Commit Graph

26 Commits

Author SHA1 Message Date
Daniel Dehennin
1be0d8725a feat(map): use targeting like syntax for configuration
The `config_get_lookup` and `config_get` sources lack flexibility.

It's not easy to query several pillars and/or grains keys with the
actual system. And the query method is forced to `config.get` without
being configurable by the user.

We define a mechanism to select `map.jinja` sources with similar
notation as the salt targeting system.

The `map.jinja` file uses several sources where to lookup parameter
values. The list of sources can be modified by two files:

1. a global salt://parameters/map_jinja.yaml
2. a per formula salt://{{ tplroot }}/parameters/map_jinja.yaml.

Each source definition has the form `<TYPE>:<OPTION>@<KEY>` where
`<TYPE>` can be one of:

- `Y` to load values from YAML files, this is the default when no type
  is defined
- `C` to lookup values with `config.get`
- `G` to lookup values with `grains.get`
- `I` to lookup values with `pillar.get`

The YAML type option can define the query method to lookup the key
value to build the file name:

- `C` to query with `config.get`, this is the default when to query
  method is defined
- `G` to query with `grains.get`
- `I` to query with `pillar.get`

The `C`, `G` or `I` types can define the `SUB` option to store values
in the sub key `mapdata.<key>` instead of directly in `mapdata`.

Finally, the `<KEY>` describe what to lookup to either build the YAML
filename or gather values using one of the query method.

BREAKING CHANGE: the configuration `map_jinja:sources` is only
                 configurable with `salt://parameters/map_jinja.yaml`
		 and `salt://{{ tplroot }}/parameters/map_jinja.yaml`

BREAKING CHANGE: the `map_jinja:config_get_roots` is replaced by
                 compound like `map_jinja:sources`

BREAKING CHANGE: the two `config_get_lookup` and `config_get` are
                 replaced by `C@<tplroot>:lookup` and `C@<tplroot>`
		 sources
2021-01-11 17:31:22 +01:00
Imran Iqbal
37597e5b12
refactor(map): use top-level values: key in map.jinja dumps
* Semi-automated using https://github.com/myii/ssf-formula/pull/284
2020-12-23 16:42:23 +00:00
Imran Iqbal
2bab68f5ff
test(map): standardise map.jinja verification
* Automated using https://github.com/myii/ssf-formula/pull/281
2020-12-22 00:43:03 +00:00
Daniel Dehennin
5e9033f500 test(inspec): _mapdata files should have tofs configuration 2020-09-27 20:16:39 +02:00
Imran Iqbal
9576b72eb2
chore(inspec): fix typo [skip ci]
* https://github.com/myii/ssf-formula/commit/839898aedb34
2020-09-10 01:31:20 +01:00
Imran Iqbal
15241d39c5
test(share): standardise structure
* Standardised using https://github.com/myii/ssf-formula/pull/251
2020-09-09 12:31:49 +01:00
Daniel Dehennin
8cb31c6967 test(inspec): no more need to mangle mapdata for hostname
We force the hostname in `kitchen` so the `_mapdata` files can be
static.
2020-09-08 21:23:21 +02:00
Daniel Dehennin
1c99556695 test(inspec): display proper diff when _mapdata mismatch
The use of `eq` instead of `include` premits to have a nice diff after
the `expected/got` oneliners.
2020-08-26 10:06:13 +02:00
Daniel Dehennin
ad4385b077 feat(map): config.get lookups from configurable roots
We avoid compatibility break with user pillars by looking up
configuration values using `config.get` in configurable roots.

We provide a new parameter `map_jinja:config_get_roots` in the formula
`parameters/defaults.yaml`to retrives values not only from
`tplroot=openssh` but from `sshd_config` and `ssh_config` too.

We need to update the `_mapdata` reference files to include the new
`map_jinja:config_get_roots`.
2020-07-31 12:59:33 +02:00
Daniel Dehennin
14e843ec2b fix(inspec): use the name _mapdata everywhere for coherency 2020-07-31 08:01:27 +02:00
Daniel Dehennin
0eafbd945c test(inspec): verify map.jinja dump
We store validated `map.jinja` dump under the profile `files`
directory to access them with `inspec.profile.file('filename')` to
validate the content of the generated mapdata file.

The YAML files contain a value specific to each minion, its hostname,
so we use string format to expand `%{hostname}`.

The `default` inspec profile need to depends on `share` to access the
`system` and `salt_minion` libraries.
2020-07-30 22:00:18 +02:00
Daniel Dehennin
a8d61f4307 test(inspec): share library to access some minion informations
The `system.hostname` return the result of either `hostname -s` or
`hostnamectl --static` depending of the availability of each command.

The `system.platform` return a hash with tweaked `inspec.platform`
values:

- `system.platform[:family]` provides a family name for Arch
- `system.platform[:name]` modify `amazon` to `amazonlinux`
- `system.platform[:release]` tweak for Arch and Amazon Linux:
  - `Arch` is always `base-later`
  - `Amazon Linux` release `2018` became `1`
- `system.platform[:finger]` is just the concatenation of the name and
  the first release number (except for Ubuntu which gives `20.04` for
  example)
2020-07-30 18:00:57 +02:00
Daniel Dehennin
06ef24b8e1 test(config_spec): verify /etc/ssh/ssh_known_hosts 2020-07-21 10:52:03 +02:00
Daniel Dehennin
6b7d8df156 fix(inspec): the package name for Arch is openssh
For Arch, Inspec define `platform[:family]` as `linux` and
`platform[:name]` as `arch`.
2020-07-20 16:28:28 +02:00
Daniel Dehennin
2cfb5a74f3 fix(inspec): make rubocop happy
* test/integration/default/controls/services_spec.rb: favor modifier
  if usage when having a single-line body.

* test/integration/default/controls/config_spec.rb: add frozen string
  literal comment.

* test/integration/default/controls/packages_spec.rb: ditoo.

* test/integration/default/controls/services_spec.rb: ditoo.
2020-07-17 16:31:46 +02:00
Daniel Dehennin
049db2bc8e feat(test): remove serverspec files
All tests provided by Serverspec are covered by Inspec.
2020-07-17 16:31:33 +02:00
Imran Iqbal
fe1af098b3
test(packages_spec): prevent control for bsd family
* Refactor `package_name` using `case` like other formulas
2020-02-07 12:49:47 +00:00
Imran Iqbal
047b753a9e
test(inspec): fix config_spec tests on *BSD (wheel not root) 2019-10-27 00:04:16 +01:00
Imran Iqbal
4644018b98 ci(platform): add arch-base-latest (commented out for now) [skip ci]
* Automated using https://github.com/myii/ssf-formula/pull/50
2019-10-01 16:23:54 +01:00
Imran Iqbal
267042c838 test(inspec): add tests based on existing Serverspec tests (#168)
* ci(kitchen): use `openssh.config` as `state_top`
* Semi-automated using https://github.com/myii/ssf-formula/pull/33
* test(pillar): remove deprecated option and disabled method
* https://travis-ci.org/myii/openssh-formula/jobs/585340845#L1811-L1813:
* test(pillar): use same SSH options as used by Travis
* Using existing options locks out after `kitchen converge` (before `verify`)
* https://travis-ci.org/myii/openssh-formula/jobs/585356835#L2957-L2965:
* test(inspec): add tests based on existing Serverspec tests
* Follows on from #166
2019-09-16 20:28:05 +02:00
Imran Iqbal
6300ddf76c
feat(semantic-release): implement for this formula
* Close #165
* Move existing `.kitchen.yml` => `kitchen.vagrant.yml`
* Semi-automated using https://github.com/myii/ssf-formula/pull/30
* Fix errors shown below:

```bash
openssh-formula$ yamllint -s .
./pillar.example
  49:3      error    duplication of key "AllowUsers" in mapping  (key-duplicates)
  57:3      error    duplication of key "DenyUsers" in mapping  (key-duplicates)
  63:3      error    duplication of key "AllowGroups" in mapping  (key-duplicates)
  70:3      error    duplication of key "DenyGroups" in mapping  (key-duplicates)
  79:24     warning  truthy value should be one of [false, true]  (truthy)
  80:29     warning  truthy value should be one of [false, true]  (truthy)
  118:4     warning  missing starting space in comment  (comments)
  119:4     warning  missing starting space in comment  (comments)
  119:89    error    line too long (122 > 88 characters)  (line-length)
  120:4     warning  missing starting space in comment  (comments)
  120:89    error    line too long (144 > 88 characters)  (line-length)
  147:30    warning  truthy value should be one of [false, true]  (truthy)
  148:21    warning  truthy value should be one of [false, true]  (truthy)
  149:19    warning  truthy value should be one of [false, true]  (truthy)
  150:32    warning  truthy value should be one of [false, true]  (truthy)
  151:26    warning  truthy value should be one of [false, true]  (truthy)
  152:31    warning  truthy value should be one of [false, true]  (truthy)
  153:32    warning  truthy value should be one of [false, true]  (truthy)
  154:29    warning  truthy value should be one of [false, true]  (truthy)
  155:34    warning  truthy value should be one of [false, true]  (truthy)
  175:8     warning  missing starting space in comment  (comments)
  175:89    error    line too long (152 > 88 characters)  (line-length)
  176:8     warning  missing starting space in comment  (comments)
  176:89    error    line too long (126 > 88 characters)  (line-length)
  177:8     warning  missing starting space in comment  (comments)
  177:89    error    line too long (148 > 88 characters)  (line-length)
  213:18    warning  truthy value should be one of [false, true]  (truthy)
  219:18    warning  truthy value should be one of [false, true]  (truthy)
  225:18    warning  truthy value should be one of [false, true]  (truthy)
  241:22    warning  truthy value should be one of [false, true]  (truthy)
  243:22    warning  truthy value should be one of [false, true]  (truthy)
  244:20    warning  truthy value should be one of [false, true]  (truthy)
  245:21    warning  truthy value should be one of [false, true]  (truthy)
  254:24    warning  truthy value should be one of [false, true]  (truthy)
  255:22    warning  truthy value should be one of [false, true]  (truthy)
  256:23    warning  truthy value should be one of [false, true]  (truthy)
  265:22    warning  truthy value should be one of [false, true]  (truthy)
  268:21    warning  truthy value should be one of [false, true]  (truthy)
  269:20    warning  truthy value should be one of [false, true]  (truthy)
  270:21    warning  truthy value should be one of [false, true]  (truthy)
  279:26    warning  truthy value should be one of [false, true]  (truthy)
  280:24    warning  truthy value should be one of [false, true]  (truthy)
  281:25    warning  truthy value should be one of [false, true]  (truthy)
  307:16    warning  truthy value should be one of [false, true]  (truthy)
  308:6     warning  missing starting space in comment  (comments)
  314:6     warning  missing starting space in comment  (comments)
  316:24    warning  truthy value should be one of [false, true]  (truthy)
  339:89    error    line too long (546 > 88 characters)  (line-length)
  340:89    error    line too long (546 > 88 characters)  (line-length)
  341:89    error    line too long (546 > 88 characters)  (line-length)
  342:89    error    line too long (546 > 88 characters)  (line-length)
  344:4     warning  missing starting space in comment  (comments)
  345:4     warning  missing starting space in comment  (comments)
  357:19    warning  truthy value should be one of [false, true]  (truthy)

./openssh/osfamilymap.yaml
  1:1       warning  missing document start "---"  (document-start)

./openssh/osfingermap.yaml
  1:1       warning  missing document start "---"  (document-start)

./openssh/osmap.yaml
  1:1       warning  missing document start "---"  (document-start)

./openssh/defaults.yaml
  1:1       warning  missing document start "---"  (document-start)
  3:18      warning  truthy value should be one of [false, true]  (truthy)
  6:34      warning  too few spaces before comment  (comments)
  10:25     warning  truthy value should be one of [false, true]  (truthy)
  12:32     warning  too few spaces before comment  (comments)
  16:24     warning  truthy value should be one of [false, true]  (truthy)
  18:24     warning  too few spaces before comment  (comments)
  20:42     warning  too few spaces before comment  (comments)
  27:6      warning  missing starting space in comment  (comments)
```
2019-09-13 04:20:34 +01:00
scub
cf3b048230 Resolve gem dependencies across "supported" environments (#142) 2019-01-24 20:11:48 +01:00
Adam Mendlik
7245e1aa32 Add kitchen tests for FreeBSD 2017-04-21 12:00:22 -06:00
Adam Mendlik
b3fd60f016 Test using default permissions for ssh_config 2017-02-24 13:39:59 -07:00
Adam Mendlik
613bea2cac Add variables for file owner and mode 2017-02-23 14:56:22 -07:00
Adam Mendlik
14cc19c941 Add test-kitchen configuration 2017-02-23 14:04:27 -07:00