Merge pull request dev-sec#11 from ehaselwanter/master

fix rubocop violations
rollbrettler · May 21, 2014 · 211e017 · 211e017
2 parents ae27f61 + b5700ea
commit 211e017
Show file tree

Hide file tree

Showing 5 changed files with 46 additions and 46 deletions.
diff --git a/.rubocop.yml b/.rubocop.yml
@@ -2,6 +2,7 @@ AllCops:
   Excludes:
     - vendor/**
     - metadata.rb
+    - test/integration/**
 
 AlignParameters:
   Enabled: false

diff --git a/attributes/default.rb b/attributes/default.rb
@@ -19,31 +19,30 @@
 
 # Define the client package name
 case platform
-when "redhat", "centos", "fedora", "amazon", "oracle", "scientific"
-    default['sslclient']['package'] = "openssh-clients"
-when "debian", "ubuntu"
-    default['sslclient']['package'] = "openssh-client"
-when "arch"
-    default['sslclient']['package'] = "openssh"
+when 'redhat', 'centos', 'fedora', 'amazon', 'oracle', 'scientific'
+  default['sslclient']['package'] = 'openssh-clients'
+when 'debian', 'ubuntu'
+  default['sslclient']['package'] = 'openssh-client'
+when 'arch'
+  default['sslclient']['package'] = 'openssh'
 else
-    default['sslclient']['package'] = "openssh-client"
+  default['sslclient']['package'] = 'openssh-client'
 end
 
 # Define the server package name
-default['sslserver']['package'] = "openssh-server"
+default['sslserver']['package'] = 'openssh-server'
 
-
-default['config_disclaimer']              = "**Note:** This file was automatically created by Pinerolo configuration. If you use its automated setup, do not edit this file directly, but adjust the automation instead."
+default['config_disclaimer']              = '**Note:** This file was automatically created by Pinerolo configuration. If you use its automated setup, do not edit this file directly, but adjust the automation instead.'
 default['network']['ipv6']['enable']      = false   # sshd + ssh
 default['ssh']['cbc_required']            = false   # sshd + ssh
 default['ssh']['weak_hmac']               = false   # sshd + ssh
 default['ssh']['weak_kex']                = false   # sshd + ssh
-default['ssh']['ports']                   = [ 22 ]  # sshd + ssh
-default['ssh']['listen_to']               = ["0.0.0.0"]     # sshd
-default['ssh']['host_key_files']          = ["/etc/ssh/ssh_host_rsa_key","/etc/ssh/ssh_host_dsa_key","/etc/ssh/ssh_host_ecdsa_key"]     # sshd
+default['ssh']['ports']                   = [22]  # sshd + ssh
+default['ssh']['listen_to']               = ['0.0.0.0']     # sshd
+default['ssh']['host_key_files']          = ['/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_dsa_key', '/etc/ssh/ssh_host_ecdsa_key']     # sshd
 default['ssh']['client_alive_interval']   = 600     # sshd, 10min
 default['ssh']['client_alive_count']      = 3       # sshd, ~> 3 x interval
-default['ssh']['remote_hosts']            = [ ]     # ssh
+default['ssh']['remote_hosts']            = []     # ssh
 default['ssh']['allow_root_with_key']     = false   # sshd
 default['ssh']['allow_tcp_forwarding']    = false   # sshd
-default['ssh']['allow_agent_forwarding']  = false   # sshd
+default['ssh']['allow_agent_forwarding']  = false   # sshd
diff --git a/recipes/client.rb b/recipes/client.rb
@@ -18,20 +18,20 @@
 # limitations under the License.
 #
 
-package "openssh-client" do
+package 'openssh-client' do
   package_name node['sslclient']['package']
 end
 
-directory "/etc/ssh" do
+directory '/etc/ssh' do
   mode 0555
-  owner "root"
-  group "root"
+  owner 'root'
+  group 'root'
   action :create
 end
 
-template "/etc/ssh/ssh_config" do
-  source "openssh.conf.erb"
+template '/etc/ssh/ssh_config' do
+  source 'openssh.conf.erb'
   mode 0444
-  owner "root"
-  group "root"
+  owner 'root'
+  group 'root'
 end
diff --git a/recipes/default.rb b/recipes/default.rb
@@ -18,5 +18,5 @@
 # limitations under the License.
 #
 
-include_recipe "ssh-hardening::server"
-include_recipe "ssh-hardening::client"
+include_recipe 'ssh-hardening::server'
+include_recipe 'ssh-hardening::client'
diff --git a/recipes/server.rb b/recipes/server.rb
@@ -18,53 +18,53 @@
 # limitations under the License.
 #
 
-package "openssh-server" do
+package 'openssh-server' do
   package_name node['sslserver']['package']
 end
 
-directory "/etc/ssh" do
+directory '/etc/ssh' do
   mode 0555
-  owner "root"
-  group "root"
+  owner 'root'
+  group 'root'
   action :create
 end
 
-template "/etc/ssh/sshd_config" do
-  source "opensshd.conf.erb"
+template '/etc/ssh/sshd_config' do
+  source 'opensshd.conf.erb'
   mode 0400
-  owner "root"
-  group "root"
+  owner 'root'
+  group 'root'
 end
 
-def get_key_from field
-  search("users","#{field}:*").map do |v| # ~FC003 ignore footcritic violation
+def get_key_from(field)
+  search('users', "#{field}:*").map do |v| # ~FC003 ignore footcritic violation
     Chef::Log.info "ssh_server: installing ssh-keys for root access of user #{v['id']}"
     v[field]
   end.flatten
 end
 
 keys = get_key_from('ssh_rootkey') + get_key_from('ssh_rootkeys')
-Chef::Log.info "ssh_server: not setting up any ssh keys" if keys.empty?
+Chef::Log.info 'ssh_server: not setting up any ssh keys' if keys.empty?
 
-directory "/root/.ssh" do
+directory '/root/.ssh' do
   mode 0500
-  owner "root"
-  group "root"
+  owner 'root'
+  group 'root'
   action :create
 end
 
-template "/root/.ssh/authorized_keys" do
-  source "authorized_keys.erb"
+template '/root/.ssh/authorized_keys' do
+  source 'authorized_keys.erb'
   mode 0400
-  owner "root"
-  group "root"
+  owner 'root'
+  group 'root'
   variables(
     :keys => keys
   )
-  only_if{ not keys.empty? }
+  only_if { !keys.empty? }
 end
 
-execute "unlock root account if it is locked" do
+execute 'unlock root account if it is locked' do
   command "sed 's/^root:\!/root:*/' /etc/shadow -i"
-  only_if{ node['ssh']['allow_root_with_key'] }
+  only_if { node['ssh']['allow_root_with_key'] }
 end