From dbd0e51760fd3ae8dd6ae9fc94f06a9dad551cc0 Mon Sep 17 00:00:00 2001 From: Wolf Noble Date: Tue, 12 Aug 2014 14:47:58 -0500 Subject: [PATCH 1/2] Add parameters to specify the template used to generate sshd_config and ssh_config --- README.md | 12 ++++++++++++ manifests/init.pp | 13 +++++++++++-- spec/classes/init_spec.rb | 35 +++++++++++++++++++++++++++++++++++ 3 files changed, 58 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 480cc4e..31ffe99 100644 --- a/README.md +++ b/README.md @@ -95,6 +95,12 @@ Boolean to set 'SendEnv XMODIFIERS' in ssh_config. This option is only valid on - *Default*: false +ssh_config_template +-------------------- +*string* The template used to generate ssh_config. + +- *Default*: 'ssh/ssh_config.erb' + ssh_config_ciphers ------------------ Array of ciphers to be used with the Ciphers option in ssh_config. @@ -157,6 +163,12 @@ SyslogFacility option in sshd_config. - *Default*: 'AUTH' +sshd_config_template +-------------------- +*string* The template used to generate sshd_config. + +- *Default*: 'ssh/sshd_config.erb' + sshd_config_login_grace_time ---------------------------- LoginGraceTime option in sshd_config. diff --git a/manifests/init.pp b/manifests/init.pp index 582d076..ddffa5c 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -22,6 +22,7 @@ class ssh ( $ssh_config_sendenv_xmodifiers = false, $ssh_config_ciphers = undef, $ssh_config_macs = undef, + $ssh_config_template = 'ssh/ssh_config.erb', $ssh_sendenv = 'USE_DEFAULTS', $sshd_config_path = '/etc/ssh/sshd_config', $sshd_config_owner = 'root', @@ -30,6 +31,7 @@ class ssh ( $sshd_config_mode = 'USE_DEFAULTS', $sshd_config_port = '22', $sshd_config_syslog_facility = 'AUTH', + $sshd_config_template = 'ssh/sshd_config.erb', $sshd_config_login_grace_time = '120', $sshd_config_challenge_resp_auth = 'yes', $sshd_config_print_motd = 'yes', @@ -479,6 +481,13 @@ class ssh ( } } + #ssh_config template + validate_string($ssh_config_template) + + #sshd_config template + validate_string($sshd_config_template) + + #loglevel $supported_loglevel_vals=['QUIET', 'FATAL', 'ERROR', 'INFO', 'VERBOSE'] validate_re($sshd_config_loglevel, $supported_loglevel_vals) @@ -524,7 +533,7 @@ class ssh ( owner => $ssh_config_owner, group => $ssh_config_group, mode => $ssh_config_mode, - content => template('ssh/ssh_config.erb'), + content => template($ssh_config_template), require => Package[$packages_real], } @@ -534,7 +543,7 @@ class ssh ( mode => $sshd_config_mode_real, owner => $sshd_config_owner, group => $sshd_config_group, - content => template('ssh/sshd_config.erb'), + content => template($sshd_config_template), require => Package[$packages_real], } diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index db53821..95454c2 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -967,6 +967,41 @@ describe 'ssh' do end end + + context 'when ssh_config_template has a nonstandard value' do + context 'and that value is not valid' do + let (:facts) {{:fqdn => 'monkey.example.com', :osfamily => 'RedHat', :root_home => '/root', :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='}} + let (:params) {{'ssh_config_template' => false}} + it 'should fail' do + expect { subject }.to raise_error(Puppet::Error, /is not a string/) + end + end + context 'and that value is valid' do + let (:facts) {{:fqdn => 'monkey.example.com', :osfamily => 'RedHat', :root_home => '/root', :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='}} + let (:params) {{'ssh_config_template' => 'ssh/sshd_config.erb'}} + it 'should lay down the ssh_config file from the specified template' do + should contain_file('ssh_config').with_content(/OpenBSD: sshd_config/) + end + end + end + + context 'when sshd_config_template has a nonstandard value' do + context 'and that value is not valid' do + let (:facts) {{:fqdn => 'monkey.example.com', :osfamily => 'RedHat', :root_home => '/root', :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='}} + let (:params) {{'sshd_config_template' => false}} + it 'should fail' do + expect { subject }.to raise_error(Puppet::Error, /is not a string/) + end + end + context 'and that value is valid' do + let (:facts) {{:fqdn => 'monkey.example.com', :osfamily => 'RedHat', :root_home => '/root', :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='}} + let (:params) {{'sshd_config_template' => 'ssh/ssh_config.erb'}} + it 'should lay down the sshd_config file from the specified template' do + should contain_file('sshd_config').with_content(/OpenBSD: ssh_config/) + end + end + end + context 'with manage_root_ssh_config set to \'true\' on valid osfamily' do let :facts do { From b71936382149b1c4c8688d0375da7610f75490a1 Mon Sep 17 00:00:00 2001 From: Wolf Noble Date: Wed, 13 Aug 2014 18:03:50 -0500 Subject: [PATCH 2/2] fix facts declarations in spec tests to pass codesmell --- spec/classes/init_spec.rb | 36 ++++++++++++++++++++++++++++++++---- 1 file changed, 32 insertions(+), 4 deletions(-) diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index 95454c2..e93a074 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -970,14 +970,28 @@ describe 'ssh' do context 'when ssh_config_template has a nonstandard value' do context 'and that value is not valid' do - let (:facts) {{:fqdn => 'monkey.example.com', :osfamily => 'RedHat', :root_home => '/root', :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='}} + let :facts do + { + :fqdn => 'monkey.example.com', + :osfamily => 'RedHat', + :root_home => '/root', + :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' + } + end let (:params) {{'ssh_config_template' => false}} it 'should fail' do expect { subject }.to raise_error(Puppet::Error, /is not a string/) end end context 'and that value is valid' do - let (:facts) {{:fqdn => 'monkey.example.com', :osfamily => 'RedHat', :root_home => '/root', :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='}} + let :facts do + { + :fqdn => 'monkey.example.com', + :osfamily => 'RedHat', + :root_home => '/root', + :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' + } + end let (:params) {{'ssh_config_template' => 'ssh/sshd_config.erb'}} it 'should lay down the ssh_config file from the specified template' do should contain_file('ssh_config').with_content(/OpenBSD: sshd_config/) @@ -987,14 +1001,28 @@ describe 'ssh' do context 'when sshd_config_template has a nonstandard value' do context 'and that value is not valid' do - let (:facts) {{:fqdn => 'monkey.example.com', :osfamily => 'RedHat', :root_home => '/root', :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='}} + let :facts do + { + :fqdn => 'monkey.example.com', + :osfamily => 'RedHat', + :root_home => '/root', + :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' + } + end let (:params) {{'sshd_config_template' => false}} it 'should fail' do expect { subject }.to raise_error(Puppet::Error, /is not a string/) end end context 'and that value is valid' do - let (:facts) {{:fqdn => 'monkey.example.com', :osfamily => 'RedHat', :root_home => '/root', :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='}} + let :facts do + { + :fqdn => 'monkey.example.com', + :osfamily => 'RedHat', + :root_home => '/root', + :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' + } + end let (:params) {{'sshd_config_template' => 'ssh/ssh_config.erb'}} it 'should lay down the sshd_config file from the specified template' do should contain_file('sshd_config').with_content(/OpenBSD: ssh_config/)