puppet/ssh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix style issues

Browse Source
This commit is contained in:
Garrett Honeycutt 2015-05-31 15:19:10 -04:00
parent fb935f39bc
commit ab8d700a6a
2 changed files with 135 additions and 103 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

125
manifests/init.pp
View File

@ -6,7 +6,7 @@ class ssh (
$hiera_merge = false, $hiera_merge = false,
$packages = 'USE_DEFAULTS', $packages = 'USE_DEFAULTS',
$permit_root_login = 'yes', $permit_root_login = 'yes',
$purge_keys = 'true', $purge_keys = true,
$manage_firewall = false, $manage_firewall = false,
$ssh_package_source = 'USE_DEFAULTS', $ssh_package_source = 'USE_DEFAULTS',
$ssh_package_adminfile = 'USE_DEFAULTS', $ssh_package_adminfile = 'USE_DEFAULTS',
@ -76,18 +76,18 @@ class ssh (
$sshd_listen_address = undef, $sshd_listen_address = undef,
$service_ensure = 'running', $service_ensure = 'running',
$service_name = 'USE_DEFAULTS', $service_name = 'USE_DEFAULTS',
$service_enable = 'true', $service_enable = true,
$service_hasrestart = 'true', $service_hasrestart = true,
$service_hasstatus = 'USE_DEFAULTS', $service_hasstatus = 'USE_DEFAULTS',
$ssh_key_ensure = 'present', $ssh_key_ensure = 'present',
$ssh_key_import = 'true', $ssh_key_import = true,
$ssh_key_type = 'ssh-rsa', $ssh_key_type = 'ssh-rsa',
$ssh_config_global_known_hosts_file = '/etc/ssh/ssh_known_hosts', $ssh_config_global_known_hosts_file = '/etc/ssh/ssh_known_hosts',
$ssh_config_global_known_hosts_owner = 'root', $ssh_config_global_known_hosts_owner = 'root',
$ssh_config_global_known_hosts_group = 'root', $ssh_config_global_known_hosts_group = 'root',
$ssh_config_global_known_hosts_mode = '0644', $ssh_config_global_known_hosts_mode = '0644',
$keys = undef, $keys = undef,
$manage_root_ssh_config = 'false', $manage_root_ssh_config = false,
$root_ssh_config_content = "# This file is being maintained by Puppet.\n# DO NOT EDIT\n", $root_ssh_config_content = "# This file is being maintained by Puppet.\n# DO NOT EDIT\n",
) { ) {
@ -495,18 +495,12 @@ class ssh (
} }
} }
case type($ssh_key_import) { if type($ssh_key_import) == 'string' {
'string': { $ssh_key_import_real = str2bool($ssh_key_import)
validate_re($ssh_key_import, '^(true|false)$', "ssh::ssh_key_import may be either 'true' or 'false' and is set to <${ssh_key_import}>.") } else {
$ssh_key_import_real = str2bool($ssh_key_import) $ssh_key_import_real = $ssh_key_import
}
'boolean': {
$ssh_key_import_real = $ssh_key_import
}
default: {
fail('ssh::ssh_key_import type must be true or false.')
}
} }
validate_bool($ssh_key_import_real)
case type($ssh_config_sendenv_xmodifiers) { case type($ssh_config_sendenv_xmodifiers) {
'string': { 'string': {
@ -547,14 +541,33 @@ class ssh (
validate_re($ssh_config_global_known_hosts_mode, '^[0-7]{4}$', validate_re($ssh_config_global_known_hosts_mode, '^[0-7]{4}$',
"ssh::ssh_config_global_known_hosts_mode must be a valid 4 digit mode in octal notation. Detected value is <${ssh_config_global_known_hosts_mode}>.") "ssh::ssh_config_global_known_hosts_mode must be a valid 4 digit mode in octal notation. Detected value is <${ssh_config_global_known_hosts_mode}>.")
case $purge_keys { if type($purge_keys) == 'string' {
'true','false': { $purge_keys_real = str2bool($purge_keys)
# noop } else {
} $purge_keys_real = $purge_keys
default: {
fail("ssh::purge_keys must be 'true' or 'false' and is <${purge_keys}>.")
}
} }
validate_bool($purge_keys_real)
if type($service_enable) == 'string' {
$service_enable_real = str2bool($service_enable)
} else {
$service_enable_real = $service_enable
}
validate_bool($service_enable_real)
if type($service_hasrestart) == 'string' {
$service_hasrestart_real = str2bool($service_hasrestart)
} else {
$service_hasrestart_real = $service_hasrestart
}
validate_bool($service_hasrestart_real)
if type($manage_root_ssh_config) == 'string' {
$manage_root_ssh_config_real = str2bool($manage_root_ssh_config)
} else {
$manage_root_ssh_config_real = $manage_root_ssh_config
}
validate_bool($manage_root_ssh_config_real)
#ssh_config template #ssh_config template
validate_string($ssh_config_template) validate_string($ssh_config_template)
@ -579,20 +592,20 @@ class ssh (
$sshd_config_allowusers_real = $sshd_config_allowusers $sshd_config_allowusers_real = $sshd_config_allowusers
} }
if $real_sshd_config_denyusers != undef { if $sshd_config_denyusers_real != undef {
validate_array($real_sshd_config_denyusers) validate_array($sshd_config_denyusers_real)
} }
if $real_sshd_config_denygroups != undef { if $sshd_config_denygroups_real != undef {
validate_array($real_sshd_config_denygroups) validate_array($sshd_config_denygroups_real)
} }
if $real_sshd_config_allowusers != undef { if $sshd_config_allowusers_real != undef {
validate_array($real_sshd_config_allowusers) validate_array($sshd_config_allowusers_real)
} }
if $real_sshd_config_allowgroups != undef { if $sshd_config_allowgroups_real != undef {
validate_array($real_sshd_config_allowgroups) validate_array($sshd_config_allowgroups_real)
} }
package { $packages_real: package { $packages_real:
@ -633,44 +646,36 @@ class ssh (
} }
} }
case $manage_root_ssh_config { if $manage_root_ssh_config_real == true {
'true': {
include common include common
common::mkdir_p { "${::root_home}/.ssh": } common::mkdir_p { "${::root_home}/.ssh": }
file { 'root_ssh_dir': file { 'root_ssh_dir':
ensure => directory, ensure => directory,
path => "${::root_home}/.ssh", path => "${::root_home}/.ssh",
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0700', mode => '0700',
require => Common::Mkdir_p["${::root_home}/.ssh"], require => Common::Mkdir_p["${::root_home}/.ssh"],
}
file { 'root_ssh_config':
ensure => file,
path => "${::root_home}/.ssh/config",
content => $root_ssh_config_content,
owner => 'root',
group => 'root',
mode => '0600',
}
} }
'false': {
# noop file { 'root_ssh_config':
} ensure => file,
default: { path => "${::root_home}/.ssh/config",
fail("ssh::manage_root_ssh_config is <${manage_root_ssh_config}> and must be \'true\' or \'false\'.") content => $root_ssh_config_content,
owner => 'root',
group => 'root',
mode => '0600',
} }
} }
service { 'sshd_service' : service { 'sshd_service' :
ensure => $service_ensure, ensure => $service_ensure,
name => $service_name_real, name => $service_name_real,
enable => $service_enable, enable => $service_enable_real,
hasrestart => $service_hasrestart, hasrestart => $service_hasrestart_real,
hasstatus => $service_hasstatus_real, hasstatus => $service_hasstatus_real,
subscribe => File['sshd_config'], subscribe => File['sshd_config'],
} }
@ -707,7 +712,7 @@ class ssh (
# remove ssh key's not managed by puppet # remove ssh key's not managed by puppet
resources { 'sshkey': resources { 'sshkey':
purge => $purge_keys, purge => $purge_keys_real,
} }
# manage users' ssh authorized keys if present # manage users' ssh authorized keys if present

113
spec/classes/init_spec.rb
View File

@ -1342,45 +1342,73 @@ describe 'ssh' do
end end
end end
context 'with manage_root_ssh_config set to \'true\' on valid osfamily' do ['true',true].each do |value|
let :facts do context "with manage_root_ssh_config set to #{value} on valid osfamily" do
{ let :facts do
:fqdn => 'monkey.example.com', {
:osfamily => 'RedHat', :fqdn => 'monkey.example.com',
:root_home => '/root', :osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' :root_home => '/root',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
let :params do
{ :manage_root_ssh_config => value }
end
it { should compile.with_all_deps }
it { should contain_class('ssh')}
it { should contain_class('common')}
it {
should contain_file('root_ssh_dir').with({
'ensure' => 'directory',
'path' => '/root/.ssh',
'owner' => 'root',
'group' => 'root',
'mode' => '0700',
'require' => 'Common::Mkdir_p[/root/.ssh]',
})
}
it {
should contain_file('root_ssh_config').with({
'ensure' => 'file',
'path' => '/root/.ssh/config',
'owner' => 'root',
'group' => 'root',
'mode' => '0600',
})
} }
end end
let :params do end
{ :manage_root_ssh_config => 'true' }
['false',false].each do |value|
context "with manage_root_ssh_config set to #{value} on valid osfamily" do
let :facts do
{
:fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:root_home => '/root',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
let :params do
{ :manage_root_ssh_config => value }
end
it { should compile.with_all_deps }
it { should contain_class('ssh')}
it { should_not contain_class('common')}
it { should_not contain_file('root_ssh_dir') }
it { should_not contain_file('root_ssh_config') }
end end
it { should compile.with_all_deps }
it { should contain_class('ssh')}
it { should contain_class('common')}
it {
should contain_file('root_ssh_dir').with({
'ensure' => 'directory',
'path' => '/root/.ssh',
'owner' => 'root',
'group' => 'root',
'mode' => '0700',
'require' => 'Common::Mkdir_p[/root/.ssh]',
})
}
it {
should contain_file('root_ssh_config').with({
'ensure' => 'file',
'path' => '/root/.ssh/config',
'owner' => 'root',
'group' => 'root',
'mode' => '0600',
})
}
end end
[true,'invalid'].each do |ciphers| [true,'invalid'].each do |ciphers|
@ -1477,7 +1505,7 @@ describe 'ssh' do
it 'should fail' do it 'should fail' do
expect { expect {
should contain_class('ssh') should contain_class('ssh')
}.to raise_error(Puppet::Error) }.to raise_error(Puppet::Error,/is not an Array/)
end end
end end
end end
@ -1497,7 +1525,7 @@ describe 'ssh' do
it 'should fail' do it 'should fail' do
expect { expect {
should contain_class('ssh') should contain_class('ssh')
}.to raise_error(Puppet::Error) }.to raise_error(Puppet::Error,/is not an Array/)
end end
end end
end end
@ -1517,7 +1545,7 @@ describe 'ssh' do
it 'should fail' do it 'should fail' do
expect { expect {
should contain_class('ssh') should contain_class('ssh')
}.to raise_error(Puppet::Error) }.to raise_error(Puppet::Error,/is not an Array/)
end end
end end
end end
@ -1537,7 +1565,7 @@ describe 'ssh' do
it 'should fail' do it 'should fail' do
expect { expect {
should contain_class('ssh') should contain_class('ssh')
}.to raise_error(Puppet::Error) }.to raise_error(Puppet::Error,/is not an Array/)
end end
end end
end end
@ -1597,7 +1625,7 @@ describe 'ssh' do
it 'should fail' do it 'should fail' do
expect { expect {
should contain_class('ssh') should contain_class('ssh')
}.to raise_error(Puppet::Error,/^ssh::manage_root_ssh_config is <invalid> and must be \'true\' or \'false\'\./) }.to raise_error(Puppet::Error,/Unknown type of boolean/)
end end
end end
@ -2930,8 +2958,7 @@ describe 'ssh' do
'group' => 'root', 'group' => 'root',
'mode' => '0644', 'mode' => '0644',
}) })
} }
end end
end end