We avoid compatibility break with user pillars by looking up
configuration values using `config.get` in configurable roots.
We provide a new parameter `map_jinja:config_get_roots` in the formula
`parameters/defaults.yaml`to retrives values not only from
`tplroot=openssh` but from `sshd_config` and `ssh_config` too.
We need to update the `_mapdata` reference files to include the new
`map_jinja:config_get_roots`.
The `map.jinja` now exports a single variable called `mapdata`.
We extract the `openssh`, `sshd_config` and `ssh_config` from it to
minimize the changes to `.sls` files.
We store validated `map.jinja` dump under the profile `files`
directory to access them with `inspec.profile.file('filename')` to
validate the content of the generated mapdata file.
The YAML files contain a value specific to each minion, its hostname,
so we use string format to expand `%{hostname}`.
The `default` inspec profile need to depends on `share` to access the
`system` and `salt_minion` libraries.
The `system.hostname` return the result of either `hostname -s` or
`hostnamectl --static` depending of the availability of each command.
The `system.platform` return a hash with tweaked `inspec.platform`
values:
- `system.platform[:family]` provides a family name for Arch
- `system.platform[:name]` modify `amazon` to `amazonlinux`
- `system.platform[:release]` tweak for Arch and Amazon Linux:
- `Arch` is always `base-later`
- `Amazon Linux` release `2018` became `1`
- `system.platform[:finger]` is just the concatenation of the name and
the first release number (except for Ubuntu which gives `20.04` for
example)
It apprears that the
`if not (omit_ip_address is sameas true or host in omit_ip_address)`
always returns `True` on older Jinja platforms:
- default-ubuntu-1604-3000-3-py2
- default-ubuntu-1604-2019-2-py3
- default-amazonlinux-1-2019-2-py2
Each part of the `or` conditional need to be surrounded by parenthesis.
The conditionnal on `ensure dig is available` does not work on Arch
since the `which` command does not exists. As the `pkg.installed`
state is idempotent, we don't need an extra check which depends on the
environment.
The `dig` utility is provided by `bind` on Arch and no more by
`bind-tools`.
# [1.0.0](https://github.com/saltstack-formulas/openssh-formula/compare/v0.43.3...v1.0.0) (2020-07-17)
### Continuous Integration
* **kitchen:** use `saltimages` Docker Hub where available [skip ci] ([bb1ac71](bb1ac71786))
### Features
* **templates:** don't get openssh pillars in templates ([cb6e48f](cb6e48feaa))
### BREAKING CHANGES
* **templates:** Minimum Salt version support is now `2019.2` in line
with official upstream support; also use of the `traverse` Jinja filter.
We pass the pillars via the template engine context, this avoid the
need to load `map.jinja` from the templates themselves and recude the
number of `pillar.get` calls.
* openssh/config.sls (sshd_config): pass `sshd_config` in the
context.
(ssh_config): pass `ssh_config` in the context.
* openssh/files/default/ssh_config: remove `map.jinja` import since
it's now in the context.
* openssh/files/default/sshd_config: ditoo.
* openssh/known_hosts.sls: pass `known_hosts` in the context.
* openssh/files/default/ssh_known_hosts: use `known_hosts` from the
context instead of calling `pillar.get` several times.
BREAKING CHANGE: Minimum Salt version support is now `2019.2` in line
with official upstream support; also use of the `traverse` Jinja filter.
