add _inheritedDefaults functionality

Author: tgauth

dsc/tests/dsc_sshdconfig.tests.ps1

@@ -30,22 +30,20 @@ resources:
     }
 
     It '<command> works' -TestCases @(
-        @{ command = 'get'; default = $true }
-        @{ command = 'export'; default = $false }
+        @{ command = 'get' }
+        @{ command = 'export' }
     ) {
-        param($command, $default)
+        param($command)
         $out = dsc config $command -i "$yaml" | ConvertFrom-Json -Depth 10
         $LASTEXITCODE | Should -Be 0
         if ($command -eq 'export') {
             $out.resources.count | Should -Be 1
-            # $out.resources[0]._includeDefaults | Should -Be $default
             $out.resources[0].properties | Should -Not -BeNullOrEmpty
             $out.resources[0].properties.port | Should -BeNullOrEmpty
             $out.resources[0].properties.passwordAuthentication | Should -Be 'no'
             $out.resources[0].properties._inheritedDefaults | Should -BeNullOrEmpty
         } else {
             $out.results.count | Should -Be 1
-            # $out.results._includeDefaults | Should -Be $default
             $out.results.result.actualState | Should -Not -BeNullOrEmpty
             $out.results.result.actualState.port[0] | Should -Be 22
             $out.results.result.actualState.passwordAuthentication | Should -Be 'no'
@@ -67,10 +65,10 @@ resources:
     _metadata:
       filepath: $filepath
 "@
-        $out = dsc config $command -i "$export_yaml" | ConvertFrom-Json -Depth 10
+        $out = dsc config export -i "$export_yaml" | ConvertFrom-Json -Depth 10
         $LASTEXITCODE | Should -Be 0
         $out.resources.count | Should -Be 1
-        ($out.resources[0].properties | Measure-Object).count | Should -Be 1
+        ($out.resources[0].properties.psobject.properties | Measure-Object).count | Should -Be 1
         $out.resources[0].properties.passwordAuthentication | Should -Be 'no'
     }
 
@@ -97,41 +95,36 @@ resources:
         $LASTEXITCODE | Should -Be 0
         if ($command -eq 'export') {
             $out.resources.count | Should -Be 1
-            # $out.resources[0].metadata.includeDefaults | Should -Be $includeDefaults
-            ($out.resources[0].properties | Measure-Object).count | Should -Be 1
             $out.resources[0].properties.loglevel | Should -Be 'debug3'
             $out.resources[0].properties._inheritedDefaults | Should -Contain 'port'
         } else {
             $out.results.count | Should -Be 1
-            # $out.results.metadata.includeDefaults | Should -Be $includeDefaults
-            ($out.results.result.actualState.psobject.properties | Measure-Object).count | Should -Be 1
+            ($out.results.result.actualState.psobject.properties | Measure-Object).count | Should -Be 2
             $out.results.result.actualState.loglevel | Should -Be 'debug3'
             $out.results.result.actualState._inheritedDefaults | Should -BeNullOrEmpty
         }
     }
 
-    Context 'Explicit Default Setting Behavior' {
+    Context 'Surface a default value that has been set in file' {
         BeforeAll {
             "Port 22" | Set-Content -Path $TestDrive/test_sshd_config
         }
 
         It '<command> works' -TestCases @(
-            @{ command = 'get'; default = $true }
-            @{ command = 'export'; default = $false }
+            @{ command = 'get' }
+            @{ command = 'export' }
         ) {
-            param($command, $default)
+            param($command)
             $out = dsc config $command -i "$yaml" | ConvertFrom-Json -Depth 10
             $LASTEXITCODE | Should -Be 0
             if ($command -eq 'export') {
                 $out.resources.count | Should -Be 1
-                # $out.resources[0]._includeDefaults | Should -Be $default
                 $out.resources[0].properties | Should -Not -BeNullOrEmpty
                 $out.resources[0].properties.port[0] | Should -Be 22
                 $out.resources[0].properties.passwordauthentication | Should -BeNullOrEmpty
                 $out.resources[0].properties._inheritedDefaults | Should -BeNullOrEmpty
             } else {
                 $out.results.count | Should -Be 1
-                # $out.results._includeDefaults | Should -Be $default
                 $out.results.result.actualState | Should -Not -BeNullOrEmpty
                 $out.results.result.actualState.port | Should -Be 22
                 $out.results.result.actualState.passwordAuthentication | Should -Be 'yes'

sshdconfig/locales/en-us.toml

@@ -54,5 +54,7 @@ shellPathMustNotBeRelative = "shell path must not be relative"
 
 [util]
 inputMustBeEmpty = "get command does not support filtering based on input settings"
+sshdConfigNotFound = "sshd_config not found at path: '%{path}'"
+sshdConfigReadFailed = "failed to read sshd_config at path: '%{path}'"
 sshdElevation = "elevated security context required"
 tracingInitError = "Failed to initialize tracing"

sshdconfig/src/get.rs

@@ -16,7 +16,12 @@ use crate::args::Setting;
 use crate::error::SshdConfigError;
 use crate::inputs::CommandInfo;
 use crate::parser::parse_text_to_map;
-use crate::util::{build_command_info, extract_sshd_defaults, invoke_sshd_config_validation};
+use crate::util::{
+    build_command_info,
+    extract_sshd_defaults,
+    invoke_sshd_config_validation,
+    read_sshd_config
+};
 
 /// Invoke the get command.
 ///
@@ -93,16 +98,47 @@ fn get_default_shell() -> Result<(), SshdConfigError> {
     Err(SshdConfigError::InvalidInput(t!("get.windowsOnly").to_string()))
 }
 
+/// Retrieve sshd settings.
+///
+/// # Arguments
+///
+/// * `cmd_info` - CommandInfo struct containing optional filters, metadata, and includeDefaults flag.
+///
+/// # Errors
+///
+/// This function will return an error if it cannot retrieve the sshd settings.
 pub fn get_sshd_settings(cmd_info: &CommandInfo) -> Result<Map<String, Value>, SshdConfigError> {
     let sshd_config_text = invoke_sshd_config_validation(cmd_info.sshd_args.clone())?;
     let mut result = parse_text_to_map(&sshd_config_text)?;
     let mut inherited_defaults: Vec<String> = Vec::new();
 
-    if !cmd_info.include_defaults {
-        let defaults = extract_sshd_defaults()?;
-        // Filter result based on default settings.
-        // If a value in result is equal to the default, it will be excluded.
-        // Note that this excludes all defaults, even if they are explicitly set in sshd_config.
+    // parse settings from sshd_config file
+    let sshd_config_file = read_sshd_config(cmd_info.metadata.filepath.clone())?;
+    let explicit_settings = parse_text_to_map(&sshd_config_file)?;
+
+    // get default from SSHD -T with empty config
+    let mut defaults = extract_sshd_defaults()?;
+
+    // remove any explicit keys from default settings list
+    for key in explicit_settings.keys() {
+        if defaults.contains_key(key) {
+            defaults.remove(key);
+        }
+    }
+
+    if cmd_info.include_defaults {
+        // Update inherited_defaults with any keys that are not explicitly set
+        // check result for any keys that are in defaults
+        for (key, value) in &result {
+            if let Some(default) = defaults.get(key) {
+                if default == value {
+                    inherited_defaults.push(key.clone());
+                }
+            }
+        }
+    } else {
+        // Filter result based on default settings
+        // If a value in result is equal to the default, it will be excluded
         result.retain(|key, value| {
             if let Some(default) = defaults.get(key) {
                 default != value
@@ -116,13 +152,15 @@ pub fn get_sshd_settings(cmd_info: &CommandInfo) -> Result<Map<String, Value>, S
         // Filter result based on the keys provided in the input JSON.
         // If a provided key is not found in the result, its value is null.
         result.retain(|key, _| cmd_info.input.contains_key(key));
+        inherited_defaults.retain(|key| cmd_info.input.contains_key(key));
         for key in cmd_info.input.keys() {
             result.entry(key.clone()).or_insert(Value::Null);
         }
     }
 
-    // does _metadata need to be checked if it has any value or will serde ignore during serialization?
-    result.insert("_metadata".to_string(), serde_json::to_value(cmd_info.metadata.clone())?);
+    if cmd_info.metadata.filepath.is_some() {
+        result.insert("_metadata".to_string(), serde_json::to_value(cmd_info.metadata.clone())?);
+    }
     if cmd_info.include_defaults {
         result.insert("_inheritedDefaults".to_string(), serde_json::to_value(inherited_defaults)?);
     }

sshdconfig/src/parser.rs

@@ -204,7 +204,10 @@ fn parse_arguments_node(arg_node: tree_sitter::Node, input: &str, input_bytes: &
 pub fn parse_text_to_map(input: &str) -> Result<Map<String,Value>, SshdConfigError> {
     let mut parser = SshdConfigParser::new();
     parser.parse_text(input)?;
-    Ok(parser.map)
+    let lowercased_map = parser.map.into_iter()
+        .map(|(k, v)| (k.to_lowercase(), v))
+        .collect();
+    Ok(lowercased_map)
 }
 
 #[cfg(test)]

sshdconfig/src/util.rs

@@ -3,7 +3,7 @@
 
 use rust_i18n::t;
 use serde_json::{Map, Value};
-use std::process::Command;
+use std::{path::Path, process::Command};
 use tracing::debug;
 use tracing_subscriber::{EnvFilter, filter::LevelFilter, Layer, prelude::__tracing_subscriber_SubscriberExt};
 
@@ -147,3 +147,38 @@ pub fn build_command_info(input: Option<&String>, is_get: bool) -> Result<Comman
     }
     Ok(CommandInfo::new(is_get))
 }
+
+/// Reads `sshd_config` file.
+///
+/// # Arguments
+///
+/// * `input` - Optional string with `sshd_config` filepath.
+///
+/// # Errors
+///
+/// This function will return an error if the file cannot be found or read.
+pub fn read_sshd_config(input: Option<String>) -> Result<String, SshdConfigError> {
+    let sshd_config_path = if let Some(input) = input {
+        input
+    } else if cfg!(windows) {
+            let program_data = std::env::var("ProgramData").unwrap_or_else(|_| "C:\\ProgramData".into());
+            format!("{program_data}\\ssh\\sshd_config")
+    } else {
+        "/etc/ssh/sshd_config".to_string()
+    };
+    let filepath = Path::new(&sshd_config_path);
+
+    if filepath.exists() {
+        let mut sshd_config_content = String::new();
+        if let Ok(mut file) = std::fs::OpenOptions::new().read(true).open(filepath) {
+            use std::io::Read;
+            file.read_to_string(&mut sshd_config_content)
+                .map_err(|e| SshdConfigError::CommandError(e.to_string()))?;
+        } else {
+            return Err(SshdConfigError::CommandError(t!("util.sshdConfigReadFailed", path = filepath.display()).to_string()));
+        }
+        Ok(sshd_config_content)
+    } else {
+        Err(SshdConfigError::CommandError(t!("util.sshdConfigNotFound", path = filepath.display()).to_string()))
+    }
+}