diff --git a/roles/backup_server/molecule/default/tests/test_parameters_optional.py b/roles/backup_server/molecule/default/tests/test_parameters_optional.py index c91f551b842c5781138089d302a5e6f0a075d408..8a5d6f6a411fd5a2b98a796d8c6b375f70b36d4a 100644 --- a/roles/backup_server/molecule/default/tests/test_parameters_optional.py +++ b/roles/backup_server/molecule/default/tests/test_parameters_optional.py @@ -207,27 +207,28 @@ def test_backup_ssh_service_connectivity(host): @pytest.mark.usefixtures("prepare_ssh_client_private_key_permissions") -def test_backup_ssh_service_key_fingerprints(host): +@pytest.mark.parametrize('key_algorithm', [ + 'rsa-sha2-512', + 'ssh-ed25519', + 'ecdsa-sha2-nistp256', +]) +def test_backup_ssh_service_key_fingerprints(host, key_algorithm): """ Tests fingerprints of backup SSH server in order to ensure correct keys are in use. """ - key_types = ['ssh-rsa', 'ssh-ed25519', 'ecdsa-sha2-nistp256'] - # Extract first non-IPv6 IP. Crude test, but it should work. remote_ip = next(a for a in host.interface("eth1").addresses if ":" not in a) local = host.get_host("local://") - for key_type in key_types: - - login_attempt = local.run("ssh -p 2222 " - "-o PasswordAuthentication=no " - "-o StrictHostKeyChecking=yes " - "-o UserKnownHostsFile=tests/data/ssh/known_hosts " - "-i tests/data/ssh/client1 " - "-o HostKeyAlgorithms=%s " - "bak-client1_backup@%s /bin/echo sshtest" % (key_type, remote_ip)) - assert login_attempt.rc == 1 - assert "This service allows sftp connections only." in login_attempt.stdout + login_attempt = local.run("ssh -p 2222 " + "-o PasswordAuthentication=no " + "-o StrictHostKeyChecking=yes " + "-o UserKnownHostsFile=tests/data/ssh/known_hosts " + "-i tests/data/ssh/client1 " + "-o HostKeyAlgorithms=%s " + "bak-client1_backup@%s /bin/echo sshtest" % (key_algorithm, remote_ip)) + assert login_attempt.rc == 1 + assert "This service allows sftp connections only." in login_attempt.stdout