puppet/ssh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #120 from ghoneycutt/puppetv4

Browse Source 
Support Puppetv4 and v3 with future parser
This commit is contained in:
Garrett Honeycutt 2015-08-05 12:49:11 -04:00
commit fe5f66f2f4
14 changed files with 236 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.fixtures.yml
View File

@ -2,10 +2,10 @@ fixtures:
repositories: repositories:
stdlib: stdlib:
repo: 'git://github.com/puppetlabs/puppetlabs-stdlib.git' repo: 'git://github.com/puppetlabs/puppetlabs-stdlib.git'
ref: '3.2.0' ref: '4.6.0'
common: common:
repo: 'git://github.com/ghoneycutt/puppet-module-common.git' repo: 'git://github.com/ghoneycutt/puppet-module-common.git'
ref: 'v1.0.2' ref: 'v1.3.0'
firewall: firewall:
repo: 'git://github.com/puppetlabs/puppetlabs-firewall.git' repo: 'git://github.com/puppetlabs/puppetlabs-firewall.git'
ref: '0.2.1' ref: '0.2.1'

2
.gitignore vendored
View File

@ -26,6 +26,6 @@ doc/
# Puppet # Puppet
coverage/ coverage/
spec/fixtures/manifests/*
spec/fixtures/modules/* spec/fixtures/modules/*
Gemfile.lock Gemfile.lock
spec/fixtures/

16
.travis.yml
View File

@ -13,9 +13,15 @@ env:
- PUPPET_GEM_VERSION="~> 3.2.0" - PUPPET_GEM_VERSION="~> 3.2.0"
- PUPPET_GEM_VERSION="~> 3.3.0" - PUPPET_GEM_VERSION="~> 3.3.0"
- PUPPET_GEM_VERSION="~> 3.4.0" - PUPPET_GEM_VERSION="~> 3.4.0"
- PUPPET_GEM_VERSION="~> 3.5.1" - PUPPET_GEM_VERSION="~> 3.5.0"
- PUPPET_GEM_VERSION="~> 3.6.0" - PUPPET_GEM_VERSION="~> 3.6.0"
- PUPPET_GEM_VERSION="~> 3.7.0" - PUPPET_GEM_VERSION="~> 3.7.0"
- PUPPET_GEM_VERSION="~> 3.8.0"
- PUPPET_GEM_VERSION="~> 3" PARSER="future"
- PUPPET_GEM_VERSION="~> 4.0.0"
- PUPPET_GEM_VERSION="~> 4.1.0"
- PUPPET_GEM_VERSION="~> 4.2.0"
- PUPPET_GEM_VERSION="~> 4"
sudo: false sudo: false
@ -34,6 +40,14 @@ matrix:
env: PUPPET_GEM_VERSION="~> 3.3.0" env: PUPPET_GEM_VERSION="~> 3.3.0"
- rvm: 2.1.0 - rvm: 2.1.0
env: PUPPET_GEM_VERSION="~> 3.4.0" env: PUPPET_GEM_VERSION="~> 3.4.0"
- rvm: 1.8.7
env: PUPPET_GEM_VERSION="~> 4.0.0"
- rvm: 1.8.7
env: PUPPET_GEM_VERSION="~> 4.1.0"
- rvm: 1.8.7
env: PUPPET_GEM_VERSION="~> 4.2.0"
- rvm: 1.8.7
env: PUPPET_GEM_VERSION="~> 4"
notifications: notifications:
email: false email: false

2
Gemfile
View File

@ -10,7 +10,7 @@ gem 'metadata-json-lint'
gem 'puppetlabs_spec_helper', '>= 0.1.0' gem 'puppetlabs_spec_helper', '>= 0.1.0'
gem 'puppet-lint', '>= 1.0.0' gem 'puppet-lint', '>= 1.0.0'
gem 'facter', '>= 1.7.0' gem 'facter', '>= 1.7.0'
gem 'rspec-puppet', '~>1.0' gem 'rspec-puppet', '~> 2.0'
# rspec must be v2 for ruby 1.8.7 # rspec must be v2 for ruby 1.8.7
if RUBY_VERSION >= '1.8.7' and RUBY_VERSION < '1.9' if RUBY_VERSION >= '1.8.7' and RUBY_VERSION < '1.9'

4
README.md
View File

@ -8,7 +8,9 @@ The module uses exported resources to manage ssh keys and removes ssh keys that
# Compatability # Compatability
This module has been tested to work on the following systems with Puppet v3 and Ruby versions 1.8.7, 1.9.3, 2.0.0 and 2.1.0. This module has been tested to work on the following systems with Puppet
versions v3, v3 with future parser and v4 with Ruby versions 1.8.7 (Puppet v3
only), 1.9.3, 2.0.0 and 2.1.0.
* Debian 7 * Debian 7
* EL 5 * EL 5

37
manifests/init.pp
View File

@ -261,12 +261,20 @@ class ssh (
$sshd_config_xauth_location_real = $sshd_config_xauth_location $sshd_config_xauth_location_real = $sshd_config_xauth_location
} }
if $sshd_config_xauth_location_real != undef {
validate_absolute_path($sshd_config_xauth_location_real)
}
if $ssh_package_source == 'USE_DEFAULTS' { if $ssh_package_source == 'USE_DEFAULTS' {
$ssh_package_source_real = $default_ssh_package_source $ssh_package_source_real = $default_ssh_package_source
} else { } else {
$ssh_package_source_real = $ssh_package_source $ssh_package_source_real = $ssh_package_source
} }
if $ssh_package_source_real != undef {
validate_absolute_path($ssh_package_source_real)
}
if $ssh_package_adminfile == 'USE_DEFAULTS' { if $ssh_package_adminfile == 'USE_DEFAULTS' {
$ssh_package_adminfile_real = $default_ssh_package_adminfile $ssh_package_adminfile_real = $default_ssh_package_adminfile
} else { } else {
@ -325,7 +333,7 @@ class ssh (
if $ssh_sendenv == 'USE_DEFAULTS' { if $ssh_sendenv == 'USE_DEFAULTS' {
$ssh_sendenv_real = $default_ssh_sendenv $ssh_sendenv_real = $default_ssh_sendenv
} else { } else {
case type($ssh_sendenv) { case type3x($ssh_sendenv) {
'string': { 'string': {
validate_re($ssh_sendenv, '^(true|false)$', "ssh::ssh_sendenv may be either 'true' or 'false' and is set to <${ssh_sendenv}>.") validate_re($ssh_sendenv, '^(true|false)$', "ssh::ssh_sendenv may be either 'true' or 'false' and is set to <${ssh_sendenv}>.")
$ssh_sendenv_real = str2bool($ssh_sendenv) $ssh_sendenv_real = str2bool($ssh_sendenv)
@ -342,7 +350,7 @@ class ssh (
if $sshd_acceptenv == 'USE_DEFAULTS' { if $sshd_acceptenv == 'USE_DEFAULTS' {
$sshd_acceptenv_real = $default_sshd_acceptenv $sshd_acceptenv_real = $default_sshd_acceptenv
} else { } else {
case type($sshd_acceptenv) { case type3x($sshd_acceptenv) {
'string': { 'string': {
validate_re($sshd_acceptenv, '^(true|false)$', "ssh::sshd_acceptenv may be either 'true' or 'false' and is set to <${sshd_acceptenv}>.") validate_re($sshd_acceptenv, '^(true|false)$', "ssh::sshd_acceptenv may be either 'true' or 'false' and is set to <${sshd_acceptenv}>.")
$sshd_acceptenv_real = str2bool($sshd_acceptenv) $sshd_acceptenv_real = str2bool($sshd_acceptenv)
@ -371,7 +379,7 @@ class ssh (
if $service_hasstatus == 'USE_DEFAULTS' { if $service_hasstatus == 'USE_DEFAULTS' {
$service_hasstatus_real = $default_service_hasstatus $service_hasstatus_real = $default_service_hasstatus
} else { } else {
case type($service_hasstatus) { case type3x($service_hasstatus) {
'string': { 'string': {
validate_re($service_hasstatus, '^(true|false)$', "ssh::service_hasstatus must be 'true' or 'false' and is set to <${service_hasstatus}>.") validate_re($service_hasstatus, '^(true|false)$', "ssh::service_hasstatus must be 'true' or 'false' and is set to <${service_hasstatus}>.")
$service_hasstatus_real = str2bool($service_hasstatus) $service_hasstatus_real = str2bool($service_hasstatus)
@ -491,7 +499,7 @@ class ssh (
validate_re($sshd_ignorerhosts, '^(yes|no)$', "ssh::sshd_ignorerhosts may be either 'yes' or 'no' and is set to <${sshd_ignorerhosts}>.") validate_re($sshd_ignorerhosts, '^(yes|no)$', "ssh::sshd_ignorerhosts may be either 'yes' or 'no' and is set to <${sshd_ignorerhosts}>.")
case type($hiera_merge) { case type3x($hiera_merge) {
'string': { 'string': {
validate_re($hiera_merge, '^(true|false)$', "ssh::hiera_merge may be either 'true' or 'false' and is set to <${hiera_merge}>.") validate_re($hiera_merge, '^(true|false)$', "ssh::hiera_merge may be either 'true' or 'false' and is set to <${hiera_merge}>.")
$hiera_merge_real = str2bool($hiera_merge) $hiera_merge_real = str2bool($hiera_merge)
@ -504,14 +512,21 @@ class ssh (
} }
} }
if type($ssh_key_import) == 'string' { case type3x($ssh_key_import) {
'string': {
validate_re($ssh_key_import, '^(true|false)$', "ssh::ssh_key_import may be either 'true' or 'false' and is set to <${ssh_key_import}>.")
$ssh_key_import_real = str2bool($ssh_key_import) $ssh_key_import_real = str2bool($ssh_key_import)
} else { }
'boolean': {
$ssh_key_import_real = $ssh_key_import $ssh_key_import_real = $ssh_key_import
} }
default: {
fail('ssh::ssh_key_import type must be true or false.')
}
}
validate_bool($ssh_key_import_real) validate_bool($ssh_key_import_real)
case type($ssh_config_sendenv_xmodifiers) { case type3x($ssh_config_sendenv_xmodifiers) {
'string': { 'string': {
$ssh_config_sendenv_xmodifiers_real = str2bool($ssh_config_sendenv_xmodifiers) $ssh_config_sendenv_xmodifiers_real = str2bool($ssh_config_sendenv_xmodifiers)
} }
@ -550,28 +565,28 @@ class ssh (
validate_re($ssh_config_global_known_hosts_mode, '^[0-7]{4}$', validate_re($ssh_config_global_known_hosts_mode, '^[0-7]{4}$',
"ssh::ssh_config_global_known_hosts_mode must be a valid 4 digit mode in octal notation. Detected value is <${ssh_config_global_known_hosts_mode}>.") "ssh::ssh_config_global_known_hosts_mode must be a valid 4 digit mode in octal notation. Detected value is <${ssh_config_global_known_hosts_mode}>.")
if type($purge_keys) == 'string' { if type3x($purge_keys) == 'string' {
$purge_keys_real = str2bool($purge_keys) $purge_keys_real = str2bool($purge_keys)
} else { } else {
$purge_keys_real = $purge_keys $purge_keys_real = $purge_keys
} }
validate_bool($purge_keys_real) validate_bool($purge_keys_real)
if type($service_enable) == 'string' { if type3x($service_enable) == 'string' {
$service_enable_real = str2bool($service_enable) $service_enable_real = str2bool($service_enable)
} else { } else {
$service_enable_real = $service_enable $service_enable_real = $service_enable
} }
validate_bool($service_enable_real) validate_bool($service_enable_real)
if type($service_hasrestart) == 'string' { if type3x($service_hasrestart) == 'string' {
$service_hasrestart_real = str2bool($service_hasrestart) $service_hasrestart_real = str2bool($service_hasrestart)
} else { } else {
$service_hasrestart_real = $service_hasrestart $service_hasrestart_real = $service_hasrestart
} }
validate_bool($service_hasrestart_real) validate_bool($service_hasrestart_real)
if type($manage_root_ssh_config) == 'string' { if type3x($manage_root_ssh_config) == 'string' {
$manage_root_ssh_config_real = str2bool($manage_root_ssh_config) $manage_root_ssh_config_real = str2bool($manage_root_ssh_config)
} else { } else {
$manage_root_ssh_config_real = $manage_root_ssh_config $manage_root_ssh_config_real = $manage_root_ssh_config

8
metadata.json
View File

@ -10,11 +10,11 @@
"requirements": [ "requirements": [
{ {
"name": "pe", "name": "pe",
"version_requirement": ">= 3.2.0 < 4.0.0" "version_requirement": ">= 3.2.0 < 5.0.0"
}, },
{ {
"name": "puppet", "name": "puppet",
"version_requirement": "3.x" "version_requirement": ">= 3.0.0 < 5.0.0"
} }
], ],
"operatingsystem_support": [ "operatingsystem_support": [
@ -79,8 +79,8 @@
], ],
"description": "Manage SSH", "description": "Manage SSH",
"dependencies": [ "dependencies": [
{"name":"puppetlabs/stdlib","version_requirement":">= 3.2.0 < 5.0.0"}, {"name":"puppetlabs/stdlib","version_requirement":">= 4.6.0 < 6.0.0"},
{"name":"ghoneycutt/common","version_requirement":">= 1.0.2 < 2.0.0"}, {"name":"ghoneycutt/common","version_requirement":">= 1.3.0 < 2.0.0"},
{"name":"puppetlabs/firewall","version_requirement":">= 0.2.1 < 2.0.0"} {"name":"puppetlabs/firewall","version_requirement":">= 0.2.1 < 2.0.0"}
] ]
} }

197
spec/classes/init_spec.rb
View File

@ -148,7 +148,7 @@ describe 'ssh' do
it 'should fail' do it 'should fail' do
expect { expect {
should contain_class('ssh') should contain_class('ssh')
}.to raise_error(Puppet::Error,/^ssh module supports Solaris kernel release 5.9, 5.10 and 5.11./) }.to raise_error(Puppet::Error,/ssh module supports Solaris kernel release 5\.9, 5\.10 and 5\.11\./)
end end
end end
@ -915,7 +915,7 @@ describe 'ssh' do
it 'should fail' do it 'should fail' do
expect { expect {
should contain_class('ssh') should contain_class('ssh')
}.to raise_error(Puppet::Error,/^ssh supports osfamilies RedHat, Suse, Debian and Solaris. Detected osfamily is <C64>\./) }.to raise_error(Puppet::Error,/ssh supports osfamilies RedHat, Suse, Debian and Solaris\. Detected osfamily is <C64>\./)
end end
end end
@ -1137,7 +1137,7 @@ describe 'ssh' do
it 'should fail' do it 'should fail' do
expect { expect {
should should contain_class('ssh')
}.to raise_error(Puppet::Error, /is not an absolute path/) }.to raise_error(Puppet::Error, /is not an absolute path/)
end end
end end
@ -1168,7 +1168,7 @@ describe 'ssh' do
it 'should fail' do it 'should fail' do
expect { expect {
should should contain_class('ssh')
}.to raise_error(Puppet::Error, /is not a string/) }.to raise_error(Puppet::Error, /is not a string/)
end end
end end
@ -1204,7 +1204,7 @@ describe 'ssh' do
let (:params) {{'sshd_config_match' => value }} let (:params) {{'sshd_config_match' => value }}
it 'should fail' do it 'should fail' do
expect { expect {
should should contain_class('ssh')
}.to raise_error(Puppet::Error, /is not a Hash/) }.to raise_error(Puppet::Error, /is not a Hash/)
end end
end end
@ -1267,7 +1267,9 @@ describe 'ssh' do
let (:params) {{'sshd_listen_address' => true }} let (:params) {{'sshd_listen_address' => true }}
it 'should fail' do it 'should fail' do
expect { subject }.to raise_error(Puppet::Error) expect {
should contain_class('ssh')
}.to raise_error(Puppet::Error)
end end
end end
end end
@ -1284,7 +1286,9 @@ describe 'ssh' do
end end
let (:params) {{'sshd_config_loglevel' => 'BOGON'}} let (:params) {{'sshd_config_loglevel' => 'BOGON'}}
it 'should fail' do it 'should fail' do
expect { subject }.to raise_error(Puppet::Error, /"BOGON" does not match/) expect {
should contain_class('ssh')
}.to raise_error(Puppet::Error, /"BOGON" does not match/)
end end
end end
['QUIET', 'FATAL', 'ERROR', 'INFO', 'VERBOSE'].each do |supported_val| ['QUIET', 'FATAL', 'ERROR', 'INFO', 'VERBOSE'].each do |supported_val|
@ -1316,7 +1320,9 @@ describe 'ssh' do
end end
let (:params) {{'ssh_config_template' => false}} let (:params) {{'ssh_config_template' => false}}
it 'should fail' do it 'should fail' do
expect { subject }.to raise_error(Puppet::Error, /is not a string/) expect {
should contain_class('ssh')
}.to raise_error(Puppet::Error, /is not a string/)
end end
end end
context 'and that value is valid' do context 'and that value is valid' do
@ -1347,7 +1353,9 @@ describe 'ssh' do
end end
let (:params) {{'sshd_config_template' => false}} let (:params) {{'sshd_config_template' => false}}
it 'should fail' do it 'should fail' do
expect { subject }.to raise_error(Puppet::Error, /is not a string/) expect {
should contain_class('ssh')
}.to raise_error(Puppet::Error, /is not a string/)
end end
end end
context 'and that value is valid' do context 'and that value is valid' do
@ -1490,7 +1498,7 @@ describe 'ssh' do
it 'should fail' do it 'should fail' do
expect { expect {
should contain_class('ssh') should contain_class('ssh')
}.to raise_error(Puppet::Error,/^ssh::ssh_config_hash_known_hosts may be either \'yes\' or \'no\' and is set to <invalid>./) }.to raise_error(Puppet::Error,/ssh::ssh_config_hash_known_hosts may be either \'yes\' or \'no\' and is set to <invalid>\./)
end end
end end
@ -1629,7 +1637,7 @@ describe 'ssh' do
it 'should fail' do it 'should fail' do
expect { expect {
should contain_class('ssh') should contain_class('ssh')
}.to raise_error(Puppet::Error,/^ssh::sshd_config_port must be a valid number and is set to <22invalid>\./) }.to raise_error(Puppet::Error,/ssh::sshd_config_port must be a valid number and is set to <22invalid>\./)
end end
end end
@ -1668,7 +1676,7 @@ describe 'ssh' do
it 'should fail' do it 'should fail' do
expect { expect {
should contain_class('ssh') should contain_class('ssh')
}.to raise_error(Puppet::Error,/^ssh::sshd_password_authentication may be either \'yes\' or \'no\' and is set to <invalid>\./) }.to raise_error(Puppet::Error,/ssh::sshd_password_authentication may be either \'yes\' or \'no\' and is set to <invalid>\./)
end end
end end
@ -1687,7 +1695,7 @@ describe 'ssh' do
it 'should fail' do it 'should fail' do
expect { expect {
should contain_class('ssh') should contain_class('ssh')
}.to raise_error(Puppet::Error,/^ssh::sshd_allow_tcp_forwarding may be either \'yes\' or \'no\' and is set to <invalid>\./) }.to raise_error(Puppet::Error,/ssh::sshd_allow_tcp_forwarding may be either \'yes\' or \'no\' and is set to <invalid>\./)
end end
end end
@ -1706,7 +1714,7 @@ describe 'ssh' do
it 'should fail' do it 'should fail' do
expect { expect {
should contain_class('ssh') should contain_class('ssh')
}.to raise_error(Puppet::Error,/^ssh::sshd_x11_forwarding may be either \'yes\' or \'no\' and is set to <invalid>\./) }.to raise_error(Puppet::Error,/ssh::sshd_x11_forwarding may be either \'yes\' or \'no\' and is set to <invalid>\./)
end end
end end
@ -1725,7 +1733,7 @@ describe 'ssh' do
it 'should fail' do it 'should fail' do
expect { expect {
should contain_class('ssh') should contain_class('ssh')
}.to raise_error(Puppet::Error,/^ssh::sshd_use_pam may be either \'yes\' or \'no\' and is set to <invalid>\./) }.to raise_error(Puppet::Error,/ssh::sshd_use_pam may be either \'yes\' or \'no\' and is set to <invalid>\./)
end end
end end
@ -1744,7 +1752,7 @@ describe 'ssh' do
it 'should fail' do it 'should fail' do
expect { expect {
should contain_class('ssh') should contain_class('ssh')
}.to raise_error(Puppet::Error,/^ssh::sshd_config_serverkeybits must be an integer and is set to <invalid>\./) }.to raise_error(Puppet::Error,/ssh::sshd_config_serverkeybits must be an integer and is set to <invalid>\./)
end end
end end
@ -1763,7 +1771,7 @@ describe 'ssh' do
it 'should fail' do it 'should fail' do
expect { expect {
should contain_class('ssh') should contain_class('ssh')
}.to raise_error(Puppet::Error,/^ssh::sshd_client_alive_interval must be an integer and is set to <invalid>\./) }.to raise_error(Puppet::Error,/ssh::sshd_client_alive_interval must be an integer and is set to <invalid>\./)
end end
end end
@ -1782,7 +1790,7 @@ describe 'ssh' do
it 'should fail' do it 'should fail' do
expect { expect {
should contain_class('ssh') should contain_class('ssh')
}.to raise_error(Puppet::Error,/^ssh::sshd_client_alive_count_max must be an integer and is set to <invalid>\./) }.to raise_error(Puppet::Error,/ssh::sshd_client_alive_count_max must be an integer and is set to <invalid>\./)
end end
end end
@ -1866,7 +1874,7 @@ describe 'ssh' do
it 'should fail' do it 'should fail' do
expect { expect {
should contain_class('ssh') should contain_class('ssh')
}.to raise_error(Puppet::Error,/^ssh::sshd_config_strictmodes may be either \'yes\' or \'no\' and is set to <invalid>\./) }.to raise_error(Puppet::Error,/ssh::sshd_config_strictmodes may be either \'yes\' or \'no\' and is set to <invalid>\./)
end end
end end
@ -1882,7 +1890,7 @@ describe 'ssh' do
it 'should fail' do it 'should fail' do
expect { expect {
should contain_class('ssh') should contain_class('ssh')
}.to raise_error(Puppet::Error,/^"invalid\/path" is not an absolute path/) }.to raise_error(Puppet::Error,/"invalid\/path" is not an absolute path/)
end end
end end
@ -1898,7 +1906,7 @@ describe 'ssh' do
it 'should fail' do it 'should fail' do
expect { expect {
should contain_class('ssh') should contain_class('ssh')
}.to raise_error(Puppet::Error,/^\["invalid", "type"\] is not a string/) }.to raise_error(Puppet::Error,/\["invalid", "type"\] is not a string/)
end end
end end
@ -1914,7 +1922,7 @@ describe 'ssh' do
it 'should fail' do it 'should fail' do
expect { expect {
should contain_class('ssh') should contain_class('ssh')
}.to raise_error(Puppet::Error,/^ssh::sshd_config_banner must be set to be able to use sshd_banner_content\./) }.to raise_error(Puppet::Error,/ssh::sshd_config_banner must be set to be able to use sshd_banner_content\./)
end end
end end
@ -1931,7 +1939,7 @@ describe 'ssh' do
it 'should fail' do it 'should fail' do
expect { expect {
should contain_class('ssh') should contain_class('ssh')
}.to raise_error(Puppet::Error,/^ssh::ssh_config_sendenv_xmodifiers type must be true or false\./) }.to raise_error(Puppet::Error,/ssh::ssh_config_sendenv_xmodifiers type must be true or false\./)
end end
end end
@ -2050,12 +2058,15 @@ describe 'ssh' do
let(:params) { { :hiera_merge => ['not_a_boolean','or_a_string'] } } let(:params) { { :hiera_merge => ['not_a_boolean','or_a_string'] } }
let(:facts) do let(:facts) do
{ :osfamily => 'RedHat', { :osfamily => 'RedHat',
:fqdn => 'hieramerge.example.com',
:lsbmajdistrelease => '6', :lsbmajdistrelease => '6',
} }
end end
it 'should fail' do it 'should fail' do
expect { should raise_error(Puppet::Error) } expect {
should contain_class('ssh')
}.to raise_error(Puppet::Error)
end end
end end
@ -2068,7 +2079,9 @@ describe 'ssh' do
end end
it 'should fail' do it 'should fail' do
expect { should raise_error(Puppet::Error,/^ssh::hiera_merge may be either 'true' or 'false' and is set to <invalid_string>./) } expect {
should contain_class('ssh')
}.to raise_error(Puppet::Error,/ssh::hiera_merge may be either 'true' or 'false' and is set to <invalid_string>./)
end end
end end
@ -2077,6 +2090,7 @@ describe 'ssh' do
let(:params) { { :hiera_merge => value } } let(:params) { { :hiera_merge => value } }
let(:facts) do let(:facts) do
{ :osfamily => 'RedHat', { :osfamily => 'RedHat',
:fqdn => 'hieramerge.example.com',
:lsbmajdistrelease => '6', :lsbmajdistrelease => '6',
} }
end end
@ -2084,6 +2098,12 @@ describe 'ssh' do
it { should compile.with_all_deps } it { should compile.with_all_deps }
it { should contain_class('ssh') } it { should contain_class('ssh') }
it { should contain_file('sshd_config').with_content(/^\s*DenyUsers denyuser_from_fqdn denyuser_from_common/) }
it { should contain_file('sshd_config').with_content(/^\s*DenyGroups denygroup_from_fqdn denygroup_from_common/) }
it { should contain_file('sshd_config').with_content(/^\s*AllowUsers allowuser_from_fqdn allowuser_from_common/) }
it { should contain_file('sshd_config').with_content(/^\s*AllowGroups allowgroup_from_fqdn allowgroup_from_common/) }
end end
end end
@ -2136,7 +2156,9 @@ describe 'ssh' do
end end
it 'should fail' do it 'should fail' do
expect { should raise_error(Puppet::Error,/^is not an absolute path/) } expect {
should contain_class('ssh')
}.to raise_error(Puppet::Error,/is not an absolute path/)
end end
end end
end end
@ -2164,7 +2186,9 @@ describe 'ssh' do
end end
it 'should fail' do it 'should fail' do
expect { should raise_error(Puppet::Error,/^is not an absolute path/) } expect {
should contain_class('ssh')
}.to raise_error(Puppet::Error,/is not an absolute path/)
end end
end end
@ -2178,7 +2202,9 @@ describe 'ssh' do
end end
it 'should fail' do it 'should fail' do
expect { should raise_error(Puppet::Error) } expect {
should contain_class('ssh')
}.to raise_error(Puppet::Error)
end end
end end
end end
@ -2216,7 +2242,9 @@ describe 'ssh' do
end end
it 'should fail' do it 'should fail' do
expect { should raise_error(Puppet::Error,/^is not an absolute path/) } expect {
should contain_class('ssh')
}.to raise_error(Puppet::Error,/is not an absolute path/)
end end
end end
@ -2231,7 +2259,9 @@ describe 'ssh' do
end end
it 'should fail' do it 'should fail' do
expect { should raise_error(Puppet::Error) } expect {
should contain_class('ssh')
}.to raise_error(Puppet::Error)
end end
end end
end end
@ -2274,7 +2304,9 @@ describe 'ssh' do
end end
it 'should fail' do it 'should fail' do
expect { should raise_error(Puppet::Error,/^ssh::ssh_config_forward_x11_trusted may be either 'yes' or 'no' and is set to <#{value}>./) } expect {
should contain_class('ssh')
}.to raise_error(Puppet::Error,/ssh::ssh_config_forward_x11_trusted may be either 'yes' or 'no' and is set to <#{value}>\./)
end end
end end
end end
@ -2307,7 +2339,9 @@ describe 'ssh' do
end end
it 'should fail' do it 'should fail' do
expect { should raise_error(Puppet::Error,/^ssh::sshd_gssapidelegatecredentials may be either 'yes' or 'no' and is set to <#{value}>./) } expect {
should contain_class('ssh')
}.to raise_error(Puppet::Error,/ssh::ssh_gssapidelegatecredentials may be either 'yes' or 'no' and is set to <#{value}>\./)
end end
end end
end end
@ -2335,12 +2369,14 @@ describe 'ssh' do
if value.is_a?(Array) if value.is_a?(Array)
value = value.join value = value.join
elsif value.is_a?(Hash)
value = '{ha => sh}'
end end
it do it 'should fail' do
expect { expect {
should contain_class('ssh') should contain_class('ssh')
}.to raise_error(Puppet::Error,/^ssh::ssh_gssapiauthentication may be either 'yes' or 'no' and is set to <#{value.to_s}>\./) }.to raise_error(Puppet::Error,/ssh::ssh_gssapiauthentication may be either 'yes' or 'no' and is set to <#{Regexp.escape(value.to_s)}>\./)
end end
end end
end end
@ -2365,14 +2401,17 @@ describe 'ssh' do
['YES',true,2.42,['array'],a = { 'ha' => 'sh' }].each do |value| ['YES',true,2.42,['array'],a = { 'ha' => 'sh' }].each do |value|
context "specified as invalid value #{value} (as #{value.class})" do context "specified as invalid value #{value} (as #{value.class})" do
let(:params) { { :sshd_gssapiauthentication => value } } let(:params) { { :sshd_gssapiauthentication => value } }
if value.is_a?(Array) if value.is_a?(Array)
value = value.join value = value.join
elsif value.is_a?(Hash)
value = '{ha => sh}'
end end
it do it 'should fail' do
expect { expect {
should contain_class('ssh') should contain_class('ssh')
}.to raise_error(Puppet::Error,/^ssh::sshd_gssapiauthentication may be either 'yes' or 'no' and is set to <#{value}>\./) }.to raise_error(Puppet::Error,/ssh::sshd_gssapiauthentication may be either 'yes' or 'no' and is set to <#{Regexp.escape(value.to_s)}>\./)
end end
end end
end end
@ -2415,7 +2454,9 @@ describe 'ssh' do
end end
it 'should fail' do it 'should fail' do
expect { should raise_error(Puppet::Error,/^ssh::sshd_gssapikeyexchange may be either 'yes' or 'no' and is set to <#{value}>./) } expect {
should contain_class('ssh')
}.to raise_error(Puppet::Error,/ssh::sshd_gssapikeyexchange may be either 'yes' or 'no' and is set to <#{value}>\./)
end end
end end
end end
@ -2458,7 +2499,9 @@ describe 'ssh' do
end end
it 'should fail' do it 'should fail' do
expect { should raise_error(Puppet::Error,/^ssh::sshd_pamauthenticationviakbdint may be either 'yes' or 'no' and is set to <#{value}>./) } expect {
should contain_class('ssh')
}.to raise_error(Puppet::Error,/ssh::sshd_pamauthenticationviakbdint may be either 'yes' or 'no' and is set to <#{value}>\./)
end end
end end
end end
@ -2502,7 +2545,9 @@ describe 'ssh' do
end end
it 'should fail' do it 'should fail' do
expect { should raise_error(Puppet::Error,/^ssh::sshd_gssapicleanupcredentials may be either 'yes' or 'no' and is set to <#{value}>./) } expect {
should contain_class('ssh')
}.to raise_error(Puppet::Error,/ssh::sshd_gssapicleanupcredentials may be either 'yes' or 'no' and is set to <#{value}>\./)
end end
end end
end end
@ -2548,7 +2593,9 @@ describe 'ssh' do
end end
it 'should fail' do it 'should fail' do
expect { should raise_error(Puppet::Error,/^ssh::ssh_sendenv may be either 'true' or 'false' and is set to <invalid>./) } expect {
should contain_class('ssh')
}.to raise_error(Puppet::Error,/ssh::ssh_sendenv may be either 'true' or 'false' and is set to <invalid>\./)
end end
end end
@ -2562,7 +2609,9 @@ describe 'ssh' do
end end
it 'should fail' do it 'should fail' do
expect { should raise_error(Puppet::Error,/^ssh::ssh_sendenv type must be true or false./) } expect {
should contain_class('ssh')
}.to raise_error(Puppet::Error,/ssh::ssh_sendenv type must be true or false\./)
end end
end end
end end
@ -2595,7 +2644,7 @@ describe 'ssh' do
it 'should fail' do it 'should fail' do
expect { expect {
should contain_class('ssh') should contain_class('ssh')
}.to raise_error(Puppet::Error,/^ssh::sshd_config_maxstartups may be either an integer or three integers separated with colons, such as 10:30:100. Detected value is <#{value}>./) }.to raise_error(Puppet::Error,/ssh::sshd_config_maxstartups may be either an integer or three integers separated with colons, such as 10:30:100\. Detected value is <#{value}>\./)
end end
end end
end end
@ -2609,7 +2658,9 @@ describe 'ssh' do
} }
end end
it 'should fail' do it 'should fail' do
expect { should contain_class('ssh') }.to raise_error(Puppet::Error) expect {
should contain_class('ssh')
}.to raise_error(Puppet::Error)
end end
end end
end end
@ -2635,7 +2686,9 @@ describe 'ssh' do
} }
end end
it 'should fail' do it 'should fail' do
expect { should contain_class('ssh') }.to raise_error(Puppet::Error) expect {
should contain_class('ssh')
}.to raise_error(Puppet::Error)
end end
end end
end end
@ -2679,7 +2732,9 @@ describe 'ssh' do
end end
it 'should fail' do it 'should fail' do
expect { should raise_error(Puppet::Error,/^ssh::sshd_acceptenv may be either 'true' or 'false' and is set to <invalid>./) } expect {
should contain_class('ssh')
}.to raise_error(Puppet::Error,/ssh::sshd_acceptenv may be either 'true' or 'false' and is set to <invalid>\./)
end end
end end
@ -2693,7 +2748,9 @@ describe 'ssh' do
end end
it 'should fail' do it 'should fail' do
expect { should raise_error(Puppet::Error,/^ssh::sshd_acceptenv type must be true or false./) } expect {
should contain_class('ssh')
}.to raise_error(Puppet::Error,/ssh::sshd_acceptenv type must be true or false\./)
end end
end end
end end
@ -2732,7 +2789,9 @@ describe 'ssh' do
end end
it 'should fail' do it 'should fail' do
expect { should raise_error(Puppet::Error,/^ssh::service_hasstatus must be 'true' or 'false' and is set to <invalid>./) } expect {
should contain_class('ssh')
}.to raise_error(Puppet::Error,/ssh::service_hasstatus must be 'true' or 'false' and is set to <invalid>\./)
end end
end end
@ -2746,7 +2805,9 @@ describe 'ssh' do
end end
it 'should fail' do it 'should fail' do
expect { should raise_error(Puppet::Error,/^ssh::service_hasstatus must be true or false./) } expect {
should contain_class('ssh')
}.to raise_error(Puppet::Error,/ssh::service_hasstatus must be true or false\./)
end end
end end
end end
@ -2783,15 +2844,15 @@ describe 'ssh' do
} }
end end
it do it 'should fail' do
expect { expect {
should contain_class('ssh') should contain_class('ssh')
}.to raise_error(Puppet::Error,/^\"invalid\/path\" is not an absolute path./) }.to raise_error(Puppet::Error,/\"invalid\/path\" is not an absolute path\./)
end end
end end
context 'specified as an invalid type' do context 'specified as an invalid type' do
let(:params) { { :ssh_config_global_known_hosts_file => ['invalid','type'] } } let(:params) { { :ssh_config_global_known_hosts_file => { 'invalid' => 'type'} } }
let(:facts) do let(:facts) do
{ :fqdn => 'monkey.example.com', { :fqdn => 'monkey.example.com',
:osfamily => 'RedHat', :osfamily => 'RedHat',
@ -2799,10 +2860,10 @@ describe 'ssh' do
} }
end end
it do it 'should fail' do
expect { expect {
should contain_class('ssh') should contain_class('ssh')
}.to raise_error(Puppet::Error,/^\[\"invalid\", \"type\"\] is not an absolute path./) }.to raise_error(Puppet::Error,/is not an absolute path/)
end end
end end
end end
@ -2837,10 +2898,10 @@ describe 'ssh' do
} }
end end
it do it 'should fail' do
expect { expect {
should contain_class('ssh') should contain_class('ssh')
}.to raise_error(Puppet::Error,/^\[\"invalid\", \"type\"\] is not a string. It looks to be a Array/) }.to raise_error(Puppet::Error,/\[\"invalid\", \"type\"\] is not a string\. It looks to be a Array/)
end end
end end
end end
@ -2875,10 +2936,10 @@ describe 'ssh' do
} }
end end
it do it 'should fail' do
expect { expect {
should contain_class('ssh') should contain_class('ssh')
}.to raise_error(Puppet::Error,/^\[\"invalid\", \"type\"\] is not a string. It looks to be a Array/) }.to raise_error(Puppet::Error,/\[\"invalid\", \"type\"\] is not a string\. It looks to be a Array/)
end end
end end
end end
@ -2914,10 +2975,10 @@ describe 'ssh' do
} }
end end
it do it 'should fail' do
expect { expect {
should contain_class('ssh') should contain_class('ssh')
}.to raise_error(Puppet::Error,/^ssh::ssh_config_global_known_hosts_mode must be a valid 4 digit mode in octal notation. Detected value is <#{value}>./) }.to raise_error(Puppet::Error,/ssh::ssh_config_global_known_hosts_mode must be a valid 4 digit mode in octal notation\. Detected value is <#{value}>\./)
end end
end end
end end
@ -2931,10 +2992,10 @@ describe 'ssh' do
} }
end end
it do it 'should fail' do
expect { expect {
should contain_class('ssh') should contain_class('ssh')
}.to raise_error(Puppet::Error,/^ssh::ssh_config_global_known_hosts_mode must be a valid 4 digit mode in octal notation. Detected value is <invalidtype>./) }.to raise_error(Puppet::Error,/ssh::ssh_config_global_known_hosts_mode must be a valid 4 digit mode in octal notation\. Detected value is <[\[]?invalid.*type[\]]?/)
end end
end end
end end
@ -2944,7 +3005,9 @@ describe 'ssh' do
let(:params) { { :ssh_key_import => ['not_a_boolean','or_a_string'] } } let(:params) { { :ssh_key_import => ['not_a_boolean','or_a_string'] } }
it 'should fail' do it 'should fail' do
expect { should raise_error(Puppet::Error) } expect {
should contain_class('ssh')
}.to raise_error(Puppet::Error)
end end
end end
@ -2957,7 +3020,9 @@ describe 'ssh' do
end end
it 'should fail' do it 'should fail' do
expect { should raise_error(Puppet::Error,/^ssh::ssh_key_import may be either 'true' or 'false' and is set to <invalid_string>./) } expect {
should contain_class('ssh')
}.to raise_error(Puppet::Error,/ssh::ssh_key_import may be either 'true' or 'false' and is set to <invalid_string>\./)
end end
end end
@ -3028,7 +3093,7 @@ describe 'ssh' do
it do it do
expect { expect {
should contain_class('ssh') should contain_class('ssh')
}.to raise_error(Puppet::Error,/ssh::sshd_hostbasedauthentication may be either 'yes' or 'no' and is set to <#{value}>\./) }.to raise_error(Puppet::Error,/ssh::sshd_hostbasedauthentication may be either 'yes' or 'no' and is set to/)
end end
end end
end end
@ -3060,7 +3125,7 @@ describe 'ssh' do
it do it do
expect { expect {
should contain_class('ssh') should contain_class('ssh')
}.to raise_error(Puppet::Error,/ssh::sshd_ignoreuserknownhosts may be either 'yes' or 'no' and is set to <#{value}>\./) }.to raise_error(Puppet::Error,/ssh::sshd_ignoreuserknownhosts may be either 'yes' or 'no' and is set to/)
end end
end end
end end
@ -3092,7 +3157,7 @@ describe 'ssh' do
it do it do
expect { expect {
should contain_class('ssh') should contain_class('ssh')
}.to raise_error(Puppet::Error,/ssh::sshd_ignorerhosts may be either 'yes' or 'no' and is set to <#{value}>\./) }.to raise_error(Puppet::Error,/ssh::sshd_ignorerhosts may be either 'yes' or 'no' and is set to/)
end end
end end
end end

8
spec/fixtures/hiera/hiera.yaml vendored Normal file
View File

@ -0,0 +1,8 @@
---
:backends:
- yaml
:yaml:
:datadir: 'spec/fixtures/hiera/hieradata'
:hierarchy:
- fqdn/%{fqdn}
- common

9
spec/fixtures/hiera/hieradata/common.yaml vendored Normal file
View File

@ -0,0 +1,9 @@
---
ssh::sshd_config_allowgroups:
- allowgroup_from_common
ssh::sshd_config_allowusers:
- allowuser_from_common
ssh::sshd_config_denygroups:
- denygroup_from_common
ssh::sshd_config_denyusers:
- denyuser_from_common

9
spec/fixtures/hiera/hieradata/fqdn/hieramerge.example.com.yaml vendored Normal file
View File

@ -0,0 +1,9 @@
---
ssh::sshd_config_allowgroups:
- allowgroup_from_fqdn
ssh::sshd_config_allowusers:
- allowuser_from_fqdn
ssh::sshd_config_denygroups:
- denygroup_from_fqdn
ssh::sshd_config_denyusers:
- denyuser_from_fqdn

5
spec/fixtures/hiera/hieradata/fqdn/monkey.example.com.yaml vendored Normal file
View File

@ -0,0 +1,5 @@
---
ssh::sshd_config_allowgroups:
ssh::sshd_config_allowusers:
ssh::sshd_config_denygroups:
ssh::sshd_config_denyusers:

14
spec/spec_helper.rb
View File

@ -1 +1,15 @@
require 'puppetlabs_spec_helper/module_spec_helper' require 'puppetlabs_spec_helper/module_spec_helper'
RSpec.configure do |config|
config.hiera_config = 'spec/fixtures/hiera/hiera.yaml'
config.before :each do
# Ensure that we don't accidentally cache facts and environment between
# test cases. This requires each example group to explicitly load the
# facts being exercised with something like
# Facter.collection.loader.load(:ipaddress)
Facter.clear
Facter.clear_messages
Puppet[:parser] = 'future' if ENV['FUTURE_PARSER'] == 'yes'
end
end

12
templates/sshd_config.erb
View File

@ -164,12 +164,12 @@ UseDNS <%= @sshd_config_use_dns_real %>
<% end -%> <% end -%>
#PidFile /var/run/sshd.pid #PidFile /var/run/sshd.pid
<% if @sshd_config_maxstartups -%> <% if @sshd_config_maxstartups -%>
MaxStartups <%= sshd_config_maxstartups %> MaxStartups <%= @sshd_config_maxstartups %>
<% else -%> <% else -%>
#MaxStartups 10:30:100 #MaxStartups 10:30:100
<% end -%> <% end -%>
<% if @sshd_config_maxsessions -%> <% if @sshd_config_maxsessions -%>
MaxSessions <%= sshd_config_maxsessions %> MaxSessions <%= @sshd_config_maxsessions %>
<% else -%> <% else -%>
#MaxSessions 10 #MaxSessions 10
<% end -%> <% end -%>
@ -200,16 +200,16 @@ Ciphers <%= @sshd_config_ciphers.join(',') %>
<% if @sshd_config_macs -%> <% if @sshd_config_macs -%>
MACs <%= @sshd_config_macs.join(',') %> MACs <%= @sshd_config_macs.join(',') %>
<% end -%> <% end -%>
<% if @sshd_config_denyusers -%> <% if @sshd_config_denyusers_real -%>
DenyUsers <%= @sshd_config_denyusers_real.join(' ') %> DenyUsers <%= @sshd_config_denyusers_real.join(' ') %>
<% end -%> <% end -%>
<% if @sshd_config_denygroups -%> <% if @sshd_config_denygroups_real -%>
DenyGroups <%= @sshd_config_denygroups_real.join(' ') %> DenyGroups <%= @sshd_config_denygroups_real.join(' ') %>
<% end -%> <% end -%>
<% if @sshd_config_allowusers -%> <% if @sshd_config_allowusers_real -%>
AllowUsers <%= @sshd_config_allowusers_real.join(' ') %> AllowUsers <%= @sshd_config_allowusers_real.join(' ') %>
<% end -%> <% end -%>
<% if @sshd_config_allowgroups -%> <% if @sshd_config_allowgroups_real -%>
AllowGroups <%= @sshd_config_allowgroups_real.join(' ') %> AllowGroups <%= @sshd_config_allowgroups_real.join(' ') %>
<% end -%> <% end -%>
<% if @sshd_config_match -%> <% if @sshd_config_match -%>