From 98382a05ff0460d0dcad718f8c37af08ee4f48cd Mon Sep 17 00:00:00 2001 From: Anders Larsson Date: Wed, 17 Feb 2016 10:58:14 +0100 Subject: [PATCH] Refactor spec tests --- README.md | 2 + metadata.json | 5 +- spec/classes/init_spec.rb | 2418 ++++++++----------------- spec/fixtures/ssh_config_debian | 61 + spec/fixtures/ssh_config_rhel | 61 + spec/fixtures/ssh_config_rhel_old | 60 + spec/fixtures/ssh_config_solaris | 54 + spec/fixtures/ssh_config_suse | 60 + spec/fixtures/sshd_config_debian | 139 ++ spec/fixtures/sshd_config_rhel | 139 ++ spec/fixtures/sshd_config_solaris | 128 ++ spec/fixtures/sshd_config_suse_i386 | 139 ++ spec/fixtures/sshd_config_suse_x86_64 | 139 ++ 13 files changed, 1696 insertions(+), 1709 deletions(-) create mode 100644 spec/fixtures/ssh_config_debian create mode 100644 spec/fixtures/ssh_config_rhel create mode 100644 spec/fixtures/ssh_config_rhel_old create mode 100644 spec/fixtures/ssh_config_solaris create mode 100644 spec/fixtures/ssh_config_suse create mode 100644 spec/fixtures/sshd_config_debian create mode 100644 spec/fixtures/sshd_config_rhel create mode 100644 spec/fixtures/sshd_config_solaris create mode 100644 spec/fixtures/sshd_config_suse_i386 create mode 100644 spec/fixtures/sshd_config_suse_x86_64 diff --git a/README.md b/README.md index 189a8c8..3da375e 100644 --- a/README.md +++ b/README.md @@ -27,9 +27,11 @@ only), 1.9.3, 2.0.0 and 2.1.0. * EL 5 * EL 6 * EL 7 + * SLES 10 * SLES 11 * SLES 12 * Ubuntu 12.04 LTS + * Ubuntu 14.04 LTS * Solaris 9 * Solaris 10 * Solaris 11 diff --git a/metadata.json b/metadata.json index c1b4f2a..94cb412 100644 --- a/metadata.json +++ b/metadata.json @@ -67,6 +67,7 @@ { "operatingsystem": "SLES", "operatingsystemrelease": [ + "10", "11", "12" ] @@ -74,6 +75,7 @@ { "operatingsystem": "SLED", "operatingsystemrelease": [ + "10", "11", "12" ] @@ -81,7 +83,8 @@ { "operatingsystem": "Ubuntu", "operatingsystemrelease": [ - "12.04" + "12.04", + "14.04" ] } ], diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index 2082fc3..8c2f222 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -1,1040 +1,272 @@ require 'spec_helper' + describe 'ssh' do - context 'with default params on osfamily RedHat' do - ['5','6','7'].each do |release| - context "release #{release}" do - let(:facts) do - { :fqdn => 'monkey.example.com', - :lsbmajdistrelease => release, - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==', + default_facts = { + :fqdn => 'monkey.example.com', + :osfamily => 'RedHat', + :ssh_version => 'OpenSSH_6.6p1', + :ssh_version_numeric => '6.6', + :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' + } + + default_solaris_facts = { + :fqdn => 'monkey.example.com', + :osfamily => 'Solaris', + :ssh_version => 'Sun_SSH_2.2', + :ssh_version_numeric => '2.2', + :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' + } + + osfamily_matrix = { + 'Debian-7' => { + :architecture => 'x86_64', + :osfamily => 'Debian', + :operatingsystemrelease => '7', + :ssh_version => 'OpenSSH_6.0p1', + :ssh_version_numeric => '6.0', + :ssh_packages => ['openssh-server', 'openssh-client'], + :sshd_config_mode => '0600', + :sshd_service_name => 'ssh', + :sshd_service_hasstatus => true, + :sshd_config_fixture => 'sshd_config_debian', + :ssh_config_fixture => 'ssh_config_debian', + }, + 'RedHat-5' => { + :architecture => 'x86_64', + :osfamily => 'RedHat', + :operatingsystemrelease => '5.11', + :ssh_version => 'OpenSSH_4.3p2', + :ssh_version_numeric => '4.3', + :ssh_packages => ['openssh-server', 'openssh-clients'], + :sshd_config_mode => '0600', + :sshd_service_name => 'sshd', + :sshd_service_hasstatus => true, + :sshd_config_fixture => 'sshd_config_rhel', + :ssh_config_fixture => 'ssh_config_rhel_old', + }, + 'RedHat-6' => { + :architecture => 'x86_64', + :osfamily => 'RedHat', + :operatingsystemrelease => '6.7', + :ssh_version => 'OpenSSH_5.3p1', + :ssh_version_numeric => '5.3', + :ssh_packages => ['openssh-server', 'openssh-clients'], + :sshd_config_mode => '0600', + :sshd_service_name => 'sshd', + :sshd_service_hasstatus => true, + :sshd_config_fixture => 'sshd_config_rhel', + :ssh_config_fixture => 'ssh_config_rhel_old', + }, + 'RedHat-7' => { + :architecture => 'x86_64', + :osfamily => 'RedHat', + :operatingsystemrelease => '7.2', + :ssh_version => 'OpenSSH_6.6p1', + :ssh_version_numeric => '6.6', + :ssh_packages => ['openssh-server', 'openssh-clients'], + :sshd_config_mode => '0600', + :sshd_service_name => 'sshd', + :sshd_service_hasstatus => true, + :sshd_config_fixture => 'sshd_config_rhel', + :ssh_config_fixture => 'ssh_config_rhel', + }, + 'Suse-10-x86_64' => { + :architecture => 'x86_64', + :osfamily => 'Suse', + :operatingsystemrelease => '10.4', + :ssh_version => 'OpenSSH_5.1p1', + :ssh_version_numeric => '5.1', + :ssh_packages => ['openssh'], + :sshd_config_mode => '0600', + :sshd_service_name => 'sshd', + :sshd_service_hasstatus => true, + :sshd_config_fixture => 'sshd_config_suse_x86_64', + :ssh_config_fixture => 'ssh_config_suse', + }, + 'Suse-10-i386' => { + :architecture => 'i386', + :osfamily => 'Suse', + :operatingsystemrelease => '10.4', + :ssh_version => 'OpenSSH_5.1p1', + :ssh_version_numeric => '5.1', + :ssh_packages => ['openssh'], + :sshd_config_mode => '0600', + :sshd_service_name => 'sshd', + :sshd_service_hasstatus => true, + :sshd_config_fixture => 'sshd_config_suse_i386', + :ssh_config_fixture => 'ssh_config_suse', + }, + 'Suse-11-x86_64' => { + :architecture => 'x86_64', + :osfamily => 'Suse', + :operatingsystemrelease => '11.4', + :ssh_version => '6.6.1p1', + :ssh_version_numeric => '6.6', + :ssh_packages => ['openssh'], + :sshd_config_mode => '0600', + :sshd_service_name => 'sshd', + :sshd_service_hasstatus => true, + :sshd_config_fixture => 'sshd_config_suse_x86_64', + :ssh_config_fixture => 'ssh_config_suse', + }, + 'Suse-11-i386' => { + :architecture => 'i386', + :osfamily => 'Suse', + :operatingsystemrelease => '11.4', + :ssh_version => '6.6.1p1', + :ssh_version_numeric => '6.6', + :ssh_packages => ['openssh'], + :sshd_config_mode => '0600', + :sshd_service_name => 'sshd', + :sshd_service_hasstatus => true, + :sshd_config_fixture => 'sshd_config_suse_i386', + :ssh_config_fixture => 'ssh_config_suse', + }, + 'Suse-12-x86_64' => { + :architecture => 'x86_64', + :osfamily => 'Suse', + :operatingsystemrelease => '12.0', + :ssh_version => '6.6.1p1', + :ssh_version_numeric => '6.6', + :ssh_packages => ['openssh'], + :sshd_config_mode => '0600', + :sshd_service_name => 'sshd', + :sshd_service_hasstatus => true, + :sshd_config_fixture => 'sshd_config_suse_x86_64', + :ssh_config_fixture => 'ssh_config_suse', + }, + 'Solaris-5.11' => { + :architecture => 'i86pc', + :osfamily => 'Solaris', + :kernelrelease => '5.11', + :ssh_version => 'Sun_SSH_2.2', + :ssh_version_numeric => '2.2', + :ssh_packages => ['network/ssh', 'network/ssh/ssh-key', 'service/network/ssh'], + :sshd_config_mode => '0644', + :sshd_service_name => 'ssh', + :sshd_service_hasstatus => true, + :sshd_config_fixture => 'sshd_config_solaris', + :ssh_config_fixture => 'ssh_config_solaris', + }, + 'Solaris-5.10' => { + :architecture => 'i86pc', + :osfamily => 'Solaris', + :kernelrelease => '5.10', + :ssh_version => 'Sun_SSH_2.2', + :ssh_version_numeric => '2.2', + :ssh_packages => ['SUNWsshcu', 'SUNWsshdr', 'SUNWsshdu', 'SUNWsshr', 'SUNWsshu'], + :sshd_config_mode => '0644', + :sshd_service_name => 'ssh', + :sshd_service_hasstatus => true, + :sshd_config_fixture => 'sshd_config_solaris', + :ssh_config_fixture => 'ssh_config_solaris', + }, + 'Solaris-5.9' => { + :architecture => 'i86pc', + :osfamily => 'Solaris', + :kernelrelease => '5.9', + :ssh_version => 'Sun_SSH_2.2', + :ssh_version_numeric => '2.2', + :ssh_packages => ['SUNWsshcu', 'SUNWsshdr', 'SUNWsshdu', 'SUNWsshr', 'SUNWsshu'], + :sshd_config_mode => '0644', + :sshd_service_name => 'sshd', + :sshd_service_hasstatus => false, + :sshd_config_fixture => 'sshd_config_solaris', + :ssh_config_fixture => 'ssh_config_solaris', + }, + } + + osfamily_matrix.each do |os, facts| + context "with default params on osfamily #{os}" do + let(:facts) do + facts.merge( + { + :fqdn => 'monkey.example.com', + :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==', } - end + ) + end - it { should compile.with_all_deps } + it { should compile.with_all_deps } - it { should contain_class('ssh')} + it { should contain_class('ssh')} - it { should_not contain_class('common')} - - ['openssh-server','openssh-clients'].each do |pkg| - it { - should contain_package(pkg).with({ - 'ensure' => 'installed', - }) - } - end + it { should_not contain_class('common')} + facts[:ssh_packages].each do |pkg| it { - should contain_file('ssh_known_hosts').with({ - 'ensure' => 'file', - 'path' => '/etc/ssh/ssh_known_hosts', - 'owner' => 'root', - 'group' => 'root', - 'mode' => '0644', - }) - } - - it { - should contain_file('ssh_config').with({ - 'ensure' => 'file', - 'path' => '/etc/ssh/ssh_config', - 'owner' => 'root', - 'group' => 'root', - 'mode' => '0644', - 'require' => ['Package[openssh-server]', 'Package[openssh-clients]'], - }) - } - - it { should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/) } - it { should contain_file('ssh_config').with_content(/^ Protocol 2$/) } - it { should contain_file('ssh_config').with_content(/^\s*HashKnownHosts no$/) } - it { should contain_file('ssh_config').with_content(/^\s*SendEnv L.*$/) } - it { should contain_file('ssh_config').with_content(/^\s*ForwardX11Trusted yes$/) } - it { should contain_file('ssh_config').without_content(/^\s*Ciphers/) } - it { should contain_file('ssh_config').without_content(/^\s*MACs/) } - it { should contain_file('ssh_config').with_content(/^\s*GlobalKnownHostsFile \/etc\/ssh\/ssh_known_hosts$/) } - it { should contain_file('ssh_config').with_content(/^\s*GSSAPIAuthentication yes$/) } - - it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) } - it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) } - it { should contain_file('ssh_config').with_content(/^\s*UseRoaming no$/) } - it { should_not contain_file('ssh_config').with_content(/^\s*ServerAliveInterval$/) } - - it { - should contain_file('sshd_config').with({ - 'ensure' => 'file', - 'path' => '/etc/ssh/sshd_config', - 'owner' => 'root', - 'group' => 'root', - 'mode' => '0600', - 'require' => ['Package[openssh-server]', 'Package[openssh-clients]'], - }) - } - - it { should contain_file('sshd_config').with_content(/^Port 22$/) } - it { should contain_file('sshd_config').with_content(/^SyslogFacility AUTH$/) } - it { should contain_file('sshd_config').with_content(/^LogLevel INFO$/) } - it { should contain_file('sshd_config').with_content(/^LoginGraceTime 120$/) } - it { should contain_file('sshd_config').with_content(/^PermitRootLogin yes$/) } - it { should contain_file('sshd_config').with_content(/^ChallengeResponseAuthentication yes$/) } - it { should contain_file('sshd_config').with_content(/^PrintMotd yes$/) } - it { should contain_file('sshd_config').with_content(/^UseDNS yes$/) } - it { should contain_file('sshd_config').with_content(/^Banner none$/) } - it { should contain_file('sshd_config').with_content(/^XAuthLocation \/usr\/bin\/xauth$/) } - it { should contain_file('sshd_config').with_content(/^Subsystem sftp \/usr\/libexec\/openssh\/sftp-server$/) } - it { should contain_file('sshd_config').with_content(/^PasswordAuthentication yes$/) } - it { should contain_file('sshd_config').with_content(/^AllowTcpForwarding yes$/) } - it { should contain_file('sshd_config').with_content(/^X11Forwarding yes$/) } - it { should contain_file('sshd_config').with_content(/^UsePAM yes$/) } - it { should contain_file('sshd_config').with_content(/^ClientAliveInterval 0$/) } - it { should contain_file('sshd_config').with_content(/^ServerKeyBits 1024$/) } - it { should contain_file('sshd_config').with_content(/^ClientAliveCountMax 3$/) } - it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication yes$/) } - it { should contain_file('sshd_config').with_content(/^GSSAPICleanupCredentials yes$/) } - it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) } - it { should contain_file('sshd_config').without_content(/^\s*ListenAddress/) } - it { should_not contain_file('sshd_config').with_content(/^\s*PAMAuthenticationViaKBDInt yes$/) } - it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPIKeyExchange no$/) } - it { should_not contain_file('sshd_config').with_content(/^AuthorizedKeysFile/) } - it { should_not contain_file('sshd_config').with_content(/^StrictModes/) } - it { should_not contain_file('sshd_config').with_content(/^MaxStartups/) } - it { should_not contain_file('sshd_config').with_content(/^MaxSessions/) } - it { should_not contain_file('sshd_config').with_content(/^\s*AuthorizedKeysCommand/) } - it { should contain_file('sshd_config').with_content(/^HostbasedAuthentication no$/) } - it { should contain_file('sshd_config').with_content(/^IgnoreUserKnownHosts no$/) } - it { should contain_file('sshd_config').with_content(/^IgnoreRhosts yes$/) } - it { should contain_file('sshd_config').with_content(/^#ChrootDirectory none/) } - it { should contain_file('sshd_config').without_content(/^ForceCommand/) } - it { should contain_file('sshd_config').without_content(/^Match/) } - it { should contain_file('sshd_config').with_content(/^AcceptEnv L.*$/) } - it { should contain_file('sshd_config').without_content(/^\s*Ciphers/) } - it { should contain_file('sshd_config').without_content(/^\s*MACs/) } - it { should contain_file('sshd_config').without_content(/^\s*DenyUsers/) } - it { should contain_file('sshd_config').without_content(/^\s*DenyGroups/) } - it { should contain_file('sshd_config').without_content(/^\s*AllowUsers/) } - it { should contain_file('sshd_config').without_content(/^\s*AllowGroups/) } - - it { - should contain_service('sshd_service').with({ - 'ensure' => 'running', - 'name' => 'sshd', - 'enable' => 'true', - 'hasrestart' => 'true', - 'hasstatus' => 'true', - 'subscribe' => 'File[sshd_config]', - }) - } - - it { - should contain_resources('sshkey').with({ - 'purge' => 'true', + should contain_package(pkg).with({ + 'ensure' => 'installed', }) } end - end - end - context 'with default params on osfamily Solaris kernelrelease 5.8' do - let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'Solaris', - :kernelrelease => '5.8', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end - - it 'should fail' do - expect { - should contain_class('ssh') - }.to raise_error(Puppet::Error,/ssh module supports Solaris kernel release 5\.9, 5\.10 and 5\.11\./) - end - end - - context 'with default params on osfamily Solaris kernelrelease 5.11' do - let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'Solaris', - :kernelrelease => '5.11', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end - - it { should contain_class('ssh')} - - it { should_not contain_class('common')} - - - ['network/ssh','network/ssh/ssh-key','service/network/ssh'].each do |pkg| it { - should contain_package(pkg).with({ - 'ensure' => 'installed', + should contain_file('ssh_known_hosts').with({ + 'ensure' => 'file', + 'path' => '/etc/ssh/ssh_known_hosts', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644', + }) + } + + it { + should contain_file('ssh_config').with({ + 'ensure' => 'file', + 'path' => '/etc/ssh/ssh_config', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644', + }) + } + + ssh_config_fixture = File.read(fixtures(facts[:ssh_config_fixture])) + it { should contain_file('ssh_config').with_content(ssh_config_fixture) } + + facts[:ssh_packages].each do |pkg| + it { + should contain_file('ssh_config').that_requires("Package[#{pkg}]") + } + end + + it { + should contain_file('sshd_config').with({ + 'ensure' => 'file', + 'path' => '/etc/ssh/sshd_config', + 'owner' => 'root', + 'group' => 'root', + 'mode' => facts[:sshd_config_mode], + }) + } + + facts[:ssh_packages].each do |pkg| + it { + should contain_file('sshd_config').that_requires("Package[#{pkg}]") + } + end + + sshd_config_fixture = File.read(fixtures(facts[:sshd_config_fixture])) + it { should contain_file('sshd_config').with_content(sshd_config_fixture) } + + it { + should contain_service('sshd_service').with({ + 'ensure' => 'running', + 'name' => facts[:sshd_service_name], + 'enable' => 'true', + 'hasrestart' => 'true', + 'hasstatus' => facts[:sshd_service_hasstatus], + 'subscribe' => 'File[sshd_config]', + }) + } + + it { + should contain_resources('sshkey').with({ + 'purge' => 'true', }) } end - - it { - should contain_file('ssh_known_hosts').with({ - 'ensure' => 'file', - 'path' => '/etc/ssh/ssh_known_hosts', - 'owner' => 'root', - 'group' => 'root', - 'mode' => '0644', - }) - } - - it { - should contain_file('ssh_config').with({ - 'ensure' => 'file', - 'path' => '/etc/ssh/ssh_config', - 'owner' => 'root', - 'group' => 'root', - 'mode' => '0644', - 'require' => [ 'Package[network/ssh]', 'Package[network/ssh/ssh-key]', 'Package[service/network/ssh]' ], - }) - } - - it { should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/) } - it { should contain_file('ssh_config').with_content(/^ Protocol 2$/) } - it { should contain_file('ssh_config').with_content(/^\s*GSSAPIAuthentication yes$/) } - it { should_not contain_file('ssh_config').with_content(/^\s*HashKnownHosts no$/) } - it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11Trusted/) } - - it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) } - it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) } - it { should contain_file('ssh_config').without_content(/^\s*UseRoaming/) } - it { should_not contain_file('ssh_config').with_content(/^\s*ServerAliveInterval$/) } - it { should_not contain_file('ssh_config').with_content(/^\s*SendEnv L.*$/) } - it { should contain_file('ssh_config').without_content(/^\s*Ciphers/) } - it { should contain_file('ssh_config').without_content(/^\s*MACs/) } - - it { - should contain_file('sshd_config').with({ - 'ensure' => 'file', - 'path' => '/etc/ssh/sshd_config', - 'owner' => 'root', - 'group' => 'root', - 'mode' => '0644', - 'require' => [ 'Package[network/ssh]', 'Package[network/ssh/ssh-key]', 'Package[service/network/ssh]' ], - }) - } - - it { should contain_file('sshd_config').with_content(/^SyslogFacility AUTH$/) } - it { should contain_file('sshd_config').with_content(/^LogLevel INFO$/) } - it { should contain_file('sshd_config').with_content(/^LoginGraceTime 120$/) } - it { should contain_file('sshd_config').with_content(/^PermitRootLogin yes$/) } - it { should contain_file('sshd_config').with_content(/^ChallengeResponseAuthentication yes$/) } - it { should contain_file('sshd_config').with_content(/^PrintMotd yes$/) } - it { should contain_file('sshd_config').with_content(/^Banner none$/) } - it { should contain_file('sshd_config').with_content(/^XAuthLocation \/usr\/openwin\/bin\/xauth$/) } - it { should contain_file('sshd_config').with_content(/^Subsystem sftp \/usr\/lib\/ssh\/sftp-server$/) } - it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication yes$/) } - it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPICleanupCredentials yes$/) } - it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) } - it { should contain_file('sshd_config').with_content(/^PAMAuthenticationViaKBDInt yes$/) } - it { should contain_file('sshd_config').with_content(/^GSSAPIKeyExchange yes$/) } - it { should_not contain_file('sshd_config').with_content(/^\s*AcceptEnv L.*$/) } - it { should_not contain_file('sshd_config').with_content(/^AuthorizedKeysFile/) } - it { should_not contain_file('sshd_config').with_content(/^StrictModes/) } - it { should_not contain_file('sshd_config').with_content(/^MaxStartups/) } - it { should_not contain_file('sshd_config').with_content(/^MaxSessions/) } - it { should_not contain_file('sshd_config').with_content(/^\s*AuthorizedKeysCommand/) } - it { should contain_file('sshd_config').with_content(/^HostbasedAuthentication no$/) } - it { should contain_file('sshd_config').with_content(/^IgnoreUserKnownHosts no$/) } - it { should contain_file('sshd_config').with_content(/^IgnoreRhosts yes$/) } - it { should contain_file('sshd_config').with_content(/^#ChrootDirectory none/) } - it { should contain_file('sshd_config').without_content(/^ForceCommand/) } - it { should contain_file('sshd_config').without_content(/^Match/) } - it { should contain_file('sshd_config').with_content(/^ServerKeyBits 768$/) } - it { should contain_file('sshd_config').without_content(/^\s*Ciphers/) } - it { should contain_file('sshd_config').without_content(/^\s*MACs/) } - it { should contain_file('sshd_config').without_content(/^\s*DenyUsers/) } - it { should contain_file('sshd_config').without_content(/^\s*DenyGroups/) } - it { should contain_file('sshd_config').without_content(/^\s*AllowUsers/) } - it { should contain_file('sshd_config').without_content(/^\s*AllowGroups/) } - it { should contain_file('sshd_config').without_content(/^\s*ListenAddress/) } - - it { - should contain_service('sshd_service').with({ - 'ensure' => 'running', - 'name' => 'ssh', - 'enable' => 'true', - 'hasrestart' => 'true', - 'hasstatus' => 'true', - 'subscribe' => 'File[sshd_config]', - }) - } - - it { - should contain_resources('sshkey').with({ - 'purge' => 'true', - }) - } - end - - context 'with default params on osfamily Solaris kernelrelease 5.10' do - let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'Solaris', - :kernelrelease => '5.10', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end - - it { should contain_class('ssh')} - - it { should_not contain_class('common')} - - ['SUNWsshcu','SUNWsshdr','SUNWsshdu','SUNWsshr','SUNWsshu'].each do |pkg| - it { - should contain_package(pkg).with({ - 'ensure' => 'installed', - 'source' => '/var/spool/pkg', - 'adminfile' => nil, - }) - } - end - - it { - should contain_file('ssh_known_hosts').with({ - 'ensure' => 'file', - 'path' => '/etc/ssh/ssh_known_hosts', - 'owner' => 'root', - 'group' => 'root', - 'mode' => '0644', - }) - } - - it { - should contain_file('ssh_config').with({ - 'ensure' => 'file', - 'path' => '/etc/ssh/ssh_config', - 'owner' => 'root', - 'group' => 'root', - 'mode' => '0644', - 'require' => [ 'Package[SUNWsshcu]', 'Package[SUNWsshdr]', 'Package[SUNWsshdu]', 'Package[SUNWsshr]', 'Package[SUNWsshu]' ], - }) - } - - it { should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/) } - it { should contain_file('ssh_config').with_content(/^ Protocol 2$/) } - it { should contain_file('ssh_config').with_content(/^\s*GSSAPIAuthentication yes$/) } - it { should_not contain_file('ssh_config').with_content(/^\s*HashKnownHosts no$/) } - it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11Trusted/) } - - it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) } - it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) } - it { should contain_file('ssh_config').without_content(/^\s*UseRoaming/) } - it { should_not contain_file('ssh_config').with_content(/^\s*ServerAliveInterval$/) } - it { should_not contain_file('ssh_config').with_content(/^\s*SendEnv L.*$/) } - it { should contain_file('ssh_config').without_content(/^\s*Ciphers/) } - it { should contain_file('ssh_config').without_content(/^\s*MACs/) } - - it { - should contain_file('sshd_config').with({ - 'ensure' => 'file', - 'path' => '/etc/ssh/sshd_config', - 'owner' => 'root', - 'group' => 'root', - 'mode' => '0644', - 'require' => [ 'Package[SUNWsshcu]', 'Package[SUNWsshdr]', 'Package[SUNWsshdu]', 'Package[SUNWsshr]', 'Package[SUNWsshu]' ], - }) - } - - it { should contain_file('sshd_config').with_content(/^SyslogFacility AUTH$/) } - it { should contain_file('sshd_config').with_content(/^LogLevel INFO$/) } - it { should contain_file('sshd_config').with_content(/^LoginGraceTime 120$/) } - it { should contain_file('sshd_config').with_content(/^PermitRootLogin yes$/) } - it { should contain_file('sshd_config').with_content(/^ChallengeResponseAuthentication yes$/) } - it { should contain_file('sshd_config').with_content(/^PrintMotd yes$/) } - it { should contain_file('sshd_config').with_content(/^Banner none$/) } - it { should contain_file('sshd_config').with_content(/^XAuthLocation \/usr\/openwin\/bin\/xauth$/) } - it { should contain_file('sshd_config').with_content(/^Subsystem sftp \/usr\/lib\/ssh\/sftp-server$/) } - it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication yes$/) } - it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPICleanupCredentials yes$/) } - it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) } - it { should contain_file('sshd_config').with_content(/^PAMAuthenticationViaKBDInt yes$/) } - it { should contain_file('sshd_config').with_content(/^GSSAPIKeyExchange yes$/) } - it { should_not contain_file('sshd_config').with_content(/^\s*AcceptEnv L.*$/) } - it { should_not contain_file('sshd_config').with_content(/^AuthorizedKeysFile/) } - it { should_not contain_file('sshd_config').with_content(/^StrictModes/) } - it { should_not contain_file('sshd_config').with_content(/^MaxStartups/) } - it { should_not contain_file('sshd_config').with_content(/^MaxSessions/) } - it { should_not contain_file('sshd_config').with_content(/^\s*AuthorizedKeysCommand/) } - it { should contain_file('sshd_config').with_content(/^HostbasedAuthentication no$/) } - it { should contain_file('sshd_config').with_content(/^IgnoreUserKnownHosts no$/) } - it { should contain_file('sshd_config').with_content(/^IgnoreRhosts yes$/) } - it { should contain_file('sshd_config').with_content(/^#ChrootDirectory none/) } - it { should contain_file('sshd_config').without_content(/^ForceCommand/) } - it { should contain_file('sshd_config').without_content(/^Match/) } - it { should contain_file('sshd_config').with_content(/^ServerKeyBits 768$/) } - it { should contain_file('sshd_config').without_content(/^\s*Ciphers/) } - it { should contain_file('sshd_config').without_content(/^\s*MACs/) } - it { should contain_file('sshd_config').without_content(/^\s*DenyUsers/) } - it { should contain_file('sshd_config').without_content(/^\s*DenyGroups/) } - it { should contain_file('sshd_config').without_content(/^\s*AllowUsers/) } - it { should contain_file('sshd_config').without_content(/^\s*AllowGroups/) } - it { should contain_file('sshd_config').without_content(/^\s*ListenAddress/) } - - it { - should contain_service('sshd_service').with({ - 'ensure' => 'running', - 'name' => 'ssh', - 'enable' => 'true', - 'hasrestart' => 'true', - 'hasstatus' => 'true', - 'subscribe' => 'File[sshd_config]', - }) - } - - it { - should contain_resources('sshkey').with({ - 'purge' => 'true', - }) - } - end - - context 'with default params on osfamily Solaris kernelrelease 5.9' do - let :facts do - { :fqdn => 'monkey.example.com', - :osfamily => 'Solaris', - :kernelrelease => '5.9', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end - - it { should contain_class('ssh')} - - it { should_not contain_class('common')} - - ['SUNWsshcu','SUNWsshdr','SUNWsshdu','SUNWsshr','SUNWsshu'].each do |pkg| - it { - should contain_package(pkg).with({ - 'ensure' => 'installed', - 'source' => '/var/spool/pkg', - 'adminfile' => nil, - }) - } - end - - it { - should contain_file('ssh_known_hosts').with({ - 'ensure' => 'file', - 'path' => '/etc/ssh/ssh_known_hosts', - 'owner' => 'root', - 'group' => 'root', - 'mode' => '0644', - }) - } - - it { - should contain_file('ssh_config').with({ - 'ensure' => 'file', - 'path' => '/etc/ssh/ssh_config', - 'owner' => 'root', - 'group' => 'root', - 'mode' => '0644', - 'require' => [ 'Package[SUNWsshcu]', 'Package[SUNWsshdr]', 'Package[SUNWsshdu]', 'Package[SUNWsshr]', 'Package[SUNWsshu]' ], - }) - } - - it { should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/) } - it { should contain_file('ssh_config').with_content(/^ Protocol 2$/) } - it { should_not contain_file('ssh_config').with_content(/^\s*HashKnownHosts no$/) } - it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11Trusted/) } - - it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) } - it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) } - it { should contain_file('ssh_config').without_content(/^\s*UseRoaming/) } - it { should_not contain_file('ssh_config').with_content(/^\s*ServerAliveInterval$/) } - it { should_not contain_file('ssh_config').with_content(/^\s*SendEnv L.*$/) } - it { should contain_file('ssh_config').without_content(/^\s*Ciphers/) } - it { should contain_file('ssh_config').without_content(/^\s*MACs/) } - - it { - should contain_file('sshd_config').with({ - 'ensure' => 'file', - 'path' => '/etc/ssh/sshd_config', - 'owner' => 'root', - 'group' => 'root', - 'mode' => '0644', - 'require' => [ 'Package[SUNWsshcu]', 'Package[SUNWsshdr]', 'Package[SUNWsshdu]', 'Package[SUNWsshr]', 'Package[SUNWsshu]' ], - }) - } - - it { should contain_file('sshd_config').with_content(/^SyslogFacility AUTH$/) } - it { should contain_file('sshd_config').with_content(/^LogLevel INFO$/) } - it { should contain_file('sshd_config').with_content(/^LoginGraceTime 120$/) } - it { should contain_file('sshd_config').with_content(/^PermitRootLogin yes$/) } - it { should contain_file('sshd_config').with_content(/^ChallengeResponseAuthentication yes$/) } - it { should contain_file('sshd_config').with_content(/^PrintMotd yes$/) } - it { should contain_file('sshd_config').with_content(/^Banner none$/) } - it { should contain_file('sshd_config').with_content(/^XAuthLocation \/usr\/openwin\/bin\/xauth$/) } - it { should contain_file('sshd_config').with_content(/^Subsystem sftp \/usr\/lib\/ssh\/sftp-server$/) } - it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication yes$/) } - it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPICleanupCredentials yes$/) } - it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) } - it { should contain_file('sshd_config').with_content(/^PAMAuthenticationViaKBDInt yes$/) } - it { should contain_file('sshd_config').with_content(/^GSSAPIKeyExchange yes$/) } - it { should_not contain_file('sshd_config').with_content(/^\s*AcceptEnv L.*$/) } - it { should_not contain_file('sshd_config').with_content(/^AuthorizedKeysFile/) } - it { should_not contain_file('sshd_config').with_content(/^StrictModes/) } - it { should_not contain_file('sshd_config').with_content(/^MaxStartups/) } - it { should_not contain_file('sshd_config').with_content(/^MaxSessions/) } - it { should_not contain_file('sshd_config').with_content(/^\s*AuthorizedKeysCommand/) } - it { should contain_file('sshd_config').with_content(/^HostbasedAuthentication no$/) } - it { should contain_file('sshd_config').with_content(/^IgnoreUserKnownHosts no$/) } - it { should contain_file('sshd_config').with_content(/^IgnoreRhosts yes$/) } - it { should contain_file('sshd_config').with_content(/^#ChrootDirectory none/) } - it { should contain_file('sshd_config').without_content(/^ForceCommand/) } - it { should contain_file('sshd_config').without_content(/^Match/) } - it { should contain_file('sshd_config').with_content(/^ServerKeyBits 768$/) } - it { should contain_file('sshd_config').without_content(/^\s*Ciphers/) } - it { should contain_file('sshd_config').without_content(/^\s*MACs/) } - it { should contain_file('sshd_config').without_content(/^\s*DenyUsers/) } - it { should contain_file('sshd_config').without_content(/^\s*DenyGroups/) } - it { should contain_file('sshd_config').without_content(/^\s*AllowUsers/) } - it { should contain_file('sshd_config').without_content(/^\s*AllowGroups/) } - it { should contain_file('sshd_config').without_content(/^\s*ListenAddress/) } - - it { - should contain_service('sshd_service').with({ - 'ensure' => 'running', - 'name' => 'sshd', - 'enable' => 'true', - 'hasrestart' => 'true', - 'hasstatus' => 'false', - 'subscribe' => 'File[sshd_config]', - }) - } - - it { - should contain_resources('sshkey').with({ - 'purge' => 'true', - }) - } - end - - context 'with default params on osfamily Debian' do - let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'Debian', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end - it { should compile.with_all_deps } - - it { should contain_class('ssh')} - - it { should_not contain_class('common')} - - ['openssh-server','openssh-client'].each do |pkg| - it { - should contain_package(pkg).with({ - 'ensure' => 'installed', - }) - } - end - - it { - should contain_file('ssh_known_hosts').with({ - 'ensure' => 'file', - 'path' => '/etc/ssh/ssh_known_hosts', - 'owner' => 'root', - 'group' => 'root', - 'mode' => '0644', - }) - } - - it { - should contain_file('ssh_config').with({ - 'ensure' => 'file', - 'path' => '/etc/ssh/ssh_config', - 'owner' => 'root', - 'group' => 'root', - 'mode' => '0644', - 'require' => ['Package[openssh-server]', 'Package[openssh-client]'], - }) - } - - it { should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/) } - it { should contain_file('ssh_config').with_content(/^ Protocol 2$/) } - it { should contain_file('ssh_config').with_content(/^\s*HashKnownHosts no$/) } - it { should contain_file('ssh_config').with_content(/^\s*SendEnv L.*$/) } - it { should contain_file('ssh_config').with_content(/^\s*ForwardX11Trusted yes$/) } - it { should contain_file('ssh_config').with_content(/^\s*GSSAPIAuthentication yes$/) } - - it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) } - it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) } - it { should contain_file('ssh_config').with_content(/^\s*UseRoaming no$/) } - it { should_not contain_file('ssh_config').with_content(/^\s*ServerAliveInterval$/) } - it { should contain_file('ssh_config').without_content(/^\s*Ciphers/) } - it { should contain_file('ssh_config').without_content(/^\s*MACs/) } - - it { - should contain_file('sshd_config').with({ - 'ensure' => 'file', - 'path' => '/etc/ssh/sshd_config', - 'owner' => 'root', - 'group' => 'root', - 'mode' => '0600', - 'require' => ['Package[openssh-server]', 'Package[openssh-client]'], - }) - } - - it { should contain_file('sshd_config').with_content(/^Port 22$/) } - it { should contain_file('sshd_config').with_content(/^SyslogFacility AUTH$/) } - it { should contain_file('sshd_config').with_content(/^LogLevel INFO$/) } - it { should contain_file('sshd_config').with_content(/^LoginGraceTime 120$/) } - it { should contain_file('sshd_config').with_content(/^PermitRootLogin yes$/) } - it { should contain_file('sshd_config').with_content(/^ChallengeResponseAuthentication yes$/) } - it { should contain_file('sshd_config').with_content(/^PrintMotd yes$/) } - it { should contain_file('sshd_config').with_content(/^UseDNS yes$/) } - it { should contain_file('sshd_config').with_content(/^Banner none$/) } - it { should contain_file('sshd_config').with_content(/^XAuthLocation \/usr\/bin\/xauth$/) } - it { should contain_file('sshd_config').with_content(/^Subsystem sftp \/usr\/lib\/openssh\/sftp-server$/) } - it { should contain_file('sshd_config').with_content(/^PasswordAuthentication yes$/) } - it { should contain_file('sshd_config').with_content(/^AllowTcpForwarding yes$/) } - it { should contain_file('sshd_config').with_content(/^X11Forwarding yes$/) } - it { should contain_file('sshd_config').with_content(/^UsePAM yes$/) } - it { should contain_file('sshd_config').with_content(/^ClientAliveInterval 0$/) } - it { should contain_file('sshd_config').with_content(/^ServerKeyBits 1024$/) } - it { should contain_file('sshd_config').with_content(/^ClientAliveCountMax 3$/) } - it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication yes$/) } - it { should contain_file('sshd_config').with_content(/^GSSAPICleanupCredentials yes$/) } - it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) } - it { should_not contain_file('sshd_config').with_content(/^\s*PAMAuthenticationViaKBDInt yes$/) } - it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPIKeyExchange yes$/) } - it { should contain_file('sshd_config').with_content(/^AcceptEnv L.*$/) } - it { should_not contain_file('sshd_config').with_content(/^AuthorizedKeysFile/) } - it { should_not contain_file('sshd_config').with_content(/^StrictModes/) } - it { should_not contain_file('sshd_config').with_content(/^MaxStartups/) } - it { should_not contain_file('sshd_config').with_content(/^MaxSessions/) } - it { should_not contain_file('sshd_config').with_content(/^\s*AuthorizedKeysCommand/) } - it { should contain_file('sshd_config').with_content(/^HostbasedAuthentication no$/) } - it { should contain_file('sshd_config').with_content(/^IgnoreUserKnownHosts no$/) } - it { should contain_file('sshd_config').with_content(/^IgnoreRhosts yes$/) } - it { should contain_file('sshd_config').with_content(/^#ChrootDirectory none/) } - it { should contain_file('sshd_config').without_content(/^ForceCommand/) } - it { should contain_file('sshd_config').without_content(/^Match/) } - it { should contain_file('ssh_config').without_content(/^\s*Ciphers/) } - it { should contain_file('ssh_config').without_content(/^\s*MACs/) } - it { should contain_file('ssh_config').without_content(/^\s*DenyUsers/) } - it { should contain_file('sshd_config').without_content(/^\s*DenyGroups/) } - it { should contain_file('sshd_config').without_content(/^\s*AllowUsers/) } - it { should contain_file('sshd_config').without_content(/^\s*AllowGroups/) } - it { should contain_file('sshd_config').without_content(/^\s*ListenAddress/) } - - it { - should contain_service('sshd_service').with({ - 'ensure' => 'running', - 'name' => 'ssh', - 'enable' => 'true', - 'hasrestart' => 'true', - 'hasstatus' => 'true', - 'subscribe' => 'File[sshd_config]', - }) - } - - it { - should contain_resources('sshkey').with({ - 'purge' => 'true', - }) - } - end - - context 'with default params on osfamily Suse architecture x86_64' do - let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'Suse', - :architecture => 'x86_64', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end - - it { should compile.with_all_deps } - - it { should contain_class('ssh')} - - it { should_not contain_class('common')} - - it { - should contain_package('openssh').with({ - 'ensure' => 'installed', - }) - } - - it { - should contain_file('ssh_known_hosts').with({ - 'ensure' => 'file', - 'path' => '/etc/ssh/ssh_known_hosts', - 'owner' => 'root', - 'group' => 'root', - 'mode' => '0644', - }) - } - - it { - should contain_file('ssh_config').with({ - 'ensure' => 'file', - 'path' => '/etc/ssh/ssh_config', - 'owner' => 'root', - 'group' => 'root', - 'mode' => '0644', - 'require' => 'Package[openssh]', - }) - } - - it { should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/) } - it { should contain_file('ssh_config').with_content(/^ Protocol 2$/) } - it { should contain_file('ssh_config').with_content(/^\s*HashKnownHosts no$/) } - it { should contain_file('ssh_config').with_content(/^\s*SendEnv L.*$/) } - it { should contain_file('ssh_config').with_content(/^\s*ForwardX11Trusted yes$/) } - it { should contain_file('ssh_config').with_content(/^\s*GSSAPIAuthentication yes$/) } - - it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) } - it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) } - it { should contain_file('ssh_config').with_content(/^\s*UseRoaming no$/) } - it { should_not contain_file('ssh_config').with_content(/^\s*ServerAliveInterval$/) } - it { should contain_file('ssh_config').without_content(/^\s*Ciphers/) } - it { should contain_file('ssh_config').without_content(/^\s*MACs/) } - - it { - should contain_file('sshd_config').with({ - 'ensure' => 'file', - 'path' => '/etc/ssh/sshd_config', - 'owner' => 'root', - 'group' => 'root', - 'mode' => '0600', - 'require' => 'Package[openssh]', - }) - } - - it { should contain_file('sshd_config').with_content(/^Port 22$/) } - it { should contain_file('sshd_config').with_content(/^SyslogFacility AUTH$/) } - it { should contain_file('sshd_config').with_content(/^LogLevel INFO$/) } - it { should contain_file('sshd_config').with_content(/^LoginGraceTime 120$/) } - it { should contain_file('sshd_config').with_content(/^PermitRootLogin yes$/) } - it { should contain_file('sshd_config').with_content(/^ChallengeResponseAuthentication yes$/) } - it { should contain_file('sshd_config').with_content(/^PrintMotd yes$/) } - it { should contain_file('sshd_config').with_content(/^UseDNS yes$/) } - it { should contain_file('sshd_config').with_content(/^Banner none$/) } - it { should contain_file('sshd_config').with_content(/^XAuthLocation \/usr\/bin\/xauth$/) } - it { should contain_file('sshd_config').with_content(/^Subsystem sftp \/usr\/lib64\/ssh\/sftp-server$/) } - it { should contain_file('sshd_config').with_content(/^PasswordAuthentication yes$/) } - it { should contain_file('sshd_config').with_content(/^AllowTcpForwarding yes$/) } - it { should contain_file('sshd_config').with_content(/^X11Forwarding yes$/) } - it { should contain_file('sshd_config').with_content(/^UsePAM yes$/) } - it { should contain_file('sshd_config').with_content(/^ClientAliveInterval 0$/) } - it { should contain_file('sshd_config').with_content(/^ServerKeyBits 1024$/) } - it { should contain_file('sshd_config').with_content(/^ClientAliveCountMax 3$/) } - it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication yes$/) } - it { should contain_file('sshd_config').with_content(/^GSSAPICleanupCredentials yes$/) } - it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) } - it { should_not contain_file('sshd_config').with_content(/^\s*PAMAuthenticationViaKBDInt yes$/) } - it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPIKeyExchange yes$/) } - it { should contain_file('sshd_config').with_content(/^AcceptEnv L.*$/) } - it { should_not contain_file('sshd_config').with_content(/^AuthorizedKeysFile/) } - it { should_not contain_file('sshd_config').with_content(/^StrictModes/) } - it { should_not contain_file('sshd_config').with_content(/^MaxStartups/) } - it { should_not contain_file('sshd_config').with_content(/^MaxSessions/) } - it { should_not contain_file('sshd_config').with_content(/^\s*AuthorizedKeysCommand/) } - it { should contain_file('sshd_config').with_content(/^HostbasedAuthentication no$/) } - it { should contain_file('sshd_config').with_content(/^IgnoreUserKnownHosts no$/) } - it { should contain_file('sshd_config').with_content(/^IgnoreRhosts yes$/) } - it { should contain_file('sshd_config').with_content(/^#ChrootDirectory none/) } - it { should contain_file('sshd_config').without_content(/^ForceCommand/) } - it { should contain_file('sshd_config').without_content(/^Match/) } - it { should contain_file('sshd_config').without_content(/^\s*Ciphers/) } - it { should contain_file('sshd_config').without_content(/^\s*MACs/) } - it { should contain_file('sshd_config').without_content(/^\s*DenyUsers/) } - it { should contain_file('sshd_config').without_content(/^\s*DenyGroups/) } - it { should contain_file('sshd_config').without_content(/^\s*AllowUsers/) } - it { should contain_file('sshd_config').without_content(/^\s*AllowGroups/) } - it { should contain_file('sshd_config').without_content(/^\s*ListenAddress/) } - - it { - should contain_service('sshd_service').with({ - 'ensure' => 'running', - 'name' => 'sshd', - 'enable' => 'true', - 'hasrestart' => 'true', - 'hasstatus' => 'true', - 'subscribe' => 'File[sshd_config]', - }) - } - - it { - should contain_resources('sshkey').with({ - 'purge' => 'true', - }) - } - end - - context 'with default params on osfamily Suse/SLES architecture x86_64 operatingsystemrelease 12' do - let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'Suse', - :operatingsystem => 'SLES', - :operatingsystemrelease => '12.1', - :architecture => 'x86_64', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end - - it { should compile.with_all_deps } - - it { should contain_class('ssh')} - - it { should_not contain_class('common')} - - it { - should contain_package('openssh').with({ - 'ensure' => 'installed', - }) - } - - it { - should contain_file('ssh_known_hosts').with({ - 'ensure' => 'file', - 'path' => '/etc/ssh/ssh_known_hosts', - 'owner' => 'root', - 'group' => 'root', - 'mode' => '0644', - }) - } - - it { - should contain_file('ssh_config').with({ - 'ensure' => 'file', - 'path' => '/etc/ssh/ssh_config', - 'owner' => 'root', - 'group' => 'root', - 'mode' => '0644', - 'require' => 'Package[openssh]', - }) - } - - it { should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/) } - it { should contain_file('ssh_config').with_content(/^ Protocol 2$/) } - it { should contain_file('ssh_config').with_content(/^\s*HashKnownHosts no$/) } - it { should contain_file('ssh_config').with_content(/^\s*SendEnv L.*$/) } - it { should contain_file('ssh_config').with_content(/^\s*ForwardX11Trusted yes$/) } - it { should contain_file('ssh_config').with_content(/^\s*GSSAPIAuthentication yes$/) } - - it { should contain_file('ssh_config').without_content(/^\s*ForwardAgent$/) } - it { should contain_file('ssh_config').without_content(/^\s*ForwardX11$/) } - it { should contain_file('ssh_config').with_content(/^\s*UseRoaming no$/) } - it { should contain_file('ssh_config').without_content(/^\s*ServerAliveInterval$/) } - it { should contain_file('ssh_config').without_content(/^\s*Ciphers/) } - it { should contain_file('ssh_config').without_content(/^\s*MACs/) } - - it { - should contain_file('sshd_config').with({ - 'ensure' => 'file', - 'path' => '/etc/ssh/sshd_config', - 'owner' => 'root', - 'group' => 'root', - 'mode' => '0600', - 'require' => 'Package[openssh]', - }) - } - - it { should contain_file('sshd_config').with_content(/^Port 22$/) } - it { should contain_file('sshd_config').with_content(/^SyslogFacility AUTH$/) } - it { should contain_file('sshd_config').with_content(/^LogLevel INFO$/) } - it { should contain_file('sshd_config').with_content(/^LoginGraceTime 120$/) } - it { should contain_file('sshd_config').with_content(/^PermitRootLogin yes$/) } - it { should contain_file('sshd_config').with_content(/^ChallengeResponseAuthentication yes$/) } - it { should contain_file('sshd_config').with_content(/^PrintMotd yes$/) } - it { should contain_file('sshd_config').with_content(/^UseDNS yes$/) } - it { should contain_file('sshd_config').with_content(/^Banner none$/) } - it { should contain_file('sshd_config').with_content(/^XAuthLocation \/usr\/bin\/xauth$/) } - it { should contain_file('sshd_config').with_content(/^Subsystem sftp \/usr\/lib\/ssh\/sftp-server$/) } - it { should contain_file('sshd_config').with_content(/^PasswordAuthentication yes$/) } - it { should contain_file('sshd_config').with_content(/^AllowTcpForwarding yes$/) } - it { should contain_file('sshd_config').with_content(/^X11Forwarding yes$/) } - it { should contain_file('sshd_config').with_content(/^UsePAM yes$/) } - it { should contain_file('sshd_config').with_content(/^ClientAliveInterval 0$/) } - it { should contain_file('sshd_config').with_content(/^ServerKeyBits 1024$/) } - it { should contain_file('sshd_config').with_content(/^ClientAliveCountMax 3$/) } - it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication yes$/) } - it { should contain_file('sshd_config').with_content(/^GSSAPICleanupCredentials yes$/) } - it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) } - it { should contain_file('sshd_config').without_content(/^\s*PAMAuthenticationViaKBDInt yes$/) } - it { should contain_file('sshd_config').without_content(/^\s*GSSAPIKeyExchange yes$/) } - it { should contain_file('sshd_config').with_content(/^AcceptEnv L.*$/) } - it { should contain_file('sshd_config').without_content(/^AuthorizedKeysFile/) } - it { should contain_file('sshd_config').without_content(/^StrictModes/) } - it { should contain_file('sshd_config').without_content(/^MaxStartups/) } - it { should contain_file('sshd_config').without_content(/^MaxSessions/) } - it { should contain_file('sshd_config').without_content(/^\s*AuthorizedKeysCommand/) } - it { should contain_file('sshd_config').with_content(/^HostbasedAuthentication no$/) } - it { should contain_file('sshd_config').with_content(/^IgnoreUserKnownHosts no$/) } - it { should contain_file('sshd_config').with_content(/^IgnoreRhosts yes$/) } - it { should contain_file('sshd_config').with_content(/^#ChrootDirectory none/) } - it { should contain_file('sshd_config').without_content(/^ForceCommand/) } - it { should contain_file('sshd_config').without_content(/^Match/) } - it { should contain_file('sshd_config').without_content(/^\s*Ciphers/) } - it { should contain_file('sshd_config').without_content(/^\s*MACs/) } - it { should contain_file('sshd_config').without_content(/^\s*DenyUsers/) } - it { should contain_file('sshd_config').without_content(/^\s*DenyGroups/) } - it { should contain_file('sshd_config').without_content(/^\s*AllowUsers/) } - it { should contain_file('sshd_config').without_content(/^\s*AllowGroups/) } - it { should contain_file('sshd_config').without_content(/^\s*ListenAddress/) } - - it { - should contain_service('sshd_service').with({ - 'ensure' => 'running', - 'name' => 'sshd', - 'enable' => 'true', - 'hasrestart' => 'true', - 'hasstatus' => 'true', - 'subscribe' => 'File[sshd_config]', - }) - } - - it { - should contain_resources('sshkey').with({ - 'purge' => 'true', - }) - } - end - - context 'with default params on osfamily Suse architecture i386' do - let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'Suse', - :architecture => 'i386', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end - - it { should compile.with_all_deps } - - it { should contain_class('ssh')} - - it { should_not contain_class('common')} - - it { - should contain_package('openssh').with({ - 'ensure' => 'installed', - }) - } - - it { - should contain_file('ssh_known_hosts').with({ - 'ensure' => 'file', - 'path' => '/etc/ssh/ssh_known_hosts', - 'owner' => 'root', - 'group' => 'root', - 'mode' => '0644', - }) - } - - it { - should contain_file('ssh_config').with({ - 'ensure' => 'file', - 'path' => '/etc/ssh/ssh_config', - 'owner' => 'root', - 'group' => 'root', - 'mode' => '0644', - 'require' => 'Package[openssh]', - }) - } - - it { should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/) } - it { should contain_file('ssh_config').with_content(/^ Protocol 2$/) } - it { should contain_file('ssh_config').with_content(/^\s*HashKnownHosts no$/) } - it { should contain_file('ssh_config').with_content(/^\s*SendEnv L.*$/) } - it { should contain_file('ssh_config').with_content(/^\s*ForwardX11Trusted yes$/) } - it { should contain_file('ssh_config').with_content(/^\s*GSSAPIAuthentication yes$/) } - - it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) } - it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) } - it { should contain_file('ssh_config').with_content(/^\s*UseRoaming no$/) } - it { should_not contain_file('ssh_config').with_content(/^\s*ServerAliveInterval$/) } - it { should contain_file('ssh_config').without_content(/^\s*Ciphers/) } - it { should contain_file('ssh_config').without_content(/^\s*MACs/) } - - it { - should contain_file('sshd_config').with({ - 'ensure' => 'file', - 'path' => '/etc/ssh/sshd_config', - 'owner' => 'root', - 'group' => 'root', - 'mode' => '0600', - 'require' => 'Package[openssh]', - }) - } - - it { should contain_file('sshd_config').with_content(/^Port 22$/) } - it { should contain_file('sshd_config').with_content(/^SyslogFacility AUTH$/) } - it { should contain_file('sshd_config').with_content(/^LogLevel INFO$/) } - it { should contain_file('sshd_config').with_content(/^LoginGraceTime 120$/) } - it { should contain_file('sshd_config').with_content(/^PermitRootLogin yes$/) } - it { should contain_file('sshd_config').with_content(/^ChallengeResponseAuthentication yes$/) } - it { should contain_file('sshd_config').with_content(/^PrintMotd yes$/) } - it { should contain_file('sshd_config').with_content(/^UseDNS yes$/) } - it { should contain_file('sshd_config').with_content(/^Banner none$/) } - it { should contain_file('sshd_config').with_content(/^XAuthLocation \/usr\/bin\/xauth$/) } - it { should contain_file('sshd_config').with_content(/^Subsystem sftp \/usr\/lib\/ssh\/sftp-server$/) } - it { should contain_file('sshd_config').with_content(/^PasswordAuthentication yes$/) } - it { should contain_file('sshd_config').with_content(/^AllowTcpForwarding yes$/) } - it { should contain_file('sshd_config').with_content(/^X11Forwarding yes$/) } - it { should contain_file('sshd_config').with_content(/^UsePAM yes$/) } - it { should contain_file('sshd_config').with_content(/^ClientAliveInterval 0$/) } - it { should contain_file('sshd_config').with_content(/^ServerKeyBits 1024$/) } - it { should contain_file('sshd_config').with_content(/^ClientAliveCountMax 3$/) } - it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication yes$/) } - it { should contain_file('sshd_config').with_content(/^GSSAPICleanupCredentials yes$/) } - it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) } - it { should_not contain_file('sshd_config').with_content(/^\s*PAMAuthenticationViaKBDInt yes$/) } - it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPIKeyExchange yes$/) } - it { should contain_file('sshd_config').with_content(/^AcceptEnv L.*$/) } - it { should_not contain_file('sshd_config').with_content(/^AuthorizedKeysFile/) } - it { should_not contain_file('sshd_config').with_content(/^StrictModes/) } - it { should_not contain_file('sshd_config').with_content(/^MaxStartups/) } - it { should_not contain_file('sshd_config').with_content(/^MaxSessions/) } - it { should_not contain_file('sshd_config').with_content(/^\s*AuthorizedKeysCommand/) } - it { should contain_file('sshd_config').with_content(/^HostbasedAuthentication no$/) } - it { should contain_file('sshd_config').with_content(/^IgnoreUserKnownHosts no$/) } - it { should contain_file('sshd_config').with_content(/^IgnoreRhosts yes$/) } - it { should contain_file('sshd_config').with_content(/^#ChrootDirectory none/) } - it { should contain_file('sshd_config').without_content(/^ForceCommand/) } - it { should contain_file('sshd_config').without_content(/^Match/) } - it { should contain_file('sshd_config').without_content(/^\s*Ciphers/) } - it { should contain_file('sshd_config').without_content(/^\s*MACs/) } - it { should contain_file('sshd_config').without_content(/^\s*DenyUsers/) } - it { should contain_file('sshd_config').without_content(/^\s*DenyGroups/) } - it { should contain_file('sshd_config').without_content(/^\s*AllowUsers/) } - it { should contain_file('sshd_config').without_content(/^\s*AllowGroups/) } - it { should contain_file('sshd_config').without_content(/^\s*ListenAddress/) } - - it { - should contain_service('sshd_service').with({ - 'ensure' => 'running', - 'name' => 'sshd', - 'enable' => 'true', - 'hasrestart' => 'true', - 'hasstatus' => 'true', - 'subscribe' => 'File[sshd_config]', - }) - } - - it { - should contain_resources('sshkey').with({ - 'purge' => 'true', - }) - } end context 'with default params on invalid osfamily' do @@ -1059,11 +291,10 @@ describe 'ssh' do context 'with optional params used in ssh_config set on valid osfamily' do let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + default_facts.merge( + { + } + ) end let :params do { @@ -1118,11 +349,10 @@ describe 'ssh' do context 'with params used in sshd_config set on valid osfamily' do let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + default_facts.merge( + { + } + ) end let :params do { @@ -1258,12 +488,11 @@ describe 'ssh' do describe 'sshd_config_chrootdirectory param' do let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :root_home => '/root', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + default_facts.merge( + { + :root_home => '/root', + } + ) end ['/chrootdir/subdir','/baby/one/more/test',].each do |value| context "set to valid #{value} (as #{value.class})" do @@ -1289,12 +518,11 @@ describe 'ssh' do describe 'sshd_config_forcecommand param' do let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :root_home => '/root', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + default_facts.merge( + { + :root_home => '/root', + } + ) end ['/bin/command','/bin/command -parameters','/bin/command --parameters','/bin/command /parameters'].each do |value| context "set to valid #{value} (as #{value.class})" do @@ -1321,12 +549,11 @@ describe 'ssh' do describe 'sshd_config_match param' do # match and rules get alphabetically sorted by template, matches should be the last options in sshd_config (regex verify with= \Z) let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :root_home => '/root', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + default_facts.merge( + { + :root_home => '/root', + } + ) end context 'set to valid hash containing nested arrays' do @@ -1355,57 +582,32 @@ describe 'ssh' do end describe 'sshd_listen_address param' do - context 'when set to an array' do - let :facts do + let :facts do + default_facts.merge( { - :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', :root_home => '/root', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' } - end + ) + end + + context 'when set to an array' do let (:params) {{'sshd_listen_address' => ['192.168.1.1','2001:db8::dead:f00d'] }} it { should contain_file('sshd_config').with_content(/^ListenAddress 192.168.1.1\nListenAddress 2001:db8::dead:f00d$/) } end context 'when set to a string' do - let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :root_home => '/root', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end let (:params) {{'sshd_listen_address' => ['192.168.1.1'] }} it { should contain_file('sshd_config').with_content(/^ListenAddress 192.168.1.1$/) } end context 'when not set' do - let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :root_home => '/root', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end - it { should_not contain_file('sshd_config').with_content(/^\s*ListenAddress/) } end context 'when set to an invalid type (not string or array)' do - let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :root_home => '/root', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end let (:params) {{'sshd_listen_address' => true }} it 'should fail' do @@ -1417,15 +619,14 @@ describe 'ssh' do end describe 'sshd_loglevel param' do - context 'when set to an invalid value' do - let :facts do + let :facts do + default_facts.merge( { - :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', :root_home => '/root', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' } - end + ) + end + context 'when set to an invalid value' do let (:params) {{'sshd_config_loglevel' => 'BOGON'}} it 'should fail' do expect { @@ -1435,14 +636,6 @@ describe 'ssh' do end ['QUIET', 'FATAL', 'ERROR', 'INFO', 'VERBOSE'].each do |supported_val| context "when set to #{supported_val}" do - let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :root_home => '/root', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end let (:params) {{ 'sshd_config_loglevel' => supported_val}} it { should contain_file('sshd_config').with_content(/^LogLevel #{supported_val}$/) } end @@ -1450,15 +643,15 @@ describe 'ssh' do end describe 'with sshd_kerberos_authentication' do + let :facts do + default_facts.merge( + { + } + ) + end + ['yes','no'].each do |value| context "set to #{value}" do - let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end let (:params) {{ 'sshd_kerberos_authentication' => value }} it { should contain_file('sshd_config').with_content(/^KerberosAuthentication #{value}$/) } @@ -1466,13 +659,6 @@ describe 'ssh' do end context 'set to invalid value on valid osfamily' do - let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end let :params do { :sshd_kerberos_authentication => 'invalid' } end @@ -1486,15 +672,15 @@ describe 'ssh' do end context 'when ssh_config_template has a nonstandard value' do - context 'and that value is not valid' do - let :facts do + let :facts do + default_facts.merge( { - :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', :root_home => '/root', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' } - end + ) + end + + context 'and that value is not valid' do let (:params) {{'ssh_config_template' => false}} it 'should fail' do expect { @@ -1503,14 +689,6 @@ describe 'ssh' do end end context 'and that value is valid' do - let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :root_home => '/root', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end let (:params) {{'ssh_config_template' => 'ssh/sshd_config.erb'}} it 'should lay down the ssh_config file from the specified template' do should contain_file('ssh_config').with_content(/OpenBSD: sshd_config/) @@ -1519,15 +697,15 @@ describe 'ssh' do end context 'when sshd_config_template has a nonstandard value' do - context 'and that value is not valid' do - let :facts do + let :facts do + default_facts.merge( { - :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', :root_home => '/root', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' } - end + ) + end + + context 'and that value is not valid' do let (:params) {{'sshd_config_template' => false}} it 'should fail' do expect { @@ -1536,14 +714,6 @@ describe 'ssh' do end end context 'and that value is valid' do - let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :root_home => '/root', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end let (:params) {{'sshd_config_template' => 'ssh/ssh_config.erb'}} it 'should lay down the sshd_config file from the specified template' do should contain_file('sshd_config').with_content(/OpenBSD: ssh_config/) @@ -1554,12 +724,11 @@ describe 'ssh' do ['true',true].each do |value| context "with manage_root_ssh_config set to #{value} on valid osfamily" do let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :root_home => '/root', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + default_facts.merge( + { + :root_home => '/root', + } + ) end let :params do { :manage_root_ssh_config => value } @@ -1597,12 +766,11 @@ describe 'ssh' do ['false',false].each do |value| context "with manage_root_ssh_config set to #{value} on valid osfamily" do let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :root_home => '/root', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + default_facts.merge( + { + :root_home => '/root', + } + ) end let :params do { :manage_root_ssh_config => value } @@ -1622,15 +790,13 @@ describe 'ssh' do [true,'invalid'].each do |ciphers| context "with ssh_config_ciphers set to invalid value #{ciphers}" do - let(:params) { { :ssh_config_ciphers => ciphers } } - let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + default_facts.merge( + { + } + ) end + let(:params) { { :ssh_config_ciphers => ciphers } } it 'should fail' do expect { @@ -1642,15 +808,13 @@ describe 'ssh' do [true,'invalid'].each do |macs| context "with ssh_config_macs set to invalid value #{macs}" do - let(:params) { { :ssh_config_macs => macs } } - let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + default_facts.merge( + { + } + ) end + let(:params) { { :ssh_config_macs => macs } } it 'should fail' do expect { @@ -1662,11 +826,10 @@ describe 'ssh' do context 'with ssh_config_hash_known_hosts set to invalid value on valid osfamily' do let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + default_facts.merge( + { + } + ) end let :params do { :ssh_config_hash_known_hosts => 'invalid' } @@ -1681,15 +844,13 @@ describe 'ssh' do [true,'invalid'].each do |ciphers| context "with sshd_config_ciphers set to invalid value #{ciphers}" do - let(:params) { { :sshd_config_ciphers => ciphers } } - let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + default_facts.merge( + { + } + ) end + let(:params) { { :sshd_config_ciphers => ciphers } } it 'should fail' do expect { @@ -1701,15 +862,13 @@ describe 'ssh' do [true,'invalid'].each do |denyusers| context "with sshd_config_denyusers set to invalid value #{denyusers}" do - let(:params) { { :sshd_config_denyusers => denyusers } } - let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + default_facts.merge( + { + } + ) end + let(:params) { { :sshd_config_denyusers => denyusers } } it 'should fail' do expect { @@ -1721,15 +880,13 @@ describe 'ssh' do [true,'invalid'].each do |denygroups| context "with sshd_config_denygroups set to invalid value #{denygroups}" do - let(:params) { { :sshd_config_denygroups => denygroups } } - let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + default_facts.merge( + { + } + ) end + let(:params) { { :sshd_config_denygroups => denygroups } } it 'should fail' do expect { @@ -1741,15 +898,13 @@ describe 'ssh' do [true,'invalid'].each do |allowusers| context "with sshd_config_allowusers set to invalid value #{allowusers}" do - let(:params) { { :sshd_config_allowusers => allowusers } } - let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + default_facts.merge( + { + } + ) end + let(:params) { { :sshd_config_allowusers => allowusers } } it 'should fail' do expect { @@ -1761,15 +916,13 @@ describe 'ssh' do [true,'invalid'].each do |allowgroups| context "with sshd_config_allowgroups set to invalid value #{allowgroups}" do - let(:params) { { :sshd_config_allowgroups => allowgroups } } - let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + default_facts.merge( + { + } + ) end + let(:params) { { :sshd_config_allowgroups => allowgroups } } it 'should fail' do expect { @@ -1781,15 +934,13 @@ describe 'ssh' do [true,'invalid'].each do |macs| context "with sshd_config_macs set to invalid value #{macs}" do - let(:params) { { :sshd_config_macs => macs } } - let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + default_facts.merge( + { + } + ) end + let(:params) { { :sshd_config_macs => macs } } it 'should fail' do expect { @@ -1801,11 +952,10 @@ describe 'ssh' do context 'with sshd_config_port not being a valid number' do let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + default_facts.merge( + { + } + ) end let :params do { :sshd_config_port => '22invalid' } @@ -1820,12 +970,11 @@ describe 'ssh' do context 'with manage_root_ssh_config set to invalid value on valid osfamily' do let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :root_home => '/root', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + default_facts.merge( + { + :root_home => '/root', + } + ) end let :params do { :manage_root_ssh_config => 'invalid' } @@ -1840,11 +989,10 @@ describe 'ssh' do context 'with sshd_password_authentication set to invalid value on valid osfamily' do let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + default_facts.merge( + { + } + ) end let :params do { :sshd_password_authentication => 'invalid' } @@ -1859,11 +1007,10 @@ describe 'ssh' do context 'with sshd_allow_tcp_forwarding set to invalid value on valid osfamily' do let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + default_facts.merge( + { + } + ) end let :params do { :sshd_allow_tcp_forwarding => 'invalid' } @@ -1878,11 +1025,10 @@ describe 'ssh' do context 'with sshd_x11_forwarding set to invalid value on valid osfamily' do let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + default_facts.merge( + { + } + ) end let :params do { :sshd_x11_forwarding => 'invalid' } @@ -1897,11 +1043,10 @@ describe 'ssh' do context 'with sshd_use_pam set to invalid value on valid osfamily' do let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + default_facts.merge( + { + } + ) end let :params do { :sshd_use_pam => 'invalid' } @@ -1916,11 +1061,10 @@ describe 'ssh' do context 'with sshd_config_serverkeybits set to invalid value on valid osfamily' do let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + default_facts.merge( + { + } + ) end let :params do { :sshd_config_serverkeybits => 'invalid' } @@ -1935,11 +1079,10 @@ describe 'ssh' do context 'with sshd_client_alive_interval set to invalid value on valid osfamily' do let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + default_facts.merge( + { + } + ) end let :params do { :sshd_client_alive_interval => 'invalid' } @@ -1954,11 +1097,10 @@ describe 'ssh' do context 'with sshd_client_alive_count_max set to invalid value on valid osfamily' do let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + default_facts.merge( + { + } + ) end let :params do { :sshd_client_alive_count_max => 'invalid' } @@ -1972,13 +1114,13 @@ describe 'ssh' do end context 'with sshd_config_banner set to invalid value on valid osfamily' do - let(:params) { { :sshd_config_banner => 'invalid/path' } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + let :facts do + default_facts.merge( + { + } + ) end + let(:params) { { :sshd_config_banner => 'invalid/path' } } it 'should fail' do expect { @@ -1988,13 +1130,13 @@ describe 'ssh' do end context 'with sshd_config_authkey_location set to invalid value on valid osfamily' do - let(:params) { { :sshd_config_authkey_location => false } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + let :facts do + default_facts.merge( + { + } + ) end + let(:params) { { :sshd_config_authkey_location => false } } it 'should fail' do expect { @@ -2004,13 +1146,13 @@ describe 'ssh' do end context 'with sshd_config_hostkey set to invalid value on valid osfamily' do - let(:params) { { :sshd_config_hostkey => false } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + let :facts do + default_facts.merge( + { + } + ) end + let(:params) { { :sshd_config_hostkey => false } } it 'should fail' do expect { @@ -2020,13 +1162,13 @@ describe 'ssh' do end context 'with sshd_config_hostkey set to invalid path on valid osfamily' do - let(:params) { { :sshd_config_hostkey => ['not_a_path'] } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + let :facts do + default_facts.merge( + { + } + ) end + let(:params) { { :sshd_config_hostkey => ['not_a_path'] } } it 'should fail' do expect { @@ -2038,11 +1180,10 @@ describe 'ssh' do context 'with sshd_config_strictmodes set to invalid value on valid osfamily' do let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + default_facts.merge( + { + } + ) end let :params do { :sshd_config_strictmodes => 'invalid' } @@ -2056,13 +1197,13 @@ describe 'ssh' do end context 'with sshd_authorized_keys_command specified with an invalid path' do - let(:params) { { :sshd_authorized_keys_command => 'invalid/path' } } let :facts do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + default_facts.merge( + { + } + ) end + let(:params) { { :sshd_authorized_keys_command => 'invalid/path' } } it 'should fail' do expect { @@ -2072,13 +1213,13 @@ describe 'ssh' do end context 'with sshd_authorized_keys_command_user specified with an invalid type (non-string)' do - let(:params) { { :sshd_authorized_keys_command_user => ['invalid','type'] } } let :facts do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + default_facts.merge( + { + } + ) end + let(:params) { { :sshd_authorized_keys_command_user => ['invalid','type'] } } it 'should fail' do expect { @@ -2088,13 +1229,13 @@ describe 'ssh' do end context 'with sshd_banner_content set and with default value on sshd_config_banner on valid osfamily' do - let(:params) { { :sshd_banner_content => 'textinbanner' } } let :facts do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + default_facts.merge( + { + } + ) end + let(:params) { { :sshd_banner_content => 'textinbanner' } } it 'should fail' do expect { @@ -2105,13 +1246,13 @@ describe 'ssh' do context 'with ssh_config_sendenv_xmodifiers set to invalid type, array' do - let(:params) { { :ssh_config_sendenv_xmodifiers => ['invalid','type'] } } let :facts do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + default_facts.merge( + { + } + ) end + let(:params) { { :ssh_config_sendenv_xmodifiers => ['invalid','type'] } } it 'should fail' do expect { @@ -2122,11 +1263,10 @@ describe 'ssh' do context 'with ssh_config_sendenv_xmodifiers set to stringified \'true\'' do let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + default_facts.merge( + { + } + ) end let :params do { @@ -2141,11 +1281,10 @@ describe 'ssh' do context 'with manage_firewall set to true on valid osfamily' do let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + default_facts.merge( + { + } + ) end let :params do { :manage_firewall => true } @@ -2168,7 +1307,10 @@ describe 'ssh' do context 'with keys defined on valid osfamily' do let :facts do - { :osfamily => 'RedHat' } + default_facts.merge( + { + } + ) end let(:params) { { :keys => { 'root_for_userX' => { @@ -2220,8 +1362,13 @@ describe 'ssh' do end context 'with keys specified as not of type hash' do + let :facts do + default_facts.merge( + { + } + ) + end let(:params) { { :keys => [ 'not', 'a', 'hash' ] } } - let(:facts) { { :osfamily => 'RedHat' } } it 'should fail' do expect { @@ -2232,13 +1379,15 @@ describe 'ssh' do describe 'with hiera_merge parameter specified' do context 'as a non-boolean or non-string' do - let(:params) { { :hiera_merge => ['not_a_boolean','or_a_string'] } } - let(:facts) do - { :osfamily => 'RedHat', - :fqdn => 'hieramerge.example.com', - :lsbmajdistrelease => '6', - } + let :facts do + default_facts.merge( + { + :fqdn => 'hieramerge.example.com', + :lsbmajdistrelease => '6', + } + ) end + let(:params) { { :hiera_merge => ['not_a_boolean','or_a_string'] } } it 'should fail' do expect { @@ -2248,12 +1397,14 @@ describe 'ssh' do end context 'as an invalid string' do - let(:params) { { :hiera_merge => 'invalid_string' } } - let(:facts) do - { :osfamily => 'RedHat', - :lsbmajdistrelease => '6', - } + let :facts do + default_facts.merge( + { + :lsbmajdistrelease => '6', + } + ) end + let(:params) { { :hiera_merge => 'invalid_string' } } it 'should fail' do expect { @@ -2264,13 +1415,15 @@ describe 'ssh' do ['true',true].each do |value| context "as #{value} with hiera data getting collected" do - let(:params) { { :hiera_merge => value } } - let(:facts) do - { :osfamily => 'RedHat', - :fqdn => 'hieramerge.example.com', - :lsbmajdistrelease => '6', - } + let:facts do + default_facts.merge( + { + :fqdn => 'hieramerge.example.com', + :lsbmajdistrelease => '6', + } + ) end + let(:params) { { :hiera_merge => value } } it { should compile.with_all_deps } @@ -2285,14 +1438,16 @@ describe 'ssh' do end context "as true with with hiera data getting merged through levels" do - let(:params) { { :hiera_merge => true } } - let(:facts) do - { :osfamily => 'RedHat', - :fqdn => 'hieramerge.example.com', - :lsbmajdistrelease => '6', - :specific => 'test_hiera_merge', - } + let :facts do + default_facts.merge( + { + :fqdn => 'hieramerge.example.com', + :lsbmajdistrelease => '6', + :specific => 'test_hiera_merge', + } + ) end + let(:params) { { :hiera_merge => true } } it { should compile.with_all_deps } @@ -2306,14 +1461,17 @@ describe 'ssh' do end context "as true with no hiera data provided" do - let(:params) { { :hiera_merge => true } } - let(:facts) do - { :osfamily => 'Suse', - :fqdn => 'notinhiera.example.com', - :lsbmajdistrelease => '11', - :architecture => 'x86_64', - } + let :facts do + default_facts.merge( + { + :osfamily => 'Suse', + :fqdn => 'notinhiera.example.com', + :lsbmajdistrelease => '11', + :architecture => 'x86_64', + } + ) end + let(:params) { { :hiera_merge => true } } it { should compile.with_all_deps } @@ -2328,12 +1486,15 @@ describe 'ssh' do ['false',false].each do |value| context "as #{value}" do - let(:params) { { :hiera_merge => value } } - let(:facts) do - { :osfamily => 'RedHat', - :lsbmajdistrelease => '6', - } + let :facts do + default_facts.merge( + { + :osfamily => 'RedHat', + :lsbmajdistrelease => '6', + } + ) end + let(:params) { { :hiera_merge => value } } it { should compile.with_all_deps } @@ -2344,14 +1505,14 @@ describe 'ssh' do describe 'with ssh_package_adminfile parameter specified' do context 'as a valid path' do - let(:params) { { :ssh_package_adminfile => '/var/tmp/admin' } } let :facts do - { :fqdn => 'monkey.example.com', - :osfamily => 'Solaris', - :kernelrelease => '5.10', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + default_solaris_facts.merge( + { + :kernelrelease => '5.10', + } + ) end + let(:params) { { :ssh_package_adminfile => '/var/tmp/admin' } } ['SUNWsshcu','SUNWsshdr','SUNWsshdu','SUNWsshr','SUNWsshu'].each do |pkg| it { @@ -2365,14 +1526,14 @@ describe 'ssh' do end context 'as an invalid path' do - let(:params) { { :ssh_package_adminfile => 'invalid/path' } } let :facts do - { :fqdn => 'monkey.example.com', - :osfamily => 'Solaris', - :kernelrelease => '5.10', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + default_solaris_facts.merge( + { + :kernelrelease => '5.10', + } + ) end + let(:params) { { :ssh_package_adminfile => 'invalid/path' } } it 'should fail' do expect { @@ -2383,26 +1544,20 @@ describe 'ssh' do end describe 'with sshd_config_xauth_location parameter specified' do + let :facts do + default_facts.merge( + { + } + ) + end context 'as a valid path' do let(:params) { { :sshd_config_xauth_location => '/opt/ssh/bin/xauth' } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end it { should contain_file('sshd_config').with_content(/^XAuthLocation \/opt\/ssh\/bin\/xauth$/) } end context 'as an invalid path' do let(:params) { { :sshd_config_xauth_location => 'invalid/path' } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end it 'should fail' do expect { @@ -2413,12 +1568,6 @@ describe 'ssh' do context 'as an invalid type' do let(:params) { { :sshd_config_xauth_location => true } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end it 'should fail' do expect { @@ -2429,15 +1578,15 @@ describe 'ssh' do end describe 'with ssh_package_source parameter specified' do + let :facts do + default_solaris_facts.merge( + { + :kernelrelease => '5.10', + } + ) + end context 'as a valid path' do let(:params) { { :ssh_package_source => '/mnt/packages' } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'Solaris', - :kernelrelease => '5.10', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end ['SUNWsshcu','SUNWsshdr','SUNWsshdu','SUNWsshr','SUNWsshu'].each do |pkg| it { @@ -2452,13 +1601,6 @@ describe 'ssh' do context 'as an invalid path' do let(:params) { { :ssh_package_source => 'invalid/path' } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'Solaris', - :kernelrelease => '5.10', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end it 'should fail' do expect { @@ -2469,13 +1611,6 @@ describe 'ssh' do context 'as an invalid type' do let(:params) { { :ssh_package_source => true } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'Solaris', - :kernelrelease => '5.10', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end it 'should fail' do expect { @@ -2488,25 +1623,25 @@ describe 'ssh' do describe 'with parameter ssh_config_forward_x11_trusted' do ['yes','no'].each do |value| context "specified as #{value}" do - let(:params) { { :ssh_config_forward_x11_trusted => value } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + let :facts do + default_facts.merge( + { + } + ) end + let(:params) { { :ssh_config_forward_x11_trusted => value } } it { should contain_file('ssh_config').with_content(/^\s*ForwardX11Trusted #{value}$/) } end end context 'not specified' do - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'Solaris', - :kernelrelease => '5.11', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + let :facts do + default_solaris_facts.merge( + { + :kernelrelease => '5.11', + } + ) end it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11Trusted/) } @@ -2514,13 +1649,13 @@ describe 'ssh' do ['YES',true].each do |value| context "specified an invalid value #{value}" do - let(:params) { { :ssh_config_forward_x11_trusted => value } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + let :facts do + default_facts.merge( + { + } + ) end + let(:params) { { :ssh_config_forward_x11_trusted => value } } it 'should fail' do expect { @@ -2534,14 +1669,14 @@ describe 'ssh' do describe 'with parameter ssh_gssapidelegatecredentials' do ['yes','no'].each do |value| context "specified as #{value}" do - let(:params) { { :ssh_gssapidelegatecredentials => value } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'Solaris', - :kernelrelease => '5.11', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + let :facts do + default_solaris_facts.merge( + { + :kernelrelease => '5.11', + } + ) end + let(:params) { { :ssh_gssapidelegatecredentials => value } } it { should contain_file('ssh_config').with_content(/^GSSAPIDelegateCredentials #{value}$/) } end @@ -2549,13 +1684,13 @@ describe 'ssh' do ['YES',true].each do |value| context "specified an invalid value #{value}" do - let(:params) { { :ssh_gssapidelegatecredentials => value } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + let :facts do + default_facts.merge( + { + } + ) end + let(:params) { { :ssh_gssapidelegatecredentials => value } } it 'should fail' do expect { @@ -2567,11 +1702,11 @@ describe 'ssh' do end describe 'with parameter ssh_gssapiauthentication' do - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + let :facts do + default_facts.merge( + { + } + ) end ['yes','no'].each do |value| @@ -2602,11 +1737,11 @@ describe 'ssh' do end describe 'with parameter sshd_gssapiauthentication' do - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + let :facts do + default_facts.merge( + { + } + ) end ['yes','no'].each do |value| @@ -2637,27 +1772,21 @@ describe 'ssh' do end describe 'with parameter sshd_gssapikeyexchange' do + let :facts do + default_facts.merge( + { + } + ) + end ['yes','no'].each do |value| context "specified as #{value}" do let(:params) { { :sshd_gssapikeyexchange => value } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end it { should contain_file('sshd_config').with_content(/^GSSAPIKeyExchange #{value}$/) } end end context 'not specified' do - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPIKeyExchange/) } end @@ -2665,12 +1794,6 @@ describe 'ssh' do ['YES',true].each do |value| context "specified an invalid value #{value}" do let(:params) { { :sshd_gssapikeyexchange => value } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end it 'should fail' do expect { @@ -2682,27 +1805,21 @@ describe 'ssh' do end describe 'with parameter sshd_pamauthenticationviakbdint' do + let :facts do + default_facts.merge( + { + } + ) + end ['yes','no'].each do |value| context "specified as #{value}" do let(:params) { { :sshd_pamauthenticationviakbdint => value } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end it { should contain_file('sshd_config').with_content(/^PAMAuthenticationViaKBDInt #{value}$/) } end end context 'not specified' do - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end it { should_not contain_file('sshd_config').with_content(/^\s*PAMAuthenticationViaKBDInt/) } end @@ -2710,12 +1827,6 @@ describe 'ssh' do ['YES',true].each do |value| context "specified an invalid value #{value}" do let(:params) { { :sshd_pamauthenticationviakbdint => value } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end it 'should fail' do expect { @@ -2729,25 +1840,25 @@ describe 'ssh' do describe 'with parameter sshd_gssapicleanupcredentials' do ['yes','no'].each do |value| context "specified as #{value}" do - let(:params) { { :sshd_gssapicleanupcredentials => value } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + let :facts do + default_facts.merge( + { + } + ) end + let(:params) { { :sshd_gssapicleanupcredentials => value } } it { should contain_file('sshd_config').with_content(/^GSSAPICleanupCredentials #{value}$/) } end end context 'not specified' do - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'Solaris', - :kernelrelease => '5.11', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + let :facts do + default_solaris_facts.merge( + { + :kernelrelease => '5.11', + } + ) end it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPICleanupCredentials/) } @@ -2755,13 +1866,13 @@ describe 'ssh' do ['YES',true].each do |value| context "specified an invalid value #{value}" do - let(:params) { { :sshd_gssapicleanupcredentials => value } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + let :facts do + default_facts.merge( + { + } + ) end + let(:params) { { :sshd_gssapicleanupcredentials => value } } it 'should fail' do expect { @@ -2774,15 +1885,15 @@ describe 'ssh' do describe 'with parameter ssh_sendenv specified' do + let :facts do + default_facts.merge( + { + } + ) + end ['true',true].each do |value| context "as #{value}" do let(:params) { { :ssh_sendenv => value } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end it { should contain_file('ssh_config').with_content(/^\s*SendEnv/) } end @@ -2791,12 +1902,6 @@ describe 'ssh' do ['false',false].each do |value| context "as #{value}" do let(:params) { { :ssh_sendenv => value } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end it { should_not contain_file('ssh_config').with_content(/^\s*SendEnv/) } end @@ -2804,12 +1909,6 @@ describe 'ssh' do context 'as an invalid string' do let(:params) { { :ssh_sendenv => 'invalid' } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end it 'should fail' do expect { @@ -2820,12 +1919,6 @@ describe 'ssh' do context 'as an invalid type' do let(:params) { { :ssh_sendenv => ['invalid','type'] } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end it 'should fail' do expect { @@ -2836,15 +1929,15 @@ describe 'ssh' do end describe 'with parameter sshd_config_maxstartups specified' do + let :facts do + default_facts.merge( + { + } + ) + end ['10','10:30:100'].each do |value| context "as a valid string - #{value}" do let(:params) { { :sshd_config_maxstartups => value } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end it { should contain_file('sshd_config').with_content(/^MaxStartups #{value}$/) } end @@ -2853,12 +1946,6 @@ describe 'ssh' do ['10a',true,'10:30:1a'].each do |value| context "as an invalid string - #{value}" do let(:params) { { :sshd_config_maxstartups => value } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end it 'should fail' do expect { @@ -2870,12 +1957,7 @@ describe 'ssh' do context 'as an invalid type' do let(:params) { { :sshd_config_maxstartups => true } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end + it 'should fail' do expect { should contain_class('ssh') @@ -2885,25 +1967,21 @@ describe 'ssh' do end describe 'with parameter sshd_config_maxsessions specified' do + let :facts do + default_facts.merge( + { + } + ) + end context 'as a valid integer' do let(:params) { { :sshd_config_maxsessions => 10 } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end + it { should contain_file('sshd_config').with_content(/^MaxSessions 10$/) } end context 'as an invalid type' do let(:params) { { :sshd_config_maxsessions => 'BOGUS' } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end + it 'should fail' do expect { should contain_class('ssh') @@ -2913,15 +1991,15 @@ describe 'ssh' do end describe 'with parameter sshd_acceptenv specified' do + let :facts do + default_facts.merge( + { + } + ) + end ['true',true].each do |value| context "as #{value}" do let(:params) { { :sshd_acceptenv => value } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end it { should contain_file('sshd_config').with_content(/^\s*AcceptEnv/) } end @@ -2930,12 +2008,6 @@ describe 'ssh' do ['false',false].each do |value| context "as #{value}" do let(:params) { { :sshd_acceptenv => value } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end it { should_not contain_file('sshd_config').with_content(/^\s*AcceptEnv/) } end @@ -2943,12 +2015,6 @@ describe 'ssh' do context 'as an invalid string' do let(:params) { { :sshd_acceptenv => 'invalid' } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end it 'should fail' do expect { @@ -2959,12 +2025,6 @@ describe 'ssh' do context 'as an invalid type' do let(:params) { { :sshd_acceptenv => ['invalid','type'] } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end it 'should fail' do expect { @@ -2975,15 +2035,15 @@ describe 'ssh' do end describe 'with parameter service_hasstatus' do + let :facts do + default_facts.merge( + { + } + ) + end ['true',true,'false',false].each do |value| context "specified as #{value}" do let(:params) { { :service_hasstatus => value } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end it { should contain_service('sshd_service').with({ @@ -3000,12 +2060,6 @@ describe 'ssh' do context 'specified as an invalid string' do let(:params) { { :service_hasstatus => 'invalid' } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end it 'should fail' do expect { @@ -3016,12 +2070,6 @@ describe 'ssh' do context 'specified as an invalid type' do let(:params) { { :service_hasstatus => ['invalid','type'] } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end it 'should fail' do expect { @@ -3032,14 +2080,14 @@ describe 'ssh' do end describe 'with parameter ssh_config_global_known_hosts_file' do + let :facts do + default_facts.merge( + { + } + ) + end context 'specified as a valid path' do let(:params) { { :ssh_config_global_known_hosts_file => '/valid/path' } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end it { should contain_file('ssh_known_hosts').with({ @@ -3056,12 +2104,6 @@ describe 'ssh' do context 'specified as an invalid path' do let(:params) { { :ssh_config_global_known_hosts_file => 'invalid/path' } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end it 'should fail' do expect { @@ -3072,12 +2114,6 @@ describe 'ssh' do context 'specified as an invalid type' do let(:params) { { :ssh_config_global_known_hosts_file => { 'invalid' => 'type'} } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end it 'should fail' do expect { @@ -3088,14 +2124,14 @@ describe 'ssh' do end describe 'with parameter ssh_config_global_known_hosts_owner' do + let :facts do + default_facts.merge( + { + } + ) + end context 'specified as a valid string' do let(:params) { { :ssh_config_global_known_hosts_owner => 'gh' } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end it { should contain_file('ssh_known_hosts').with({ @@ -3110,12 +2146,6 @@ describe 'ssh' do context 'specified as an invalid type [non-string]' do let(:params) { { :ssh_config_global_known_hosts_owner => ['invalid','type'] } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end it 'should fail' do expect { @@ -3126,14 +2156,14 @@ describe 'ssh' do end describe 'with parameter ssh_config_global_known_hosts_group' do + let :facts do + default_facts.merge( + { + } + ) + end context 'specified as a valid string' do let(:params) { { :ssh_config_global_known_hosts_group => 'gh' } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end it { should contain_file('ssh_known_hosts').with({ @@ -3148,12 +2178,6 @@ describe 'ssh' do context 'specified as an invalid type [non-string]' do let(:params) { { :ssh_config_global_known_hosts_group => ['invalid','type'] } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end it 'should fail' do expect { @@ -3164,14 +2188,14 @@ describe 'ssh' do end describe 'with parameter ssh_config_global_known_hosts_mode' do + let :facts do + default_facts.merge( + { + } + ) + end context 'specified as a valid mode' do let(:params) { { :ssh_config_global_known_hosts_mode => '0666' } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end it { should contain_file('ssh_known_hosts').with({ @@ -3187,12 +2211,6 @@ describe 'ssh' do ['666','0842','06666'].each do |value| context "specified as invalid mode - #{value}" do let(:params) { { :ssh_config_global_known_hosts_mode => value } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end it 'should fail' do expect { @@ -3204,12 +2222,6 @@ describe 'ssh' do context 'specified as an invalid type [non-string]' do let(:params) { { :ssh_config_global_known_hosts_mode => ['invalid','type'] } } - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end it 'should fail' do expect { @@ -3220,6 +2232,13 @@ describe 'ssh' do end describe 'with ssh_key_import parameter specified' do + let :facts do + default_facts.merge( + { + :lsbmajdistrelease => '6', + } + ) + end context 'as a non-boolean or non-string' do let(:params) { { :ssh_key_import => ['not_a_boolean','or_a_string'] } } @@ -3232,11 +2251,6 @@ describe 'ssh' do context 'as an invalid string' do let(:params) { { :ssh_key_import => 'invalid_string' } } - let(:facts) do - { :osfamily => 'RedHat', - :lsbmajdistrelease => '6', - } - end it 'should fail' do expect { @@ -3248,11 +2262,6 @@ describe 'ssh' do ['true',true].each do |value| context "as #{value}" do let(:params) { { :ssh_key_import => value } } - let(:facts) do - { :osfamily => 'RedHat', - :lsbmajdistrelease => '6', - } - end it { should compile.with_all_deps } @@ -3273,11 +2282,6 @@ describe 'ssh' do ['false',false].each do |value| context "as #{value}" do let(:params) { { :ssh_key_import => value } } - let(:facts) do - { :osfamily => 'RedHat', - :lsbmajdistrelease => '6', - } - end it { should compile.with_all_deps } @@ -3287,11 +2291,11 @@ describe 'ssh' do end describe 'with parameter sshd_hostbasedauthentication' do - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + let :facts do + default_facts.merge( + { + } + ) end ['yes','no'].each do |value| @@ -3319,11 +2323,11 @@ describe 'ssh' do end describe 'with parameter sshd_ignoreuserknownhosts' do - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + let :facts do + default_facts.merge( + { + } + ) end ['yes','no'].each do |value| @@ -3351,11 +2355,11 @@ describe 'ssh' do end describe 'with parameter sshd_ignorerhosts' do - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + let :facts do + default_facts.merge( + { + } + ) end ['yes','no'].each do |value| @@ -3383,11 +2387,11 @@ describe 'ssh' do end describe 'with parameter manage_service' do - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + let :facts do + default_facts.merge( + { + } + ) end ['YES','badvalue',2.42,['array'],a = { 'ha' => 'sh' }].each do |value| @@ -3404,32 +2408,24 @@ describe 'ssh' do ['true', true].each do |value| context "specified as valid true value #{value} (as #{value.class})" do let(:params) { { :manage_service => value } } - it do - expect { - should contain_service('sshd_service') - } - end + it { should contain_service('sshd_service') } end end ['false', false].each do |value| context "specified as valid false value #{value} (as #{value.class})" do let(:params) { { :manage_service => value } } - it do - expect { - should_not contain_service('sshd_service') - } - end + it { should_not contain_service('sshd_service') } end end end describe 'with parameter sshd_addressfamily' do - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + let :facts do + default_facts.merge( + { + } + ) end ['any','inet','inet6'].each do |value| @@ -3452,7 +2448,12 @@ describe 'ssh' do end describe 'with parameter ssh_config_use_roaming' do - let(:facts) { { :osfamily => 'RedHat' } } + let :facts do + default_facts.merge( + { + } + ) + end ['yes','no','unset'].each do |value| context "set to valid value #{value}" do @@ -3468,10 +2469,11 @@ describe 'ssh' do describe 'variable type and content validations' do # set needed custom facts and variables - let(:facts) do - { - :osfamily => 'RedHat', - } + let :facts do + default_facts.merge( + { + } + ) end let(:mandatory_params) do { diff --git a/spec/fixtures/ssh_config_debian b/spec/fixtures/ssh_config_debian new file mode 100644 index 0000000..4a1466c --- /dev/null +++ b/spec/fixtures/ssh_config_debian @@ -0,0 +1,61 @@ +# This file is being maintained by Puppet. +# DO NOT EDIT + +# $OpenBSD: ssh_config,v 1.21 2005/12/06 22:38:27 reyk Exp $ + +# This is the ssh client system-wide configuration file. See +# ssh_config(5) for more information. This file provides defaults for +# users, and the values can be changed in per-user configuration files +# or on the command line. + +# Configuration data is parsed as follows: +# 1. command line options +# 2. user-specific file +# 3. system-wide file +# Any configuration value is only changed the first time it is set. +# Thus, host-specific definitions should be at the beginning of the +# configuration file, and defaults at the end. + +# Site-wide defaults for some commonly used options. For a comprehensive +# list of available options, their meanings and defaults, please see the +# ssh_config(5) man page. + +# Host * +# ForwardAgent no +# ForwardX11 no +# RhostsRSAAuthentication no +# RSAAuthentication yes + PasswordAuthentication yes + PubkeyAuthentication yes +# HostbasedAuthentication no +# BatchMode no +# CheckHostIP yes +# AddressFamily any +# ConnectTimeout 0 +# StrictHostKeyChecking ask +# IdentityFile ~/.ssh/identity + IdentityFile ~/.ssh/id_rsa + IdentityFile ~/.ssh/id_dsa +# Port 22 + Protocol 2 +# Cipher 3des +# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc +# EscapeChar ~ +# Tunnel no +# TunnelDevice any:any +# PermitLocalCommand no +# HashKnownHosts no + HashKnownHosts no + GlobalKnownHostsFile /etc/ssh/ssh_known_hosts +Host * +# GSSAPIAuthentication yes + GSSAPIAuthentication yes +# If this option is set to yes then remote X11 clients will have full access +# to the original X11 display. As virtually no X11 client supports the untrusted +# mode correctly we set this to yes. + ForwardX11Trusted yes + UseRoaming no +# Send locale-related environment variables + SendEnv LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES + SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT + SendEnv LC_IDENTIFICATION LC_ALL diff --git a/spec/fixtures/ssh_config_rhel b/spec/fixtures/ssh_config_rhel new file mode 100644 index 0000000..4a1466c --- /dev/null +++ b/spec/fixtures/ssh_config_rhel @@ -0,0 +1,61 @@ +# This file is being maintained by Puppet. +# DO NOT EDIT + +# $OpenBSD: ssh_config,v 1.21 2005/12/06 22:38:27 reyk Exp $ + +# This is the ssh client system-wide configuration file. See +# ssh_config(5) for more information. This file provides defaults for +# users, and the values can be changed in per-user configuration files +# or on the command line. + +# Configuration data is parsed as follows: +# 1. command line options +# 2. user-specific file +# 3. system-wide file +# Any configuration value is only changed the first time it is set. +# Thus, host-specific definitions should be at the beginning of the +# configuration file, and defaults at the end. + +# Site-wide defaults for some commonly used options. For a comprehensive +# list of available options, their meanings and defaults, please see the +# ssh_config(5) man page. + +# Host * +# ForwardAgent no +# ForwardX11 no +# RhostsRSAAuthentication no +# RSAAuthentication yes + PasswordAuthentication yes + PubkeyAuthentication yes +# HostbasedAuthentication no +# BatchMode no +# CheckHostIP yes +# AddressFamily any +# ConnectTimeout 0 +# StrictHostKeyChecking ask +# IdentityFile ~/.ssh/identity + IdentityFile ~/.ssh/id_rsa + IdentityFile ~/.ssh/id_dsa +# Port 22 + Protocol 2 +# Cipher 3des +# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc +# EscapeChar ~ +# Tunnel no +# TunnelDevice any:any +# PermitLocalCommand no +# HashKnownHosts no + HashKnownHosts no + GlobalKnownHostsFile /etc/ssh/ssh_known_hosts +Host * +# GSSAPIAuthentication yes + GSSAPIAuthentication yes +# If this option is set to yes then remote X11 clients will have full access +# to the original X11 display. As virtually no X11 client supports the untrusted +# mode correctly we set this to yes. + ForwardX11Trusted yes + UseRoaming no +# Send locale-related environment variables + SendEnv LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES + SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT + SendEnv LC_IDENTIFICATION LC_ALL diff --git a/spec/fixtures/ssh_config_rhel_old b/spec/fixtures/ssh_config_rhel_old new file mode 100644 index 0000000..df3d4bc --- /dev/null +++ b/spec/fixtures/ssh_config_rhel_old @@ -0,0 +1,60 @@ +# This file is being maintained by Puppet. +# DO NOT EDIT + +# $OpenBSD: ssh_config,v 1.21 2005/12/06 22:38:27 reyk Exp $ + +# This is the ssh client system-wide configuration file. See +# ssh_config(5) for more information. This file provides defaults for +# users, and the values can be changed in per-user configuration files +# or on the command line. + +# Configuration data is parsed as follows: +# 1. command line options +# 2. user-specific file +# 3. system-wide file +# Any configuration value is only changed the first time it is set. +# Thus, host-specific definitions should be at the beginning of the +# configuration file, and defaults at the end. + +# Site-wide defaults for some commonly used options. For a comprehensive +# list of available options, their meanings and defaults, please see the +# ssh_config(5) man page. + +# Host * +# ForwardAgent no +# ForwardX11 no +# RhostsRSAAuthentication no +# RSAAuthentication yes + PasswordAuthentication yes + PubkeyAuthentication yes +# HostbasedAuthentication no +# BatchMode no +# CheckHostIP yes +# AddressFamily any +# ConnectTimeout 0 +# StrictHostKeyChecking ask +# IdentityFile ~/.ssh/identity + IdentityFile ~/.ssh/id_rsa + IdentityFile ~/.ssh/id_dsa +# Port 22 + Protocol 2 +# Cipher 3des +# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc +# EscapeChar ~ +# Tunnel no +# TunnelDevice any:any +# PermitLocalCommand no +# HashKnownHosts no + HashKnownHosts no + GlobalKnownHostsFile /etc/ssh/ssh_known_hosts +Host * +# GSSAPIAuthentication yes + GSSAPIAuthentication yes +# If this option is set to yes then remote X11 clients will have full access +# to the original X11 display. As virtually no X11 client supports the untrusted +# mode correctly we set this to yes. + ForwardX11Trusted yes +# Send locale-related environment variables + SendEnv LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES + SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT + SendEnv LC_IDENTIFICATION LC_ALL diff --git a/spec/fixtures/ssh_config_solaris b/spec/fixtures/ssh_config_solaris new file mode 100644 index 0000000..75f4893 --- /dev/null +++ b/spec/fixtures/ssh_config_solaris @@ -0,0 +1,54 @@ +# This file is being maintained by Puppet. +# DO NOT EDIT + +# $OpenBSD: ssh_config,v 1.21 2005/12/06 22:38:27 reyk Exp $ + +# This is the ssh client system-wide configuration file. See +# ssh_config(5) for more information. This file provides defaults for +# users, and the values can be changed in per-user configuration files +# or on the command line. + +# Configuration data is parsed as follows: +# 1. command line options +# 2. user-specific file +# 3. system-wide file +# Any configuration value is only changed the first time it is set. +# Thus, host-specific definitions should be at the beginning of the +# configuration file, and defaults at the end. + +# Site-wide defaults for some commonly used options. For a comprehensive +# list of available options, their meanings and defaults, please see the +# ssh_config(5) man page. + +# Host * +# ForwardAgent no +# ForwardX11 no +# RhostsRSAAuthentication no +# RSAAuthentication yes + PasswordAuthentication yes + PubkeyAuthentication yes +# HostbasedAuthentication no +# BatchMode no +# CheckHostIP yes +# AddressFamily any +# ConnectTimeout 0 +# StrictHostKeyChecking ask +# IdentityFile ~/.ssh/identity + IdentityFile ~/.ssh/id_rsa + IdentityFile ~/.ssh/id_dsa +# Port 22 + Protocol 2 +# Cipher 3des +# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc +# EscapeChar ~ +# Tunnel no +# TunnelDevice any:any +# PermitLocalCommand no +# HashKnownHosts no + GlobalKnownHostsFile /etc/ssh/ssh_known_hosts +Host * +# GSSAPIAuthentication yes + GSSAPIAuthentication yes +# If this option is set to yes then remote X11 clients will have full access +# to the original X11 display. As virtually no X11 client supports the untrusted +# mode correctly we set this to yes. diff --git a/spec/fixtures/ssh_config_suse b/spec/fixtures/ssh_config_suse new file mode 100644 index 0000000..df3d4bc --- /dev/null +++ b/spec/fixtures/ssh_config_suse @@ -0,0 +1,60 @@ +# This file is being maintained by Puppet. +# DO NOT EDIT + +# $OpenBSD: ssh_config,v 1.21 2005/12/06 22:38:27 reyk Exp $ + +# This is the ssh client system-wide configuration file. See +# ssh_config(5) for more information. This file provides defaults for +# users, and the values can be changed in per-user configuration files +# or on the command line. + +# Configuration data is parsed as follows: +# 1. command line options +# 2. user-specific file +# 3. system-wide file +# Any configuration value is only changed the first time it is set. +# Thus, host-specific definitions should be at the beginning of the +# configuration file, and defaults at the end. + +# Site-wide defaults for some commonly used options. For a comprehensive +# list of available options, their meanings and defaults, please see the +# ssh_config(5) man page. + +# Host * +# ForwardAgent no +# ForwardX11 no +# RhostsRSAAuthentication no +# RSAAuthentication yes + PasswordAuthentication yes + PubkeyAuthentication yes +# HostbasedAuthentication no +# BatchMode no +# CheckHostIP yes +# AddressFamily any +# ConnectTimeout 0 +# StrictHostKeyChecking ask +# IdentityFile ~/.ssh/identity + IdentityFile ~/.ssh/id_rsa + IdentityFile ~/.ssh/id_dsa +# Port 22 + Protocol 2 +# Cipher 3des +# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc +# EscapeChar ~ +# Tunnel no +# TunnelDevice any:any +# PermitLocalCommand no +# HashKnownHosts no + HashKnownHosts no + GlobalKnownHostsFile /etc/ssh/ssh_known_hosts +Host * +# GSSAPIAuthentication yes + GSSAPIAuthentication yes +# If this option is set to yes then remote X11 clients will have full access +# to the original X11 display. As virtually no X11 client supports the untrusted +# mode correctly we set this to yes. + ForwardX11Trusted yes +# Send locale-related environment variables + SendEnv LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES + SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT + SendEnv LC_IDENTIFICATION LC_ALL diff --git a/spec/fixtures/sshd_config_debian b/spec/fixtures/sshd_config_debian new file mode 100644 index 0000000..ae66a64 --- /dev/null +++ b/spec/fixtures/sshd_config_debian @@ -0,0 +1,139 @@ +# This file is being maintained by Puppet. +# DO NOT EDIT + +# $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options change a +# default value. + +#Port 22 +Port 22 +#Protocol 2,1 +Protocol 2 +#AddressFamily any +AddressFamily any + +# HostKey for protocol version 1 +#HostKey /etc/ssh/ssh_host_key +# HostKeys for protocol version 2 +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_dsa_key +HostKey /etc/ssh/ssh_host_rsa_key + +# Lifetime and size of ephemeral version 1 server key +#KeyRegenerationInterval 1h +#ServerKeyBits 1024 +ServerKeyBits 1024 +# Logging +# obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +SyslogFacility AUTH +#LogLevel INFO +LogLevel INFO + +# Authentication: + +#LoginGraceTime 120 +LoginGraceTime 120 +#PermitRootLogin yes +PermitRootLogin yes +#StrictModes yes +#MaxAuthTries 6 + +#RSAAuthentication yes +#PubkeyAuthentication yes +#AuthorizedKeysFile .ssh/authorized_keys + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#RhostsRSAAuthentication no +# similar for protocol version 2 +#HostbasedAuthentication no +HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no +IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes +IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes +ChallengeResponseAuthentication yes + +# Kerberos options +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +GSSAPIAuthentication yes +#GSSAPICleanupCredentials yes +GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication mechanism. +# Depending on your PAM configuration, this may bypass the setting of +# PasswordAuthentication, PermitEmptyPasswords, and +# "PermitRootLogin without-password". If you just want the PAM account and +# session checks to run without PAM authentication, then enable this but set +# ChallengeResponseAuthentication=no +#UsePAM no +UsePAM yes + +# Accept locale-related environment variables +AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES +AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT +AcceptEnv LC_IDENTIFICATION LC_ALL +#AllowTcpForwarding yes +AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding no +X11Forwarding yes +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PrintMotd yes +PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#UseLogin no +#UsePrivilegeSeparation yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +ClientAliveInterval 0 +ClientAliveCountMax 3 +#ShowPatchLevel no +#UseDNS yes +UseDNS yes +#PidFile /var/run/sshd.pid +#MaxStartups 10:30:100 +#MaxSessions 10 + +#PermitTunnel no +#ChrootDirectory none + +# no default banner path +#Banner none +Banner none + +#XAuthLocation /usr/bin/xauth +XAuthLocation /usr/bin/xauth + +# override default of no subsystems +Subsystem sftp /usr/lib/openssh/sftp-server + diff --git a/spec/fixtures/sshd_config_rhel b/spec/fixtures/sshd_config_rhel new file mode 100644 index 0000000..ebc70aa --- /dev/null +++ b/spec/fixtures/sshd_config_rhel @@ -0,0 +1,139 @@ +# This file is being maintained by Puppet. +# DO NOT EDIT + +# $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options change a +# default value. + +#Port 22 +Port 22 +#Protocol 2,1 +Protocol 2 +#AddressFamily any +AddressFamily any + +# HostKey for protocol version 1 +#HostKey /etc/ssh/ssh_host_key +# HostKeys for protocol version 2 +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_dsa_key +HostKey /etc/ssh/ssh_host_rsa_key + +# Lifetime and size of ephemeral version 1 server key +#KeyRegenerationInterval 1h +#ServerKeyBits 1024 +ServerKeyBits 1024 +# Logging +# obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +SyslogFacility AUTH +#LogLevel INFO +LogLevel INFO + +# Authentication: + +#LoginGraceTime 120 +LoginGraceTime 120 +#PermitRootLogin yes +PermitRootLogin yes +#StrictModes yes +#MaxAuthTries 6 + +#RSAAuthentication yes +#PubkeyAuthentication yes +#AuthorizedKeysFile .ssh/authorized_keys + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#RhostsRSAAuthentication no +# similar for protocol version 2 +#HostbasedAuthentication no +HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no +IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes +IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes +ChallengeResponseAuthentication yes + +# Kerberos options +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +GSSAPIAuthentication yes +#GSSAPICleanupCredentials yes +GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication mechanism. +# Depending on your PAM configuration, this may bypass the setting of +# PasswordAuthentication, PermitEmptyPasswords, and +# "PermitRootLogin without-password". If you just want the PAM account and +# session checks to run without PAM authentication, then enable this but set +# ChallengeResponseAuthentication=no +#UsePAM no +UsePAM yes + +# Accept locale-related environment variables +AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES +AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT +AcceptEnv LC_IDENTIFICATION LC_ALL +#AllowTcpForwarding yes +AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding no +X11Forwarding yes +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PrintMotd yes +PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#UseLogin no +#UsePrivilegeSeparation yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +ClientAliveInterval 0 +ClientAliveCountMax 3 +#ShowPatchLevel no +#UseDNS yes +UseDNS yes +#PidFile /var/run/sshd.pid +#MaxStartups 10:30:100 +#MaxSessions 10 + +#PermitTunnel no +#ChrootDirectory none + +# no default banner path +#Banner none +Banner none + +#XAuthLocation /usr/bin/xauth +XAuthLocation /usr/bin/xauth + +# override default of no subsystems +Subsystem sftp /usr/libexec/openssh/sftp-server + diff --git a/spec/fixtures/sshd_config_solaris b/spec/fixtures/sshd_config_solaris new file mode 100644 index 0000000..3dd9a35 --- /dev/null +++ b/spec/fixtures/sshd_config_solaris @@ -0,0 +1,128 @@ +# This file is being maintained by Puppet. +# DO NOT EDIT + +# $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options change a +# default value. + +#Port 22 +Port 22 +#Protocol 2,1 +Protocol 2 +#AddressFamily any +AddressFamily any + +# HostKey for protocol version 1 +#HostKey /etc/ssh/ssh_host_key +# HostKeys for protocol version 2 +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_dsa_key +HostKey /etc/ssh/ssh_host_rsa_key + +# Lifetime and size of ephemeral version 1 server key +#KeyRegenerationInterval 1h +#ServerKeyBits 1024 +ServerKeyBits 768 +# Logging +# obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +SyslogFacility AUTH +#LogLevel INFO +LogLevel INFO + +# Authentication: + +#LoginGraceTime 120 +LoginGraceTime 120 +#PermitRootLogin yes +PermitRootLogin yes +#StrictModes yes +#MaxAuthTries 6 + +#RSAAuthentication yes +#PubkeyAuthentication yes +#AuthorizedKeysFile .ssh/authorized_keys + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#RhostsRSAAuthentication no +# similar for protocol version 2 +#HostbasedAuthentication no +HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no +IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes +IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +PasswordAuthentication yes +# Use PAM via keyboard interactive method for authentication. +# Depending on the setup of pam.conf(4) this may allow tunneled clear text +# passwords even when PasswordAuthentication is set to no. This is dependent +# on what the individual modules request and is out of the control of sshd +# or the protocol. +PAMAuthenticationViaKBDInt yes +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes +ChallengeResponseAuthentication yes + +# Kerberos options +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +GSSAPIAuthentication yes +GSSAPIKeyExchange yes + + +#AllowTcpForwarding yes +AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding no +X11Forwarding yes +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PrintMotd yes +PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#UseLogin no +#UsePrivilegeSeparation yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +ClientAliveInterval 0 +ClientAliveCountMax 3 +#ShowPatchLevel no +#PidFile /var/run/sshd.pid +#MaxStartups 10:30:100 +#MaxSessions 10 + +#PermitTunnel no +#ChrootDirectory none + +# no default banner path +#Banner none +Banner none + +#XAuthLocation /usr/bin/xauth +XAuthLocation /usr/openwin/bin/xauth + +# override default of no subsystems +Subsystem sftp /usr/lib/ssh/sftp-server + diff --git a/spec/fixtures/sshd_config_suse_i386 b/spec/fixtures/sshd_config_suse_i386 new file mode 100644 index 0000000..e2574ec --- /dev/null +++ b/spec/fixtures/sshd_config_suse_i386 @@ -0,0 +1,139 @@ +# This file is being maintained by Puppet. +# DO NOT EDIT + +# $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options change a +# default value. + +#Port 22 +Port 22 +#Protocol 2,1 +Protocol 2 +#AddressFamily any +AddressFamily any + +# HostKey for protocol version 1 +#HostKey /etc/ssh/ssh_host_key +# HostKeys for protocol version 2 +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_dsa_key +HostKey /etc/ssh/ssh_host_rsa_key + +# Lifetime and size of ephemeral version 1 server key +#KeyRegenerationInterval 1h +#ServerKeyBits 1024 +ServerKeyBits 1024 +# Logging +# obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +SyslogFacility AUTH +#LogLevel INFO +LogLevel INFO + +# Authentication: + +#LoginGraceTime 120 +LoginGraceTime 120 +#PermitRootLogin yes +PermitRootLogin yes +#StrictModes yes +#MaxAuthTries 6 + +#RSAAuthentication yes +#PubkeyAuthentication yes +#AuthorizedKeysFile .ssh/authorized_keys + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#RhostsRSAAuthentication no +# similar for protocol version 2 +#HostbasedAuthentication no +HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no +IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes +IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes +ChallengeResponseAuthentication yes + +# Kerberos options +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +GSSAPIAuthentication yes +#GSSAPICleanupCredentials yes +GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication mechanism. +# Depending on your PAM configuration, this may bypass the setting of +# PasswordAuthentication, PermitEmptyPasswords, and +# "PermitRootLogin without-password". If you just want the PAM account and +# session checks to run without PAM authentication, then enable this but set +# ChallengeResponseAuthentication=no +#UsePAM no +UsePAM yes + +# Accept locale-related environment variables +AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES +AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT +AcceptEnv LC_IDENTIFICATION LC_ALL +#AllowTcpForwarding yes +AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding no +X11Forwarding yes +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PrintMotd yes +PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#UseLogin no +#UsePrivilegeSeparation yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +ClientAliveInterval 0 +ClientAliveCountMax 3 +#ShowPatchLevel no +#UseDNS yes +UseDNS yes +#PidFile /var/run/sshd.pid +#MaxStartups 10:30:100 +#MaxSessions 10 + +#PermitTunnel no +#ChrootDirectory none + +# no default banner path +#Banner none +Banner none + +#XAuthLocation /usr/bin/xauth +XAuthLocation /usr/bin/xauth + +# override default of no subsystems +Subsystem sftp /usr/lib/ssh/sftp-server + diff --git a/spec/fixtures/sshd_config_suse_x86_64 b/spec/fixtures/sshd_config_suse_x86_64 new file mode 100644 index 0000000..f4640e0 --- /dev/null +++ b/spec/fixtures/sshd_config_suse_x86_64 @@ -0,0 +1,139 @@ +# This file is being maintained by Puppet. +# DO NOT EDIT + +# $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options change a +# default value. + +#Port 22 +Port 22 +#Protocol 2,1 +Protocol 2 +#AddressFamily any +AddressFamily any + +# HostKey for protocol version 1 +#HostKey /etc/ssh/ssh_host_key +# HostKeys for protocol version 2 +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_dsa_key +HostKey /etc/ssh/ssh_host_rsa_key + +# Lifetime and size of ephemeral version 1 server key +#KeyRegenerationInterval 1h +#ServerKeyBits 1024 +ServerKeyBits 1024 +# Logging +# obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +SyslogFacility AUTH +#LogLevel INFO +LogLevel INFO + +# Authentication: + +#LoginGraceTime 120 +LoginGraceTime 120 +#PermitRootLogin yes +PermitRootLogin yes +#StrictModes yes +#MaxAuthTries 6 + +#RSAAuthentication yes +#PubkeyAuthentication yes +#AuthorizedKeysFile .ssh/authorized_keys + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#RhostsRSAAuthentication no +# similar for protocol version 2 +#HostbasedAuthentication no +HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no +IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes +IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes +ChallengeResponseAuthentication yes + +# Kerberos options +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +GSSAPIAuthentication yes +#GSSAPICleanupCredentials yes +GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication mechanism. +# Depending on your PAM configuration, this may bypass the setting of +# PasswordAuthentication, PermitEmptyPasswords, and +# "PermitRootLogin without-password". If you just want the PAM account and +# session checks to run without PAM authentication, then enable this but set +# ChallengeResponseAuthentication=no +#UsePAM no +UsePAM yes + +# Accept locale-related environment variables +AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES +AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT +AcceptEnv LC_IDENTIFICATION LC_ALL +#AllowTcpForwarding yes +AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding no +X11Forwarding yes +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PrintMotd yes +PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#UseLogin no +#UsePrivilegeSeparation yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +ClientAliveInterval 0 +ClientAliveCountMax 3 +#ShowPatchLevel no +#UseDNS yes +UseDNS yes +#PidFile /var/run/sshd.pid +#MaxStartups 10:30:100 +#MaxSessions 10 + +#PermitTunnel no +#ChrootDirectory none + +# no default banner path +#Banner none +Banner none + +#XAuthLocation /usr/bin/xauth +XAuthLocation /usr/bin/xauth + +# override default of no subsystems +Subsystem sftp /usr/lib64/ssh/sftp-server +