ListenAddress should exist

[micheelengronne]

There can be multiple ListenAddress (for instance ipv6 and ipv4 failover).

Does the exist matcher work for sshd_config ?

[chris-rock]

I think the test should check for not nil then

[chris-rock]

its probably a bug in InSpec if the nil matches that regex. What is the value for ListenAddress that you want to check against?

[micheelengronne]

I want to check it agaisnt multiple defined ListenAddress. My usecase is ipv6+ipv4 failover. 2 ListenAddress that together give ["0.0.0.0", "::"]

The check fails with:

expected ["0.0.0.0", "::"] to match /.*/

[chris-rock]

Got ya. I see that the control itself was probably not correctly implemented in the first place.

Should we check that it is not nil and the entries should not include "0.0.0.0" or "::"?

[micheelengronne]

I think 'not nil' is enough. I am not sure that "0.0.0.0" and "::" should be tested. For my usecase, i use these values as my sshd is in a container so the network and firewall are handled by the runtime (Docker, podman, CRI-O...). What are your thoughts on that ? Maybe, test "0.0.0.0" and "::" as an option via an attribute ?

[chris-rock]

I am struggling with InSpec's dynamic results at this check. We may need to test for more emptiness:

describe sshd_config(sshd_custom_path + '/sshd_config') do
   its('ListenAddress') { should_not eq nil }
   its('ListenAddress') { should_not match /^\s*$/ }
   its('ListenAddress') { should_not eq [] }
 end

[micheelengronne]

Travis CI builds are green even if they appear running. Weird bug.

[chris-rock]

Great improvement @micheelengronne