From: DANIEL STOICA Date: Wed, 29 Apr 2020 11:12:18 +0000 (+0300) Subject: Support password-based ssh auth X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F95%2F3395%2F6;p=validation.git Support password-based ssh auth Add password ssh authentification in robot tests scripts Add a password variable in tests/variable.yaml JIRA: VAL-106 Signed-off-by: DANIEL STOICA Change-Id: I04145b32621dae49485cb8640d80932345957826 --- diff --git a/docker/os/Dockerfile b/docker/os/Dockerfile index c4d5938..42e67fe 100644 --- a/docker/os/Dockerfile +++ b/docker/os/Dockerfile @@ -31,6 +31,8 @@ RUN apt-get update && apt-get -y install \ wget \ golint \ sqlite3 \ + openssh-client \ + sshpass \ debian-goodies \ build-essential \ pkg-config \ diff --git a/tests/k8s/kube-hunter/kube-hunter.resource b/tests/k8s/kube-hunter/kube-hunter.resource index 6651ddc..65a154d 100644 --- a/tests/k8s/kube-hunter/kube-hunter.resource +++ b/tests/k8s/kube-hunter/kube-hunter.resource @@ -33,7 +33,7 @@ ${REPORTDIR} ${LOG_PATH}/${SUITE_NAME.replace(' ','_')} *** Keywords *** Open Connection And Log In Open Connection ${HOST} - Login With Public Key ${USERNAME} ${SSH_KEYFILE} + Run Keyword IF '${SSH_KEYFILE}' != 'None' Login With Public Key ${USERNAME} ${SSH_KEYFILE} ELSE IF '${PASSWORD}' != 'None' Login ${USERNAME} ${PASSWORD} ELSE FAIL Get Cluster Address ${result}= Run Process kubectl config view --minify diff --git a/tests/os/lynis/lynis.robot b/tests/os/lynis/lynis.robot index de05d8d..a51af7f 100644 --- a/tests/os/lynis/lynis.robot +++ b/tests/os/lynis/lynis.robot @@ -47,7 +47,7 @@ Run Lynis Audit System *** Keywords *** Open Connection And Log In Open Connection ${HOST} - Login With Public Key ${USERNAME} ${SSH_KEYFILE} + Run Keyword IF '${SSH_KEYFILE}' != 'None' Login With Public Key ${USERNAME} ${SSH_KEYFILE} ELSE IF '${PASSWORD}' != 'None' Login ${USERNAME} ${PASSWORD} ELSE FAIL Install Lynis [Documentation] Install Lynis diff --git a/tests/os/vuls/vuls.robot b/tests/os/vuls/vuls.robot index d79fab9..3c40181 100644 --- a/tests/os/vuls/vuls.robot +++ b/tests/os/vuls/vuls.robot @@ -20,7 +20,9 @@ Library SSHLibrary Library OperatingSystem Library BuiltIn Suite Setup Open Connection And Log In -Suite Teardown Close All Connections +Suite Teardown Run Keywords +... Cleanup ssh +... Close All Connections *** Test Cases *** Run Vuls test @@ -41,6 +43,8 @@ Run Vuls test ${os} = SSHLibrary.Execute Command source /etc/os-release && echo $ID + Run Keyword IF '${SSH_KEYFILE}' == 'None' Create ssh_keyfile + ${rc} = Run And Return Rc vuls scan -config ${CURDIR}/config.toml -ssh-config Should Be Equal As Integers ${rc} 0 @@ -65,6 +69,19 @@ Run vuls for centos Append To File ${LOG_PATH}/vuls.log ${output}${\n} Set Global Variable ${LOG} ${output} +Create ssh_keyfile + ${rc} = Run And Return Rc ssh-keygen -t rsa -b 4096 -f /root/.ssh/id_rsa -N "" + Should Be Equal As Integers ${rc} 0 + + ${rc} = Run and Return Rc sshpass -p '${PASSWORD}' ssh-copy-id -i /root/.ssh/id_rsa.pub '${USERNAME}'@'${HOST}' + Should Be Equal As Integers ${rc} 0 + +Cleanup ssh + ${rc} ${idssh} = Run And Return Rc And Output cat /root/.ssh/id_rsa.pub + Should Be Equal As Integers ${rc} 0 + ${rc} = Run And Return Rc ssh '${USERNAME}'@'${HOST}' "sed -i 's#${idssh}##' ~/.ssh/authorized_keys" + Should Be Equal As Integers ${rc} 0 + Open Connection And Log In Open Connection ${HOST} - Login With Public Key ${USERNAME} ${SSH_KEYFILE} + Run Keyword IF '${SSH_KEYFILE}' != 'None' Login With Public Key ${USERNAME} ${SSH_KEYFILE} ELSE IF '${PASSWORD}' != 'None' Login ${USERNAME} ${PASSWORD} ELSE FAIL diff --git a/tests/variables.yaml b/tests/variables.yaml index 7e10871..4ba17b4 100644 --- a/tests/variables.yaml +++ b/tests/variables.yaml @@ -31,7 +31,8 @@ ### Input variables cluster's master host host: 172.28.17.206 # cluster's master host address username: cloudadmin # login name to connect to cluster -ssh_keyfile: /root/.ssh/id_rsa # Identity file for authentication +password: cloudpassword # login password to connect to cluster +ssh_keyfile: ssh_keyfile # Identity file for authentication ### bluval.py adds/modifies following, before passing to robot. ### while debugging from CLI user has to modify these