diff --git a/.fixtures.yml b/.fixtures.yml index 7d8a418..739ef34 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -2,10 +2,10 @@ fixtures: repositories: stdlib: repo: 'git://github.com/puppetlabs/puppetlabs-stdlib.git' - ref: '3.2.0' + ref: '4.6.0' common: repo: 'git://github.com/ghoneycutt/puppet-module-common.git' - ref: 'v1.0.2' + ref: 'v1.3.0' firewall: repo: 'git://github.com/puppetlabs/puppetlabs-firewall.git' ref: '0.2.1' diff --git a/.gitignore b/.gitignore index 903208a..c99a45f 100644 --- a/.gitignore +++ b/.gitignore @@ -26,6 +26,6 @@ doc/ # Puppet coverage/ +spec/fixtures/manifests/* spec/fixtures/modules/* Gemfile.lock -spec/fixtures/ diff --git a/.travis.yml b/.travis.yml index 7c3cee8..e2bc100 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,9 +13,15 @@ env: - PUPPET_GEM_VERSION="~> 3.2.0" - PUPPET_GEM_VERSION="~> 3.3.0" - PUPPET_GEM_VERSION="~> 3.4.0" - - PUPPET_GEM_VERSION="~> 3.5.1" + - PUPPET_GEM_VERSION="~> 3.5.0" - PUPPET_GEM_VERSION="~> 3.6.0" - PUPPET_GEM_VERSION="~> 3.7.0" + - PUPPET_GEM_VERSION="~> 3.8.0" + - PUPPET_GEM_VERSION="~> 3" PARSER="future" + - PUPPET_GEM_VERSION="~> 4.0.0" + - PUPPET_GEM_VERSION="~> 4.1.0" + - PUPPET_GEM_VERSION="~> 4.2.0" + - PUPPET_GEM_VERSION="~> 4" sudo: false @@ -34,6 +40,14 @@ matrix: env: PUPPET_GEM_VERSION="~> 3.3.0" - rvm: 2.1.0 env: PUPPET_GEM_VERSION="~> 3.4.0" + - rvm: 1.8.7 + env: PUPPET_GEM_VERSION="~> 4.0.0" + - rvm: 1.8.7 + env: PUPPET_GEM_VERSION="~> 4.1.0" + - rvm: 1.8.7 + env: PUPPET_GEM_VERSION="~> 4.2.0" + - rvm: 1.8.7 + env: PUPPET_GEM_VERSION="~> 4" notifications: email: false diff --git a/Gemfile b/Gemfile index 3d3e1de..42f4f66 100644 --- a/Gemfile +++ b/Gemfile @@ -10,7 +10,7 @@ gem 'metadata-json-lint' gem 'puppetlabs_spec_helper', '>= 0.1.0' gem 'puppet-lint', '>= 1.0.0' gem 'facter', '>= 1.7.0' -gem 'rspec-puppet', '~>1.0' +gem 'rspec-puppet', '~> 2.0' # rspec must be v2 for ruby 1.8.7 if RUBY_VERSION >= '1.8.7' and RUBY_VERSION < '1.9' diff --git a/README.md b/README.md index 75f0b70..c1a2ba7 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,9 @@ The module uses exported resources to manage ssh keys and removes ssh keys that # Compatability -This module has been tested to work on the following systems with Puppet v3 and Ruby versions 1.8.7, 1.9.3, 2.0.0 and 2.1.0. +This module has been tested to work on the following systems with Puppet +versions v3, v3 with future parser and v4 with Ruby versions 1.8.7 (Puppet v3 +only), 1.9.3, 2.0.0 and 2.1.0. * Debian 7 * EL 5 diff --git a/manifests/init.pp b/manifests/init.pp index 617e144..f012dd4 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -261,12 +261,20 @@ class ssh ( $sshd_config_xauth_location_real = $sshd_config_xauth_location } + if $sshd_config_xauth_location_real != undef { + validate_absolute_path($sshd_config_xauth_location_real) + } + if $ssh_package_source == 'USE_DEFAULTS' { $ssh_package_source_real = $default_ssh_package_source } else { $ssh_package_source_real = $ssh_package_source } + if $ssh_package_source_real != undef { + validate_absolute_path($ssh_package_source_real) + } + if $ssh_package_adminfile == 'USE_DEFAULTS' { $ssh_package_adminfile_real = $default_ssh_package_adminfile } else { @@ -325,7 +333,7 @@ class ssh ( if $ssh_sendenv == 'USE_DEFAULTS' { $ssh_sendenv_real = $default_ssh_sendenv } else { - case type($ssh_sendenv) { + case type3x($ssh_sendenv) { 'string': { validate_re($ssh_sendenv, '^(true|false)$', "ssh::ssh_sendenv may be either 'true' or 'false' and is set to <${ssh_sendenv}>.") $ssh_sendenv_real = str2bool($ssh_sendenv) @@ -342,7 +350,7 @@ class ssh ( if $sshd_acceptenv == 'USE_DEFAULTS' { $sshd_acceptenv_real = $default_sshd_acceptenv } else { - case type($sshd_acceptenv) { + case type3x($sshd_acceptenv) { 'string': { validate_re($sshd_acceptenv, '^(true|false)$', "ssh::sshd_acceptenv may be either 'true' or 'false' and is set to <${sshd_acceptenv}>.") $sshd_acceptenv_real = str2bool($sshd_acceptenv) @@ -371,7 +379,7 @@ class ssh ( if $service_hasstatus == 'USE_DEFAULTS' { $service_hasstatus_real = $default_service_hasstatus } else { - case type($service_hasstatus) { + case type3x($service_hasstatus) { 'string': { validate_re($service_hasstatus, '^(true|false)$', "ssh::service_hasstatus must be 'true' or 'false' and is set to <${service_hasstatus}>.") $service_hasstatus_real = str2bool($service_hasstatus) @@ -491,7 +499,7 @@ class ssh ( validate_re($sshd_ignorerhosts, '^(yes|no)$', "ssh::sshd_ignorerhosts may be either 'yes' or 'no' and is set to <${sshd_ignorerhosts}>.") - case type($hiera_merge) { + case type3x($hiera_merge) { 'string': { validate_re($hiera_merge, '^(true|false)$', "ssh::hiera_merge may be either 'true' or 'false' and is set to <${hiera_merge}>.") $hiera_merge_real = str2bool($hiera_merge) @@ -504,14 +512,21 @@ class ssh ( } } - if type($ssh_key_import) == 'string' { - $ssh_key_import_real = str2bool($ssh_key_import) - } else { - $ssh_key_import_real = $ssh_key_import + case type3x($ssh_key_import) { + 'string': { + validate_re($ssh_key_import, '^(true|false)$', "ssh::ssh_key_import may be either 'true' or 'false' and is set to <${ssh_key_import}>.") + $ssh_key_import_real = str2bool($ssh_key_import) + } + 'boolean': { + $ssh_key_import_real = $ssh_key_import + } + default: { + fail('ssh::ssh_key_import type must be true or false.') + } } validate_bool($ssh_key_import_real) - case type($ssh_config_sendenv_xmodifiers) { + case type3x($ssh_config_sendenv_xmodifiers) { 'string': { $ssh_config_sendenv_xmodifiers_real = str2bool($ssh_config_sendenv_xmodifiers) } @@ -550,28 +565,28 @@ class ssh ( validate_re($ssh_config_global_known_hosts_mode, '^[0-7]{4}$', "ssh::ssh_config_global_known_hosts_mode must be a valid 4 digit mode in octal notation. Detected value is <${ssh_config_global_known_hosts_mode}>.") - if type($purge_keys) == 'string' { + if type3x($purge_keys) == 'string' { $purge_keys_real = str2bool($purge_keys) } else { $purge_keys_real = $purge_keys } validate_bool($purge_keys_real) - if type($service_enable) == 'string' { + if type3x($service_enable) == 'string' { $service_enable_real = str2bool($service_enable) } else { $service_enable_real = $service_enable } validate_bool($service_enable_real) - if type($service_hasrestart) == 'string' { + if type3x($service_hasrestart) == 'string' { $service_hasrestart_real = str2bool($service_hasrestart) } else { $service_hasrestart_real = $service_hasrestart } validate_bool($service_hasrestart_real) - if type($manage_root_ssh_config) == 'string' { + if type3x($manage_root_ssh_config) == 'string' { $manage_root_ssh_config_real = str2bool($manage_root_ssh_config) } else { $manage_root_ssh_config_real = $manage_root_ssh_config diff --git a/metadata.json b/metadata.json index 76c6db9..d05d82b 100644 --- a/metadata.json +++ b/metadata.json @@ -10,11 +10,11 @@ "requirements": [ { "name": "pe", - "version_requirement": ">= 3.2.0 < 4.0.0" + "version_requirement": ">= 3.2.0 < 5.0.0" }, { "name": "puppet", - "version_requirement": "3.x" + "version_requirement": ">= 3.0.0 < 5.0.0" } ], "operatingsystem_support": [ @@ -79,8 +79,8 @@ ], "description": "Manage SSH", "dependencies": [ - {"name":"puppetlabs/stdlib","version_requirement":">= 3.2.0 < 5.0.0"}, - {"name":"ghoneycutt/common","version_requirement":">= 1.0.2 < 2.0.0"}, + {"name":"puppetlabs/stdlib","version_requirement":">= 4.6.0 < 6.0.0"}, + {"name":"ghoneycutt/common","version_requirement":">= 1.3.0 < 2.0.0"}, {"name":"puppetlabs/firewall","version_requirement":">= 0.2.1 < 2.0.0"} ] } diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index 5c1a7e4..da5dece 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -148,7 +148,7 @@ describe 'ssh' do it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh module supports Solaris kernel release 5.9, 5.10 and 5.11./) + }.to raise_error(Puppet::Error,/ssh module supports Solaris kernel release 5\.9, 5\.10 and 5\.11\./) end end @@ -915,7 +915,7 @@ describe 'ssh' do it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh supports osfamilies RedHat, Suse, Debian and Solaris. Detected osfamily is \./) + }.to raise_error(Puppet::Error,/ssh supports osfamilies RedHat, Suse, Debian and Solaris\. Detected osfamily is \./) end end @@ -1137,7 +1137,7 @@ describe 'ssh' do it 'should fail' do expect { - should + should contain_class('ssh') }.to raise_error(Puppet::Error, /is not an absolute path/) end end @@ -1168,7 +1168,7 @@ describe 'ssh' do it 'should fail' do expect { - should + should contain_class('ssh') }.to raise_error(Puppet::Error, /is not a string/) end end @@ -1204,7 +1204,7 @@ describe 'ssh' do let (:params) {{'sshd_config_match' => value }} it 'should fail' do expect { - should + should contain_class('ssh') }.to raise_error(Puppet::Error, /is not a Hash/) end end @@ -1267,7 +1267,9 @@ describe 'ssh' do let (:params) {{'sshd_listen_address' => true }} it 'should fail' do - expect { subject }.to raise_error(Puppet::Error) + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error) end end end @@ -1284,7 +1286,9 @@ describe 'ssh' do end let (:params) {{'sshd_config_loglevel' => 'BOGON'}} it 'should fail' do - expect { subject }.to raise_error(Puppet::Error, /"BOGON" does not match/) + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error, /"BOGON" does not match/) end end ['QUIET', 'FATAL', 'ERROR', 'INFO', 'VERBOSE'].each do |supported_val| @@ -1316,7 +1320,9 @@ describe 'ssh' do end let (:params) {{'ssh_config_template' => false}} it 'should fail' do - expect { subject }.to raise_error(Puppet::Error, /is not a string/) + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error, /is not a string/) end end context 'and that value is valid' do @@ -1347,7 +1353,9 @@ describe 'ssh' do end let (:params) {{'sshd_config_template' => false}} it 'should fail' do - expect { subject }.to raise_error(Puppet::Error, /is not a string/) + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error, /is not a string/) end end context 'and that value is valid' do @@ -1490,7 +1498,7 @@ describe 'ssh' do it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::ssh_config_hash_known_hosts may be either \'yes\' or \'no\' and is set to ./) + }.to raise_error(Puppet::Error,/ssh::ssh_config_hash_known_hosts may be either \'yes\' or \'no\' and is set to \./) end end @@ -1629,7 +1637,7 @@ describe 'ssh' do it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::sshd_config_port must be a valid number and is set to <22invalid>\./) + }.to raise_error(Puppet::Error,/ssh::sshd_config_port must be a valid number and is set to <22invalid>\./) end end @@ -1668,7 +1676,7 @@ describe 'ssh' do it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::sshd_password_authentication may be either \'yes\' or \'no\' and is set to \./) + }.to raise_error(Puppet::Error,/ssh::sshd_password_authentication may be either \'yes\' or \'no\' and is set to \./) end end @@ -1687,7 +1695,7 @@ describe 'ssh' do it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::sshd_allow_tcp_forwarding may be either \'yes\' or \'no\' and is set to \./) + }.to raise_error(Puppet::Error,/ssh::sshd_allow_tcp_forwarding may be either \'yes\' or \'no\' and is set to \./) end end @@ -1706,7 +1714,7 @@ describe 'ssh' do it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::sshd_x11_forwarding may be either \'yes\' or \'no\' and is set to \./) + }.to raise_error(Puppet::Error,/ssh::sshd_x11_forwarding may be either \'yes\' or \'no\' and is set to \./) end end @@ -1725,7 +1733,7 @@ describe 'ssh' do it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::sshd_use_pam may be either \'yes\' or \'no\' and is set to \./) + }.to raise_error(Puppet::Error,/ssh::sshd_use_pam may be either \'yes\' or \'no\' and is set to \./) end end @@ -1744,7 +1752,7 @@ describe 'ssh' do it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::sshd_config_serverkeybits must be an integer and is set to \./) + }.to raise_error(Puppet::Error,/ssh::sshd_config_serverkeybits must be an integer and is set to \./) end end @@ -1763,7 +1771,7 @@ describe 'ssh' do it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::sshd_client_alive_interval must be an integer and is set to \./) + }.to raise_error(Puppet::Error,/ssh::sshd_client_alive_interval must be an integer and is set to \./) end end @@ -1782,7 +1790,7 @@ describe 'ssh' do it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::sshd_client_alive_count_max must be an integer and is set to \./) + }.to raise_error(Puppet::Error,/ssh::sshd_client_alive_count_max must be an integer and is set to \./) end end @@ -1866,7 +1874,7 @@ describe 'ssh' do it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::sshd_config_strictmodes may be either \'yes\' or \'no\' and is set to \./) + }.to raise_error(Puppet::Error,/ssh::sshd_config_strictmodes may be either \'yes\' or \'no\' and is set to \./) end end @@ -1882,7 +1890,7 @@ describe 'ssh' do it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^"invalid\/path" is not an absolute path/) + }.to raise_error(Puppet::Error,/"invalid\/path" is not an absolute path/) end end @@ -1898,7 +1906,7 @@ describe 'ssh' do it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^\["invalid", "type"\] is not a string/) + }.to raise_error(Puppet::Error,/\["invalid", "type"\] is not a string/) end end @@ -1914,7 +1922,7 @@ describe 'ssh' do it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::sshd_config_banner must be set to be able to use sshd_banner_content\./) + }.to raise_error(Puppet::Error,/ssh::sshd_config_banner must be set to be able to use sshd_banner_content\./) end end @@ -1931,7 +1939,7 @@ describe 'ssh' do it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::ssh_config_sendenv_xmodifiers type must be true or false\./) + }.to raise_error(Puppet::Error,/ssh::ssh_config_sendenv_xmodifiers type must be true or false\./) end end @@ -2050,12 +2058,15 @@ describe 'ssh' do let(:params) { { :hiera_merge => ['not_a_boolean','or_a_string'] } } let(:facts) do { :osfamily => 'RedHat', + :fqdn => 'hieramerge.example.com', :lsbmajdistrelease => '6', } end it 'should fail' do - expect { should raise_error(Puppet::Error) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error) end end @@ -2068,7 +2079,9 @@ describe 'ssh' do end it 'should fail' do - expect { should raise_error(Puppet::Error,/^ssh::hiera_merge may be either 'true' or 'false' and is set to ./) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/ssh::hiera_merge may be either 'true' or 'false' and is set to ./) end end @@ -2077,6 +2090,7 @@ describe 'ssh' do let(:params) { { :hiera_merge => value } } let(:facts) do { :osfamily => 'RedHat', + :fqdn => 'hieramerge.example.com', :lsbmajdistrelease => '6', } end @@ -2084,6 +2098,12 @@ describe 'ssh' do it { should compile.with_all_deps } it { should contain_class('ssh') } + + it { should contain_file('sshd_config').with_content(/^\s*DenyUsers denyuser_from_fqdn denyuser_from_common/) } + it { should contain_file('sshd_config').with_content(/^\s*DenyGroups denygroup_from_fqdn denygroup_from_common/) } + it { should contain_file('sshd_config').with_content(/^\s*AllowUsers allowuser_from_fqdn allowuser_from_common/) } + it { should contain_file('sshd_config').with_content(/^\s*AllowGroups allowgroup_from_fqdn allowgroup_from_common/) } + end end @@ -2136,7 +2156,9 @@ describe 'ssh' do end it 'should fail' do - expect { should raise_error(Puppet::Error,/^is not an absolute path/) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/is not an absolute path/) end end end @@ -2164,7 +2186,9 @@ describe 'ssh' do end it 'should fail' do - expect { should raise_error(Puppet::Error,/^is not an absolute path/) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/is not an absolute path/) end end @@ -2178,7 +2202,9 @@ describe 'ssh' do end it 'should fail' do - expect { should raise_error(Puppet::Error) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error) end end end @@ -2216,7 +2242,9 @@ describe 'ssh' do end it 'should fail' do - expect { should raise_error(Puppet::Error,/^is not an absolute path/) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/is not an absolute path/) end end @@ -2231,7 +2259,9 @@ describe 'ssh' do end it 'should fail' do - expect { should raise_error(Puppet::Error) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error) end end end @@ -2274,7 +2304,9 @@ describe 'ssh' do end it 'should fail' do - expect { should raise_error(Puppet::Error,/^ssh::ssh_config_forward_x11_trusted may be either 'yes' or 'no' and is set to <#{value}>./) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/ssh::ssh_config_forward_x11_trusted may be either 'yes' or 'no' and is set to <#{value}>\./) end end end @@ -2307,7 +2339,9 @@ describe 'ssh' do end it 'should fail' do - expect { should raise_error(Puppet::Error,/^ssh::sshd_gssapidelegatecredentials may be either 'yes' or 'no' and is set to <#{value}>./) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/ssh::ssh_gssapidelegatecredentials may be either 'yes' or 'no' and is set to <#{value}>\./) end end end @@ -2335,12 +2369,14 @@ describe 'ssh' do if value.is_a?(Array) value = value.join + elsif value.is_a?(Hash) + value = '{ha => sh}' end - it do + it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::ssh_gssapiauthentication may be either 'yes' or 'no' and is set to <#{value.to_s}>\./) + }.to raise_error(Puppet::Error,/ssh::ssh_gssapiauthentication may be either 'yes' or 'no' and is set to <#{Regexp.escape(value.to_s)}>\./) end end end @@ -2365,14 +2401,17 @@ describe 'ssh' do ['YES',true,2.42,['array'],a = { 'ha' => 'sh' }].each do |value| context "specified as invalid value #{value} (as #{value.class})" do let(:params) { { :sshd_gssapiauthentication => value } } + if value.is_a?(Array) value = value.join + elsif value.is_a?(Hash) + value = '{ha => sh}' end - it do + it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::sshd_gssapiauthentication may be either 'yes' or 'no' and is set to <#{value}>\./) + }.to raise_error(Puppet::Error,/ssh::sshd_gssapiauthentication may be either 'yes' or 'no' and is set to <#{Regexp.escape(value.to_s)}>\./) end end end @@ -2415,7 +2454,9 @@ describe 'ssh' do end it 'should fail' do - expect { should raise_error(Puppet::Error,/^ssh::sshd_gssapikeyexchange may be either 'yes' or 'no' and is set to <#{value}>./) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/ssh::sshd_gssapikeyexchange may be either 'yes' or 'no' and is set to <#{value}>\./) end end end @@ -2458,7 +2499,9 @@ describe 'ssh' do end it 'should fail' do - expect { should raise_error(Puppet::Error,/^ssh::sshd_pamauthenticationviakbdint may be either 'yes' or 'no' and is set to <#{value}>./) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/ssh::sshd_pamauthenticationviakbdint may be either 'yes' or 'no' and is set to <#{value}>\./) end end end @@ -2502,7 +2545,9 @@ describe 'ssh' do end it 'should fail' do - expect { should raise_error(Puppet::Error,/^ssh::sshd_gssapicleanupcredentials may be either 'yes' or 'no' and is set to <#{value}>./) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/ssh::sshd_gssapicleanupcredentials may be either 'yes' or 'no' and is set to <#{value}>\./) end end end @@ -2548,7 +2593,9 @@ describe 'ssh' do end it 'should fail' do - expect { should raise_error(Puppet::Error,/^ssh::ssh_sendenv may be either 'true' or 'false' and is set to ./) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/ssh::ssh_sendenv may be either 'true' or 'false' and is set to \./) end end @@ -2562,7 +2609,9 @@ describe 'ssh' do end it 'should fail' do - expect { should raise_error(Puppet::Error,/^ssh::ssh_sendenv type must be true or false./) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/ssh::ssh_sendenv type must be true or false\./) end end end @@ -2595,7 +2644,7 @@ describe 'ssh' do it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::sshd_config_maxstartups may be either an integer or three integers separated with colons, such as 10:30:100. Detected value is <#{value}>./) + }.to raise_error(Puppet::Error,/ssh::sshd_config_maxstartups may be either an integer or three integers separated with colons, such as 10:30:100\. Detected value is <#{value}>\./) end end end @@ -2609,7 +2658,9 @@ describe 'ssh' do } end it 'should fail' do - expect { should contain_class('ssh') }.to raise_error(Puppet::Error) + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error) end end end @@ -2635,7 +2686,9 @@ describe 'ssh' do } end it 'should fail' do - expect { should contain_class('ssh') }.to raise_error(Puppet::Error) + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error) end end end @@ -2679,7 +2732,9 @@ describe 'ssh' do end it 'should fail' do - expect { should raise_error(Puppet::Error,/^ssh::sshd_acceptenv may be either 'true' or 'false' and is set to ./) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/ssh::sshd_acceptenv may be either 'true' or 'false' and is set to \./) end end @@ -2693,7 +2748,9 @@ describe 'ssh' do end it 'should fail' do - expect { should raise_error(Puppet::Error,/^ssh::sshd_acceptenv type must be true or false./) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/ssh::sshd_acceptenv type must be true or false\./) end end end @@ -2732,7 +2789,9 @@ describe 'ssh' do end it 'should fail' do - expect { should raise_error(Puppet::Error,/^ssh::service_hasstatus must be 'true' or 'false' and is set to ./) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/ssh::service_hasstatus must be 'true' or 'false' and is set to \./) end end @@ -2746,7 +2805,9 @@ describe 'ssh' do end it 'should fail' do - expect { should raise_error(Puppet::Error,/^ssh::service_hasstatus must be true or false./) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/ssh::service_hasstatus must be true or false\./) end end end @@ -2783,15 +2844,15 @@ describe 'ssh' do } end - it do + it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^\"invalid\/path\" is not an absolute path./) + }.to raise_error(Puppet::Error,/\"invalid\/path\" is not an absolute path\./) end end context 'specified as an invalid type' do - let(:params) { { :ssh_config_global_known_hosts_file => ['invalid','type'] } } + let(:params) { { :ssh_config_global_known_hosts_file => { 'invalid' => 'type'} } } let(:facts) do { :fqdn => 'monkey.example.com', :osfamily => 'RedHat', @@ -2799,10 +2860,10 @@ describe 'ssh' do } end - it do + it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^\[\"invalid\", \"type\"\] is not an absolute path./) + }.to raise_error(Puppet::Error,/is not an absolute path/) end end end @@ -2837,10 +2898,10 @@ describe 'ssh' do } end - it do + it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^\[\"invalid\", \"type\"\] is not a string. It looks to be a Array/) + }.to raise_error(Puppet::Error,/\[\"invalid\", \"type\"\] is not a string\. It looks to be a Array/) end end end @@ -2875,10 +2936,10 @@ describe 'ssh' do } end - it do + it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^\[\"invalid\", \"type\"\] is not a string. It looks to be a Array/) + }.to raise_error(Puppet::Error,/\[\"invalid\", \"type\"\] is not a string\. It looks to be a Array/) end end end @@ -2914,10 +2975,10 @@ describe 'ssh' do } end - it do + it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::ssh_config_global_known_hosts_mode must be a valid 4 digit mode in octal notation. Detected value is <#{value}>./) + }.to raise_error(Puppet::Error,/ssh::ssh_config_global_known_hosts_mode must be a valid 4 digit mode in octal notation\. Detected value is <#{value}>\./) end end end @@ -2931,10 +2992,10 @@ describe 'ssh' do } end - it do + it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::ssh_config_global_known_hosts_mode must be a valid 4 digit mode in octal notation. Detected value is ./) + }.to raise_error(Puppet::Error,/ssh::ssh_config_global_known_hosts_mode must be a valid 4 digit mode in octal notation\. Detected value is <[\[]?invalid.*type[\]]?/) end end end @@ -2944,7 +3005,9 @@ describe 'ssh' do let(:params) { { :ssh_key_import => ['not_a_boolean','or_a_string'] } } it 'should fail' do - expect { should raise_error(Puppet::Error) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error) end end @@ -2957,7 +3020,9 @@ describe 'ssh' do end it 'should fail' do - expect { should raise_error(Puppet::Error,/^ssh::ssh_key_import may be either 'true' or 'false' and is set to ./) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/ssh::ssh_key_import may be either 'true' or 'false' and is set to \./) end end @@ -3028,7 +3093,7 @@ describe 'ssh' do it do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/ssh::sshd_hostbasedauthentication may be either 'yes' or 'no' and is set to <#{value}>\./) + }.to raise_error(Puppet::Error,/ssh::sshd_hostbasedauthentication may be either 'yes' or 'no' and is set to/) end end end @@ -3060,7 +3125,7 @@ describe 'ssh' do it do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/ssh::sshd_ignoreuserknownhosts may be either 'yes' or 'no' and is set to <#{value}>\./) + }.to raise_error(Puppet::Error,/ssh::sshd_ignoreuserknownhosts may be either 'yes' or 'no' and is set to/) end end end @@ -3092,7 +3157,7 @@ describe 'ssh' do it do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/ssh::sshd_ignorerhosts may be either 'yes' or 'no' and is set to <#{value}>\./) + }.to raise_error(Puppet::Error,/ssh::sshd_ignorerhosts may be either 'yes' or 'no' and is set to/) end end end diff --git a/spec/fixtures/hiera/hiera.yaml b/spec/fixtures/hiera/hiera.yaml new file mode 100644 index 0000000..96ede91 --- /dev/null +++ b/spec/fixtures/hiera/hiera.yaml @@ -0,0 +1,8 @@ +--- +:backends: + - yaml +:yaml: + :datadir: 'spec/fixtures/hiera/hieradata' +:hierarchy: + - fqdn/%{fqdn} + - common diff --git a/spec/fixtures/hiera/hieradata/common.yaml b/spec/fixtures/hiera/hieradata/common.yaml new file mode 100644 index 0000000..e2d2cb9 --- /dev/null +++ b/spec/fixtures/hiera/hieradata/common.yaml @@ -0,0 +1,9 @@ +--- +ssh::sshd_config_allowgroups: + - allowgroup_from_common +ssh::sshd_config_allowusers: + - allowuser_from_common +ssh::sshd_config_denygroups: + - denygroup_from_common +ssh::sshd_config_denyusers: + - denyuser_from_common diff --git a/spec/fixtures/hiera/hieradata/fqdn/hieramerge.example.com.yaml b/spec/fixtures/hiera/hieradata/fqdn/hieramerge.example.com.yaml new file mode 100644 index 0000000..e8d0fc4 --- /dev/null +++ b/spec/fixtures/hiera/hieradata/fqdn/hieramerge.example.com.yaml @@ -0,0 +1,9 @@ +--- +ssh::sshd_config_allowgroups: + - allowgroup_from_fqdn +ssh::sshd_config_allowusers: + - allowuser_from_fqdn +ssh::sshd_config_denygroups: + - denygroup_from_fqdn +ssh::sshd_config_denyusers: + - denyuser_from_fqdn diff --git a/spec/fixtures/hiera/hieradata/fqdn/monkey.example.com.yaml b/spec/fixtures/hiera/hieradata/fqdn/monkey.example.com.yaml new file mode 100644 index 0000000..b30defc --- /dev/null +++ b/spec/fixtures/hiera/hieradata/fqdn/monkey.example.com.yaml @@ -0,0 +1,5 @@ +--- +ssh::sshd_config_allowgroups: +ssh::sshd_config_allowusers: +ssh::sshd_config_denygroups: +ssh::sshd_config_denyusers: diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 2c6f566..05afdb2 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1 +1,15 @@ require 'puppetlabs_spec_helper/module_spec_helper' + +RSpec.configure do |config| + config.hiera_config = 'spec/fixtures/hiera/hiera.yaml' + config.before :each do + # Ensure that we don't accidentally cache facts and environment between + # test cases. This requires each example group to explicitly load the + # facts being exercised with something like + # Facter.collection.loader.load(:ipaddress) + Facter.clear + Facter.clear_messages + + Puppet[:parser] = 'future' if ENV['FUTURE_PARSER'] == 'yes' + end +end diff --git a/templates/sshd_config.erb b/templates/sshd_config.erb index 27401af..706798f 100644 --- a/templates/sshd_config.erb +++ b/templates/sshd_config.erb @@ -164,12 +164,12 @@ UseDNS <%= @sshd_config_use_dns_real %> <% end -%> #PidFile /var/run/sshd.pid <% if @sshd_config_maxstartups -%> -MaxStartups <%= sshd_config_maxstartups %> +MaxStartups <%= @sshd_config_maxstartups %> <% else -%> #MaxStartups 10:30:100 <% end -%> <% if @sshd_config_maxsessions -%> -MaxSessions <%= sshd_config_maxsessions %> +MaxSessions <%= @sshd_config_maxsessions %> <% else -%> #MaxSessions 10 <% end -%> @@ -200,16 +200,16 @@ Ciphers <%= @sshd_config_ciphers.join(',') %> <% if @sshd_config_macs -%> MACs <%= @sshd_config_macs.join(',') %> <% end -%> -<% if @sshd_config_denyusers -%> +<% if @sshd_config_denyusers_real -%> DenyUsers <%= @sshd_config_denyusers_real.join(' ') %> <% end -%> -<% if @sshd_config_denygroups -%> +<% if @sshd_config_denygroups_real -%> DenyGroups <%= @sshd_config_denygroups_real.join(' ') %> <% end -%> -<% if @sshd_config_allowusers -%> +<% if @sshd_config_allowusers_real -%> AllowUsers <%= @sshd_config_allowusers_real.join(' ') %> <% end -%> -<% if @sshd_config_allowgroups -%> +<% if @sshd_config_allowgroups_real -%> AllowGroups <%= @sshd_config_allowgroups_real.join(' ') %> <% end -%> <% if @sshd_config_match -%>