Commit Graph

181 Commits

Author SHA1 Message Date
Daniel Dehennin
1be0d8725a feat(map): use targeting like syntax for configuration
The `config_get_lookup` and `config_get` sources lack flexibility.

It's not easy to query several pillars and/or grains keys with the
actual system. And the query method is forced to `config.get` without
being configurable by the user.

We define a mechanism to select `map.jinja` sources with similar
notation as the salt targeting system.

The `map.jinja` file uses several sources where to lookup parameter
values. The list of sources can be modified by two files:

1. a global salt://parameters/map_jinja.yaml
2. a per formula salt://{{ tplroot }}/parameters/map_jinja.yaml.

Each source definition has the form `<TYPE>:<OPTION>@<KEY>` where
`<TYPE>` can be one of:

- `Y` to load values from YAML files, this is the default when no type
  is defined
- `C` to lookup values with `config.get`
- `G` to lookup values with `grains.get`
- `I` to lookup values with `pillar.get`

The YAML type option can define the query method to lookup the key
value to build the file name:

- `C` to query with `config.get`, this is the default when to query
  method is defined
- `G` to query with `grains.get`
- `I` to query with `pillar.get`

The `C`, `G` or `I` types can define the `SUB` option to store values
in the sub key `mapdata.<key>` instead of directly in `mapdata`.

Finally, the `<KEY>` describe what to lookup to either build the YAML
filename or gather values using one of the query method.

BREAKING CHANGE: the configuration `map_jinja:sources` is only
                 configurable with `salt://parameters/map_jinja.yaml`
		 and `salt://{{ tplroot }}/parameters/map_jinja.yaml`

BREAKING CHANGE: the `map_jinja:config_get_roots` is replaced by
                 compound like `map_jinja:sources`

BREAKING CHANGE: the two `config_get_lookup` and `config_get` are
                 replaced by `C@<tplroot>:lookup` and `C@<tplroot>`
		 sources
2021-01-11 17:31:22 +01:00
Imran Iqbal
37597e5b12
refactor(map): use top-level values: key in map.jinja dumps
* Semi-automated using https://github.com/myii/ssf-formula/pull/284
2020-12-23 16:42:23 +00:00
Imran Iqbal
2bab68f5ff
test(map): standardise map.jinja verification
* Automated using https://github.com/myii/ssf-formula/pull/281
2020-12-22 00:43:03 +00:00
Daniel Dehennin
3845d5ff61 fix(map): path_join can be used only for local file access
On windows machines, the `path_join` build wrong URL by using
backslash as separator.

URL used for fileserver access must use only slashes `/`.
2020-08-21 16:00:56 +02:00
Daniel Dehennin
ad4385b077 feat(map): config.get lookups from configurable roots
We avoid compatibility break with user pillars by looking up
configuration values using `config.get` in configurable roots.

We provide a new parameter `map_jinja:config_get_roots` in the formula
`parameters/defaults.yaml`to retrives values not only from
`tplroot=openssh` but from `sshd_config` and `ssh_config` too.

We need to update the `_mapdata` reference files to include the new
`map_jinja:config_get_roots`.
2020-07-31 12:59:33 +02:00
Daniel Dehennin
df477b25c2 feat(map): update to v4 “map.jinja”
The `map.jinja` now exports a single variable called `mapdata`.

We extract the `openssh`, `sshd_config` and `ssh_config` from it to
minimize the changes to `.sls` files.
2020-07-31 10:54:40 +02:00
Daniel Dehennin
e4ab335077 feat(map): generate a YAML file to validate map.jinja
We provide a new `_mapdata` state which generate a
`/tmp/salt_mapdata_dump.yaml` to be validated by `Inspec`.
2020-07-30 22:05:24 +02:00
Daniel Dehennin
b2d38aec9b fix(jinja): omit_ip_address don't work on some platform
It apprears that the

  `if not (omit_ip_address is sameas true or host in omit_ip_address)`

always returns `True` on older Jinja platforms:

- default-ubuntu-1604-3000-3-py2
- default-ubuntu-1604-2019-2-py3
- default-amazonlinux-1-2019-2-py2

Each part of the `or` conditional need to be surrounded by parenthesis.
2020-07-30 12:25:34 +02:00
Daniel Dehennin
0b667cbcf5 fix(known_hosts): dig package does not install on Arch
The conditionnal on `ensure dig is available` does not work on Arch
since the `which` command does not exists. As the `pkg.installed`
state is idempotent, we don't need an extra check which depends on the
environment.

The `dig` utility is provided by `bind` on Arch and no more by
`bind-tools`.
2020-07-21 11:49:22 +02:00
Daniel Dehennin
7a1f6199d0 fix(jinja): encode context as json
Or with python2 the template are generated with `u'<string>'`.
2020-07-20 16:28:22 +02:00
Imran Iqbal
9d8228d9db style(libtofs.jinja): use Black-inspired Jinja formatting [skip ci]
* Automated using https://github.com/myii/ssf-formula/pull/237
2020-07-19 23:27:51 +01:00
Daniel Dehennin
cb6e48feaa feat(templates): don't get openssh pillars in templates
We pass the pillars via the template engine context, this avoid the
need to load `map.jinja` from the templates themselves and recude the
number of `pillar.get` calls.

* openssh/config.sls (sshd_config): pass `sshd_config` in the
  context.
  (ssh_config): pass `ssh_config` in the context.

* openssh/files/default/ssh_config: remove `map.jinja` import since
  it's now in the context.

* openssh/files/default/sshd_config: ditoo.

* openssh/known_hosts.sls: pass `known_hosts` in the context.

* openssh/files/default/ssh_known_hosts: use `known_hosts` from the
  context instead of calling `pillar.get` several times.

BREAKING CHANGE: Minimum Salt version support is now `2019.2` in line
with official upstream support; also use of the `traverse` Jinja filter.
2020-07-17 10:48:32 +02:00
James Howe
c7777c74b2
fix(config_ini): stop failing after the first application
The module is called `ini_manage` but the state prefix is `ini`.
2020-06-04 17:58:24 +01:00
James Howe
b26b99d3d0
fix(config_ini): ensure the tab replacement happens before the edit
Otherwise #162 can still happen
2020-06-04 16:48:43 +01:00
Imran Iqbal
053b7879fd fix(libtofs): “files_switch” mess up the variable exported by “map.jinja” [skip ci]
* Checked using https://github.com/myii/ssf-formula/pull/131
2020-02-14 19:10:18 +00:00
alxwr
ea221ab52b feat(ssh_known_hosts): allow to omit IP addresses 2020-01-20 18:44:46 +00:00
Imran Iqbal
55560a6916
fix(map.jinja): fix salt-lint errors
```bash
Examining openssh/map.jinja of type state
[209] Jinja comment should have spaces before and after: {# comment #}
openssh/map.jinja:4
{## Start imports as  ##}

[209] Jinja comment should have spaces before and after: {# comment #}
openssh/map.jinja:19
{## merge the openssh pillar ##}
```
2019-10-09 15:01:26 +01:00
Imran Iqbal
7e35335613
fix(config.sls): fix salt-lint errors
```bash
Examining openssh/config.sls of type state
[210] Numbers that start with `0` should always be encapsulated in quotation marks
openssh/config.sls:103
    - mode: 0600
```
2019-10-09 15:01:26 +01:00
Imran Iqbal
6300ddf76c
feat(semantic-release): implement for this formula
* Close #165
* Move existing `.kitchen.yml` => `kitchen.vagrant.yml`
* Semi-automated using https://github.com/myii/ssf-formula/pull/30
* Fix errors shown below:

```bash
openssh-formula$ yamllint -s .
./pillar.example
  49:3      error    duplication of key "AllowUsers" in mapping  (key-duplicates)
  57:3      error    duplication of key "DenyUsers" in mapping  (key-duplicates)
  63:3      error    duplication of key "AllowGroups" in mapping  (key-duplicates)
  70:3      error    duplication of key "DenyGroups" in mapping  (key-duplicates)
  79:24     warning  truthy value should be one of [false, true]  (truthy)
  80:29     warning  truthy value should be one of [false, true]  (truthy)
  118:4     warning  missing starting space in comment  (comments)
  119:4     warning  missing starting space in comment  (comments)
  119:89    error    line too long (122 > 88 characters)  (line-length)
  120:4     warning  missing starting space in comment  (comments)
  120:89    error    line too long (144 > 88 characters)  (line-length)
  147:30    warning  truthy value should be one of [false, true]  (truthy)
  148:21    warning  truthy value should be one of [false, true]  (truthy)
  149:19    warning  truthy value should be one of [false, true]  (truthy)
  150:32    warning  truthy value should be one of [false, true]  (truthy)
  151:26    warning  truthy value should be one of [false, true]  (truthy)
  152:31    warning  truthy value should be one of [false, true]  (truthy)
  153:32    warning  truthy value should be one of [false, true]  (truthy)
  154:29    warning  truthy value should be one of [false, true]  (truthy)
  155:34    warning  truthy value should be one of [false, true]  (truthy)
  175:8     warning  missing starting space in comment  (comments)
  175:89    error    line too long (152 > 88 characters)  (line-length)
  176:8     warning  missing starting space in comment  (comments)
  176:89    error    line too long (126 > 88 characters)  (line-length)
  177:8     warning  missing starting space in comment  (comments)
  177:89    error    line too long (148 > 88 characters)  (line-length)
  213:18    warning  truthy value should be one of [false, true]  (truthy)
  219:18    warning  truthy value should be one of [false, true]  (truthy)
  225:18    warning  truthy value should be one of [false, true]  (truthy)
  241:22    warning  truthy value should be one of [false, true]  (truthy)
  243:22    warning  truthy value should be one of [false, true]  (truthy)
  244:20    warning  truthy value should be one of [false, true]  (truthy)
  245:21    warning  truthy value should be one of [false, true]  (truthy)
  254:24    warning  truthy value should be one of [false, true]  (truthy)
  255:22    warning  truthy value should be one of [false, true]  (truthy)
  256:23    warning  truthy value should be one of [false, true]  (truthy)
  265:22    warning  truthy value should be one of [false, true]  (truthy)
  268:21    warning  truthy value should be one of [false, true]  (truthy)
  269:20    warning  truthy value should be one of [false, true]  (truthy)
  270:21    warning  truthy value should be one of [false, true]  (truthy)
  279:26    warning  truthy value should be one of [false, true]  (truthy)
  280:24    warning  truthy value should be one of [false, true]  (truthy)
  281:25    warning  truthy value should be one of [false, true]  (truthy)
  307:16    warning  truthy value should be one of [false, true]  (truthy)
  308:6     warning  missing starting space in comment  (comments)
  314:6     warning  missing starting space in comment  (comments)
  316:24    warning  truthy value should be one of [false, true]  (truthy)
  339:89    error    line too long (546 > 88 characters)  (line-length)
  340:89    error    line too long (546 > 88 characters)  (line-length)
  341:89    error    line too long (546 > 88 characters)  (line-length)
  342:89    error    line too long (546 > 88 characters)  (line-length)
  344:4     warning  missing starting space in comment  (comments)
  345:4     warning  missing starting space in comment  (comments)
  357:19    warning  truthy value should be one of [false, true]  (truthy)

./openssh/osfamilymap.yaml
  1:1       warning  missing document start "---"  (document-start)

./openssh/osfingermap.yaml
  1:1       warning  missing document start "---"  (document-start)

./openssh/osmap.yaml
  1:1       warning  missing document start "---"  (document-start)

./openssh/defaults.yaml
  1:1       warning  missing document start "---"  (document-start)
  3:18      warning  truthy value should be one of [false, true]  (truthy)
  6:34      warning  too few spaces before comment  (comments)
  10:25     warning  truthy value should be one of [false, true]  (truthy)
  12:32     warning  too few spaces before comment  (comments)
  16:24     warning  truthy value should be one of [false, true]  (truthy)
  18:24     warning  too few spaces before comment  (comments)
  20:42     warning  too few spaces before comment  (comments)
  27:6      warning  missing starting space in comment  (comments)
```
2019-09-13 04:20:34 +01:00
Imran Iqbal
f6dbca3352
fix: complete PR #164
* Use consistent Jinja whitespace control `{%- ... -}`
* Improve debug output (comments & whitespace control)
* Use exact state names with TOFS `files_switch`
* Add `ssh_known_hosts_src` to `defaults` (for consistency)
* Restrict `pillar.example` changes to TOFS only
* Use `fire_banner` in `pillar.example` to indicate available template
2019-07-04 01:42:19 +01:00
nb
a47596f15a feat(TOFS): ssh sshd configs known_host and banner 2019-07-01 14:46:46 +11:00
Imran Iqbal
14966e9a09 fix(config_ini): convert tabs to single space to prevent false +ves (#163)
* Fix #162
* Check for any number of tabs after the keyword
* If found, replace them by a single space to match the `separator` used
  in the `ini_options.present` state
2019-06-23 14:33:54 +02:00
Meng Chen
3e01ad816a Remove duplicated pillar.get calls to retrieve the sshd_config and ssh_config pillars 2019-05-25 01:52:33 +02:00
chenmen
463ad69d92 reuse sshd_config from map (#160)
remove duplicated 'pillar.get' calls to retrieve the sshd_config and ssh_config pillars.
2019-04-27 09:13:48 +02:00
alxwr
b5ac5e0b74
Merge pull request #152 from polymeter/remove_by_source
Allow removing keys based on source file.
2019-04-09 21:02:44 +02:00
Robin Elfrink
c3c2472562 Fix fetching default ssh_config.
Closes #153.
2019-02-27 14:10:02 +01:00
Manuel Webersen
29f7d71426 Allow removing keys based on source file. 2019-02-26 13:36:55 +01:00
Imran Iqbal
3715cd601c
Merge pull request #151 from alxwr/issue-98
CentOS does not support ed25519; fixes #98
2019-02-18 20:49:38 +00:00
alxwr
3f9876fc40 ssh_config: properly render host options (#149)
* ssh_config: properly render host options (fixes #145)

* ssh_config: whitespace optimization (fixes #145)
2019-02-12 21:31:49 +01:00
alxwr
d9653889fa removed deprecated options (#150) 2019-02-12 21:25:41 +01:00
Alexander Weidinger
29b89f0fb9 map.jinja: replace defaults.merge with grains.filter_by 2019-02-12 19:11:46 +01:00
Alexander Weidinger
0c6a353969 Fix map.jinja: openssh:lookup is not used anyways 2019-02-12 19:02:57 +01:00
Alexander Weidinger
f53ccccd3f CentOS does not support ed25519; fixes #98 2019-02-12 14:55:15 +01:00
Alexander Weidinger
4b84dead8e Made host key algos configurable; dropped DSA 2019-02-12 14:55:15 +01:00
Alexander Weidinger
54dde36e53 split map.jinja according to template-formula 2019-02-12 14:55:15 +01:00
Peter Hudec
ea755686e3 updated openssh/config.sls 2018-10-10 14:06:14 +02:00
Peter Hudec
0232f5cbbc updated openssh/defaults.yaml 2018-10-10 14:05:26 +02:00
Jasper Lievisse Adriaanse
9845b1fddc Add support for Solaris; tested on SmartOS instance zone (#137) 2018-09-28 20:39:31 +02:00
N
131910d0ca
Merge pull request #136 from Perceptyx/master
Added Debian sftp subystem
2018-09-12 01:55:18 +01:00
reschl
ffafd2a2f5 Support package versions (#134)
added possibility to configure server version and client version
with pillar example
2018-09-03 16:42:39 +02:00
tmeneau
63ad14efb1 Fix invalid require_in sshd_config for key states
Change the require_ins used by the key management states in the
config.sls to be conditional based on whether the sshd_config
is managed by the formula

Fixes #130
2018-08-03 08:35:42 -04:00
alxwr
aa3da8f2c2 Pillar openssh.known_hosts_salt_ssh (#128)
* Pillar openssh.known_hosts_salt_ssh

* Dropped ill-named file

* Fixed aliasing of host names

* Improved pillar.example

* Opt-in to include localhost

* pillar/known_hosts_salt_ssh: clear cache in run()

* Dropped forgotten debugging output
2018-06-01 14:11:52 +02:00
Florian Ermisch
45763f54aa Add host keys from pillar[openssh:known_hosts:static] to ssh_known_hosts 2018-04-26 16:56:18 +02:00
Felipe Zipitría
6fbef86827
Add sftp subsystem debian (#3)
* Add map for debian
2018-04-25 17:48:47 -03:00
Niels Abspoel
b93448b5e6
Merge pull request #124 from arthurlogilab/123-add-ini-version-of-config
[openssh/config_ini] initial version of config_ini which uses ini state
2018-03-17 21:35:30 +01:00
Niels Abspoel
af9721a0f5 fix iteritems for python3 2018-03-10 16:35:57 +01:00
Raphaël Hertzog
6ccb9fc87d Replace deprecated "user" attribute by "runas" 2018-02-16 12:11:54 +01:00
Arthur Lutz
dcb70e5181 [openssh/config_ini] initial version of config_ini which uses ini state
closes #123
2018-02-15 17:43:13 +01:00
alxwr
73727bc218
Merge pull request #118 from Perceptyx/master
[FIX] When key is present override generating by any way
2017-12-29 04:02:08 +01:00
Mario Fritschen
e665450ed4 Changed expr_form to tgt_type for deprecation reasons. (#122) 2017-12-23 00:11:24 +01:00