Add a parameter to allow disabling management of the ssh service

2015-10-15 11:34:08 -04:00 · 2015-10-15 11:34:08 -04:00 · e67cea8e24
commit e67cea8e24
parent f3d0f97d41
3 changed files with 65 additions and 7 deletions
--- a/README.md
+++ b/README.md
@ -606,6 +606,11 @@ Content of root's ~/.ssh/config.

 - *Default*: "# This file is being maintained by Puppet.\n# DO NOT EDIT\n"

+manage_service
+--------------
+Manage the sshd service through this module or not.  Valid values are 'true' and 'false'.
+
+- *Default*: 'true'

 ===
 # Manage user's ssh_authorized_keys
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -78,6 +78,7 @@ class ssh (
  $sshd_hostbasedauthentication        = 'no',
  $sshd_ignoreuserknownhosts           = 'no',
  $sshd_ignorerhosts                   = 'yes',
+  $manage_service                      = true,
  $service_ensure                      = 'running',
  $service_name                        = 'USE_DEFAULTS',
  $service_enable                      = true,
@ -580,6 +581,13 @@ class ssh (
  }
  validate_bool($purge_keys_real)

+  if type3x($manage_service) == 'string' {
+    $manage_service_real = str2bool($manage_service)
+  } else {
+    $manage_service_real = $manage_service
+  }
+  validate_bool($manage_service_real)
+
  if type3x($service_enable) == 'string' {
    $service_enable_real = str2bool($service_enable)
  } else {
@ -703,6 +711,7 @@ class ssh (
    }
  }

+  if $manage_service_real {
    service { 'sshd_service' :
      ensure     => $service_ensure,
      name       => $service_name_real,
@ -711,6 +720,7 @@ class ssh (
      hasstatus  => $service_hasstatus_real,
      subscribe  => File['sshd_config'],
    }
+  }

  if $manage_firewall == true {
    firewall { '22 open port 22 for SSH':
--- a/spec/classes/init_spec.rb
+++ b/spec/classes/init_spec.rb
@ -3371,4 +3371,47 @@ describe 'ssh' do
      end
    end
  end
+
+  describe 'with parameter manage_service' do
+    let(:facts) do
+      { :fqdn      => 'monkey.example.com',
+        :osfamily  => 'RedHat',
+        :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
+      }
+    end
+
+    ['YES','badvalue',2.42,['array'],a = { 'ha' => 'sh' }].each do |value|
+      context "specified as invalid value #{value} (as #{value.class})" do
+        let(:params) { { :manage_service => value } }
+        it do
+          expect {
+            should contain_class('ssh')
+          }.to raise_error(Puppet::Error,/(is not a boolean|Unknown type of boolean)/)
+        end
+      end
+    end
+
+    ['true', true].each do |value|
+      context "specified as valid true value #{value} (as #{value.class})" do
+        let(:params) { { :manage_service => value } }
+        it do
+          expect {
+            should contain_service('sshd_service')
+          }
+        end
+      end
+    end
+
+    ['false', false].each do |value|
+      context "specified as valid false value #{value} (as #{value.class})" do
+        let(:params) { { :manage_service => value } }
+        it do
+          expect {
+            should_not contain_service('sshd_service')
+          }
+        end
+      end
+    end
+  end
+
 end