openstack/puppet-tripleo
Code Issues Proposed changes

ssh: allow to configure PasswordAuthentication

Browse Source 
Allow to override the default PasswordAuthentication parameter (default
is 'no').

Change-Id: I88b24c82fb3cf2309f45d5d447a9b0c403da7fc9
Related-Bug: #1772519
This commit is contained in:
Emilien Macchi 2018-06-01 20:36:55 -07:00
parent b850135279
commit 17c1c2ee6d
2 changed files with 23 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
manifests/profile/base/sshd.pp
View File

@ -36,11 +36,16 @@
# SSH port or list of ports to bind to
# Defaults to [22]
# [*password_authentication*]
# Whether or not disable password authentication
# Defaults to 'no'
class tripleo::profile::base::sshd (
$bannertext = hiera('BannerText', undef),
$motd = hiera('MOTD', undef),
$options = {},
$port = [22],
$password_authentication = 'no',
) {
if $bannertext and $bannertext != '' {
@ -88,12 +93,17 @@ class tripleo::profile::base::sshd (
]
}
$password_auth_options = {
'PasswordAuthentication' => $password_authentication
}
$sshd_options = merge(
$options,
$basic_options,
$sshd_options_banner,
$sshd_options_motd,
$sshd_options_port
$sshd_options_port,
$password_auth_options,
)
# NB (owalsh) in puppet-ssh hiera takes precedence over the class param

14
spec/classes/tripleo_profile_base_sshd_spec.rb
View File

@ -33,6 +33,7 @@ describe 'tripleo::profile::base::sshd' do
'/etc/ssh/ssh_host_ecdsa_key',
'/etc/ssh/ssh_host_ed25519_key',
],
'PasswordAuthentication' => 'no',
}
})
is_expected.to_not contain_file('/etc/issue')
@ -53,6 +54,7 @@ describe 'tripleo::profile::base::sshd' do
'/etc/ssh/ssh_host_ecdsa_key',
'/etc/ssh/ssh_host_ed25519_key',
],
'PasswordAuthentication' => 'no',
}
})
is_expected.to_not contain_file('/etc/issue')
@ -61,8 +63,8 @@ describe 'tripleo::profile::base::sshd' do
end
end
context 'with port configured' do
let(:params) {{ :port => 123 }}
context 'with port and paswword_authentification configured' do
let(:params) {{ :port => 123, :password_authentication => 'yes' }}
it do
is_expected.to contain_class('ssh::server').with({
'storeconfigs_enabled' => false,
@ -73,6 +75,7 @@ describe 'tripleo::profile::base::sshd' do
'/etc/ssh/ssh_host_ecdsa_key',
'/etc/ssh/ssh_host_ed25519_key',
],
'PasswordAuthentication' => 'yes',
}
})
end
@ -90,6 +93,7 @@ describe 'tripleo::profile::base::sshd' do
'/etc/ssh/ssh_host_ecdsa_key',
'/etc/ssh/ssh_host_ed25519_key',
],
'PasswordAuthentication' => 'no',
}
})
end
@ -107,6 +111,7 @@ describe 'tripleo::profile::base::sshd' do
'/etc/ssh/ssh_host_ecdsa_key',
'/etc/ssh/ssh_host_ed25519_key',
],
'PasswordAuthentication' => 'no',
}
})
end
@ -125,6 +130,7 @@ describe 'tripleo::profile::base::sshd' do
'/etc/ssh/ssh_host_ecdsa_key',
'/etc/ssh/ssh_host_ed25519_key',
],
'PasswordAuthentication' => 'no',
}
})
is_expected.to contain_file('/etc/issue').with({
@ -156,6 +162,7 @@ describe 'tripleo::profile::base::sshd' do
'/etc/ssh/ssh_host_ecdsa_key',
'/etc/ssh/ssh_host_ed25519_key',
],
'PasswordAuthentication' => 'no',
}
})
is_expected.to contain_file('/etc/motd').with({
@ -182,6 +189,7 @@ describe 'tripleo::profile::base::sshd' do
'/etc/ssh/ssh_host_ecdsa_key',
'/etc/ssh/ssh_host_ed25519_key',
],
'PasswordAuthentication' => 'no',
}
})
is_expected.to_not contain_file('/etc/motd')
@ -207,6 +215,7 @@ describe 'tripleo::profile::base::sshd' do
'/etc/ssh/ssh_host_ecdsa_key',
'/etc/ssh/ssh_host_ed25519_key',
],
'PasswordAuthentication' => 'no',
}
})
is_expected.to contain_file('/etc/motd').with({
@ -253,6 +262,7 @@ describe 'tripleo::profile::base::sshd' do
'/etc/ssh/ssh_host_ecdsa_key',
'/etc/ssh/ssh_host_ed25519_key',
],
'PasswordAuthentication' => 'no',
}
})
is_expected.to contain_file('/etc/motd').with({