diff options
Diffstat (limited to 'spec')
| -rw-r--r-- | spec/acceptance/tests/resource/sshkey/purge_spec.rb | 73 | ||||
| -rw-r--r-- | spec/unit/type/user_spec.rb | 32 |
2 files changed, 93 insertions, 12 deletions
diff --git a/spec/acceptance/tests/resource/sshkey/purge_spec.rb b/spec/acceptance/tests/resource/sshkey/purge_spec.rb new file mode 100644 index 0000000..23ce37b --- /dev/null +++ b/spec/acceptance/tests/resource/sshkey/purge_spec.rb @@ -0,0 +1,73 @@ +require 'spec_helper_acceptance' + +RSpec.context 'sshkeys: Purge' do + let(:keyname) { "pl#{rand(999_999).to_i}" } + + # FIXME: This is bletcherous + let(:ssh_known_hosts) { '/etc/ssh/ssh_known_hosts' } + + let(:purge_manifest) do + <<-MANIFEST + resources { 'sshkey': + purge => true, + } + MANIFEST + end + + before(:each) do + posix_agents.agents.each do |agent| + # The 'cp' might fail because the source file doesn't exist + on( + agent, + "cp -fv #{ssh_known_hosts} /tmp/ssh_known_hosts", + acceptable_exit_codes: [0, 1], + ) + cmd = <<-CMD +echo '' > #{ssh_known_hosts} +echo '#{keyname} ssh-rsa how_about_the_initial_rsa_key_of_c' >> #{ssh_known_hosts} +echo '#{keyname} ssh-dss how_about_the_initial_dss_key_of_c' >> #{ssh_known_hosts} +CMD + on(agent, cmd) + end + end + + after(:each) do + posix_agents.each do |agent| + # Is it present? + rc = on( + agent, + '[ -e /tmp/ssh_known_hosts ]', + accept_all_exit_codes: true, + ) + if rc.exit_code == 0 + # It's present, so restore the original + on( + agent, + "mv -fv /tmp/ssh_known_hosts #{ssh_known_hosts}", + accept_all_exit_codes: true, + ) + else + # It's missing, which means there wasn't one to backup; just + # delete the one we laid down + on( + agent, + "rm -fv #{ssh_known_hosts}", + accept_all_exit_codes: true, + ) + end + end + end + + posix_agents.each do |agent| + it "#{agent} should be able to purge all SSH known host keys" do + apply_manifest_on(agent, purge_manifest, catch_failures: true) + + # expect purging to be idempotent + apply_manifest_on(agent, purge_manifest, catch_changes: true) + + on(agent, "cat #{ssh_known_hosts}") do |_res| + expect(stdout).not_to include('how_about_the_initial') + end + end + end +end diff --git a/spec/unit/type/user_spec.rb b/spec/unit/type/user_spec.rb index 122434f..449f3dd 100644 --- a/spec/unit/type/user_spec.rb +++ b/spec/unit/type/user_spec.rb @@ -55,23 +55,23 @@ describe Puppet::Type.type(:user) do end end - context 'with no home directory specified' do - it 'does not accept true' do - expect { + if Puppet.version.start_with?('6') + context 'with no home directory specified' do + before(:each) do + Dir.stubs(:home).with('a').returns('/home/a') + end + + it 'does accept true' do described_class.new(name: 'a', purge_ssh_keys: true) - }.to raise_error(Puppet::Error, %r{purge_ssh_keys can only be true for users with a defined home directory}) - end + end - it 'does not accept the ~ wildcard' do - expect { + it 'does accept the ~ wildcard' do described_class.new(name: 'a', purge_ssh_keys: '~/keys') - }.to raise_error(Puppet::Error, %r{meta character ~ or %h only allowed for users with a defined home directory}) - end + end - it 'does not accept the %h wildcard' do - expect { + it 'does accept the %h wildcard' do described_class.new(name: 'a', purge_ssh_keys: '%h/keys') - }.to raise_error(Puppet::Error, %r{meta character ~ or %h only allowed for users with a defined home directory}) + end end end @@ -82,6 +82,10 @@ describe Puppet::Type.type(:user) do res end + before(:each) do + Dir.stubs(:home).with('test').returns('/home/test') + end + let(:paths) do ['/dev/null', '/tmp/keyfile'].map { |path| File.expand_path(path) } end @@ -106,6 +110,10 @@ describe Puppet::Type.type(:user) do res end + before(:each) do + Dir.stubs(:home).with('test_user_name').returns('/home/test_user_name') + end + context 'when purging is disabled' do let(:purge_param) { false } |