From e67cea8e2450ab268a8cb0519479ad6091c6ce80 Mon Sep 17 00:00:00 2001 From: Daniel Fairhurst Date: Thu, 15 Oct 2015 11:34:08 -0400 Subject: [PATCH] Add a parameter to allow disabling management of the ssh service --- README.md | 5 +++++ manifests/init.pp | 24 +++++++++++++++------- spec/classes/init_spec.rb | 43 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 65 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index d45b6e3..bde07ef 100644 --- a/README.md +++ b/README.md @@ -606,6 +606,11 @@ Content of root's ~/.ssh/config. - *Default*: "# This file is being maintained by Puppet.\n# DO NOT EDIT\n" +manage_service +-------------- +Manage the sshd service through this module or not. Valid values are 'true' and 'false'. + +- *Default*: 'true' === # Manage user's ssh_authorized_keys diff --git a/manifests/init.pp b/manifests/init.pp index 0e11109..e623a0c 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -78,6 +78,7 @@ class ssh ( $sshd_hostbasedauthentication = 'no', $sshd_ignoreuserknownhosts = 'no', $sshd_ignorerhosts = 'yes', + $manage_service = true, $service_ensure = 'running', $service_name = 'USE_DEFAULTS', $service_enable = true, @@ -580,6 +581,13 @@ class ssh ( } validate_bool($purge_keys_real) + if type3x($manage_service) == 'string' { + $manage_service_real = str2bool($manage_service) + } else { + $manage_service_real = $manage_service + } + validate_bool($manage_service_real) + if type3x($service_enable) == 'string' { $service_enable_real = str2bool($service_enable) } else { @@ -703,13 +711,15 @@ class ssh ( } } - service { 'sshd_service' : - ensure => $service_ensure, - name => $service_name_real, - enable => $service_enable_real, - hasrestart => $service_hasrestart_real, - hasstatus => $service_hasstatus_real, - subscribe => File['sshd_config'], + if $manage_service_real { + service { 'sshd_service' : + ensure => $service_ensure, + name => $service_name_real, + enable => $service_enable_real, + hasrestart => $service_hasrestart_real, + hasstatus => $service_hasstatus_real, + subscribe => File['sshd_config'], + } } if $manage_firewall == true { diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index dc58e74..8f80327 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -3371,4 +3371,47 @@ describe 'ssh' do end end end + + describe 'with parameter manage_service' do + let(:facts) do + { :fqdn => 'monkey.example.com', + :osfamily => 'RedHat', + :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' + } + end + + ['YES','badvalue',2.42,['array'],a = { 'ha' => 'sh' }].each do |value| + context "specified as invalid value #{value} (as #{value.class})" do + let(:params) { { :manage_service => value } } + it do + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/(is not a boolean|Unknown type of boolean)/) + end + end + end + + ['true', true].each do |value| + context "specified as valid true value #{value} (as #{value.class})" do + let(:params) { { :manage_service => value } } + it do + expect { + should contain_service('sshd_service') + } + end + end + end + + ['false', false].each do |value| + context "specified as valid false value #{value} (as #{value.class})" do + let(:params) { { :manage_service => value } } + it do + expect { + should_not contain_service('sshd_service') + } + end + end + end + end + end