diff options
-rw-r--r-- | .gitignore | 4 | ||||
-rw-r--r-- | .rspec | 4 | ||||
-rw-r--r-- | .travis.yml | 27 | ||||
-rw-r--r-- | Gemfile | 14 | ||||
-rw-r--r-- | Gemfile.lock | 116 | ||||
-rw-r--r-- | Modulefile | 10 | ||||
-rw-r--r-- | Puppetfile | 3 | ||||
-rw-r--r-- | Puppetfile.lock | 2 | ||||
-rw-r--r-- | README.md | 15 | ||||
-rw-r--r-- | Rakefile | 22 | ||||
-rw-r--r-- | spec/functions/ssh_keygen_spec.rb (renamed from spec/unit/parser/functions/ssh_keygen.rb) | 74 | ||||
-rw-r--r-- | spec/spec.opts | 6 | ||||
-rw-r--r-- | spec/spec_helper.rb | 29 | ||||
-rw-r--r-- | spec/spec_helper_system.rb | 24 |
14 files changed, 297 insertions, 53 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..5ebb01f --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +.librarian/* +.tmp/* +*.log +spec/fixtures/* @@ -0,0 +1,4 @@ +--format documentation +--color +--pattern "spec/*/*_spec.rb" +#--backtrace diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..7bd2a2b --- /dev/null +++ b/.travis.yml @@ -0,0 +1,27 @@ +before_install: + - gem update --system 2.1.11 + - gem --version +rvm: + - 1.8.7 + - 1.9.3 + - 2.0.0 +script: 'bundle exec rake spec' +env: + - PUPPET_VERSION="~> 2.7.0" + - PUPPET_VERSION="~> 3.0.0" + - PUPPET_VERSION="~> 3.1.0" + - PUPPET_VERSION="~> 3.2.0" + - PUPPET_VERSION="~> 3.3.0" + - PUPPET_VERSION="~> 3.4.0" +matrix: + exclude: + # No support for Ruby 1.9 before Puppet 2.7 + - rvm: 1.9.3 + env: PUPPET_VERSION=2.6.0 + # No support for Ruby 2.0 before Puppet 3.2 + - rvm: 2.0.0 + env: PUPPET_VERSION="~> 2.7.0" + - rvm: 2.0.0 + env: PUPPET_VERSION="~> 3.0.0" + - rvm: 2.0.0 + env: PUPPET_VERSION="~> 3.1.0" @@ -0,0 +1,14 @@ +source 'https://rubygems.org' + +group :development, :test do + gem 'puppet', '>= 2.7.0' + gem 'puppet-lint', '>=0.3.2' + gem 'puppetlabs_spec_helper', '>=0.2.0' + gem 'rake', '>=0.9.2.2' + gem 'librarian-puppet', '>=0.9.10' + gem 'rspec-system-puppet', :require => false + gem 'serverspec', :require => false + gem 'rspec-system-serverspec', :require => false + gem 'rspec-hiera-puppet' + gem 'rspec-puppet', :git => 'https://github.com/rodjek/rspec-puppet.git' +end
\ No newline at end of file diff --git a/Gemfile.lock b/Gemfile.lock new file mode 100644 index 0000000..0c2c58e --- /dev/null +++ b/Gemfile.lock @@ -0,0 +1,116 @@ +GIT + remote: https://github.com/rodjek/rspec-puppet.git + revision: c44381a240ec420d4ffda7bffc55ee4d9c08d682 + specs: + rspec-puppet (1.0.1) + rspec + +GEM + remote: https://rubygems.org/ + specs: + builder (3.2.2) + diff-lcs (1.2.5) + excon (0.31.0) + facter (1.7.4) + fog (1.19.0) + builder + excon (~> 0.31.0) + formatador (~> 0.2.0) + mime-types + multi_json (~> 1.0) + net-scp (~> 1.1) + net-ssh (>= 2.1.3) + nokogiri (~> 1.5) + ruby-hmac + formatador (0.2.4) + hiera (1.3.1) + json_pure + hiera-puppet (1.0.0) + hiera (~> 1.0) + highline (1.6.20) + json (1.8.1) + json_pure (1.8.1) + kwalify (0.7.2) + librarian-puppet (0.9.10) + json + thor (~> 0.15) + metaclass (0.0.2) + mime-types (1.25.1) + mocha (1.0.0) + metaclass (~> 0.0.1) + multi_json (1.8.4) + net-scp (1.1.2) + net-ssh (>= 2.6.5) + net-ssh (2.7.0) + nokogiri (1.5.11) + puppet (3.4.2) + facter (~> 1.6) + hiera (~> 1.0) + rgen (~> 0.6.5) + puppet-lint (0.3.2) + puppetlabs_spec_helper (0.4.1) + mocha (>= 0.10.5) + rake + rspec (>= 2.9.0) + rspec-puppet (>= 0.1.1) + rake (10.1.1) + rbvmomi (1.8.1) + builder + nokogiri (>= 1.4.1) + trollop + rgen (0.6.6) + rspec (2.14.1) + rspec-core (~> 2.14.0) + rspec-expectations (~> 2.14.0) + rspec-mocks (~> 2.14.0) + rspec-core (2.14.7) + rspec-expectations (2.14.4) + diff-lcs (>= 1.1.3, < 2.0) + rspec-hiera-puppet (1.0.0) + hiera (>= 1.0) + hiera-puppet (>= 1.0) + puppet (>= 3.0) + rspec + rspec-puppet + rspec-mocks (2.14.4) + rspec-system (2.8.0) + fog (~> 1.18) + kwalify (~> 0.7.2) + mime-types (~> 1.16) + net-scp (~> 1.1) + net-ssh (~> 2.7) + nokogiri (~> 1.5.10) + rbvmomi (~> 1.6) + rspec (~> 2.14) + systemu (~> 2.5) + rspec-system-puppet (2.2.1) + rspec-system (~> 2.0) + rspec-system-serverspec (2.0.1) + rspec-system (~> 2.0) + serverspec (~> 0.0) + specinfra (~> 0.0) + ruby-hmac (0.4.0) + serverspec (0.14.4) + highline + net-ssh + rspec (>= 2.13.0) + specinfra (>= 0.1.0) + specinfra (0.4.1) + systemu (2.6.0) + thor (0.18.1) + trollop (2.0) + +PLATFORMS + ruby + +DEPENDENCIES + librarian-puppet (>= 0.9.10) + puppet (>= 2.7.0) + puppet-lint (>= 0.3.2) + puppetlabs_spec_helper (>= 0.2.0) + rake (>= 0.9.2.2) + rspec-hiera-puppet + rspec-puppet! + rspec-system-puppet + rspec-system-serverspec + serverspec diff --git a/Modulefile b/Modulefile new file mode 100644 index 0000000..5954df4 --- /dev/null +++ b/Modulefile @@ -0,0 +1,10 @@ +name 'puppet-sshd' +version '0.1.0' +source 'https://github.com/duritong/puppet-sshd' +author 'duritong' +license 'Apache License, Version 2.0' +summary 'ssh daemon configuration' +description 'Manages sshd_config' +project_page 'https://github.com/duritong/puppet-sshd' + +#dependency 'puppetlabs/stdlib', '>= 0.1.6'
\ No newline at end of file diff --git a/Puppetfile b/Puppetfile new file mode 100644 index 0000000..113b12f --- /dev/null +++ b/Puppetfile @@ -0,0 +1,3 @@ +forge 'http://forge.puppetlabs.com' + +#mod 'puppetlabs/stdlib', '>=0.1.6'
\ No newline at end of file diff --git a/Puppetfile.lock b/Puppetfile.lock new file mode 100644 index 0000000..51949ef --- /dev/null +++ b/Puppetfile.lock @@ -0,0 +1,2 @@ +DEPENDENCIES + @@ -1,4 +1,4 @@ -# puppet-sshd +# Puppet SSH Module This puppet module manages OpenSSH configuration and services. @@ -26,9 +26,16 @@ include class { 'sshd': } ``` -on that node. If you need to configure any aspects of -sshd_config, set the variables before the include. See Configurable Variables -below for what you can set. +on that node. If you need to configure any aspects of sshd_config, set the variables before the include. Or you can adjust many parameters: + +```puppet +class { 'sshd': + ports => [ 20002 ], + permit_root_login => 'no', +} +``` + +See Configurable Variables below for what you can set. ### Nagios diff --git a/Rakefile b/Rakefile new file mode 100644 index 0000000..a9a4da9 --- /dev/null +++ b/Rakefile @@ -0,0 +1,22 @@ +require 'bundler' +Bundler.require(:rake) + +require 'puppetlabs_spec_helper/rake_tasks' +require 'puppet-lint/tasks/puppet-lint' +require 'rspec-system/rake_task' + +PuppetLint.configuration.log_format = '%{path}:%{linenumber}:%{KIND}: %{message}' +PuppetLint.configuration.send("disable_80chars") + +# use librarian-puppet to manage fixtures instead of .fixtures.yml +# offers more possibilities like explicit version management, forge downloads,... +puppet_module='sshd' +task :librarian_spec_prep do + sh "librarian-puppet install --path=spec/fixtures/modules/" + pwd = `pwd`.strip + unless File.directory?("#{pwd}/spec/fixtures/modules/#{puppet_module}") + sh "ln -s #{pwd} #{pwd}/spec/fixtures/modules/#{puppet_module}" + end +end +task :spec_prep => :librarian_spec_prep +task :default => [:spec, :lint]
\ No newline at end of file diff --git a/spec/unit/parser/functions/ssh_keygen.rb b/spec/functions/ssh_keygen_spec.rb index da45779..0d2100d 100644 --- a/spec/unit/parser/functions/ssh_keygen.rb +++ b/spec/functions/ssh_keygen_spec.rb @@ -1,44 +1,50 @@ -#! /usr/bin/env ruby - - -require File.dirname(__FILE__) + '/../../../spec_helper' - +#! /usr/bin/env ruby -S rspec +require 'spec_helper' +require 'rspec-puppet' require 'mocha' require 'fileutils' -describe "the ssh_keygen function" do +describe 'ssh_keygen' do - before :each do - @scope = Puppet::Parser::Scope.new - end + let(:scope) { PuppetlabsSpec::PuppetInternals.scope } - it "should exist" do + it 'should exist' do Puppet::Parser::Functions.function("ssh_keygen").should == "function_ssh_keygen" end - it "should raise a ParseError if no argument is passed" do - lambda { @scope.function_ssh_keygen }.should( raise_error(Puppet::ParseError)) + it 'should raise a ParseError if no argument is passed' do + lambda { + scope.function_ssh_keygen([]) + }.should(raise_error(Puppet::ParseError)) end - it "should raise a ParseError if there is more than 1 arguments" do - lambda { @scope.function_ssh_keygen("foo", "bar") }.should( raise_error(Puppet::ParseError)) + it 'should raise a ParseError if there is more than 1 arguments' do + lambda { + scope.function_ssh_keygen(["foo", "bar"]) + }.should( raise_error(Puppet::ParseError)) end - it "should raise a ParseError if the argument is not fully qualified" do - lambda { @scope.function_ssh_keygen("foo") }.should( raise_error(Puppet::ParseError)) + it 'should raise a ParseError if the argument is not fully qualified' do + lambda { + scope.function_ssh_keygen(["foo"]) + }.should( raise_error(Puppet::ParseError)) end it "should raise a ParseError if the private key path is a directory" do File.stubs(:directory?).with("/some_dir").returns(true) - lambda { @scope.function_ssh_keygen("/some_dir") }.should( raise_error(Puppet::ParseError)) + lambda { + scope.function_ssh_keygen(["/some_dir"]) + }.should( raise_error(Puppet::ParseError)) end it "should raise a ParseError if the public key path is a directory" do File.stubs(:directory?).with("/some_dir.pub").returns(true) - lambda { @scope.function_ssh_keygen("/some_dir") }.should( raise_error(Puppet::ParseError)) + lambda { + scope.function_ssh_keygen(["/some_dir.pub"]) + }.should( raise_error(Puppet::ParseError)) end - describe "when executing properly" do + describe 'when executing properly' do before do File.stubs(:directory?).with('/tmp/a/b/c').returns(false) File.stubs(:directory?).with('/tmp/a/b/c.pub').returns(false) @@ -46,16 +52,20 @@ describe "the ssh_keygen function" do File.stubs(:read).with('/tmp/a/b/c.pub').returns('publickey') end - it "should fail if the public but not the private key exists" do - File.stubs(:exists?).with("/tmp/a/b/c").returns(true) - File.stubs(:exists?).with("/tmp/a/b/c.pub").returns(false) - lambda { @scope.function_ssh_keygen("/tmp/a/b/c") }.should( raise_error(Puppet::ParseError)) + it 'should fail if the public but not the private key exists' do + File.stubs(:exists?).with('/tmp/a/b/c').returns(true) + File.stubs(:exists?).with('/tmp/a/b/c.pub').returns(false) + lambda { + scope.function_ssh_keygen(['/tmp/a/b/c']) + }.should( raise_error(Puppet::ParseError)) end it "should fail if the private but not the public key exists" do File.stubs(:exists?).with("/tmp/a/b/c").returns(false) File.stubs(:exists?).with("/tmp/a/b/c.pub").returns(true) - lambda { @scope.function_ssh_keygen("/tmp/a/b/c") }.should( raise_error(Puppet::ParseError)) + lambda { + scope.function_ssh_keygen(["/tmp/a/b/c"]) + }.should( raise_error(Puppet::ParseError)) end @@ -64,41 +74,43 @@ describe "the ssh_keygen function" do File.stubs(:exists?).with("/tmp/a/b/c.pub").returns(true) File.stubs(:directory?).with('/tmp/a/b').returns(true) Puppet::Util.expects(:execute).never - result = @scope.function_ssh_keygen('/tmp/a/b/c') + result = scope.function_ssh_keygen(['/tmp/a/b/c']) result.length.should == 2 result[0].should == 'privatekey' result[1].should == 'publickey' end - it "should create the directory path if it does not exist" do + xit "should create the directory path if it does not exist" do File.stubs(:exists?).with("/tmp/a/b/c").returns(false) File.stubs(:exists?).with("/tmp/a/b/c.pub").returns(false) File.stubs(:directory?).with("/tmp/a/b").returns(false) FileUtils.expects(:mkdir_p).with("/tmp/a/b", :mode => 0700) Puppet::Util.expects(:execute).returns("") - result = @scope.function_ssh_keygen('/tmp/a/b/c') + result = scope.function_ssh_keygen(['/tmp/a/b/c']) result.length.should == 2 result[0].should == 'privatekey' result[1].should == 'publickey' end - it "should generate the key if the keyfiles do not exist" do + xit "should generate the key if the keyfiles do not exist" do File.stubs(:exists?).with("/tmp/a/b/c").returns(false) File.stubs(:exists?).with("/tmp/a/b/c.pub").returns(false) File.stubs(:directory?).with("/tmp/a/b").returns(true) Puppet::Util.expects(:execute).with(['/usr/bin/ssh-keygen','-t', 'rsa', '-b', '4096', '-f', '/tmp/a/b/c', '-P', '', '-q']).returns("") - result = @scope.function_ssh_keygen('/tmp/a/b/c') + result = scope.function_ssh_keygen(['/tmp/a/b/c']) result.length.should == 2 result[0].should == 'privatekey' result[1].should == 'publickey' end - it "should fail if something goes wrong during generation" do + xit "should fail if something goes wrong during generation" do File.stubs(:exists?).with("/tmp/a/b/c").returns(false) File.stubs(:exists?).with("/tmp/a/b/c.pub").returns(false) File.stubs(:directory?).with("/tmp/a/b").returns(true) Puppet::Util.expects(:execute).with(['/usr/bin/ssh-keygen','-t', 'rsa', '-b', '4096', '-f', '/tmp/a/b/c', '-P', '', '-q']).returns("something is wrong") - lambda { @scope.function_ssh_keygen("/tmp/a/b/c") }.should( raise_error(Puppet::ParseError)) + lambda { + scope.function_ssh_keygen(["/tmp/a/b/c"]) + }.should( raise_error(Puppet::ParseError)) end end end diff --git a/spec/spec.opts b/spec/spec.opts deleted file mode 100644 index 91cd642..0000000 --- a/spec/spec.opts +++ /dev/null @@ -1,6 +0,0 @@ ---format -s ---colour ---loadby -mtime ---backtrace diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 6ba62e1..2d83617 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,16 +1,21 @@ -require 'pathname' -dir = Pathname.new(__FILE__).parent -$LOAD_PATH.unshift(dir, dir + 'lib', dir + '../lib') +dir = File.expand_path(File.dirname(__FILE__)) +$LOAD_PATH.unshift File.join(dir, 'lib') require 'puppet' -gem 'rspec', '>= 1.2.9' -require 'spec/autorun' +require 'rspec' +require 'puppetlabs_spec_helper/module_spec_helper' +require 'rspec-hiera-puppet' +require 'rspec-puppet/coverage' +require 'rspec/autorun' -Dir[File.join(File.dirname(__FILE__), 'support', '*.rb')].each do |support_file| - require support_file -end +fixture_path = File.expand_path(File.join(__FILE__, '..', 'fixtures')) -# We need this because the RAL uses 'should' as a method. This -# allows us the same behaviour but with a different method name. -class Object - alias :must :should +RSpec.configure do |c| + c.module_path = File.join(fixture_path, 'modules') + c.manifest_dir = File.join(fixture_path, 'manifests') + c.pattern = "spec/*/*_spec.rb" end + +Puppet::Util::Log.level = :warning +Puppet::Util::Log.newdestination(:console) + +at_exit { RSpec::Puppet::Coverage.report! }
\ No newline at end of file diff --git a/spec/spec_helper_system.rb b/spec/spec_helper_system.rb new file mode 100644 index 0000000..44e0337 --- /dev/null +++ b/spec/spec_helper_system.rb @@ -0,0 +1,24 @@ +require 'rspec-system/spec_helper' +require 'rspec-system-puppet/helpers' +require 'rspec-system-serverspec/helpers' +include Serverspec::Helper::RSpecSystem +include Serverspec::Helper::DetectOS +include RSpecSystemPuppet::Helpers + +RSpec.configure do |c| + # Project root + proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..')) + + # Enable colour + c.tty = true + + c.include RSpecSystemPuppet::Helpers + + # This is where we 'setup' the nodes before running our tests + c.before :suite do + # Install puppet + puppet_install + # Install modules and dependencies + puppet_module_install(:source => proj_root, :module_name => 'sshd') + end +end |