From 4ccae8700fb136bfbc6b7ef7bb0ab482e632139f Mon Sep 17 00:00:00 2001 From: Micah Date: Tue, 12 Jul 2016 16:45:28 -0400 Subject: git subrepo clone https://leap.se/git/puppet_sshd puppet/modules/sshd subrepo: subdir: "puppet/modules/sshd" merged: "76f4f87" upstream: origin: "https://leap.se/git/puppet_sshd" branch: "master" commit: "76f4f87" git-subrepo: version: "0.3.0" origin: "https://github.com/ingydotnet/git-subrepo" commit: "1e79595" Change-Id: Icf616796837cdbe40deb188d2b72f1c726c9e807 --- puppet/modules/sshd/spec/classes/client_spec.rb | 42 +++++++ puppet/modules/sshd/spec/classes/init_spec.rb | 122 +++++++++++++++++++++ .../sshd/spec/defines/ssh_authorized_key_spec.rb | 45 ++++++++ .../modules/sshd/spec/functions/ssh_keygen_spec.rb | 116 ++++++++++++++++++++ puppet/modules/sshd/spec/spec_helper.rb | 21 ++++ puppet/modules/sshd/spec/spec_helper_system.rb | 25 +++++ 6 files changed, 371 insertions(+) create mode 100644 puppet/modules/sshd/spec/classes/client_spec.rb create mode 100644 puppet/modules/sshd/spec/classes/init_spec.rb create mode 100644 puppet/modules/sshd/spec/defines/ssh_authorized_key_spec.rb create mode 100644 puppet/modules/sshd/spec/functions/ssh_keygen_spec.rb create mode 100644 puppet/modules/sshd/spec/spec_helper.rb create mode 100644 puppet/modules/sshd/spec/spec_helper_system.rb (limited to 'puppet/modules/sshd/spec') diff --git a/puppet/modules/sshd/spec/classes/client_spec.rb b/puppet/modules/sshd/spec/classes/client_spec.rb new file mode 100644 index 00000000..bd3e35af --- /dev/null +++ b/puppet/modules/sshd/spec/classes/client_spec.rb @@ -0,0 +1,42 @@ +require 'spec_helper' + +describe 'sshd::client' do + + shared_examples "a Linux OS" do + it { should contain_file('/etc/ssh/ssh_known_hosts').with( + { + 'ensure' => 'present', + 'owner' => 'root', + 'group' => '0', + 'mode' => '0644', + } + )} + end + + context "Debian OS" do + let :facts do + { + :operatingsystem => 'Debian', + :osfamily => 'Debian', + :lsbdistcodename => 'wheezy', + } + end + it_behaves_like "a Linux OS" + it { should contain_package('openssh-clients').with({ + 'name' => 'openssh-client' + }) } + end + + context "CentOS" do + it_behaves_like "a Linux OS" do + let :facts do + { + :operatingsystem => 'CentOS', + :osfamily => 'RedHat', + :lsbdistcodename => 'Final', + } + end + end + end + +end \ No newline at end of file diff --git a/puppet/modules/sshd/spec/classes/init_spec.rb b/puppet/modules/sshd/spec/classes/init_spec.rb new file mode 100644 index 00000000..e3003d14 --- /dev/null +++ b/puppet/modules/sshd/spec/classes/init_spec.rb @@ -0,0 +1,122 @@ +require 'spec_helper' + +describe 'sshd' do + + shared_examples "a Linux OS" do + it { should compile.with_all_deps } + it { should contain_class('sshd') } + it { should contain_class('sshd::client') } + + it { should contain_service('sshd').with({ + :ensure => 'running', + :enable => true, + :hasstatus => true + })} + + it { should contain_file('sshd_config').with( + { + 'ensure' => 'present', + 'owner' => 'root', + 'group' => '0', + 'mode' => '0600', + } + )} + + context 'change ssh port' do + let(:params){{ + :ports => [ 22222], + }} + it { should contain_file( + 'sshd_config' + ).with_content(/Port 22222/)} + end + end + + context "Debian OS" do + let :facts do + { + :operatingsystem => 'Debian', + :osfamily => 'Debian', + :lsbdistcodename => 'wheezy', + } + end + it_behaves_like "a Linux OS" + it { should contain_package('openssh') } + it { should contain_class('sshd::debian') } + it { should contain_service('sshd').with( + :hasrestart => true + )} + + context "Ubuntu" do + let :facts do + { + :operatingsystem => 'Ubuntu', + :lsbdistcodename => 'precise', + } + end + it_behaves_like "a Linux OS" + it { should contain_package('openssh') } + it { should contain_service('sshd').with({ + :hasrestart => true + })} + end + end + + +# context "RedHat OS" do +# it_behaves_like "a Linux OS" do +# let :facts do +# { +# :operatingsystem => 'RedHat', +# :osfamily => 'RedHat', +# } +# end +# end +# end + + context "CentOS" do + it_behaves_like "a Linux OS" do + let :facts do + { + :operatingsystem => 'CentOS', + :osfamily => 'RedHat', + :lsbdistcodename => 'Final', + } + end + end + end + + context "Gentoo" do + let :facts do + { + :operatingsystem => 'Gentoo', + :osfamily => 'Gentoo', + } + end + it_behaves_like "a Linux OS" + it { should contain_class('sshd::gentoo') } + end + + context "OpenBSD" do + let :facts do + { + :operatingsystem => 'OpenBSD', + :osfamily => 'OpenBSD', + } + end + it_behaves_like "a Linux OS" + it { should contain_class('sshd::openbsd') } + end + +# context "FreeBSD" do +# it_behaves_like "a Linux OS" do +# let :facts do +# { +# :operatingsystem => 'FreeBSD', +# :osfamily => 'FreeBSD', +# } +# end +# end +# end + +end \ No newline at end of file diff --git a/puppet/modules/sshd/spec/defines/ssh_authorized_key_spec.rb b/puppet/modules/sshd/spec/defines/ssh_authorized_key_spec.rb new file mode 100644 index 00000000..c73a91cc --- /dev/null +++ b/puppet/modules/sshd/spec/defines/ssh_authorized_key_spec.rb @@ -0,0 +1,45 @@ +require 'spec_helper' + +describe 'sshd::ssh_authorized_key' do + + context 'manage authorized key' do + let(:title) { 'foo' } + let(:ssh_key) { 'some_secret_ssh_key' } + + let(:params) {{ + :key => ssh_key, + }} + + it { should contain_ssh_authorized_key('foo').with({ + 'ensure' => 'present', + 'type' => 'ssh-dss', + 'user' => 'foo', + 'target' => '/home/foo/.ssh/authorized_keys', + 'key' => ssh_key, + }) + } + end + context 'manage authoried key with options' do + let(:title) { 'foo2' } + let(:ssh_key) { 'some_secret_ssh_key' } + + let(:params) {{ + :key => ssh_key, + :options => ['command="/usr/bin/date"', + 'no-pty','no-X11-forwarding','no-agent-forwarding', + 'no-port-forwarding'] + }} + + it { should contain_ssh_authorized_key('foo2').with({ + 'ensure' => 'present', + 'type' => 'ssh-dss', + 'user' => 'foo2', + 'target' => '/home/foo2/.ssh/authorized_keys', + 'key' => ssh_key, + 'options' => ['command="/usr/bin/date"', + 'no-pty','no-X11-forwarding','no-agent-forwarding', + 'no-port-forwarding'] + }) + } + end +end diff --git a/puppet/modules/sshd/spec/functions/ssh_keygen_spec.rb b/puppet/modules/sshd/spec/functions/ssh_keygen_spec.rb new file mode 100644 index 00000000..a6b51173 --- /dev/null +++ b/puppet/modules/sshd/spec/functions/ssh_keygen_spec.rb @@ -0,0 +1,116 @@ +#! /usr/bin/env ruby -S rspec +require 'spec_helper' +require 'rspec-puppet' +require 'mocha' +require 'fileutils' + +describe 'ssh_keygen' do + + let(:scope) { PuppetlabsSpec::PuppetInternals.scope } + + it 'should exist' do + Puppet::Parser::Functions.function("ssh_keygen").should == "function_ssh_keygen" + end + + it 'should raise a ParseError if no argument is passed' do + lambda { + scope.function_ssh_keygen([]) + }.should(raise_error(Puppet::ParseError)) + end + + it 'should raise a ParseError if there is more than 1 arguments' do + lambda { + scope.function_ssh_keygen(["foo", "bar"]) + }.should( raise_error(Puppet::ParseError)) + end + + it 'should raise a ParseError if the argument is not fully qualified' do + lambda { + scope.function_ssh_keygen(["foo"]) + }.should( raise_error(Puppet::ParseError)) + end + + it "should raise a ParseError if the private key path is a directory" do + File.stubs(:directory?).with("/some_dir").returns(true) + lambda { + scope.function_ssh_keygen(["/some_dir"]) + }.should( raise_error(Puppet::ParseError)) + end + + it "should raise a ParseError if the public key path is a directory" do + File.stubs(:directory?).with("/some_dir.pub").returns(true) + lambda { + scope.function_ssh_keygen(["/some_dir.pub"]) + }.should( raise_error(Puppet::ParseError)) + end + + describe 'when executing properly' do + before do + File.stubs(:directory?).with('/tmp/a/b/c').returns(false) + File.stubs(:directory?).with('/tmp/a/b/c.pub').returns(false) + File.stubs(:read).with('/tmp/a/b/c').returns('privatekey') + File.stubs(:read).with('/tmp/a/b/c.pub').returns('publickey') + end + + it 'should fail if the public but not the private key exists' do + File.stubs(:exists?).with('/tmp/a/b/c').returns(true) + File.stubs(:exists?).with('/tmp/a/b/c.pub').returns(false) + lambda { + scope.function_ssh_keygen(['/tmp/a/b/c']) + }.should( raise_error(Puppet::ParseError)) + end + + it "should fail if the private but not the public key exists" do + File.stubs(:exists?).with("/tmp/a/b/c").returns(false) + File.stubs(:exists?).with("/tmp/a/b/c.pub").returns(true) + lambda { + scope.function_ssh_keygen(["/tmp/a/b/c"]) + }.should( raise_error(Puppet::ParseError)) + end + + + it "should return an array of size 2 with the right conent if the keyfiles exists" do + File.stubs(:exists?).with("/tmp/a/b/c").returns(true) + File.stubs(:exists?).with("/tmp/a/b/c.pub").returns(true) + File.stubs(:directory?).with('/tmp/a/b').returns(true) + Puppet::Util.expects(:execute).never + result = scope.function_ssh_keygen(['/tmp/a/b/c']) + result.length.should == 2 + result[0].should == 'privatekey' + result[1].should == 'publickey' + end + + it "should create the directory path if it does not exist" do + File.stubs(:exists?).with("/tmp/a/b/c").returns(false) + File.stubs(:exists?).with("/tmp/a/b/c.pub").returns(false) + File.stubs(:directory?).with("/tmp/a/b").returns(false) + FileUtils.expects(:mkdir_p).with("/tmp/a/b", :mode => 0700) + Puppet::Util::Execution.expects(:execute).returns("") + result = scope.function_ssh_keygen(['/tmp/a/b/c']) + result.length.should == 2 + result[0].should == 'privatekey' + result[1].should == 'publickey' + end + + it "should generate the key if the keyfiles do not exist" do + File.stubs(:exists?).with("/tmp/a/b/c").returns(false) + File.stubs(:exists?).with("/tmp/a/b/c.pub").returns(false) + File.stubs(:directory?).with("/tmp/a/b").returns(true) + Puppet::Util::Execution.expects(:execute).with(['/usr/bin/ssh-keygen','-t', 'rsa', '-b', '4096', '-f', '/tmp/a/b/c', '-P', '', '-q']).returns("") + result = scope.function_ssh_keygen(['/tmp/a/b/c']) + result.length.should == 2 + result[0].should == 'privatekey' + result[1].should == 'publickey' + end + + it "should fail if something goes wrong during generation" do + File.stubs(:exists?).with("/tmp/a/b/c").returns(false) + File.stubs(:exists?).with("/tmp/a/b/c.pub").returns(false) + File.stubs(:directory?).with("/tmp/a/b").returns(true) + Puppet::Util::Execution.expects(:execute).with(['/usr/bin/ssh-keygen','-t', 'rsa', '-b', '4096', '-f', '/tmp/a/b/c', '-P', '', '-q']).returns("something is wrong") + lambda { + scope.function_ssh_keygen(["/tmp/a/b/c"]) + }.should( raise_error(Puppet::ParseError)) + end + end +end diff --git a/puppet/modules/sshd/spec/spec_helper.rb b/puppet/modules/sshd/spec/spec_helper.rb new file mode 100644 index 00000000..b4123fde --- /dev/null +++ b/puppet/modules/sshd/spec/spec_helper.rb @@ -0,0 +1,21 @@ +dir = File.expand_path(File.dirname(__FILE__)) +$LOAD_PATH.unshift File.join(dir, 'lib') +require 'puppet' +require 'rspec' +require 'puppetlabs_spec_helper/module_spec_helper' +#require 'rspec-hiera-puppet' +require 'rspec-puppet/coverage' +require 'rspec/autorun' + +fixture_path = File.expand_path(File.join(__FILE__, '..', 'fixtures')) + +RSpec.configure do |c| + c.module_path = File.join(fixture_path, 'modules') + c.manifest_dir = File.join(fixture_path, 'manifests') + c.pattern = "spec/*/*_spec.rb" +end + +Puppet::Util::Log.level = :warning +Puppet::Util::Log.newdestination(:console) + +at_exit { RSpec::Puppet::Coverage.report! } \ No newline at end of file diff --git a/puppet/modules/sshd/spec/spec_helper_system.rb b/puppet/modules/sshd/spec/spec_helper_system.rb new file mode 100644 index 00000000..2c6812fc --- /dev/null +++ b/puppet/modules/sshd/spec/spec_helper_system.rb @@ -0,0 +1,25 @@ +require 'rspec-system/spec_helper' +require 'rspec-system-puppet/helpers' +require 'rspec-system-serverspec/helpers' +include Serverspec::Helper::RSpecSystem +include Serverspec::Helper::DetectOS +include RSpecSystemPuppet::Helpers + +RSpec.configure do |c| + # Project root + proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..')) + + # Enable colour + c.tty = true + + c.include RSpecSystemPuppet::Helpers + + # This is where we 'setup' the nodes before running our tests + c.before :suite do + # Install puppet + puppet_install + # Install modules and dependencies + puppet_module_install(:source => proj_root, :module_name => 'sshd') + shell('puppet module install puppetlabs-stdlib') + end +end -- cgit v1.2.3