1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
# frozen_string_literal: true
require 'spec_helper_acceptance'
describe 'ssh' do
context 'with client_match_block' do
it_behaves_like 'an idempotent resource' do
let(:manifest) do
<<~PP
class { 'ssh':
client_options => {
'GlobalKnownHostsFile' => "/var/lib/sss/pubconf/known_hosts",
'PubkeyAuthentication' => "yes",
'GSSAPIAuthentication' => "yes",
'GSSAPIDelegateCredentials' => "yes",
},
client_match_block => {
'foo' => {
'type' => '!localuser',
'options' => {
'ProxyCommand' => '/usr/bin/sss_ssh_knownhostsproxy -p %p %h',
},
},
'bar' => {
'type' => 'host',
'options' => {
'ForwardX11' => 'no',
'PasswordAuthentication' => 'yes',
},
},
},
}
PP
end
describe file('/etc/ssh/ssh_config') do
it { is_expected.to be_file }
it { is_expected.to be_owned_by 'root' }
it { is_expected.to be_grouped_into 'root' }
it { is_expected.to be_mode '644' } # serverspec does not like a leading 0
its(:content) do
is_expected.to match <<~SSH
# File managed by Puppet
GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts
PubkeyAuthentication yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
Host *
HashKnownHosts yes
SendEnv LANG LC_*
Match host bar
ForwardX11 no
PasswordAuthentication yes
Match !localuser foo
ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h
SSH
end
end
end
end
end
|
