From 867f64408d5fe051984bf7bdf7ec2c7f416851ab Mon Sep 17 00:00:00 2001 From: Cookstyle Bot Date: Wed, 26 Jan 2022 13:52:32 -0800 Subject: [PATCH] Cookstyle Bot Auto Corrections with Cookstyle 7.31.1 This change is automatically generated by the Cookstyle Bot using the latest version of Cookstyle (7.31.1). Adopting changes suggested by Cookstyle improves cookbook readability, avoids common coding mistakes, and eases upgrades to newer versions of the Chef Infra Client. ### Style/Encoding - **/Berksfile:1**: Unnecessary utf-8 encoding comment. (https://rubystyle.guide#utf-8) - **/Gemfile:1**: Unnecessary utf-8 encoding comment. (https://rubystyle.guide#utf-8) - **/Rakefile:1**: Unnecessary utf-8 encoding comment. (https://rubystyle.guide#utf-8) - **/attributes/default.rb:1**: Unnecessary utf-8 encoding comment. (https://rubystyle.guide#utf-8) - **/libraries/devsec_ssh.rb:1**: Unnecessary utf-8 encoding comment. (https://rubystyle.guide#utf-8) - **/metadata.rb:1**: Unnecessary utf-8 encoding comment. (https://rubystyle.guide#utf-8) - **/recipes/client.rb:1**: Unnecessary utf-8 encoding comment. (https://rubystyle.guide#utf-8) - **/recipes/default.rb:1**: Unnecessary utf-8 encoding comment. (https://rubystyle.guide#utf-8) - **/recipes/server.rb:1**: Unnecessary utf-8 encoding comment. (https://rubystyle.guide#utf-8) - **/recipes/unlock.rb:1**: Unnecessary utf-8 encoding comment. (https://rubystyle.guide#utf-8) - **/spec/libraries/devsec_ssh_spec.rb:1**: Unnecessary utf-8 encoding comment. (https://rubystyle.guide#utf-8) - **/spec/recipes/client_spec.rb:1**: Unnecessary utf-8 encoding comment. (https://rubystyle.guide#utf-8) - **/spec/recipes/default_spec.rb:1**: Unnecessary utf-8 encoding comment. (https://rubystyle.guide#utf-8) - **/spec/recipes/server_spec.rb:1**: Unnecessary utf-8 encoding comment. (https://rubystyle.guide#utf-8) - **/spec/recipes/unlock_spec.rb:1**: Unnecessary utf-8 encoding comment. (https://rubystyle.guide#utf-8) - **/spec/shared_examples_crypto.rb:1**: Unnecessary utf-8 encoding comment. (https://rubystyle.guide#utf-8) - **/spec/spec_helper.rb:1**: Unnecessary utf-8 encoding comment. (https://rubystyle.guide#utf-8) - **/test/fixtures/cookbooks/test/recipes/default.rb:1**: Unnecessary utf-8 encoding comment. (https://rubystyle.guide#utf-8) ### Chef/Style/CommentFormat - **/attributes/default.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/attributes/default.rb:7**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/libraries/devsec_ssh.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/libraries/devsec_ssh.rb:7**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/libraries/devsec_ssh.rb:8**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/libraries/devsec_ssh.rb:9**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/libraries/devsec_ssh.rb:10**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/metadata.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/client.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/client.rb:7**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/client.rb:8**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/default.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/default.rb:7**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/default.rb:8**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/server.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/server.rb:7**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/server.rb:8**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/unlock.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/recipes/unlock.rb:7**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/spec/libraries/devsec_ssh_spec.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/spec/recipes/client_spec.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/spec/recipes/client_spec.rb:5**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/spec/recipes/default_spec.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/spec/recipes/server_spec.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/spec/recipes/server_spec.rb:5**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/spec/recipes/unlock_spec.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/spec/shared_examples_crypto.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/spec/shared_examples_crypto.rb:5**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/spec/spec_helper.rb:4**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/test/fixtures/cookbooks/test/recipes/default.rb:3**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) - **/test/fixtures/cookbooks/test/recipes/default.rb:6**: Properly format header comments (https://docs.chef.io/workstation/cookstyle/chef_style_commentformat) ### Layout/CaseIndentation - **/attributes/default.rb:22**: Indent `when` as deep as `case`. (https://rubystyle.guide#indent-when-to-case) - **/attributes/default.rb:24**: Indent `when` as deep as `case`. (https://rubystyle.guide#indent-when-to-case) - **/attributes/default.rb:26**: Indent `when` as deep as `case`. (https://rubystyle.guide#indent-when-to-case) ### Style/ConditionalAssignment - **/attributes/default.rb:23**: Use the return of the conditional for variable assignment and comparison. - **/attributes/default.rb:43**: Use the return of the conditional for variable assignment and comparison. - **/attributes/default.rb:51**: Use the return of the conditional for variable assignment and comparison. ### Layout/IndentationWidth - **/attributes/default.rb:23**: Use 2 (not -49) spaces for indentation. (https://rubystyle.guide#spaces-indentation) - **/attributes/default.rb:25**: Use 2 (not -49) spaces for indentation. (https://rubystyle.guide#spaces-indentation) - **/attributes/default.rb:27**: Use 2 (not -49) spaces for indentation. (https://rubystyle.guide#spaces-indentation) - **/attributes/default.rb:29**: Use 2 (not -49) spaces for indentation. (https://rubystyle.guide#spaces-indentation) - **/attributes/default.rb:42**: Use 2 (not -49) spaces for indentation. (https://rubystyle.guide#spaces-indentation) - **/attributes/default.rb:44**: Use 2 (not -49) spaces for indentation. (https://rubystyle.guide#spaces-indentation) - **/attributes/default.rb:49**: Use 2 (not -54) spaces for indentation. (https://rubystyle.guide#spaces-indentation) - **/attributes/default.rb:51**: Use 2 (not -54) spaces for indentation. (https://rubystyle.guide#spaces-indentation) ### Layout/ElseAlignment - **/attributes/default.rb:28**: Align `else` with `when`. - **/attributes/default.rb:43**: Align `else` with `if`. - **/attributes/default.rb:50**: Align `else` with `if`. ### Chef/Style/UsePlatformHelpers - **/attributes/default.rb:35**: Use platform? and platform_family? helpers to check a node's platform (https://docs.chef.io/workstation/cookstyle/chef_style_useplatformhelpers) - **/attributes/default.rb:36**: Use platform? and platform_family? helpers to check a node's platform (https://docs.chef.io/workstation/cookstyle/chef_style_useplatformhelpers) - **/libraries/devsec_ssh.rb:197**: Use platform? and platform_family? helpers to check a node's platform (https://docs.chef.io/workstation/cookstyle/chef_style_useplatformhelpers) - **/recipes/server.rb:52**: Use platform? and platform_family? helpers to check a node's platform (https://docs.chef.io/workstation/cookstyle/chef_style_useplatformhelpers) - **/recipes/server.rb:54**: Use platform? and platform_family? helpers to check a node's platform (https://docs.chef.io/workstation/cookstyle/chef_style_useplatformhelpers) - **/test/fixtures/cookbooks/test/recipes/default.rb:21**: Use platform? and platform_family? helpers to check a node's platform (https://docs.chef.io/workstation/cookstyle/chef_style_useplatformhelpers) ### Chef/Style/UnnecessaryPlatformCaseStatement - **/attributes/default.rb:43**: Use the platform?() and platform_family?() helpers instead of a case statement that only includes a single when statement. (https://docs.chef.io/workstation/cookstyle/chef_style_unnecessaryplatformcasestatement) - **/attributes/default.rb:51**: Use the platform?() and platform_family?() helpers instead of a case statement that only includes a single when statement. (https://docs.chef.io/workstation/cookstyle/chef_style_unnecessaryplatformcasestatement) - **/recipes/server.rb:137**: Use the platform?() and platform_family?() helpers instead of a case statement that only includes a single when statement. (https://docs.chef.io/workstation/cookstyle/chef_style_unnecessaryplatformcasestatement) ### Layout/ExtraSpacing - **/attributes/default.rb:71**: Unnecessary spacing detected. - **/attributes/default.rb:72**: Unnecessary spacing detected. - **/attributes/default.rb:73**: Unnecessary spacing detected. ### Layout/SpaceAroundOperators - **/attributes/default.rb:71**: Operator `=` should be surrounded by a single space. (https://rubystyle.guide#spaces-operators) - **/attributes/default.rb:72**: Operator `=` should be surrounded by a single space. (https://rubystyle.guide#spaces-operators) ### Migration/DepartmentName - **/attributes/default.rb:83**: Department name is missing. ### Style/PercentLiteralDelimiters - **/libraries/devsec_ssh.rb:45**: `%i`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) - **/libraries/devsec_ssh.rb:50**: `%w`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) - **/libraries/devsec_ssh.rb:51**: `%w`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) - **/libraries/devsec_ssh.rb:52**: `%w`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) - **/libraries/devsec_ssh.rb:55**: `%w`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) - **/libraries/devsec_ssh.rb:56**: `%w`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) - **/libraries/devsec_ssh.rb:57**: `%w`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) - **/libraries/devsec_ssh.rb:59**: `%w`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) - **/libraries/devsec_ssh.rb:62**: `%w`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) - **/libraries/devsec_ssh.rb:63**: `%w`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) - **/libraries/devsec_ssh.rb:65**: `%w`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) - **/libraries/devsec_ssh.rb:76**: `%w`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) - **/libraries/devsec_ssh.rb:77**: `%w`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) - **/libraries/devsec_ssh.rb:78**: `%w`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) - **/recipes/server.rb:54**: `%w`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) - **/recipes/server.rb:147**: `%i`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) - **/recipes/server.rb:148**: `%i`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) - **/recipes/server.rb:149**: `%i`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) - **/recipes/server.rb:150**: `%i`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) - **/recipes/server.rb:152**: `%i`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) - **/recipes/server.rb:154**: `%i`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) - **/recipes/server.rb:155**: `%i`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) - **/recipes/server.rb:157**: `%i`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) - **/recipes/server.rb:159**: `%i`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) - **/spec/libraries/devsec_ssh_spec.rb:257**: `%w`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) - **/spec/recipes/client_spec.rb:185**: `%w`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) - **/spec/recipes/server_spec.rb:610**: `%w`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) - **/spec/recipes/server_spec.rb:623**: `%w`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) - **/spec/recipes/server_spec.rb:757**: `%w`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) - **/spec/shared_examples_crypto.rb:48**: `%w`-literals should be delimited by `(` and `)`. (https://rubystyle.guide#percent-literal-braces) ### Style/TrailingCommaInHashLiteral - **/libraries/devsec_ssh.rb:52**: Put a comma after the last item of a multiline hash. - **/libraries/devsec_ssh.rb:59**: Put a comma after the last item of a multiline hash. - **/libraries/devsec_ssh.rb:65**: Put a comma after the last item of a multiline hash. - **/libraries/devsec_ssh.rb:66**: Put a comma after the last item of a multiline hash. - **/libraries/devsec_ssh.rb:71**: Put a comma after the last item of a multiline hash. - **/libraries/devsec_ssh.rb:78**: Put a comma after the last item of a multiline hash. - **/recipes/client.rb:52**: Put a comma after the last item of a multiline hash. - **/recipes/server.rb:155**: Put a comma after the last item of a multiline hash. - **/recipes/server.rb:184**: Put a comma after the last item of a multiline hash. - **/spec/libraries/devsec_ssh_spec.rb:45**: Put a comma after the last item of a multiline hash. - **/spec/libraries/devsec_ssh_spec.rb:48**: Put a comma after the last item of a multiline hash. - **/spec/libraries/devsec_ssh_spec.rb:49**: Put a comma after the last item of a multiline hash. - **/spec/libraries/devsec_ssh_spec.rb:50**: Put a comma after the last item of a multiline hash. ### Style/ReturnNil - **/libraries/devsec_ssh.rb:166**: Use `return` instead of `return nil`. ### Chef/RedundantCode/LongDescriptionMetadata - **/metadata.rb:24**: The long_description metadata.rb method is not used and is unnecessary in cookbooks. (https://docs.chef.io/workstation/cookstyle/chef_redundantcode_longdescriptionmetadata) - **/test/fixtures/cookbooks/test/metadata.rb:6**: The long_description metadata.rb method is not used and is unnecessary in cookbooks. (https://docs.chef.io/workstation/cookstyle/chef_redundantcode_longdescriptionmetadata) ### Chef/Modernize/RespondToInMetadata - **/metadata.rb:27**: It is no longer necessary to use respond_to? or defined? in metadata.rb in Chef Infra Client 12.15 and later (https://docs.chef.io/workstation/cookstyle/chef_modernize_respondtoinmetadata) ### Chef/RedundantCode/RecipeMetadata - **/metadata.rb:40**: The recipe metadata.rb method is not used and is unnecessary in cookbooks. Recipes should be documented in the cookbook's README.md file instead. (https://docs.chef.io/workstation/cookstyle/chef_redundantcode_recipemetadata) - **/metadata.rb:41**: The recipe metadata.rb method is not used and is unnecessary in cookbooks. Recipes should be documented in the cookbook's README.md file instead. (https://docs.chef.io/workstation/cookstyle/chef_redundantcode_recipemetadata) - **/metadata.rb:42**: The recipe metadata.rb method is not used and is unnecessary in cookbooks. Recipes should be documented in the cookbook's README.md file instead. (https://docs.chef.io/workstation/cookstyle/chef_redundantcode_recipemetadata) ### Layout/TrailingWhitespace - **/recipes/server.rb:105**: Trailing whitespace detected. (https://rubystyle.guide#no-trailing-whitespace) ### Chef/Modernize/FoodcriticComments - **/recipes/server.rb:107**: Remove legacy code comments that disable Foodcritic rules (https://docs.chef.io/workstation/cookstyle/chef_modernize_foodcriticcomments) ### Layout/DotPosition - **/spec/recipes/client_spec.rb:59**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/client_spec.rb:64**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/client_spec.rb:138**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/client_spec.rb:151**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/client_spec.rb:164**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/client_spec.rb:177**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/client_spec.rb:190**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/client_spec.rb:203**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/server_spec.rb:69**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/server_spec.rb:146**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/server_spec.rb:159**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/server_spec.rb:172**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/server_spec.rb:196**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/server_spec.rb:212**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/server_spec.rb:224**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/server_spec.rb:442**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/server_spec.rb:454**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/server_spec.rb:471**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/server_spec.rb:485**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/server_spec.rb:512**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/server_spec.rb:534**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/server_spec.rb:546**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/server_spec.rb:552**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/server_spec.rb:564**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/server_spec.rb:570**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/server_spec.rb:582**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/server_spec.rb:588**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/server_spec.rb:593**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/server_spec.rb:598**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/server_spec.rb:603**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/server_spec.rb:615**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/server_spec.rb:628**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/server_spec.rb:635**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/server_spec.rb:648**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/server_spec.rb:661**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/server_spec.rb:668**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/server_spec.rb:681**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/server_spec.rb:695**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/server_spec.rb:709**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/server_spec.rb:722**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/server_spec.rb:735**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/server_spec.rb:736**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/server_spec.rb:749**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/server_spec.rb:762**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/server_spec.rb:774**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/server_spec.rb:787**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/recipes/server_spec.rb:801**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/shared_examples_crypto.rb:23**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/shared_examples_crypto.rb:32**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/shared_examples_crypto.rb:41**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/shared_examples_crypto.rb:51**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/shared_examples_crypto.rb:60**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/shared_examples_crypto.rb:69**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) - **/spec/shared_examples_crypto.rb:78**: Place the . on the next line, together with the method name. (https://rubystyle.guide#consistent-multi-line-chains) ### Style/RegexpLiteral - **/spec/recipes/server_spec.rb:225**: Use `%r` around regular expression. (https://rubystyle.guide#percent-r) ### Chef/Deprecations/DeprecatedChefSpecPlatform - **/spec/recipes/server_spec.rb:276**: Use currently supported platforms in ChefSpec listed at https://github.com/chefspec/fauxhai/blob/main/PLATFORMS.md. Fauxhai / ChefSpec will perform fuzzy matching on platform version so it's always best to be less specific ie. 10 instead of 10.3 (https://docs.chef.io/workstation/cookstyle/chef_deprecations_deprecatedchefspecplatform) - **/spec/recipes/server_spec.rb:465**: Use currently supported platforms in ChefSpec listed at https://github.com/chefspec/fauxhai/blob/main/PLATFORMS.md. Fauxhai / ChefSpec will perform fuzzy matching on platform version so it's always best to be less specific ie. 10 instead of 10.3 (https://docs.chef.io/workstation/cookstyle/chef_deprecations_deprecatedchefspecplatform) ### Layout/EmptyLines - **/spec/spec_helper.rb:25**: Extra blank line detected. (https://rubystyle.guide#two-or-more-empty-lines) ### Chef/Deprecations/ChefSpecCoverageReport - **/spec/spec_helper.rb:26**: Don't use the deprecated ChefSpec coverage report functionality in your specs. (https://docs.chef.io/workstation/cookstyle/chef_deprecations_chefspeccoveragereport) ### Chef/Sharing/InvalidLicenseString - **/test/fixtures/cookbooks/test/metadata.rb:4**: Cookbook metadata.rb does not use a SPDX compliant license string or "all rights reserved". See https://spdx.org/licenses/ for a complete list of license identifiers. (https://docs.chef.io/workstation/cookstyle/chef_sharing_invalidlicensestring) Signed-off-by: Cookstyle --- Berksfile | 2 - Gemfile | 2 - Rakefile | 2 - attributes/default.rb | 60 +++---- libraries/devsec_ssh.rb | 52 +++--- metadata.rb | 11 +- recipes/client.rb | 10 +- recipes/default.rb | 8 +- recipes/server.rb | 35 ++-- recipes/unlock.rb | 6 +- spec/libraries/devsec_ssh_spec.rb | 14 +- spec/recipes/client_spec.rb | 40 ++--- spec/recipes/default_spec.rb | 4 +- spec/recipes/server_spec.rb | 170 +++++++++--------- spec/recipes/unlock_spec.rb | 4 +- spec/shared_examples_crypto.rb | 36 ++-- spec/spec_helper.rb | 5 +- test/fixtures/cookbooks/test/metadata.rb | 3 +- .../cookbooks/test/recipes/default.rb | 7 +- 19 files changed, 213 insertions(+), 258 deletions(-) diff --git a/Berksfile b/Berksfile index 97cb323..aa11834 100644 --- a/Berksfile +++ b/Berksfile @@ -1,5 +1,3 @@ -# encoding: utf-8 - source 'https://supermarket.chef.io' metadata diff --git a/Gemfile b/Gemfile index 5c372f5..0711d52 100644 --- a/Gemfile +++ b/Gemfile @@ -1,5 +1,3 @@ -# encoding: utf-8 - source 'https://rubygems.org' gem 'berkshelf', '~> 7.0' diff --git a/Rakefile b/Rakefile index 9118696..8a39c96 100644 --- a/Rakefile +++ b/Rakefile @@ -1,5 +1,3 @@ -# encoding: utf-8 - # rubocop:disable Style/SymbolArray require 'foodcritic' diff --git a/attributes/default.rb b/attributes/default.rb index 3d5fdbc..272ae54 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -1,10 +1,8 @@ -# encoding: utf-8 - # -# Cookbook Name:: ssh-hardening +# Cookbook:: ssh-hardening # Attributes:: default # -# Copyright 2012, Dominik Richter +# Copyright:: 2012, Dominik Richter # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,40 +18,38 @@ # # Define the client package name -case node['platform'] -when 'redhat', 'centos', 'fedora', 'amazon', 'oracle', 'scientific' - default['ssh-hardening']['sshclient']['package'] = 'openssh-clients' -when 'debian', 'ubuntu' - default['ssh-hardening']['sshclient']['package'] = 'openssh-client' -when 'arch', 'suse', 'opensuse', 'opensuseleap' - default['ssh-hardening']['sshclient']['package'] = 'openssh' -else - default['ssh-hardening']['sshclient']['package'] = 'openssh-client' -end +default['ssh-hardening']['sshclient']['package'] = case node['platform'] + when 'redhat', 'centos', 'fedora', 'amazon', 'oracle', 'scientific' + 'openssh-clients' + when 'debian', 'ubuntu' + 'openssh-client' + when 'arch', 'suse', 'opensuse', 'opensuseleap' + 'openssh' + else + 'openssh-client' + end # Define the package name for selinux utils -if node['platform_family'] == 'fedora' || # rubocop:disable Style/ConditionalAssignment - node['platform_family'] == 'rhel' && node['platform_version'].to_f >= 8 +if platform_family?('fedora') || # rubocop:disable Style/ConditionalAssignment + platform_family?('rhel') && node['platform_version'].to_f >= 8 default['ssh-hardening']['selinux']['package'] = 'policycoreutils-python-utils' else default['ssh-hardening']['selinux']['package'] = 'policycoreutils-python' end # Define the server package name -case node['platform'] -when 'suse', 'opensuse', 'opensuseleap' - default['ssh-hardening']['sshserver']['package'] = 'openssh' -else - default['ssh-hardening']['sshserver']['package'] = 'openssh-server' -end +default['ssh-hardening']['sshserver']['package'] = if platform?('suse', 'opensuse', 'opensuseleap') + 'openssh' + else + 'openssh-server' + end # Define the service name for sshd -case node['platform_family'] -when 'rhel', 'fedora', 'suse', 'freebsd', 'gentoo', 'amazon' - default['ssh-hardening']['sshserver']['service_name'] = 'sshd' -else - default['ssh-hardening']['sshserver']['service_name'] = 'ssh' -end +default['ssh-hardening']['sshserver']['service_name'] = if platform_family?('rhel', 'fedora', 'suse', 'freebsd', 'gentoo', 'amazon') + 'sshd' + else + 'ssh' + end # sshd + ssh client default['ssh-hardening']['network']['ipv6']['enable'] = false @@ -68,9 +64,9 @@ client['cbc_required'] = false client['weak_hmac'] = false client['weak_kex'] = false - client['allow_agent_forwarding'] = false - client['remote_hosts'] = [] - client['password_authentication'] = false # ssh + client['allow_agent_forwarding'] = false + client['remote_hosts'] = [] + client['password_authentication'] = false # ssh # http://undeadly.org/cgi?action=article&sid=20160114142733 client['roaming'] = false client['send_env'] = ['LANG', 'LC_*', 'LANGUAGE'] @@ -80,7 +76,7 @@ end # sshd -default['ssh-hardening']['ssh']['server'].tap do |server| # rubocop: disable BlockLength +default['ssh-hardening']['ssh']['server'].tap do |server| # rubocop: disable Metrics/BlockLength server['kex'] = nil # nil = calculate best combination for server version server['cipher'] = nil # nil = calculate best combination for server version server['mac'] = nil # nil = calculate best combination for server version diff --git a/libraries/devsec_ssh.rb b/libraries/devsec_ssh.rb index a0f328e..293e586 100644 --- a/libraries/devsec_ssh.rb +++ b/libraries/devsec_ssh.rb @@ -1,13 +1,11 @@ -# encoding: utf-8 - # -# Cookbook Name:: ssh-hardening +# Cookbook:: ssh-hardening # Library:: devsec_ssh # -# Copyright 2012, Dominik Richter -# Copyright 2014, Christoph Hartmann -# Copyright 2014, Deutsche Telekom AG -# Copyright 2016, Artem Sidorenko +# Copyright:: 2012, Dominik Richter +# Copyright:: 2014, Christoph Hartmann +# Copyright:: 2014, Deutsche Telekom AG +# Copyright:: 2016, Artem Sidorenko # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -42,40 +40,40 @@ class Ssh # rubocop:disable Metrics/ClassLength # Fallback ssh version for autodetection FALLBACK_SSH_VERSION ||= 5.9 # Support types of ssh - SSH_TYPES ||= %i[client server].freeze + SSH_TYPES ||= %i(client server).freeze # Crypto configuration for different ssh parameters CRYPTO ||= { kexs: { 5.3 => [], - 5.9 => %w[diffie-hellman-group-exchange-sha256], - 6.6 => %w[curve25519-sha256@libssh.org diffie-hellman-group-exchange-sha256], - :weak => %w[diffie-hellman-group14-sha1 diffie-hellman-group-exchange-sha1 diffie-hellman-group1-sha1] + 5.9 => %w(diffie-hellman-group-exchange-sha256), + 6.6 => %w(curve25519-sha256@libssh.org diffie-hellman-group-exchange-sha256), + :weak => %w(diffie-hellman-group14-sha1 diffie-hellman-group-exchange-sha1 diffie-hellman-group1-sha1), }, macs: { - 5.3 => %w[hmac-ripemd160 hmac-sha1], - 5.9 => %w[hmac-sha2-512 hmac-sha2-256 hmac-ripemd160], - 6.6 => %w[hmac-sha2-512-etm@openssh.com hmac-sha2-256-etm@openssh.com - umac-128-etm@openssh.com hmac-sha2-512 hmac-sha2-256], - :weak => %w[hmac-sha1] + 5.3 => %w(hmac-ripemd160 hmac-sha1), + 5.9 => %w(hmac-sha2-512 hmac-sha2-256 hmac-ripemd160), + 6.6 => %w(hmac-sha2-512-etm@openssh.com hmac-sha2-256-etm@openssh.com + umac-128-etm@openssh.com hmac-sha2-512 hmac-sha2-256), + :weak => %w(hmac-sha1), }, ciphers: { - 5.3 => %w[aes256-ctr aes192-ctr aes128-ctr], - 6.6 => %w[chacha20-poly1305@openssh.com aes256-gcm@openssh.com aes128-gcm@openssh.com - aes256-ctr aes192-ctr aes128-ctr], - :weak => %w[aes256-cbc aes192-cbc aes128-cbc] - } + 5.3 => %w(aes256-ctr aes192-ctr aes128-ctr), + 6.6 => %w(chacha20-poly1305@openssh.com aes256-gcm@openssh.com aes128-gcm@openssh.com + aes256-ctr aes192-ctr aes128-ctr), + :weak => %w(aes256-cbc aes192-cbc aes128-cbc), + }, }.freeze # Privilege separation values PRIVILEGE_SEPARATION ||= { 5.3 => 'yes', - 5.9 => 'sandbox' + 5.9 => 'sandbox', }.freeze # Hostkey algorithms # In the current implementation they are server specific so we need own data hash for it HOSTKEY_ALGORITHMS ||= { - 5.3 => %w[rsa], - 6.0 => %w[rsa ecdsa], - 6.6 => %w[rsa ecdsa ed25519] + 5.3 => %w(rsa), + 6.0 => %w(rsa ecdsa), + 6.6 => %w(rsa ecdsa ed25519), }.freeze class << self @@ -163,7 +161,7 @@ def get_crypto_data(crypto_type, ssh_type, enable_weak) # on the particilar ssh version. Return nil in such cases if crypto.empty? Chef::Log.debug("No value present for ssh version #{found_ssh_version}. Returning nil.") - return nil + return end if enable_weak @@ -194,7 +192,7 @@ def find_ssh_version(version, versions) def get_ssh_version(package) version = node['packages'][package]['version'] # on debian we get the epoch in front of version number: 1:7.2p2-4ubuntu2.1 - version = version.split(':')[1] if node['platform_family'] == 'debian' + version = version.split(':')[1] if platform_family?('debian') Chef::Log.debug("Detected openssh version #{version} for package #{package}") version.to_f rescue NoMethodError diff --git a/metadata.rb b/metadata.rb index 460cf4c..9d46933 100644 --- a/metadata.rb +++ b/metadata.rb @@ -1,7 +1,5 @@ -# encoding: utf-8 - # -# Copyright 2014, Deutsche Telekom AG +# Copyright:: 2014, Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,10 +19,9 @@ maintainer_email 'dominik.richter@googlemail.com' license 'Apache-2.0' description 'This cookbook installs and provides secure ssh and sshd configurations.' -long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) version '2.9.0' -chef_version '>= 12.5' if respond_to?(:chef_version) +chef_version '>= 12.5' supports 'ubuntu', '>= 12.04' supports 'debian', '>= 6.0' @@ -37,9 +34,5 @@ supports 'opensuseleap', '>= 42.1' supports 'amazon' -recipe 'ssh-hardening::default', 'installs and configures ssh client and server' -recipe 'ssh-hardening::client', 'install and apply security hardening for ssh client' -recipe 'ssh-hardening::server', 'install and apply security hardening for ssh server' - source_url 'https://github.com/dev-sec/chef-ssh-hardening' issues_url 'https://github.com/dev-sec/chef-ssh-hardening/issues' diff --git a/recipes/client.rb b/recipes/client.rb index 8156429..2510c7e 100644 --- a/recipes/client.rb +++ b/recipes/client.rb @@ -1,11 +1,9 @@ -# encoding: utf-8 - # -# Cookbook Name:: ssh-hardening +# Cookbook:: ssh-hardening # Recipe:: client.rb # -# Copyright 2012, Dominik Richter -# Copyright 2014, Deutsche Telekom AG +# Copyright:: 2012, Dominik Richter +# Copyright:: 2014, Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -49,7 +47,7 @@ mac: node['ssh-hardening']['ssh']['client']['mac'] || DevSec::Ssh.get_client_macs(node['ssh-hardening']['ssh']['client']['weak_hmac']), kex: node['ssh-hardening']['ssh']['client']['kex'] || DevSec::Ssh.get_client_kexs(node['ssh-hardening']['ssh']['client']['weak_kex']), cipher: node['ssh-hardening']['ssh']['client']['cipher'] || DevSec::Ssh.get_client_ciphers(node['ssh-hardening']['ssh']['client']['cbc_required']), - version: DevSec::Ssh.get_ssh_client_version + version: DevSec::Ssh.get_ssh_client_version, } end ) diff --git a/recipes/default.rb b/recipes/default.rb index 839aab5..3e68757 100644 --- a/recipes/default.rb +++ b/recipes/default.rb @@ -1,11 +1,9 @@ -# encoding: utf-8 - # -# Cookbook Name:: ssh-hardening +# Cookbook:: ssh-hardening # Recipe:: default.rb # -# Copyright 2012, Dominik Richter -# Copyright 2014, Deutsche Telekom AG +# Copyright:: 2012, Dominik Richter +# Copyright:: 2014, Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/recipes/server.rb b/recipes/server.rb index ee46f32..b873066 100644 --- a/recipes/server.rb +++ b/recipes/server.rb @@ -1,11 +1,9 @@ -# encoding: utf-8 - # -# Cookbook Name:: ssh-hardening +# Cookbook:: ssh-hardening # Recipe:: server.rb # -# Copyright 2012, Dominik Richter -# Copyright 2014, Deutsche Telekom AG +# Copyright:: 2012, Dominik Richter +# Copyright:: 2014, Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -51,7 +49,7 @@ end # Handle addional SELinux policy on RHEL/Fedora for different UsePAM options -if %w[fedora rhel].include?(node['platform_family']) +if platform_family?('fedora', 'rhel') policy_file = ::File.join(cache_dir, 'ssh_password.te') module_file = ::File.join(cache_dir, 'ssh_password.mod') package_file = ::File.join(cache_dir, 'ssh_password.pp') @@ -104,7 +102,7 @@ # remove all small primes # https://stribika.github.io/2015/01/04/secure-secure-shell.html dh_min_prime_size = node['ssh-hardening']['ssh']['server']['dh_min_prime_size'].to_i - 1 # 4096 is 4095 in the moduli file -ruby_block 'remove small primes from DH moduli' do # ~FC014 +ruby_block 'remove small primes from DH moduli' do block do tmp_file = "#{dh_moduli_file}.tmp" ::File.open(tmp_file, 'w') do |new_file| @@ -134,8 +132,7 @@ service 'sshd' do # use upstart for ubuntu, otherwise chef uses init # @see http://docs.opscode.com/resource_service.html#providers - case node['platform'] - when 'ubuntu' + if platform?('ubuntu') if node['platform_version'].to_f >= 15.04 provider Chef::Provider::Service::Systemd elsif node['platform_version'].to_f >= 12.04 @@ -144,19 +141,19 @@ end service_name node['ssh-hardening']['sshserver']['service_name'] supports value_for_platform( - 'centos' => { 'default' => %i[restart reload status] }, - 'redhat' => { 'default' => %i[restart reload status] }, - 'fedora' => { 'default' => %i[restart reload status] }, - 'scientific' => { 'default' => %i[restart reload status] }, + 'centos' => { 'default' => %i(restart reload status) }, + 'redhat' => { 'default' => %i(restart reload status) }, + 'fedora' => { 'default' => %i(restart reload status) }, + 'scientific' => { 'default' => %i(restart reload status) }, 'arch' => { 'default' => [:restart] }, - 'debian' => { 'default' => %i[restart reload status] }, + 'debian' => { 'default' => %i(restart reload status) }, 'ubuntu' => { - '8.04' => %i[restart reload], - 'default' => %i[restart reload status] + '8.04' => %i(restart reload), + 'default' => %i(restart reload status), }, - 'default' => { 'default' => %i[restart reload] } + 'default' => { 'default' => %i(restart reload) } ) - action %i[enable start] + action %i(enable start) end directory 'openssh-server ssh directory /etc/ssh' do @@ -181,7 +178,7 @@ cipher: node['ssh-hardening']['ssh']['server']['cipher'] || DevSec::Ssh.get_server_ciphers(node['ssh-hardening']['ssh']['server']['cbc_required']), use_priv_sep: node['ssh-hardening']['ssh']['use_privilege_separation'] || DevSec::Ssh.get_server_privilege_separarion, hostkeys: node['ssh-hardening']['ssh']['server']['host_key_files'] || DevSec::Ssh.get_server_algorithms.map { |alg| "/etc/ssh/ssh_host_#{alg}_key" }, - version: DevSec::Ssh.get_ssh_server_version + version: DevSec::Ssh.get_ssh_server_version, } end ) diff --git a/recipes/unlock.rb b/recipes/unlock.rb index 4d18623..5e7bf56 100644 --- a/recipes/unlock.rb +++ b/recipes/unlock.rb @@ -1,10 +1,8 @@ -# encoding: utf-8 - # -# Cookbook Name:: ssh-hardening +# Cookbook:: ssh-hardening # Recipe:: unlock # -# Copyright 2014, Deutsche Telekom AG +# Copyright:: 2014, Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/spec/libraries/devsec_ssh_spec.rb b/spec/libraries/devsec_ssh_spec.rb index 65ad54e..4f57816 100644 --- a/spec/libraries/devsec_ssh_spec.rb +++ b/spec/libraries/devsec_ssh_spec.rb @@ -1,7 +1,5 @@ -# encoding: utf-8 - # -# Copyright 2016, Artem Sidorenko +# Copyright:: 2016, Artem Sidorenko # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -42,12 +40,12 @@ def self.debug(*); end 'platform_version' => version, 'ssh-hardening' => { 'sshclient' => { - 'package' => package_name + 'package' => package_name, }, 'sshserver' => { - 'package' => package_name - } - } + 'package' => package_name, + }, + }, } node['packages'] = { package_name => { 'version' => package_version } } if package_installed @@ -254,7 +252,7 @@ def self.debug(*); end # get_[client|server]_[kexs|macs|ciphers] # In order to cover all possible combinations, we need a complex nested loops:-\ # We start with client|server combination - %w[client server].each do |type| + %w(client server).each do |type| # Go over different types of crypto parameters, e.g. kexs, macs, ciphers DevSec::Ssh::CRYPTO.each do |crypto_type, crypto_value| # we can not use subject here, as its not in the block function = "get_#{type}_#{crypto_type}" diff --git a/spec/recipes/client_spec.rb b/spec/recipes/client_spec.rb index 8436aa3..7669eae 100644 --- a/spec/recipes/client_spec.rb +++ b/spec/recipes/client_spec.rb @@ -1,8 +1,6 @@ -# encoding: UTF-8 - # -# Copyright 2014, Deutsche Telekom AG -# Copyright 2016, Artem Sidorenko +# Copyright:: 2014, Deutsche Telekom AG +# Copyright:: 2016, Artem Sidorenko # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -56,13 +54,13 @@ include_examples 'does not allow weak ciphers' it 'disables client roaming' do - expect(chef_run).to render_file('/etc/ssh/ssh_config'). - with_content(/UseRoaming no/) + expect(chef_run).to render_file('/etc/ssh/ssh_config') + .with_content(/UseRoaming no/) end it 'sends default locale environment variables' do - expect(chef_run).to render_file('/etc/ssh/ssh_config'). - with_content('SendEnv LANG LC_* LANGUAGE') + expect(chef_run).to render_file('/etc/ssh/ssh_config') + .with_content('SendEnv LANG LC_* LANGUAGE') end include_examples 'allow ctr ciphers' @@ -135,8 +133,8 @@ end it 'uses the value of kex attribute' do - expect(chef_run).to render_file('/etc/ssh/ssh_config'). - with_content(/KexAlgorithms mycustomkexvalue/) + expect(chef_run).to render_file('/etc/ssh/ssh_config') + .with_content(/KexAlgorithms mycustomkexvalue/) end end @@ -148,8 +146,8 @@ end it 'uses the value of mac attribute' do - expect(chef_run).to render_file('/etc/ssh/ssh_config'). - with_content(/MACs mycustommacvalue/) + expect(chef_run).to render_file('/etc/ssh/ssh_config') + .with_content(/MACs mycustommacvalue/) end end @@ -161,8 +159,8 @@ end it 'uses the value of cipher attribute' do - expect(chef_run).to render_file('/etc/ssh/ssh_config'). - with_content(/Ciphers mycustomciphervalue/) + expect(chef_run).to render_file('/etc/ssh/ssh_config') + .with_content(/Ciphers mycustomciphervalue/) end end @@ -174,21 +172,21 @@ end it 'will not send any environment variables' do - expect(chef_run).to_not render_file('/etc/ssh/ssh_config'). - with_content(/SendEnv/) + expect(chef_run).to_not render_file('/etc/ssh/ssh_config') + .with_content(/SendEnv/) end end context 'with custom send_env attribute' do cached(:chef_run) do ChefSpec::SoloRunner.new do |node| - node.normal['ssh-hardening']['ssh']['client']['send_env'] = %w[some environment variables] + node.normal['ssh-hardening']['ssh']['client']['send_env'] = %w(some environment variables) end.converge(described_recipe) end it 'uses the value of send_env attribute' do - expect(chef_run).to render_file('/etc/ssh/ssh_config'). - with_content(/SendEnv some environment variables/) + expect(chef_run).to render_file('/etc/ssh/ssh_config') + .with_content(/SendEnv some environment variables/) end end @@ -200,8 +198,8 @@ it 'does not have any extra config options' do expect(chef_run).to render_file('/etc/ssh/ssh_config') - expect(chef_run).not_to render_file('/etc/ssh/ssh_config'). - with_content(/^# Extra Configuration Options/) + expect(chef_run).not_to render_file('/etc/ssh/ssh_config') + .with_content(/^# Extra Configuration Options/) end end diff --git a/spec/recipes/default_spec.rb b/spec/recipes/default_spec.rb index 541a7a2..009fd65 100644 --- a/spec/recipes/default_spec.rb +++ b/spec/recipes/default_spec.rb @@ -1,7 +1,5 @@ -# encoding: UTF-8 - # -# Copyright 2014, Deutsche Telekom AG +# Copyright:: 2014, Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/spec/recipes/server_spec.rb b/spec/recipes/server_spec.rb index 8ac1a53..30de74b 100644 --- a/spec/recipes/server_spec.rb +++ b/spec/recipes/server_spec.rb @@ -1,8 +1,6 @@ -# encoding: UTF-8 - # -# Copyright 2014, Deutsche Telekom AG -# Copyright 2016, Artem Sidorenko +# Copyright:: 2014, Deutsche Telekom AG +# Copyright:: 2016, Artem Sidorenko # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -66,8 +64,8 @@ end it 'accepts default locale environment variables' do - expect(chef_run).to render_file('/etc/ssh/sshd_config'). - with_content('AcceptEnv LANG LC_* LANGUAGE') + expect(chef_run).to render_file('/etc/ssh/sshd_config') + .with_content('AcceptEnv LANG LC_* LANGUAGE') end include_examples 'does not allow weak hmacs' @@ -143,8 +141,8 @@ end it 'uses the value of kex attribute' do - expect(chef_run).to render_file('/etc/ssh/sshd_config'). - with_content(/KexAlgorithms mycustomkexvalue/) + expect(chef_run).to render_file('/etc/ssh/sshd_config') + .with_content(/KexAlgorithms mycustomkexvalue/) end end @@ -156,8 +154,8 @@ end it 'uses the value of mac attribute' do - expect(chef_run).to render_file('/etc/ssh/sshd_config'). - with_content(/MACs mycustommacvalue/) + expect(chef_run).to render_file('/etc/ssh/sshd_config') + .with_content(/MACs mycustommacvalue/) end end @@ -169,8 +167,8 @@ end it 'uses the value of cipher attribute' do - expect(chef_run).to render_file('/etc/ssh/sshd_config'). - with_content(/Ciphers mycustomciphervalue/) + expect(chef_run).to render_file('/etc/ssh/sshd_config') + .with_content(/Ciphers mycustomciphervalue/) end end @@ -193,8 +191,8 @@ end it 'unlocks root account' do - expect(chef_run).to run_execute('unlock root account if it is locked'). - with(command: "sed 's/^root:\!/root:*/' /etc/shadow -i") + expect(chef_run).to run_execute('unlock root account if it is locked') + .with(command: "sed 's/^root:\!/root:*/' /etc/shadow -i") end end @@ -209,8 +207,8 @@ end it 'disables the login banner' do - expect(chef_run).to render_file('/etc/ssh/sshd_config'). - with_content(/Banner none/) + expect(chef_run).to render_file('/etc/ssh/sshd_config') + .with_content(/Banner none/) end context 'with provided login banner path' do @@ -221,8 +219,8 @@ end it 'uses the given login banner' do - expect(chef_run).to render_file('/etc/ssh/sshd_config'). - with_content(/Banner \/etc\/ssh\/banner/) + expect(chef_run).to render_file('/etc/ssh/sshd_config') + .with_content(%r{Banner /etc/ssh/banner}) end end @@ -273,7 +271,7 @@ context 'running with OpenSSH >= 7.4 on RHEL 7' do let(:chef_run) do - ChefSpec::SoloRunner.new(platform: 'centos', version: '7.5.1804').converge(described_recipe) + ChefSpec::SoloRunner.new(platform: 'centos', version: '7').converge(described_recipe) end before do @@ -439,8 +437,8 @@ end it 'disables the debian banner' do - expect(chef_run).to render_file('/etc/ssh/sshd_config'). - with_content(/DebianBanner no/) + expect(chef_run).to render_file('/etc/ssh/sshd_config') + .with_content(/DebianBanner no/) end context 'with enabled debian banner' do @@ -451,8 +449,8 @@ end it 'uses the enabled debian banner' do - expect(chef_run).to render_file('/etc/ssh/sshd_config'). - with_content(/DebianBanner yes/) + expect(chef_run).to render_file('/etc/ssh/sshd_config') + .with_content(/DebianBanner yes/) end end @@ -462,14 +460,14 @@ end cached(:chef_run) do - ChefSpec::SoloRunner.new(platform: 'centos', version: '7.5.1804') do |node| + ChefSpec::SoloRunner.new(platform: 'centos', version: '7') do |node| node.normal['ssh-hardening']['ssh']['server']['os_banner'] = true end.converge(described_recipe) end it 'does not have the debian banner option' do - expect(chef_run).not_to render_file('/etc/ssh/sshd_config'). - with_content(/DebianBanner/) + expect(chef_run).not_to render_file('/etc/ssh/sshd_config') + .with_content(/DebianBanner/) end end end @@ -482,8 +480,8 @@ it 'does not have any extra config options' do expect(chef_run).to render_file('/etc/ssh/sshd_config') - expect(chef_run).not_to render_file('/etc/ssh/sshd_config'). - with_content(/^# Extra Configuration Options/) + expect(chef_run).not_to render_file('/etc/ssh/sshd_config') + .with_content(/^# Extra Configuration Options/) end end @@ -509,8 +507,8 @@ it 'does not have any match config blocks' do expect(chef_run).to render_file('/etc/ssh/sshd_config') - expect(chef_run).not_to render_file('/etc/ssh/sshd_config'). - with_content(/^# Match Configuration Blocks/) + expect(chef_run).not_to render_file('/etc/ssh/sshd_config') + .with_content(/^# Match Configuration Blocks/) end end @@ -531,8 +529,8 @@ end it 'disables the challenge response authentication' do - expect(chef_run).to render_file('/etc/ssh/sshd_config'). - with_content(/ChallengeResponseAuthentication no/) + expect(chef_run).to render_file('/etc/ssh/sshd_config') + .with_content(/ChallengeResponseAuthentication no/) end context 'with challenge response authentication enabled' do @@ -543,14 +541,14 @@ end it 'enables the challenge response authentication' do - expect(chef_run).to render_file('/etc/ssh/sshd_config'). - with_content(/ChallengeResponseAuthentication yes/) + expect(chef_run).to render_file('/etc/ssh/sshd_config') + .with_content(/ChallengeResponseAuthentication yes/) end end it 'sets the login grace time to 30s' do - expect(chef_run).to render_file('/etc/ssh/sshd_config'). - with_content(/LoginGraceTime 30s/) + expect(chef_run).to render_file('/etc/ssh/sshd_config') + .with_content(/LoginGraceTime 30s/) end context 'with configured login grace time to 60s' do @@ -561,14 +559,14 @@ end it 'sets the login grace time to 60s' do - expect(chef_run).to render_file('/etc/ssh/sshd_config'). - with_content(/LoginGraceTime 60s/) + expect(chef_run).to render_file('/etc/ssh/sshd_config') + .with_content(/LoginGraceTime 60s/) end end it 'sets the log level to verbose' do - expect(chef_run).to render_file('/etc/ssh/sshd_config'). - with_content('LogLevel VERBOSE') + expect(chef_run).to render_file('/etc/ssh/sshd_config') + .with_content('LogLevel VERBOSE') end context 'with log level set to debug' do @@ -579,61 +577,61 @@ end it 'sets the log level to debug' do - expect(chef_run).to render_file('/etc/ssh/sshd_config'). - with_content('LogLevel DEBUG') + expect(chef_run).to render_file('/etc/ssh/sshd_config') + .with_content('LogLevel DEBUG') end end it 'leaves deny users commented' do - expect(chef_run).to render_file('/etc/ssh/sshd_config'). - with_content(/#DenyUsers */) + expect(chef_run).to render_file('/etc/ssh/sshd_config') + .with_content(/#DenyUsers */) end it 'leaves allow users commented' do - expect(chef_run).to render_file('/etc/ssh/sshd_config'). - with_content(/#AllowUsers user1/) + expect(chef_run).to render_file('/etc/ssh/sshd_config') + .with_content(/#AllowUsers user1/) end it 'leaves deny groups commented' do - expect(chef_run).to render_file('/etc/ssh/sshd_config'). - with_content(/#DenyGroups */) + expect(chef_run).to render_file('/etc/ssh/sshd_config') + .with_content(/#DenyGroups */) end it 'leaves allow groups commented' do - expect(chef_run).to render_file('/etc/ssh/sshd_config'). - with_content(/#AllowGroups group1/) + expect(chef_run).to render_file('/etc/ssh/sshd_config') + .with_content(/#AllowGroups group1/) end context 'with attribute deny_users' do cached(:chef_run) do ChefSpec::SoloRunner.new do |node| - node.normal['ssh-hardening']['ssh']['server']['deny_users'] = %w[someuser] + node.normal['ssh-hardening']['ssh']['server']['deny_users'] = %w(someuser) end.converge(described_recipe) end it 'adds user to deny list' do - expect(chef_run).to render_file('/etc/ssh/sshd_config'). - with_content(/DenyUsers [^#]*\bsomeuser\b/) + expect(chef_run).to render_file('/etc/ssh/sshd_config') + .with_content(/DenyUsers [^#]*\bsomeuser\b/) end end context 'with attribute deny_users mutiple' do cached(:chef_run) do ChefSpec::SoloRunner.new do |node| - node.normal['ssh-hardening']['ssh']['server']['deny_users'] = %w[someuser otheruser] + node.normal['ssh-hardening']['ssh']['server']['deny_users'] = %w(someuser otheruser) end.converge(described_recipe) end it 'adds users to deny list' do - expect(chef_run).to render_file('/etc/ssh/sshd_config'). - with_content(/DenyUsers [^#]*\bsomeuser otheruser\b/) + expect(chef_run).to render_file('/etc/ssh/sshd_config') + .with_content(/DenyUsers [^#]*\bsomeuser otheruser\b/) end end context 'without attribute use_dns' do it 'leaves UseDNS commented' do - expect(chef_run).to render_file('/etc/ssh/sshd_config'). - with_content(/#UseDNS no/) + expect(chef_run).to render_file('/etc/ssh/sshd_config') + .with_content(/#UseDNS no/) end end @@ -645,8 +643,8 @@ end it 'sets UseDNS correctly' do - expect(chef_run).to render_file('/etc/ssh/sshd_config'). - with_content(/UseDNS no/) + expect(chef_run).to render_file('/etc/ssh/sshd_config') + .with_content(/UseDNS no/) end end @@ -658,15 +656,15 @@ end it 'sets UseDNS correctly' do - expect(chef_run).to render_file('/etc/ssh/sshd_config'). - with_content(/UseDNS yes/) + expect(chef_run).to render_file('/etc/ssh/sshd_config') + .with_content(/UseDNS yes/) end end context 'without attribute ["sftp"]["enable"]' do it 'leaves SFTP Subsystem commented' do - expect(chef_run).to render_file('/etc/ssh/sshd_config'). - with_content(/^#Subsystem sftp/) + expect(chef_run).to render_file('/etc/ssh/sshd_config') + .with_content(/^#Subsystem sftp/) end end @@ -678,8 +676,8 @@ end it 'sets SFTP Subsystem correctly' do - expect(chef_run).to render_file('/etc/ssh/sshd_config'). - with_content(/^Subsystem sftp/) + expect(chef_run).to render_file('/etc/ssh/sshd_config') + .with_content(/^Subsystem sftp/) end end @@ -692,8 +690,8 @@ end it 'sets the SFTP Group correctly' do - expect(chef_run).to render_file('/etc/ssh/sshd_config'). - with_content(/^Match Group testgroup$/) + expect(chef_run).to render_file('/etc/ssh/sshd_config') + .with_content(/^Match Group testgroup$/) end end @@ -706,8 +704,8 @@ end it 'sets the SFTP chroot correctly' do - expect(chef_run).to render_file('/etc/ssh/sshd_config'). - with_content(/^[[:space:]]*ChrootDirectory test_home_dir$/) + expect(chef_run).to render_file('/etc/ssh/sshd_config') + .with_content(/^[[:space:]]*ChrootDirectory test_home_dir$/) end end @@ -719,8 +717,8 @@ end it 'sets proper IPv4 ListenAdress' do - expect(chef_run).to render_file('/etc/ssh/sshd_config'). - with_content(/ListenAddress 0.0.0.0/) + expect(chef_run).to render_file('/etc/ssh/sshd_config') + .with_content(/ListenAddress 0.0.0.0/) end end @@ -732,9 +730,9 @@ end it 'sets proper IPv4 and IPv6 ListenAdress' do - expect(chef_run).to render_file('/etc/ssh/sshd_config'). - with_content(/ListenAddress 0.0.0.0/). - with_content(/ListenAddress ::/) + expect(chef_run).to render_file('/etc/ssh/sshd_config') + .with_content(/ListenAddress 0.0.0.0/) + .with_content(/ListenAddress ::/) end end @@ -746,21 +744,21 @@ end it 'will not accept any environment variables' do - expect(chef_run).to_not render_file('/etc/ssh/sshd_config'). - with_content(/AcceptEnv/) + expect(chef_run).to_not render_file('/etc/ssh/sshd_config') + .with_content(/AcceptEnv/) end end context 'with custom accept_env attribute' do cached(:chef_run) do ChefSpec::SoloRunner.new do |node| - node.normal['ssh-hardening']['ssh']['server']['accept_env'] = %w[some environment variables] + node.normal['ssh-hardening']['ssh']['server']['accept_env'] = %w(some environment variables) end.converge(described_recipe) end it 'uses the value of accept_env attribute' do - expect(chef_run).to render_file('/etc/ssh/sshd_config'). - with_content(/AcceptEnv some environment variables/) + expect(chef_run).to render_file('/etc/ssh/sshd_config') + .with_content(/AcceptEnv some environment variables/) end end @@ -771,8 +769,8 @@ end it 'does not have AuthorizedKeysFile configured' do - expect(chef_run).not_to render_file('/etc/ssh/sshd_config'). - with_content(/^[[:space:]]*AuthorizedKeysFile/) + expect(chef_run).not_to render_file('/etc/ssh/sshd_config') + .with_content(/^[[:space:]]*AuthorizedKeysFile/) end end @@ -784,8 +782,8 @@ end it 'has AuthorizedKeysFile configured' do - expect(chef_run).to render_file('/etc/ssh/sshd_config'). - with_content('AuthorizedKeysFile /some/authorizedkeysfile') + expect(chef_run).to render_file('/etc/ssh/sshd_config') + .with_content('AuthorizedKeysFile /some/authorizedkeysfile') end end @@ -798,8 +796,8 @@ end it 'has AuthorizedKeysFile configured' do - expect(chef_run).to render_file('/etc/ssh/sshd_config'). - with_content('AuthorizedKeysFile /some/authorizedkeysfile') + expect(chef_run).to render_file('/etc/ssh/sshd_config') + .with_content('AuthorizedKeysFile /some/authorizedkeysfile') end end end diff --git a/spec/recipes/unlock_spec.rb b/spec/recipes/unlock_spec.rb index f935e98..914caf9 100644 --- a/spec/recipes/unlock_spec.rb +++ b/spec/recipes/unlock_spec.rb @@ -1,7 +1,5 @@ -# encoding: UTF-8 - # -# Copyright 2014, Deutsche Telekom AG +# Copyright:: 2014, Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/spec/shared_examples_crypto.rb b/spec/shared_examples_crypto.rb index 059ee5d..9d0d434 100644 --- a/spec/shared_examples_crypto.rb +++ b/spec/shared_examples_crypto.rb @@ -1,8 +1,6 @@ -# encoding: UTF-8 - # -# Copyright 2014, Deutsche Telekom AG -# Copyright 2016, Artem Sidorenko +# Copyright:: 2014, Deutsche Telekom AG +# Copyright:: 2016, Artem Sidorenko # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,8 +18,8 @@ RSpec.shared_examples 'does not allow weak hmacs' do it 'should not allow weak hmacs' do helper_lib::CRYPTO[:macs][:weak].each do |mac| - expect(chef_run).not_to render_file(ssh_config_file). - with_content(/MACs [^#]*\b#{mac}\b/) + expect(chef_run).not_to render_file(ssh_config_file) + .with_content(/MACs [^#]*\b#{mac}\b/) end end end @@ -29,8 +27,8 @@ RSpec.shared_examples 'does not allow weak kexs' do it 'should not allow weak kexs' do helper_lib::CRYPTO[:kexs][:weak].each do |kex| - expect(chef_run).not_to render_file(ssh_config_file). - with_content(/KexAlgorithms [^#]*\b#{kex}\b/) + expect(chef_run).not_to render_file(ssh_config_file) + .with_content(/KexAlgorithms [^#]*\b#{kex}\b/) end end end @@ -38,18 +36,18 @@ RSpec.shared_examples 'does not allow weak ciphers' do it 'should not allow weak ciphers' do helper_lib::CRYPTO[:ciphers][:weak].each do |cipher| - expect(chef_run).not_to render_file(ssh_config_file). - with_content(/Ciphers [^#]*\b#{cipher}\b/) + expect(chef_run).not_to render_file(ssh_config_file) + .with_content(/Ciphers [^#]*\b#{cipher}\b/) end end end RSpec.shared_examples 'allow ctr ciphers' do - let(:ctr_ciphers) { %w[aes256-ctr aes192-ctr aes128-ctr] } + let(:ctr_ciphers) { %w(aes256-ctr aes192-ctr aes128-ctr) } it 'should allow ctr ciphers' do ctr_ciphers.each do |cipher| - expect(chef_run).to render_file(ssh_config_file). - with_content(/Ciphers [^#]*\b#{cipher}\b/) + expect(chef_run).to render_file(ssh_config_file) + .with_content(/Ciphers [^#]*\b#{cipher}\b/) end end end @@ -57,8 +55,8 @@ RSpec.shared_examples 'allow weak hmacs' do it 'should allow weak hmacs' do helper_lib::CRYPTO[:macs][:weak].each do |mac| - expect(chef_run).to render_file(ssh_config_file). - with_content(/MACs [^#]*\b#{mac}\b/) + expect(chef_run).to render_file(ssh_config_file) + .with_content(/MACs [^#]*\b#{mac}\b/) end end end @@ -66,8 +64,8 @@ RSpec.shared_examples 'allow weak kexs' do it 'should allow weak kexs' do helper_lib::CRYPTO[:kexs][:weak].each do |kex| - expect(chef_run).to render_file(ssh_config_file). - with_content(/KexAlgorithms [^#]*\b#{kex}\b/) + expect(chef_run).to render_file(ssh_config_file) + .with_content(/KexAlgorithms [^#]*\b#{kex}\b/) end end end @@ -75,8 +73,8 @@ RSpec.shared_examples 'allow weak ciphers' do it 'should allow weak ciphers' do helper_lib::CRYPTO[:ciphers][:weak].each do |cipher| - expect(chef_run).to render_file(ssh_config_file). - with_content(/Ciphers [^#]*\b#{cipher}\b/) + expect(chef_run).to render_file(ssh_config_file) + .with_content(/Ciphers [^#]*\b#{cipher}\b/) end end end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 0e945c7..58f576a 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,7 +1,5 @@ -# encoding: utf-8 - # -# Copyright 2014, Deutsche Telekom AG +# Copyright:: 2014, Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,7 +21,6 @@ # coverage report Coveralls.wear! -at_exit { ChefSpec::Coverage.report! } RSpec.configure do |config| # OS and version for mocking of ohai data, needed by chefspec diff --git a/test/fixtures/cookbooks/test/metadata.rb b/test/fixtures/cookbooks/test/metadata.rb index 9efab02..5a83882 100644 --- a/test/fixtures/cookbooks/test/metadata.rb +++ b/test/fixtures/cookbooks/test/metadata.rb @@ -1,9 +1,8 @@ name 'test' maintainer 'Dominik Richter' maintainer_email 'dominik.richter@googlemail.com' -license 'Apache 2.0' +license 'Apache-2.0' description 'This cookbook is used for testing purposes' -long_description 'This cookbook is used for testing purposes' version '0.0.1' depends 'compat_resource', '>= 12.16.3' diff --git a/test/fixtures/cookbooks/test/recipes/default.rb b/test/fixtures/cookbooks/test/recipes/default.rb index dfbd7e4..22b88c4 100644 --- a/test/fixtures/cookbooks/test/recipes/default.rb +++ b/test/fixtures/cookbooks/test/recipes/default.rb @@ -1,9 +1,8 @@ -# encoding: utf-8 # -# Cookbook Name:: test +# Cookbook:: test # Recipe:: default.rb # -# Copyright 2017, Artem Sidorenko +# Copyright:: 2017, Artem Sidorenko # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,7 +17,7 @@ # limitations under the License. # -if node['platform_family'] == 'debian' +if platform_family?('debian') apt_update 'update-apt-cache' do action :update end