From: lionce <loredana.ionce@puppet.com>
Date: Fri, 30 Aug 2019 08:25:48 +0000 (+0300)
Subject: net-ssh5_fix
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=0e2d3e307cde9c17493fd717cfe405f22bfe19cd;p=puppet-modules%2Fpuppetlabs-firewall.git

net-ssh5_fix
---

diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb
index 12cd7c6..7a54362 100644
--- a/spec/spec_helper_acceptance.rb
+++ b/spec/spec_helper_acceptance.rb
@@ -26,7 +26,29 @@ else
     options[:port] = node_config.dig('ssh', 'port') unless node_config.dig('ssh', 'port').nil?
     options[:keys] = node_config.dig('ssh', 'private-key') unless node_config.dig('ssh', 'private-key').nil?
     options[:password] = node_config.dig('ssh', 'password') unless node_config.dig('ssh', 'password').nil?
-    options[:verify_host_key] = Net::SSH::Verifiers::Null.new unless node_config.dig('ssh', 'host-key-check').nil?
+
+    options[:verify_host_key] = if node_config.dig('ssh', 'host-key-check').nil?
+      # Fall back to SSH behavior. This variable will only be set in net-ssh 5.3+.
+      if @strict_host_key_checking.nil? || @strict_host_key_checking
+        Net::SSH::Verifiers::Always.new
+      else
+        # SSH's behavior with StrictHostKeyChecking=no: adds new keys to known_hosts.
+        # If known_hosts points to /dev/null, then equivalent to :never where it
+        # accepts any key beacuse they're all new.
+        Net::SSH::Verifiers::AcceptNewOrLocalTunnel.new
+      end
+    elsif node_config.dig('ssh', 'host-key-check')
+      if defined?(Net::SSH::Verifiers::Always)
+        Net::SSH::Verifiers::Always.new
+      else
+        Net::SSH::Verifiers::Secure.new
+      end
+    elsif defined?(Net::SSH::Verifiers::Never)
+      Net::SSH::Verifiers::Never.new
+    else
+      Net::SSH::Verifiers::Null.new
+    end
+
     host = if ENV['TARGET_HOST'].include?(':')
              ENV['TARGET_HOST'].split(':').first
            else