public async Task WhenProjectAndInstanceMetadataAllowed_ThenAuthorizeKeyAsyncPushesKeyToProjectMetadata() { var computeEngineAdapter = CreateComputeEngineAdapterMock( osLoginEnabledForProject: null, osLoginEnabledForInstance: null, osLogin2fa: false, legacySshKeyPresent: false, projectWideKeysBlockedForProject: false, projectWideKeysBlockedForInstance: false); var service = new AuthorizedKeyService( CreateAuthorizationAdapterMock().Object, computeEngineAdapter.Object, CreateResourceManagerAdapterMock(true).Object, CreateOsLoginServiceMock().Object); using (var key = RsaSshKey.NewEphemeralKey()) { var authorizedKey = await service.AuthorizeKeyAsync( SampleLocator, key, TimeSpan.FromMinutes(1), null, AuthorizeKeyMethods.All, CancellationToken.None); Assert.IsNotNull(authorizedKey); Assert.AreEqual(AuthorizeKeyMethods.ProjectMetadata, authorizedKey.AuthorizationMethod); Assert.AreEqual("bob", authorizedKey.Username); computeEngineAdapter.Verify(a => a.UpdateCommonInstanceMetadataAsync( It.IsAny <string>(), It.IsAny <Action <Metadata> >(), It.IsAny <CancellationToken>()), Times.Once); } }
public async Task WhenExistingInvalidManagedKeyFound_ThenNewKeyIsPushed() { using (var key = RsaSshKey.NewEphemeralKey()) { var existingProjectKeySet = MetadataAuthorizedKeySet .FromMetadata(new Metadata()) .Add(new ManagedMetadataAuthorizedKey( "bob", "ssh-rsa", key.PublicKeyString, new ManagedKeyMetadata(SampleEmailAddress, DateTime.UtcNow.AddMinutes(-5)))); var computeEngineAdapter = CreateComputeEngineAdapterMock( osLoginEnabledForProject: false, osLoginEnabledForInstance: false, osLogin2fa: false, legacySshKeyPresent: false, projectWideKeysBlockedForProject: false, projectWideKeysBlockedForInstance: false, existingProjectKeySet: existingProjectKeySet, existingInstanceKeySet: null); var service = new AuthorizedKeyService( CreateAuthorizationAdapterMock().Object, computeEngineAdapter.Object, CreateResourceManagerAdapterMock(true).Object, CreateOsLoginServiceMock().Object); var authorizedKey = await service.AuthorizeKeyAsync( SampleLocator, key, TimeSpan.FromMinutes(1), "bob", AuthorizeKeyMethods.All, CancellationToken.None); Assert.IsNotNull(authorizedKey); Assert.AreEqual(AuthorizeKeyMethods.ProjectMetadata, authorizedKey.AuthorizationMethod); Assert.AreEqual("bob", authorizedKey.Username); computeEngineAdapter.Verify(a => a.UpdateMetadataAsync( It.IsAny <InstanceLocator>(), It.IsAny <Action <Metadata> >(), It.IsAny <CancellationToken>()), Times.Never); computeEngineAdapter.Verify(a => a.UpdateCommonInstanceMetadataAsync( It.IsAny <string>(), It.IsAny <Action <Metadata> >(), It.IsAny <CancellationToken>()), Times.Once); } }
public void WhenMetadataUpdatesFails_ThenAuthorizeKeyAsyncThrowsSshKeyPushFailedException( [Values( HttpStatusCode.Forbidden, HttpStatusCode.BadRequest)] HttpStatusCode httpStatus) { var computeEngineAdapter = CreateComputeEngineAdapterMock( osLoginEnabledForProject: null, osLoginEnabledForInstance: null, osLogin2fa: false, legacySshKeyPresent: false, projectWideKeysBlockedForProject: false, projectWideKeysBlockedForInstance: false); computeEngineAdapter .Setup(a => a.UpdateCommonInstanceMetadataAsync( It.IsAny <string>(), It.IsAny <Action <Metadata> >(), It.IsAny <CancellationToken>())) .Throws(new GoogleApiException("GCE", "mock-error") { HttpStatusCode = httpStatus }); var service = new AuthorizedKeyService( CreateAuthorizationAdapterMock().Object, computeEngineAdapter.Object, CreateResourceManagerAdapterMock(true).Object, CreateOsLoginServiceMock().Object); using (var key = RsaSshKey.NewEphemeralKey()) { AssertEx.ThrowsAggregateException <SshKeyPushFailedException>( () => service.AuthorizeKeyAsync( SampleLocator, key, TimeSpan.FromMinutes(1), null, AuthorizeKeyMethods.All, CancellationToken.None).Wait()); } }