Fixes usage of the validate_sshd_file parameter

petems · petems · commit 5fff577ded2b · 2016-08-26T22:00:39.000+01:00
* Added configuration directly on the server class
* Previous usage used false instead of true
* Adds test to fix the change
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -6,15 +6,15 @@
   $users_client_options   = {},
   $version                = 'present',
   $storeconfigs_enabled   = true,
-  $server_validate_config = false
+  $validate_sshd_file     = $::ssh::params::validate_sshd_file,
 ) inherits ssh::params {
 
   validate_hash($server_options)
   validate_hash($server_match_block)
   validate_hash($client_options)
   validate_hash($users_client_options)
   validate_bool($storeconfigs_enabled)
-  validate_bool($server_validate_config)
+  validate_bool($validate_sshd_file)
 
   # Merge hashes from multiple layer of hierarchy in hiera
   $hiera_server_options = hiera_hash("${module_name}::server_options", undef)
@@ -50,7 +50,7 @@
     ensure               => $version,
     storeconfigs_enabled => $storeconfigs_enabled,
     options              => $fin_server_options,
-    validate_config      => $server_validate_config,
+    validate_sshd_file   => $validate_sshd_file,
   }
 
   class { '::ssh::client':
diff --git a/manifests/params.pp b/manifests/params.pp
@@ -198,6 +198,7 @@
     }
   }
 
+  $validate_sshd_file              = false
   $user_ssh_directory_default_mode = '0700'
   $user_ssh_config_default_mode    = '0600'
   $collect_enabled                 = true   # Collect sshkey resources
diff --git a/manifests/server.pp b/manifests/server.pp
@@ -2,7 +2,7 @@
   $ensure               = present,
   $storeconfigs_enabled = true,
   $options              = {},
-  $validate_config      = true
+  $validate_sshd_file   = false,
 ) inherits ssh::params {
 
   # Merge hashes from multiple layer of hierarchy in hiera
diff --git a/manifests/server/config.pp b/manifests/server/config.pp
@@ -1,7 +1,7 @@
 class ssh::server::config {
 
-  case $ssh::server::validate_config {
-    false: {
+  case $ssh::server::validate_sshd_file {
+    true: {
       $sshd_validate_cmd = '/usr/sbin/sshd -tf %'
     }
     default: {
diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
@@ -25,5 +25,39 @@
     it do
       should contain_class('ssh::server')
     end
+    it do
+      should contain_concat('/etc/ssh/sshd_config').with_validate_cmd(nil)
+    end
+
+    context 'On Debian with the validate_sshd_file setting' do
+      let :facts do
+        {
+          osfamily: 'Debian',
+          interfaces: 'eth0',
+          ipaddress_eth0: '192.168.1.1',
+          ipaddress6_eth0: '::1',
+          concat_basedir: '/tmp',
+          puppetversion: '3.7.0',
+          sshdsakey: 'AAAAB3NzaC1kc3MAAACBAODCvvUUnv2imW4cfuLBWVJTLMzds89MtCUXGl3+7Gza5QYJmp7GSkKBnV8+7XI+JAmjv0RKQM1RAn7mV5UplRTtg3CYbeNkX4IakZmNJLTdL4vUyIehhaxBobpOtBaJfFewCJE1plIaWvoWfEDrShcjIUbUbJMfR8YWweIIqp9bAAAAFQCr8+KRfOUZbS9Dz1t15A/Owl61VQAAAIBr/7hNPCvjzAl5+rde6jUR5k20pxAE+z2wsaZxlhrs6ZhhplyCKIXKq4rCx4QuFVPh/c+WJRPO56iH/rSh5Y5cpT1LUk66wNJcOBPprjvDEHfQUHUmfYXzNJ2BHkRL78lfzQr52YyowV6dHfktv0VsIctm13KcMr2KQygZtV6EqgAAAIEAjNC4PRdzYpWfxu268CJDpexlhBwIkIx+ovEibtYeke55qAQcF9UWko4A1c8Wf4nLLxlQYCf501Bt5lb6GmZd0xfpg27fPIfzZPL8o+E756D3ZcNXUaLj4HPRKnwNcdAtChL2jESH3fm8PyNwBI7tV6IOjmOGpyQKtmJq3IyNgms=',
+          sshrsakey: 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDzA57hAMwz6pywCgxNUcloWeNMvBo2PDPxK2RCegst+9tYaf4S3shnM9a1j2PGBoeRXTuUG6mYB32fJm6/37UUUJA4lT+8CZ3hNnDZU9aitpukkKon7RIlvY1PWO8wT4A5mEa0hfdQg6Um8KZZUs+jrB+8zMJO/X0fmleY54r/JKrP3hNcpaJpTUVQEvMmKacW7nYez/PvWKAz8d02uAOXuauGKhZ9K2AHYKlQFqJ4S1jLiduoGFWxFQ2vQybbN/O0PQQU7EZlHIjSzwoowZLzlxCKCZcKnoDsbGCtYHArbjxTb+m5e7nvsamz7TXLoY90Srmc5QGMxrLUlSvkYsm5',
+          sshecdsakey: 'AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFDrof0LPA0hGuwODy+5uTynV7rgPJspvZo2TzykBu5mSANJvdL1z5/JS3x16/c/cDjx2lfEkRoVDnon4/NjKEM=',
+          sshed25519key: '',
+          id: 'root',
+          is_pe: false,
+          path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games'
+        }
+      end
+      let :params do
+        {
+          validate_sshd_file: true
+        }
+      end
+      it do
+        should contain_class('ssh::client')
+      end
+      it do
+        should contain_concat('/etc/ssh/sshd_config').with_validate_cmd('/usr/sbin/sshd -tf %')
+      end
+    end
   end
 end

Original file line number	Diff line number	Diff line change
`@@ -198,6 +198,7 @@`
`198`	`198`	`}`
`199`	`199`	`}`
`200`	`200`
	`201`	`+ $validate_sshd_file = false`
`201`	`202`	`$user_ssh_directory_default_mode = '0700'`
`202`	`203`	`$user_ssh_config_default_mode = '0600'`
`203`	`204`	`$collect_enabled = true # Collect sshkey resources`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`class ssh::server::config {`
`2`	`2`
`3`		`- case $ssh::server::validate_config {`
`4`		`- false: {`
	`3`	`+ case $ssh::server::validate_sshd_file {`
	`4`	`+ true: {`
`5`	`5`	`$sshd_validate_cmd = '/usr/sbin/sshd -tf %'`
`6`	`6`	`}`
`7`	`7`	`default: {`