Fixup mlosapio's contribution

This commit is contained in:
Garrett Honeycutt 2016-10-20 16:03:39 -04:00
parent 64008a427f
commit 6f34248977
3 changed files with 10 additions and 6 deletions

View File

@ -558,6 +558,10 @@ class ssh (
validate_re($ssh_strict_host_key_checking, '^(yes|no|ask)$', "ssh::ssh_strict_host_key_checking may be 'yes', 'no' or 'ask' and is set to <${ssh_strict_host_key_checking}>.") validate_re($ssh_strict_host_key_checking, '^(yes|no|ask)$', "ssh::ssh_strict_host_key_checking may be 'yes', 'no' or 'ask' and is set to <${ssh_strict_host_key_checking}>.")
} }
if $ssh_config_proxy_command != undef {
validate_string($ssh_config_proxy_command)
}
if $ssh_enable_ssh_keysign != undef { if $ssh_enable_ssh_keysign != undef {
validate_re($ssh_enable_ssh_keysign, '^(yes|no)$', "ssh::ssh_enable_ssh_keysign may be either 'yes' or 'no' and is set to <${ssh_enable_ssh_keysign}>.") validate_re($ssh_enable_ssh_keysign, '^(yes|no)$', "ssh::ssh_enable_ssh_keysign may be either 'yes' or 'no' and is set to <${ssh_enable_ssh_keysign}>.")
} }

View File

@ -372,7 +372,7 @@ describe 'ssh' do
it { should contain_file('ssh_config').with_content(/^\s*Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc$/) } it { should contain_file('ssh_config').with_content(/^\s*Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc$/) }
it { should contain_file('ssh_config').with_content(/^\s*KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1$/) } it { should contain_file('ssh_config').with_content(/^\s*KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1$/) }
it { should contain_file('ssh_config').with_content(/^\s*MACs hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com$/) } it { should contain_file('ssh_config').with_content(/^\s*MACs hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com$/) }
it { should contain_file('ssh_config').with_content(/^\s*ProxyCommand ssh -W %h:%p firewall.example.org$/) } it { should contain_file('ssh_config').with_content(/^\s*ProxyCommand ssh -W %h:%p firewall\.example\.org$/) }
it { should contain_file('ssh_config').with_content(/^\s*GlobalKnownHostsFile \/etc\/ssh\/ssh_known_hosts2 \/etc\/ssh\/ssh_known_hosts3 \/etc\/ssh\/ssh_known_hosts4$/) } it { should contain_file('ssh_config').with_content(/^\s*GlobalKnownHostsFile \/etc\/ssh\/ssh_known_hosts2 \/etc\/ssh\/ssh_known_hosts3 \/etc\/ssh\/ssh_known_hosts4$/) }
it { should contain_file('ssh_config').with_content(/^\s*UserKnownHostsFile \.ssh\/known_hosts1 \.ssh\/known_hosts2$/) } it { should contain_file('ssh_config').with_content(/^\s*UserKnownHostsFile \.ssh\/known_hosts1 \.ssh\/known_hosts2$/) }
it { should contain_file('ssh_config').with_content(/^\s*HostbasedAuthentication yes$/) } it { should contain_file('ssh_config').with_content(/^\s*HostbasedAuthentication yes$/) }
@ -792,14 +792,14 @@ describe 'ssh' do
end end
end end
[true,'invalid'].each do |proxycommand| [true, ['not','a','string']].each do |proxy_command|
content "with ssh_config_proxy_command set to invalid value #{proxycommand}" do context "with ssh_config_proxy_command set to invalid value #{proxy_command}" do
let(:params) { { :ssh_config_proxy_command => proxycommand } } let(:params) { { :ssh_config_proxy_command => proxy_command } }
it 'should fail' do it 'should fail' do
expect { expect {
should contain_class('ssh') should contain_class('ssh')
}.to raise_error(Puppet::Error) }.to raise_error(Puppet::Error)
end end
end end
end end

View File

@ -65,7 +65,7 @@
<% end -%> <% end -%>
<% if @ssh_config_proxy_command -%> <% if @ssh_config_proxy_command -%>
ProxyCommand <%= @ssh_config_proxy_command %> ProxyCommand <%= @ssh_config_proxy_command %>
<% end -%> <% end -%>
Host * Host *
# GSSAPIAuthentication yes # GSSAPIAuthentication yes
GSSAPIAuthentication <%= @ssh_gssapiauthentication %> GSSAPIAuthentication <%= @ssh_gssapiauthentication %>