Commit Graph

391 Commits

Author SHA1 Message Date
Daniel Dehennin
1c99556695 test(inspec): display proper diff when _mapdata mismatch
The use of `eq` instead of `include` premits to have a nice diff after
the `expected/got` oneliners.
2020-08-26 10:06:13 +02:00
semantic-release-bot
34a9c8f703 chore(release): 2.0.1 [skip ci]
## [2.0.1](https://github.com/saltstack-formulas/openssh-formula/compare/v2.0.0...v2.0.1) (2020-08-21)

### Bug Fixes

* **map:** `path_join` can be used only for local file access ([3845d5f](3845d5ff61))
2020-08-21 16:41:46 +00:00
Javier Bértoli
27c527a172
Merge pull request #190 from baby-gnu/fix/no-path_join-for-salt-url
fix(map): `path_join` can be used only for local file access
2020-08-21 13:34:11 -03:00
Daniel Dehennin
3845d5ff61 fix(map): path_join can be used only for local file access
On windows machines, the `path_join` build wrong URL by using
backslash as separator.

URL used for fileserver access must use only slashes `/`.
2020-08-21 16:00:56 +02:00
semantic-release-bot
b32ec9819c chore(release): 2.0.0 [skip ci]
# [2.0.0](https://github.com/saltstack-formulas/openssh-formula/compare/v1.3.1...v2.0.0) (2020-08-01)

### Features

* **map:** `config.get` lookups from configurable roots ([ad4385b](ad4385b077))
* **map:** update to v4 “map.jinja” ([df477b2](df477b25c2))
2020-08-01 13:59:26 +00:00
Imran Iqbal
db67ce6f42
Merge pull request #186 from baby-gnu/feature/v4-map.jinja
feat(map): update to v4 and add config.get lookup from multiple roots
2020-08-01 14:51:21 +01:00
Imran Iqbal
a0af21a996
chore: add breaking change message for new map.jinja
BREAKING CHANGE: `map.jinja` has been upgraded from using `pillar.get`
to `config.get`.
2020-08-01 14:26:07 +01:00
Daniel Dehennin
ad4385b077 feat(map): config.get lookups from configurable roots
We avoid compatibility break with user pillars by looking up
configuration values using `config.get` in configurable roots.

We provide a new parameter `map_jinja:config_get_roots` in the formula
`parameters/defaults.yaml`to retrives values not only from
`tplroot=openssh` but from `sshd_config` and `ssh_config` too.

We need to update the `_mapdata` reference files to include the new
`map_jinja:config_get_roots`.
2020-07-31 12:59:33 +02:00
Daniel Dehennin
df477b25c2 feat(map): update to v4 “map.jinja”
The `map.jinja` now exports a single variable called `mapdata`.

We extract the `openssh`, `sshd_config` and `ssh_config` from it to
minimize the changes to `.sls` files.
2020-07-31 10:54:40 +02:00
semantic-release-bot
a8cd7370df chore(release): 1.3.1 [skip ci]
## [1.3.1](https://github.com/saltstack-formulas/openssh-formula/compare/v1.3.0...v1.3.1) (2020-07-31)

### Bug Fixes

* **inspec:** use the name `_mapdata` everywhere for coherency ([14e843e](14e843ec2b))
2020-07-31 06:19:53 +00:00
Imran Iqbal
94a12d86d9
Merge pull request #189 from baby-gnu/fix/rename-mapdata-test-directory
fix(inspec): use the name `_mapdata` everywhere for coherency
2020-07-31 07:11:50 +01:00
Daniel Dehennin
14e843ec2b fix(inspec): use the name _mapdata everywhere for coherency 2020-07-31 08:01:27 +02:00
semantic-release-bot
9f3c2f2686 chore(release): 1.3.0 [skip ci]
# [1.3.0](https://github.com/saltstack-formulas/openssh-formula/compare/v1.2.2...v1.3.0) (2020-07-30)

### Continuous Integration

* **kitchen:** execute `_mapdata` state ([70389b5](70389b5964))

### Features

* **map:** generate a YAML file to validate `map.jinja` ([e4ab335](e4ab335077))

### Tests

* **inspec:** share library to access some minion informations ([a8d61f4](a8d61f4307))
* **inspec:** verify `map.jinja` dump ([0eafbd9](0eafbd945c))
2020-07-30 23:39:55 +00:00
Imran Iqbal
5e2fa1a5e6
Merge pull request #187 from baby-gnu/ci/validate_map.jinja
Ci/validate map.jinja
2020-07-31 00:31:34 +01:00
Daniel Dehennin
e4ab335077 feat(map): generate a YAML file to validate map.jinja
We provide a new `_mapdata` state which generate a
`/tmp/salt_mapdata_dump.yaml` to be validated by `Inspec`.
2020-07-30 22:05:24 +02:00
Daniel Dehennin
70389b5964 ci(kitchen): execute _mapdata state 2020-07-30 22:02:10 +02:00
Daniel Dehennin
0eafbd945c test(inspec): verify map.jinja dump
We store validated `map.jinja` dump under the profile `files`
directory to access them with `inspec.profile.file('filename')` to
validate the content of the generated mapdata file.

The YAML files contain a value specific to each minion, its hostname,
so we use string format to expand `%{hostname}`.

The `default` inspec profile need to depends on `share` to access the
`system` and `salt_minion` libraries.
2020-07-30 22:00:18 +02:00
Daniel Dehennin
a8d61f4307 test(inspec): share library to access some minion informations
The `system.hostname` return the result of either `hostname -s` or
`hostnamectl --static` depending of the availability of each command.

The `system.platform` return a hash with tweaked `inspec.platform`
values:

- `system.platform[:family]` provides a family name for Arch
- `system.platform[:name]` modify `amazon` to `amazonlinux`
- `system.platform[:release]` tweak for Arch and Amazon Linux:
  - `Arch` is always `base-later`
  - `Amazon Linux` release `2018` became `1`
- `system.platform[:finger]` is just the concatenation of the name and
  the first release number (except for Ubuntu which gives `20.04` for
  example)
2020-07-30 18:00:57 +02:00
semantic-release-bot
6a882026d2 chore(release): 1.2.2 [skip ci]
## [1.2.2](https://github.com/saltstack-formulas/openssh-formula/compare/v1.2.1...v1.2.2) (2020-07-30)

### Bug Fixes

* **jinja:** omit_ip_address don't work on some platform ([b2d38ae](b2d38aec9b))
2020-07-30 11:05:19 +00:00
Imran Iqbal
27afecb96a
Merge pull request #188 from baby-gnu/fix/omit-ip-address-on-older-platform
fix(jinja): omit_ip_address don't work on some platform
2020-07-30 11:57:22 +01:00
Daniel Dehennin
b2d38aec9b fix(jinja): omit_ip_address don't work on some platform
It apprears that the

  `if not (omit_ip_address is sameas true or host in omit_ip_address)`

always returns `True` on older Jinja platforms:

- default-ubuntu-1604-3000-3-py2
- default-ubuntu-1604-2019-2-py3
- default-amazonlinux-1-2019-2-py2

Each part of the `or` conditional need to be surrounded by parenthesis.
2020-07-30 12:25:34 +02:00
semantic-release-bot
156a8a2cd8 chore(release): 1.2.1 [skip ci]
## [1.2.1](https://github.com/saltstack-formulas/openssh-formula/compare/v1.2.0...v1.2.1) (2020-07-21)

### Bug Fixes

* **known_hosts:** dig package does not install on Arch ([0b667cb](0b667cbcf5))

### Continuous Integration

* **kitchen:** execute `openssh.known_hosts` state ([644e616](644e61651d))

### Tests

* **config_spec:** verify /etc/ssh/ssh_known_hosts ([06ef24b](06ef24b8e1))
2020-07-21 14:18:58 +00:00
Imran Iqbal
9c8b77ca24
Merge pull request #185 from baby-gnu/feature/test-known_hosts
test(config_spec): verify the generation of /etc/ssh/ssh_known_hosts
2020-07-21 15:11:44 +01:00
Daniel Dehennin
0b667cbcf5 fix(known_hosts): dig package does not install on Arch
The conditionnal on `ensure dig is available` does not work on Arch
since the `which` command does not exists. As the `pkg.installed`
state is idempotent, we don't need an extra check which depends on the
environment.

The `dig` utility is provided by `bind` on Arch and no more by
`bind-tools`.
2020-07-21 11:49:22 +02:00
Daniel Dehennin
644e61651d ci(kitchen): execute openssh.known_hosts state 2020-07-21 10:52:32 +02:00
Daniel Dehennin
06ef24b8e1 test(config_spec): verify /etc/ssh/ssh_known_hosts 2020-07-21 10:52:03 +02:00
semantic-release-bot
0c064b15bf chore(release): 1.2.0 [skip ci]
# [1.2.0](https://github.com/saltstack-formulas/openssh-formula/compare/v1.1.0...v1.2.0) (2020-07-20)

### Bug Fixes

* **inspec:** the package name for Arch is openssh ([6b7d8df](6b7d8df156))
* **jinja:** encode context as json ([7a1f619](7a1f6199d0))

### Features

* **ci:** update travis and kitchen to latest formula standards ([7752132](7752132275))

### Styles

* **libtofs.jinja:** use Black-inspired Jinja formatting [skip ci] ([9d8228d](9d8228d9db))
2020-07-20 14:42:57 +00:00
Imran Iqbal
06f5f7ef2a
Merge pull request #182 from baby-gnu/feature/update-ci-to-latest-standards
feat(ci): update ci to latest standards
2020-07-20 15:34:45 +01:00
Daniel Dehennin
6b7d8df156 fix(inspec): the package name for Arch is openssh
For Arch, Inspec define `platform[:family]` as `linux` and
`platform[:name]` as `arch`.
2020-07-20 16:28:28 +02:00
Daniel Dehennin
7a1f6199d0 fix(jinja): encode context as json
Or with python2 the template are generated with `u'<string>'`.
2020-07-20 16:28:22 +02:00
Daniel Dehennin
7752132275 feat(ci): update travis and kitchen to latest formula standards
Import .travis.yml and kitchen.yml from `template-formula`.
2020-07-20 16:28:19 +02:00
Imran Iqbal
9d8228d9db style(libtofs.jinja): use Black-inspired Jinja formatting [skip ci]
* Automated using https://github.com/myii/ssf-formula/pull/237
2020-07-19 23:27:51 +01:00
semantic-release-bot
3c23c42171 chore(release): 1.1.0 [skip ci]
# [1.1.0](https://github.com/saltstack-formulas/openssh-formula/compare/v1.0.0...v1.1.0) (2020-07-17)

### Bug Fixes

* **inspec:** make rubocop happy ([2cfb5a7](2cfb5a74f3))

### Features

* **test:** remove serverspec files ([049db2b](049db2bc8e))
2020-07-17 18:54:57 +00:00
Imran Iqbal
2d1804d7ce
Merge pull request #181 from baby-gnu/fix/make-rubocop-happy
fix(test): make rubocop happy
2020-07-17 19:47:32 +01:00
Daniel Dehennin
2cfb5a74f3 fix(inspec): make rubocop happy
* test/integration/default/controls/services_spec.rb: favor modifier
  if usage when having a single-line body.

* test/integration/default/controls/config_spec.rb: add frozen string
  literal comment.

* test/integration/default/controls/packages_spec.rb: ditoo.

* test/integration/default/controls/services_spec.rb: ditoo.
2020-07-17 16:31:46 +02:00
Daniel Dehennin
049db2bc8e feat(test): remove serverspec files
All tests provided by Serverspec are covered by Inspec.
2020-07-17 16:31:33 +02:00
semantic-release-bot
d0d2864d13 chore(release): 1.0.0 [skip ci]
# [1.0.0](https://github.com/saltstack-formulas/openssh-formula/compare/v0.43.3...v1.0.0) (2020-07-17)

### Continuous Integration

* **kitchen:** use `saltimages` Docker Hub where available [skip ci] ([bb1ac71](bb1ac71786))

### Features

* **templates:** don't get openssh pillars in templates ([cb6e48f](cb6e48feaa))

### BREAKING CHANGES

* **templates:** Minimum Salt version support is now `2019.2` in line
with official upstream support; also use of the `traverse` Jinja filter.
2020-07-17 12:23:42 +00:00
Imran Iqbal
cf4046d999
Merge pull request #180 from baby-gnu/feature/pass-context-to-templates
feat(templates): don't get openssh pillars in templates
2020-07-17 13:15:17 +01:00
Daniel Dehennin
cb6e48feaa feat(templates): don't get openssh pillars in templates
We pass the pillars via the template engine context, this avoid the
need to load `map.jinja` from the templates themselves and recude the
number of `pillar.get` calls.

* openssh/config.sls (sshd_config): pass `sshd_config` in the
  context.
  (ssh_config): pass `ssh_config` in the context.

* openssh/files/default/ssh_config: remove `map.jinja` import since
  it's now in the context.

* openssh/files/default/sshd_config: ditoo.

* openssh/known_hosts.sls: pass `known_hosts` in the context.

* openssh/files/default/ssh_known_hosts: use `known_hosts` from the
  context instead of calling `pillar.get` several times.

BREAKING CHANGE: Minimum Salt version support is now `2019.2` in line
with official upstream support; also use of the `traverse` Jinja filter.
2020-07-17 10:48:32 +02:00
Imran Iqbal
24049f3aab chore(gemfile.lock): update to latest gem versions (2020-W27) [skip ci]
* Automated using https://github.com/myii/ssf-formula/pull/235
2020-07-06 14:29:42 +01:00
Imran Iqbal
10dcec8676 chore(gemfile.lock): update to latest gem versions (2020-W26) [skip ci]
* Automated using https://github.com/myii/ssf-formula/pull/233
2020-06-26 12:46:01 +01:00
Imran Iqbal
807a193f0e chore(gemfile.lock): update to latest gem versions (2020-W25) [skip ci]
* Automated using https://github.com/myii/ssf-formula/pull/229
2020-06-21 12:58:18 +01:00
Imran Iqbal
bb1ac71786 ci(kitchen): use saltimages Docker Hub where available [skip ci]
* Automated using https://github.com/myii/ssf-formula/pull/223
2020-06-15 16:57:41 +01:00
Imran Iqbal
03bd059978 chore(gemfile.lock): update to latest gem versions [skip ci]
* Automated using https://github.com/myii/ssf-formula/pull/222
2020-06-15 15:08:39 +01:00
Imran Iqbal
b2e122933f chore(gemfile.lock): update to latest gem versions [skip ci]
* Automated using https://github.com/myii/ssf-formula/pull/221
2020-06-05 22:18:19 +01:00
semantic-release-bot
f2042f42f2 chore(release): 0.43.3 [skip ci]
## [0.43.3](https://github.com/saltstack-formulas/openssh-formula/compare/v0.43.2...v0.43.3) (2020-06-04)

### Bug Fixes

* **config_ini:** stop failing after the first application ([c7777c7](c7777c74b2))
2020-06-04 17:14:28 +00:00
Imran Iqbal
857c7c0cdb
Merge pull request #179 from OrangeDog/patch-2
fix(config_ini): stop failing after the first application
2020-06-04 18:07:17 +01:00
James Howe
c7777c74b2
fix(config_ini): stop failing after the first application
The module is called `ini_manage` but the state prefix is `ini`.
2020-06-04 17:58:24 +01:00
semantic-release-bot
54d75b5b8f chore(release): 0.43.2 [skip ci]
## [0.43.2](https://github.com/saltstack-formulas/openssh-formula/compare/v0.43.1...v0.43.2) (2020-06-04)

### Bug Fixes

* **config_ini:** ensure the tab replacement happens before the edit ([b26b99d](b26b99d3d0)), closes [#162](https://github.com/saltstack-formulas/openssh-formula/issues/162)
* **libtofs:** “files_switch” mess up the variable exported by “map.jinja” [skip ci] ([053b787](053b7879fd))

### Continuous Integration

* **gemfile:** remove unused `rspec-retry` gem [skip ci] ([5be1c1f](5be1c1f47c))
* **gemfile.lock:** add to repo with updated `Gemfile` [skip ci] ([e53bcc1](e53bcc14dc))
* **kitchen+travis:** remove `master-py2-arch-base-latest` [skip ci] ([0977485](0977485b6b))
* **travis:** add notifications => zulip [skip ci] ([597aeb5](597aeb5861))
* **workflows/commitlint:** add to repo [skip ci] ([fa6c65b](fa6c65b852))
2020-06-04 15:58:06 +00:00
James Howe
b26b99d3d0
fix(config_ini): ensure the tab replacement happens before the edit
Otherwise #162 can still happen
2020-06-04 16:48:43 +01:00