diff --git a/app/models/manageiq/providers/embedded_ansible/automation_manager/credential.rb b/app/models/manageiq/providers/embedded_ansible/automation_manager/credential.rb index 98ac32e557d..682a81adab8 100644 --- a/app/models/manageiq/providers/embedded_ansible/automation_manager/credential.rb +++ b/app/models/manageiq/providers/embedded_ansible/automation_manager/credential.rb @@ -59,4 +59,10 @@ def set_manager_ref self.manager_ref = self.id save! end + + private + + def ensure_newline_for_ssh_key + self.auth_key = "#{auth_key}\n" if auth_key.present? && auth_key[-1] != "\n" + end end diff --git a/app/models/manageiq/providers/embedded_ansible/automation_manager/machine_credential.rb b/app/models/manageiq/providers/embedded_ansible/automation_manager/machine_credential.rb index 1cbd8071115..d494f6e6417 100644 --- a/app/models/manageiq/providers/embedded_ansible/automation_manager/machine_credential.rb +++ b/app/models/manageiq/providers/embedded_ansible/automation_manager/machine_credential.rb @@ -94,6 +94,8 @@ class ManageIQ::Providers::EmbeddedAnsible::AutomationManager::MachineCredential alias ssh_key_data auth_key alias ssh_key_unlock auth_key_password + before_validation :ensure_newline_for_ssh_key + def self.display_name(number = 1) n_('Credential (Machine)', 'Credentials (Machine)', number) end diff --git a/app/models/manageiq/providers/embedded_ansible/automation_manager/scm_credential.rb b/app/models/manageiq/providers/embedded_ansible/automation_manager/scm_credential.rb index 09c592236d5..ea376d12934 100644 --- a/app/models/manageiq/providers/embedded_ansible/automation_manager/scm_credential.rb +++ b/app/models/manageiq/providers/embedded_ansible/automation_manager/scm_credential.rb @@ -68,10 +68,4 @@ def self.params_to_attributes(params) attrs end - - private - - def ensure_newline_for_ssh_key - self.auth_key = "#{auth_key}\n" if auth_key.present? && auth_key[-1] != "\n" - end end diff --git a/spec/lib/ansible/runner/credential/machine_credential_spec.rb b/spec/lib/ansible/runner/credential/machine_credential_spec.rb index 2773a48ccff..1caf0214a81 100644 --- a/spec/lib/ansible/runner/credential/machine_credential_spec.rb +++ b/spec/lib/ansible/runner/credential/machine_credential_spec.rb @@ -91,7 +91,7 @@ def password_hash "^Enter passphrase for [a-zA-Z0-9\-\/]+\/ssh_key_data:" => "keypass" ) - expect(File.read(key_file)).to eq("key_data") + expect(File.read(key_file)).to eq("key_data\n") end it "doesn't create the password file if there are no passwords" do diff --git a/spec/models/manageiq/providers/embedded_ansible/automation_manager/credential_spec.rb b/spec/models/manageiq/providers/embedded_ansible/automation_manager/credential_spec.rb index a5059b3d4fc..9763125d2fb 100644 --- a/spec/models/manageiq/providers/embedded_ansible/automation_manager/credential_spec.rb +++ b/spec/models/manageiq/providers/embedded_ansible/automation_manager/credential_spec.rb @@ -149,79 +149,104 @@ end context "MachineCredential" do - it_behaves_like 'an embedded_ansible credential' do - let(:credential_class) { embedded_ansible::MachineCredential } + let(:credential_class) { embedded_ansible::MachineCredential } + let(:expected_ssh_key) { "secret2\n" } - let(:params) do - { - :name => "Machine Credential", - :userid => "userid", - :password => "secret1", - :ssh_key_data => "secret2", - :become_method => "sudo", - :become_password => "secret3", - :become_username => "admin", - :ssh_key_unlock => "secret4" - } - end - let(:queue_create_params) do - { - :name => "Machine Credential", - :userid => "userid", - :password => ManageIQ::Password.encrypt("secret1"), - :ssh_key_data => ManageIQ::Password.encrypt("secret2"), - :become_method => "sudo", - :become_password => ManageIQ::Password.encrypt("secret3"), - :become_username => "admin", - :ssh_key_unlock => ManageIQ::Password.encrypt("secret4") - } - end - let(:params_to_attributes) do - { - :name => "Machine Credential", - :userid => "userid", - :password => "secret1", - :auth_key => "secret2", - :become_password => "secret3", - :become_username => "admin", - :auth_key_password => "secret4", - :options => { - :become_method => "sudo" - } - } - end - let(:expected_values) do - { - :name => "Machine Credential", - :userid => "userid", - :password => "secret1", - :ssh_key_data => "secret2", - :become_password => "secret3", - :become_username => "admin", - :become_method => "sudo", - :auth_key_password => "secret4", - :password_encrypted => ManageIQ::Password.try_encrypt("secret1"), - :auth_key_encrypted => ManageIQ::Password.try_encrypt("secret2"), - :become_password_encrypted => ManageIQ::Password.try_encrypt("secret3"), - :auth_key_password_encrypted => ManageIQ::Password.try_encrypt("secret4"), - :options => { - :become_method => "sudo" - } - } - end - let(:params_to_attrs) { [:auth_key, :auth_key_password, :become_method] } - let(:update_params) do - { - :name => "Updated Credential", - :password => "supersecret" + let(:params) do + { + :name => "Machine Credential", + :userid => "userid", + :password => "secret1", + :ssh_key_data => passed_in_ssh_key, + :become_method => "sudo", + :become_password => "secret3", + :become_username => "admin", + :ssh_key_unlock => "secret4" + } + end + let(:queue_create_params) do + { + :name => "Machine Credential", + :userid => "userid", + :password => ManageIQ::Password.encrypt("secret1"), + :ssh_key_data => ManageIQ::Password.encrypt(passed_in_ssh_key), + :become_method => "sudo", + :become_password => ManageIQ::Password.encrypt("secret3"), + :become_username => "admin", + :ssh_key_unlock => ManageIQ::Password.encrypt("secret4") + } + end + let(:params_to_attributes) do + { + :name => "Machine Credential", + :userid => "userid", + :password => "secret1", + :auth_key => passed_in_ssh_key, + :become_password => "secret3", + :become_username => "admin", + :auth_key_password => "secret4", + :options => { + :become_method => "sudo" } - end - let(:update_queue_params) do - { - :name => "Updated Credential", - :password => ManageIQ::Password.encrypt("supersecret") + } + end + let(:expected_values) do + { + :name => "Machine Credential", + :userid => "userid", + :password => "secret1", + :ssh_key_data => expected_ssh_key, + :become_password => "secret3", + :become_username => "admin", + :become_method => "sudo", + :auth_key_password => "secret4", + :password_encrypted => ManageIQ::Password.try_encrypt("secret1"), + :auth_key_encrypted => expected_ssh_key.present? ? ManageIQ::Password.try_encrypt(expected_ssh_key) : expected_ssh_key, + :become_password_encrypted => ManageIQ::Password.try_encrypt("secret3"), + :auth_key_password_encrypted => ManageIQ::Password.try_encrypt("secret4"), + :options => { + :become_method => "sudo" } - end + } + end + let(:params_to_attrs) { [:auth_key, :auth_key_password, :become_method] } + let(:update_params) do + { + :name => "Updated Credential", + :password => "supersecret" + } + end + let(:update_queue_params) do + { + :name => "Updated Credential", + :password => ManageIQ::Password.encrypt("supersecret") + } + end + + context "with an SSH key that ends with a newline" do + let(:passed_in_ssh_key) { "secret2\n" } + + it_behaves_like 'an embedded_ansible credential' + end + + context "with an SSH key that does not end with a newline" do + let(:passed_in_ssh_key) { "secret2" } + + it_behaves_like 'an embedded_ansible credential' + end + + context "with an nil SSH key" do + let(:passed_in_ssh_key) { nil } + let(:expected_ssh_key) { nil } + + it_behaves_like 'an embedded_ansible credential' + end + + context "with a empty string SSH key" do + let(:passed_in_ssh_key) { "" } + let(:expected_ssh_key) { "" } + + it_behaves_like 'an embedded_ansible credential' end end