diff options
| -rw-r--r-- | lib/puppet/provider/ssh_authorized_key/parsed.rb | 92 | ||||
| -rw-r--r-- | lib/puppet/provider/sshkey/parsed.rb | 47 | ||||
| -rw-r--r-- | lib/puppet/type/ssh_authorized_key.rb | 17 | ||||
| -rw-r--r-- | lib/puppet/type/sshkey.rb | 26 | ||||
| -rw-r--r-- | spec/acceptance/tests/resource/ssh_authorized_key/create.rb | 35 | ||||
| -rw-r--r-- | spec/acceptance/tests/resource/ssh_authorized_key/destroy.rb | 35 | ||||
| -rw-r--r-- | spec/acceptance/tests/resource/ssh_authorized_key/modify.rb | 33 | ||||
| -rw-r--r-- | spec/acceptance/tests/resource/ssh_authorized_key/query.rb | 30 | ||||
| -rw-r--r-- | spec/acceptance/tests/resource/sshkey/create.rb | 124 | ||||
| -rw-r--r-- | spec/integration/provider/ssh_authorized_key_spec.rb | 143 | ||||
| -rw-r--r-- | spec/integration/provider/sshkey_spec.rb | 94 | ||||
| -rw-r--r-- | spec/lib/puppet_spec/compiler.rb | 10 | ||||
| -rw-r--r-- | spec/spec_helper_local.rb | 4 | ||||
| -rw-r--r-- | spec/unit/provider/sshkey/parsed_spec.rb | 48 | ||||
| -rw-r--r-- | spec/unit/type/ssh_authorized_key_spec.rb | 218 | ||||
| -rw-r--r-- | spec/unit/type/sshkey_spec.rb | 42 |
16 files changed, 480 insertions, 518 deletions
diff --git a/lib/puppet/provider/ssh_authorized_key/parsed.rb b/lib/puppet/provider/ssh_authorized_key/parsed.rb index f7ac9f7..45ef649 100644 --- a/lib/puppet/provider/ssh_authorized_key/parsed.rb +++ b/lib/puppet/provider/ssh_authorized_key/parsed.rb @@ -2,44 +2,44 @@ require 'puppet/provider/parsedfile' Puppet::Type.type(:ssh_authorized_key).provide( :parsed, - :parent => Puppet::Provider::ParsedFile, - :filetype => :flat, - :default_target => '' + parent: Puppet::Provider::ParsedFile, + filetype: :flat, + default_target: '', ) do - desc "Parse and generate authorized_keys files for SSH." + desc 'Parse and generate authorized_keys files for SSH.' - text_line :comment, :match => /^\s*#/ - text_line :blank, :match => /^\s*$/ + text_line :comment, match: %r{^\s*#} + text_line :blank, match: %r{^\s*$} record_line :parsed, - :fields => %w{options type key name}, - :optional => %w{options}, - :rts => /^\s+/, - :match => Puppet::Type.type(:ssh_authorized_key).keyline_regex, - :post_parse => proc { |h| - h[:name] = "" if h[:name] == :absent - h[:options] ||= [:absent] - h[:options] = Puppet::Type::Ssh_authorized_key::ProviderParsed.parse_options(h[:options]) if h[:options].is_a? String - }, - :pre_gen => proc { |h| - # if this name was generated, don't write it back to disk - h[:name] = "" if h[:unnamed] - h[:options] = [] if h[:options].include?(:absent) - h[:options] = h[:options].join(',') - } + fields: ['options', 'type', 'key', 'name'], + optional: ['options'], + rts: %r{^\s+}, + match: Puppet::Type.type(:ssh_authorized_key).keyline_regex, + post_parse: proc { |h| + h[:name] = '' if h[:name] == :absent + h[:options] ||= [:absent] + h[:options] = Puppet::Type::Ssh_authorized_key::ProviderParsed.parse_options(h[:options]) if h[:options].is_a? String + }, + pre_gen: proc { |h| + # if this name was generated, don't write it back to disk + h[:name] = '' if h[:unnamed] + h[:options] = [] if h[:options].include?(:absent) + h[:options] = h[:options].join(',') + } record_line :key_v1, - :fields => %w{options bits exponent modulus name}, - :optional => %w{options}, - :rts => /^\s+/, - :match => /^(?:(.+) )?(\d+) (\d+) (\d+)(?: (.+))?$/ + fields: ['options', 'bits', 'exponent', 'modulus', 'name'], + optional: ['options'], + rts: %r{^\s+}, + match: %r{^(?:(.+) )?(\d+) (\d+) (\d+)(?: (.+))?$} def dir_perm - 0700 + 0o700 end def file_perm - 0600 + 0o600 end def user @@ -48,7 +48,7 @@ Puppet::Type.type(:ssh_authorized_key).provide( end def flush - raise Puppet::Error, "Cannot write SSH authorized keys without user" unless @resource.should(:user) + raise Puppet::Error, 'Cannot write SSH authorized keys without user' unless @resource.should(:user) raise Puppet::Error, "User '#{@resource.should(:user)}' does not exist" unless Puppet::Util.uid(@resource.should(:user)) # ParsedFile usually calls backup_target much later in the flush process, # but our SUID makes that fail to open filebucket files for writing. @@ -57,14 +57,14 @@ Puppet::Type.type(:ssh_authorized_key).provide( self.class.backup_target(target) Puppet::Util::SUIDManager.asuser(@resource.should(:user)) do - unless Puppet::FileSystem.exist?(dir = File.dirname(target)) - Puppet.debug "Creating #{dir} as #{@resource.should(:user)}" - Dir.mkdir(dir, dir_perm) - end + unless Puppet::FileSystem.exist?(dir = File.dirname(target)) + Puppet.debug "Creating #{dir} as #{@resource.should(:user)}" + Dir.mkdir(dir, dir_perm) + end - super + super - File.chmod(file_perm, target) + File.chmod(file_perm, target) end end @@ -73,17 +73,17 @@ Puppet::Type.type(:ssh_authorized_key).provide( def self.parse_options(options) result = [] scanner = StringScanner.new(options) - while !scanner.eos? - scanner.skip(/[ \t]*/) + until scanner.eos? + scanner.skip(%r{[ \t]*}) # scan a long option - if out = scanner.scan(/[-a-z0-9A-Z_]+=\".*?[^\\]\"/) or out = scanner.scan(/[-a-z0-9A-Z_]+/) + if (out = scanner.scan(%r{[-a-z0-9A-Z_]+=\".*?[^\\]\"})) || (out = scanner.scan(%r{[-a-z0-9A-Z_]+})) result << out else # found an unscannable token, let's abort break end # eat a comma - scanner.skip(/[ \t]*,[ \t]*/) + scanner.skip(%r{[ \t]*,[ \t]*}) end result end @@ -91,15 +91,13 @@ Puppet::Type.type(:ssh_authorized_key).provide( def self.prefetch_hook(records) name_index = 0 records.each do |record| - if record[:record_type] == :parsed && record[:name].empty? - record[:unnamed] = true - # Generate a unique ID for unnamed keys, in case they need purging. - # If you change this, you have to keep - # Puppet::Type::User#unknown_keys_in_file in sync! (PUP-3357) - record[:name] = "#{record[:target]}:unnamed-#{ name_index += 1 }" - Puppet.debug("generating name for on-disk ssh_authorized_key #{record[:key]}: #{record[:name]}") - end + next unless record[:record_type] == :parsed && record[:name].empty? + record[:unnamed] = true + # Generate a unique ID for unnamed keys, in case they need purging. + # If you change this, you have to keep + # Puppet::Type::User#unknown_keys_in_file in sync! (PUP-3357) + record[:name] = "#{record[:target]}:unnamed-#{name_index += 1}" + Puppet.debug("generating name for on-disk ssh_authorized_key #{record[:key]}: #{record[:name]}") end end end - diff --git a/lib/puppet/provider/sshkey/parsed.rb b/lib/puppet/provider/sshkey/parsed.rb index 1c42aeb..3713df1 100644 --- a/lib/puppet/provider/sshkey/parsed.rb +++ b/lib/puppet/provider/sshkey/parsed.rb @@ -2,49 +2,48 @@ require 'puppet/provider/parsedfile' Puppet::Type.type(:sshkey).provide( :parsed, - :parent => Puppet::Provider::ParsedFile, - :filetype => :flat + parent: Puppet::Provider::ParsedFile, + filetype: :flat, ) do - desc "Parse and generate host-wide known hosts files for SSH." + desc 'Parse and generate host-wide known hosts files for SSH.' - text_line :comment, :match => /^#/ - text_line :blank, :match => /^\s*$/ + text_line :comment, match: %r{^#} + text_line :blank, match: %r{^\s*$} - record_line :parsed, :fields => %w{name type key}, - :post_parse => proc { |hash| - names = hash[:name].split(",", -1) - hash[:name] = names.shift - hash[:host_aliases] = names - }, - :pre_gen => proc { |hash| - if hash[:host_aliases] - hash[:name] = [hash[:name], hash[:host_aliases]].flatten.join(",") - hash.delete(:host_aliases) - end - } + record_line :parsed, fields: ['name', 'type', 'key'], + post_parse: proc { |hash| + names = hash[:name].split(',', -1) + hash[:name] = names.shift + hash[:host_aliases] = names + }, + pre_gen: proc { |hash| + if hash[:host_aliases] + hash[:name] = [hash[:name], hash[:host_aliases]].flatten.join(',') + hash.delete(:host_aliases) + end + } # Make sure to use mode 644 if ssh_known_hosts is newly created def self.default_mode - 0644 + 0o644 end def self.default_target case Facter.value(:operatingsystem) - when "Darwin" + when 'Darwin' # Versions 10.11 and up use /etc/ssh/ssh_known_hosts version = Facter.value(:macosx_productversion_major) if version if Puppet::Util::Package.versioncmp(version, '10.11') >= 0 - "/etc/ssh/ssh_known_hosts" + '/etc/ssh/ssh_known_hosts' else - "/etc/ssh_known_hosts" + '/etc/ssh_known_hosts' end else - "/etc/ssh_known_hosts" + '/etc/ssh_known_hosts' end else - "/etc/ssh/ssh_known_hosts" + '/etc/ssh/ssh_known_hosts' end end end - diff --git a/lib/puppet/type/ssh_authorized_key.rb b/lib/puppet/type/ssh_authorized_key.rb index c6ff5b6..84dfce5 100644 --- a/lib/puppet/type/ssh_authorized_key.rb +++ b/lib/puppet/type/ssh_authorized_key.rb @@ -46,11 +46,10 @@ module Puppet comment for each instance." isnamevar - end newproperty(:type) do - desc "The encryption type used." + desc 'The encryption type used.' newvalues :'ssh-dss', :'ssh-rsa', :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521', :'ssh-ed25519' @@ -71,7 +70,7 @@ module Puppet the `name` attribute/resource title." validate do |value| - raise Puppet::Error, _("Key must not contain whitespace: %{value}") % { value: value } if value =~ /\s/ + raise Puppet::Error, _('Key must not contain whitespace: %{value}') % { value: value } if value =~ %r{\s} end end @@ -89,14 +88,14 @@ module Puppet defaultto :absent def should - return super if defined?(@should) and @should[0] != :absent + return super if defined?(@should) && @should[0] != :absent return nil unless user = resource[:user] begin return File.expand_path("~#{user}/.ssh/authorized_keys") rescue - Puppet.debug "The required user is not yet present on the system" + Puppet.debug 'The required user is not yet present on the system' return nil end end @@ -106,14 +105,14 @@ module Puppet end end - newproperty(:options, :array_matching => :all) do + newproperty(:options, array_matching: :all) do desc "Key options; see sshd(8) for possible values. Multiple values should be specified as an array." - defaultto do :absent end + defaultto { :absent } validate do |value| - unless value == :absent or value =~ /^[-a-z0-9A-Z_]+(?:=\".*?\")?$/ + unless value == :absent || value =~ %r{^[-a-z0-9A-Z_]+(?:=\".*?\")?$} raise Puppet::Error, _("Option %{value} is not valid. A single option must either be of the form 'option' or 'option=\"value\". Multiple options must be provided as an array") % { value: value } end end @@ -135,7 +134,7 @@ module Puppet end # regular expression suitable for use by a ParsedFile based provider - REGEX = /^(?:(.+)\s+)?(ssh-dss|ssh-ed25519|ssh-rsa|ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521)\s+([^ ]+)\s*(.*)$/ + REGEX = %r{^(?:(.+)\s+)?(ssh-dss|ssh-ed25519|ssh-rsa|ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521)\s+([^ ]+)\s*(.*)$} def self.keyline_regex REGEX end diff --git a/lib/puppet/type/sshkey.rb b/lib/puppet/type/sshkey.rb index 31e590b..6e51cff 100644 --- a/lib/puppet/type/sshkey.rb +++ b/lib/puppet/type/sshkey.rb @@ -9,7 +9,7 @@ module Puppet ensurable newproperty(:type) do - desc "The encryption type used. Probably ssh-dss or ssh-rsa." + desc 'The encryption type used. Probably ssh-dss or ssh-rsa.' newvalues :'ssh-dss', :'ssh-ed25519', :'ssh-rsa', :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521' @@ -30,7 +30,7 @@ module Puppet the `name` attribute/resource title." end - # FIXME This should automagically check for aliases to the hosts, just + # FIXME: This should automagically check for aliases to the hosts, just # to see if we can automatically glean any aliases. newproperty(:host_aliases) do desc 'Any aliases the host might have. Multiple values must be @@ -41,6 +41,7 @@ module Puppet def insync?(is) is == @should end + # We actually want to return the whole array here, not just the first # value. def should @@ -48,23 +49,23 @@ module Puppet end validate do |value| - if value =~ /\s/ - raise Puppet::Error, _("Aliases cannot include whitespace") + if value =~ %r{\s} + raise Puppet::Error, _('Aliases cannot include whitespace') end - if value =~ /,/ - raise Puppet::Error, _("Aliases must be provided as an array, not a comma-separated list") + if value =~ %r{,} + raise Puppet::Error, _('Aliases must be provided as an array, not a comma-separated list') end end end newparam(:name) do - desc "The host name that the key is associated with." + desc 'The host name that the key is associated with.' isnamevar validate do |value| - raise Puppet::Error, _("Resourcename cannot include whitespaces") if value =~ /\s/ - raise Puppet::Error, _("No comma in resourcename allowed. If you want to specify aliases use the host_aliases property") if value.include?(',') + raise Puppet::Error, _('Resourcename cannot include whitespaces') if value =~ %r{\s} + raise Puppet::Error, _('No comma in resourcename allowed. If you want to specify aliases use the host_aliases property') if value.include?(',') end end @@ -72,12 +73,13 @@ module Puppet desc "The file in which to store the ssh key. Only used by the `parsed` provider." - defaultto { if @resource.class.defaultprovider.ancestors.include?(Puppet::Provider::ParsedFile) - @resource.class.defaultprovider.default_target + defaultto do + if @resource.class.defaultprovider.ancestors.include?(Puppet::Provider::ParsedFile) + @resource.class.defaultprovider.default_target else nil end - } + end end end end diff --git a/spec/acceptance/tests/resource/ssh_authorized_key/create.rb b/spec/acceptance/tests/resource/ssh_authorized_key/create.rb index 6b4c879..17450e7 100644 --- a/spec/acceptance/tests/resource/ssh_authorized_key/create.rb +++ b/spec/acceptance/tests/resource/ssh_authorized_key/create.rb @@ -1,39 +1,38 @@ -test_name "should create an entry for an SSH authorized key" +test_name 'should create an entry for an SSH authorized key' tag 'audit:medium', - 'audit:refactor', # Use block style `test_run` - 'audit:acceptance' # Could be done at the integration (or unit) layer though - # actual changing of resources could irreparably damage a - # host running this, or require special permissions. + 'audit:refactor', # Use block style `test_run` + # Could be done at the integration (or unit) layer though + # actual changing of resources could irreparably damage a + # host running this, or require special permissions. + 'audit:acceptance' -confine :except, :platform => ['windows'] +confine :except, platform: ['windows'] auth_keys = '~/.ssh/authorized_keys' -name = "pl#{rand(999999).to_i}" +name = "pl#{rand(999_999).to_i}" agents.each do |agent| teardown do - #(teardown) restore the #{auth_keys} file - on(agent, "mv /tmp/auth_keys #{auth_keys}", :acceptable_exit_codes => [0,1]) + # (teardown) restore the #{auth_keys} file + on(agent, "mv /tmp/auth_keys #{auth_keys}", acceptable_exit_codes: [0, 1]) end #------- SETUP -------# step "(setup) backup #{auth_keys} file" - on(agent, "cp #{auth_keys} /tmp/auth_keys", :acceptable_exit_codes => [0,1]) + on(agent, "cp #{auth_keys} /tmp/auth_keys", acceptable_exit_codes: [0, 1]) on(agent, "chown $LOGNAME #{auth_keys}") #------- TESTS -------# - step "create an authorized key entry with puppet (present)" + step 'create an authorized key entry with puppet (present)' args = ['ensure=present', - "user=$LOGNAME", + 'user=$LOGNAME', "type='rsa'", - "key='mykey'", - ] - on(agent, puppet_resource('ssh_authorized_key', "#{name}", args)) + "key='mykey'"] + on(agent, puppet_resource('ssh_authorized_key', name.to_s, args)) step "verify entry in #{auth_keys}" - on(agent, "cat #{auth_keys}") do |res| - fail_test "didn't find the ssh_authorized_key for #{name}" unless stdout.include? "#{name}" + on(agent, "cat #{auth_keys}") do |_res| + fail_test "didn't find the ssh_authorized_key for #{name}" unless stdout.include? name.to_s end - end diff --git a/spec/acceptance/tests/resource/ssh_authorized_key/destroy.rb b/spec/acceptance/tests/resource/ssh_authorized_key/destroy.rb index c80e967..3d17a23 100644 --- a/spec/acceptance/tests/resource/ssh_authorized_key/destroy.rb +++ b/spec/acceptance/tests/resource/ssh_authorized_key/destroy.rb @@ -1,42 +1,41 @@ -test_name "should delete an entry for an SSH authorized key" +test_name 'should delete an entry for an SSH authorized key' tag 'audit:medium', - 'audit:refactor', # Use block style `test_run` - 'audit:acceptance' # Could be done at the integration (or unit) layer though - # actual changing of resources could irreparably damage a - # host running this, or require special permissions. + 'audit:refactor', # Use block style `test_run` + # Could be done at the integration (or unit) layer though + # actual changing of resources could irreparably damage a + # host running this, or require special permissions. + 'audit:acceptance' -confine :except, :platform => ['windows'] +confine :except, platform: ['windows'] auth_keys = '~/.ssh/authorized_keys' -name = "pl#{rand(999999).to_i}" +name = "pl#{rand(999_999).to_i}" agents.each do |agent| teardown do - #(teardown) restore the #{auth_keys} file - on(agent, "mv /tmp/auth_keys #{auth_keys}", :acceptable_exit_codes => [0,1]) + # (teardown) restore the #{auth_keys} file + on(agent, "mv /tmp/auth_keys #{auth_keys}", acceptable_exit_codes: [0, 1]) end #------- SETUP -------# step "(setup) backup #{auth_keys} file" - on(agent, "cp #{auth_keys} /tmp/auth_keys", :acceptable_exit_codes => [0,1]) + on(agent, "cp #{auth_keys} /tmp/auth_keys", acceptable_exit_codes: [0, 1]) step "(setup) create an authorized key in the #{auth_keys} file" on(agent, "echo '' >> #{auth_keys} && echo 'ssh-rsa mykey #{name}' >> #{auth_keys}") on(agent, "chown $LOGNAME #{auth_keys}") #------- TESTS -------# - step "delete an authorized key entry with puppet (absent)" + step 'delete an authorized key entry with puppet (absent)' args = ['ensure=absent', - "user=$LOGNAME", + 'user=$LOGNAME', "type='rsa'", - "key='mykey'", - ] - on(agent, puppet_resource('ssh_authorized_key', "#{name}", args)) + "key='mykey'"] + on(agent, puppet_resource('ssh_authorized_key', name.to_s, args)) step "verify entry deleted from #{auth_keys}" - on(agent, "cat #{auth_keys}") do |res| - fail_test "found the ssh_authorized_key for #{name}" if stdout.include? "#{name}" + on(agent, "cat #{auth_keys}") do |_res| + fail_test "found the ssh_authorized_key for #{name}" if stdout.include? name.to_s end - end diff --git a/spec/acceptance/tests/resource/ssh_authorized_key/modify.rb b/spec/acceptance/tests/resource/ssh_authorized_key/modify.rb index 0a50c31..85753a3 100644 --- a/spec/acceptance/tests/resource/ssh_authorized_key/modify.rb +++ b/spec/acceptance/tests/resource/ssh_authorized_key/modify.rb @@ -1,43 +1,42 @@ -test_name "should update an entry for an SSH authorized key" +test_name 'should update an entry for an SSH authorized key' tag 'audit:medium', - 'audit:refactor', # Use block style `test_run` - 'audit:acceptance' # Could be done at the integration (or unit) layer though - # actual changing of resources could irreparably damage a - # host running this, or require special permissions. + 'audit:refactor', # Use block style `test_run` + # Could be done at the integration (or unit) layer though + # actual changing of resources could irreparably damage a + # host running this, or require special permissions. + 'audit:acceptance' -confine :except, :platform => ['windows'] +confine :except, platform: ['windows'] auth_keys = '~/.ssh/authorized_keys' -name = "pl#{rand(999999).to_i}" +name = "pl#{rand(999_999).to_i}" agents.each do |agent| teardown do - #(teardown) restore the #{auth_keys} file - on(agent, "mv /tmp/auth_keys #{auth_keys}", :acceptable_exit_codes => [0,1]) + # (teardown) restore the #{auth_keys} file + on(agent, "mv /tmp/auth_keys #{auth_keys}", acceptable_exit_codes: [0, 1]) end #------- SETUP -------# step "(setup) backup #{auth_keys} file" - on(agent, "cp #{auth_keys} /tmp/auth_keys", :acceptable_exit_codes => [0,1]) + on(agent, "cp #{auth_keys} /tmp/auth_keys", acceptable_exit_codes: [0, 1]) step "(setup) create an authorized key in the #{auth_keys} file" on(agent, "echo '' >> #{auth_keys} && echo 'ssh-rsa mykey #{name}' >> #{auth_keys}") on(agent, "chown $LOGNAME #{auth_keys}") #------- TESTS -------# - step "update an authorized key entry with puppet (present)" + step 'update an authorized key entry with puppet (present)' args = ['ensure=present', - "user=$LOGNAME", + 'user=$LOGNAME', "type='rsa'", - "key='mynewshinykey'", - ] - on(agent, puppet_resource('ssh_authorized_key', "#{name}", args)) + "key='mynewshinykey'"] + on(agent, puppet_resource('ssh_authorized_key', name.to_s, args)) step "verify entry updated in #{auth_keys}" - on(agent, "cat #{auth_keys}") do |res| + on(agent, "cat #{auth_keys}") do |_res| fail_test "didn't find the updated key for #{name}" unless stdout.include? "mynewshinykey #{name}" fail_test "Found old key mykey #{name}" if stdout.include? "mykey #{name}" end - end diff --git a/spec/acceptance/tests/resource/ssh_authorized_key/query.rb b/spec/acceptance/tests/resource/ssh_authorized_key/query.rb index 8caff85..a31aa93 100644 --- a/spec/acceptance/tests/resource/ssh_authorized_key/query.rb +++ b/spec/acceptance/tests/resource/ssh_authorized_key/query.rb @@ -1,35 +1,35 @@ -test_name "should be able to find an existing SSH authorized key" +test_name 'should be able to find an existing SSH authorized key' tag 'audit:medium', - 'audit:refactor', # Use block style `test_run` - 'audit:acceptance' # Could be done at the integration (or unit) layer though - # actual changing of resources could irreparably damage a - # host running this, or require special permissions. + 'audit:refactor', # Use block style `test_run` + # Could be done at the integration (or unit) layer though + # actual changing of resources could irreparably damage a + # host running this, or require special permissions. + 'audit:acceptance' -skip_test("This test is blocked by PUP-1605") +skip_test('This test is blocked by PUP-1605') -confine :except, :platform => ['windows'] +confine :except, platform: ['windows'] auth_keys = '~/.ssh/authorized_keys' -name = "pl#{rand(999999).to_i}" +name = "pl#{rand(999_999).to_i}" agents.each do |agent| teardown do - #(teardown) restore the #{auth_keys} file - on(agent, "mv /tmp/auth_keys #{auth_keys}", :acceptable_exit_codes => [0,1]) + # (teardown) restore the #{auth_keys} file + on(agent, "mv /tmp/auth_keys #{auth_keys}", acceptable_exit_codes: [0, 1]) end #------- SETUP -------# step "(setup) backup #{auth_keys} file" - on(agent, "cp #{auth_keys} /tmp/auth_keys", :acceptable_exit_codes => [0,1]) + on(agent, "cp #{auth_keys} /tmp/auth_keys", acceptable_exit_codes: [0, 1]) step "(setup) create an authorized key in the #{auth_keys} file" on(agent, "echo '' >> #{auth_keys} && echo 'ssh-rsa mykey #{name}' >> #{auth_keys}") #------- TESTS -------# - step "verify SSH authorized key query with puppet" - on(agent, puppet_resource('ssh_authorized_key', "/#{name}")) do |res| - fail_test "Didn't find the ssh_authorized_key for #{name}" unless stdout.include? "#{name}" + step 'verify SSH authorized key query with puppet' + on(agent, puppet_resource('ssh_authorized_key', "/#{name}")) do |_res| + fail_test "Didn't find the ssh_authorized_key for #{name}" unless stdout.include? name.to_s end - end diff --git a/spec/acceptance/tests/resource/sshkey/create.rb b/spec/acceptance/tests/resource/sshkey/create.rb index 4e75379..1aa31c8 100644 --- a/spec/acceptance/tests/resource/sshkey/create.rb +++ b/spec/acceptance/tests/resource/sshkey/create.rb @@ -1,77 +1,77 @@ -test_name "(PUP-5508) Should add an SSH key to the correct ssh_known_hosts file on OS X/macOS" do -# TestRail test case C93370 +test_name '(PUP-5508) Should add an SSH key to the correct ssh_known_hosts file on OS X/macOS' do + # TestRail test case C93370 -tag 'audit:medium', - 'audit:acceptance' # Could be done at the integration (or unit) layer though - # actual changing of resources could irreparably damage a - # host running this, or require special permissions. + tag 'audit:medium', + # Could be done at the integration (or unit) layer though + # actual changing of resources could irreparably damage a + # host running this, or require special permissions. + 'audit:acceptance' -confine :to, :platform => /osx/ + confine :to, platform: %r{osx} -keyname = "pl#{rand(999999).to_i}" + keyname = "pl#{rand(999_999).to_i}" -# FIXME: This is bletcherous -macos_version = fact_on(agent, "os.macosx.version.major") -if ["10.9","10.10"].include? macos_version - ssh_known_hosts = '/etc/ssh_known_hosts' -else - ssh_known_hosts = '/etc/ssh/ssh_known_hosts' -end + # FIXME: This is bletcherous + macos_version = fact_on(agent, 'os.macosx.version.major') + ssh_known_hosts = if ['10.9', '10.10'].include? macos_version + '/etc/ssh_known_hosts' + else + '/etc/ssh/ssh_known_hosts' + end -teardown do - puts "Restore the #{ssh_known_hosts} file" - agents.each do |agent| - # Is it present? - rc = on(agent, "[ -e /tmp/ssh_known_hosts ]", - :accept_all_exit_codes => true) - if rc.exit_code == 0 - # It's present, so restore the original - on(agent, "mv -fv /tmp/ssh_known_hosts #{ssh_known_hosts}", - :accept_all_exit_codes => true) - else - # It's missing, which means there wasn't one to backup; just - # delete the one we laid down - on(agent, "rm -fv #{ssh_known_hosts}", - :accept_all_exit_codes => true) + teardown do + puts "Restore the #{ssh_known_hosts} file" + agents.each do |agent| + # Is it present? + rc = on(agent, '[ -e /tmp/ssh_known_hosts ]', + accept_all_exit_codes: true) + if rc.exit_code == 0 + # It's present, so restore the original + on(agent, "mv -fv /tmp/ssh_known_hosts #{ssh_known_hosts}", + accept_all_exit_codes: true) + else + # It's missing, which means there wasn't one to backup; just + # delete the one we laid down + on(agent, "rm -fv #{ssh_known_hosts}", + accept_all_exit_codes: true) + end end end -end -#------- SETUP -------# -step "Backup #{ssh_known_hosts} file, if present" do - # The 'cp' might fail because the source file doesn't exist - on(agent, "cp -fv #{ssh_known_hosts} /tmp/ssh_known_hosts", - :acceptable_exit_codes => [0,1]) -end + #------- SETUP -------# + step "Backup #{ssh_known_hosts} file, if present" do + # The 'cp' might fail because the source file doesn't exist + on(agent, "cp -fv #{ssh_known_hosts} /tmp/ssh_known_hosts", + acceptable_exit_codes: [0, 1]) + end -#------- TESTS -------# -step 'Verify that the default file is empty or non-existent' do - # Is it even there? - rc = on(agent, "[ ! -e #{ssh_known_hosts} ]", - :acceptable_exit_codes => [0, 1]) - if rc.exit_code == 1 - # If it's there, it should be empty - on(agent, "cat #{ssh_known_hosts}") do |res| - fail_test "Default #{ssh_known_hosts} file not empty" \ - unless stdout.empty? + #------- TESTS -------# + step 'Verify that the default file is empty or non-existent' do + # Is it even there? + rc = on(agent, "[ ! -e #{ssh_known_hosts} ]", + acceptable_exit_codes: [0, 1]) + if rc.exit_code == 1 + # If it's there, it should be empty + on(agent, "cat #{ssh_known_hosts}") do |_res| + fail_test "Default #{ssh_known_hosts} file not empty" \ + unless stdout.empty? + end end end -end -step "Add an sshkey to the default file" do - args = [ - "ensure=present", - "key=how_about_the_key_of_c", - "type=ssh-rsa", - ] - on(agent, puppet_resource("sshkey", "#{keyname}", args)) -end - -step 'Verify the new entry in the default file' do - on(agent, "cat #{ssh_known_hosts}") do |rc| - fail_test "Didn't find the ssh_known_host entry for #{keyname}" \ - unless stdout.include? "#{keyname}" + step 'Add an sshkey to the default file' do + args = [ + 'ensure=present', + 'key=how_about_the_key_of_c', + 'type=ssh-rsa', + ] + on(agent, puppet_resource('sshkey', keyname.to_s, args)) end -end + step 'Verify the new entry in the default file' do + on(agent, "cat #{ssh_known_hosts}") do |_rc| + fail_test "Didn't find the ssh_known_host entry for #{keyname}" \ + unless stdout.include? keyname.to_s + end + end end diff --git a/spec/integration/provider/ssh_authorized_key_spec.rb b/spec/integration/provider/ssh_authorized_key_spec.rb index 14af2de..7dc40e3 100644 --- a/spec/integration/provider/ssh_authorized_key_spec.rb +++ b/spec/integration/provider/ssh_authorized_key_spec.rb @@ -3,7 +3,7 @@ require 'spec_helper' require 'puppet/file_bucket/dipper' -describe Puppet::Type.type(:ssh_authorized_key).provider(:parsed), '(integration)', :unless => Puppet.features.microsoft_windows? do +describe Puppet::Type.type(:ssh_authorized_key).provider(:parsed), '(integration)', unless: Puppet.features.microsoft_windows? do include PuppetSpec::Files let :fake_userfile do @@ -18,7 +18,7 @@ describe Puppet::Type.type(:ssh_authorized_key).provider(:parsed), '(integration [ 'AAAAB3NzaC1yc2EAAAADAQABAAAAgQCi18JBZOq10X3w4f67nVhO0O3s5Y1vHH4UgMSM3ZnQwbC5hjGyYSi9UULOoQQoQynI/a0I9NL423/Xk/XJVIKCHcS8q6V2Wmjd+fLNelOjxxoW6mbIytEt9rDvwgq3Mof3/m21L3t2byvegR00a+ikKbmInPmKwjeWZpexCIsHzQ==', # 1024 bit 'AAAAB3NzaC1yc2EAAAADAQABAAAAgQDLClyvi3CsJw5Id6khZs2/+s11qOH4Gdp6iDioDsrIp0m8kSiPr71VGyQYAfPzzvHemHS7Xg0NkG1Kc8u9tRqBQfTvz7ubq0AT/g01+4P2hQ/soFkuwlUG/HVnnaYb6N0Qp5SHWvD5vBE2nFFQVpP5GrSctPtHSjzJq/i+6LYhmQ==', # 1024 bit - 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDLygAO6txXkh9FNV8xSsBkATeqLbHzS7sFjGI3gt0Dx6q3LjyKwbhQ1RLf28kd5G6VWiXmClU/RtiPdUz8nrGuun++2mrxzrXrvpR9dq1lygLQ2wn2cI35dN5bjRMtXy3decs6HUhFo9MoNwX250rUWfdCyNPhGIp6OOfmjdy+UeLGNxq9wDx6i4bT5tVVSqVRtsEfw9+ICXchzl85QudjneVVpP+thriPZXfXA5eaGwAo/dmoKOIhUwF96gpdLqzNtrGQuxPbV80PTbGv9ZtAtTictxaDz8muXO7he9pXmchUpxUKtMFjHkL0FAZ9tRPmv3RA30sEr2fZ8+LKvnE50w0' #2048 Bit + 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDLygAO6txXkh9FNV8xSsBkATeqLbHzS7sFjGI3gt0Dx6q3LjyKwbhQ1RLf28kd5G6VWiXmClU/RtiPdUz8nrGuun++2mrxzrXrvpR9dq1lygLQ2wn2cI35dN5bjRMtXy3decs6HUhFo9MoNwX250rUWfdCyNPhGIp6OOfmjdy+UeLGNxq9wDx6i4bT5tVVSqVRtsEfw9+ICXchzl85QudjneVVpP+thriPZXfXA5eaGwAo/dmoKOIhUwF96gpdLqzNtrGQuxPbV80PTbGv9ZtAtTictxaDz8muXO7he9pXmchUpxUKtMFjHkL0FAZ9tRPmv3RA30sEr2fZ8+LKvnE50w0' # 2048 Bit ] end @@ -33,16 +33,16 @@ describe Puppet::Type.type(:ssh_authorized_key).provider(:parsed), '(integration "ssh-rsa #{sample_rsa_keys[1]} root@someotherhost", "ssh-dss #{sample_dsa_keys[0]} root@anywhere", "ssh-rsa #{sample_rsa_keys[2]} paul", - "ssh-rsa #{sample_rsa_keys[2]} dummy" + "ssh-rsa #{sample_rsa_keys[2]} dummy", ] end let :dummy do Puppet::Type.type(:ssh_authorized_key).new( - :name => 'dummy', - :target => fake_userfile, - :user => 'nobody', - :ensure => :absent + name: 'dummy', + target: fake_userfile, + user: 'nobody', + ensure: :absent, ) end @@ -57,7 +57,7 @@ describe Puppet::Type.type(:ssh_authorized_key).provider(:parsed), '(integration end def create_fake_key(username, content) - filename = (username == :root ? fake_rootfile : fake_userfile ) + filename = ((username == :root) ? fake_rootfile : fake_userfile) File.open(filename, 'w') do |f| content.each do |line| f.puts line @@ -66,8 +66,8 @@ describe Puppet::Type.type(:ssh_authorized_key).provider(:parsed), '(integration end def check_fake_key(username, expected_content) - filename = (username == :root ? fake_rootfile : fake_userfile ) - content = File.readlines(filename).map(&:chomp).sort.reject{ |x| x =~ /^# HEADER:/ } + filename = ((username == :root) ? fake_rootfile : fake_userfile) + content = File.readlines(filename).map(&:chomp).sort.reject { |x| x =~ %r{^# HEADER:} } expect(content.join("\n")).to eq(expected_content.sort.join("\n")) end @@ -82,35 +82,34 @@ describe Puppet::Type.type(:ssh_authorized_key).provider(:parsed), '(integration catalog.apply end - it "should not complain about empty lines and comments" do + it 'does not complain about empty lines and comments' do described_class.expects(:flush).never - sample = ['',sample_lines[0],' ',sample_lines[1],'# just a comment','#and another'] - create_fake_key(:user,sample) + sample = ['', sample_lines[0], ' ', sample_lines[1], '# just a comment', '#and another'] + create_fake_key(:user, sample) run_in_catalog(dummy) check_fake_key(:user, sample) end - it "should keep empty lines and comments when modifying a file" do - create_fake_key(:user, ['',sample_lines[0],' ',sample_lines[3],'# just a comment','#and another']) + it 'keeps empty lines and comments when modifying a file' do + create_fake_key(:user, ['', sample_lines[0], ' ', sample_lines[3], '# just a comment', '#and another']) run_in_catalog(dummy) - check_fake_key(:user, ['',sample_lines[0],' ','# just a comment','#and another']) + check_fake_key(:user, ['', sample_lines[0], ' ', '# just a comment', '#and another']) end - describe "when managing one resource" do - - describe "with ensure set to absent" do + describe 'when managing one resource' do + describe 'with ensure set to absent' do let :resource do Puppet::Type.type(:ssh_authorized_key).new( - :name => 'root@hostname', - :type => :rsa, - :key => sample_rsa_keys[0], - :target => fake_rootfile, - :user => 'root', - :ensure => :absent + name: 'root@hostname', + type: :rsa, + key: sample_rsa_keys[0], + target: fake_rootfile, + user: 'root', + ensure: :absent, ) end - it "should not modify root's keyfile if resource is currently not present" do + it "does not modify root's keyfile if resource is currently not present" do create_fake_key(:root, sample_lines) run_in_catalog(resource) check_fake_key(:root, sample_lines) @@ -123,96 +122,96 @@ describe Puppet::Type.type(:ssh_authorized_key).provider(:parsed), '(integration end end - describe "when ensure is present" do + describe 'when ensure is present' do let :resource do Puppet::Type.type(:ssh_authorized_key).new( - :name => 'root@hostname', - :type => :rsa, - :key => sample_rsa_keys[0], - :target => fake_rootfile, - :user => 'root', - :ensure => :present + name: 'root@hostname', + type: :rsa, + key: sample_rsa_keys[0], + target: fake_rootfile, + user: 'root', + ensure: :present, ) end # just a dummy so the parsedfile provider is aware # of the user's authorized_keys file - it "should add the key if it is not present" do + it 'adds the key if it is not present' do create_fake_key(:root, sample_lines) run_in_catalog(resource) - check_fake_key(:root, sample_lines + ["ssh-rsa #{sample_rsa_keys[0]} root@hostname" ]) + check_fake_key(:root, sample_lines + ["ssh-rsa #{sample_rsa_keys[0]} root@hostname"]) end - it "should modify the type if type is out of sync" do - create_fake_key(:root,sample_lines + [ "ssh-dss #{sample_rsa_keys[0]} root@hostname" ]) + it 'modifies the type if type is out of sync' do + create_fake_key(:root, sample_lines + ["ssh-dss #{sample_rsa_keys[0]} root@hostname"]) run_in_catalog(resource) - check_fake_key(:root, sample_lines + [ "ssh-rsa #{sample_rsa_keys[0]} root@hostname" ]) + check_fake_key(:root, sample_lines + ["ssh-rsa #{sample_rsa_keys[0]} root@hostname"]) end - it "should modify the key if key is out of sync" do - create_fake_key(:root,sample_lines + [ "ssh-rsa #{sample_rsa_keys[1]} root@hostname" ]) + it 'modifies the key if key is out of sync' do + create_fake_key(:root, sample_lines + ["ssh-rsa #{sample_rsa_keys[1]} root@hostname"]) run_in_catalog(resource) - check_fake_key(:root, sample_lines + [ "ssh-rsa #{sample_rsa_keys[0]} root@hostname" ]) + check_fake_key(:root, sample_lines + ["ssh-rsa #{sample_rsa_keys[0]} root@hostname"]) end - it "should remove the key from old file if target is out of sync" do - create_fake_key(:user, [ sample_lines[0], "ssh-rsa #{sample_rsa_keys[0]} root@hostname" ]) - create_fake_key(:root, [ sample_lines[1], sample_lines[2] ]) + it 'removes the key from old file if target is out of sync' do + create_fake_key(:user, [sample_lines[0], "ssh-rsa #{sample_rsa_keys[0]} root@hostname"]) + create_fake_key(:root, [sample_lines[1], sample_lines[2]]) run_in_catalog(resource, dummy) - check_fake_key(:user, [ sample_lines[0] ]) - #check_fake_key(:root, [ sample_lines[1], sample_lines[2], "ssh-rsa #{sample_rsa_keys[0]} root@hostname" ]) + check_fake_key(:user, [sample_lines[0]]) + # check_fake_key(:root, [ sample_lines[1], sample_lines[2], "ssh-rsa #{sample_rsa_keys[0]} root@hostname" ]) end - it "should add the key to new file if target is out of sync" do - create_fake_key(:user, [ sample_lines[0], "ssh-rsa #{sample_rsa_keys[0]} root@hostname" ]) - create_fake_key(:root, [ sample_lines[1], sample_lines[2] ]) + it 'adds the key to new file if target is out of sync' do + create_fake_key(:user, [sample_lines[0], "ssh-rsa #{sample_rsa_keys[0]} root@hostname"]) + create_fake_key(:root, [sample_lines[1], sample_lines[2]]) run_in_catalog(resource, dummy) - #check_fake_key(:user, [ sample_lines[0] ]) - check_fake_key(:root, [ sample_lines[1], sample_lines[2], "ssh-rsa #{sample_rsa_keys[0]} root@hostname" ]) + # check_fake_key(:user, [ sample_lines[0] ]) + check_fake_key(:root, [sample_lines[1], sample_lines[2], "ssh-rsa #{sample_rsa_keys[0]} root@hostname"]) end - it "should modify options if options are out of sync" do - resource[:options]=[ 'from="*.domain1,host1.domain2"', 'no-port-forwarding', 'no-pty' ] - create_fake_key(:root, sample_lines + [ "from=\"*.false,*.false2\",no-port-forwarding,no-pty ssh-rsa #{sample_rsa_keys[0]} root@hostname"]) + it 'modifies options if options are out of sync' do + resource[:options] = ['from="*.domain1,host1.domain2"', 'no-port-forwarding', 'no-pty'] + create_fake_key(:root, sample_lines + ["from=\"*.false,*.false2\",no-port-forwarding,no-pty ssh-rsa #{sample_rsa_keys[0]} root@hostname"]) run_in_catalog(resource) - check_fake_key(:root, sample_lines + [ "from=\"*.domain1,host1.domain2\",no-port-forwarding,no-pty ssh-rsa #{sample_rsa_keys[0]} root@hostname"] ) + check_fake_key(:root, sample_lines + ["from=\"*.domain1,host1.domain2\",no-port-forwarding,no-pty ssh-rsa #{sample_rsa_keys[0]} root@hostname"]) end end end - describe "when managing two resource" do + describe 'when managing two resource' do let :examples do resources = [] resources << Puppet::Type.type(:ssh_authorized_key).new( - :name => 'root@hostname', - :type => :rsa, - :key => sample_rsa_keys[0], - :target => fake_rootfile, - :user => 'root', - :ensure => :present + name: 'root@hostname', + type: :rsa, + key: sample_rsa_keys[0], + target: fake_rootfile, + user: 'root', + ensure: :present, ) resources << Puppet::Type.type(:ssh_authorized_key).new( - :name => 'user@hostname', - :key => sample_rsa_keys[1], - :type => :rsa, - :target => fake_userfile, - :user => 'nobody', - :ensure => :present + name: 'user@hostname', + key: sample_rsa_keys[1], + type: :rsa, + target: fake_userfile, + user: 'nobody', + ensure: :present, ) resources end - describe "and both keys are absent" do + describe 'and both keys are absent' do before :each do create_fake_key(:root, sample_lines) create_fake_key(:user, sample_lines) end - it "should add both keys" do + it 'adds both keys' do run_in_catalog(*examples) - check_fake_key(:root, sample_lines + [ "ssh-rsa #{sample_rsa_keys[0]} root@hostname" ]) - check_fake_key(:user, sample_lines + [ "ssh-rsa #{sample_rsa_keys[1]} user@hostname" ]) + check_fake_key(:root, sample_lines + ["ssh-rsa #{sample_rsa_keys[0]} root@hostname"]) + check_fake_key(:user, sample_lines + ["ssh-rsa #{sample_rsa_keys[1]} user@hostname"]) end end end diff --git a/spec/integration/provider/sshkey_spec.rb b/spec/integration/provider/sshkey_spec.rb index f461460..5328f85 100644 --- a/spec/integration/provider/sshkey_spec.rb +++ b/spec/integration/provider/sshkey_spec.rb @@ -6,7 +6,7 @@ require 'puppet_spec/files' require 'puppet_spec/compiler' describe Puppet::Type.type(:sshkey).provider(:parsed), '(integration)', - :unless => Puppet.features.microsoft_windows? do + unless: Puppet.features.microsoft_windows? do include PuppetSpec::Files include PuppetSpec::Compiler @@ -14,8 +14,8 @@ describe Puppet::Type.type(:sshkey).provider(:parsed), '(integration)', # Don't backup to filebucket Puppet::FileBucket::Dipper.any_instance.stubs(:backup) # We don't want to execute anything - described_class.stubs(:filetype). - returns Puppet::Util::FileType::FileTypeFlat + described_class.stubs(:filetype) + .returns Puppet::Util::FileType::FileTypeFlat @sshkey_file = tmpfile('sshkey_integration_specs') FileUtils.cp(my_fixture('sample'), @sshkey_file) @@ -28,10 +28,9 @@ describe Puppet::Type.type(:sshkey).provider(:parsed), '(integration)', let(:type_under_test) { 'sshkey' } - describe "when managing a ssh known hosts file it..." do - - let(:super_unique) { "my.super.unique.host" } - it "should create a new known_hosts file with mode 0644" do + describe 'when managing a ssh known hosts file it...' do + let(:super_unique) { 'my.super.unique.host' } + it 'creates a new known_hosts file with mode 0644' do target = tmpfile('ssh_known_hosts') manifest = "#{type_under_test} { '#{super_unique}': ensure => 'present', @@ -39,51 +38,51 @@ describe Puppet::Type.type(:sshkey).provider(:parsed), '(integration)', key => 'TESTKEY', target => '#{target}' }" apply_with_error_check(manifest) - expect_file_mode(target, "644") + expect_file_mode(target, '644') end - it "should create an SSH host key entry (ensure present)" do + it 'creates an SSH host key entry (ensure present)' do manifest = "#{type_under_test} { '#{super_unique}': ensure => 'present', type => 'rsa', key => 'mykey', target => '#{@sshkey_file}' }" apply_with_error_check(manifest) - expect(File.read(@sshkey_file)).to match(/#{super_unique}.*mykey/) + expect(File.read(@sshkey_file)).to match(%r{#{super_unique}.*mykey}) end let(:sshkey_name) { 'kirby.madstop.com' } - it "should delete an entry for an SSH host key" do + it 'deletes an entry for an SSH host key' do manifest = "#{type_under_test} { '#{sshkey_name}': ensure => 'absent', target => '#{@sshkey_file}' }" apply_with_error_check(manifest) - expect(File.read(@sshkey_file)).not_to match(/#{sshkey_name}.*Yqk0=/) + expect(File.read(@sshkey_file)).not_to match(%r{#{sshkey_name}.*Yqk0=}) end - it "should update an entry for an SSH host key" do + it 'updates an entry for an SSH host key' do manifest = "#{type_under_test} { '#{sshkey_name}': ensure => 'present', type => 'rsa', key => 'mynewshinykey', target => '#{@sshkey_file}' }" apply_with_error_check(manifest) - expect(File.read(@sshkey_file)).to match(/#{sshkey_name}.*mynewshinykey/) - expect(File.read(@sshkey_file)).not_to match(/#{sshkey_name}.*Yqk0=/) + expect(File.read(@sshkey_file)).to match(%r{#{sshkey_name}.*mynewshinykey}) + expect(File.read(@sshkey_file)).not_to match(%r{#{sshkey_name}.*Yqk0=}) end # test all key types - types = ["ssh-dss", "dsa", - "ssh-ed25519", "ed25519", - "ssh-rsa", "rsa", - "ecdsa-sha2-nistp256", - "ecdsa-sha2-nistp384", - "ecdsa-sha2-nistp521"] + types = ['ssh-dss', 'dsa', + 'ssh-ed25519', 'ed25519', + 'ssh-rsa', 'rsa', + 'ecdsa-sha2-nistp256', + 'ecdsa-sha2-nistp384', + 'ecdsa-sha2-nistp521'] # these types are treated as aliases for sshkey <ahem> type # so they are populated as the *values* below - aliases = {"dsa" => "ssh-dss", - "ed25519" => "ssh-ed25519", - "rsa" => "ssh-rsa"} + aliases = { 'dsa' => 'ssh-dss', + 'ed25519' => 'ssh-ed25519', + 'rsa' => 'ssh-rsa' } types.each do |type| it "should update an entry with #{type} type" do manifest = "#{type_under_test} { '#{sshkey_name}': @@ -93,67 +92,66 @@ describe Puppet::Type.type(:sshkey).provider(:parsed), '(integration)', target => '#{@sshkey_file}' }" apply_with_error_check(manifest) - if aliases.has_key?(type) + if aliases.key?(type) full_type = aliases[type] - expect(File.read(@sshkey_file)). - to match(/#{sshkey_name}.*#{full_type}.*mynew/) + expect(File.read(@sshkey_file)) + .to match(%r{#{sshkey_name}.*#{full_type}.*mynew}) else - expect(File.read(@sshkey_file)). - to match(/#{sshkey_name}.*#{type}.*mynew/) + expect(File.read(@sshkey_file)) + .to match(%r{#{sshkey_name}.*#{type}.*mynew}) end end end # test unknown key type fails let(:invalid_type) { 'ssh-er0ck' } - it "should raise an error with an unknown type" do + it 'raises an error with an unknown type' do manifest = "#{type_under_test} { '#{sshkey_name}': ensure => 'present', type => '#{invalid_type}', key => 'mynewshinykey', target => '#{@sshkey_file}' }" expect { - apply_compiled_manifest(manifest) - }.to raise_error(Puppet::ResourceError, /Invalid value "#{invalid_type}"/) + apply_compiled_manifest(manifest) + }.to raise_error(Puppet::ResourceError, %r{Invalid value "#{invalid_type}"}) end - #single host_alias + # single host_alias let(:host_alias) { 'r0ckdata.com' } - it "should update an entry with new host_alias" do + it 'updates an entry with new host_alias' do manifest = "#{type_under_test} { '#{sshkey_name}': ensure => 'present', host_aliases => '#{host_alias}', target => '#{@sshkey_file}' }" apply_with_error_check(manifest) - expect(File.read(@sshkey_file)).to match(/#{sshkey_name},#{host_alias}\s/) - expect(File.read(@sshkey_file)).not_to match(/#{sshkey_name}\s/) + expect(File.read(@sshkey_file)).to match(%r{#{sshkey_name},#{host_alias}\s}) + expect(File.read(@sshkey_file)).not_to match(%r{#{sshkey_name}\s}) end - #array host_alias - let(:host_aliases) { "r0ckdata.com,erict.net" } - it "should update an entry with new host_alias" do + # array host_alias + let(:host_aliases) { 'r0ckdata.com,erict.net' } + + it 'updates an entry with new host_alias' do manifest = "#{type_under_test} { '#{sshkey_name}': ensure => 'present', host_aliases => '#{host_alias}', target => '#{@sshkey_file}' }" apply_with_error_check(manifest) - expect(File.read(@sshkey_file)).to match(/#{sshkey_name},#{host_alias}\s/) - expect(File.read(@sshkey_file)).not_to match(/#{sshkey_name}\s/) + expect(File.read(@sshkey_file)).to match(%r{#{sshkey_name},#{host_alias}\s}) + expect(File.read(@sshkey_file)).not_to match(%r{#{sshkey_name}\s}) end - #puppet resource sshkey - it "should fetch an entry from resources" do + # puppet resource sshkey + it 'fetches an entry from resources' do @resource_app = Puppet::Application[:resource] @resource_app.preinit - @resource_app.command_line.stubs(:args). - returns([type_under_test, sshkey_name, "target=#{@sshkey_file}"]) + @resource_app.command_line.stubs(:args) + .returns([type_under_test, sshkey_name, "target=#{@sshkey_file}"]) @resource_app.expects(:puts).with do |args| - expect(args).to match(/#{sshkey_name}/) + expect(args).to match(%r{#{sshkey_name}}) end @resource_app.main end - end - end diff --git a/spec/lib/puppet_spec/compiler.rb b/spec/lib/puppet_spec/compiler.rb index 8964a26..c3d33a5 100644 --- a/spec/lib/puppet_spec/compiler.rb +++ b/spec/lib/puppet_spec/compiler.rb @@ -34,8 +34,8 @@ module PuppetSpec::Compiler catalog.resources.each { |res| yield res } end transaction = Puppet::Transaction.new(catalog, - Puppet::Transaction::Report.new, - prioritizer) + Puppet::Transaction::Report.new, + prioritizer) transaction.evaluate transaction.report.finalize_report @@ -70,7 +70,7 @@ module PuppetSpec::Compiler collect_notices(code, node) do |compiler| unless topscope_vars.empty? scope = compiler.topscope - topscope_vars.each {|k,v| scope.setvar(k, v) } + topscope_vars.each { |k, v| scope.setvar(k, v) } end if block_given? compiler.compile do |catalog| @@ -95,7 +95,7 @@ module PuppetSpec::Compiler compiler = Puppet::Parser::Compiler.new(node) unless variables.empty? scope = compiler.topscope - variables.each {|k,v| scope.setvar(k, v) } + variables.each { |k, v| scope.setvar(k, v) } end if source.nil? @@ -105,7 +105,7 @@ module PuppetSpec::Compiler end # evaluate given source is the context of the compiled state and return its result - compiler.compile do |catalog | + compiler.compile do |_catalog| Puppet::Pops::Parser::EvaluatingParser.singleton.evaluate_string(compiler.topscope, source, source_location) end end diff --git a/spec/spec_helper_local.rb b/spec/spec_helper_local.rb index fc786a6..f06b4bb 100644 --- a/spec/spec_helper_local.rb +++ b/spec/spec_helper_local.rb @@ -8,10 +8,10 @@ end require 'puppet_spec/files' RSpec.configure do |config| - config.before :each do |test| + config.before :each do |_test| base = PuppetSpec::Files.tmpdir('tmp_settings') Puppet[:vardir] = File.join(base, 'var') FileUtils.mkdir_p Puppet[:statedir] end -end
\ No newline at end of file +end diff --git a/spec/unit/provider/sshkey/parsed_spec.rb b/spec/unit/provider/sshkey/parsed_spec.rb index 38aa7f7..3e7eade 100644 --- a/spec/unit/provider/sshkey/parsed_spec.rb +++ b/spec/unit/provider/sshkey/parsed_spec.rb @@ -1,10 +1,11 @@ #! /usr/bin/env ruby require 'spec_helper' -describe "sshkey parsed provider" do +describe 'sshkey parsed provider' do + subject { provider } + let :type do Puppet::Type.type(:sshkey) end let :provider do type.provider(:parsed) end - subject { provider } after :each do subject.clear @@ -14,55 +15,56 @@ describe "sshkey parsed provider" do 'AAAAB3NzaC1yc2EAAAABIwAAAQEAzwHhxXvIrtfIwrudFqc8yQcIfMudrgpnuh1F3AV6d2BrLgu/yQE7W5UyJMUjfj427sQudRwKW45O0Jsnr33F4mUw+GIMlAAmp9g24/OcrTiB8ZUKIjoPy/cO4coxGi8/NECtRzpD/ZUPFh6OEpyOwJPMb7/EC2Az6Otw4StHdXUYw22zHazBcPFnv6zCgPx1hA7QlQDWTu4YcL0WmTYQCtMUb3FUqrcFtzGDD0ytosgwSd+JyN5vj5UwIABjnNOHPZ62EY1OFixnfqX/+dUwrFSs5tPgBF/KkC6R7tmbUfnBON6RrGEmu+ajOTOLy23qUZB4CQ53V7nyAWhzqSK+hw==' end - it "should parse the name from the first field" do - expect(subject.parse_line('test ssh-rsa '+key)[:name]).to eq("test") + it 'parses the name from the first field' do + expect(subject.parse_line('test ssh-rsa ' + key)[:name]).to eq('test') end - it "should parse the first component of the first field as the name" do - expect(subject.parse_line('test,alias ssh-rsa '+key)[:name]).to eq("test") + it 'parses the first component of the first field as the name' do + expect(subject.parse_line('test,alias ssh-rsa ' + key)[:name]).to eq('test') end - it "should parse host_aliases from the remaining components of the first field" do - expect(subject.parse_line('test,alias ssh-rsa '+key)[:host_aliases]).to eq(["alias"]) + it 'parses host_aliases from the remaining components of the first field' do + expect(subject.parse_line('test,alias ssh-rsa ' + key)[:host_aliases]).to eq(['alias']) end - it "should parse multiple host_aliases" do - expect(subject.parse_line('test,alias1,alias2,alias3 ssh-rsa '+key)[:host_aliases]).to eq(["alias1","alias2","alias3"]) + it 'parses multiple host_aliases' do + expect(subject.parse_line('test,alias1,alias2,alias3 ssh-rsa ' + key)[:host_aliases]).to eq(['alias1', 'alias2', 'alias3']) end - it "should not drop an empty host_alias" do - expect(subject.parse_line('test,alias, ssh-rsa '+key)[:host_aliases]).to eq(["alias",""]) + it 'does not drop an empty host_alias' do + expect(subject.parse_line('test,alias, ssh-rsa ' + key)[:host_aliases]).to eq(['alias', '']) end - it "should recognise when there are no host aliases" do - expect(subject.parse_line('test ssh-rsa '+key)[:host_aliases]).to eq([]) + it 'recognises when there are no host aliases' do + expect(subject.parse_line('test ssh-rsa ' + key)[:host_aliases]).to eq([]) end - context "with the sample file" do + context 'with the sample file' do ['sample', 'sample_with_blank_lines'].each do |sample_file| let :fixture do my_fixture(sample_file) end + before :each do subject.stubs(:default_target).returns(fixture) end - it "should parse to records on prefetch" do + it 'parses to records on prefetch' do expect(subject.target_records(fixture)).to be_empty subject.prefetch records = subject.target_records(fixture) expect(records).to be_an Array - expect(records).to be_all {|x| expect(x).to be_an Hash } + expect(records).to be_all { |x| expect(x).to be_an Hash } end - it "should reconstitute the file from records" do + it 'reconstitutes the file from records' do subject.prefetch records = subject.target_records(fixture) - text = subject.to_file(records).gsub(/^# HEADER.+\n/, '') + text = subject.to_file(records).gsub(%r{^# HEADER.+\n}, '') oldlines = File.readlines(fixture).map(&:chomp) newlines = text.chomp.split("\n") expect(oldlines.length).to eq(newlines.length) oldlines.zip(newlines).each do |old, new| - expect(old.gsub(/\s+/, '')).to eq(new.gsub(/\s+/, '')) + expect(old.gsub(%r{\s+}, '')).to eq(new.gsub(%r{\s+}, '')) end end end @@ -70,7 +72,7 @@ describe "sshkey parsed provider" do context 'default ssh_known_hosts target path' do ['9.10', '9.11', '10.10'].each do |version| - it 'should be `/etc/ssh_known_hosts` when OSX version 10.10 or older`' do + it 'is `/etc/ssh_known_hosts` when OSX version 10.10 or older`' do Facter.expects(:value).with(:operatingsystem).returns('Darwin') Facter.expects(:value).with(:macosx_productversion_major).returns(version) expect(subject.default_target).to eq('/etc/ssh_known_hosts') @@ -78,14 +80,14 @@ describe "sshkey parsed provider" do end ['10.11', '10.13', '11.0', '11.11'].each do |version| - it 'should be `/etc/ssh/ssh_known_hosts` when OSX version 10.11 or newer`' do + it 'is `/etc/ssh/ssh_known_hosts` when OSX version 10.11 or newer`' do Facter.expects(:value).with(:operatingsystem).returns('Darwin') Facter.expects(:value).with(:macosx_productversion_major).returns(version) expect(subject.default_target).to eq('/etc/ssh/ssh_known_hosts') end end - it 'should be `/etc/ssh/ssh_known_hosts` on other operating systems' do + it 'is `/etc/ssh/ssh_known_hosts` on other operating systems' do Facter.expects(:value).with(:operatingsystem).returns('RedHat') expect(subject.default_target).to eq('/etc/ssh/ssh_known_hosts') end diff --git a/spec/unit/type/ssh_authorized_key_spec.rb b/spec/unit/type/ssh_authorized_key_spec.rb index ae93667..bc27b64 100644 --- a/spec/unit/type/ssh_authorized_key_spec.rb +++ b/spec/unit/type/ssh_authorized_key_spec.rb @@ -1,25 +1,23 @@ #! /usr/bin/env ruby require 'spec_helper' - -describe Puppet::Type.type(:ssh_authorized_key), :unless => Puppet.features.microsoft_windows? do +describe Puppet::Type.type(:ssh_authorized_key), unless: Puppet.features.microsoft_windows? do include PuppetSpec::Files - before do - provider_class = stub 'provider_class', :name => "fake", :suitable? => true, :supports_parameter? => true + before(:each) do + provider_class = stub 'provider_class', name: 'fake', suitable?: true, supports_parameter?: true described_class.stubs(:defaultprovider).returns(provider_class) described_class.stubs(:provider).returns(provider_class) - provider = stub 'provider', :class => provider_class, :file_path => make_absolute("/tmp/whatever"), :clear => nil + provider = stub 'provider', class: provider_class, file_path: make_absolute('/tmp/whatever'), clear: nil provider_class.stubs(:new).returns(provider) end - it "has :name as its namevar" do + it 'has :name as its namevar' do expect(described_class.key_attributes).to eq [:name] end - describe "when validating attributes" do - + describe 'when validating attributes' do [:name, :provider].each do |param| it "has a #{param} parameter" do expect(described_class.attrtype(param)).to eq :param @@ -31,228 +29,202 @@ describe Puppet::Type.type(:ssh_authorized_key), :unless => Puppet.features.micr expect(described_class.attrtype(property)).to eq :property end end - end - describe "when validating values" do - - describe "for name" do - - it "supports valid names" do - described_class.new(:name => "username", :ensure => :present, :user => "nobody") - described_class.new(:name => "username@hostname", :ensure => :present, :user => "nobody") + describe 'when validating values' do + describe 'for name' do + it 'supports valid names' do + described_class.new(name: 'username', ensure: :present, user: 'nobody') + described_class.new(name: 'username@hostname', ensure: :present, user: 'nobody') end - it "supports whitespace" do - described_class.new(:name => "my test", :ensure => :present, :user => "nobody") + it 'supports whitespace' do + described_class.new(name: 'my test', ensure: :present, user: 'nobody') end - end - describe "for ensure" do - - it "supports :present" do - described_class.new(:name => "whev", :ensure => :present, :user => "nobody") + describe 'for ensure' do + it 'supports :present' do + described_class.new(name: 'whev', ensure: :present, user: 'nobody') end - it "supports :absent" do - described_class.new(:name => "whev", :ensure => :absent, :user => "nobody") + it 'supports :absent' do + described_class.new(name: 'whev', ensure: :absent, user: 'nobody') end - it "nots support other values" do - expect { described_class.new(:name => "whev", :ensure => :foo, :user => "nobody") }.to raise_error(Puppet::Error, /Invalid value/) + it 'nots support other values' do + expect { described_class.new(name: 'whev', ensure: :foo, user: 'nobody') }.to raise_error(Puppet::Error, %r{Invalid value}) end - end - describe "for type" do - + describe 'for type' do [ :'ssh-dss', :dsa, :'ssh-rsa', :rsa, :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521', - :ed25519, :'ssh-ed25519', + :ed25519, :'ssh-ed25519' ].each do |keytype| it "supports #{keytype}" do - described_class.new(:name => "whev", :type => keytype, :user => "nobody") + described_class.new(name: 'whev', type: keytype, user: 'nobody') end end - it "aliases :rsa to :ssh-rsa" do - key = described_class.new(:name => "whev", :type => :rsa, :user => "nobody") + it 'aliases :rsa to :ssh-rsa' do + key = described_class.new(name: 'whev', type: :rsa, user: 'nobody') expect(key.should(:type)).to eq :'ssh-rsa' end - it "aliases :dsa to :ssh-dss" do - key = described_class.new(:name => "whev", :type => :dsa, :user => "nobody") + it 'aliases :dsa to :ssh-dss' do + key = described_class.new(name: 'whev', type: :dsa, user: 'nobody') expect(key.should(:type)).to eq :'ssh-dss' end it "doesn't support values other than ssh-dss, ssh-rsa, dsa, rsa" do - expect { described_class.new(:name => "whev", :type => :something) }.to raise_error(Puppet::Error,/Invalid value/) + expect { described_class.new(name: 'whev', type: :something) }.to raise_error(Puppet::Error, %r{Invalid value}) end - end - describe "for key" do - - it "supports a valid key like a 1024 bit rsa key" do - expect { described_class.new(:name => "whev", :type => :rsa, :user => "nobody", :key => 'AAAAB3NzaC1yc2EAAAADAQABAAAAgQDCPfzW2ry7XvMc6E5Kj2e5fF/YofhKEvsNMUogR3PGL/HCIcBlsEjKisrY0aYgD8Ikp7ZidpXLbz5dBsmPy8hJiBWs5px9ZQrB/EOQAwXljvj69EyhEoGawmxQMtYw+OAIKHLJYRuk1QiHAMHLp5piqem8ZCV2mLb9AsJ6f7zUVw==')}.to_not raise_error + describe 'for key' do + it 'supports a valid key like a 1024 bit rsa key' do + expect { described_class.new(name: 'whev', type: :rsa, user: 'nobody', key: 'AAAAB3NzaC1yc2EAAAADAQABAAAAgQDCPfzW2ry7XvMc6E5Kj2e5fF/YofhKEvsNMUogR3PGL/HCIcBlsEjKisrY0aYgD8Ikp7ZidpXLbz5dBsmPy8hJiBWs5px9ZQrB/EOQAwXljvj69EyhEoGawmxQMtYw+OAIKHLJYRuk1QiHAMHLp5piqem8ZCV2mLb9AsJ6f7zUVw==') }.not_to raise_error end - it "supports a valid key like a 4096 bit rsa key" do - expect { described_class.new(:name => "whev", :type => :rsa, :user => "nobody", :key => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQDEY4pZFyzSfRc9wVWI3DfkgT/EL033UZm/7x1M+d+lBD00qcpkZ6CPT7lD3Z+vylQlJ5S8Wcw6C5Smt6okZWY2WXA9RCjNJMIHQbJAzwuQwgnwU/1VMy9YPp0tNVslg0sUUgpXb13WW4mYhwxyGmIVLJnUrjrQmIFhtfHsJAH8ZVqCWaxKgzUoC/YIu1u1ScH93lEdoBPLlwm6J0aiM7KWXRb7Oq1nEDZtug1zpX5lhgkQWrs0BwceqpUbY+n9sqeHU5e7DCyX/yEIzoPRW2fe2Gx1Iq6JKM/5NNlFfaW8rGxh3Z3S1NpzPHTRjw8js3IeGiV+OPFoaTtM1LsWgPDSBlzIdyTbSQR7gKh0qWYCNV/7qILEfa0yIFB5wIo4667iSPZw2pNgESVtenm8uXyoJdk8iWQ4mecdoposV/znknNb2GPgH+n/2vme4btZ0Sl1A6rev22GQjVgbWOn8zaDglJ2vgCN1UAwmq41RXprPxENGeLnWQppTnibhsngu0VFllZR5kvSIMlekLRSOFLFt92vfd+tk9hZIiKm9exxcbVCGGQPsf6dZ27rTOmg0xM2Sm4J6RRKuz79HQgA4Eg18+bqRP7j/itb89DmtXEtoZFAsEJw8IgIfeGGDtHTkfAlAC92mtK8byeaxGq57XCTKbO/r5gcOMElZHy1AcB8kw==')}.to_not raise_error + it 'supports a valid key like a 4096 bit rsa key' do + expect { described_class.new(name: 'whev', type: :rsa, user: 'nobody', key: 'AAAAB3NzaC1yc2EAAAADAQABAAACAQDEY4pZFyzSfRc9wVWI3DfkgT/EL033UZm/7x1M+d+lBD00qcpkZ6CPT7lD3Z+vylQlJ5S8Wcw6C5Smt6okZWY2WXA9RCjNJMIHQbJAzwuQwgnwU/1VMy9YPp0tNVslg0sUUgpXb13WW4mYhwxyGmIVLJnUrjrQmIFhtfHsJAH8ZVqCWaxKgzUoC/YIu1u1ScH93lEdoBPLlwm6J0aiM7KWXRb7Oq1nEDZtug1zpX5lhgkQWrs0BwceqpUbY+n9sqeHU5e7DCyX/yEIzoPRW2fe2Gx1Iq6JKM/5NNlFfaW8rGxh3Z3S1NpzPHTRjw8js3IeGiV+OPFoaTtM1LsWgPDSBlzIdyTbSQR7gKh0qWYCNV/7qILEfa0yIFB5wIo4667iSPZw2pNgESVtenm8uXyoJdk8iWQ4mecdoposV/znknNb2GPgH+n/2vme4btZ0Sl1A6rev22GQjVgbWOn8zaDglJ2vgCN1UAwmq41RXprPxENGeLnWQppTnibhsngu0VFllZR5kvSIMlekLRSOFLFt92vfd+tk9hZIiKm9exxcbVCGGQPsf6dZ27rTOmg0xM2Sm4J6RRKuz79HQgA4Eg18+bqRP7j/itb89DmtXEtoZFAsEJw8IgIfeGGDtHTkfAlAC92mtK8byeaxGq57XCTKbO/r5gcOMElZHy1AcB8kw==') }.not_to raise_error end - it "supports a valid key like a 1024 bit dsa key" do - expect { described_class.new(:name => "whev", :type => :dsa, :user => "nobody", :key => 'AAAAB3NzaC1kc3MAAACBAI80iR78QCgpO4WabVqHHdEDigOjUEHwIjYHIubR/7u7DYrXY+e+TUmZ0CVGkiwB/0yLHK5dix3Y/bpj8ZiWCIhFeunnXccOdE4rq5sT2V3l1p6WP33RpyVYbLmeuHHl5VQ1CecMlca24nHhKpfh6TO/FIwkMjghHBfJIhXK+0w/AAAAFQDYzLupuMY5uz+GVrcP+Kgd8YqMmwAAAIB3SVN71whLWjFPNTqGyyIlMy50624UfNOaH4REwO+Of3wm/cE6eP8n75vzTwQGBpJX3BPaBGW1S1Zp/DpTOxhCSAwZzAwyf4WgW7YyAOdxN3EwTDJZeyiyjWMAOjW9/AOWt9gtKg0kqaylbMHD4kfiIhBzo31ZY81twUzAfN7angAAAIBfva8sTSDUGKsWWIXkdbVdvM4X14K4gFdy0ZJVzaVOtZ6alysW6UQypnsl6jfnbKvsZ0tFgvcX/CPyqNY/gMR9lyh/TCZ4XQcbqeqYPuceGehz+jL5vArfqsW2fJYFzgCcklmr/VxtP5h6J/T0c9YcDgc/xIfWdZAlznOnphI/FA==')}.to_not raise_error + it 'supports a valid key like a 1024 bit dsa key' do + expect { described_class.new(name: 'whev', type: :dsa, user: 'nobody', key: 'AAAAB3NzaC1kc3MAAACBAI80iR78QCgpO4WabVqHHdEDigOjUEHwIjYHIubR/7u7DYrXY+e+TUmZ0CVGkiwB/0yLHK5dix3Y/bpj8ZiWCIhFeunnXccOdE4rq5sT2V3l1p6WP33RpyVYbLmeuHHl5VQ1CecMlca24nHhKpfh6TO/FIwkMjghHBfJIhXK+0w/AAAAFQDYzLupuMY5uz+GVrcP+Kgd8YqMmwAAAIB3SVN71whLWjFPNTqGyyIlMy50624UfNOaH4REwO+Of3wm/cE6eP8n75vzTwQGBpJX3BPaBGW1S1Zp/DpTOxhCSAwZzAwyf4WgW7YyAOdxN3EwTDJZeyiyjWMAOjW9/AOWt9gtKg0kqaylbMHD4kfiIhBzo31ZY81twUzAfN7angAAAIBfva8sTSDUGKsWWIXkdbVdvM4X14K4gFdy0ZJVzaVOtZ6alysW6UQypnsl6jfnbKvsZ0tFgvcX/CPyqNY/gMR9lyh/TCZ4XQcbqeqYPuceGehz+jL5vArfqsW2fJYFzgCcklmr/VxtP5h6J/T0c9YcDgc/xIfWdZAlznOnphI/FA==') }.not_to raise_error end it "doesn't support whitespaces" do - expect { described_class.new(:name => "whev", :type => :rsa, :user => "nobody", :key => 'AAA FA==')}.to raise_error(Puppet::Error,/Key must not contain whitespace/) + expect { described_class.new(name: 'whev', type: :rsa, user: 'nobody', key: 'AAA FA==') }.to raise_error(Puppet::Error, %r{Key must not contain whitespace}) end - end - describe "for options" do - - it "supports flags as options" do - expect { described_class.new(:name => "whev", :type => :rsa, :user => "nobody", :options => 'cert-authority')}.to_not raise_error - expect { described_class.new(:name => "whev", :type => :rsa, :user => "nobody", :options => 'no-port-forwarding')}.to_not raise_error + describe 'for options' do + it 'supports flags as options' do + expect { described_class.new(name: 'whev', type: :rsa, user: 'nobody', options: 'cert-authority') }.not_to raise_error + expect { described_class.new(name: 'whev', type: :rsa, user: 'nobody', options: 'no-port-forwarding') }.not_to raise_error end - it "supports key-value pairs as options" do - expect { described_class.new(:name => "whev", :type => :rsa, :user => "nobody", :options => 'command="command"')}.to_not raise_error + it 'supports key-value pairs as options' do + expect { described_class.new(name: 'whev', type: :rsa, user: 'nobody', options: 'command="command"') }.not_to raise_error end - it "supports key-value pairs where value consist of multiple items" do - expect { described_class.new(:name => "whev", :type => :rsa, :user => "nobody", :options => 'from="*.domain1,host1.domain2"')}.to_not raise_error + it 'supports key-value pairs where value consist of multiple items' do + expect { described_class.new(name: 'whev', type: :rsa, user: 'nobody', options: 'from="*.domain1,host1.domain2"') }.not_to raise_error end - it "supports environments as options" do - expect { described_class.new(:name => "whev", :type => :rsa, :user => "nobody", :options => 'environment="NAME=value"')}.to_not raise_error + it 'supports environments as options' do + expect { described_class.new(name: 'whev', type: :rsa, user: 'nobody', options: 'environment="NAME=value"') }.not_to raise_error end - it "supports multiple options as an array" do - expect { described_class.new(:name => "whev", :type => :rsa, :user => "nobody", :options => ['cert-authority','environment="NAME=value"'])}.to_not raise_error + it 'supports multiple options as an array' do + expect { described_class.new(name: 'whev', type: :rsa, user: 'nobody', options: ['cert-authority', 'environment="NAME=value"']) }.not_to raise_error end it "doesn't support a comma separated list" do - expect { described_class.new(:name => "whev", :type => :rsa, :user => "nobody", :options => 'cert-authority,no-port-forwarding')}.to raise_error(Puppet::Error, /must be provided as an array/) + expect { described_class.new(name: 'whev', type: :rsa, user: 'nobody', options: 'cert-authority,no-port-forwarding') }.to raise_error(Puppet::Error, %r{must be provided as an array}) end - it "uses :absent as a default value" do - expect(described_class.new(:name => "whev", :type => :rsa, :user => "nobody").should(:options)).to eq [:absent] + it 'uses :absent as a default value' do + expect(described_class.new(name: 'whev', type: :rsa, user: 'nobody').should(:options)).to eq [:absent] end - it "property should return well formed string of arrays from is_to_s" do - resource = described_class.new(:name => "whev", :type => :rsa, :user => "nobody", :options => ["a","b","c"]) - expect(resource.property(:options).is_to_s(["a","b","c"])).to eq "['a', 'b', 'c']" + it 'property should return well formed string of arrays from is_to_s' do + resource = described_class.new(name: 'whev', type: :rsa, user: 'nobody', options: ['a', 'b', 'c']) + expect(resource.property(:options).is_to_s(['a', 'b', 'c'])).to eq "['a', 'b', 'c']" end - it "property should return well formed string of arrays from should_to_s" do - resource = described_class.new(:name => "whev", :type => :rsa, :user => "nobody", :options => ["a","b","c"]) - expect(resource.property(:options).should_to_s(["a","b","c"])).to eq "['a', 'b', 'c']" + it 'property should return well formed string of arrays from should_to_s' do + resource = described_class.new(name: 'whev', type: :rsa, user: 'nobody', options: ['a', 'b', 'c']) + expect(resource.property(:options).should_to_s(['a', 'b', 'c'])).to eq "['a', 'b', 'c']" end - end - describe "for user" do - - it "supports present users" do - described_class.new(:name => "whev", :type => :rsa, :user => "root") + describe 'for user' do + it 'supports present users' do + described_class.new(name: 'whev', type: :rsa, user: 'root') end - it "supports absent users" do - described_class.new(:name => "whev", :type => :rsa, :user => "ihopeimabsent") + it 'supports absent users' do + described_class.new(name: 'whev', type: :rsa, user: 'ihopeimabsent') end - end - describe "for target" do - - it "supports absolute paths" do - described_class.new(:name => "whev", :type => :rsa, :target => "/tmp/here") + describe 'for target' do + it 'supports absolute paths' do + described_class.new(name: 'whev', type: :rsa, target: '/tmp/here') end it "uses the user's path if not explicitly specified" do - expect(described_class.new(:name => "whev", :user => 'root').should(:target)).to eq File.expand_path("~root/.ssh/authorized_keys") + expect(described_class.new(name: 'whev', user: 'root').should(:target)).to eq File.expand_path('~root/.ssh/authorized_keys') end it "doesn't consider the user's path if explicitly specified" do - expect(described_class.new(:name => "whev", :user => 'root', :target => '/tmp/here').should(:target)).to eq '/tmp/here' + expect(described_class.new(name: 'whev', user: 'root', target: '/tmp/here').should(:target)).to eq '/tmp/here' end - it "informs about an absent user" do + it 'informs about an absent user' do Puppet::Log.level = :debug - described_class.new(:name => "whev", :user => 'idontexist').should(:target) - expect(@logs.map(&:message)).to include("The required user is not yet present on the system") + described_class.new(name: 'whev', user: 'idontexist').should(:target) + expect(@logs.map(&:message)).to include('The required user is not yet present on the system') end - end - end - describe "when neither user nor target is specified" do - - it "raises an error" do - expect do + describe 'when neither user nor target is specified' do + it 'raises an error' do + expect { described_class.new( - :name => "Test", - :key => "AAA", - :type => "ssh-rsa", - :ensure => :present) - end.to raise_error(Puppet::Error,/user.*or.*target.*mandatory/) + name: 'Test', + key: 'AAA', + type: 'ssh-rsa', + ensure: :present, + ) + }.to raise_error(Puppet::Error, %r{user.*or.*target.*mandatory}) end - end - describe "when both target and user are specified" do - - it "uses target" do + describe 'when both target and user are specified' do + it 'uses target' do resource = described_class.new( - :name => "Test", - :user => "root", - :target => "/tmp/blah" + name: 'Test', + user: 'root', + target: '/tmp/blah', ) - expect(resource.should(:target)).to eq "/tmp/blah" + expect(resource.should(:target)).to eq '/tmp/blah' end - end - - describe "when user is specified" do - - it "determines target" do + describe 'when user is specified' do + it 'determines target' do resource = described_class.new( - :name => "Test", - :user => "root" + name: 'Test', + user: 'root', ) - target = File.expand_path("~root/.ssh/authorized_keys") + target = File.expand_path('~root/.ssh/authorized_keys') expect(resource.should(:target)).to eq target end # Bug #2124 - ssh_authorized_key always changes target if target is not defined it "doesn't raise spurious change events" do - resource = described_class.new(:name => "Test", :user => "root") - target = File.expand_path("~root/.ssh/authorized_keys") + resource = described_class.new(name: 'Test', user: 'root') + target = File.expand_path('~root/.ssh/authorized_keys') expect(resource.property(:target).safe_insync?(target)).to eq true end - end - describe "when calling validate" do - + describe 'when calling validate' do it "doesn't crash on a non-existent user" do resource = described_class.new( - :name => "Test", - :user => "ihopesuchuserdoesnotexist" + name: 'Test', + user: 'ihopesuchuserdoesnotexist', ) resource.validate end - end - end diff --git a/spec/unit/type/sshkey_spec.rb b/spec/unit/type/sshkey_spec.rb index d16e595..af3b677 100644 --- a/spec/unit/type/sshkey_spec.rb +++ b/spec/unit/type/sshkey_spec.rb @@ -1,14 +1,12 @@ #! /usr/bin/env ruby require 'spec_helper' - describe Puppet::Type.type(:sshkey) do - - it "uses :name as its namevar" do + it 'uses :name as its namevar' do expect(described_class.key_attributes).to eq [:name] end - describe "when validating attributes" do + describe 'when validating attributes' do [:name, :provider].each do |param| it "has a #{param} parameter" do expect(described_class.attrtype(param)).to eq :param @@ -22,56 +20,54 @@ describe Puppet::Type.type(:sshkey) do end end - describe "when validating values" do - + describe 'when validating values' do [ :'ssh-dss', :dsa, :'ssh-rsa', :rsa, :'ecdsa-sha2-nistp256', :'ecdsa-sha2-nistp384', :'ecdsa-sha2-nistp521', - :'ssh-ed25519', :ed25519, + :'ssh-ed25519', :ed25519 ].each do |keytype| it "supports #{keytype} as a type value" do - described_class.new(:name => "foo", :type => keytype) + described_class.new(name: 'foo', type: keytype) end end - it "aliases :rsa to :ssh-rsa" do - key = described_class.new(:name => "foo", :type => :rsa) + it 'aliases :rsa to :ssh-rsa' do + key = described_class.new(name: 'foo', type: :rsa) expect(key.should(:type)).to eq :'ssh-rsa' end - it "aliases :dsa to :ssh-dss" do - key = described_class.new(:name => "foo", :type => :dsa) + it 'aliases :dsa to :ssh-dss' do + key = described_class.new(name: 'foo', type: :dsa) expect(key.should(:type)).to eq :'ssh-dss' end it "doesn't support values other than ssh-dss, ssh-rsa, dsa, rsa for type" do expect { - described_class.new(:name => "whev", :type => :'ssh-dsa') - }.to raise_error(Puppet::Error, /Invalid value.*ssh-dsa/) + described_class.new(name: 'whev', type: :'ssh-dsa') + }.to raise_error(Puppet::Error, %r{Invalid value.*ssh-dsa}) end - it "accepts one host_alias" do - described_class.new(:name => "foo", :host_aliases => 'foo.bar.tld') + it 'accepts one host_alias' do + described_class.new(name: 'foo', host_aliases: 'foo.bar.tld') end - it "accepts multiple host_aliases as an array" do - described_class.new(:name => "foo", :host_aliases => ['foo.bar.tld','10.0.9.9']) + it 'accepts multiple host_aliases as an array' do + described_class.new(name: 'foo', host_aliases: ['foo.bar.tld', '10.0.9.9']) end it "doesn't accept spaces in any host_alias" do expect { - described_class.new(:name => "foo", :host_aliases => ['foo.bar.tld','foo bar']) - }.to raise_error(Puppet::Error, /cannot include whitespace/) + described_class.new(name: 'foo', host_aliases: ['foo.bar.tld', 'foo bar']) + }.to raise_error(Puppet::Error, %r{cannot include whitespace}) end it "doesn't accept aliases in the resourcename" do expect { - described_class.new(:name => 'host,host.domain,ip') - }.to raise_error(Puppet::Error, /No comma in resourcename/) + described_class.new(name: 'host,host.domain,ip') + }.to raise_error(Puppet::Error, %r{No comma in resourcename}) end - end end |