58561177e0
This is a first pass and is in no way complete. It does travis support and test the default case and the major params that change logic.
251 lines
7.5 KiB
Ruby
251 lines
7.5 KiB
Ruby
require 'spec_helper'
|
|
describe 'ssh' do
|
|
|
|
context 'with default params' do
|
|
let :facts do
|
|
{
|
|
:fqdn => 'monkey.example.com',
|
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
|
}
|
|
end
|
|
it { should include_class('ssh')}
|
|
|
|
it { should_not include_class('common')}
|
|
|
|
it {
|
|
should contain_package('ssh_packages').with({
|
|
'ensure' => 'installed',
|
|
'name' => ['openssh-server','openssh-server','openssh-clients'],
|
|
})
|
|
}
|
|
|
|
it {
|
|
should contain_file('ssh_config').with({
|
|
'ensure' => 'file',
|
|
'path' => '/etc/ssh/ssh_config',
|
|
'owner' => 'root',
|
|
'group' => 'root',
|
|
'mode' => '0644',
|
|
'require' => 'Package[ssh_packages]',
|
|
})
|
|
}
|
|
|
|
it {
|
|
should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/)
|
|
}
|
|
|
|
it {
|
|
should contain_file('sshd_config').with({
|
|
'ensure' => 'file',
|
|
'path' => '/etc/ssh/sshd_config',
|
|
'owner' => 'root',
|
|
'group' => 'root',
|
|
'mode' => '0600',
|
|
'require' => 'Package[ssh_packages]',
|
|
})
|
|
}
|
|
|
|
it {
|
|
should contain_file('sshd_config').with_content(/^PermitRootLogin no$/)
|
|
}
|
|
|
|
it {
|
|
should contain_service('sshd_service').with({
|
|
'ensure' => 'running',
|
|
'name' => 'sshd',
|
|
'enable' => 'true',
|
|
'hasrestart' => 'true',
|
|
'hasstatus' => 'true',
|
|
'subscribe' => 'File[sshd_config]',
|
|
})
|
|
}
|
|
|
|
it {
|
|
should contain_resources('sshkey').with({
|
|
'purge' => 'true',
|
|
})
|
|
}
|
|
end
|
|
|
|
context 'with manage_root_ssh_config set to \'true\'' do
|
|
let :facts do
|
|
{
|
|
:fqdn => 'monkey.example.com',
|
|
:osfamily => 'RedHat',
|
|
:root_home => '/root',
|
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
|
}
|
|
end
|
|
let :params do
|
|
{ :manage_root_ssh_config => 'true' }
|
|
end
|
|
|
|
it { should include_class('ssh')}
|
|
|
|
it { should include_class('common')}
|
|
|
|
it {
|
|
should contain_package('ssh_packages').with({
|
|
'ensure' => 'installed',
|
|
'name' => ['openssh-server','openssh-server','openssh-clients'],
|
|
})
|
|
}
|
|
|
|
it {
|
|
should contain_file('ssh_config').with({
|
|
'ensure' => 'file',
|
|
'path' => '/etc/ssh/ssh_config',
|
|
'owner' => 'root',
|
|
'group' => 'root',
|
|
'mode' => '0644',
|
|
'require' => 'Package[ssh_packages]',
|
|
})
|
|
}
|
|
|
|
it {
|
|
should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/)
|
|
}
|
|
|
|
it {
|
|
should contain_file('sshd_config').with({
|
|
'ensure' => 'file',
|
|
'path' => '/etc/ssh/sshd_config',
|
|
'owner' => 'root',
|
|
'group' => 'root',
|
|
'mode' => '0600',
|
|
'require' => 'Package[ssh_packages]',
|
|
})
|
|
}
|
|
|
|
it {
|
|
should contain_file('sshd_config').with_content(/^PermitRootLogin no$/)
|
|
}
|
|
|
|
it {
|
|
should contain_service('sshd_service').with({
|
|
'ensure' => 'running',
|
|
'name' => 'sshd',
|
|
'enable' => 'true',
|
|
'hasrestart' => 'true',
|
|
'hasstatus' => 'true',
|
|
'subscribe' => 'File[sshd_config]',
|
|
})
|
|
}
|
|
|
|
it {
|
|
should contain_resources('sshkey').with({
|
|
'purge' => 'true',
|
|
})
|
|
}
|
|
|
|
it {
|
|
should contain_file('root_ssh_dir').with({
|
|
'ensure' => 'directory',
|
|
'path' => '/root/.ssh',
|
|
'owner' => 'root',
|
|
'group' => 'root',
|
|
'mode' => '0700',
|
|
'require' => 'Common::Mkdir_p[/root/.ssh]',
|
|
})
|
|
}
|
|
end
|
|
|
|
context 'with manage_root_ssh_config set to invalid value' do
|
|
let :facts do
|
|
{
|
|
:fqdn => 'monkey.example.com',
|
|
:osfamily => 'RedHat',
|
|
:root_home => '/root',
|
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
|
}
|
|
end
|
|
let :params do
|
|
{ :manage_root_ssh_config => 'invalid' }
|
|
end
|
|
|
|
it 'should fail' do
|
|
expect {
|
|
should include_class('ssh')
|
|
}.to raise_error(Puppet::Error,/manage_root_ssh_config is <invalid> and must be \'true\' or \'false\'./)
|
|
end
|
|
end
|
|
|
|
context 'with manage_firewall set to true' do
|
|
let :facts do
|
|
{
|
|
:fqdn => 'monkey.example.com',
|
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
|
}
|
|
end
|
|
let :params do
|
|
{ :manage_firewall => true }
|
|
end
|
|
|
|
it { should include_class('ssh')}
|
|
|
|
it { should_not include_class('common')}
|
|
|
|
it {
|
|
should contain_package('ssh_packages').with({
|
|
'ensure' => 'installed',
|
|
'name' => ['openssh-server','openssh-server','openssh-clients'],
|
|
})
|
|
}
|
|
|
|
it {
|
|
should contain_file('ssh_config').with({
|
|
'ensure' => 'file',
|
|
'path' => '/etc/ssh/ssh_config',
|
|
'owner' => 'root',
|
|
'group' => 'root',
|
|
'mode' => '0644',
|
|
'require' => 'Package[ssh_packages]',
|
|
})
|
|
}
|
|
|
|
it {
|
|
should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/)
|
|
}
|
|
|
|
it {
|
|
should contain_file('sshd_config').with({
|
|
'ensure' => 'file',
|
|
'path' => '/etc/ssh/sshd_config',
|
|
'owner' => 'root',
|
|
'group' => 'root',
|
|
'mode' => '0600',
|
|
'require' => 'Package[ssh_packages]',
|
|
})
|
|
}
|
|
|
|
it {
|
|
should contain_file('sshd_config').with_content(/^PermitRootLogin no$/)
|
|
}
|
|
|
|
it {
|
|
should contain_service('sshd_service').with({
|
|
'ensure' => 'running',
|
|
'name' => 'sshd',
|
|
'enable' => 'true',
|
|
'hasrestart' => 'true',
|
|
'hasstatus' => 'true',
|
|
'subscribe' => 'File[sshd_config]',
|
|
})
|
|
}
|
|
|
|
it {
|
|
should contain_resources('sshkey').with({
|
|
'purge' => 'true',
|
|
})
|
|
}
|
|
|
|
it {
|
|
should contain_firewall('22 open port 22 for SSH').with({
|
|
'action' => 'accept',
|
|
'dport' => '22',
|
|
'proto' => 'tcp',
|
|
})
|
|
}
|
|
end
|
|
end
|