update spec tests for kex changes

Signed-off-by: Dominik Richter <[email protected]>

Author: arlimus

spec/recipes/client_spec.rb

@@ -48,6 +48,10 @@
   end
 
   it 'disables weak kexs' do
+    expect(chef_run).not_to render_file('/etc/ssh/ssh_config')
+      .with_content(/KexAlgorithms [^#]*\bdiffie-hellman-group14-sha1\b/)
+    expect(chef_run).not_to render_file('/etc/ssh/ssh_config')
+      .with_content(/KexAlgorithms [^#]*\bdiffie-hellman-group-exchange-sha1\b/)
     expect(chef_run).not_to render_file('/etc/ssh/ssh_config')
       .with_content(/KexAlgorithms [^#]*\bdiffie-hellman-group1-sha1\b/)
   end
@@ -102,6 +106,10 @@
     end
 
     it 'allows weak kexs on the client' do
+      expect(chef_run).to render_file('/etc/ssh/ssh_config')
+      .with_content(/KexAlgorithms [^#]*\bdiffie-hellman-group14-sha1\b/)
+      expect(chef_run).to render_file('/etc/ssh/ssh_config')
+        .with_content(/KexAlgorithms [^#]*\bdiffie-hellman-group-exchange-sha1\b/)
       expect(chef_run).to render_file('/etc/ssh/ssh_config')
         .with_content(/KexAlgorithms [^#]*\bdiffie-hellman-group1-sha1\b/)
     end
@@ -119,6 +127,10 @@
     end
 
     it 'does not allow weak kexs on the client' do
+      expect(chef_run).not_to render_file('/etc/ssh/ssh_config')
+        .with_content(/KexAlgorithms [^#]*\bdiffie-hellman-group14-sha1\b/)
+      expect(chef_run).not_to render_file('/etc/ssh/ssh_config')
+        .with_content(/KexAlgorithms [^#]*\bdiffie-hellman-group-exchange-sha1\b/)
       expect(chef_run).not_to render_file('/etc/ssh/ssh_config')
         .with_content(/KexAlgorithms [^#]*\bdiffie-hellman-group1-sha1\b/)
     end
@@ -170,6 +182,10 @@
       end
 
       it 'still does not allow weak kexs' do
+        expect(chef_run).not_to render_file('/etc/ssh/ssh_config')
+          .with_content(/KexAlgorithms [^#]*\bdiffie-hellman-group14-sha1\b/)
+        expect(chef_run).not_to render_file('/etc/ssh/ssh_config')
+          .with_content(/KexAlgorithms [^#]*\bdiffie-hellman-group-exchange-sha1\b/)
         expect(chef_run).not_to render_file('/etc/ssh/ssh_config')
           .with_content(/KexAlgorithms [^#]*\bdiffie-hellman-group1-sha1\b/)
       end
@@ -194,6 +210,10 @@
       end
 
       it 'allows weak kexs on the client' do
+        expect(chef_run).to render_file('/etc/ssh/ssh_config')
+          .with_content(/KexAlgorithms [^#]*\bdiffie-hellman-group14-sha1\b/)
+        expect(chef_run).to render_file('/etc/ssh/ssh_config')
+          .with_content(/KexAlgorithms [^#]*\bdiffie-hellman-group-exchange-sha1\b/)
         expect(chef_run).to render_file('/etc/ssh/ssh_config')
           .with_content(/KexAlgorithms [^#]*\bdiffie-hellman-group1-sha1\b/)
       end
@@ -235,6 +255,10 @@
       end
 
       it 'still does not allow weak kexs' do
+        expect(chef_run).not_to render_file('/etc/ssh/ssh_config')
+          .with_content(/KexAlgorithms [^#]*\bdiffie-hellman-group14-sha1\b/)
+        expect(chef_run).not_to render_file('/etc/ssh/ssh_config')
+          .with_content(/KexAlgorithms [^#]*\bdiffie-hellman-group-exchange-sha1\b/)
         expect(chef_run).not_to render_file('/etc/ssh/ssh_config')
           .with_content(/KexAlgorithms [^#]*\bdiffie-hellman-group1-sha1\b/)
       end

spec/recipes/server_spec.rb

@@ -56,6 +56,10 @@
   end
 
   it 'disables weak kexs' do
+    expect(chef_run).not_to render_file('/etc/ssh/sshd_config')
+      .with_content(/KexAlgorithms [^#]*\bdiffie-hellman-group14-sha1\b/)
+    expect(chef_run).not_to render_file('/etc/ssh/sshd_config')
+      .with_content(/KexAlgorithms [^#]*\bdiffie-hellman-group-exchange-sha1\b/)
     expect(chef_run).not_to render_file('/etc/ssh/sshd_config')
       .with_content(/KexAlgorithms [^#]*\bdiffie-hellman-group1-sha1\b/)
   end
@@ -111,6 +115,10 @@
     end
 
     it 'enables weak kexs on the server' do
+      expect(chef_run).to render_file('/etc/ssh/sshd_config')
+        .with_content(/KexAlgorithms [^#]*\bdiffie-hellman-group14-sha1\b/)
+      expect(chef_run).to render_file('/etc/ssh/sshd_config')
+        .with_content(/KexAlgorithms [^#]*\bdiffie-hellman-group-exchange-sha1\b/)
       expect(chef_run).to render_file('/etc/ssh/sshd_config')
         .with_content(/KexAlgorithms [^#]*\bdiffie-hellman-group1-sha1\b/)
     end
@@ -129,6 +137,10 @@
     end
 
     it 'does not enable weak kexs on the server' do
+      expect(chef_run).not_to render_file('/etc/ssh/sshd_config')
+        .with_content(/KexAlgorithms [^#]*\bdiffie-hellman-group14-sha1\b/)
+      expect(chef_run).not_to render_file('/etc/ssh/sshd_config')
+        .with_content(/KexAlgorithms [^#]*\bdiffie-hellman-group-exchange-sha1\b/)
       expect(chef_run).not_to render_file('/etc/ssh/sshd_config')
         .with_content(/KexAlgorithms [^#]*\bdiffie-hellman-group1-sha1\b/)
     end
@@ -182,6 +194,10 @@
       end
 
       it 'still does not allow weak kexs' do
+        expect(chef_run).not_to render_file('/etc/ssh/sshd_config')
+          .with_content(/KexAlgorithms [^#]*\bdiffie-hellman-group14-sha1\b/)
+        expect(chef_run).not_to render_file('/etc/ssh/sshd_config')
+          .with_content(/KexAlgorithms [^#]*\bdiffie-hellman-group-exchange-sha1\b/)
         expect(chef_run).not_to render_file('/etc/ssh/sshd_config')
           .with_content(/KexAlgorithms [^#]*\bdiffie-hellman-group1-sha1\b/)
       end
@@ -207,6 +223,10 @@
       end
 
       it 'allows weak kexs' do
+        expect(chef_run).to render_file('/etc/ssh/sshd_config')
+          .with_content(/KexAlgorithms [^#]*\bdiffie-hellman-group14-sha1\b/)
+        expect(chef_run).to render_file('/etc/ssh/sshd_config')
+          .with_content(/KexAlgorithms [^#]*\bdiffie-hellman-group-exchange-sha1\b/)
         expect(chef_run).to render_file('/etc/ssh/sshd_config')
           .with_content(/KexAlgorithms [^#]*\bdiffie-hellman-group1-sha1\b/)
       end
@@ -249,6 +269,10 @@
       end
 
       it 'still does not allow weak kexs' do
+        expect(chef_run).not_to render_file('/etc/ssh/sshd_config')
+          .with_content(/KexAlgorithms [^#]*\bdiffie-hellman-group14-sha1\b/)
+        expect(chef_run).not_to render_file('/etc/ssh/sshd_config')
+          .with_content(/KexAlgorithms [^#]*\bdiffie-hellman-group-exchange-sha1\b/)
         expect(chef_run).not_to render_file('/etc/ssh/sshd_config')
           .with_content(/KexAlgorithms [^#]*\bdiffie-hellman-group1-sha1\b/)
       end