Clark Boylan d618d9a032 Trim the openstack root list
Unfortunately its been a long time since jhesketh, yolanda, and
rcarrillocruz have been able to take on Infra admin/root duties. I've
reached out to all of them and they agree that now is an appropriate
time to remove their access.

We thank them for their service and will welcome them back should they
return.

Change-Id: Id9994830c506dc28c164c53123a2a248454b5178
2019-04-24 09:03:36 -07:00

83 lines
2.0 KiB
Ruby
Executable File

require 'puppet-openstack_infra_spec_helper/spec_helper_acceptance'
describe 'openstack_project::server' do
def pp_path
base_path = File.dirname(__FILE__)
File.join(base_path, 'fixtures')
end
def puppet_manifest
manifest_path = File.join(pp_path, 'default.pp')
File.read(manifest_path)
end
def postconditions_puppet_manifest
manifest_path = File.join(pp_path, 'postconditions.pp')
File.read(manifest_path)
end
before(:all) do
# The ssh_authorized_key resource uses the key comment as a universal
# identifier, so if a user's key is already in root's authorized keys, it
# conflicts with adding the key for the user itself. Move root's key list
# aside temporarily.
shell('mv /root/.ssh/authorized_keys /root/.ssh/authorized_keys.bak')
# epel is needed to install exim
if os[:family] == 'redhat'
shell('yum-config-manager --enable epel')
end
end
it 'should work with no errors' do
apply_manifest(puppet_manifest, catch_failures: true)
end
it 'should be idempotent' do
apply_manifest(puppet_manifest, catch_changes: true)
end
it 'should turn root ssh back on' do
apply_manifest(postconditions_puppet_manifest, catch_failures: true)
shell('mv /root/.ssh/authorized_keys.bak /root/.ssh/authorized_keys')
end
['mordred',
'corvus',
'clarkb',
'fungi',
'pabelanger',
'ianw',
'shrews',
'dmsimard',
'frickler'].each do |user|
describe user(user) do
it { should exist }
end
end
['slukjanov',
'elizabeth',
'jhesketh',
'yolanda',
'rcarrillocruz',
'nibz'].each do |user|
describe user(user) do
it { should_not exist }
end
end
exim = os[:family] == 'ubuntu' ? 'exim4' : 'exim'
ntp = os[:family] == 'ubuntu' ? 'ntp' : 'ntpd'
services = ['rsyslog', 'unbound', exim, 'snmpd', ntp]
if os[:family] == 'ubuntu'
services.push('openafs-client')
end
services.each do |service|
describe service(service) do
it { should be_running }
end
end
end