From fccecc695ca9d4b10cb237d2dc4d9f1df9c71f1e Mon Sep 17 00:00:00 2001
From: Pedro Algarvio <pedro@algarvio.me>
Date: Thu, 21 Mar 2024 16:56:53 +0000
Subject: [PATCH] Stop ignoring the host keys, query them and write them down
 as accepted.

---
 tests/conftest.py                               | 17 ++++++++++++++++-
 .../integration/netapi/test_ssh_client.py       | 12 ++++++------
 2 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/tests/conftest.py b/tests/conftest.py
index bc2dd0eda25..8c45640de5e 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -1399,7 +1399,21 @@ def sshd_server(salt_factories, sshd_config_dir, salt_master, grains):
 
 
 @pytest.fixture(scope="module")
-def salt_ssh_roster_file(sshd_server, salt_master):
+def known_hosts_file(sshd_server, salt_master, salt_factories):
+    with pytest.helpers.temp_file(
+        "ssh-known-hosts",
+        "\n".join(sshd_server.get_host_keys()),
+        salt_factories.tmp_root_dir,
+    ) as known_hosts_file, pytest.helpers.temp_file(
+        "master.d/ssh-known-hosts.conf",
+        f"known_hosts_file: {known_hosts_file}",
+        salt_master.config_dir,
+    ):
+        yield known_hosts_file
+
+
+@pytest.fixture(scope="module")
+def salt_ssh_roster_file(sshd_server, salt_master, known_hosts_file):
     roster_contents = """
     localhost:
       host: 127.0.0.1
@@ -1412,6 +1426,7 @@ def salt_ssh_roster_file(sshd_server, salt_master):
     )
     if salt.utils.platform.is_darwin():
         roster_contents += "  set_path: $PATH:/usr/local/bin/\n"
+
     with pytest.helpers.temp_file(
         "roster", roster_contents, salt_master.config_dir
     ) as roster_file:
diff --git a/tests/pytests/integration/netapi/test_ssh_client.py b/tests/pytests/integration/netapi/test_ssh_client.py
index 1de9f078773..11f25d9bd47 100644
--- a/tests/pytests/integration/netapi/test_ssh_client.py
+++ b/tests/pytests/integration/netapi/test_ssh_client.py
@@ -1,3 +1,5 @@
+import logging
+
 import pytest
 
 import salt.netapi
@@ -19,9 +21,12 @@ pytestmark = [
     pytest.mark.timeout_unless_on_windows(120),
 ]
 
+log = logging.getLogger(__name__)
+
 
 @pytest.fixture
-def client_config(client_config):
+def client_config(client_config, known_hosts_file):
+    client_config["known_hosts_file"] = str(known_hosts_file)
     client_config["netapi_enable_clients"] = ["ssh"]
     return client_config
 
@@ -74,7 +79,6 @@ def test_ssh(client, auth_creds, salt_ssh_roster_file, rosters_dir, ssh_priv_key
         "client": "ssh",
         "tgt": "localhost",
         "fun": "test.ping",
-        "ignore_host_keys": True,
         "roster_file": str(salt_ssh_roster_file),
         "rosters": [rosters_dir],
         "ssh_priv": ssh_priv_key,
@@ -194,7 +198,6 @@ def test_shell_inject_tgt(client, salt_ssh_roster_file, tmp_path, salt_auto_acco
         "eauth": "auto",
         "username": salt_auto_account.username,
         "password": salt_auto_account.password,
-        "ignore_host_keys": True,
     }
     ret = client.run(low)
     assert path.exists() is False
@@ -249,7 +252,6 @@ def test_shell_inject_ssh_port(
         "roster_file": str(salt_ssh_roster_file),
         "rosters": "/",
         "ssh_port": f"hhhhh|id>{path} #",
-        "ignore_host_keys": True,
     }
     ret = client.run(low)
     assert path.exists() is False
@@ -277,7 +279,6 @@ def test_shell_inject_remote_port_forwards(
         "eauth": "auto",
         "username": salt_auto_account.username,
         "password": salt_auto_account.password,
-        "ignore_host_keys": True,
     }
     ret = client.run(low)
     assert path.exists() is False
@@ -324,7 +325,6 @@ def test_ssh_auth_bypass(client, salt_ssh_roster_file):
         "roster_file": str(salt_ssh_roster_file),
         "rosters": "/",
         "eauth": "xx",
-        "ignore_host_keys": True,
     }
     with pytest.raises(EauthAuthenticationError):
         client.run(low)