From ebe04a0fe65b3b84fff02001b5f337d2fa2625ad Mon Sep 17 00:00:00 2001 From: Garrett Honeycutt Date: Thu, 17 Oct 2013 16:55:14 -0400 Subject: [PATCH 1/3] Refactor to condense lines in spec test for readability --- spec/classes/init_spec.rb | 48 ++++++++------------------------------- 1 file changed, 10 insertions(+), 38 deletions(-) diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index 9e8ecd0..fc5d41d 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -31,9 +31,7 @@ describe 'ssh' do }) } - it { - should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/) - } + it { should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/) } it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) } it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) } @@ -50,41 +48,14 @@ describe 'ssh' do }) } - it { - should contain_file('sshd_config').with_content(/^SyslogFacility AUTH$/) - } - - it { - should contain_file('sshd_config').with_content(/^LoginGraceTime 120$/) - } - - it { - should contain_file('sshd_config').with_content(/^PermitRootLogin no$/) - } - - it { - should contain_file('sshd_config').with_content(/^ChallengeResponseAuthentication no$/) - } - - it { - should contain_file('sshd_config').with_content(/^PrintMotd yes$/) - } - - it { - should contain_file('sshd_config').with_content(/^UseDNS yes$/) - } - - it { - should contain_file('sshd_config').with_content(/^Banner none$/) - } - - it { - should contain_file('sshd_config').with_content(/^XAuthLocation \/usr\/bin\/xauth$/) - } - - it { - should contain_file('sshd_config').with_content(/^Subsystem sftp \/usr\/libexec\/openssh\/sftp-server$/) - } + it { should contain_file('sshd_config').with_content(/^SyslogFacility AUTH$/) } + it { should contain_file('sshd_config').with_content(/^LoginGraceTime 120$/) } + it { should contain_file('sshd_config').with_content(/^PermitRootLogin no$/) } + it { should contain_file('sshd_config').with_content(/^ChallengeResponseAuthentication no$/) } + it { should contain_file('sshd_config').with_content(/^PrintMotd yes$/) } + it { should contain_file('sshd_config').with_content(/^UseDNS yes$/) } + it { should contain_file('sshd_config').with_content(/^XAuthLocation \/usr\/bin\/xauth$/) } + it { should contain_file('sshd_config').with_content(/^Subsystem sftp \/usr\/libexec\/openssh\/sftp-server$/) } it { should contain_service('sshd_service').with({ @@ -237,6 +208,7 @@ describe 'ssh' do 'user' => 'root', } } } } + it { should contain_ssh_authorized_key('root_for_userX').with({ 'ensure' => 'present', From 60ed4b8a4f6a7a89bfe961a714b066130b5e4a88 Mon Sep 17 00:00:00 2001 From: Garrett Honeycutt Date: Thu, 17 Oct 2013 16:58:16 -0400 Subject: [PATCH 2/3] Add missing spec test in sshd_config for banner option --- spec/classes/init_spec.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index fc5d41d..9ce67ce 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -54,6 +54,7 @@ describe 'ssh' do it { should contain_file('sshd_config').with_content(/^ChallengeResponseAuthentication no$/) } it { should contain_file('sshd_config').with_content(/^PrintMotd yes$/) } it { should contain_file('sshd_config').with_content(/^UseDNS yes$/) } + it { should contain_file('sshd_config').with_content(/^Banner none$/) } it { should contain_file('sshd_config').with_content(/^XAuthLocation \/usr\/bin\/xauth$/) } it { should contain_file('sshd_config').with_content(/^Subsystem sftp \/usr\/libexec\/openssh\/sftp-server$/) } From 3fbadff68cb12a496983212b2725dc85e231f66c Mon Sep 17 00:00:00 2001 From: Garrett Honeycutt Date: Thu, 17 Oct 2013 17:07:15 -0400 Subject: [PATCH 3/3] Add spec tests for variables in sshd_config template --- spec/classes/init_spec.rb | 44 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index 9ce67ce..07ff346 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -109,6 +109,50 @@ describe 'ssh' do it { should contain_file('ssh_config').with_content(/^ ServerAliveInterval 300$/) } end + context 'with params used in sshd_config set on osfamily RedHat' do + let :facts do + { + :fqdn => 'monkey.example.com', + :osfamily => 'RedHat', + :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' + } + end + let :params do + { + :sshd_config_syslog_facility => 'DAEMON', + :sshd_config_login_grace_time => '60', + :permit_root_login => 'yes', + :sshd_config_challenge_resp_auth => 'yes', + :sshd_config_print_motd => 'no', + :sshd_config_use_dns => 'no', + :sshd_config_banner => '/etc/sshd_banner', + :sshd_config_xauth_location => '/opt/ssh/bin/xauth', + :sshd_config_subsystem_sftp => '/opt/ssh/bin/sftp', + } + end + + it { + should contain_file('sshd_config').with({ + 'ensure' => 'file', + 'path' => '/etc/ssh/sshd_config', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0600', + 'require' => 'Package[ssh_packages]', + }) + } + + it { should contain_file('sshd_config').with_content(/^SyslogFacility DAEMON$/) } + it { should contain_file('sshd_config').with_content(/^LoginGraceTime 60$/) } + it { should contain_file('sshd_config').with_content(/^PermitRootLogin yes$/) } + it { should contain_file('sshd_config').with_content(/^ChallengeResponseAuthentication yes$/) } + it { should contain_file('sshd_config').with_content(/^PrintMotd no$/) } + it { should contain_file('sshd_config').with_content(/^UseDNS no$/) } + it { should contain_file('sshd_config').with_content(/^Banner \/etc\/sshd_banner$/) } + it { should contain_file('sshd_config').with_content(/^XAuthLocation \/opt\/ssh\/bin\/xauth$/) } + it { should contain_file('sshd_config').with_content(/^Subsystem sftp \/opt\/ssh\/bin\/sftp$/) } + end + context 'with manage_root_ssh_config set to \'true\' on valid osfamily' do let :facts do {