Only `salt-ssh` can't use them actually.
* openssh/libsaltcli.jinja: detect non empty `opts['__cli']` as `api`.
* openssh/libmatchers.jinja: only `ssh` and `unknown` can't use
`config.get` options `merge` and `delimiter`.
The `config_get_lookup` and `config_get` sources lack flexibility.
It's not easy to query several pillars and/or grains keys with the
actual system. And the query method is forced to `config.get` without
being configurable by the user.
We define a mechanism to select `map.jinja` sources with similar
notation as the salt targeting system.
The `map.jinja` file uses several sources where to lookup parameter
values. The list of sources can be modified by two files:
1. a global salt://parameters/map_jinja.yaml
2. a per formula salt://{{ tplroot }}/parameters/map_jinja.yaml.
Each source definition has the form `<TYPE>:<OPTION>@<KEY>` where
`<TYPE>` can be one of:
- `Y` to load values from YAML files, this is the default when no type
is defined
- `C` to lookup values with `config.get`
- `G` to lookup values with `grains.get`
- `I` to lookup values with `pillar.get`
The YAML type option can define the query method to lookup the key
value to build the file name:
- `C` to query with `config.get`, this is the default when to query
method is defined
- `G` to query with `grains.get`
- `I` to query with `pillar.get`
The `C`, `G` or `I` types can define the `SUB` option to store values
in the sub key `mapdata.<key>` instead of directly in `mapdata`.
Finally, the `<KEY>` describe what to lookup to either build the YAML
filename or gather values using one of the query method.
BREAKING CHANGE: the configuration `map_jinja:sources` is only
configurable with `salt://parameters/map_jinja.yaml`
and `salt://{{ tplroot }}/parameters/map_jinja.yaml`
BREAKING CHANGE: the `map_jinja:config_get_roots` is replaced by
compound like `map_jinja:sources`
BREAKING CHANGE: the two `config_get_lookup` and `config_get` are
replaced by `C@<tplroot>:lookup` and `C@<tplroot>`
sources
We avoid compatibility break with user pillars by looking up
configuration values using `config.get` in configurable roots.
We provide a new parameter `map_jinja:config_get_roots` in the formula
`parameters/defaults.yaml`to retrives values not only from
`tplroot=openssh` but from `sshd_config` and `ssh_config` too.
We need to update the `_mapdata` reference files to include the new
`map_jinja:config_get_roots`.
The `map.jinja` now exports a single variable called `mapdata`.
We extract the `openssh`, `sshd_config` and `ssh_config` from it to
minimize the changes to `.sls` files.
It apprears that the
`if not (omit_ip_address is sameas true or host in omit_ip_address)`
always returns `True` on older Jinja platforms:
- default-ubuntu-1604-3000-3-py2
- default-ubuntu-1604-2019-2-py3
- default-amazonlinux-1-2019-2-py2
Each part of the `or` conditional need to be surrounded by parenthesis.
The conditionnal on `ensure dig is available` does not work on Arch
since the `which` command does not exists. As the `pkg.installed`
state is idempotent, we don't need an extra check which depends on the
environment.
The `dig` utility is provided by `bind` on Arch and no more by
`bind-tools`.
We pass the pillars via the template engine context, this avoid the
need to load `map.jinja` from the templates themselves and recude the
number of `pillar.get` calls.
* openssh/config.sls (sshd_config): pass `sshd_config` in the
context.
(ssh_config): pass `ssh_config` in the context.
* openssh/files/default/ssh_config: remove `map.jinja` import since
it's now in the context.
* openssh/files/default/sshd_config: ditoo.
* openssh/known_hosts.sls: pass `known_hosts` in the context.
* openssh/files/default/ssh_known_hosts: use `known_hosts` from the
context instead of calling `pillar.get` several times.
BREAKING CHANGE: Minimum Salt version support is now `2019.2` in line
with official upstream support; also use of the `traverse` Jinja filter.
```bash
Examining openssh/map.jinja of type state
[209] Jinja comment should have spaces before and after: {# comment #}
openssh/map.jinja:4
{## Start imports as ##}
[209] Jinja comment should have spaces before and after: {# comment #}
openssh/map.jinja:19
{## merge the openssh pillar ##}
```
```bash
Examining openssh/config.sls of type state
[210] Numbers that start with `0` should always be encapsulated in quotation marks
openssh/config.sls:103
- mode: 0600
```
* Close#165
* Move existing `.kitchen.yml` => `kitchen.vagrant.yml`
* Semi-automated using https://github.com/myii/ssf-formula/pull/30
* Fix errors shown below:
```bash
openssh-formula$ yamllint -s .
./pillar.example
49:3 error duplication of key "AllowUsers" in mapping (key-duplicates)
57:3 error duplication of key "DenyUsers" in mapping (key-duplicates)
63:3 error duplication of key "AllowGroups" in mapping (key-duplicates)
70:3 error duplication of key "DenyGroups" in mapping (key-duplicates)
79:24 warning truthy value should be one of [false, true] (truthy)
80:29 warning truthy value should be one of [false, true] (truthy)
118:4 warning missing starting space in comment (comments)
119:4 warning missing starting space in comment (comments)
119:89 error line too long (122 > 88 characters) (line-length)
120:4 warning missing starting space in comment (comments)
120:89 error line too long (144 > 88 characters) (line-length)
147:30 warning truthy value should be one of [false, true] (truthy)
148:21 warning truthy value should be one of [false, true] (truthy)
149:19 warning truthy value should be one of [false, true] (truthy)
150:32 warning truthy value should be one of [false, true] (truthy)
151:26 warning truthy value should be one of [false, true] (truthy)
152:31 warning truthy value should be one of [false, true] (truthy)
153:32 warning truthy value should be one of [false, true] (truthy)
154:29 warning truthy value should be one of [false, true] (truthy)
155:34 warning truthy value should be one of [false, true] (truthy)
175:8 warning missing starting space in comment (comments)
175:89 error line too long (152 > 88 characters) (line-length)
176:8 warning missing starting space in comment (comments)
176:89 error line too long (126 > 88 characters) (line-length)
177:8 warning missing starting space in comment (comments)
177:89 error line too long (148 > 88 characters) (line-length)
213:18 warning truthy value should be one of [false, true] (truthy)
219:18 warning truthy value should be one of [false, true] (truthy)
225:18 warning truthy value should be one of [false, true] (truthy)
241:22 warning truthy value should be one of [false, true] (truthy)
243:22 warning truthy value should be one of [false, true] (truthy)
244:20 warning truthy value should be one of [false, true] (truthy)
245:21 warning truthy value should be one of [false, true] (truthy)
254:24 warning truthy value should be one of [false, true] (truthy)
255:22 warning truthy value should be one of [false, true] (truthy)
256:23 warning truthy value should be one of [false, true] (truthy)
265:22 warning truthy value should be one of [false, true] (truthy)
268:21 warning truthy value should be one of [false, true] (truthy)
269:20 warning truthy value should be one of [false, true] (truthy)
270:21 warning truthy value should be one of [false, true] (truthy)
279:26 warning truthy value should be one of [false, true] (truthy)
280:24 warning truthy value should be one of [false, true] (truthy)
281:25 warning truthy value should be one of [false, true] (truthy)
307:16 warning truthy value should be one of [false, true] (truthy)
308:6 warning missing starting space in comment (comments)
314:6 warning missing starting space in comment (comments)
316:24 warning truthy value should be one of [false, true] (truthy)
339:89 error line too long (546 > 88 characters) (line-length)
340:89 error line too long (546 > 88 characters) (line-length)
341:89 error line too long (546 > 88 characters) (line-length)
342:89 error line too long (546 > 88 characters) (line-length)
344:4 warning missing starting space in comment (comments)
345:4 warning missing starting space in comment (comments)
357:19 warning truthy value should be one of [false, true] (truthy)
./openssh/osfamilymap.yaml
1:1 warning missing document start "---" (document-start)
./openssh/osfingermap.yaml
1:1 warning missing document start "---" (document-start)
./openssh/osmap.yaml
1:1 warning missing document start "---" (document-start)
./openssh/defaults.yaml
1:1 warning missing document start "---" (document-start)
3:18 warning truthy value should be one of [false, true] (truthy)
6:34 warning too few spaces before comment (comments)
10:25 warning truthy value should be one of [false, true] (truthy)
12:32 warning too few spaces before comment (comments)
16:24 warning truthy value should be one of [false, true] (truthy)
18:24 warning too few spaces before comment (comments)
20:42 warning too few spaces before comment (comments)
27:6 warning missing starting space in comment (comments)
```
* Use consistent Jinja whitespace control `{%- ... -}`
* Improve debug output (comments & whitespace control)
* Use exact state names with TOFS `files_switch`
* Add `ssh_known_hosts_src` to `defaults` (for consistency)
* Restrict `pillar.example` changes to TOFS only
* Use `fire_banner` in `pillar.example` to indicate available template
* Fix#162
* Check for any number of tabs after the keyword
* If found, replace them by a single space to match the `separator` used
in the `ini_options.present` state
Change the require_ins used by the key management states in the
config.sls to be conditional based on whether the sshd_config
is managed by the formula
Fixes#130