diff options
author | Jenkins <jenkins@review.openstack.org> | 2017-05-18 00:13:19 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2017-05-18 00:13:19 +0000 |
commit | 02305f9e3a30286337dab94f1ce87704361ab956 (patch) | |
tree | 272919c6afce1258c24f6a6e657f585d5ff0ee13 /spec | |
parent | 484a744461d361a235b72d4fc0259345fe7eb519 (diff) | |
parent | fe8edab1f4c761dcd6bad8eb6ccadd62627b077a (diff) |
Merge "Disable SSH login for nova_migration user when migration over ssh is disabled."
Diffstat (limited to 'spec')
-rw-r--r-- | spec/classes/tripleo_profile_base_nova_spec.rb | 60 |
1 files changed, 49 insertions, 11 deletions
diff --git a/spec/classes/tripleo_profile_base_nova_spec.rb b/spec/classes/tripleo_profile_base_nova_spec.rb index d77ba1b..a48c94f 100644 --- a/spec/classes/tripleo_profile_base_nova_spec.rb +++ b/spec/classes/tripleo_profile_base_nova_spec.rb @@ -95,9 +95,8 @@ describe 'tripleo::profile::base::nova' do is_expected.to contain_class('nova::cache') is_expected.to contain_class('nova::placement') is_expected.to_not contain_class('nova::migration::libvirt') - is_expected.to contain_package('openstack-nova-migration').with( - :ensure => 'absent' - ) + is_expected.to_not contain_file('/etc/nova/migration/authorized_keys') + is_expected.to_not contain_file('/etc/nova/migration/identity') } end @@ -132,7 +131,22 @@ describe 'tripleo::profile::base::nova' do :configure_nova => params[:nova_compute_enabled] ) is_expected.to contain_package('openstack-nova-migration').with( - :ensure => 'absent' + :ensure => 'present' + ) + is_expected.to contain_file('/etc/nova/migration/authorized_keys').with( + :content => '# Migration over SSH disabled by TripleO', + :mode => '0640', + :owner => 'root', + :group => 'nova_migration', + ) + is_expected.to contain_file('/etc/nova/migration/identity').with( + :content => '# Migration over SSH disabled by TripleO', + :mode => '0600', + :owner => 'nova', + :group => 'nova', + ) + is_expected.to contain_user('nova_migration').with( + :shell => '/sbin/nologin' ) } end @@ -169,7 +183,22 @@ describe 'tripleo::profile::base::nova' do :configure_nova => params[:nova_compute_enabled], ) is_expected.to contain_package('openstack-nova-migration').with( - :ensure => 'absent' + :ensure => 'present' + ) + is_expected.to contain_file('/etc/nova/migration/authorized_keys').with( + :content => '# Migration over SSH disabled by TripleO', + :mode => '0640', + :owner => 'root', + :group => 'nova_migration', + ) + is_expected.to contain_file('/etc/nova/migration/identity').with( + :content => '# Migration over SSH disabled by TripleO', + :mode => '0600', + :owner => 'nova', + :group => 'nova', + ) + is_expected.to contain_user('nova_migration').with( + :shell => '/sbin/nologin' ) } end @@ -223,6 +252,9 @@ describe 'tripleo::profile::base::nova' do } ) is_expected.to_not contain_ssh__server__match_block('nova_migration deny') + is_expected.to contain_package('openstack-nova-migration').with( + :ensure => 'present' + ) is_expected.to contain_file('/etc/nova/migration/authorized_keys').with( :content => 'ssh-rsa bar', :mode => '0640', @@ -235,8 +267,8 @@ describe 'tripleo::profile::base::nova' do :owner => 'nova', :group => 'nova', ) - is_expected.to contain_package('openstack-nova-migration').with( - :ensure => 'installed' + is_expected.to contain_user('nova_migration').with( + :shell => '/bin/bash' ) } end @@ -297,6 +329,9 @@ describe 'tripleo::profile::base::nova' do 'DenyUsers' => 'nova_migration' } ) + is_expected.to contain_package('openstack-nova-migration').with( + :ensure => 'present' + ) is_expected.to contain_file('/etc/nova/migration/authorized_keys').with( :content => 'ssh-rsa bar', :mode => '0640', @@ -309,8 +344,8 @@ describe 'tripleo::profile::base::nova' do :owner => 'nova', :group => 'nova', ) - is_expected.to contain_package('openstack-nova-migration').with( - :ensure => 'installed' + is_expected.to contain_user('nova_migration').with( + :shell => '/bin/bash' ) } end @@ -365,6 +400,9 @@ describe 'tripleo::profile::base::nova' do } ) is_expected.to_not contain_ssh__server__match_block('nova_migration deny') + is_expected.to contain_package('openstack-nova-migration').with( + :ensure => 'present' + ) is_expected.to contain_file('/etc/nova/migration/authorized_keys').with( :content => 'ssh-rsa bar', :mode => '0640', @@ -377,8 +415,8 @@ describe 'tripleo::profile::base::nova' do :owner => 'nova', :group => 'nova', ) - is_expected.to contain_package('openstack-nova-migration').with( - :ensure => 'installed' + is_expected.to contain_user('nova_migration').with( + :shell => '/bin/bash' ) } end |