puppet/ssh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Make Solaris work

Browse Source 
Clean up nalyanyam's commit
This commit is contained in:
Garrett Honeycutt 2014-02-25 12:53:45 +01:00
parent 94d8fef4bb
commit ae87198e76
5 changed files with 659 additions and 173 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
README.md
View File

@ -1,4 +1,4 @@
# puppet-module-ssh # # puppet-module-ssh
Manage ssh client and server. Manage ssh client and server.
@ -6,7 +6,7 @@ The module uses exported resources to manage ssh keys and removes ssh keys that
=== ===
# Compatability # # Compatability
This module has been tested to work on the following systems with Puppet v3 and Ruby versions 1.8.7, 1.9.3 and 2.0.0. This module has been tested to work on the following systems with Puppet v3 and Ruby versions 1.8.7, 1.9.3 and 2.0.0.
@ -15,11 +15,15 @@ This module has been tested to work on the following systems with Puppet v3 and
* EL 6 * EL 6
* SLES 11 * SLES 11
* Ubuntu 12.04 LTS * Ubuntu 12.04 LTS
* Solaris 9
* Solaris 10 * Solaris 10
* Solaris 11
=== ===
# Parameters # # Parameters
A value of `'USE_DEFAULTS'` will use the defaults specified by the module.
hiera_merge hiera_merge
----------- -----------
@ -35,13 +39,13 @@ ssh_config_hash_known_hosts
HashKnownHosts in ssh_config. HashKnownHosts in ssh_config.
Indicates that ssh should hash host names and addresses when they are added to ~/.ssh/known_hosts. Indicates that ssh should hash host names and addresses when they are added to ~/.ssh/known_hosts.
These hashed names may be used normally by ssh and sshd, but they do not reveal identifying These hashed names may be used normally by ssh and sshd, but they do not reveal identifying
information should the file's contents be disclosed. The default is 'no' on Linux OS. information should the file's contents be disclosed. The default is 'no' on Linux.
Note that existing names and addresses in known hosts files will not be converted automatically, Note that existing names and addresses in known hosts files will not be converted automatically,
but may be manually hashed using ssh-keygen. Use of this option may break facilities such as but may be manually hashed using ssh-keygen. Use of this option may break facilities such as
tab-completion that rely on being able to read unhashed host names from ~/.ssh/known_hosts. tab-completion that rely on being able to read unhashed host names from ~/.ssh/known_hosts.
- *Default*: based on OS platform. - *Default*: 'USE_DEFAULTS'
ssh_config_path ssh_config_path
--------------- ---------------
@ -87,10 +91,16 @@ ServerAliveInterval option in ssh_config. Not set by default.
ssh_config_sendenv_xmodifiers ssh_config_sendenv_xmodifiers
----------------------- -----------------------
Boolean to set 'SendEnv XMODIFIERS' in ssh_config. This option is only valid on Linux OS. Boolean to set 'SendEnv XMODIFIERS' in ssh_config. This option is only valid on Linux.
- *Default*: false - *Default*: false
ssh_sendenv
-------------
Boolean to enable SendEnv options for specifying environment variables. Default is set to true on Linux.
- *Default*: 'USE_DEFAULTS'
sshd_config_path sshd_config_path
---------------- ----------------
Path to sshd_config. Path to sshd_config.
@ -111,15 +121,15 @@ sshd_config's group.
sshd_config_mode sshd_config_mode
--------------- ---------------
sshd_config's mode. The default is '0600' on Linux OS and '0644' on Solaris OS. sshd_config's mode. The default is '0600' on Linux and '0644' on Solaris.
- *Default*: based on OS platform. - *Default*: 'USE_DEFAULTS'
sshd_config_port sshd_config_port
--------------------------- ---------------------------
String to specify listen port for sshd. Port option in sshd_config. String to specify listen port for sshd. Port option in sshd_config.
- *Default*: 22 - *Default*: '22'
sshd_config_syslog_facility sshd_config_syslog_facility
--------------------------- ---------------------------
@ -147,9 +157,9 @@ PrintMotd option in sshd_config.
sshd_config_use_dns sshd_config_use_dns
------------------- -------------------
UseDNS option in sshd_config. The default is 'yes' on Linux OS. UseDNS option in sshd_config. The default is 'yes' on Linux.
- *Default*: based on OS platform. (Only valid on Linux OS.) - *Default*: 'USE_DEFAULTS'
sshd_config_banner sshd_config_banner
------------------ ------------------
@ -185,33 +195,30 @@ sshd_config_xauth_location
-------------------------- --------------------------
XAuthLocation option in sshd_config. XAuthLocation option in sshd_config.
- *Default*: based on OS platform. - *Default*: 'USE_DEFAULTS'
sshd_config_subsystem_sftp sshd_config_subsystem_sftp
-------------------------- --------------------------
Path to sftp file transfer subsystem in sshd_config. Path to sftp file transfer subsystem in sshd_config.
- *Default*: based on OS platform. - *Default*: 'USE_DEFAULTS'
sshd_password_authentication sshd_password_authentication
----------------------------- -----------------------------
PasswordAuthentication in sshd_config. PasswordAuthentication in sshd_config. Specifies whether password authentication is allowed.
Specifies whether password authentication is allowed.
- *Default*: 'yes' - *Default*: 'yes'
sshd_allow_tcp_forwarding sshd_allow_tcp_forwarding
------------------------- -------------------------
AllowTcpForwarding in sshd_config. AllowTcpForwarding in sshd_config. Specifies whether TCP forwarding is permitted.
Specifies whether TCP forwarding is permitted.
- *Default*: 'yes' - *Default*: 'yes'
sshd_x11_forwarding sshd_x11_forwarding
------------------- -------------------
X11Forwarding in sshd_config. X11Forwarding in sshd_config. Specifies whether X11 forwarding is permitted.
Specifies whether X11 forwarding is permitted. Module sets this option to 'yes'. Future release will update the default to be based on OS platform.
- *Default*: 'yes' - *Default*: 'yes'
@ -221,9 +228,9 @@ UsePam in sshd_config.
Enables the Pluggable Authentication Module interface. If set to 'yes' this will enable PAM Enables the Pluggable Authentication Module interface. If set to 'yes' this will enable PAM
authentication using ChallengeResponseAuthentication and PasswordAuthentication in addition authentication using ChallengeResponseAuthentication and PasswordAuthentication in addition
to PAM account and session module processing for all authentication types. to PAM account and session module processing for all authentication types.
This module sets this option to 'yes' on Linux OS and undef on Solaris OS. This module sets this option to 'yes' on Linux and undef on Solaris.
- *Default*: based on OS platform. (Valid only on Linux OS) - *Default*: 'USE_DEFAULTS'
sshd_client_alive_interval sshd_client_alive_interval
-------------------------- --------------------------
@ -255,54 +262,51 @@ Allow root login. Valid values are 'yes', 'without-password', 'forced-commands-o
ssh_config_forward_x11_trusted ssh_config_forward_x11_trusted
------------------------------ ------------------------------
ForwardX11Trusted. Determine remote X11 client access to the original X11 display. ForwardX11Trusted. Determine remote X11 client access to the original X11 display. The option is set to 'yes' on Linux. Valid values are 'yes', 'no', and undef.
The option is set to 'yes' on Linux OS.
- *Default*: based on OS platform. (Not valid on Solaris OS.) - *Default*: 'USE_DEFAULTS' (Not valid on Solaris.)
ssh_package_source ssh_package_source
------------------ ------------------
Source to SSH packages. Source to SSH packages.
- *Default*: based on OS platform. (used on Solaris) - *Default*: 'USE_DEFAULTS'
ssh_package_adminfile ssh_package_adminfile
--------------------- ---------------------
Path to admin file for SSH packages. Path to admin file for SSH packages.
- *Default*: based on OS platform. (used on Solaris) - *Default*: 'USE_DEFAULTS'
sshd_gssapiauthentication sshd_gssapiauthentication
------------------------- -------------------------
GSSAPIAuthentication: Enables/disables GSS-API user authentication. GSSAPIAuthentication: Enables/disables GSS-API user authentication. Valid values are 'yes' and 'no'.
- *Default*: based on OS platform. - *Default*: 'yes'
sshd_gssapikeyexchange sshd_gssapikeyexchange
---------------------- ----------------------
GSSAPIKeyExchange: Enables/disables GSS-API-authenticated key exchanges. GSSAPIKeyExchange: Enables/disables GSS-API-authenticated key exchanges. Valid values are 'yes', 'no', and undef.
- *Default*: based on OS platform. - *Default*: 'USE_DEFAULTS'
sshd_pamauthenticationviakbdint sshd_pamauthenticationviakbdint
------------------------------- -------------------------------
PAMAuthenticationViaKBDInt: Use PAM via keyboard interactive method for authentication. PAMAuthenticationViaKBDInt: Use PAM via keyboard interactive method for authentication. Valid values are 'yes', 'no', and undef.
- *Default*: based on OS platform. (valid on Solaris OS) - *Default*: 'USE_DEFAULTS'
sshd_gssapicleanupcredentials sshd_gssapicleanupcredentials
----------------------------- -----------------------------
GSSAPICleanupCredentials: Specifies whether to automatically destroy the user's credentials on logout. GSSAPICleanupCredentials: Specifies whether to automatically destroy the user's credentials on logout. Default is 'yes' on Linux. Valid values are 'yes', 'no', and undef.
Default is 'yes' on Linux OS.
- *Default*: based on OS platform. (Only valid on Linux OS) - *Default*: 'USE_DEFAULTS'
ssh_acceptenv sshd_acceptenv
------------- -------------
Boolean to enable AcceptEnv and SendEnv options for specifying environment variables. Boolean to enable AcceptEnv options for specifying environment variables. Default is set to true on Linux.
Default is set to 'true' on Linux OS.
- *Default*: based on OS platform. (Only valid on Linux OS) - *Default*: 'USE_DEFAULTS'
purge_keys purge_keys
---------- ----------
@ -312,7 +316,7 @@ Remove keys not managed by puppet.
manage_firewall manage_firewall
--------------- ---------------
Open firewall for SSH service. Not used on Solaris OS. Open firewall for SSH service. Not used on Solaris.
- *Default*: false - *Default*: false

122
manifests/init.pp
View File

@ -8,6 +8,8 @@ class ssh (
$permit_root_login = 'yes', $permit_root_login = 'yes',
$purge_keys = 'true', $purge_keys = 'true',
$manage_firewall = false, $manage_firewall = false,
$ssh_package_source = 'USE_DEFAULTS',
$ssh_package_adminfile = 'USE_DEFAULTS',
$ssh_config_hash_known_hosts = 'USE_DEFAULTS', $ssh_config_hash_known_hosts = 'USE_DEFAULTS',
$ssh_config_path = '/etc/ssh/ssh_config', $ssh_config_path = '/etc/ssh/ssh_config',
$ssh_config_owner = 'root', $ssh_config_owner = 'root',
@ -18,6 +20,7 @@ class ssh (
$ssh_config_forward_agent = undef, $ssh_config_forward_agent = undef,
$ssh_config_server_alive_interval = undef, $ssh_config_server_alive_interval = undef,
$ssh_config_sendenv_xmodifiers = false, $ssh_config_sendenv_xmodifiers = false,
$ssh_sendenv = 'USE_DEFAULTS',
$sshd_config_path = '/etc/ssh/sshd_config', $sshd_config_path = '/etc/ssh/sshd_config',
$sshd_config_owner = 'root', $sshd_config_owner = 'root',
$sshd_config_group = 'root', $sshd_config_group = 'root',
@ -35,6 +38,16 @@ class ssh (
$sshd_banner_mode = '0644', $sshd_banner_mode = '0644',
$sshd_config_xauth_location = 'USE_DEFAULTS', $sshd_config_xauth_location = 'USE_DEFAULTS',
$sshd_config_subsystem_sftp = 'USE_DEFAULTS', $sshd_config_subsystem_sftp = 'USE_DEFAULTS',
$sshd_password_authentication = 'yes',
$sshd_allow_tcp_forwarding = 'yes',
$sshd_x11_forwarding = 'yes',
$sshd_use_pam = 'USE_DEFAULTS',
$sshd_client_alive_interval = '0',
$sshd_gssapiauthentication = 'yes',
$sshd_gssapikeyexchange = 'USE_DEFAULTS',
$sshd_pamauthenticationviakbdint = 'USE_DEFAULTS',
$sshd_gssapicleanupcredentials = 'USE_DEFAULTS',
$sshd_acceptenv = 'USE_DEFAULTS',
$service_ensure = 'running', $service_ensure = 'running',
$service_name = 'USE_DEFAULTS', $service_name = 'USE_DEFAULTS',
$service_enable = 'true', $service_enable = 'true',
@ -45,54 +58,44 @@ class ssh (
$keys = undef, $keys = undef,
$manage_root_ssh_config = 'false', $manage_root_ssh_config = 'false',
$root_ssh_config_content = "# This file is being maintained by Puppet.\n# DO NOT EDIT\n", $root_ssh_config_content = "# This file is being maintained by Puppet.\n# DO NOT EDIT\n",
$sshd_password_authentication = 'yes',
$sshd_allow_tcp_forwarding = 'yes',
$sshd_x11_forwarding = 'yes',
$sshd_use_pam = 'USE_DEFAULTS',
$sshd_client_alive_interval = '0',
$ssh_package_source = 'USE_DEFAULTS',
$ssh_package_adminfile = 'USE_DEFAULTS',
$sshd_gssapiauthentication = 'yes',
$sshd_gssapikeyexchange = 'USE_DEFAULTS',
$sshd_pamauthenticationviakbdint = 'USE_DEFAULTS',
$sshd_gssapicleanupcredentials = 'USE_DEFAULTS',
$ssh_acceptenv = 'USE_DEFAULTS',
) { ) {
case $::osfamily { case $::osfamily {
'RedHat': { 'RedHat': {
$default_packages = ['openssh-server', $default_packages = ['openssh-server',
'openssh-clients'] 'openssh-clients']
$default_sshd_config_subsystem_sftp = '/usr/libexec/openssh/sftp-server'
$default_ssh_config_hash_known_hosts = 'no'
$default_service_name = 'sshd' $default_service_name = 'sshd'
$default_ssh_config_hash_known_hosts = 'no'
$default_ssh_config_forward_x11_trusted = 'yes' $default_ssh_config_forward_x11_trusted = 'yes'
$default_ssh_package_source = undef
$default_ssh_package_adminfile = undef
$default_ssh_sendenv = true
$default_sshd_config_subsystem_sftp = '/usr/libexec/openssh/sftp-server'
$default_sshd_config_mode = '0600' $default_sshd_config_mode = '0600'
$default_sshd_config_use_dns = 'yes' $default_sshd_config_use_dns = 'yes'
$default_sshd_config_xauth_location = '/usr/bin/xauth' $default_sshd_config_xauth_location = '/usr/bin/xauth'
$default_sshd_use_pam = 'yes' $default_sshd_use_pam = 'yes'
$default_ssh_package_source = undef
$default_ssh_package_adminfile = undef
$default_sshd_gssapikeyexchange = undef $default_sshd_gssapikeyexchange = undef
$default_sshd_pamauthenticationviakbdint = undef $default_sshd_pamauthenticationviakbdint = undef
$default_sshd_gssapicleanupcredentials = 'yes' $default_sshd_gssapicleanupcredentials = 'yes'
$default_ssh_acceptenv = true $default_sshd_acceptenv = true
} }
'Suse': { 'Suse': {
$default_packages = 'openssh' $default_packages = 'openssh'
$default_ssh_config_hash_known_hosts = 'no'
$default_service_name = 'sshd' $default_service_name = 'sshd'
$default_ssh_config_hash_known_hosts = 'no'
$default_ssh_package_source = undef
$default_ssh_package_adminfile = undef
$default_ssh_sendenv = true
$default_ssh_config_forward_x11_trusted = 'yes' $default_ssh_config_forward_x11_trusted = 'yes'
$default_sshd_config_mode = '0600' $default_sshd_config_mode = '0600'
$default_sshd_config_use_dns = 'yes' $default_sshd_config_use_dns = 'yes'
$default_sshd_config_xauth_location = '/usr/bin/xauth' $default_sshd_config_xauth_location = '/usr/bin/xauth'
$default_sshd_use_pam = 'yes' $default_sshd_use_pam = 'yes'
$default_ssh_package_source = undef
$default_ssh_package_adminfile = undef
$default_sshd_gssapikeyexchange = undef $default_sshd_gssapikeyexchange = undef
$default_sshd_pamauthenticationviakbdint = undef $default_sshd_pamauthenticationviakbdint = undef
$default_sshd_gssapicleanupcredentials = 'yes' $default_sshd_gssapicleanupcredentials = 'yes'
$default_ssh_acceptenv = true $default_sshd_acceptenv = true
case $::architecture { case $::architecture {
'x86_64': { 'x86_64': {
$default_sshd_config_subsystem_sftp = '/usr/lib64/ssh/sftp-server' $default_sshd_config_subsystem_sftp = '/usr/lib64/ssh/sftp-server'
@ -108,20 +111,21 @@ class ssh (
'Debian': { 'Debian': {
$default_packages = ['openssh-server', $default_packages = ['openssh-server',
'openssh-client'] 'openssh-client']
$default_ssh_config_hash_known_hosts = 'no'
$default_sshd_config_subsystem_sftp = '/usr/lib/openssh/sftp-server'
$default_service_name = 'ssh' $default_service_name = 'ssh'
$default_ssh_config_forward_x11_trusted = 'yes' $default_ssh_config_forward_x11_trusted = 'yes'
$default_ssh_config_hash_known_hosts = 'no'
$default_ssh_package_source = undef
$default_ssh_package_adminfile = undef
$default_ssh_sendenv = true
$default_sshd_config_subsystem_sftp = '/usr/lib/openssh/sftp-server'
$default_sshd_config_mode = '0600' $default_sshd_config_mode = '0600'
$default_sshd_config_use_dns = 'yes' $default_sshd_config_use_dns = 'yes'
$default_sshd_config_xauth_location = '/usr/bin/xauth' $default_sshd_config_xauth_location = '/usr/bin/xauth'
$default_sshd_use_pam = 'yes' $default_sshd_use_pam = 'yes'
$default_ssh_package_source = undef
$default_ssh_package_adminfile = undef
$default_sshd_gssapikeyexchange = undef $default_sshd_gssapikeyexchange = undef
$default_sshd_pamauthenticationviakbdint = undef $default_sshd_pamauthenticationviakbdint = undef
$default_sshd_gssapicleanupcredentials = 'yes' $default_sshd_gssapicleanupcredentials = 'yes'
$default_ssh_acceptenv = true $default_sshd_acceptenv = true
} }
'Solaris': { 'Solaris': {
$default_packages = ['SUNWsshcu', $default_packages = ['SUNWsshcu',
@ -130,25 +134,26 @@ class ssh (
'SUNWsshr', 'SUNWsshr',
'SUNWsshu'] 'SUNWsshu']
$default_ssh_config_hash_known_hosts = undef $default_ssh_config_hash_known_hosts = undef
$default_sshd_config_subsystem_sftp = '/usr/lib/ssh/sftp-server' $default_ssh_package_source = '/var/spool/pkg'
$default_ssh_package_adminfile = undef
$default_ssh_sendenv = false
$default_ssh_config_forward_x11_trusted = undef $default_ssh_config_forward_x11_trusted = undef
$default_sshd_config_subsystem_sftp = '/usr/lib/ssh/sftp-server'
$default_sshd_config_mode = '0644' $default_sshd_config_mode = '0644'
$default_sshd_config_use_dns = undef $default_sshd_config_use_dns = undef
$default_sshd_config_xauth_location = '/usr/openwin/bin/xauth' $default_sshd_config_xauth_location = '/usr/openwin/bin/xauth'
$default_sshd_use_pam = undef $default_sshd_use_pam = undef
$default_ssh_package_source = '/var/spool/pkg'
$default_ssh_package_adminfile = undef
$default_sshd_gssapikeyexchange = 'yes' $default_sshd_gssapikeyexchange = 'yes'
$default_sshd_pamauthenticationviakbdint = 'yes' $default_sshd_pamauthenticationviakbdint = 'yes'
$default_sshd_gssapicleanupcredentials = undef $default_sshd_gssapicleanupcredentials = undef
$default_ssh_acceptenv = false $default_sshd_acceptenv = false
case $::kernelrelease { case $::kernelrelease {
'5.10','5.11': { '5.10','5.11': {
$default_service_name = 'ssh' $default_service_name = 'ssh'
} }
'5.9' : { '5.9' : {
$default_service_name = 'sshd' $default_service_name = 'sshd'
} }
default: { default: {
fail('ssh module supports Solaris kernel release 5.9, 5.10 and 5.11.') fail('ssh module supports Solaris kernel release 5.9, 5.10 and 5.11.')
} }
@ -207,6 +212,10 @@ class ssh (
$ssh_package_adminfile_real = $ssh_package_adminfile $ssh_package_adminfile_real = $ssh_package_adminfile
} }
if $ssh_package_adminfile_real != undef {
validate_absolute_path($ssh_package_adminfile_real)
}
if $sshd_config_use_dns == 'USE_DEFAULTS' { if $sshd_config_use_dns == 'USE_DEFAULTS' {
$sshd_config_use_dns_real = $default_sshd_config_use_dns $sshd_config_use_dns_real = $default_sshd_config_use_dns
} else { } else {
@ -224,6 +233,9 @@ class ssh (
} else { } else {
$ssh_config_forward_x11_trusted_real = $ssh_config_forward_x11_trusted $ssh_config_forward_x11_trusted_real = $ssh_config_forward_x11_trusted
} }
if $ssh_config_forward_x11_trusted_real != undef {
validate_re($ssh_config_forward_x11_trusted_real, '^(yes|no)$', "ssh::ssh_config_forward_x11_trusted may be either 'yes' or 'no' and is set to <${ssh_config_forward_x11_trusted_real}>.")
}
if $sshd_gssapikeyexchange == 'USE_DEFAULTS' { if $sshd_gssapikeyexchange == 'USE_DEFAULTS' {
$sshd_gssapikeyexchange_real = $default_sshd_gssapikeyexchange $sshd_gssapikeyexchange_real = $default_sshd_gssapikeyexchange
@ -243,33 +255,50 @@ class ssh (
$sshd_gssapicleanupcredentials_real = $sshd_gssapicleanupcredentials $sshd_gssapicleanupcredentials_real = $sshd_gssapicleanupcredentials
} }
if $ssh_acceptenv == 'USE_DEFAULTS' { if $ssh_sendenv == 'USE_DEFAULTS' {
$ssh_acceptenv_real = $default_ssh_acceptenv $ssh_sendenv_real = $default_ssh_sendenv
} else { } else {
case type($ssh_acceptenv) { case type($ssh_sendenv) {
'string': { 'string': {
validate_re($ssh_acceptenv, '^(true|false)$', "ssh::ssh_acceptenv may be either 'true' or 'false' and is set to <${ssh_acceptenv}>.") validate_re($ssh_sendenv, '^(true|false)$', "ssh::ssh_sendenv may be either 'true' or 'false' and is set to <${ssh_sendenv}>.")
$ssh_acceptenv_real = str2bool($ssh_acceptenv) $ssh_sendenv_real = str2bool($ssh_sendenv)
} }
'boolean': { 'boolean': {
$ssh_acceptenv_real = $ssh_acceptenv $ssh_sendenv_real = $ssh_sendenv
} }
default: { default: {
fail('ssh::ssh_acceptenv type must be true or false.') fail('ssh::ssh_sendenv type must be true or false.')
}
}
}
if $sshd_acceptenv == 'USE_DEFAULTS' {
$sshd_acceptenv_real = $default_sshd_acceptenv
} else {
case type($sshd_acceptenv) {
'string': {
validate_re($sshd_acceptenv, '^(true|false)$', "ssh::sshd_acceptenv may be either 'true' or 'false' and is set to <${sshd_acceptenv}>.")
$sshd_acceptenv_real = str2bool($sshd_acceptenv)
}
'boolean': {
$sshd_acceptenv_real = $sshd_acceptenv
}
default: {
fail('ssh::sshd_acceptenv type must be true or false.')
} }
} }
} }
# validate params # validate params
if $ssh_config_hash_known_hosts_real != undef { if $ssh_config_hash_known_hosts_real != undef {
validate_re($ssh_config_hash_known_hosts_real, '^(yes|no)$', "ssh_config_hash_known_hosts may be either 'yes' or 'no' and is set to <${ssh_config_hash_known_hosts_real}>.") validate_re($ssh_config_hash_known_hosts_real, '^(yes|no)$', "ssh::ssh_config_hash_known_hosts may be either 'yes' or 'no' and is set to <${ssh_config_hash_known_hosts_real}>.")
} }
validate_re($sshd_config_port, '^\d+$', "ssh::sshd_config_port must be a valid number and is set to <${sshd_config_port}>.") validate_re($sshd_config_port, '^\d+$', "ssh::sshd_config_port must be a valid number and is set to <${sshd_config_port}>.")
validate_re($sshd_password_authentication, '^(yes|no)$', "ssh::sshd_password_authentication may be either 'yes' or 'no' and is set to <${sshd_password_authentication}>.") validate_re($sshd_password_authentication, '^(yes|no)$', "ssh::sshd_password_authentication may be either 'yes' or 'no' and is set to <${sshd_password_authentication}>.")
validate_re($sshd_allow_tcp_forwarding, '^(yes|no)$', "ssh::sshd_allow_tcp_forwarding may be either 'yes' or 'no' and is set to <${sshd_allow_tcp_forwarding}>.") validate_re($sshd_allow_tcp_forwarding, '^(yes|no)$', "ssh::sshd_allow_tcp_forwarding may be either 'yes' or 'no' and is set to <${sshd_allow_tcp_forwarding}>.")
validate_re($sshd_x11_forwarding, '^(yes|no)$', "ssh::sshd_x11_forwarding may be either 'yes' or 'no' and is set to <${sshd_x11_forwarding}>.") validate_re($sshd_x11_forwarding, '^(yes|no)$', "ssh::sshd_x11_forwarding may be either 'yes' or 'no' and is set to <${sshd_x11_forwarding}>.")
if $sshd_use_pam_real != undef { if $sshd_use_pam_real != undef {
validate_re($sshd_use_pam_real, '^(yes|no)$', "ssh::sshd_use_pam may be either 'yes' or 'no' and is set to <${sshd_use_pam_real}>.") validate_re($sshd_use_pam_real, '^(yes|no)$', "ssh::sshd_use_pam may be either 'yes' or 'no' and is set to <${sshd_use_pam_real}>.")
} }
if is_integer($sshd_client_alive_interval) == false { fail("ssh::sshd_client_alive_interval must be an integer and is set to <${sshd_client_alive_interval}>.") } if is_integer($sshd_client_alive_interval) == false { fail("ssh::sshd_client_alive_interval must be an integer and is set to <${sshd_client_alive_interval}>.") }
@ -281,14 +310,17 @@ class ssh (
} }
validate_re($sshd_gssapiauthentication, '^(yes|no)$', "ssh::sshd_gssapiauthentication may be either 'yes' or 'no' and is set to <${sshd_gssapiauthentication}>.") validate_re($sshd_gssapiauthentication, '^(yes|no)$', "ssh::sshd_gssapiauthentication may be either 'yes' or 'no' and is set to <${sshd_gssapiauthentication}>.")
if $sshd_gssapikeyexchange_real != undef { if $sshd_gssapikeyexchange_real != undef {
validate_re($sshd_gssapikeyexchange_real, '^(yes|no)$', "ssh::sshd_gssapikeyexchange may be either 'yes' or 'no' and is set to <${sshd_gssapikeyexchange_real}>.") validate_re($sshd_gssapikeyexchange_real, '^(yes|no)$', "ssh::sshd_gssapikeyexchange may be either 'yes' or 'no' and is set to <${sshd_gssapikeyexchange_real}>.")
} }
if $sshd_pamauthenticationviakbdint_real != undef { if $sshd_pamauthenticationviakbdint_real != undef {
validate_re($sshd_pamauthenticationviakbdint_real, '^(yes|no)$', "ssh::sshd_pamauthenticationviakbdint may be either 'yes' or 'no' and is set to <${sshd_pamauthenticationviakbdint_real}>.") validate_re($sshd_pamauthenticationviakbdint_real, '^(yes|no)$', "ssh::sshd_pamauthenticationviakbdint may be either 'yes' or 'no' and is set to <${sshd_pamauthenticationviakbdint_real}>.")
} }
if $sshd_gssapicleanupcredentials_real != undef { if $sshd_gssapicleanupcredentials_real != undef {
validate_re($sshd_gssapicleanupcredentials_real, '^(yes|no)$', "ssh::sshd_gssapicleanupcredentials may be either 'yes' or 'no' and is set to <${sshd_gssapicleanupcredentials_real}>.") validate_re($sshd_gssapicleanupcredentials_real, '^(yes|no)$', "ssh::sshd_gssapicleanupcredentials may be either 'yes' or 'no' and is set to <${sshd_gssapicleanupcredentials_real}>.")
} }
case type($hiera_merge) { case type($hiera_merge) {

612
spec/classes/init_spec.rb
View File

@ -2,9 +2,8 @@ require 'spec_helper'
describe 'ssh' do describe 'ssh' do
context 'with default params on osfamily RedHat' do context 'with default params on osfamily RedHat' do
let :facts do let(:facts) do
{ { :fqdn => 'monkey.example.com',
:fqdn => 'monkey.example.com',
:osfamily => 'RedHat', :osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
} }
@ -26,7 +25,7 @@ describe 'ssh' do
it { it {
should contain_file('ssh_config').with({ should contain_file('ssh_config').with({
'ensure' => 'file', 'ensure' => 'file',
'path' => '/etc/ssh/ssh_config', 'path' => '/etc/ssh/ssh_config',
'owner' => 'root', 'owner' => 'root',
'group' => 'root', 'group' => 'root',
@ -39,6 +38,7 @@ describe 'ssh' do
it { should contain_file('ssh_config').with_content(/^ Protocol 2$/) } it { should contain_file('ssh_config').with_content(/^ Protocol 2$/) }
it { should contain_file('ssh_config').with_content(/^\s*HashKnownHosts no$/) } it { should contain_file('ssh_config').with_content(/^\s*HashKnownHosts no$/) }
it { should contain_file('ssh_config').with_content(/^\s*SendEnv L.*$/) } it { should contain_file('ssh_config').with_content(/^\s*SendEnv L.*$/) }
it { should contain_file('ssh_config').with_content(/^\s*ForwardX11Trusted yes$/) }
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) } it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) }
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) } it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) }
@ -46,7 +46,7 @@ describe 'ssh' do
it { it {
should contain_file('sshd_config').with({ should contain_file('sshd_config').with({
'ensure' => 'file', 'ensure' => 'file',
'path' => '/etc/ssh/sshd_config', 'path' => '/etc/ssh/sshd_config',
'owner' => 'root', 'owner' => 'root',
'group' => 'root', 'group' => 'root',
@ -73,8 +73,8 @@ describe 'ssh' do
it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication yes$/) } it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication yes$/) }
it { should contain_file('sshd_config').with_content(/^GSSAPICleanupCredentials yes$/) } it { should contain_file('sshd_config').with_content(/^GSSAPICleanupCredentials yes$/) }
it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) } it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) }
it { should_not contain_file('sshd_config').with_content(/^PAMAuthenticationViaKBDInt yes$/) } it { should_not contain_file('sshd_config').with_content(/^\s*PAMAuthenticationViaKBDInt yes$/) }
it { should_not contain_file('sshd_config').with_content(/^GSSAPIKeyExchange no$/) } it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPIKeyExchange no$/) }
it { should contain_file('sshd_config').with_content(/^AcceptEnv L.*$/) } it { should contain_file('sshd_config').with_content(/^AcceptEnv L.*$/) }
it { it {
@ -98,27 +98,27 @@ describe 'ssh' do
context 'with default params on osfamily Solaris kernelrelease 5.8' do context 'with default params on osfamily Solaris kernelrelease 5.8' do
let :facts do let :facts do
{ {
:fqdn => 'monkey.example.com', :fqdn => 'monkey.example.com',
:osfamily => 'Solaris', :osfamily => 'Solaris',
:kernelrelease => '5.8', :kernelrelease => '5.8',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
} }
end end
it 'should fail' do it 'should fail' do
expect { expect {
should include_class('ssh') should include_class('ssh')
}.to raise_error(Puppet::Error,/ssh module supports Solaris kernel release 5.9, 5.10 and 5.11./) }.to raise_error(Puppet::Error,/^ssh module supports Solaris kernel release 5.9, 5.10 and 5.11./)
end end
end end
context 'with default params on osfamily Solaris kernelrelease 5.11' do context 'with default params on osfamily Solaris kernelrelease 5.11' do
let :facts do let :facts do
{ {
:fqdn => 'monkey.example.com', :fqdn => 'monkey.example.com',
:osfamily => 'Solaris', :osfamily => 'Solaris',
:kernelrelease => '5.11', :kernelrelease => '5.11',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
} }
end end
@ -130,8 +130,8 @@ describe 'ssh' do
['SUNWsshcu','SUNWsshdr','SUNWsshdu','SUNWsshr','SUNWsshu'].each do |pkg| ['SUNWsshcu','SUNWsshdr','SUNWsshdu','SUNWsshr','SUNWsshu'].each do |pkg|
it { it {
should contain_package(pkg).with({ should contain_package(pkg).with({
'ensure' => 'installed', 'ensure' => 'installed',
'source' => '/var/spool/pkg', 'source' => '/var/spool/pkg',
'adminfile' => nil, 'adminfile' => nil,
}) })
} }
@ -139,7 +139,7 @@ describe 'ssh' do
it { it {
should contain_file('ssh_config').with({ should contain_file('ssh_config').with({
'ensure' => 'file', 'ensure' => 'file',
'path' => '/etc/ssh/ssh_config', 'path' => '/etc/ssh/ssh_config',
'owner' => 'root', 'owner' => 'root',
'group' => 'root', 'group' => 'root',
@ -151,6 +151,7 @@ describe 'ssh' do
it { should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/) } it { should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/) }
it { should contain_file('ssh_config').with_content(/^ Protocol 2$/) } it { should contain_file('ssh_config').with_content(/^ Protocol 2$/) }
it { should_not contain_file('ssh_config').with_content(/^\s*HashKnownHosts no$/) } it { should_not contain_file('ssh_config').with_content(/^\s*HashKnownHosts no$/) }
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11Trusted/) }
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) } it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) }
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) } it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) }
@ -177,11 +178,11 @@ describe 'ssh' do
it { should contain_file('sshd_config').with_content(/^XAuthLocation \/usr\/openwin\/bin\/xauth$/) } it { should contain_file('sshd_config').with_content(/^XAuthLocation \/usr\/openwin\/bin\/xauth$/) }
it { should contain_file('sshd_config').with_content(/^Subsystem sftp \/usr\/lib\/ssh\/sftp-server$/) } it { should contain_file('sshd_config').with_content(/^Subsystem sftp \/usr\/lib\/ssh\/sftp-server$/) }
it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication yes$/) } it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication yes$/) }
it { should_not contain_file('sshd_config').with_content(/^GSSAPICleanupCredentials yes$/) } it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPICleanupCredentials yes$/) }
it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) } it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) }
it { should contain_file('sshd_config').with_content(/^PAMAuthenticationViaKBDInt yes$/) } it { should contain_file('sshd_config').with_content(/^PAMAuthenticationViaKBDInt yes$/) }
it { should contain_file('sshd_config').with_content(/^GSSAPIKeyExchange yes$/) } it { should contain_file('sshd_config').with_content(/^GSSAPIKeyExchange yes$/) }
it { should_not contain_file('sshd_config').with_content(/^AcceptEnv L.*$/) } it { should_not contain_file('sshd_config').with_content(/^\s*AcceptEnv L.*$/) }
it { it {
should contain_service('sshd_service').with({ should contain_service('sshd_service').with({
@ -204,10 +205,10 @@ describe 'ssh' do
context 'with default params on osfamily Solaris kernelrelease 5.10' do context 'with default params on osfamily Solaris kernelrelease 5.10' do
let :facts do let :facts do
{ {
:fqdn => 'monkey.example.com', :fqdn => 'monkey.example.com',
:osfamily => 'Solaris', :osfamily => 'Solaris',
:kernelrelease => '5.10', :kernelrelease => '5.10',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
} }
end end
@ -218,8 +219,8 @@ describe 'ssh' do
['SUNWsshcu','SUNWsshdr','SUNWsshdu','SUNWsshr','SUNWsshu'].each do |pkg| ['SUNWsshcu','SUNWsshdr','SUNWsshdu','SUNWsshr','SUNWsshu'].each do |pkg|
it { it {
should contain_package(pkg).with({ should contain_package(pkg).with({
'ensure' => 'installed', 'ensure' => 'installed',
'source' => '/var/spool/pkg', 'source' => '/var/spool/pkg',
'adminfile' => nil, 'adminfile' => nil,
}) })
} }
@ -227,7 +228,7 @@ describe 'ssh' do
it { it {
should contain_file('ssh_config').with({ should contain_file('ssh_config').with({
'ensure' => 'file', 'ensure' => 'file',
'path' => '/etc/ssh/ssh_config', 'path' => '/etc/ssh/ssh_config',
'owner' => 'root', 'owner' => 'root',
'group' => 'root', 'group' => 'root',
@ -239,6 +240,7 @@ describe 'ssh' do
it { should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/) } it { should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/) }
it { should contain_file('ssh_config').with_content(/^ Protocol 2$/) } it { should contain_file('ssh_config').with_content(/^ Protocol 2$/) }
it { should_not contain_file('ssh_config').with_content(/^\s*HashKnownHosts no$/) } it { should_not contain_file('ssh_config').with_content(/^\s*HashKnownHosts no$/) }
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11Trusted/) }
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) } it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) }
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) } it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) }
@ -265,11 +267,11 @@ describe 'ssh' do
it { should contain_file('sshd_config').with_content(/^XAuthLocation \/usr\/openwin\/bin\/xauth$/) } it { should contain_file('sshd_config').with_content(/^XAuthLocation \/usr\/openwin\/bin\/xauth$/) }
it { should contain_file('sshd_config').with_content(/^Subsystem sftp \/usr\/lib\/ssh\/sftp-server$/) } it { should contain_file('sshd_config').with_content(/^Subsystem sftp \/usr\/lib\/ssh\/sftp-server$/) }
it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication yes$/) } it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication yes$/) }
it { should_not contain_file('sshd_config').with_content(/^GSSAPICleanupCredentials yes$/) } it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPICleanupCredentials yes$/) }
it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) } it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) }
it { should contain_file('sshd_config').with_content(/^PAMAuthenticationViaKBDInt yes$/) } it { should contain_file('sshd_config').with_content(/^PAMAuthenticationViaKBDInt yes$/) }
it { should contain_file('sshd_config').with_content(/^GSSAPIKeyExchange yes$/) } it { should contain_file('sshd_config').with_content(/^GSSAPIKeyExchange yes$/) }
it { should_not contain_file('sshd_config').with_content(/^AcceptEnv L.*$/) } it { should_not contain_file('sshd_config').with_content(/^\s*AcceptEnv L.*$/) }
it { it {
should contain_service('sshd_service').with({ should contain_service('sshd_service').with({
@ -291,11 +293,10 @@ describe 'ssh' do
context 'with default params on osfamily Solaris kernelrelease 5.9' do context 'with default params on osfamily Solaris kernelrelease 5.9' do
let :facts do let :facts do
{ { :fqdn => 'monkey.example.com',
:fqdn => 'monkey.example.com', :osfamily => 'Solaris',
:osfamily => 'Solaris', :kernelrelease => '5.9',
:kernelrelease => '5.9', :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
} }
end end
@ -306,8 +307,8 @@ describe 'ssh' do
['SUNWsshcu','SUNWsshdr','SUNWsshdu','SUNWsshr','SUNWsshu'].each do |pkg| ['SUNWsshcu','SUNWsshdr','SUNWsshdu','SUNWsshr','SUNWsshu'].each do |pkg|
it { it {
should contain_package(pkg).with({ should contain_package(pkg).with({
'ensure' => 'installed', 'ensure' => 'installed',
'source' => '/var/spool/pkg', 'source' => '/var/spool/pkg',
'adminfile' => nil, 'adminfile' => nil,
}) })
} }
@ -315,7 +316,7 @@ describe 'ssh' do
it { it {
should contain_file('ssh_config').with({ should contain_file('ssh_config').with({
'ensure' => 'file', 'ensure' => 'file',
'path' => '/etc/ssh/ssh_config', 'path' => '/etc/ssh/ssh_config',
'owner' => 'root', 'owner' => 'root',
'group' => 'root', 'group' => 'root',
@ -327,6 +328,7 @@ describe 'ssh' do
it { should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/) } it { should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/) }
it { should contain_file('ssh_config').with_content(/^ Protocol 2$/) } it { should contain_file('ssh_config').with_content(/^ Protocol 2$/) }
it { should_not contain_file('ssh_config').with_content(/^\s*HashKnownHosts no$/) } it { should_not contain_file('ssh_config').with_content(/^\s*HashKnownHosts no$/) }
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11Trusted/) }
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) } it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) }
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) } it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) }
@ -335,7 +337,7 @@ describe 'ssh' do
it { it {
should contain_file('sshd_config').with({ should contain_file('sshd_config').with({
'ensure' => 'file', 'ensure' => 'file',
'path' => '/etc/ssh/sshd_config', 'path' => '/etc/ssh/sshd_config',
'owner' => 'root', 'owner' => 'root',
'group' => 'root', 'group' => 'root',
@ -353,11 +355,11 @@ describe 'ssh' do
it { should contain_file('sshd_config').with_content(/^XAuthLocation \/usr\/openwin\/bin\/xauth$/) } it { should contain_file('sshd_config').with_content(/^XAuthLocation \/usr\/openwin\/bin\/xauth$/) }
it { should contain_file('sshd_config').with_content(/^Subsystem sftp \/usr\/lib\/ssh\/sftp-server$/) } it { should contain_file('sshd_config').with_content(/^Subsystem sftp \/usr\/lib\/ssh\/sftp-server$/) }
it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication yes$/) } it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication yes$/) }
it { should_not contain_file('sshd_config').with_content(/^GSSAPICleanupCredentials yes$/) } it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPICleanupCredentials yes$/) }
it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) } it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) }
it { should contain_file('sshd_config').with_content(/^PAMAuthenticationViaKBDInt yes$/) } it { should contain_file('sshd_config').with_content(/^PAMAuthenticationViaKBDInt yes$/) }
it { should contain_file('sshd_config').with_content(/^GSSAPIKeyExchange yes$/) } it { should contain_file('sshd_config').with_content(/^GSSAPIKeyExchange yes$/) }
it { should_not contain_file('sshd_config').with_content(/^AcceptEnv L.*$/) } it { should_not contain_file('sshd_config').with_content(/^\s*AcceptEnv L.*$/) }
it { it {
should contain_service('sshd_service').with({ should contain_service('sshd_service').with({
@ -380,9 +382,9 @@ describe 'ssh' do
context 'with default params on osfamily Debian' do context 'with default params on osfamily Debian' do
let :facts do let :facts do
{ {
:fqdn => 'monkey.example.com', :fqdn => 'monkey.example.com',
:osfamily => 'Debian', :osfamily => 'Debian',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
} }
end end
it { should compile.with_all_deps } it { should compile.with_all_deps }
@ -401,7 +403,7 @@ describe 'ssh' do
it { it {
should contain_file('ssh_config').with({ should contain_file('ssh_config').with({
'ensure' => 'file', 'ensure' => 'file',
'path' => '/etc/ssh/ssh_config', 'path' => '/etc/ssh/ssh_config',
'owner' => 'root', 'owner' => 'root',
'group' => 'root', 'group' => 'root',
@ -414,6 +416,7 @@ describe 'ssh' do
it { should contain_file('ssh_config').with_content(/^ Protocol 2$/) } it { should contain_file('ssh_config').with_content(/^ Protocol 2$/) }
it { should contain_file('ssh_config').with_content(/^\s*HashKnownHosts no$/) } it { should contain_file('ssh_config').with_content(/^\s*HashKnownHosts no$/) }
it { should contain_file('ssh_config').with_content(/^\s*SendEnv L.*$/) } it { should contain_file('ssh_config').with_content(/^\s*SendEnv L.*$/) }
it { should contain_file('ssh_config').with_content(/^\s*ForwardX11Trusted yes$/) }
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) } it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) }
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) } it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) }
@ -448,8 +451,8 @@ describe 'ssh' do
it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication yes$/) } it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication yes$/) }
it { should contain_file('sshd_config').with_content(/^GSSAPICleanupCredentials yes$/) } it { should contain_file('sshd_config').with_content(/^GSSAPICleanupCredentials yes$/) }
it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) } it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) }
it { should_not contain_file('sshd_config').with_content(/^PAMAuthenticationViaKBDInt yes$/) } it { should_not contain_file('sshd_config').with_content(/^\s*PAMAuthenticationViaKBDInt yes$/) }
it { should_not contain_file('sshd_config').with_content(/^GSSAPIKeyExchange yes$/) } it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPIKeyExchange yes$/) }
it { should contain_file('sshd_config').with_content(/^AcceptEnv L.*$/) } it { should contain_file('sshd_config').with_content(/^AcceptEnv L.*$/) }
it { it {
@ -494,7 +497,7 @@ describe 'ssh' do
it { it {
should contain_file('ssh_config').with({ should contain_file('ssh_config').with({
'ensure' => 'file', 'ensure' => 'file',
'path' => '/etc/ssh/ssh_config', 'path' => '/etc/ssh/ssh_config',
'owner' => 'root', 'owner' => 'root',
'group' => 'root', 'group' => 'root',
@ -507,6 +510,7 @@ describe 'ssh' do
it { should contain_file('ssh_config').with_content(/^ Protocol 2$/) } it { should contain_file('ssh_config').with_content(/^ Protocol 2$/) }
it { should contain_file('ssh_config').with_content(/^\s*HashKnownHosts no$/) } it { should contain_file('ssh_config').with_content(/^\s*HashKnownHosts no$/) }
it { should contain_file('ssh_config').with_content(/^\s*SendEnv L.*$/) } it { should contain_file('ssh_config').with_content(/^\s*SendEnv L.*$/) }
it { should contain_file('ssh_config').with_content(/^\s*ForwardX11Trusted yes$/) }
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) } it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) }
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) } it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) }
@ -541,8 +545,8 @@ describe 'ssh' do
it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication yes$/) } it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication yes$/) }
it { should contain_file('sshd_config').with_content(/^GSSAPICleanupCredentials yes$/) } it { should contain_file('sshd_config').with_content(/^GSSAPICleanupCredentials yes$/) }
it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) } it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) }
it { should_not contain_file('sshd_config').with_content(/^PAMAuthenticationViaKBDInt yes$/) } it { should_not contain_file('sshd_config').with_content(/^\s*PAMAuthenticationViaKBDInt yes$/) }
it { should_not contain_file('sshd_config').with_content(/^GSSAPIKeyExchange yes$/) } it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPIKeyExchange yes$/) }
it { should contain_file('sshd_config').with_content(/^AcceptEnv L.*$/) } it { should contain_file('sshd_config').with_content(/^AcceptEnv L.*$/) }
it { it {
@ -587,7 +591,7 @@ describe 'ssh' do
it { it {
should contain_file('ssh_config').with({ should contain_file('ssh_config').with({
'ensure' => 'file', 'ensure' => 'file',
'path' => '/etc/ssh/ssh_config', 'path' => '/etc/ssh/ssh_config',
'owner' => 'root', 'owner' => 'root',
'group' => 'root', 'group' => 'root',
@ -600,6 +604,7 @@ describe 'ssh' do
it { should contain_file('ssh_config').with_content(/^ Protocol 2$/) } it { should contain_file('ssh_config').with_content(/^ Protocol 2$/) }
it { should contain_file('ssh_config').with_content(/^\s*HashKnownHosts no$/) } it { should contain_file('ssh_config').with_content(/^\s*HashKnownHosts no$/) }
it { should contain_file('ssh_config').with_content(/^\s*SendEnv L.*$/) } it { should contain_file('ssh_config').with_content(/^\s*SendEnv L.*$/) }
it { should contain_file('ssh_config').with_content(/^\s*ForwardX11Trusted yes$/) }
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) } it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) }
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) } it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) }
@ -634,8 +639,8 @@ describe 'ssh' do
it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication yes$/) } it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication yes$/) }
it { should contain_file('sshd_config').with_content(/^GSSAPICleanupCredentials yes$/) } it { should contain_file('sshd_config').with_content(/^GSSAPICleanupCredentials yes$/) }
it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) } it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) }
it { should_not contain_file('sshd_config').with_content(/^PAMAuthenticationViaKBDInt yes$/) } it { should_not contain_file('sshd_config').with_content(/^\s*PAMAuthenticationViaKBDInt yes$/) }
it { should_not contain_file('sshd_config').with_content(/^GSSAPIKeyExchange yes$/) } it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPIKeyExchange yes$/) }
it { should contain_file('sshd_config').with_content(/^AcceptEnv L.*$/) } it { should contain_file('sshd_config').with_content(/^AcceptEnv L.*$/) }
it { it {
@ -698,7 +703,7 @@ describe 'ssh' do
it { it {
should contain_file('ssh_config').with({ should contain_file('ssh_config').with({
'ensure' => 'file', 'ensure' => 'file',
'path' => '/etc/ssh/ssh_config', 'path' => '/etc/ssh/ssh_config',
'owner' => 'root', 'owner' => 'root',
'group' => 'root', 'group' => 'root',
@ -750,7 +755,7 @@ describe 'ssh' do
it { it {
should contain_file('sshd_config').with({ should contain_file('sshd_config').with({
'ensure' => 'file', 'ensure' => 'file',
'path' => '/etc/ssh/sshd_config', 'path' => '/etc/ssh/sshd_config',
'owner' => 'root', 'owner' => 'root',
'group' => 'root', 'group' => 'root',
@ -777,8 +782,8 @@ describe 'ssh' do
it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication yes$/) } it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication yes$/) }
it { should contain_file('sshd_config').with_content(/^GSSAPICleanupCredentials yes$/) } it { should contain_file('sshd_config').with_content(/^GSSAPICleanupCredentials yes$/) }
it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) } it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) }
it { should_not contain_file('sshd_config').with_content(/^PAMAuthenticationViaKBDInt yes$/) } it { should_not contain_file('sshd_config').with_content(/^\s*PAMAuthenticationViaKBDInt yes$/) }
it { should_not contain_file('sshd_config').with_content(/^GSSAPIKeyExchange yes$/) } it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPIKeyExchange yes$/) }
it { should contain_file('sshd_config').with_content(/^AcceptEnv L.*$/) } it { should contain_file('sshd_config').with_content(/^AcceptEnv L.*$/) }
it { it {
@ -826,11 +831,11 @@ describe 'ssh' do
it { it {
should contain_file('root_ssh_config').with({ should contain_file('root_ssh_config').with({
'ensure' => 'file', 'ensure' => 'file',
'path' => '/root/.ssh/config', 'path' => '/root/.ssh/config',
'owner' => 'root', 'owner' => 'root',
'group' => 'root', 'group' => 'root',
'mode' => '0600', 'mode' => '0600',
}) })
} }
end end
@ -850,7 +855,7 @@ describe 'ssh' do
it 'should fail' do it 'should fail' do
expect { expect {
should contain_class('ssh') should contain_class('ssh')
}.to raise_error(Puppet::Error,/ssh_config_hash_known_hosts may be either \'yes\' or \'no\' and is set to <invalid>./) }.to raise_error(Puppet::Error,/^ssh::ssh_config_hash_known_hosts may be either \'yes\' or \'no\' and is set to <invalid>./)
end end
end end
@ -989,16 +994,13 @@ describe 'ssh' do
end end
context 'with sshd_config_banner set to invalid value on valid osfamily' do context 'with sshd_config_banner set to invalid value on valid osfamily' do
let :facts do let(:params) { { :sshd_config_banner => 'invalid/path' } }
{ let(:facts) do
:fqdn => 'monkey.example.com', { :fqdn => 'monkey.example.com',
:osfamily => 'RedHat', :osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
} }
end end
let :params do
{ :sshd_config_banner => 'invalid/path' }
end
it 'should fail' do it 'should fail' do
expect { expect {
@ -1008,18 +1010,13 @@ describe 'ssh' do
end end
context 'with sshd_banner_content set and with default value on sshd_config_banner on valid osfamily' do context 'with sshd_banner_content set and with default value on sshd_config_banner on valid osfamily' do
let(:params) { { :sshd_banner_content => 'textinbanner' } }
let :facts do let :facts do
{ { :fqdn => 'monkey.example.com',
:fqdn => 'monkey.example.com',
:osfamily => 'RedHat', :osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
} }
end end
let :params do
{
:sshd_banner_content => 'textinbanner'
}
end
it 'should fail' do it 'should fail' do
expect { expect {
@ -1030,16 +1027,13 @@ describe 'ssh' do
context 'with ssh_config_sendenv_xmodifiers set to invalid type, array' do context 'with ssh_config_sendenv_xmodifiers set to invalid type, array' do
let(:params) { { :ssh_config_sendenv_xmodifiers => ['invalid','type'] } }
let :facts do let :facts do
{ { :fqdn => 'monkey.example.com',
:fqdn => 'monkey.example.com',
:osfamily => 'RedHat', :osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
} }
end end
let :params do
{ :ssh_config_sendenv_xmodifiers => ['invalid','type'] }
end
it 'should fail' do it 'should fail' do
expect { expect {
@ -1215,4 +1209,460 @@ describe 'ssh' do
end end
end end
end end
describe 'with ssh_package_adminfile parameter specified' do
context 'as a valid path' do
let(:params) { { :ssh_package_adminfile => '/var/tmp/admin' } }
let :facts do
{ :fqdn => 'monkey.example.com',
:osfamily => 'Solaris',
:kernelrelease => '5.11',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
['SUNWsshcu','SUNWsshdr','SUNWsshdu','SUNWsshr','SUNWsshu'].each do |pkg|
it {
should contain_package(pkg).with({
'ensure' => 'installed',
'source' => '/var/spool/pkg',
'adminfile' => '/var/tmp/admin',
})
}
end
end
context 'as an invalid path' do
let(:params) { { :ssh_package_adminfile => 'invalid/path' } }
let :facts do
{ :fqdn => 'monkey.example.com',
:osfamily => 'Solaris',
:kernelrelease => '5.11',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
it 'should fail' do
expect { should raise_error(Puppet::Error,/^is not an absolute path/) }
end
end
end
describe 'with sshd_config_xauth_location parameter specified' do
context 'as a valid path' do
let(:params) { { :sshd_config_xauth_location => '/opt/ssh/bin/xauth' } }
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
it { should contain_file('sshd_config').with_content(/^XAuthLocation \/opt\/ssh\/bin\/xauth$/) }
end
context 'as an invalid path' do
let(:params) { { :sshd_config_xauth_location => 'invalid/path' } }
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
it 'should fail' do
expect { should raise_error(Puppet::Error,/^is not an absolute path/) }
end
end
context 'as an invalid type' do
let(:params) { { :sshd_config_xauth_location => true } }
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
it 'should fail' do
expect { should raise_error(Puppet::Error) }
end
end
end
describe 'with ssh_package_source parameter specified' do
context 'as a valid path' do
let(:params) { { :ssh_package_source => '/mnt/packages' } }
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'Solaris',
:kernelrelease => '5.11',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
['SUNWsshcu','SUNWsshdr','SUNWsshdu','SUNWsshr','SUNWsshu'].each do |pkg|
it {
should contain_package(pkg).with({
'ensure' => 'installed',
'source' => '/mnt/packages',
'adminfile' => nil,
})
}
end
end
context 'as an invalid path' do
let(:params) { { :ssh_package_source => 'invalid/path' } }
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'Solaris',
:kernelrelease => '5.11',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
it 'should fail' do
expect { should raise_error(Puppet::Error,/^is not an absolute path/) }
end
end
context 'as an invalid type' do
let(:params) { { :ssh_package_source => true } }
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'Solaris',
:kernelrelease => '5.11',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
it 'should fail' do
expect { should raise_error(Puppet::Error) }
end
end
end
describe 'with parameter ssh_config_forward_x11_trusted' do
['yes','no'].each do |value|
context "specified as #{value}" do
let(:params) { { :ssh_config_forward_x11_trusted => value } }
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
it { should contain_file('ssh_config').with_content(/^\s*ForwardX11Trusted #{value}$/) }
end
end
context 'not specified' do
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'Solaris',
:kernelrelease => '5.11',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11Trusted/) }
end
['YES',true].each do |value|
context "specified an invalid value #{value}" do
let(:params) { { :ssh_config_forward_x11_trusted => value } }
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
it 'should fail' do
expect { should raise_error(Puppet::Error,/^ssh::ssh_config_forward_x11_trusted may be either 'yes' or 'no' and is set to <#{value}>./) }
end
end
end
end
describe 'with parameter sshd_gssapiauthentication' do
['yes','no'].each do |value|
context "specified as #{value}" do
let(:params) { { :sshd_gssapiauthentication => value } }
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'Solaris',
:kernelrelease => '5.11',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication #{value}$/) }
end
end
['YES',true].each do |value|
context "specified an invalid value #{value}" do
let(:params) { { :sshd_gssapiauthentication => value } }
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
it 'should fail' do
expect { should raise_error(Puppet::Error,/^ssh::sshd_gssapiauthentication may be either 'yes' or 'no' and is set to <#{value}>./) }
end
end
end
end
describe 'with parameter sshd_gssapikeyexchange' do
['yes','no'].each do |value|
context "specified as #{value}" do
let(:params) { { :sshd_gssapikeyexchange => value } }
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
it { should contain_file('sshd_config').with_content(/^GSSAPIKeyExchange #{value}$/) }
end
end
context 'not specified' do
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPIKeyExchange/) }
end
['YES',true].each do |value|
context "specified an invalid value #{value}" do
let(:params) { { :sshd_gssapikeyexchange => value } }
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
it 'should fail' do
expect { should raise_error(Puppet::Error,/^ssh::sshd_gssapikeyexchange may be either 'yes' or 'no' and is set to <#{value}>./) }
end
end
end
end
describe 'with parameter sshd_pamauthenticationviakbdint' do
['yes','no'].each do |value|
context "specified as #{value}" do
let(:params) { { :sshd_pamauthenticationviakbdint => value } }
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
it { should contain_file('sshd_config').with_content(/^PAMAuthenticationViaKBDInt #{value}$/) }
end
end
context 'not specified' do
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
it { should_not contain_file('sshd_config').with_content(/^\s*PAMAuthenticationViaKBDInt/) }
end
['YES',true].each do |value|
context "specified an invalid value #{value}" do
let(:params) { { :sshd_pamauthenticationviakbdint => value } }
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
it 'should fail' do
expect { should raise_error(Puppet::Error,/^ssh::sshd_pamauthenticationviakbdint may be either 'yes' or 'no' and is set to <#{value}>./) }
end
end
end
end
describe 'with parameter sshd_gssapicleanupcredentials' do
['yes','no'].each do |value|
context "specified as #{value}" do
let(:params) { { :sshd_gssapicleanupcredentials => value } }
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
it { should contain_file('sshd_config').with_content(/^GSSAPICleanupCredentials #{value}$/) }
end
end
context 'not specified' do
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'Solaris',
:kernelrelease => '5.11',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPICleanupCredentials/) }
end
['YES',true].each do |value|
context "specified an invalid value #{value}" do
let(:params) { { :sshd_gssapicleanupcredentials => value } }
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
it 'should fail' do
expect { should raise_error(Puppet::Error,/^ssh::sshd_gssapicleanupcredentials may be either 'yes' or 'no' and is set to <#{value}>./) }
end
end
end
end
describe 'with parameter ssh_sendenv specified' do
['true',true].each do |value|
context "as #{value}" do
let(:params) { { :ssh_sendenv => value } }
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
it { should contain_file('ssh_config').with_content(/^\s*SendEnv/) }
end
end
['false',false].each do |value|
context "as #{value}" do
let(:params) { { :ssh_sendenv => value } }
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
it { should_not contain_file('ssh_config').with_content(/^\s*SendEnv/) }
end
end
context 'as an invalid string' do
let(:params) { { :ssh_sendenv => 'invalid' } }
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
it 'should fail' do
expect { should raise_error(Puppet::Error,/^ssh::ssh_sendenv may be either 'true' or 'false' and is set to <invalid>./) }
end
end
context 'as an invalid type' do
let(:params) { { :ssh_sendenv => ['invalid','type'] } }
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
it 'should fail' do
expect { should raise_error(Puppet::Error,/^ssh::ssh_sendenv type must be true or false./) }
end
end
end
describe 'with parameter sshd_acceptenv specified' do
['true',true].each do |value|
context "as #{value}" do
let(:params) { { :sshd_acceptenv => value } }
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
it { should contain_file('sshd_config').with_content(/^\s*AcceptEnv/) }
end
end
['false',false].each do |value|
context "as #{value}" do
let(:params) { { :sshd_acceptenv => value } }
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
it { should_not contain_file('sshd_config').with_content(/^\s*AcceptEnv/) }
end
end
context 'as an invalid string' do
let(:params) { { :sshd_acceptenv => 'invalid' } }
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
it 'should fail' do
expect { should raise_error(Puppet::Error,/^ssh::sshd_acceptenv may be either 'true' or 'false' and is set to <invalid>./) }
end
end
context 'as an invalid type' do
let(:params) { { :sshd_acceptenv => ['invalid','type'] } }
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
it 'should fail' do
expect { should raise_error(Puppet::Error,/^ssh::sshd_acceptenv type must be true or false./) }
end
end
end
end end

2
templates/ssh_config.erb
View File

@ -65,7 +65,7 @@ Host *
<% if @ssh_config_server_alive_interval != nil -%> <% if @ssh_config_server_alive_interval != nil -%>
ServerAliveInterval <%= @ssh_config_server_alive_interval %> ServerAliveInterval <%= @ssh_config_server_alive_interval %>
<% end -%> <% end -%>
<% if @ssh_acceptenv_real == true -%> <% if @ssh_sendenv_real == true -%>
# Send locale-related environment variables # Send locale-related environment variables
SendEnv LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES SendEnv LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT

12
templates/sshd_config.erb
View File

@ -65,11 +65,11 @@ PermitRootLogin <%= @permit_root_login %>
PasswordAuthentication <%= @sshd_password_authentication %> PasswordAuthentication <%= @sshd_password_authentication %>
<% if @sshd_pamauthenticationviakbdint_real != nil -%> <% if @sshd_pamauthenticationviakbdint_real != nil -%>
# Use PAM via keyboard interactive method for authentication. # Use PAM via keyboard interactive method for authentication.
# # Depending on the setup of pam.conf(4) this may allow tunneled clear text # Depending on the setup of pam.conf(4) this may allow tunneled clear text
# # passwords even when PasswordAuthentication is set to no. This is dependent # passwords even when PasswordAuthentication is set to no. This is dependent
# # on what the individual modules request and is out of the control of sshd # on what the individual modules request and is out of the control of sshd
# # or the protocol. # or the protocol.
PAMAuthenticationViaKBDInt yes PAMAuthenticationViaKBDInt <%= @sshd_pamauthenticationviakbdint_real %>
<% end -%> <% end -%>
#PermitEmptyPasswords no #PermitEmptyPasswords no
@ -107,7 +107,7 @@ GSSAPICleanupCredentials <%= @sshd_gssapicleanupcredentials_real %>
UsePAM <%= @sshd_use_pam_real %> UsePAM <%= @sshd_use_pam_real %>
<% end -%> <% end -%>
<% if @ssh_acceptenv_real == true -%> <% if @sshd_acceptenv_real == true -%>
# Accept locale-related environment variables # Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT