openstack/puppet-tripleo
Code Issues Proposed changes

ssh: allow to configure PasswordAuthentication

Browse Source 
Allow to override the default PasswordAuthentication parameter (default
is 'no').

Change-Id: I88b24c82fb3cf2309f45d5d447a9b0c403da7fc9
Related-Bug: #1772519
This commit is contained in:
Emilien Macchi 2018-06-01 20:36:55 -07:00
parent b850135279
commit 17c1c2ee6d
2 changed files with 23 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
manifests/profile/base/sshd.pp
View File

@ -36,11 +36,16 @@
# SSH port or list of ports to bind to # SSH port or list of ports to bind to
# Defaults to [22] # Defaults to [22]
# [*password_authentication*]
# Whether or not disable password authentication
# Defaults to 'no'
class tripleo::profile::base::sshd ( class tripleo::profile::base::sshd (
$bannertext = hiera('BannerText', undef), $bannertext = hiera('BannerText', undef),
$motd = hiera('MOTD', undef), $motd = hiera('MOTD', undef),
$options = {}, $options = {},
$port = [22], $port = [22],
$password_authentication = 'no',
) { ) {
if $bannertext and $bannertext != '' { if $bannertext and $bannertext != '' {
@ -88,12 +93,17 @@ class tripleo::profile::base::sshd (
] ]
} }
$password_auth_options = {
'PasswordAuthentication' => $password_authentication
}
$sshd_options = merge( $sshd_options = merge(
$options, $options,
$basic_options, $basic_options,
$sshd_options_banner, $sshd_options_banner,
$sshd_options_motd, $sshd_options_motd,
$sshd_options_port $sshd_options_port,
$password_auth_options,
) )
# NB (owalsh) in puppet-ssh hiera takes precedence over the class param # NB (owalsh) in puppet-ssh hiera takes precedence over the class param

14
spec/classes/tripleo_profile_base_sshd_spec.rb
View File

@ -33,6 +33,7 @@ describe 'tripleo::profile::base::sshd' do
'/etc/ssh/ssh_host_ecdsa_key', '/etc/ssh/ssh_host_ecdsa_key',
'/etc/ssh/ssh_host_ed25519_key', '/etc/ssh/ssh_host_ed25519_key',
], ],
'PasswordAuthentication' => 'no',
} }
}) })
is_expected.to_not contain_file('/etc/issue') is_expected.to_not contain_file('/etc/issue')
@ -53,6 +54,7 @@ describe 'tripleo::profile::base::sshd' do
'/etc/ssh/ssh_host_ecdsa_key', '/etc/ssh/ssh_host_ecdsa_key',
'/etc/ssh/ssh_host_ed25519_key', '/etc/ssh/ssh_host_ed25519_key',
], ],
'PasswordAuthentication' => 'no',
} }
}) })
is_expected.to_not contain_file('/etc/issue') is_expected.to_not contain_file('/etc/issue')
@ -61,8 +63,8 @@ describe 'tripleo::profile::base::sshd' do
end end
end end
context 'with port configured' do context 'with port and paswword_authentification configured' do
let(:params) {{ :port => 123 }} let(:params) {{ :port => 123, :password_authentication => 'yes' }}
it do it do
is_expected.to contain_class('ssh::server').with({ is_expected.to contain_class('ssh::server').with({
'storeconfigs_enabled' => false, 'storeconfigs_enabled' => false,
@ -73,6 +75,7 @@ describe 'tripleo::profile::base::sshd' do
'/etc/ssh/ssh_host_ecdsa_key', '/etc/ssh/ssh_host_ecdsa_key',
'/etc/ssh/ssh_host_ed25519_key', '/etc/ssh/ssh_host_ed25519_key',
], ],
'PasswordAuthentication' => 'yes',
} }
}) })
end end
@ -90,6 +93,7 @@ describe 'tripleo::profile::base::sshd' do
'/etc/ssh/ssh_host_ecdsa_key', '/etc/ssh/ssh_host_ecdsa_key',
'/etc/ssh/ssh_host_ed25519_key', '/etc/ssh/ssh_host_ed25519_key',
], ],
'PasswordAuthentication' => 'no',
} }
}) })
end end
@ -107,6 +111,7 @@ describe 'tripleo::profile::base::sshd' do
'/etc/ssh/ssh_host_ecdsa_key', '/etc/ssh/ssh_host_ecdsa_key',
'/etc/ssh/ssh_host_ed25519_key', '/etc/ssh/ssh_host_ed25519_key',
], ],
'PasswordAuthentication' => 'no',
} }
}) })
end end
@ -125,6 +130,7 @@ describe 'tripleo::profile::base::sshd' do
'/etc/ssh/ssh_host_ecdsa_key', '/etc/ssh/ssh_host_ecdsa_key',
'/etc/ssh/ssh_host_ed25519_key', '/etc/ssh/ssh_host_ed25519_key',
], ],
'PasswordAuthentication' => 'no',
} }
}) })
is_expected.to contain_file('/etc/issue').with({ is_expected.to contain_file('/etc/issue').with({
@ -156,6 +162,7 @@ describe 'tripleo::profile::base::sshd' do
'/etc/ssh/ssh_host_ecdsa_key', '/etc/ssh/ssh_host_ecdsa_key',
'/etc/ssh/ssh_host_ed25519_key', '/etc/ssh/ssh_host_ed25519_key',
], ],
'PasswordAuthentication' => 'no',
} }
}) })
is_expected.to contain_file('/etc/motd').with({ is_expected.to contain_file('/etc/motd').with({
@ -182,6 +189,7 @@ describe 'tripleo::profile::base::sshd' do
'/etc/ssh/ssh_host_ecdsa_key', '/etc/ssh/ssh_host_ecdsa_key',
'/etc/ssh/ssh_host_ed25519_key', '/etc/ssh/ssh_host_ed25519_key',
], ],
'PasswordAuthentication' => 'no',
} }
}) })
is_expected.to_not contain_file('/etc/motd') is_expected.to_not contain_file('/etc/motd')
@ -207,6 +215,7 @@ describe 'tripleo::profile::base::sshd' do
'/etc/ssh/ssh_host_ecdsa_key', '/etc/ssh/ssh_host_ecdsa_key',
'/etc/ssh/ssh_host_ed25519_key', '/etc/ssh/ssh_host_ed25519_key',
], ],
'PasswordAuthentication' => 'no',
} }
}) })
is_expected.to contain_file('/etc/motd').with({ is_expected.to contain_file('/etc/motd').with({
@ -253,6 +262,7 @@ describe 'tripleo::profile::base::sshd' do
'/etc/ssh/ssh_host_ecdsa_key', '/etc/ssh/ssh_host_ecdsa_key',
'/etc/ssh/ssh_host_ed25519_key', '/etc/ssh/ssh_host_ed25519_key',
], ],
'PasswordAuthentication' => 'no',
} }
}) })
is_expected.to contain_file('/etc/motd').with({ is_expected.to contain_file('/etc/motd').with({