From 0de49e43f7b12bb068b5c8427da10dc602630e6c Mon Sep 17 00:00:00 2001
From: "Phil Friderici (ephifre)" <phil.friderici@ericsson.com>
Date: Mon, 10 Aug 2015 12:02:10 +0200
Subject: [PATCH] fix for hiera_array() always returning an empty array

---
 manifests/init.pp                             | 30 +++++------
 spec/classes/init_spec.rb                     | 52 +++++++++++++++++--
 spec/fixtures/hiera/hiera.yaml                |  2 +-
 spec/fixtures/hiera/hieradata/common.yaml     |  9 ----
 .../test_hiera_merge.yaml}                    |  4 ++
 templates/sshd_config.erb                     |  8 +--
 6 files changed, 71 insertions(+), 34 deletions(-)
 delete mode 100644 spec/fixtures/hiera/hieradata/common.yaml
 rename spec/fixtures/hiera/hieradata/{fqdn/monkey.example.com.yaml => specific/test_hiera_merge.yaml} (55%)

diff --git a/manifests/init.pp b/manifests/init.pp
index f012dd4..89bfb97 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -44,10 +44,10 @@ class ssh (
   $sshd_config_banner                  = 'none',
   $sshd_config_ciphers                 = undef,
   $sshd_config_macs                    = undef,
-  $sshd_config_denyusers               = undef,
-  $sshd_config_denygroups              = undef,
-  $sshd_config_allowusers              = undef,
-  $sshd_config_allowgroups             = undef,
+  $sshd_config_allowgroups             = [],
+  $sshd_config_allowusers              = [],
+  $sshd_config_denygroups              = [],
+  $sshd_config_denyusers               = [],
   $sshd_config_maxstartups             = undef,
   $sshd_config_maxsessions             = undef,
   $sshd_config_chrootdirectory         = undef,
@@ -603,32 +603,32 @@ class ssh (
   $supported_loglevel_vals=['QUIET', 'FATAL', 'ERROR', 'INFO', 'VERBOSE']
   validate_re($sshd_config_loglevel, $supported_loglevel_vals)
 
-  #enable hiera merging for allow groups and allow users
+  #enable hiera merging for groups and users
   if $hiera_merge_real == true {
-    $sshd_config_denygroups_real  = hiera_array('ssh::sshd_config_denygroups',  undef)
-    $sshd_config_denyusers_real   = hiera_array('ssh::sshd_config_denyusers',  undef)
-    $sshd_config_allowgroups_real = hiera_array('ssh::sshd_config_allowgroups',  undef)
-    $sshd_config_allowusers_real  = hiera_array('ssh::sshd_config_allowusers',  undef)
+    $sshd_config_allowgroups_real = hiera_array('ssh::sshd_config_allowgroups',[])
+    $sshd_config_allowusers_real  = hiera_array('ssh::sshd_config_allowusers',[])
+    $sshd_config_denygroups_real  = hiera_array('ssh::sshd_config_denygroups',[])
+    $sshd_config_denyusers_real   = hiera_array('ssh::sshd_config_denyusers',[])
   } else {
-    $sshd_config_denygroups_real  = $sshd_config_denygroups
-    $sshd_config_denyusers_real   = $sshd_config_denyusers
     $sshd_config_allowgroups_real = $sshd_config_allowgroups
     $sshd_config_allowusers_real  = $sshd_config_allowusers
+    $sshd_config_denygroups_real  = $sshd_config_denygroups
+    $sshd_config_denyusers_real   = $sshd_config_denyusers
   }
 
-  if $sshd_config_denyusers_real != undef {
+  if $sshd_config_denyusers_real != [] {
     validate_array($sshd_config_denyusers_real)
   }
 
-  if $sshd_config_denygroups_real != undef {
+  if $sshd_config_denygroups_real != [] {
     validate_array($sshd_config_denygroups_real)
   }
 
-  if $sshd_config_allowusers_real != undef {
+  if $sshd_config_allowusers_real != [] {
     validate_array($sshd_config_allowusers_real)
   }
 
-  if $sshd_config_allowgroups_real != undef {
+  if $sshd_config_allowgroups_real != [] {
     validate_array($sshd_config_allowgroups_real)
   }
 
diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
index da5dece..8a9705e 100644
--- a/spec/classes/init_spec.rb
+++ b/spec/classes/init_spec.rb
@@ -2086,7 +2086,7 @@ describe 'ssh' do
     end
 
     ['true',true].each do |value|
-      context "as #{value}" do
+      context "as #{value} with hiera data getting collected" do
         let(:params) { { :hiera_merge => value } }
         let(:facts) do
           { :osfamily          => 'RedHat',
@@ -2099,14 +2099,56 @@ describe 'ssh' do
 
         it { should contain_class('ssh') }
 
-        it { should contain_file('sshd_config').with_content(/^\s*DenyUsers denyuser_from_fqdn denyuser_from_common/) }
-        it { should contain_file('sshd_config').with_content(/^\s*DenyGroups denygroup_from_fqdn denygroup_from_common/) }
-        it { should contain_file('sshd_config').with_content(/^\s*AllowUsers allowuser_from_fqdn allowuser_from_common/) }
-        it { should contain_file('sshd_config').with_content(/^\s*AllowGroups allowgroup_from_fqdn allowgroup_from_common/) }
+        it { should contain_file('sshd_config').with_content(/^\s*DenyUsers denyuser_from_fqdn/) }
+        it { should contain_file('sshd_config').with_content(/^\s*DenyGroups denygroup_from_fqdn/) }
+        it { should contain_file('sshd_config').with_content(/^\s*AllowUsers allowuser_from_fqdn/) }
+        it { should contain_file('sshd_config').with_content(/^\s*AllowGroups allowgroup_from_fqdn/) }
 
       end
     end
 
+    context "as true with with hiera data getting merged through levels" do
+      let(:params) { { :hiera_merge => true } }
+      let(:facts) do
+        { :osfamily          => 'RedHat',
+          :fqdn              => 'hieramerge.example.com',
+          :lsbmajdistrelease => '6',
+          :specific          => 'test_hiera_merge',
+        }
+      end
+
+      it { should compile.with_all_deps }
+
+      it { should contain_class('ssh') }
+
+      it { should contain_file('sshd_config').with_content(/^\s*DenyUsers denyuser_from_fqdn denyuser_from_fact/) }
+      it { should contain_file('sshd_config').with_content(/^\s*DenyGroups denygroup_from_fqdn denygroup_from_fact/) }
+      it { should contain_file('sshd_config').with_content(/^\s*AllowUsers allowuser_from_fqdn allowuser_from_fact/) }
+      it { should contain_file('sshd_config').with_content(/^\s*AllowGroups allowgroup_from_fqdn allowgroup_from_fact/) }
+
+    end
+
+    context "as true with no hiera data provided" do
+      let(:params) { { :hiera_merge => true } }
+      let(:facts) do
+        { :osfamily          => 'Suse',
+          :fqdn              => 'notinhiera.example.com',
+          :lsbmajdistrelease => '11',
+          :architecture      => 'x86_64',
+        }
+      end
+
+      it { should compile.with_all_deps }
+
+      it { should contain_class('ssh') }
+
+      it { should contain_file('sshd_config').without_content(/^\s*DenyUsers/) }
+      it { should contain_file('sshd_config').without_content(/^\s*DenyGroups/) }
+      it { should contain_file('sshd_config').without_content(/^\s*AllowUsers/) }
+      it { should contain_file('sshd_config').without_content(/^\s*AllowGroups/) }
+
+    end
+
     ['false',false].each do |value|
       context "as #{value}" do
         let(:params) { { :hiera_merge => value } }
diff --git a/spec/fixtures/hiera/hiera.yaml b/spec/fixtures/hiera/hiera.yaml
index 96ede91..a13bb7d 100644
--- a/spec/fixtures/hiera/hiera.yaml
+++ b/spec/fixtures/hiera/hiera.yaml
@@ -5,4 +5,4 @@
   :datadir: 'spec/fixtures/hiera/hieradata'
 :hierarchy:
   - fqdn/%{fqdn}
-  - common
+  - specific/%{specific}
diff --git a/spec/fixtures/hiera/hieradata/common.yaml b/spec/fixtures/hiera/hieradata/common.yaml
deleted file mode 100644
index e2d2cb9..0000000
--- a/spec/fixtures/hiera/hieradata/common.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-ssh::sshd_config_allowgroups:
-  - allowgroup_from_common
-ssh::sshd_config_allowusers:
-  - allowuser_from_common
-ssh::sshd_config_denygroups:
-  - denygroup_from_common
-ssh::sshd_config_denyusers:
-  - denyuser_from_common
diff --git a/spec/fixtures/hiera/hieradata/fqdn/monkey.example.com.yaml b/spec/fixtures/hiera/hieradata/specific/test_hiera_merge.yaml
similarity index 55%
rename from spec/fixtures/hiera/hieradata/fqdn/monkey.example.com.yaml
rename to spec/fixtures/hiera/hieradata/specific/test_hiera_merge.yaml
index b30defc..7f7b51f 100644
--- a/spec/fixtures/hiera/hieradata/fqdn/monkey.example.com.yaml
+++ b/spec/fixtures/hiera/hieradata/specific/test_hiera_merge.yaml
@@ -1,5 +1,9 @@
 ---
 ssh::sshd_config_allowgroups:
+  - allowgroup_from_fact
 ssh::sshd_config_allowusers:
+  - allowuser_from_fact
 ssh::sshd_config_denygroups:
+  - denygroup_from_fact
 ssh::sshd_config_denyusers:
+  - denyuser_from_fact
diff --git a/templates/sshd_config.erb b/templates/sshd_config.erb
index 706798f..03feb7b 100644
--- a/templates/sshd_config.erb
+++ b/templates/sshd_config.erb
@@ -200,16 +200,16 @@ Ciphers <%= @sshd_config_ciphers.join(',') %>
 <% if @sshd_config_macs -%>
 MACs <%= @sshd_config_macs.join(',') %>
 <% end -%>
-<% if @sshd_config_denyusers_real -%>
+<% if @sshd_config_denyusers_real != [] -%>
 DenyUsers <%= @sshd_config_denyusers_real.join(' ') %>
 <% end -%>
-<% if @sshd_config_denygroups_real -%>
+<% if @sshd_config_denygroups_real != [] -%>
 DenyGroups <%= @sshd_config_denygroups_real.join(' ') %>
 <% end -%>
-<% if @sshd_config_allowusers_real -%>
+<% if @sshd_config_allowusers_real != [] -%>
 AllowUsers <%= @sshd_config_allowusers_real.join(' ') %>
 <% end -%>
-<% if @sshd_config_allowgroups_real -%>
+<% if @sshd_config_allowgroups_real != [] -%>
 AllowGroups <%= @sshd_config_allowgroups_real.join(' ') %>
 <% end -%>
 <% if @sshd_config_match -%>