From 328f33ef71427d174b2c086cbfcae3bd0e8bd48f Mon Sep 17 00:00:00 2001 From: Joshua Hoblitt Date: Thu, 19 Oct 2023 14:29:54 -0700 Subject: [PATCH 1/2] (common) rm ssh rule for hreinking_b; add ssh rule for csilva_b --- hieradata/common.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hieradata/common.yaml b/hieradata/common.yaml index 34ce8be6a7..3f55e4d111 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -136,12 +136,12 @@ ssh::server::match_block: type: "user" options: AuthorizedKeysFile: ".ssh/authorized_keys" - hreinking_b: - <<: *authorized_keys jhoblitt_b: <<: *authorized_keys cbarria_b: <<: *authorized_keys + csilva_b: + <<: *authorized_keys # easy_ipa server options # defines the uid/gid of the admin user # needs to be coordinated between master + replicas From d570d31eccc868b392abd44495713bc74c23109c Mon Sep 17 00:00:00 2001 From: Joshua Hoblitt Date: Thu, 19 Oct 2023 14:30:27 -0700 Subject: [PATCH 2/2] (spec) improve admin user account tests --- spec/spec_helper.rb | 47 ++++++++++++++++++++++++++++++--------------- 1 file changed, 31 insertions(+), 16 deletions(-) diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 43977ee0b1..d8d8dc9adb 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -363,26 +363,41 @@ def node_files end end - it do - is_expected.to contain_user('csilva_b').with( - ensure: 'present', - groups: ['wheel_b'], - purge_ssh_keys: true, - ) + admin_users = %w[ + jhoblitt_b + cbarria_b + csilva_b + ] + + (admin_users + ['root']).each do |user| + it do + is_expected.to contain_ssh__server__match_block(user).with( + type: 'user', + options: { + 'AuthorizedKeysFile' => '.ssh/authorized_keys', + }, + ) + end end - it do - is_expected.to contain_user('hreinking_b').with( - ensure: 'absent', - ) + admin_users.each do |user| + it do + is_expected.to contain_user(user).with( + ensure: 'present', + groups: ['wheel_b'], + purge_ssh_keys: true, + ) + end end - it do - is_expected.to contain_file('/home/hreinking_b').with( - ensure: 'absent', - recurse: true, - force: true, - ) + %w[ + lssttech + sysadmin + athebo + athebo_b + hreinking_b + ].each do |user| + it { is_expected.to contain_user(user).with_ensure('absent') } end it { is_expected.to contain_class('systemd').with_manage_udevd(true) }