Add remove ssh publickey comment code and shellscript refactoring.

･Refactoring a shellscript to check the SSH public key.
･Commands spec is changed for new command test.
･Before check remove ssh publickey comment.

lib/serverspec/commands/base.rb

@@ -100,13 +100,8 @@ def check_home_directory user, path_to_home
       end
 
       def check_authorized_key user, key
-        cmd = "sh -c '"
-        cmd += "grep -w ^#{user} /etc/passwd "
-        cmd += "| cut -f 6 -d ':' "
-        cmd += "| xargs -IT cat T/.ssh/authorized_keys "
-        cmd += "| grep -w \"#{key}\""
-        cmd += "'"
-        cmd
+        key.sub!(/\s+\S*$/, '') if key.match(/^\S+\s+\S+\s+\S*$/)
+        "grep -w '#{key}' ~#{user}/.ssh/authorized_keys"
       end
 
       def check_iptables_rule rule, table=nil, chain=nil

spec/debian/commands_spec.rb

@@ -134,9 +134,20 @@
 end
 
 describe 'have_authorized_key', :os => :debian do
-  key = "ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH foo@bar.local"
-  subject { commands.check_authorized_key('root', key) }
-  it { should eq "sh -c 'grep -w ^root /etc/passwd | cut -f 6 -d ':' | xargs -IT cat T/.ssh/authorized_keys | grep -w \"#{key}\"'" }
+  key = "ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH"
+
+  context 'with commented publickey' do
+    commented_key = key + " foo@bar.local"
+    subject { commands.check_authorized_key('root', commented_key) }
+    describe 'when command insert publickey is removed comment' do
+      it { should eq "grep -w '#{key}' ~root/.ssh/authorized_keys" }
+    end
+  end
+
+  context 'with uncomented publickey' do
+    subject { commands.check_authorized_key('root', key) }
+    it { should eq "grep -w '#{key}' ~root/.ssh/authorized_keys" }
+  end
 end
 
 describe 'check_ipatbles', :os => :debian do

spec/gentoo/commands_spec.rb

@@ -133,9 +133,20 @@
 end
 
 describe 'have_authorized_key', :os => :gentoo do
-  key = "ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH foo@bar.local"
-  subject { commands.check_authorized_key('root', key) }
-  it { should eq "sh -c 'grep -w ^root /etc/passwd | cut -f 6 -d ':' | xargs -IT cat T/.ssh/authorized_keys | grep -w \"#{key}\"'" }
+  key = "ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH"
+
+  context 'with commented publickey' do
+    commented_key = key + " foo@bar.local"
+    subject { commands.check_authorized_key('root', commented_key) }
+    describe 'when command insert publickey is removed comment' do
+      it { should eq "grep -w '#{key}' ~root/.ssh/authorized_keys" }
+    end
+  end
+
+  context 'with uncomented publickey' do
+    subject { commands.check_authorized_key('root', key) }
+    it { should eq "grep -w '#{key}' ~root/.ssh/authorized_keys" }
+  end
 end
 
 describe 'check_ipatbles', :os => :gentoo do

spec/redhat/commands_spec.rb

@@ -133,9 +133,20 @@
 end
 
 describe 'have_authorized_key', :os => :redhat do
-  key = "ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH foo@bar.local"
-  subject { commands.check_authorized_key('root', key) }
-  it { should eq "sh -c 'grep -w ^root /etc/passwd | cut -f 6 -d ':' | xargs -IT cat T/.ssh/authorized_keys | grep -w \"#{key}\"'" }
+  key = "ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH"
+
+  context 'with commented publickey' do
+    commented_key = key + " foo@bar.local"
+    subject { commands.check_authorized_key('root', commented_key) }
+    describe 'when command insert publickey is removed comment' do
+      it { should eq "grep -w '#{key}' ~root/.ssh/authorized_keys" }
+    end
+  end
+
+  context 'with uncomented publickey' do
+    subject { commands.check_authorized_key('root', key) }
+    it { should eq "grep -w '#{key}' ~root/.ssh/authorized_keys" }
+  end
 end
 
 describe 'check_ipatbles', :os => :redhat do

spec/solaris/commands_spec.rb

@@ -133,9 +133,20 @@
 end
 
 describe 'have_authorized_key', :os => :solaris do
-  key = "ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH foo@bar.local"
-  subject { commands.check_authorized_key('root', key) }
-  it { should eq "sh -c 'grep -w ^root /etc/passwd | cut -f 6 -d ':' | xargs -IT cat T/.ssh/authorized_keys | grep -w \"#{key}\"'" }
+  key = "ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH"
+
+  context 'with commented publickey' do
+    commented_key = key + " foo@bar.local"
+    subject { commands.check_authorized_key('root', commented_key) }
+    describe 'when command insert publickey is removed comment' do
+      it { should eq "grep -w '#{key}' ~root/.ssh/authorized_keys" }
+    end
+  end
+
+  context 'with uncomented publickey' do
+    subject { commands.check_authorized_key('root', key) }
+    it { should eq "grep -w '#{key}' ~root/.ssh/authorized_keys" }
+  end
 end
 
 describe 'check_zfs', :os => :solaris do