diff --git a/recipes/server.rb b/recipes/server.rb index b5f87f8..5cfcd2d 100644 --- a/recipes/server.rb +++ b/recipes/server.rb @@ -72,6 +72,7 @@ end def get_key_from(field) + return [] unless Chef::DataBag.list.key?('users') search('users', "#{field}:*").map do |v| # ~FC003 ignore footcritic violation Chef::Log.info "ssh_server: installing ssh-keys for root access of user #{v['id']}" v[field] diff --git a/spec/recipes/default_spec.rb b/spec/recipes/default_spec.rb index 198693e..c068dec 100644 --- a/spec/recipes/default_spec.rb +++ b/spec/recipes/default_spec.rb @@ -21,9 +21,7 @@ # converge cached(:chef_run) do - ChefSpec::ServerRunner.new do |_node, server| - server.create_data_bag('users', 'someuser' => { id: 'someuser' }) - end.converge(described_recipe) + ChefSpec::ServerRunner.new.converge(described_recipe) end # check that the recipes are executed diff --git a/spec/recipes/server_spec.rb b/spec/recipes/server_spec.rb index 51b07d7..dd8d371 100644 --- a/spec/recipes/server_spec.rb +++ b/spec/recipes/server_spec.rb @@ -21,9 +21,7 @@ # converge cached(:chef_run) do - ChefSpec::ServerRunner.new do |_node, server| - server.create_data_bag('users', 'someuser' => { id: 'someuser' }) - end.converge(described_recipe) + ChefSpec::ServerRunner.new.converge(described_recipe) end it 'installs openssh-server' do @@ -76,8 +74,7 @@ context 'with weak hmacs enabled' do cached(:chef_run) do - ChefSpec::ServerRunner.new do |node, server| - server.create_data_bag('users', 'someuser' => { id: 'someuser' }) + ChefSpec::ServerRunner.new do |node| node.set['ssh']['weak_hmac'] = true end.converge(described_recipe) end @@ -100,9 +97,8 @@ context 'with weak kexs enabled' do cached(:chef_run) do - ChefSpec::ServerRunner.new do |node, server| + ChefSpec::ServerRunner.new do |node| node.set['ssh']['weak_kex'] = true - server.create_data_bag('users', 'someuser' => { id: 'someuser' }) end.converge(described_recipe) end @@ -124,9 +120,8 @@ context 'with cbc required' do cached(:chef_run) do - ChefSpec::ServerRunner.new do |node, server| + ChefSpec::ServerRunner.new do |node| node.set['ssh']['cbc_required'] = true - server.create_data_bag('users', 'someuser' => { id: 'someuser' }) end.converge(described_recipe) end @@ -167,12 +162,6 @@ .with(group: 'root') end - context 'without users data bag' do - it 'does not touch authorized_keys by root' do - expect(chef_run).to_not create_template('/root/.ssh/authorized_keys') - end - end - context 'without attribute allow_root_with_key' do it 'does not unlock root account' do expect(chef_run).to_not run_execute('unlock root account if it is locked') @@ -181,9 +170,8 @@ context 'with attribute allow_root_with_key' do cached(:chef_run) do - ChefSpec::ServerRunner.new do |node, server| + ChefSpec::ServerRunner.new do |node| node.set['ssh']['allow_root_with_key'] = true - server.create_data_bag('users', 'someuser' => { id: 'someuser' }) end.converge(described_recipe) end @@ -213,7 +201,7 @@ .with(group: 'root') end - it 'authorizes files from the user data bag for root access' do + it 'authorizes keys from the user data bag for root access' do expect(chef_run).to render_file('/root/.ssh/authorized_keys') .with_content(/^key-user1$/) .with_content(/^key-user2$/) @@ -224,4 +212,17 @@ end + context 'without users data bag' do + cached(:chef_run) do + ChefSpec::ServerRunner.new.converge(described_recipe) + end + + it 'does not raise an error' do + expect { chef_run }.not_to raise_error + end + + it 'does not touch authorized_keys by root' do + expect(chef_run).to_not create_template('/root/.ssh/authorized_keys') + end + end end