Fix failing spec tests and get Puppet v4 working
diff --git a/.fixtures.yml b/.fixtures.yml index ca09122..739ef34 100644 --- a/.fixtures.yml +++ b/.fixtures.yml
@@ -5,7 +5,7 @@ ref: '4.6.0' common: repo: 'git://github.com/ghoneycutt/puppet-module-common.git' - ref: 'v1.0.2' + ref: 'v1.3.0' firewall: repo: 'git://github.com/puppetlabs/puppetlabs-firewall.git' ref: '0.2.1'
diff --git a/.gitignore b/.gitignore index 903208a..c99a45f 100644 --- a/.gitignore +++ b/.gitignore
@@ -26,6 +26,6 @@ # Puppet coverage/ +spec/fixtures/manifests/* spec/fixtures/modules/* Gemfile.lock -spec/fixtures/
diff --git a/.travis.yml b/.travis.yml index 64f8e33..f052dcc 100644 --- a/.travis.yml +++ b/.travis.yml
@@ -13,12 +13,15 @@ - PUPPET_GEM_VERSION="~> 3.2.0" - PUPPET_GEM_VERSION="~> 3.3.0" - PUPPET_GEM_VERSION="~> 3.4.0" - - PUPPET_GEM_VERSION="~> 3.5.1" + - PUPPET_GEM_VERSION="~> 3.5.0" - PUPPET_GEM_VERSION="~> 3.6.0" - PUPPET_GEM_VERSION="~> 3.7.0" - - PUPPET_GEM_VERSION="~> 3.7.0" FUTURE_PARSER="yes" + - PUPPET_GEM_VERSION="~> 3.8.0" + - PUPPET_GEM_VERSION="~> 3" PARSER="future" - PUPPET_GEM_VERSION="~> 4.0.0" - + - PUPPET_GEM_VERSION="~> 4.1.0" + - PUPPET_GEM_VERSION="~> 4.2.0" + - PUPPET_GEM_VERSION="~> 4" sudo: false @@ -29,8 +32,6 @@ matrix: fast_finish: true exclude: - - rvm: 1.8.7 - env: PUPPET_GEM_VERSION="~> 4.0.0" - rvm: 2.0.0 env: PUPPET_GEM_VERSION="~> 3.1.0" - rvm: 2.1.0 @@ -41,6 +42,14 @@ env: PUPPET_GEM_VERSION="~> 3.3.0" - rvm: 2.1.0 env: PUPPET_GEM_VERSION="~> 3.4.0" + - rvm: 1.8.7 + env: PUPPET_GEM_VERSION="~> 4.0.0" + - rvm: 1.8.7 + env: PUPPET_GEM_VERSION="~> 4.1.0" + - rvm: 1.8.7 + env: PUPPET_GEM_VERSION="~> 4.2.0" + - rvm: 1.8.7 + env: PUPPET_GEM_VERSION="~> 4" notifications: email: false
diff --git a/manifests/init.pp b/manifests/init.pp index b903607..d1b5909 100644 --- a/manifests/init.pp +++ b/manifests/init.pp
@@ -258,12 +258,20 @@ $sshd_config_xauth_location_real = $sshd_config_xauth_location } + if $sshd_config_xauth_location_real != undef { + validate_absolute_path($sshd_config_xauth_location_real) + } + if $ssh_package_source == 'USE_DEFAULTS' { $ssh_package_source_real = $default_ssh_package_source } else { $ssh_package_source_real = $ssh_package_source } + if $ssh_package_source_real != undef { + validate_absolute_path($ssh_package_source_real) + } + if $ssh_package_adminfile == 'USE_DEFAULTS' { $ssh_package_adminfile_real = $default_ssh_package_adminfile } else { @@ -579,20 +587,20 @@ $sshd_config_allowusers_real = $sshd_config_allowusers } - if $real_sshd_config_denyusers != undef { - validate_array($real_sshd_config_denyusers) + if $sshd_config_denyusers_real != undef { + validate_array($sshd_config_denyusers_real) } - if $real_sshd_config_denygroups != undef { - validate_array($real_sshd_config_denygroups) + if $sshd_config_denygroups_real != undef { + validate_array($sshd_config_denygroups_real) } - if $real_sshd_config_allowusers != undef { - validate_array($real_sshd_config_allowusers) + if $sshd_config_allowusers_real != undef { + validate_array($sshd_config_allowusers_real) } - if $real_sshd_config_allowgroups != undef { - validate_array($real_sshd_config_allowgroups) + if $sshd_config_allowgroups_real != undef { + validate_array($sshd_config_allowgroups_real) } package { $packages_real:
diff --git a/metadata.json b/metadata.json index 1a47504..cce204e 100644 --- a/metadata.json +++ b/metadata.json
@@ -80,7 +80,7 @@ "description": "Manage SSH", "dependencies": [ {"name":"puppetlabs/stdlib","version_requirement":">= 4.6.0 < 6.0.0"}, - {"name":"ghoneycutt/common","version_requirement":">= 1.0.2 < 2.0.0"}, + {"name":"ghoneycutt/common","version_requirement":">= 1.3.0 < 2.0.0"}, {"name":"puppetlabs/firewall","version_requirement":">= 0.2.1 < 2.0.0"} ] }
diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index 816a9b0..368fc2b 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb
@@ -145,7 +145,7 @@ it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh module supports Solaris kernel release 5.9, 5.10 and 5.11./) + }.to raise_error(Puppet::Error,/ssh module supports Solaris kernel release 5\.9, 5\.10 and 5\.11\./) end end @@ -894,7 +894,7 @@ it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh supports osfamilies RedHat, Suse, Debian and Solaris. Detected osfamily is <C64>\./) + }.to raise_error(Puppet::Error,/ssh supports osfamilies RedHat, Suse, Debian and Solaris\. Detected osfamily is <C64>\./) end end @@ -1113,7 +1113,7 @@ it 'should fail' do expect { - should + should contain_class('ssh') }.to raise_error(Puppet::Error, /is not an absolute path/) end end @@ -1144,7 +1144,7 @@ it 'should fail' do expect { - should + should contain_class('ssh') }.to raise_error(Puppet::Error, /is not a string/) end end @@ -1180,7 +1180,7 @@ let (:params) {{'sshd_config_match' => value }} it 'should fail' do expect { - should + should contain_class('ssh') }.to raise_error(Puppet::Error, /is not a Hash/) end end @@ -1243,7 +1243,9 @@ let (:params) {{'sshd_listen_address' => true }} it 'should fail' do - expect { subject }.to raise_error(Puppet::Error) + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error) end end end @@ -1260,7 +1262,9 @@ end let (:params) {{'sshd_config_loglevel' => 'BOGON'}} it 'should fail' do - expect { subject }.to raise_error(Puppet::Error, /"BOGON" does not match/) + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error, /"BOGON" does not match/) end end ['QUIET', 'FATAL', 'ERROR', 'INFO', 'VERBOSE'].each do |supported_val| @@ -1292,7 +1296,9 @@ end let (:params) {{'ssh_config_template' => false}} it 'should fail' do - expect { subject }.to raise_error(Puppet::Error, /is not a string/) + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error, /is not a string/) end end context 'and that value is valid' do @@ -1323,7 +1329,9 @@ end let (:params) {{'sshd_config_template' => false}} it 'should fail' do - expect { subject }.to raise_error(Puppet::Error, /is not a string/) + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error, /is not a string/) end end context 'and that value is valid' do @@ -1438,7 +1446,7 @@ it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::ssh_config_hash_known_hosts may be either \'yes\' or \'no\' and is set to <invalid>./) + }.to raise_error(Puppet::Error,/ssh::ssh_config_hash_known_hosts may be either \'yes\' or \'no\' and is set to <invalid>\./) end end @@ -1577,7 +1585,7 @@ it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::sshd_config_port must be a valid number and is set to <22invalid>\./) + }.to raise_error(Puppet::Error,/ssh::sshd_config_port must be a valid number and is set to <22invalid>\./) end end @@ -1597,7 +1605,7 @@ it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::manage_root_ssh_config is <invalid> and must be \'true\' or \'false\'\./) + }.to raise_error(Puppet::Error,/ssh::manage_root_ssh_config is <invalid> and must be \'true\' or \'false\'\./) end end @@ -1616,7 +1624,7 @@ it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::sshd_password_authentication may be either \'yes\' or \'no\' and is set to <invalid>\./) + }.to raise_error(Puppet::Error,/ssh::sshd_password_authentication may be either \'yes\' or \'no\' and is set to <invalid>\./) end end @@ -1635,7 +1643,7 @@ it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::sshd_allow_tcp_forwarding may be either \'yes\' or \'no\' and is set to <invalid>\./) + }.to raise_error(Puppet::Error,/ssh::sshd_allow_tcp_forwarding may be either \'yes\' or \'no\' and is set to <invalid>\./) end end @@ -1654,7 +1662,7 @@ it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::sshd_x11_forwarding may be either \'yes\' or \'no\' and is set to <invalid>\./) + }.to raise_error(Puppet::Error,/ssh::sshd_x11_forwarding may be either \'yes\' or \'no\' and is set to <invalid>\./) end end @@ -1673,7 +1681,7 @@ it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::sshd_use_pam may be either \'yes\' or \'no\' and is set to <invalid>\./) + }.to raise_error(Puppet::Error,/ssh::sshd_use_pam may be either \'yes\' or \'no\' and is set to <invalid>\./) end end @@ -1692,7 +1700,7 @@ it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::sshd_config_serverkeybits must be an integer and is set to <invalid>\./) + }.to raise_error(Puppet::Error,/ssh::sshd_config_serverkeybits must be an integer and is set to <invalid>\./) end end @@ -1711,7 +1719,7 @@ it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::sshd_client_alive_interval must be an integer and is set to <invalid>\./) + }.to raise_error(Puppet::Error,/ssh::sshd_client_alive_interval must be an integer and is set to <invalid>\./) end end @@ -1730,7 +1738,7 @@ it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::sshd_client_alive_count_max must be an integer and is set to <invalid>\./) + }.to raise_error(Puppet::Error,/ssh::sshd_client_alive_count_max must be an integer and is set to <invalid>\./) end end @@ -1814,7 +1822,7 @@ it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::sshd_config_strictmodes may be either \'yes\' or \'no\' and is set to <invalid>\./) + }.to raise_error(Puppet::Error,/ssh::sshd_config_strictmodes may be either \'yes\' or \'no\' and is set to <invalid>\./) end end @@ -1830,7 +1838,7 @@ it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^"invalid\/path" is not an absolute path/) + }.to raise_error(Puppet::Error,/"invalid\/path" is not an absolute path/) end end @@ -1846,7 +1854,7 @@ it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^\["invalid", "type"\] is not a string/) + }.to raise_error(Puppet::Error,/\["invalid", "type"\] is not a string/) end end @@ -1862,7 +1870,7 @@ it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::sshd_config_banner must be set to be able to use sshd_banner_content\./) + }.to raise_error(Puppet::Error,/ssh::sshd_config_banner must be set to be able to use sshd_banner_content\./) end end @@ -1879,7 +1887,7 @@ it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::ssh_config_sendenv_xmodifiers type must be true or false\./) + }.to raise_error(Puppet::Error,/ssh::ssh_config_sendenv_xmodifiers type must be true or false\./) end end @@ -1998,12 +2006,15 @@ let(:params) { { :hiera_merge => ['not_a_boolean','or_a_string'] } } let(:facts) do { :osfamily => 'RedHat', + :fqdn => 'hieramerge.example.com', :lsbmajdistrelease => '6', } end it 'should fail' do - expect { should raise_error(Puppet::Error) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error) end end @@ -2016,7 +2027,9 @@ end it 'should fail' do - expect { should raise_error(Puppet::Error,/^ssh::hiera_merge may be either 'true' or 'false' and is set to <invalid_string>./) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/ssh::hiera_merge may be either 'true' or 'false' and is set to <invalid_string>./) end end @@ -2025,6 +2038,7 @@ let(:params) { { :hiera_merge => value } } let(:facts) do { :osfamily => 'RedHat', + :fqdn => 'hieramerge.example.com', :lsbmajdistrelease => '6', } end @@ -2032,6 +2046,12 @@ it { should compile.with_all_deps } it { should contain_class('ssh') } + + it { should contain_file('sshd_config').with_content(/^\s*DenyUsers denyuser_from_fqdn denyuser_from_common/) } + it { should contain_file('sshd_config').with_content(/^\s*DenyGroups denygroup_from_fqdn denygroup_from_common/) } + it { should contain_file('sshd_config').with_content(/^\s*AllowUsers allowuser_from_fqdn allowuser_from_common/) } + it { should contain_file('sshd_config').with_content(/^\s*AllowGroups allowgroup_from_fqdn allowgroup_from_common/) } + end end @@ -2084,7 +2104,9 @@ end it 'should fail' do - expect { should raise_error(Puppet::Error,/^is not an absolute path/) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/is not an absolute path/) end end end @@ -2112,7 +2134,9 @@ end it 'should fail' do - expect { should raise_error(Puppet::Error,/^is not an absolute path/) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/is not an absolute path/) end end @@ -2126,7 +2150,9 @@ end it 'should fail' do - expect { should raise_error(Puppet::Error) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error) end end end @@ -2164,7 +2190,9 @@ end it 'should fail' do - expect { should raise_error(Puppet::Error,/^is not an absolute path/) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/is not an absolute path/) end end @@ -2179,7 +2207,9 @@ end it 'should fail' do - expect { should raise_error(Puppet::Error) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error) end end end @@ -2222,7 +2252,9 @@ end it 'should fail' do - expect { should raise_error(Puppet::Error,/^ssh::ssh_config_forward_x11_trusted may be either 'yes' or 'no' and is set to <#{value}>./) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/ssh::ssh_config_forward_x11_trusted may be either 'yes' or 'no' and is set to <#{value}>\./) end end end @@ -2255,7 +2287,9 @@ end it 'should fail' do - expect { should raise_error(Puppet::Error,/^ssh::sshd_gssapidelegatecredentials may be either 'yes' or 'no' and is set to <#{value}>./) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/ssh::ssh_gssapidelegatecredentials may be either 'yes' or 'no' and is set to <#{value}>\./) end end end @@ -2283,12 +2317,14 @@ if value.is_a?(Array) value = value.join + elsif value.is_a?(Hash) + value = '{ha => sh}' end - it do + it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::ssh_gssapiauthentication may be either 'yes' or 'no' and is set to <#{value.to_s}>\./) + }.to raise_error(Puppet::Error,/ssh::ssh_gssapiauthentication may be either 'yes' or 'no' and is set to <#{Regexp.escape(value.to_s)}>\./) end end end @@ -2313,14 +2349,17 @@ ['YES',true,2.42,['array'],a = { 'ha' => 'sh' }].each do |value| context "specified as invalid value #{value} (as #{value.class})" do let(:params) { { :sshd_gssapiauthentication => value } } + if value.is_a?(Array) value = value.join + elsif value.is_a?(Hash) + value = '{ha => sh}' end - it do + it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::sshd_gssapiauthentication may be either 'yes' or 'no' and is set to <#{value}>\./) + }.to raise_error(Puppet::Error,/ssh::sshd_gssapiauthentication may be either 'yes' or 'no' and is set to <#{Regexp.escape(value.to_s)}>\./) end end end @@ -2363,7 +2402,9 @@ end it 'should fail' do - expect { should raise_error(Puppet::Error,/^ssh::sshd_gssapikeyexchange may be either 'yes' or 'no' and is set to <#{value}>./) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/ssh::sshd_gssapikeyexchange may be either 'yes' or 'no' and is set to <#{value}>\./) end end end @@ -2406,7 +2447,9 @@ end it 'should fail' do - expect { should raise_error(Puppet::Error,/^ssh::sshd_pamauthenticationviakbdint may be either 'yes' or 'no' and is set to <#{value}>./) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/ssh::sshd_pamauthenticationviakbdint may be either 'yes' or 'no' and is set to <#{value}>\./) end end end @@ -2450,7 +2493,9 @@ end it 'should fail' do - expect { should raise_error(Puppet::Error,/^ssh::sshd_gssapicleanupcredentials may be either 'yes' or 'no' and is set to <#{value}>./) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/ssh::sshd_gssapicleanupcredentials may be either 'yes' or 'no' and is set to <#{value}>\./) end end end @@ -2496,7 +2541,9 @@ end it 'should fail' do - expect { should raise_error(Puppet::Error,/^ssh::ssh_sendenv may be either 'true' or 'false' and is set to <invalid>./) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/ssh::ssh_sendenv may be either 'true' or 'false' and is set to <invalid>\./) end end @@ -2510,7 +2557,9 @@ end it 'should fail' do - expect { should raise_error(Puppet::Error,/^ssh::ssh_sendenv type must be true or false./) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/ssh::ssh_sendenv type must be true or false\./) end end end @@ -2543,7 +2592,7 @@ it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::sshd_config_maxstartups may be either an integer or three integers separated with colons, such as 10:30:100. Detected value is <#{value}>./) + }.to raise_error(Puppet::Error,/ssh::sshd_config_maxstartups may be either an integer or three integers separated with colons, such as 10:30:100\. Detected value is <#{value}>\./) end end end @@ -2557,7 +2606,9 @@ } end it 'should fail' do - expect { should contain_class('ssh') }.to raise_error(Puppet::Error) + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error) end end end @@ -2583,7 +2634,9 @@ } end it 'should fail' do - expect { should contain_class('ssh') }.to raise_error(Puppet::Error) + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error) end end end @@ -2627,7 +2680,9 @@ end it 'should fail' do - expect { should raise_error(Puppet::Error,/^ssh::sshd_acceptenv may be either 'true' or 'false' and is set to <invalid>./) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/ssh::sshd_acceptenv may be either 'true' or 'false' and is set to <invalid>\./) end end @@ -2641,7 +2696,9 @@ end it 'should fail' do - expect { should raise_error(Puppet::Error,/^ssh::sshd_acceptenv type must be true or false./) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/ssh::sshd_acceptenv type must be true or false\./) end end end @@ -2680,7 +2737,9 @@ end it 'should fail' do - expect { should raise_error(Puppet::Error,/^ssh::service_hasstatus must be 'true' or 'false' and is set to <invalid>./) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/ssh::service_hasstatus must be 'true' or 'false' and is set to <invalid>\./) end end @@ -2694,7 +2753,9 @@ end it 'should fail' do - expect { should raise_error(Puppet::Error,/^ssh::service_hasstatus must be true or false./) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/ssh::service_hasstatus must be true or false\./) end end end @@ -2731,10 +2792,10 @@ } end - it do + it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^\"invalid\/path\" is not an absolute path./) + }.to raise_error(Puppet::Error,/\"invalid\/path\" is not an absolute path\./) end end @@ -2747,7 +2808,7 @@ } end - it do + it 'should fail' do expect { should contain_class('ssh') }.to raise_error(Puppet::Error,/is not an absolute path/) @@ -2785,10 +2846,10 @@ } end - it do + it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^\[\"invalid\", \"type\"\] is not a string. It looks to be a Array/) + }.to raise_error(Puppet::Error,/\[\"invalid\", \"type\"\] is not a string\. It looks to be a Array/) end end end @@ -2823,10 +2884,10 @@ } end - it do + it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^\[\"invalid\", \"type\"\] is not a string. It looks to be a Array/) + }.to raise_error(Puppet::Error,/\[\"invalid\", \"type\"\] is not a string\. It looks to be a Array/) end end end @@ -2862,10 +2923,10 @@ } end - it do + it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::ssh_config_global_known_hosts_mode must be a valid 4 digit mode in octal notation. Detected value is <#{value}>./) + }.to raise_error(Puppet::Error,/ssh::ssh_config_global_known_hosts_mode must be a valid 4 digit mode in octal notation\. Detected value is <#{value}>\./) end end end @@ -2879,10 +2940,10 @@ } end - it do + it 'should fail' do expect { should contain_class('ssh') - }.to raise_error(Puppet::Error,/^ssh::ssh_config_global_known_hosts_mode must be a valid 4 digit mode in octal notation. Detected value is <invalidtype>./) + }.to raise_error(Puppet::Error,/ssh::ssh_config_global_known_hosts_mode must be a valid 4 digit mode in octal notation\. Detected value is <[\[]?invalid.*type[\]]?/) end end end @@ -2892,7 +2953,9 @@ let(:params) { { :ssh_key_import => ['not_a_boolean','or_a_string'] } } it 'should fail' do - expect { should raise_error(Puppet::Error) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error) end end @@ -2905,7 +2968,9 @@ end it 'should fail' do - expect { should raise_error(Puppet::Error,/^ssh::ssh_key_import may be either 'true' or 'false' and is set to <invalid_string>./) } + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/ssh::ssh_key_import may be either 'true' or 'false' and is set to <invalid_string>\./) end end
diff --git a/spec/fixtures/hiera/hiera.yaml b/spec/fixtures/hiera/hiera.yaml new file mode 100644 index 0000000..96ede91 --- /dev/null +++ b/spec/fixtures/hiera/hiera.yaml
@@ -0,0 +1,8 @@ +--- +:backends: + - yaml +:yaml: + :datadir: 'spec/fixtures/hiera/hieradata' +:hierarchy: + - fqdn/%{fqdn} + - common
diff --git a/spec/fixtures/hiera/hieradata/common.yaml b/spec/fixtures/hiera/hieradata/common.yaml new file mode 100644 index 0000000..e2d2cb9 --- /dev/null +++ b/spec/fixtures/hiera/hieradata/common.yaml
@@ -0,0 +1,9 @@ +--- +ssh::sshd_config_allowgroups: + - allowgroup_from_common +ssh::sshd_config_allowusers: + - allowuser_from_common +ssh::sshd_config_denygroups: + - denygroup_from_common +ssh::sshd_config_denyusers: + - denyuser_from_common
diff --git a/spec/fixtures/hiera/hieradata/fqdn/hieramerge.example.com.yaml b/spec/fixtures/hiera/hieradata/fqdn/hieramerge.example.com.yaml new file mode 100644 index 0000000..e8d0fc4 --- /dev/null +++ b/spec/fixtures/hiera/hieradata/fqdn/hieramerge.example.com.yaml
@@ -0,0 +1,9 @@ +--- +ssh::sshd_config_allowgroups: + - allowgroup_from_fqdn +ssh::sshd_config_allowusers: + - allowuser_from_fqdn +ssh::sshd_config_denygroups: + - denygroup_from_fqdn +ssh::sshd_config_denyusers: + - denyuser_from_fqdn
diff --git a/spec/fixtures/hiera/hieradata/fqdn/monkey.example.com.yaml b/spec/fixtures/hiera/hieradata/fqdn/monkey.example.com.yaml new file mode 100644 index 0000000..b30defc --- /dev/null +++ b/spec/fixtures/hiera/hieradata/fqdn/monkey.example.com.yaml
@@ -0,0 +1,5 @@ +--- +ssh::sshd_config_allowgroups: +ssh::sshd_config_allowusers: +ssh::sshd_config_denygroups: +ssh::sshd_config_denyusers:
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index e206822..05afdb2 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb
@@ -1,6 +1,7 @@ require 'puppetlabs_spec_helper/module_spec_helper' RSpec.configure do |config| + config.hiera_config = 'spec/fixtures/hiera/hiera.yaml' config.before :each do # Ensure that we don't accidentally cache facts and environment between # test cases. This requires each example group to explicitly load the
diff --git a/templates/sshd_config.erb b/templates/sshd_config.erb index 2e9b6c2..24ca3fa 100644 --- a/templates/sshd_config.erb +++ b/templates/sshd_config.erb
@@ -161,12 +161,12 @@ <% end -%> #PidFile /var/run/sshd.pid <% if @sshd_config_maxstartups -%> -MaxStartups <%= sshd_config_maxstartups %> +MaxStartups <%= @sshd_config_maxstartups %> <% else -%> #MaxStartups 10:30:100 <% end -%> <% if @sshd_config_maxsessions -%> -MaxSessions <%= sshd_config_maxsessions %> +MaxSessions <%= @sshd_config_maxsessions %> <% else -%> #MaxSessions 10 <% end -%> @@ -197,16 +197,16 @@ <% if @sshd_config_macs -%> MACs <%= @sshd_config_macs.join(',') %> <% end -%> -<% if @sshd_config_denyusers -%> +<% if @sshd_config_denyusers_real -%> DenyUsers <%= @sshd_config_denyusers_real.join(' ') %> <% end -%> -<% if @sshd_config_denygroups -%> +<% if @sshd_config_denygroups_real -%> DenyGroups <%= @sshd_config_denygroups_real.join(' ') %> <% end -%> -<% if @sshd_config_allowusers -%> +<% if @sshd_config_allowusers_real -%> AllowUsers <%= @sshd_config_allowusers_real.join(' ') %> <% end -%> -<% if @sshd_config_allowgroups -%> +<% if @sshd_config_allowgroups_real -%> AllowGroups <%= @sshd_config_allowgroups_real.join(' ') %> <% end -%> <% if @sshd_config_match -%>