Cleanup the attribute handling in templates

artem-sidorenko · artem-sidorenko · commit 6d929fd02fb6 · 2016-12-22T21:02:09.000+01:00
and have it the same way:
 - only crypto related parameters are passed as template var
 - all other attributes are referenced directly via node obj from template
diff --git a/recipes/client.rb b/recipes/client.rb
@@ -38,7 +38,6 @@
   variables(
     mac:     node['ssh-hardening']['ssh']['client']['mac']    || DevSec::Ssh.get_client_macs(node['ssh-hardening']['ssh']['client']['weak_hmac']),
     kex:     node['ssh-hardening']['ssh']['client']['kex']    || DevSec::Ssh.get_client_kexs(node['ssh-hardening']['ssh']['client']['weak_kex']),
-    cipher:  node['ssh-hardening']['ssh']['client']['cipher'] || DevSec::Ssh.get_client_ciphers(node['ssh-hardening']['ssh']['client']['cbc_required']),
-    roaming: node['ssh-hardening']['ssh']['client']['roaming']
+    cipher:  node['ssh-hardening']['ssh']['client']['cipher'] || DevSec::Ssh.get_client_ciphers(node['ssh-hardening']['ssh']['client']['cbc_required'])
   )
 end
diff --git a/recipes/server.rb b/recipes/server.rb
@@ -69,11 +69,7 @@
     mac:    node['ssh-hardening']['ssh']['server']['mac']    || DevSec::Ssh.get_server_macs(node['ssh-hardening']['ssh']['server']['weak_hmac']),
     kex:    node['ssh-hardening']['ssh']['server']['kex']    || DevSec::Ssh.get_server_kexs(node['ssh-hardening']['ssh']['server']['weak_kex']),
     cipher: node['ssh-hardening']['ssh']['server']['cipher'] || DevSec::Ssh.get_server_ciphers(node['ssh-hardening']['ssh']['server']['cbc_required']),
-    use_priv_sep: node['ssh-hardening']['ssh']['use_privilege_separation'] || DevSec::Ssh.get_server_privilege_separarion,
-    deny_users: node['ssh-hardening']['ssh']['deny_users'],
-    allow_users: node['ssh-hardening']['ssh']['allow_users'],
-    deny_groups: node['ssh-hardening']['ssh']['deny_groups'],
-    allow_groups: node['ssh-hardening']['ssh']['allow_groups']
+    use_priv_sep: node['ssh-hardening']['ssh']['use_privilege_separation'] || DevSec::Ssh.get_server_privilege_separarion
   )
   notifies :restart, 'service[sshd]'
 end
diff --git a/templates/default/openssh.conf.erb b/templates/default/openssh.conf.erb
@@ -111,4 +111,4 @@ Compression yes
 #VisualHostKey yes
 
 # http://undeadly.org/cgi?action=article&sid=20160114142733
-UseRoaming <%= @roaming ? 'yes' : 'no' %>
+UseRoaming <%= @node['ssh-hardening']['ssh']['client']['roaming'] ? 'yes' : 'no' %>

Original file line number	Diff line number	Diff line change
`@@ -38,7 +38,6 @@`
`38`	`38`	`variables(`
`39`	`39`	`mac: node['ssh-hardening']['ssh']['client']['mac'] \|\| DevSec::Ssh.get_client_macs(node['ssh-hardening']['ssh']['client']['weak_hmac']),`
`40`	`40`	`kex: node['ssh-hardening']['ssh']['client']['kex'] \|\| DevSec::Ssh.get_client_kexs(node['ssh-hardening']['ssh']['client']['weak_kex']),`
`41`		`- cipher: node['ssh-hardening']['ssh']['client']['cipher'] \|\| DevSec::Ssh.get_client_ciphers(node['ssh-hardening']['ssh']['client']['cbc_required']),`
`42`		`- roaming: node['ssh-hardening']['ssh']['client']['roaming']`
	`41`	`+ cipher: node['ssh-hardening']['ssh']['client']['cipher'] \|\| DevSec::Ssh.get_client_ciphers(node['ssh-hardening']['ssh']['client']['cbc_required'])`
`43`	`42`	`)`
`44`	`43`	`end`