diff --git a/.travis.yml b/.travis.yml index be395a9..00d4941 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,6 +4,7 @@ env: - PUPPET_VERSION=3.4.2 - PUPPET_VERSION=3.5.1 - PUPPET_VERSION=3.6.0 +- PUPPET_VERSION=3.7.0 notifications: email: false rvm: diff --git a/Gemfile b/Gemfile index 7bd34cd..3b888ac 100644 --- a/Gemfile +++ b/Gemfile @@ -3,5 +3,5 @@ source 'https://rubygems.org' puppetversion = ENV.key?('PUPPET_VERSION') ? "= #{ENV['PUPPET_VERSION']}" : ['>= 3.3'] gem 'puppet', puppetversion gem 'puppetlabs_spec_helper', '>= 0.1.0' -gem 'puppet-lint', '>= 0.3.2' +gem 'puppet-lint', '>= 1.0.0' gem 'facter', '>= 1.7.0' diff --git a/README.md b/README.md index 9f6e739..2843f38 100644 --- a/README.md +++ b/README.md @@ -13,6 +13,7 @@ This module has been tested to work on the following systems with Puppet v3 and * Debian 7 * EL 5 * EL 6 + * EL 7 * SLES 11 * Ubuntu 12.04 LTS * Solaris 9 diff --git a/Rakefile b/Rakefile index dfa83c4..a0e8569 100644 --- a/Rakefile +++ b/Rakefile @@ -1,6 +1,7 @@ require 'puppetlabs_spec_helper/rake_tasks' require 'puppet-lint/tasks/puppet-lint' PuppetLint.configuration.send('disable_80chars') +PuppetLint.configuration.relative = true PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"] desc 'Run puppet in noop mode and check for syntax errors.' diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index 278f8c8..81b37f3 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -2,110 +2,115 @@ require 'spec_helper' describe 'ssh' do context 'with default params on osfamily RedHat' do - let(:facts) do - { :fqdn => 'monkey.example.com', - :osfamily => 'RedHat', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } + ['5','6','7'].each do |release| + context "release #{release}" do + let(:facts) do + { :fqdn => 'monkey.example.com', + :lsbmajdistrelease => :release, + :osfamily => 'RedHat', + :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==', + } + end + + it { should compile.with_all_deps } + + it { should contain_class('ssh')} + + it { should_not contain_class('common')} + + ['openssh-server','openssh-clients'].each do |pkg| + it { + should contain_package(pkg).with({ + 'ensure' => 'installed', + }) + } + end + + it { + should contain_file('ssh_config').with({ + 'ensure' => 'file', + 'path' => '/etc/ssh/ssh_config', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644', + 'require' => ['Package[openssh-server]', 'Package[openssh-clients]'], + }) + } + + it { should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/) } + it { should contain_file('ssh_config').with_content(/^ Protocol 2$/) } + it { should contain_file('ssh_config').with_content(/^\s*HashKnownHosts no$/) } + it { should contain_file('ssh_config').with_content(/^\s*SendEnv L.*$/) } + it { should contain_file('ssh_config').with_content(/^\s*ForwardX11Trusted yes$/) } + it { should contain_file('ssh_config').without_content(/^\s*Ciphers/) } + it { should contain_file('ssh_config').without_content(/^\s*MACs/) } + + it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) } + it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) } + it { should_not contain_file('ssh_config').with_content(/^\s*ServerAliveInterval$/) } + + it { + should contain_file('sshd_config').with({ + 'ensure' => 'file', + 'path' => '/etc/ssh/sshd_config', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0600', + 'require' => ['Package[openssh-server]', 'Package[openssh-clients]'], + }) + } + + it { should contain_file('sshd_config').with_content(/^Port 22$/) } + it { should contain_file('sshd_config').with_content(/^SyslogFacility AUTH$/) } + it { should contain_file('sshd_config').with_content(/^LogLevel INFO$/) } + it { should contain_file('sshd_config').with_content(/^LoginGraceTime 120$/) } + it { should contain_file('sshd_config').with_content(/^PermitRootLogin yes$/) } + it { should contain_file('sshd_config').with_content(/^ChallengeResponseAuthentication yes$/) } + it { should contain_file('sshd_config').with_content(/^PrintMotd yes$/) } + it { should contain_file('sshd_config').with_content(/^UseDNS yes$/) } + it { should contain_file('sshd_config').with_content(/^Banner none$/) } + it { should contain_file('sshd_config').with_content(/^XAuthLocation \/usr\/bin\/xauth$/) } + it { should contain_file('sshd_config').with_content(/^Subsystem sftp \/usr\/libexec\/openssh\/sftp-server$/) } + it { should contain_file('sshd_config').with_content(/^PasswordAuthentication yes$/) } + it { should contain_file('sshd_config').with_content(/^AllowTcpForwarding yes$/) } + it { should contain_file('sshd_config').with_content(/^X11Forwarding yes$/) } + it { should contain_file('sshd_config').with_content(/^UsePAM yes$/) } + it { should contain_file('sshd_config').with_content(/^ClientAliveInterval 0$/) } + it { should contain_file('sshd_config').with_content(/^ServerKeyBits 1024$/) } + it { should contain_file('sshd_config').with_content(/^ClientAliveCountMax 3$/) } + it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication yes$/) } + it { should contain_file('sshd_config').with_content(/^GSSAPICleanupCredentials yes$/) } + it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) } + it { should_not contain_file('sshd_config').with_content(/^\s*PAMAuthenticationViaKBDInt yes$/) } + it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPIKeyExchange no$/) } + it { should_not contain_file('sshd_config').with_content(/^AuthorizedKeysFile/) } + it { should_not contain_file('sshd_config').with_content(/^StrictModes/) } + it { should contain_file('sshd_config').with_content(/^AcceptEnv L.*$/) } + it { should contain_file('sshd_config').without_content(/^\s*Ciphers/) } + it { should contain_file('sshd_config').without_content(/^\s*MACs/) } + it { should contain_file('sshd_config').without_content(/^\s*DenyUsers/) } + it { should contain_file('sshd_config').without_content(/^\s*DenyGroups/) } + it { should contain_file('sshd_config').without_content(/^\s*AllowUsers/) } + it { should contain_file('sshd_config').without_content(/^\s*AllowGroups/) } + + it { + should contain_service('sshd_service').with({ + 'ensure' => 'running', + 'name' => 'sshd', + 'enable' => 'true', + 'hasrestart' => 'true', + 'hasstatus' => 'true', + 'subscribe' => 'File[sshd_config]', + }) + } + + it { + should contain_resources('sshkey').with({ + 'purge' => 'true', + }) + } + end end - - it { should compile.with_all_deps } - - it { should contain_class('ssh')} - - it { should_not contain_class('common')} - - ['openssh-server','openssh-clients'].each do |pkg| - it { - should contain_package(pkg).with({ - 'ensure' => 'installed', - }) - } - end - - it { - should contain_file('ssh_config').with({ - 'ensure' => 'file', - 'path' => '/etc/ssh/ssh_config', - 'owner' => 'root', - 'group' => 'root', - 'mode' => '0644', - 'require' => ['Package[openssh-server]', 'Package[openssh-clients]'], - }) - } - - it { should contain_file('ssh_config').with_content(/^# This file is being maintained by Puppet.\n# DO NOT EDIT\n\n# \$OpenBSD: ssh_config,v 1.21 2005\/12\/06 22:38:27 reyk Exp \$/) } - it { should contain_file('ssh_config').with_content(/^ Protocol 2$/) } - it { should contain_file('ssh_config').with_content(/^\s*HashKnownHosts no$/) } - it { should contain_file('ssh_config').with_content(/^\s*SendEnv L.*$/) } - it { should contain_file('ssh_config').with_content(/^\s*ForwardX11Trusted yes$/) } - it { should contain_file('ssh_config').without_content(/^\s*Ciphers/) } - it { should contain_file('ssh_config').without_content(/^\s*MACs/) } - - it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) } - it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) } - it { should_not contain_file('ssh_config').with_content(/^\s*ServerAliveInterval$/) } - - it { - should contain_file('sshd_config').with({ - 'ensure' => 'file', - 'path' => '/etc/ssh/sshd_config', - 'owner' => 'root', - 'group' => 'root', - 'mode' => '0600', - 'require' => ['Package[openssh-server]', 'Package[openssh-clients]'], - }) - } - - it { should contain_file('sshd_config').with_content(/^Port 22$/) } - it { should contain_file('sshd_config').with_content(/^SyslogFacility AUTH$/) } - it { should contain_file('sshd_config').with_content(/^LogLevel INFO$/) } - it { should contain_file('sshd_config').with_content(/^LoginGraceTime 120$/) } - it { should contain_file('sshd_config').with_content(/^PermitRootLogin yes$/) } - it { should contain_file('sshd_config').with_content(/^ChallengeResponseAuthentication yes$/) } - it { should contain_file('sshd_config').with_content(/^PrintMotd yes$/) } - it { should contain_file('sshd_config').with_content(/^UseDNS yes$/) } - it { should contain_file('sshd_config').with_content(/^Banner none$/) } - it { should contain_file('sshd_config').with_content(/^XAuthLocation \/usr\/bin\/xauth$/) } - it { should contain_file('sshd_config').with_content(/^Subsystem sftp \/usr\/libexec\/openssh\/sftp-server$/) } - it { should contain_file('sshd_config').with_content(/^PasswordAuthentication yes$/) } - it { should contain_file('sshd_config').with_content(/^AllowTcpForwarding yes$/) } - it { should contain_file('sshd_config').with_content(/^X11Forwarding yes$/) } - it { should contain_file('sshd_config').with_content(/^UsePAM yes$/) } - it { should contain_file('sshd_config').with_content(/^ClientAliveInterval 0$/) } - it { should contain_file('sshd_config').with_content(/^ServerKeyBits 1024$/) } - it { should contain_file('sshd_config').with_content(/^ClientAliveCountMax 3$/) } - it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication yes$/) } - it { should contain_file('sshd_config').with_content(/^GSSAPICleanupCredentials yes$/) } - it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) } - it { should_not contain_file('sshd_config').with_content(/^\s*PAMAuthenticationViaKBDInt yes$/) } - it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPIKeyExchange no$/) } - it { should_not contain_file('sshd_config').with_content(/^AuthorizedKeysFile/) } - it { should_not contain_file('sshd_config').with_content(/^StrictModes/) } - it { should contain_file('sshd_config').with_content(/^AcceptEnv L.*$/) } - it { should contain_file('sshd_config').without_content(/^\s*Ciphers/) } - it { should contain_file('sshd_config').without_content(/^\s*MACs/) } - it { should contain_file('sshd_config').without_content(/^\s*DenyUsers/) } - it { should contain_file('sshd_config').without_content(/^\s*DenyGroups/) } - it { should contain_file('sshd_config').without_content(/^\s*AllowUsers/) } - it { should contain_file('sshd_config').without_content(/^\s*AllowGroups/) } - - it { - should contain_service('sshd_service').with({ - 'ensure' => 'running', - 'name' => 'sshd', - 'enable' => 'true', - 'hasrestart' => 'true', - 'hasstatus' => 'true', - 'subscribe' => 'File[sshd_config]', - }) - } - - it { - should contain_resources('sshkey').with({ - 'purge' => 'true', - }) - } end context 'with default params on osfamily Solaris kernelrelease 5.8' do