From 13e7433e0bfdf1c98b57c5f122a2ba40209c3ed3 Mon Sep 17 00:00:00 2001 From: "Phil Friderici (ephifre)" Date: Tue, 4 Aug 2015 09:43:28 +0200 Subject: [PATCH] Fix failing spec tests and get Puppet v4 working --- .fixtures.yml | 2 +- .gitignore | 2 +- .travis.yml | 19 +- manifests/init.pp | 8 + metadata.json | 2 +- spec/classes/init_spec.rb | 189 ++++++++++++------ spec/fixtures/hiera/hiera.yaml | 8 + spec/fixtures/hiera/hieradata/common.yaml | 9 + .../fqdn/hieramerge.example.com.yaml | 9 + .../hieradata/fqdn/monkey.example.com.yaml | 5 + spec/spec_helper.rb | 1 + templates/sshd_config.erb | 12 +- 12 files changed, 190 insertions(+), 76 deletions(-) create mode 100644 spec/fixtures/hiera/hiera.yaml create mode 100644 spec/fixtures/hiera/hieradata/common.yaml create mode 100644 spec/fixtures/hiera/hieradata/fqdn/hieramerge.example.com.yaml create mode 100644 spec/fixtures/hiera/hieradata/fqdn/monkey.example.com.yaml diff --git a/.fixtures.yml b/.fixtures.yml index ca09122..739ef34 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -5,7 +5,7 @@ fixtures: ref: '4.6.0' common: repo: 'git://github.com/ghoneycutt/puppet-module-common.git' - ref: 'v1.0.2' + ref: 'v1.3.0' firewall: repo: 'git://github.com/puppetlabs/puppetlabs-firewall.git' ref: '0.2.1' diff --git a/.gitignore b/.gitignore index 903208a..c99a45f 100644 --- a/.gitignore +++ b/.gitignore @@ -26,6 +26,6 @@ doc/ # Puppet coverage/ +spec/fixtures/manifests/* spec/fixtures/modules/* Gemfile.lock -spec/fixtures/ diff --git a/.travis.yml b/.travis.yml index 64f8e33..f052dcc 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,12 +13,15 @@ env: - PUPPET_GEM_VERSION="~> 3.2.0" - PUPPET_GEM_VERSION="~> 3.3.0" - PUPPET_GEM_VERSION="~> 3.4.0" - - PUPPET_GEM_VERSION="~> 3.5.1" + - PUPPET_GEM_VERSION="~> 3.5.0" - PUPPET_GEM_VERSION="~> 3.6.0" - PUPPET_GEM_VERSION="~> 3.7.0" - - PUPPET_GEM_VERSION="~> 3.7.0" FUTURE_PARSER="yes" + - PUPPET_GEM_VERSION="~> 3.8.0" + - PUPPET_GEM_VERSION="~> 3" PARSER="future" - PUPPET_GEM_VERSION="~> 4.0.0" - + - PUPPET_GEM_VERSION="~> 4.1.0" + - PUPPET_GEM_VERSION="~> 4.2.0" + - PUPPET_GEM_VERSION="~> 4" sudo: false @@ -29,8 +32,6 @@ script: 'bundle exec metadata-json-lint metadata.json && bundle exec rake valida matrix: fast_finish: true exclude: - - rvm: 1.8.7 - env: PUPPET_GEM_VERSION="~> 4.0.0" - rvm: 2.0.0 env: PUPPET_GEM_VERSION="~> 3.1.0" - rvm: 2.1.0 @@ -41,6 +42,14 @@ matrix: env: PUPPET_GEM_VERSION="~> 3.3.0" - rvm: 2.1.0 env: PUPPET_GEM_VERSION="~> 3.4.0" + - rvm: 1.8.7 + env: PUPPET_GEM_VERSION="~> 4.0.0" + - rvm: 1.8.7 + env: PUPPET_GEM_VERSION="~> 4.1.0" + - rvm: 1.8.7 + env: PUPPET_GEM_VERSION="~> 4.2.0" + - rvm: 1.8.7 + env: PUPPET_GEM_VERSION="~> 4" notifications: email: false diff --git a/manifests/init.pp b/manifests/init.pp index aa7f143..d9cae95 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -261,12 +261,20 @@ class ssh ( $sshd_config_xauth_location_real = $sshd_config_xauth_location } + if $sshd_config_xauth_location_real != undef { + validate_absolute_path($sshd_config_xauth_location_real) + } + if $ssh_package_source == 'USE_DEFAULTS' { $ssh_package_source_real = $default_ssh_package_source } else { $ssh_package_source_real = $ssh_package_source } + if $ssh_package_source_real != undef { + validate_absolute_path($ssh_package_source_real) + } + if $ssh_package_adminfile == 'USE_DEFAULTS' { $ssh_package_adminfile_real = $default_ssh_package_adminfile } else { diff --git a/metadata.json b/metadata.json index 8212c45..d05d82b 100644 --- a/metadata.json +++ b/metadata.json @@ -80,7 +80,7 @@ "description": "Manage SSH", "dependencies": [ {"name":"puppetlabs/stdlib","version_requirement":">= 4.6.0 < 6.0.0"}, - {"name":"ghoneycutt/common","version_requirement":">= 1.0.2 < 2.0.0"}, + {"name":"ghoneycutt/common","version_requirement":">= 1.3.0 < 2.0.0"}, {"name":"puppetlabs/firewall","version_requirement":">= 0.2.1 < 2.0.0"} ] } diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index 5a913d1..e1d22a4 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -148,7 +148,7 @@ describe 'ssh' do it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh module supports Solaris kernel release 5.9, 5.10 and 5.11./) + }.to raise_error(Puppet::Error,/ssh module supports Solaris kernel release 5\.9, 5\.10 and 5\.11\./) end end @@ -915,7 +915,7 @@ describe 'ssh' do it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh supports osfamilies RedHat, Suse, Debian and Solaris. Detected osfamily is \./) + }.to raise_error(Puppet::Error,/ssh supports osfamilies RedHat, Suse, Debian and Solaris\. Detected osfamily is \./) end end @@ -1137,7 +1137,7 @@ describe 'ssh' do it 'should fail' do expect { - should + should contain_class('ssh') }.to raise_error(Puppet::Error, /is not an absolute path/) end end @@ -1168,7 +1168,7 @@ describe 'ssh' do it 'should fail' do expect { - should + should contain_class('ssh') }.to raise_error(Puppet::Error, /is not a string/) end end @@ -1204,7 +1204,7 @@ describe 'ssh' do let (:params) {{'sshd_config_match' => value }} it 'should fail' do expect { - should + should contain_class('ssh') }.to raise_error(Puppet::Error, /is not a Hash/) end end @@ -1267,7 +1267,9 @@ describe 'ssh' do let (:params) {{'sshd_listen_address' => true }} it 'should fail' do - expect { subject }.to raise_error(Puppet::Error) + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error) end end end @@ -1284,7 +1286,9 @@ describe 'ssh' do end let (:params) {{'sshd_config_loglevel' => 'BOGON'}} it 'should fail' do - expect { subject }.to raise_error(Puppet::Error, /"BOGON" does not match/) + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error, /"BOGON" does not match/) end end ['QUIET', 'FATAL', 'ERROR', 'INFO', 'VERBOSE'].each do |supported_val| @@ -1316,7 +1320,9 @@ describe 'ssh' do end let (:params) {{'ssh_config_template' => false}} it 'should fail' do - expect { subject }.to raise_error(Puppet::Error, /is not a string/) + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error, /is not a string/) end end context 'and that value is valid' do @@ -1347,7 +1353,9 @@ describe 'ssh' do end let (:params) {{'sshd_config_template' => false}} it 'should fail' do - expect { subject }.to raise_error(Puppet::Error, /is not a string/) + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error, /is not a string/) end end context 'and that value is valid' do @@ -1490,7 +1498,7 @@ describe 'ssh' do it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::ssh_config_hash_known_hosts may be either \'yes\' or \'no\' and is set to ./) + }.to raise_error(Puppet::Error,/ssh::ssh_config_hash_known_hosts may be either \'yes\' or \'no\' and is set to \./) end end @@ -1629,7 +1637,7 @@ describe 'ssh' do it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::sshd_config_port must be a valid number and is set to <22invalid>\./) + }.to raise_error(Puppet::Error,/ssh::sshd_config_port must be a valid number and is set to <22invalid>\./) end end @@ -1649,7 +1657,7 @@ describe 'ssh' do it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/Unknown type of boolean/) + }.to raise_error(Puppet::Error,/ssh::manage_root_ssh_config is and must be \'true\' or \'false\'\./) end end @@ -1668,7 +1676,7 @@ describe 'ssh' do it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::sshd_password_authentication may be either \'yes\' or \'no\' and is set to \./) + }.to raise_error(Puppet::Error,/ssh::sshd_password_authentication may be either \'yes\' or \'no\' and is set to \./) end end @@ -1687,7 +1695,7 @@ describe 'ssh' do it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::sshd_allow_tcp_forwarding may be either \'yes\' or \'no\' and is set to \./) + }.to raise_error(Puppet::Error,/ssh::sshd_allow_tcp_forwarding may be either \'yes\' or \'no\' and is set to \./) end end @@ -1706,7 +1714,7 @@ describe 'ssh' do it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::sshd_x11_forwarding may be either \'yes\' or \'no\' and is set to \./) + }.to raise_error(Puppet::Error,/ssh::sshd_x11_forwarding may be either \'yes\' or \'no\' and is set to \./) end end @@ -1725,7 +1733,7 @@ describe 'ssh' do it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::sshd_use_pam may be either \'yes\' or \'no\' and is set to \./) + }.to raise_error(Puppet::Error,/ssh::sshd_use_pam may be either \'yes\' or \'no\' and is set to \./) end end @@ -1744,7 +1752,7 @@ describe 'ssh' do it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::sshd_config_serverkeybits must be an integer and is set to \./) + }.to raise_error(Puppet::Error,/ssh::sshd_config_serverkeybits must be an integer and is set to \./) end end @@ -1763,7 +1771,7 @@ describe 'ssh' do it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::sshd_client_alive_interval must be an integer and is set to \./) + }.to raise_error(Puppet::Error,/ssh::sshd_client_alive_interval must be an integer and is set to \./) end end @@ -1782,7 +1790,7 @@ describe 'ssh' do it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::sshd_client_alive_count_max must be an integer and is set to \./) + }.to raise_error(Puppet::Error,/ssh::sshd_client_alive_count_max must be an integer and is set to \./) end end @@ -1866,7 +1874,7 @@ describe 'ssh' do it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::sshd_config_strictmodes may be either \'yes\' or \'no\' and is set to \./) + }.to raise_error(Puppet::Error,/ssh::sshd_config_strictmodes may be either \'yes\' or \'no\' and is set to \./) end end @@ -1882,7 +1890,7 @@ describe 'ssh' do it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^"invalid\/path" is not an absolute path/) + }.to raise_error(Puppet::Error,/"invalid\/path" is not an absolute path/) end end @@ -1898,7 +1906,7 @@ describe 'ssh' do it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^\["invalid", "type"\] is not a string/) + }.to raise_error(Puppet::Error,/\["invalid", "type"\] is not a string/) end end @@ -1914,7 +1922,7 @@ describe 'ssh' do it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::sshd_config_banner must be set to be able to use sshd_banner_content\./) + }.to raise_error(Puppet::Error,/ssh::sshd_config_banner must be set to be able to use sshd_banner_content\./) end end @@ -1931,7 +1939,7 @@ describe 'ssh' do it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::ssh_config_sendenv_xmodifiers type must be true or false\./) + }.to raise_error(Puppet::Error,/ssh::ssh_config_sendenv_xmodifiers type must be true or false\./) end end @@ -2050,12 +2058,15 @@ describe 'ssh' do let(:params) { { :hiera_merge => ['not_a_boolean','or_a_string'] } } let(:facts) do { :osfamily => 'RedHat', + :fqdn => 'hieramerge.example.com', :lsbmajdistrelease => '6', } end it 'should fail' do - expect { should raise_error(Puppet::Error) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error) end end @@ -2068,7 +2079,9 @@ describe 'ssh' do end it 'should fail' do - expect { should raise_error(Puppet::Error,/^ssh::hiera_merge may be either 'true' or 'false' and is set to ./) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/ssh::hiera_merge may be either 'true' or 'false' and is set to ./) end end @@ -2077,6 +2090,7 @@ describe 'ssh' do let(:params) { { :hiera_merge => value } } let(:facts) do { :osfamily => 'RedHat', + :fqdn => 'hieramerge.example.com', :lsbmajdistrelease => '6', } end @@ -2084,6 +2098,12 @@ describe 'ssh' do it { should compile.with_all_deps } it { should contain_class('ssh') } + + it { should contain_file('sshd_config').with_content(/^\s*DenyUsers denyuser_from_fqdn denyuser_from_common/) } + it { should contain_file('sshd_config').with_content(/^\s*DenyGroups denygroup_from_fqdn denygroup_from_common/) } + it { should contain_file('sshd_config').with_content(/^\s*AllowUsers allowuser_from_fqdn allowuser_from_common/) } + it { should contain_file('sshd_config').with_content(/^\s*AllowGroups allowgroup_from_fqdn allowgroup_from_common/) } + end end @@ -2136,7 +2156,9 @@ describe 'ssh' do end it 'should fail' do - expect { should raise_error(Puppet::Error,/^is not an absolute path/) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/is not an absolute path/) end end end @@ -2164,7 +2186,9 @@ describe 'ssh' do end it 'should fail' do - expect { should raise_error(Puppet::Error,/^is not an absolute path/) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/is not an absolute path/) end end @@ -2178,7 +2202,9 @@ describe 'ssh' do end it 'should fail' do - expect { should raise_error(Puppet::Error) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error) end end end @@ -2216,7 +2242,9 @@ describe 'ssh' do end it 'should fail' do - expect { should raise_error(Puppet::Error,/^is not an absolute path/) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/is not an absolute path/) end end @@ -2231,7 +2259,9 @@ describe 'ssh' do end it 'should fail' do - expect { should raise_error(Puppet::Error) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error) end end end @@ -2274,7 +2304,9 @@ describe 'ssh' do end it 'should fail' do - expect { should raise_error(Puppet::Error,/^ssh::ssh_config_forward_x11_trusted may be either 'yes' or 'no' and is set to <#{value}>./) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/ssh::ssh_config_forward_x11_trusted may be either 'yes' or 'no' and is set to <#{value}>\./) end end end @@ -2307,7 +2339,9 @@ describe 'ssh' do end it 'should fail' do - expect { should raise_error(Puppet::Error,/^ssh::sshd_gssapidelegatecredentials may be either 'yes' or 'no' and is set to <#{value}>./) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/ssh::ssh_gssapidelegatecredentials may be either 'yes' or 'no' and is set to <#{value}>\./) end end end @@ -2335,12 +2369,14 @@ describe 'ssh' do if value.is_a?(Array) value = value.join + elsif value.is_a?(Hash) + value = '{ha => sh}' end - it do + it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::ssh_gssapiauthentication may be either 'yes' or 'no' and is set to <#{value.to_s}>\./) + }.to raise_error(Puppet::Error,/ssh::ssh_gssapiauthentication may be either 'yes' or 'no' and is set to <#{Regexp.escape(value.to_s)}>\./) end end end @@ -2365,14 +2401,17 @@ describe 'ssh' do ['YES',true,2.42,['array'],a = { 'ha' => 'sh' }].each do |value| context "specified as invalid value #{value} (as #{value.class})" do let(:params) { { :sshd_gssapiauthentication => value } } + if value.is_a?(Array) value = value.join + elsif value.is_a?(Hash) + value = '{ha => sh}' end - it do + it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::sshd_gssapiauthentication may be either 'yes' or 'no' and is set to <#{value}>\./) + }.to raise_error(Puppet::Error,/ssh::sshd_gssapiauthentication may be either 'yes' or 'no' and is set to <#{Regexp.escape(value.to_s)}>\./) end end end @@ -2415,7 +2454,9 @@ describe 'ssh' do end it 'should fail' do - expect { should raise_error(Puppet::Error,/^ssh::sshd_gssapikeyexchange may be either 'yes' or 'no' and is set to <#{value}>./) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/ssh::sshd_gssapikeyexchange may be either 'yes' or 'no' and is set to <#{value}>\./) end end end @@ -2458,7 +2499,9 @@ describe 'ssh' do end it 'should fail' do - expect { should raise_error(Puppet::Error,/^ssh::sshd_pamauthenticationviakbdint may be either 'yes' or 'no' and is set to <#{value}>./) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/ssh::sshd_pamauthenticationviakbdint may be either 'yes' or 'no' and is set to <#{value}>\./) end end end @@ -2502,7 +2545,9 @@ describe 'ssh' do end it 'should fail' do - expect { should raise_error(Puppet::Error,/^ssh::sshd_gssapicleanupcredentials may be either 'yes' or 'no' and is set to <#{value}>./) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/ssh::sshd_gssapicleanupcredentials may be either 'yes' or 'no' and is set to <#{value}>\./) end end end @@ -2548,7 +2593,9 @@ describe 'ssh' do end it 'should fail' do - expect { should raise_error(Puppet::Error,/^ssh::ssh_sendenv may be either 'true' or 'false' and is set to ./) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/ssh::ssh_sendenv may be either 'true' or 'false' and is set to \./) end end @@ -2562,7 +2609,9 @@ describe 'ssh' do end it 'should fail' do - expect { should raise_error(Puppet::Error,/^ssh::ssh_sendenv type must be true or false./) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/ssh::ssh_sendenv type must be true or false\./) end end end @@ -2595,7 +2644,7 @@ describe 'ssh' do it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::sshd_config_maxstartups may be either an integer or three integers separated with colons, such as 10:30:100. Detected value is <#{value}>./) + }.to raise_error(Puppet::Error,/ssh::sshd_config_maxstartups may be either an integer or three integers separated with colons, such as 10:30:100\. Detected value is <#{value}>\./) end end end @@ -2609,7 +2658,9 @@ describe 'ssh' do } end it 'should fail' do - expect { should contain_class('ssh') }.to raise_error(Puppet::Error) + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error) end end end @@ -2635,7 +2686,9 @@ describe 'ssh' do } end it 'should fail' do - expect { should contain_class('ssh') }.to raise_error(Puppet::Error) + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error) end end end @@ -2679,7 +2732,9 @@ describe 'ssh' do end it 'should fail' do - expect { should raise_error(Puppet::Error,/^ssh::sshd_acceptenv may be either 'true' or 'false' and is set to ./) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/ssh::sshd_acceptenv may be either 'true' or 'false' and is set to \./) end end @@ -2693,7 +2748,9 @@ describe 'ssh' do end it 'should fail' do - expect { should raise_error(Puppet::Error,/^ssh::sshd_acceptenv type must be true or false./) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/ssh::sshd_acceptenv type must be true or false\./) end end end @@ -2732,7 +2789,9 @@ describe 'ssh' do end it 'should fail' do - expect { should raise_error(Puppet::Error,/^ssh::service_hasstatus must be 'true' or 'false' and is set to ./) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/ssh::service_hasstatus must be 'true' or 'false' and is set to \./) end end @@ -2746,7 +2805,9 @@ describe 'ssh' do end it 'should fail' do - expect { should raise_error(Puppet::Error,/^ssh::service_hasstatus must be true or false./) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/ssh::service_hasstatus must be true or false\./) end end end @@ -2783,10 +2844,10 @@ describe 'ssh' do } end - it do + it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^\"invalid\/path\" is not an absolute path./) + }.to raise_error(Puppet::Error,/\"invalid\/path\" is not an absolute path\./) end end @@ -2799,7 +2860,7 @@ describe 'ssh' do } end - it do + it 'should fail' do expect { should contain_class('ssh') }.to raise_error(Puppet::Error,/is not an absolute path/) @@ -2837,10 +2898,10 @@ describe 'ssh' do } end - it do + it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^\[\"invalid\", \"type\"\] is not a string. It looks to be a Array/) + }.to raise_error(Puppet::Error,/\[\"invalid\", \"type\"\] is not a string\. It looks to be a Array/) end end end @@ -2875,10 +2936,10 @@ describe 'ssh' do } end - it do + it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^\[\"invalid\", \"type\"\] is not a string. It looks to be a Array/) + }.to raise_error(Puppet::Error,/\[\"invalid\", \"type\"\] is not a string\. It looks to be a Array/) end end end @@ -2914,10 +2975,10 @@ describe 'ssh' do } end - it do + it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::ssh_config_global_known_hosts_mode must be a valid 4 digit mode in octal notation. Detected value is <#{value}>./) + }.to raise_error(Puppet::Error,/ssh::ssh_config_global_known_hosts_mode must be a valid 4 digit mode in octal notation\. Detected value is <#{value}>\./) end end end @@ -2931,10 +2992,10 @@ describe 'ssh' do } end - it do + it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::ssh_config_global_known_hosts_mode must be a valid 4 digit mode in octal notation. Detected value is ./) + }.to raise_error(Puppet::Error,/ssh::ssh_config_global_known_hosts_mode must be a valid 4 digit mode in octal notation\. Detected value is <[\[]?invalid.*type[\]]?/) end end end @@ -2944,7 +3005,9 @@ describe 'ssh' do let(:params) { { :ssh_key_import => ['not_a_boolean','or_a_string'] } } it 'should fail' do - expect { should raise_error(Puppet::Error) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error) end end @@ -2957,7 +3020,9 @@ describe 'ssh' do end it 'should fail' do - expect { should raise_error(Puppet::Error,/^ssh::ssh_key_import may be either 'true' or 'false' and is set to ./) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/ssh::ssh_key_import may be either 'true' or 'false' and is set to \./) end end diff --git a/spec/fixtures/hiera/hiera.yaml b/spec/fixtures/hiera/hiera.yaml new file mode 100644 index 0000000..96ede91 --- /dev/null +++ b/spec/fixtures/hiera/hiera.yaml @@ -0,0 +1,8 @@ +--- +:backends: + - yaml +:yaml: + :datadir: 'spec/fixtures/hiera/hieradata' +:hierarchy: + - fqdn/%{fqdn} + - common diff --git a/spec/fixtures/hiera/hieradata/common.yaml b/spec/fixtures/hiera/hieradata/common.yaml new file mode 100644 index 0000000..e2d2cb9 --- /dev/null +++ b/spec/fixtures/hiera/hieradata/common.yaml @@ -0,0 +1,9 @@ +--- +ssh::sshd_config_allowgroups: + - allowgroup_from_common +ssh::sshd_config_allowusers: + - allowuser_from_common +ssh::sshd_config_denygroups: + - denygroup_from_common +ssh::sshd_config_denyusers: + - denyuser_from_common diff --git a/spec/fixtures/hiera/hieradata/fqdn/hieramerge.example.com.yaml b/spec/fixtures/hiera/hieradata/fqdn/hieramerge.example.com.yaml new file mode 100644 index 0000000..e8d0fc4 --- /dev/null +++ b/spec/fixtures/hiera/hieradata/fqdn/hieramerge.example.com.yaml @@ -0,0 +1,9 @@ +--- +ssh::sshd_config_allowgroups: + - allowgroup_from_fqdn +ssh::sshd_config_allowusers: + - allowuser_from_fqdn +ssh::sshd_config_denygroups: + - denygroup_from_fqdn +ssh::sshd_config_denyusers: + - denyuser_from_fqdn diff --git a/spec/fixtures/hiera/hieradata/fqdn/monkey.example.com.yaml b/spec/fixtures/hiera/hieradata/fqdn/monkey.example.com.yaml new file mode 100644 index 0000000..b30defc --- /dev/null +++ b/spec/fixtures/hiera/hieradata/fqdn/monkey.example.com.yaml @@ -0,0 +1,5 @@ +--- +ssh::sshd_config_allowgroups: +ssh::sshd_config_allowusers: +ssh::sshd_config_denygroups: +ssh::sshd_config_denyusers: diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index e206822..05afdb2 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,6 +1,7 @@ require 'puppetlabs_spec_helper/module_spec_helper' RSpec.configure do |config| + config.hiera_config = 'spec/fixtures/hiera/hiera.yaml' config.before :each do # Ensure that we don't accidentally cache facts and environment between # test cases. This requires each example group to explicitly load the diff --git a/templates/sshd_config.erb b/templates/sshd_config.erb index 27401af..706798f 100644 --- a/templates/sshd_config.erb +++ b/templates/sshd_config.erb @@ -164,12 +164,12 @@ UseDNS <%= @sshd_config_use_dns_real %> <% end -%> #PidFile /var/run/sshd.pid <% if @sshd_config_maxstartups -%> -MaxStartups <%= sshd_config_maxstartups %> +MaxStartups <%= @sshd_config_maxstartups %> <% else -%> #MaxStartups 10:30:100 <% end -%> <% if @sshd_config_maxsessions -%> -MaxSessions <%= sshd_config_maxsessions %> +MaxSessions <%= @sshd_config_maxsessions %> <% else -%> #MaxSessions 10 <% end -%> @@ -200,16 +200,16 @@ Ciphers <%= @sshd_config_ciphers.join(',') %> <% if @sshd_config_macs -%> MACs <%= @sshd_config_macs.join(',') %> <% end -%> -<% if @sshd_config_denyusers -%> +<% if @sshd_config_denyusers_real -%> DenyUsers <%= @sshd_config_denyusers_real.join(' ') %> <% end -%> -<% if @sshd_config_denygroups -%> +<% if @sshd_config_denygroups_real -%> DenyGroups <%= @sshd_config_denygroups_real.join(' ') %> <% end -%> -<% if @sshd_config_allowusers -%> +<% if @sshd_config_allowusers_real -%> AllowUsers <%= @sshd_config_allowusers_real.join(' ') %> <% end -%> -<% if @sshd_config_allowgroups -%> +<% if @sshd_config_allowgroups_real -%> AllowGroups <%= @sshd_config_allowgroups_real.join(' ') %> <% end -%> <% if @sshd_config_match -%>