Merge pull request #86 from amendlik/file-mode

Add variables for file owner and mode

.kitchen.yml

@@ -21,7 +21,8 @@ provisioner:
         '*':
           - openssl
     openssl.sls:
-      sshd_enable: true
+      openssh:
+        sshd_config_mode: '600'
 
 suites:
   - name: default

openssh/config.sls

@@ -9,8 +9,9 @@ sshd_config:
     - name: {{ openssh.sshd_config }}
     - source: {{ openssh.sshd_config_src }}
     - template: jinja
-    - user: root
-    - mode: 644
+    - user: {{ openssh.sshd_config_user }}
+    - group: {{ openssh.sshd_config_group }}
+    - mode: {{ openssh.sshd_config_mode }}
     - watch_in:
       - service: openssh
 {% endif %}
@@ -21,8 +22,9 @@ ssh_config:
     - name: {{ openssh.ssh_config }}
     - source: {{ openssh.ssh_config_src }}
     - template: jinja
-    - user: root
-    - mode: 644
+    - user: {{ openssh.ssh_config_user }}
+    - group: {{ openssh.ssh_config_group }}
+    - mode: {{ openssh.ssh_config_mode }}
 {% endif %}
 
 {% for keyType in ['ecdsa', 'dsa', 'rsa', 'ed25519'] %}

openssh/defaults.yaml

@@ -2,8 +2,14 @@ openssh:
   sshd_enable: True
   sshd_config: /etc/ssh/sshd_config
   sshd_config_src: salt://openssh/files/sshd_config
+  sshd_config_user: root
+  sshd_config_group: root
+  sshd_config_mode: '644'
   ssh_config: /etc/ssh/ssh_config
   ssh_config_src: salt://openssh/files/ssh_config
+  ssh_config_user: root
+  ssh_config_group: root
+  ssh_config_mode: '644'
   banner: /etc/ssh/banner
   banner_src: salt://openssh/files/banner
   ssh_known_hosts: /etc/ssh/ssh_known_hosts

test/integration/default/serverspec/openssl_server_spec.rb

@@ -14,4 +14,16 @@ describe 'openssl/config.sls' do
     it { should be_running }
   end
 
+  describe file('/etc/ssh/sshd_config') do
+    it { should be_mode 600 }
+    it { should be_owned_by 'root' }
+    it { should be_grouped_into 'root' }
+  end
+
+  describe file('/etc/ssh/ssh_config') do
+    it { should be_mode 644 }
+    it { should be_owned_by 'root' }
+    it { should be_grouped_into 'root' }
+  end
+
 end