Merge pull request #185 from baby-gnu/feature/test-known_hosts

test(config_spec): verify the generation of /etc/ssh/ssh_known_hosts

kitchen.yml

@@ -154,6 +154,7 @@ suites:
         base:
           '*':
             - openssh.config
+            - openssh.known_hosts
       pillars:
         top.sls:
           base:

openssh/known_hosts.sls

@@ -5,7 +5,6 @@
 ensure dig is available:
   pkg.installed:
     - name: {{ openssh.dig_pkg }}
-    - unless: which dig
 
 manage ssh_known_hosts file:
   file.managed:

openssh/osfamilymap.yaml

@@ -6,7 +6,7 @@ Arch:
     server: openssh
     client: openssh
     service: sshd
-    dig_pkg: bind-tools
+    dig_pkg: bind
   sshd_config:
     Subsystem: sftp /usr/lib/ssh/sftp-server
 

test/integration/default/controls/config_spec.rb

@@ -9,6 +9,11 @@ root_group =
     'root'
   end
 
+github_known_host = 'github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]'
+gitlab_known_host_re = /gitlab.com,[0-9a-f.:,]* ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABA/
+minion_rsa_known_host = 'minion.id,alias.of.minion.id ssh-rsa [...]'
+minion_ed25519_known_host = 'minion.id,alias.of.minion.id ssh-ed25519 [...]'
+
 control 'openssh configuration' do
   title 'should match desired lines'
 
@@ -35,4 +40,15 @@ control 'openssh configuration' do
     its('content') { should include '    HashKnownHosts yes' }
     its('content') { should include '    SendEnv LANG LC_*' }
   end
+
+  describe file('/etc/ssh/ssh_known_hosts') do
+    it { should be_file }
+    its('mode') { should cmp '0644' }
+    it { should be_owned_by 'root' }
+    it { should be_grouped_into 'root' }
+    its('content') { should include github_known_host }
+    its('content') { should match(gitlab_known_host_re) }
+    its('content') { should include minion_rsa_known_host }
+    its('content') { should include minion_ed25519_known_host }
+  end
 end