public async Task WhenProjectAndInstanceMetadataAllowed_ThenAuthorizeKeyAsyncPushesKeyToProjectMetadata()
{
var computeEngineAdapter = CreateComputeEngineAdapterMock(
osLoginEnabledForProject: null,
osLoginEnabledForInstance: null,
osLogin2fa: false,
legacySshKeyPresent: false,
projectWideKeysBlockedForProject: false,
projectWideKeysBlockedForInstance: false);
var service = new AuthorizedKeyService(
CreateAuthorizationAdapterMock().Object,
computeEngineAdapter.Object,
CreateResourceManagerAdapterMock(true).Object,
CreateOsLoginServiceMock().Object);
using (var key = RsaSshKey.NewEphemeralKey())
{
var authorizedKey = await service.AuthorizeKeyAsync(
SampleLocator,
key,
TimeSpan.FromMinutes(1),
null,
AuthorizeKeyMethods.All,
CancellationToken.None);
Assert.IsNotNull(authorizedKey);
Assert.AreEqual(AuthorizeKeyMethods.ProjectMetadata, authorizedKey.AuthorizationMethod);
Assert.AreEqual("bob", authorizedKey.Username);
computeEngineAdapter.Verify(a => a.UpdateCommonInstanceMetadataAsync(
It.IsAny <string>(),
It.IsAny <Action <Metadata> >(),
It.IsAny <CancellationToken>()), Times.Once);
}
}
public async Task WhenExistingInvalidManagedKeyFound_ThenNewKeyIsPushed()
{
using (var key = RsaSshKey.NewEphemeralKey())
{
var existingProjectKeySet = MetadataAuthorizedKeySet
.FromMetadata(new Metadata())
.Add(new ManagedMetadataAuthorizedKey(
"bob",
"ssh-rsa",
key.PublicKeyString,
new ManagedKeyMetadata(SampleEmailAddress, DateTime.UtcNow.AddMinutes(-5))));
var computeEngineAdapter = CreateComputeEngineAdapterMock(
osLoginEnabledForProject: false,
osLoginEnabledForInstance: false,
osLogin2fa: false,
legacySshKeyPresent: false,
projectWideKeysBlockedForProject: false,
projectWideKeysBlockedForInstance: false,
existingProjectKeySet: existingProjectKeySet,
existingInstanceKeySet: null);
var service = new AuthorizedKeyService(
CreateAuthorizationAdapterMock().Object,
computeEngineAdapter.Object,
CreateResourceManagerAdapterMock(true).Object,
CreateOsLoginServiceMock().Object);
var authorizedKey = await service.AuthorizeKeyAsync(
SampleLocator,
key,
TimeSpan.FromMinutes(1),
"bob",
AuthorizeKeyMethods.All,
CancellationToken.None);
Assert.IsNotNull(authorizedKey);
Assert.AreEqual(AuthorizeKeyMethods.ProjectMetadata, authorizedKey.AuthorizationMethod);
Assert.AreEqual("bob", authorizedKey.Username);
computeEngineAdapter.Verify(a => a.UpdateMetadataAsync(
It.IsAny <InstanceLocator>(),
It.IsAny <Action <Metadata> >(),
It.IsAny <CancellationToken>()), Times.Never);
computeEngineAdapter.Verify(a => a.UpdateCommonInstanceMetadataAsync(
It.IsAny <string>(),
It.IsAny <Action <Metadata> >(),
It.IsAny <CancellationToken>()), Times.Once);
}
}
public void WhenMetadataUpdatesFails_ThenAuthorizeKeyAsyncThrowsSshKeyPushFailedException(
[Values(
HttpStatusCode.Forbidden,
HttpStatusCode.BadRequest)] HttpStatusCode httpStatus)
{
var computeEngineAdapter = CreateComputeEngineAdapterMock(
osLoginEnabledForProject: null,
osLoginEnabledForInstance: null,
osLogin2fa: false,
legacySshKeyPresent: false,
projectWideKeysBlockedForProject: false,
projectWideKeysBlockedForInstance: false);
computeEngineAdapter
.Setup(a => a.UpdateCommonInstanceMetadataAsync(
It.IsAny <string>(),
It.IsAny <Action <Metadata> >(),
It.IsAny <CancellationToken>()))
.Throws(new GoogleApiException("GCE", "mock-error")
{
HttpStatusCode = httpStatus
});
var service = new AuthorizedKeyService(
CreateAuthorizationAdapterMock().Object,
computeEngineAdapter.Object,
CreateResourceManagerAdapterMock(true).Object,
CreateOsLoginServiceMock().Object);
using (var key = RsaSshKey.NewEphemeralKey())
{
AssertEx.ThrowsAggregateException <SshKeyPushFailedException>(
() => service.AuthorizeKeyAsync(
SampleLocator,
key,
TimeSpan.FromMinutes(1),
null,
AuthorizeKeyMethods.All,
CancellationToken.None).Wait());
}
}
