Add spec tests

This is a first pass and is in no way complete. It does travis support
and test the default case and the major params that change logic.

.fixtures.yml

@@ -0,0 +1,12 @@
+fixtures:
+  repositories:
+    "stdlib":
+      repo: "git://github.com/puppetlabs/puppetlabs-stdlib.git"
+      ref: "3.2.0"
+    "common":
+      repo: "git://github.com/ghoneycutt/puppet-module-common.git"
+      ref: "v1.0.0"
+    "firewall":
+      repo: "git://github.com/puppetlabs/puppetlabs-firewall.git"
+  symlinks:
+    "ssh": "#{source_dir}"

.travis.yml

@@ -0,0 +1,13 @@
+language: ruby
+before_script: "gem install --no-ri --no-rdoc bundler"
+after_script:
+script: 'SPEC_OPTS="--format documentation" bundle exec rake spec'
+notifications:
+  email: false
+rvm:
+  - 1.9.3
+  - 1.8.7
+env:
+  - PUPPET_VERSION=2.7.13
+  - PUPPET_VERSION=3.2.1
+gemfile: Gemfile

Gemfile

@@ -0,0 +1,6 @@
+source :rubygems
+
+puppetversion = ENV.key?('PUPPET_VERSION') ? "= #{ENV['PUPPET_VERSION']}" : ['>= 2.7']
+gem 'puppet', puppetversion
+gem 'puppetlabs_spec_helper', '>= 0.1.0'
+gem 'puppet-lint', '>= 0.3.2'

Modulefile

@@ -1,12 +1,12 @@
 name    'ghoneycutt-ssh'
-version '2.0.0'
+version '2.0.1'
 source 'git://github.com/ghoneycutt/puppet-module-ssh.git'
 author 'ghoneycutt'
 license 'Apache License, Version 2.0'
 summary 'Manages SSH'
 description 'Manage SSH'
 project_page 'https://github.com/ghoneycutt/puppet-module-ssh'
 
-dependency 'puppetlabs/stdlib',   '=> 3.2.x'
+dependency 'puppetlabs/stdlib',   '3.2.x'
 dependency 'ghoneycutt/common',   '1.0.0'
-dependency 'puppetlabs/firewall', '>= 0.2.1'
+dependency 'puppetlabs/firewall'

spec/classes/init_spec.rb

@@ -0,0 +1,250 @@
+require 'spec_helper'
+describe 'ssh' do
+
+  context 'with default params' do
+    let :facts do
+      {
+        :fqdn      => 'monkey.example.com',
+        :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
+      }
+    end
+    it { should include_class('ssh')}
+
+    it { should_not include_class('common')}
+
+    it {
+      should contain_package('ssh_packages').with({
+        'ensure' => 'installed',
+        'name'   => ['openssh-server','openssh-server','openssh-clients'],
+      })
+    }
+
+    it {
+      should contain_file('ssh_config').with({
+        'ensure' => 'file',
+        'path'    => '/etc/ssh/ssh_config',
+        'owner'   => 'root',
+        'group'   => 'root',
+        'mode'    => '0644',
+        'require' => 'Package[ssh_packages]',
+      })
+    }
+
+    it {
+      should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/)
+    }
+
+    it {
+      should contain_file('sshd_config').with({
+        'ensure' => 'file',
+        'path'    => '/etc/ssh/sshd_config',
+        'owner'   => 'root',
+        'group'   => 'root',
+        'mode'    => '0600',
+        'require' => 'Package[ssh_packages]',
+      })
+    }
+
+    it {
+      should contain_file('sshd_config').with_content(/^PermitRootLogin no$/)
+    }
+
+    it {
+      should contain_service('sshd_service').with({
+        'ensure'     => 'running',
+        'name'       => 'sshd',
+        'enable'     => 'true',
+        'hasrestart' => 'true',
+        'hasstatus'  => 'true',
+        'subscribe'  => 'File[sshd_config]',
+      })
+    }
+
+    it {
+      should contain_resources('sshkey').with({
+        'purge' => 'true',
+      })
+    }
+  end
+
+  context 'with manage_root_ssh_config set to \'true\'' do
+    let :facts do
+      {
+        :fqdn      => 'monkey.example.com',
+        :osfamily  => 'RedHat',
+        :root_home => '/root',
+        :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
+      }
+    end
+    let :params do
+      { :manage_root_ssh_config => 'true' }
+    end
+
+    it { should include_class('ssh')}
+
+    it { should include_class('common')}
+
+    it {
+      should contain_package('ssh_packages').with({
+        'ensure' => 'installed',
+        'name'   => ['openssh-server','openssh-server','openssh-clients'],
+      })
+    }
+
+    it {
+      should contain_file('ssh_config').with({
+        'ensure' => 'file',
+        'path'    => '/etc/ssh/ssh_config',
+        'owner'   => 'root',
+        'group'   => 'root',
+        'mode'    => '0644',
+        'require' => 'Package[ssh_packages]',
+      })
+    }
+
+    it {
+      should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/)
+    }
+
+    it {
+      should contain_file('sshd_config').with({
+        'ensure' => 'file',
+        'path'    => '/etc/ssh/sshd_config',
+        'owner'   => 'root',
+        'group'   => 'root',
+        'mode'    => '0600',
+        'require' => 'Package[ssh_packages]',
+      })
+    }
+
+    it {
+      should contain_file('sshd_config').with_content(/^PermitRootLogin no$/)
+    }
+
+    it {
+      should contain_service('sshd_service').with({
+        'ensure'     => 'running',
+        'name'       => 'sshd',
+        'enable'     => 'true',
+        'hasrestart' => 'true',
+        'hasstatus'  => 'true',
+        'subscribe'  => 'File[sshd_config]',
+      })
+    }
+
+    it {
+      should contain_resources('sshkey').with({
+        'purge' => 'true',
+      })
+    }
+
+    it {
+      should contain_file('root_ssh_dir').with({
+        'ensure'  => 'directory',
+        'path'    => '/root/.ssh',
+        'owner'   => 'root',
+        'group'   => 'root',
+        'mode'    => '0700',
+        'require' => 'Common::Mkdir_p[/root/.ssh]',
+      })
+    }
+  end
+
+  context 'with manage_root_ssh_config set to invalid value' do
+    let :facts do
+      {
+        :fqdn      => 'monkey.example.com',
+        :osfamily  => 'RedHat',
+        :root_home => '/root',
+        :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
+      }
+    end
+    let :params do
+      { :manage_root_ssh_config => 'invalid' }
+    end
+
+    it 'should fail' do
+      expect {
+        should include_class('ssh')
+      }.to raise_error(Puppet::Error,/manage_root_ssh_config is <invalid> and must be \'true\' or \'false\'./)
+    end
+  end
+
+  context 'with manage_firewall set to true' do
+    let :facts do
+      {
+        :fqdn      => 'monkey.example.com',
+        :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
+      }
+    end
+    let :params do
+      { :manage_firewall => true }
+    end
+
+    it { should include_class('ssh')}
+
+    it { should_not include_class('common')}
+
+    it {
+      should contain_package('ssh_packages').with({
+        'ensure' => 'installed',
+        'name'   => ['openssh-server','openssh-server','openssh-clients'],
+      })
+    }
+
+    it {
+      should contain_file('ssh_config').with({
+        'ensure' => 'file',
+        'path'    => '/etc/ssh/ssh_config',
+        'owner'   => 'root',
+        'group'   => 'root',
+        'mode'    => '0644',
+        'require' => 'Package[ssh_packages]',
+      })
+    }
+
+    it {
+      should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/)
+    }
+
+    it {
+      should contain_file('sshd_config').with({
+        'ensure' => 'file',
+        'path'    => '/etc/ssh/sshd_config',
+        'owner'   => 'root',
+        'group'   => 'root',
+        'mode'    => '0600',
+        'require' => 'Package[ssh_packages]',
+      })
+    }
+
+    it {
+      should contain_file('sshd_config').with_content(/^PermitRootLogin no$/)
+    }
+
+    it {
+      should contain_service('sshd_service').with({
+        'ensure'     => 'running',
+        'name'       => 'sshd',
+        'enable'     => 'true',
+        'hasrestart' => 'true',
+        'hasstatus'  => 'true',
+        'subscribe'  => 'File[sshd_config]',
+      })
+    }
+
+    it {
+      should contain_resources('sshkey').with({
+        'purge' => 'true',
+      })
+    }
+
+    it {
+      should contain_firewall('22 open port 22 for SSH').with({
+        'action' => 'accept',
+        'dport'  => '22',
+        'proto'  => 'tcp',
+      })
+    }
+  end
+end

templates/ssh_config.erb

@@ -1,7 +1,7 @@
 # This file is being maintained by Puppet.
 # DO NOT EDIT
 
-#	$OpenBSD: ssh_config,v 1.21 2005/12/06 22:38:27 reyk Exp $
+# $OpenBSD: ssh_config,v 1.21 2005/12/06 22:38:27 reyk Exp $
 
 # This is the ssh client system-wide configuration file.  See
 # ssh_config(5) for more information.  This file provides defaults for
@@ -45,12 +45,12 @@
 #   TunnelDevice any:any
 #   PermitLocalCommand no
 Host *
-	GSSAPIAuthentication yes
+  GSSAPIAuthentication yes
 # If this option is set to yes then remote X11 clients will have full access
 # to the original X11 display. As virtually no X11 client supports the untrusted
 # mode correctly we set this to yes.
-	ForwardX11Trusted yes
+  ForwardX11Trusted yes
 # Send locale-related environment variables
-	SendEnv LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
-	SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
-	SendEnv LC_IDENTIFICATION LC_ALL
+  SendEnv LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+  SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+  SendEnv LC_IDENTIFICATION LC_ALL