From f6dbca33524c38667f20fdc99a3c51498e79cb1a Mon Sep 17 00:00:00 2001
From: Imran Iqbal <iqbalmy@hotmail.com>
Date: Thu, 4 Jul 2019 00:07:34 +0100
Subject: [PATCH] fix: complete PR #164

* Use consistent Jinja whitespace control `{%- ... -}`
* Improve debug output (comments & whitespace control)
* Use exact state names with TOFS `files_switch`
* Add `ssh_known_hosts_src` to `defaults` (for consistency)
* Restrict `pillar.example` changes to TOFS only
* Use `fire_banner` in `pillar.example` to indicate available template
---
 openssh/banner.sls      | 19 +++++++++----------
 openssh/config.sls      | 30 ++++++++++++++----------------
 openssh/defaults.yaml   |  1 +
 openssh/known_hosts.sls | 10 +++++-----
 pillar.example          | 17 ++++++-----------
 5 files changed, 35 insertions(+), 42 deletions(-)

diff --git a/openssh/banner.sls b/openssh/banner.sls
index c69ecdb..d173970 100644
--- a/openssh/banner.sls
+++ b/openssh/banner.sls
@@ -1,6 +1,6 @@
-{% set tplroot = tpldir.split('/')[0] %}
-{% from tplroot ~ "/map.jinja" import openssh with context %}
-{% from tplroot ~ "/libtofs.jinja" import files_switch %}
+{%- set tplroot = tpldir.split('/')[0] %}
+{%- from tplroot ~ "/map.jinja" import openssh with context %}
+{%- from tplroot ~ "/libtofs.jinja" import files_switch %}
 
 include:
   - openssh
@@ -8,14 +8,13 @@ include:
 sshd_banner:
   file.managed:
     - name: {{ openssh.banner }}
-{% if openssh.banner_string is defined %}
+    {%- if openssh.banner_string is defined %}
     - contents: {{ openssh.banner_string | yaml }}
-{% else %}
-    # Preserve backward compatibility
-    - source: {{ openssh.banner_src
-                 if '://' in openssh.banner_src
+    {%- else %}
+    {#- Preserve backward compatibility using the `if` below #}
+    - source: {{ openssh.banner_src if '://' in openssh.banner_src
                  else files_switch( [openssh.banner_src],
-                                    'sshd_banner_file_managed'
+                                    'sshd_banner'
               ) }}
     - template: jinja
-{% endif %}
+    {%- endif %}
diff --git a/openssh/config.sls b/openssh/config.sls
index d9d5b83..dde58a2 100644
--- a/openssh/config.sls
+++ b/openssh/config.sls
@@ -1,20 +1,19 @@
-{% set tplroot = tpldir.split('/')[0] %}
-{% from tplroot ~ "/map.jinja" import openssh, ssh_config, sshd_config with context %}
-{% from tplroot ~ "/libtofs.jinja" import files_switch %}
+{%- set tplroot = tpldir.split('/')[0] %}
+{%- from tplroot ~ "/map.jinja" import openssh, ssh_config, sshd_config with context %}
+{%- from tplroot ~ "/libtofs.jinja" import files_switch %}
 
 
 include:
   - openssh
 
-{% if sshd_config %}
+{%- if sshd_config %}
 sshd_config:
   file.managed:
     - name: {{ openssh.sshd_config }}
-                  # Preserve backward compatibility
-    - source: {{ openssh.sshd_config_src
-                 if '://' in openssh.sshd_config_src
+    {#- Preserve backward compatibility using the `if` below #}
+    - source: {{ openssh.sshd_config_src if '://' in openssh.sshd_config_src
                  else files_switch( [openssh.sshd_config_src],
-                                    'sshd_config_file_managed'
+                                    'sshd_config'
               ) }}
     - template: jinja
     - user: {{ openssh.sshd_config_user }}
@@ -26,17 +25,16 @@ sshd_config:
     {%- endif %}
     - watch_in:
       - service: {{ openssh.service }}
-{% endif %}
+{%- endif %}
 
-{% if ssh_config %}
+{%- if ssh_config %}
 ssh_config:
   file.managed:
     - name: {{ openssh.ssh_config }}
-              # Preserve backward compatibility
-    - source: {{ openssh.ssh_config_src
-                 if '://' in openssh.ssh_config_src
+    {#- Preserve backward compatibility using the `if` below #}
+    - source: {{ openssh.ssh_config_src if '://' in openssh.ssh_config_src
                  else files_switch( [openssh.ssh_config_src],
-                                    'ssh_config_file_managed'
+                                    'ssh_config'
               ) }}
     - template: jinja
     - user: {{ openssh.ssh_config_user }}
@@ -45,7 +43,7 @@ ssh_config:
     {%- if openssh.ssh_config_backup  %}
     - backup: minion
     {%- endif %}
-{% endif %}
+{%- endif %}
 
 {%- for keyType in openssh['host_key_algos'].split(',') %}
 {%-   set keyFile = "/etc/ssh/ssh_host_" ~ keyType ~ "_key" %}
@@ -134,4 +132,4 @@ ssh_host_{{ keyType }}_key.pub:
       - file: sshd_config
     - watch_in:
       - service: {{ openssh.service }}
-{% endif %}
+{%- endif %}
diff --git a/openssh/defaults.yaml b/openssh/defaults.yaml
index b24daeb..02563e1 100644
--- a/openssh/defaults.yaml
+++ b/openssh/defaults.yaml
@@ -17,6 +17,7 @@ default:
     banner: /etc/ssh/banner
     banner_src: banner # Default TOFS source filename
     ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts # Default TOFS source filename
     dig_pkg: dnsutils
     ssh_moduli: /etc/ssh/moduli
     root_group: root
diff --git a/openssh/known_hosts.sls b/openssh/known_hosts.sls
index d19e043..fdc02c5 100644
--- a/openssh/known_hosts.sls
+++ b/openssh/known_hosts.sls
@@ -1,6 +1,6 @@
-{% set tplroot = tpldir.split('/')[0] %}
-{% from tplroot ~ "/map.jinja" import openssh with context %}
-{% from tplroot ~ "/libtofs.jinja" import files_switch %}
+{%- set tplroot = tpldir.split('/')[0] %}
+{%- from tplroot ~ "/map.jinja" import openssh with context %}
+{%- from tplroot ~ "/libtofs.jinja" import files_switch %}
 
 ensure dig is available:
   pkg.installed:
@@ -10,8 +10,8 @@ ensure dig is available:
 manage ssh_known_hosts file:
   file.managed:
     - name: {{ openssh.ssh_known_hosts }}
-    - source: {{ files_switch( ['ssh_known_hosts'],
-                               'ssh_known_hosts_file_managed'
+    - source: {{ files_switch( [openssh.ssh_known_hosts_src],
+                               'manage ssh_known_hosts file'
               ) }}
     - template: jinja
     - user: root
diff --git a/pillar.example b/pillar.example
index e19e95f..65fea10 100644
--- a/pillar.example
+++ b/pillar.example
@@ -194,10 +194,6 @@ ssh_config:
 
 
 openssh:
-  # Banner file can be retrieved either by TOFS or by url
-  banner_src: banner_fire
-  # banner_src: salt://ssh/files/banner_src  # <- old style
-
   # Instead of adding a custom banner file you can set it in pillar
   banner_string: |
     Welcome to {{ grains['id'] }}!
@@ -333,7 +329,6 @@ openssh:
     static:
       github.com: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]'
       gitlab.com: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]'
-    # The template of ssh_know_host file can be overriden thanks to TOFS
 
   # specify DH parameters (see /etc/ssh/moduli)
   moduli: |
@@ -381,11 +376,11 @@ mine_functions:
     #   files: files_alt
     #   default: default_alt
     source_files:
-      ssh_known_hosts_file_managed:
-        - alt_known_hosts
-      sshd_config_file_managed:
+      manage ssh_known_hosts file:
+        - alt_ssh_known_hosts
+      sshd_config:
         - alt_sshd_config
-      ssh_config_file_managed:
+      ssh_config:
         - alt_ssh_config
-      sshd_banner_file_managed:
-        - alt_banner_src
\ No newline at end of file
+      sshd_banner:
+        - fire_banner