Merge "nova-migration-target: Remove redundant options from match block"

2022-07-03 09:43:45 +00:00 · 2022-07-03 09:43:45 +00:00 · c0b9142cd3
parent 9d09f9487d 36c3ad485e
commit c0b9142cd3
2 changed files with 11 additions and 27 deletions
--- a/manifests/profile/base/nova/migration/target.pp
+++ b/manifests/profile/base/nova/migration/target.pp
@ -44,27 +44,19 @@ class tripleo::profile::base::nova::migration::target (

  if $step >= 4 {
    if !empty($ssh_authorized_keys_real) {
-      $allow_type = 'User'
-      $allow_name = 'nova_migration'
-
-      ssh::server::match_block { 'nova_migration allow':
-        name    => $allow_name,
-        type    => $allow_type,
+      ssh::server::match_block { 'nova_migration':
+        name    => 'nova_migration',
+        type    => 'User',
        order   => 1,
        options => {
-          'AllowUsers'             => $allow_name,
-          'ForceCommand'           => $wrapper_command,
-          'PasswordAuthentication' => 'no',
-          'AllowTcpForwarding'     => 'no',
-          'X11Forwarding'          => 'no',
-          'AuthorizedKeysFile'     => '/etc/nova/migration/authorized_keys'
+          'ForceCommand'       => $wrapper_command,
+          'AuthorizedKeysFile' => '/etc/nova/migration/authorized_keys'
        },
        notify  => Service['sshd']
      }

      $migration_authorized_keys = $ssh_authorized_keys_real
      $migration_user_shell = '/bin/bash'
-
    }
    else {
      # Remove the keys and prevent login when migration over SSH is not enabled
--- a/spec/classes/tripleo_profile_base_nova_migration_target_spec.rb
+++ b/spec/classes/tripleo_profile_base_nova_migration_target_spec.rb
@ -91,16 +91,12 @@ eos

      it {
        is_expected.to contain_class('tripleo::profile::base::nova::migration')
-        is_expected.to contain_ssh__server__match_block('nova_migration allow').with(
+        is_expected.to contain_ssh__server__match_block('nova_migration').with(
          :type  => 'User',
          :name  => 'nova_migration',
          :options => {
-            'AllowUsers'             => 'nova_migration',
-            'ForceCommand'           => '/bin/nova-migration-wrapper',
-            'PasswordAuthentication' => 'no',
-            'AllowTcpForwarding'     => 'no',
-            'X11Forwarding'          => 'no',
-            'AuthorizedKeysFile'     => '/etc/nova/migration/authorized_keys'
+            'ForceCommand'       => '/bin/nova-migration-wrapper',
+            'AuthorizedKeysFile' => '/etc/nova/migration/authorized_keys'
          }
        )
        is_expected.to contain_file('/etc/nova/migration/authorized_keys').with(
@ -136,16 +132,12 @@ eos

      it {
        is_expected.to contain_class('tripleo::profile::base::nova::migration')
-        is_expected.to contain_ssh__server__match_block('nova_migration allow').with(
+        is_expected.to contain_ssh__server__match_block('nova_migration').with(
          :type  => 'User',
          :name  => 'nova_migration',
          :options => {
-            'AllowUsers'             => 'nova_migration',
-            'ForceCommand'           => '/bin/true',
-            'PasswordAuthentication' => 'no',
-            'AllowTcpForwarding'     => 'no',
-            'X11Forwarding'          => 'no',
-            'AuthorizedKeysFile'     => '/etc/nova/migration/authorized_keys'
+            'ForceCommand'       => '/bin/true',
+            'AuthorizedKeysFile' => '/etc/nova/migration/authorized_keys'
          }
        )
        is_expected.to contain_file('/etc/nova/migration/authorized_keys').with(