Stop ignoring the host keys, query them and write them down as accepted.

2025-04-17 10:10:20 +00:00 · 2024-03-21 16:56:53 +00:00 · 2024-03-21 16:56:53 +00:00 · fccecc695c
commit fccecc695c
parent 212e7211c6
2 changed files with 22 additions and 7 deletions
--- a/tests/conftest.py
+++ b/tests/conftest.py
@ -1399,7 +1399,21 @@ def sshd_server(salt_factories, sshd_config_dir, salt_master, grains):


@pytest.fixture(scope="module")
-def salt_ssh_roster_file(sshd_server, salt_master):
+def known_hosts_file(sshd_server, salt_master, salt_factories):
+    with pytest.helpers.temp_file(
+        "ssh-known-hosts",
+        "\n".join(sshd_server.get_host_keys()),
+        salt_factories.tmp_root_dir,
+    ) as known_hosts_file, pytest.helpers.temp_file(
+        "master.d/ssh-known-hosts.conf",
+        f"known_hosts_file: {known_hosts_file}",
+        salt_master.config_dir,
+    ):
+        yield known_hosts_file
+
+
+@pytest.fixture(scope="module")
+def salt_ssh_roster_file(sshd_server, salt_master, known_hosts_file):
    roster_contents = """
    localhost:
      host: 127.0.0.1
@ -1412,6 +1426,7 @@ def salt_ssh_roster_file(sshd_server, salt_master):
    )
    if salt.utils.platform.is_darwin():
        roster_contents += "  set_path: $PATH:/usr/local/bin/\n"
+
    with pytest.helpers.temp_file(
        "roster", roster_contents, salt_master.config_dir
    ) as roster_file:
--- a/tests/pytests/integration/netapi/test_ssh_client.py
+++ b/tests/pytests/integration/netapi/test_ssh_client.py
@ -1,3 +1,5 @@
+import logging
+
 import pytest

 import salt.netapi
@ -19,9 +21,12 @@ pytestmark = [
    pytest.mark.timeout_unless_on_windows(120),
 ]

+log = logging.getLogger(__name__)
+

@pytest.fixture
-def client_config(client_config):
+def client_config(client_config, known_hosts_file):
+    client_config["known_hosts_file"] = str(known_hosts_file)
    client_config["netapi_enable_clients"] = ["ssh"]
    return client_config

@ -74,7 +79,6 @@ def test_ssh(client, auth_creds, salt_ssh_roster_file, rosters_dir, ssh_priv_key
        "client": "ssh",
        "tgt": "localhost",
        "fun": "test.ping",
-        "ignore_host_keys": True,
        "roster_file": str(salt_ssh_roster_file),
        "rosters": [rosters_dir],
        "ssh_priv": ssh_priv_key,
@ -194,7 +198,6 @@ def test_shell_inject_tgt(client, salt_ssh_roster_file, tmp_path, salt_auto_acco
        "eauth": "auto",
        "username": salt_auto_account.username,
        "password": salt_auto_account.password,
-        "ignore_host_keys": True,
    }
    ret = client.run(low)
    assert path.exists() is False
@ -249,7 +252,6 @@ def test_shell_inject_ssh_port(
        "roster_file": str(salt_ssh_roster_file),
        "rosters": "/",
        "ssh_port": f"hhhhh|id>{path} #",
-        "ignore_host_keys": True,
    }
    ret = client.run(low)
    assert path.exists() is False
@ -277,7 +279,6 @@ def test_shell_inject_remote_port_forwards(
        "eauth": "auto",
        "username": salt_auto_account.username,
        "password": salt_auto_account.password,
-        "ignore_host_keys": True,
    }
    ret = client.run(low)
    assert path.exists() is False
@ -324,7 +325,6 @@ def test_ssh_auth_bypass(client, salt_ssh_roster_file):
        "roster_file": str(salt_ssh_roster_file),
        "rosters": "/",
        "eauth": "xx",
-        "ignore_host_keys": True,
    }
    with pytest.raises(EauthAuthenticationError):
        client.run(low)