openstack
/
puppet-tripleo
Code Issues Proposed changes

Merge "sshd: Remove unused implementation to set up MOTD/Banner"

This commit is contained in:
Zuul 2022-05-26 01:13:14 +00:00 committed by Gerrit Code Review
parent e3e6e01c84 8957210988
commit c4ae87357a
2 changed files with 3 additions and 223 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
manifests/profile/base/sshd.pp
View File

@ -19,14 +19,6 @@
#
# === Parameters
#
# [*bannertext*]
# The text used within /etc/issue and /etc/issue.net
# Defaults to lookup('BannerText', undef, undef, undef)
#
# [*motd*]
# The text used within SSH Banner
# Defaults to lookup('MOTD', undef, undef, undef)
#
# [*options*]
# Hash of SSHD options to set. See the puppet-ssh module documentation for
# details.
@ -41,42 +33,11 @@
# Defaults to 'no'
class tripleo::profile::base::sshd (
$bannertext = lookup('BannerText', undef, undef, undef),
$motd = lookup('MOTD', undef, undef, undef),
$options = {},
$port = [22],
$password_authentication = 'no',
) {
if $bannertext and $bannertext != '' {
$sshd_options_banner = {'Banner' => '/etc/issue.net'}
$filelist = [ '/etc/issue', '/etc/issue.net', ]
file { $filelist:
ensure => file,
backup => false,
content => $bannertext,
owner => 'root',
group => 'root',
mode => '0644'
}
} else {
$sshd_options_banner = {}
}
if $motd and $motd != '' {
$sshd_options_motd = {'PrintMotd' => 'yes'}
file { '/etc/motd':
ensure => file,
backup => false,
content => $motd,
owner => 'root',
group => 'root',
mode => '0644'
}
} else {
$sshd_options_motd = {}
}
if $options['Port'] {
$sshd_options_port = {'Port' => unique(concat(any2array($options['Port']), $port))}
}
@ -87,9 +48,9 @@ class tripleo::profile::base::sshd (
# Prevent error messages on sshd startup
$basic_options = {
'HostKey' => [
'/etc/ssh/ssh_host_rsa_key',
'/etc/ssh/ssh_host_ecdsa_key',
'/etc/ssh/ssh_host_ed25519_key',
'/etc/ssh/ssh_host_rsa_key',
'/etc/ssh/ssh_host_ecdsa_key',
'/etc/ssh/ssh_host_ed25519_key',
]
}
@ -100,8 +61,6 @@ class tripleo::profile::base::sshd (
$sshd_options = merge(
$options,
$basic_options,
$sshd_options_banner,
$sshd_options_motd,
$sshd_options_port,
$password_auth_options,
)

179
spec/classes/tripleo_profile_base_sshd_spec.rb
View File

@ -37,31 +37,6 @@ describe 'tripleo::profile::base::sshd' do
},
'client_options' => {},
})
is_expected.to_not contain_file('/etc/issue')
is_expected.to_not contain_file('/etc/issue.net')
is_expected.to_not contain_file('/etc/motd')
end
end
context 'it should do nothing with empty strings' do
let(:params) {{ :bannertext => '', :motd => '' }}
it do
is_expected.to contain_class('ssh').with({
'storeconfigs_enabled' => false,
'server_options' => {
'Port' => [22],
'HostKey' => [
'/etc/ssh/ssh_host_rsa_key',
'/etc/ssh/ssh_host_ecdsa_key',
'/etc/ssh/ssh_host_ed25519_key',
],
'PasswordAuthentication' => 'no',
},
'client_options' => {},
})
is_expected.to_not contain_file('/etc/issue')
is_expected.to_not contain_file('/etc/issue.net')
is_expected.to_not contain_file('/etc/motd')
end
end
@ -122,67 +97,6 @@ describe 'tripleo::profile::base::sshd' do
end
end
context 'with issue and issue.net configured' do
let(:params) {{ :bannertext => 'foo' }}
it do
is_expected.to contain_class('ssh').with({
'storeconfigs_enabled' => false,
'server_options' => {
'Banner' => '/etc/issue.net',
'Port' => [22],
'HostKey' => [
'/etc/ssh/ssh_host_rsa_key',
'/etc/ssh/ssh_host_ecdsa_key',
'/etc/ssh/ssh_host_ed25519_key',
],
'PasswordAuthentication' => 'no',
},
'client_options' => {},
})
is_expected.to contain_file('/etc/issue').with({
'content' => 'foo',
'owner' => 'root',
'group' => 'root',
'mode' => '0644',
})
is_expected.to contain_file('/etc/issue.net').with({
'content' => 'foo',
'owner' => 'root',
'group' => 'root',
'mode' => '0644',
})
is_expected.to_not contain_file('/etc/motd')
end
end
context 'with motd configured' do
let(:params) {{ :motd => 'foo' }}
it do
is_expected.to contain_class('ssh').with({
'storeconfigs_enabled' => false,
'server_options' => {
'Port' => [22],
'PrintMotd' => 'yes',
'HostKey' => [
'/etc/ssh/ssh_host_rsa_key',
'/etc/ssh/ssh_host_ecdsa_key',
'/etc/ssh/ssh_host_ed25519_key',
],
'PasswordAuthentication' => 'no',
},
'client_options' => {},
})
is_expected.to contain_file('/etc/motd').with({
'content' => 'foo',
'owner' => 'root',
'group' => 'root',
'mode' => '0644',
})
is_expected.to_not contain_file('/etc/issue')
is_expected.to_not contain_file('/etc/issue.net')
end
end
context 'with options configured' do
let(:params) {{ :options => {'X11Forwarding' => 'no'} }}
it do
@ -200,99 +114,6 @@ describe 'tripleo::profile::base::sshd' do
},
'client_options' => {},
})
is_expected.to_not contain_file('/etc/motd')
is_expected.to_not contain_file('/etc/issue')
is_expected.to_not contain_file('/etc/issue.net')
end
end
context 'with motd and issue configured' do
let(:params) {{
:bannertext => 'foo',
:motd => 'foo'
}}
it do
is_expected.to contain_class('ssh').with({
'storeconfigs_enabled' => false,
'server_options' => {
'Banner' => '/etc/issue.net',
'Port' => [22],
'PrintMotd' => 'yes',
'HostKey' => [
'/etc/ssh/ssh_host_rsa_key',
'/etc/ssh/ssh_host_ecdsa_key',
'/etc/ssh/ssh_host_ed25519_key',
],
'PasswordAuthentication' => 'no',
},
'client_options' => {},
})
is_expected.to contain_file('/etc/motd').with({
'content' => 'foo',
'owner' => 'root',
'group' => 'root',
'mode' => '0644',
})
is_expected.to contain_file('/etc/issue').with({
'content' => 'foo',
'owner' => 'root',
'group' => 'root',
'mode' => '0644',
})
is_expected.to contain_file('/etc/issue.net').with({
'content' => 'foo',
'owner' => 'root',
'group' => 'root',
'mode' => '0644',
})
end
end
context 'with motd and issue and options configured' do
let(:params) {{
:bannertext => 'foo',
:motd => 'foo',
:options => {
'Port' => [22],
'PrintMotd' => 'no', # this should be overridden
'X11Forwarding' => 'no',
}
}}
it do
is_expected.to contain_class('ssh').with({
'storeconfigs_enabled' => false,
'server_options' => {
'Banner' => '/etc/issue.net',
'Port' => [22],
'PrintMotd' => 'yes',
'X11Forwarding' => 'no',
'HostKey' => [
'/etc/ssh/ssh_host_rsa_key',
'/etc/ssh/ssh_host_ecdsa_key',
'/etc/ssh/ssh_host_ed25519_key',
],
'PasswordAuthentication' => 'no',
},
'client_options' => {},
})
is_expected.to contain_file('/etc/motd').with({
'content' => 'foo',
'owner' => 'root',
'group' => 'root',
'mode' => '0644',
})
is_expected.to contain_file('/etc/issue').with({
'content' => 'foo',
'owner' => 'root',
'group' => 'root',
'mode' => '0644',
})
is_expected.to contain_file('/etc/issue.net').with({
'content' => 'foo',
'owner' => 'root',
'group' => 'root',
'mode' => '0644',
})
end
end
end