filename = os.path.expanduser(self.host.ssh_key_filename)
            argv.extend(["-i", key_filename])
        elif self.host.ssh_password:
            password_file = os.path.join(self.control_dir.path, "password")
            with open(password_file, "w") as f:
                os.fchmod(f.fileno(), 0o600)
                f.write(self.host.ssh_password)
                f.write("\n")
            argv = ["sshpass", f"-f{password_file}"] + argv
        else:
            self.log.critical("No SSH credentials configured")
            raise RuntimeError("No SSH credentials configured")

        argv.append(self.host.external_hostname)
        self.log.debug("SSH invocation: %s", argv)

        return argv

    def spawn_expect(self, argv, default_timeout, encoding, extra_ssh_options):
        self.log.debug('Starting pexpect ssh session')
        if isinstance(argv, str):
            argv = [argv]
        if extra_ssh_options is None:
            extra_ssh_options = []
        argv = self._get_ssh_argv() + ['-q'] + extra_ssh_options + argv
        return IpaTestExpect(argv, default_timeout, encoding)
Add pytest OpenSSH transport with password The pytest_multihost transport does not provide password-based authentication for OpenSSH transport. The OpenSSH command line tool has no API to pass in a password securely. The patch implements a custom transport that uses sshpass hack. It is not recommended for production but good enough for testing. Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> 2020-01-24 07:03:00 -06:00			`#`
			`# Copyright (C) 2020 FreeIPA Contributors see COPYING for license`
			`#`
			`"""Enhanced SSH transport for pytest multihost`

			`Provides SSH password login for OpenSSH transport`
			`"""`
			`import os`

ipatests: add a tests-oriented wrapper for pexpect module The pexpect module can be used for controlling and testing interactive command-line programs. The wrapper adds testing-oriented features like logging and automatic process termination and default check for process exit status. Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> 2021-01-20 11:21:22 -06:00			`from .expect import IpaTestExpect`

Add pytest OpenSSH transport with password The pytest_multihost transport does not provide password-based authentication for OpenSSH transport. The OpenSSH command line tool has no API to pass in a password securely. The patch implements a custom transport that uses sshpass hack. It is not recommended for production but good enough for testing. Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> 2020-01-24 07:03:00 -06:00			`from pytest_multihost.transport import OpenSSHTransport`


			`class IPAOpenSSHTransport(OpenSSHTransport):`
			`def _get_ssh_argv(self):`
			`"""Return the path to SSH and options needed for every call"""`
			`control_file = os.path.join(self.control_dir.path, "control")`
			`known_hosts_file = os.path.join(self.control_dir.path, "known_hosts")`

			`argv = [`
			`"ssh",`
			`"-l",`
			`self.host.ssh_username,`
			`"-o",`
			`"ControlPath=%s" % control_file,`
			`"-o",`
			`"StrictHostKeyChecking=no",`
			`"-o",`
			`"UserKnownHostsFile=%s" % known_hosts_file,`
			`]`

			`if self.host.ssh_key_filename:`
			`key_filename = os.path.expanduser(self.host.ssh_key_filename)`
			`argv.extend(["-i", key_filename])`
			`elif self.host.ssh_password:`
			`password_file = os.path.join(self.control_dir.path, "password")`
			`with open(password_file, "w") as f:`
Fix password file permission Invalid permission makes file unreadable by owner if he is not root. Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> 2020-08-05 09:37:05 -05:00			`os.fchmod(f.fileno(), 0o600)`
Add pytest OpenSSH transport with password The pytest_multihost transport does not provide password-based authentication for OpenSSH transport. The OpenSSH command line tool has no API to pass in a password securely. The patch implements a custom transport that uses sshpass hack. It is not recommended for production but good enough for testing. Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> 2020-01-24 07:03:00 -06:00			`f.write(self.host.ssh_password)`
			`f.write("\n")`
			`argv = ["sshpass", f"-f{password_file}"] + argv`
			`else:`
			`self.log.critical("No SSH credentials configured")`
			`raise RuntimeError("No SSH credentials configured")`

			`argv.append(self.host.external_hostname)`
			`self.log.debug("SSH invocation: %s", argv)`

			`return argv`
ipatests: add a tests-oriented wrapper for pexpect module The pexpect module can be used for controlling and testing interactive command-line programs. The wrapper adds testing-oriented features like logging and automatic process termination and default check for process exit status. Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> 2021-01-20 11:21:22 -06:00
ipatests: allocate pseudo-terminal only for specific command While "ktutil" does require a pseudo-terminal on particular systems to operate, majority of programs do not need it. At the same time invoking `ssh` with forced pseudo-terminal allocation interferes with sessions multiplexing feature and increases connection time. The increase can be as large as 10 seconds in certain cases which leads to unexpected EOFs of pexpect utility. Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com> 2021-03-19 10:02:34 -05:00			`def spawn_expect(self, argv, default_timeout, encoding, extra_ssh_options):`
ipatests: add a tests-oriented wrapper for pexpect module The pexpect module can be used for controlling and testing interactive command-line programs. The wrapper adds testing-oriented features like logging and automatic process termination and default check for process exit status. Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> 2021-01-20 11:21:22 -06:00			`self.log.debug('Starting pexpect ssh session')`
			`if isinstance(argv, str):`
			`argv = [argv]`
ipatests: allocate pseudo-terminal only for specific command While "ktutil" does require a pseudo-terminal on particular systems to operate, majority of programs do not need it. At the same time invoking `ssh` with forced pseudo-terminal allocation interferes with sessions multiplexing feature and increases connection time. The increase can be as large as 10 seconds in certain cases which leads to unexpected EOFs of pexpect utility. Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com> 2021-03-19 10:02:34 -05:00			`if extra_ssh_options is None:`
			`extra_ssh_options = []`
			`argv = self._get_ssh_argv() + ['-q'] + extra_ssh_options + argv`
ipatests: add a tests-oriented wrapper for pexpect module The pexpect module can be used for controlling and testing interactive command-line programs. The wrapper adds testing-oriented features like logging and automatic process termination and default check for process exit status. Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> 2021-01-20 11:21:22 -06:00			`return IpaTestExpect(argv, default_timeout, encoding)`