From af14fe54d43e9af8ce6f3c4c141a1a695c8bafc4 Mon Sep 17 00:00:00 2001
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Wed, 2 Jun 2021 18:03:05 +0100
Subject: [PATCH] sshkeys: Tests a restricted command, refactor

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
---
 apitest/at-otter.rs | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/apitest/at-otter.rs b/apitest/at-otter.rs
index 2afe522a..6d826e85 100644
--- a/apitest/at-otter.rs
+++ b/apitest/at-otter.rs
@@ -246,11 +246,14 @@ impl Ctx {
                 .lines().nth(2).unwrap().unwrap(),
                 STATIC_TEST.strip_suffix("\n").unwrap() );
 
-    let mk_restricted = |account|{
-      let mut command = ds.also(&[("account",account)]).gss(
+    let mk_restricted = |account, rhs|{
+      let mut command = ds.also(&[
+        ("account",account),
+        ("rhs",    rhs),
+      ]).gss(
         "--account @account@ \
          --ssh nowhere \
-         list-accounts"
+         @rhs@"
       )?;
       command.insert(0, ds.subst(
         "--ssh-command=@src@/apitest/mock-ssh-restricted \
@@ -259,9 +262,10 @@ impl Ctx {
       Ok::<_,Explode>(command)
     };
 
-    self.otter(&mk_restricted("ssh:test:sub")?)?;
-    self.otter(&mk_restricted("ssh:other:")?).expect_err("unath");
-    self.otter(&mk_restricted("ssh:test:")?)?;
+    self.otter(&mk_restricted("ssh:test:sub", "list-accounts")?)?;
+    self.otter(&mk_restricted("ssh:other:", "list-accounts")?)
+      .expect_err("unath");
+    self.otter(&mk_restricted("ssh:test:", "list-accounts")?)?;
   }
 }
 
-- 
2.30.2