chore(gemfile.lock): update to latest gem versions (2022-W28) [skip ci]

* Automated using https://github.com/myii/ssf-formula/pull/454

.github/workflows/kitchen.vagrant.yml

@@ -0,0 +1,37 @@
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
+name: 'Kitchen Vagrant (FreeBSD & OpenBSD)'
+'on': ['push', 'pull_request']
+
+env:
+  KITCHEN_LOCAL_YAML: 'kitchen.vagrant.yml'
+
+jobs:
+  test:
+    runs-on: 'macos-10.15'
+    strategy:
+      fail-fast: false
+      matrix:
+        instance:
+          - default-freebsd-130-master-py3
+          - default-freebsd-123-master-py3
+          # - default-freebsd-130-3004-0-py3
+          # - default-freebsd-123-3004-0-py3
+          - default-openbsd-70-3003-3-py3
+    steps:
+      - name: 'Check out code'
+        uses: 'actions/checkout@v2'
+      - name: 'Set up Bundler cache'
+        uses: 'actions/cache@v1'
+        with:
+          path: 'vendor/bundle'
+          key: "${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }}"
+          restore-keys: "${{ runner.os }}-gems-"
+      - name: 'Run Bundler'
+        run: |
+          ruby --version
+          bundle config path vendor/bundle
+          bundle install --jobs 4 --retry 3
+      - name: 'Run Test Kitchen'
+        run: 'bundle exec kitchen verify ${{ matrix.instance }}'

.gitignore

@@ -91,6 +91,9 @@ celerybeat-schedule
 venv/
 ENV/
 
+# visual studio
+.vs/
+
 # Spyder project settings
 .spyderproject
 .spyproject
@@ -120,3 +123,12 @@ docs/*.md
 Dockerfile.*_*
 ignore/
 tmp/
+
+# `salt-formula` -- Vagrant Specific files
+.vagrant
+top.sls
+!test/salt/pillar/top.sls
+
+# `suricata-formula` -- Platform binaries
+*.rpm
+*.deb

.gitlab-ci.yml

@@ -0,0 +1,212 @@
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
+###############################################################################
+# Define all YAML node anchors
+###############################################################################
+.node_anchors:
+  # `only` (also used for `except` where applicable)
+  only_branch_master_parent_repo: &only_branch_master_parent_repo
+    - 'master@saltstack-formulas/openssh-formula'
+  # `stage`
+  stage_lint: &stage_lint 'lint'
+  stage_release: &stage_release 'release'
+  stage_test: &stage_test 'test'
+  # `image`
+  image_commitlint: &image_commitlint 'myii/ssf-commitlint:11'
+  image_dindruby: &image_dindruby 'myii/ssf-dind-ruby:2.7.1-r3'
+  image_precommit: &image_precommit
+    name: 'myii/ssf-pre-commit:2.9.2'
+    entrypoint: ['/bin/bash', '-c']
+  image_rubocop: &image_rubocop 'pipelinecomponents/rubocop:latest'
+  image_semantic-release: &image_semanticrelease 'myii/ssf-semantic-release:15.14'
+  # `services`
+  services_docker_dind: &services_docker_dind
+    - 'docker:dind'
+  # `variables`
+  # https://forum.gitlab.com/t/gitlab-com-ci-caching-rubygems/5627/3
+  # https://bundler.io/v1.16/bundle_config.html
+  variables_bundler: &variables_bundler
+    BUNDLE_CACHE_PATH: '${CI_PROJECT_DIR}/.cache/bundler'
+    BUNDLE_WITHOUT: 'production'
+  # `cache`
+  cache_bundler: &cache_bundler
+    key: '${CI_JOB_STAGE}'
+    paths:
+      - '${BUNDLE_CACHE_PATH}'
+
+###############################################################################
+# Define stages and global variables
+###############################################################################
+stages:
+  - *stage_lint
+  - *stage_test
+  - *stage_release
+variables:
+  DOCKER_DRIVER: 'overlay2'
+
+###############################################################################
+# `lint` stage: `commitlint`, `pre-commit` & `rubocop` (latest, failure allowed)
+###############################################################################
+commitlint:
+  stage: *stage_lint
+  image: *image_commitlint
+  script:
+    # Add `upstream` remote to get access to `upstream/master`
+    - 'git remote add upstream
+       https://gitlab.com/saltstack-formulas/openssh-formula.git'
+    - 'git fetch --all'
+    # Set default commit hashes for `--from` and `--to`
+    - 'export COMMITLINT_FROM="$(git merge-base upstream/master HEAD)"'
+    - 'export COMMITLINT_TO="${CI_COMMIT_SHA}"'
+    # `coqbot` adds a merge commit to test PRs on top of the latest commit in
+    # the repo; amend this merge commit message to avoid failure
+    - |
+      if [ "${GITLAB_USER_LOGIN}" = "coqbot" ] \
+      && [ "${CI_COMMIT_BRANCH}" != "master" ]; then
+        git commit --amend -m \
+          'chore: reword coqbot merge commit message for commitlint'
+        export COMMITLINT_TO=HEAD
+      fi
+    # Run `commitlint`
+    - 'commitlint --from "${COMMITLINT_FROM}"
+                  --to   "${COMMITLINT_TO}"
+                  --verbose'
+
+pre-commit:
+  stage: *stage_lint
+  image: *image_precommit
+  # https://pre-commit.com/#gitlab-ci-example
+  variables:
+    PRE_COMMIT_HOME: '${CI_PROJECT_DIR}/.cache/pre-commit'
+  cache:
+    key: '${CI_JOB_NAME}'
+    paths:
+      - '${PRE_COMMIT_HOME}'
+  script:
+    - 'pre-commit run --all-files --color always --verbose'
+
+# Use a separate job for `rubocop` other than the one potentially run by `pre-commit`
+# - The `pre-commit` check will only be available for formulas that pass the default
+#   `rubocop` check -- and must continue to do so
+# - This job is allowed to fail, so can be used for all formulas
+# - Furthermore, this job uses all of the latest `rubocop` features & cops,
+#   which will help when upgrading the `rubocop` linter used in `pre-commit`
+rubocop:
+  allow_failure: true
+  stage: *stage_lint
+  image: *image_rubocop
+  script:
+    - 'rubocop -d -P -S --enable-pending-cops'
+
+###############################################################################
+# Define `test` template
+###############################################################################
+.test_instance: &test_instance
+  stage: *stage_test
+  image: *image_dindruby
+  services: *services_docker_dind
+  variables: *variables_bundler
+  cache: *cache_bundler
+  before_script:
+    # TODO: This should work from the env vars above automatically
+    - 'bundle config set path "${BUNDLE_CACHE_PATH}"'
+    - 'bundle config set without "${BUNDLE_WITHOUT}"'
+    - 'bundle install'
+  script:
+    # Alternative value to consider: `${CI_JOB_NAME}`
+    - 'bin/kitchen verify "${DOCKER_ENV_CI_JOB_NAME}"'
+
+###############################################################################
+# Define `test` template (`allow_failure: true`)
+###############################################################################
+.test_instance_failure_permitted:
+  <<: *test_instance
+  allow_failure: true
+
+###############################################################################
+# `test` stage: each instance below uses the `test` template above
+###############################################################################
+## Define the rest of the matrix based on Kitchen testing
+# Make sure the instances listed below match up with
+# the `platforms` defined in `kitchen.yml`
+# yamllint disable rule:line-length
+# default-debian-11-tiamat-py3: {extends: '.test_instance'}
+# default-debian-10-tiamat-py3: {extends: '.test_instance'}
+# default-debian-9-tiamat-py3: {extends: '.test_instance'}
+# default-ubuntu-2204-tiamat-py3: {extends: '.test_instance_failure_permitted'}
+# default-ubuntu-2004-tiamat-py3: {extends: '.test_instance'}
+# default-ubuntu-1804-tiamat-py3: {extends: '.test_instance'}
+# default-centos-stream8-tiamat-py3: {extends: '.test_instance_failure_permitted'}
+# default-centos-7-tiamat-py3: {extends: '.test_instance'}
+# default-amazonlinux-2-tiamat-py3: {extends: '.test_instance'}
+# default-oraclelinux-8-tiamat-py3: {extends: '.test_instance'}
+# default-oraclelinux-7-tiamat-py3: {extends: '.test_instance'}
+# default-almalinux-8-tiamat-py3: {extends: '.test_instance'}
+# default-rockylinux-8-tiamat-py3: {extends: '.test_instance'}
+default-debian-11-master-py3: {extends: '.test_instance'}
+default-debian-10-master-py3: {extends: '.test_instance'}
+default-debian-9-master-py3: {extends: '.test_instance'}
+default-ubuntu-2204-master-py3: {extends: '.test_instance_failure_permitted'}
+default-ubuntu-2004-master-py3: {extends: '.test_instance'}
+default-ubuntu-1804-master-py3: {extends: '.test_instance'}
+default-centos-stream8-master-py3: {extends: '.test_instance_failure_permitted'}
+default-centos-7-master-py3: {extends: '.test_instance'}
+default-fedora-36-master-py3: {extends: '.test_instance_failure_permitted'}
+default-fedora-35-master-py3: {extends: '.test_instance'}
+default-opensuse-leap-153-master-py3: {extends: '.test_instance'}
+default-opensuse-tmbl-latest-master-py3: {extends: '.test_instance_failure_permitted'}
+default-amazonlinux-2-master-py3: {extends: '.test_instance'}
+default-oraclelinux-8-master-py3: {extends: '.test_instance'}
+default-oraclelinux-7-master-py3: {extends: '.test_instance'}
+default-arch-base-latest-master-py3: {extends: '.test_instance'}
+default-gentoo-stage3-latest-master-py3: {extends: '.test_instance'}
+default-gentoo-stage3-systemd-master-py3: {extends: '.test_instance'}
+default-almalinux-8-master-py3: {extends: '.test_instance'}
+default-rockylinux-8-master-py3: {extends: '.test_instance'}
+# default-debian-11-3004-1-py3: {extends: '.test_instance'}
+# default-debian-10-3004-1-py3: {extends: '.test_instance'}
+# default-debian-9-3004-1-py3: {extends: '.test_instance'}
+# default-ubuntu-2204-3004-1-py3: {extends: '.test_instance_failure_permitted'}
+# default-ubuntu-2004-3004-1-py3: {extends: '.test_instance'}
+# default-ubuntu-1804-3004-1-py3: {extends: '.test_instance'}
+# default-centos-stream8-3004-1-py3: {extends: '.test_instance_failure_permitted'}
+# default-centos-7-3004-1-py3: {extends: '.test_instance'}
+# default-fedora-36-3004-1-py3: {extends: '.test_instance_failure_permitted'}
+# default-fedora-35-3004-1-py3: {extends: '.test_instance'}
+# default-amazonlinux-2-3004-1-py3: {extends: '.test_instance'}
+# default-oraclelinux-8-3004-1-py3: {extends: '.test_instance'}
+# default-oraclelinux-7-3004-1-py3: {extends: '.test_instance'}
+# default-arch-base-latest-3004-1-py3: {extends: '.test_instance'}
+# default-gentoo-stage3-latest-3004-1-py3: {extends: '.test_instance'}
+# default-gentoo-stage3-systemd-3004-1-py3: {extends: '.test_instance'}
+# default-almalinux-8-3004-1-py3: {extends: '.test_instance'}
+# default-rockylinux-8-3004-1-py3: {extends: '.test_instance'}
+# default-opensuse-leap-153-3004-0-py3: {extends: '.test_instance'}
+# default-opensuse-tmbl-latest-3004-0-py3: {extends: '.test_instance_failure_permitted'}
+# default-debian-10-3003-4-py3: {extends: '.test_instance'}
+# default-debian-9-3003-4-py3: {extends: '.test_instance'}
+# default-ubuntu-2004-3003-4-py3: {extends: '.test_instance'}
+# default-ubuntu-1804-3003-4-py3: {extends: '.test_instance'}
+# default-centos-stream8-3003-4-py3: {extends: '.test_instance_failure_permitted'}
+# default-centos-7-3003-4-py3: {extends: '.test_instance'}
+# default-amazonlinux-2-3003-4-py3: {extends: '.test_instance'}
+# default-oraclelinux-8-3003-4-py3: {extends: '.test_instance'}
+# default-oraclelinux-7-3003-4-py3: {extends: '.test_instance'}
+# default-almalinux-8-3003-4-py3: {extends: '.test_instance'}
+# yamllint enable rule:line-length
+
+###############################################################################
+# `release` stage: `semantic-release`
+###############################################################################
+semantic-release:
+  only: *only_branch_master_parent_repo
+  stage: *stage_release
+  image: *image_semanticrelease
+  variables:
+    MAINTAINER_TOKEN: '${GH_TOKEN}'
+  script:
+    # Update `AUTHORS.md`
+    - '${HOME}/go/bin/maintainer contributor'
+    # Run `semantic-release`
+    - 'semantic-release'

.pre-commit-config.yaml

@@ -0,0 +1,77 @@
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
+# See https://pre-commit.com for more information
+# See https://pre-commit.com/hooks.html for more hooks
+ci:
+  autofix_commit_msg: |
+    ci(pre-commit.ci): apply auto fixes from pre-commit.com hooks
+
+    For more information, see https://pre-commit.ci
+  autofix_prs: true
+  autoupdate_branch: ''
+  autoupdate_commit_msg: |
+    ci(pre-commit.ci): perform `pre-commit` autoupdate
+  autoupdate_schedule: quarterly
+  skip: []
+  submodules: false
+default_stages: [commit]
+repos:
+  - repo: https://github.com/dafyddj/commitlint-pre-commit-hook
+    rev: v2.3.0
+    hooks:
+      - id: commitlint
+        name: Check commit message using commitlint
+        description: Lint commit message against @commitlint/config-conventional rules
+        stages: [commit-msg]
+        additional_dependencies: ['@commitlint/config-conventional@8.3.4']
+      - id: commitlint-travis
+        stages: [manual]
+        additional_dependencies: ['@commitlint/config-conventional@8.3.4']
+        always_run: true
+  - repo: https://github.com/rubocop-hq/rubocop
+    rev: v1.30.1
+    hooks:
+      - id: rubocop
+        name: Check Ruby files with rubocop
+        args: [--debug]
+        always_run: true
+        pass_filenames: false
+  - repo: https://github.com/shellcheck-py/shellcheck-py
+    rev: v0.8.0.4
+    hooks:
+      - id: shellcheck
+        name: Check shell scripts with shellcheck
+        files: ^.*\.(sh|bash|ksh)$
+        types: []
+  - repo: https://github.com/adrienverge/yamllint
+    rev: v1.26.3
+    hooks:
+      - id: yamllint
+        name: Check YAML syntax with yamllint
+        args: [--strict, '.']
+        always_run: true
+        pass_filenames: false
+  - repo: https://github.com/warpnet/salt-lint
+    rev: v0.8.0
+    hooks:
+      - id: salt-lint
+        name: Check Salt files using salt-lint
+        files: ^.*\.(sls|jinja|j2|tmpl|tst)$
+  - repo: https://github.com/myint/rstcheck
+    rev: 3f929574
+    hooks:
+      - id: rstcheck
+        name: Check reST files using rstcheck
+        exclude: 'docs/CHANGELOG.rst'
+  - repo: https://github.com/saltstack-formulas/mirrors-rst-lint
+    rev: v1.3.2
+    hooks:
+      - id: rst-lint
+        name: Check reST files using rst-lint
+        exclude: |
+            (?x)^(
+                docs/CHANGELOG.rst|
+                docs/TOFS_pattern.rst|
+            )$
+        additional_dependencies: [pygments==2.9.0]

.rstcheck.cfg

@@ -0,0 +1,4 @@
+[rstcheck]
+report=info
+ignore_language=rst
+ignore_messages=(Duplicate (ex|im)plicit target.*|Hyperlink target ".*" is not referenced\.$)

.rubocop.yml

@@ -7,10 +7,17 @@ Layout/LineLength:
   # Based on https://github.com/PyCQA/flake8-bugbear#opinionated-warnings (`B950`)
   Max: 88
 Metrics/BlockLength:
-  ExcludedMethods:
+  IgnoredMethods:
     - control
     - describe
   # Increase from default of `25`
   Max: 30
+Security/YAMLLoad:
+  Exclude:
+    - test/integration/**/_mapdata.rb
+
+# General settings across all cops in this formula
+AllCops:
+  NewCops: enable
 
 # Any offenses that should be fixed, e.g. collected via. `rubocop --auto-gen-config`

.travis.yml

@@ -1,6 +1,15 @@
 # -*- coding: utf-8 -*-
 # vim: ft=yaml
 ---
+################################################################################
+# NOTE: This file is UNMAINTAINED; it is provided for references purposes only.
+#       No guarantees are tendered that this structure will work after 2020.
+################################################################################
+# * https://en.wikipedia.org/wiki/Travis_CI:
+#   - "... free open-source plans were removed in [sic] the end of 2020"
+#   - https://blog.travis-ci.com/2020-11-02-travis-ci-new-billing
+#   - https://ropensci.org/technotes/2020/11/19/moving-away-travis/
+################################################################################
 ## Machine config
 os: 'linux'
 arch: 'amd64'
@@ -22,8 +31,10 @@ script:
 ## Stages and jobs matrix
 stages:
   - test
-  - name: 'release'
+  # # As part of the switch away from Travis CI, ensure that the `release` stage
-    if: 'branch = master AND type != pull_request'
+  # # is not run inadvertently
+  # - name: 'release'
+  #   if: 'branch = master AND type != pull_request'
 jobs:
   include:
     ## Define the test stage that runs the linters (and testing matrix, if applicable)
@@ -55,40 +66,86 @@ jobs:
                    @commitlint/travis-cli
         - commitlint-travis
 
+    # Run `pre-commit` linters in a single job
+    - language: 'python'
+      env: 'Lint_pre-commit'
+      name: 'Lint: pre-commit'
+      before_install: 'skip'
+      cache:
+        directories:
+          - $HOME/.cache/pre-commit
+      script:
+        # Install and run `pre-commit`
+        - pip install pre-commit==2.7.1
+        - pre-commit run --all-files --color always --verbose
+        - pre-commit run --color always --hook-stage manual --verbose commitlint-travis
+
     ## Define the rest of the matrix based on Kitchen testing
     # Make sure the instances listed below match up with
     # the `platforms` defined in `kitchen.yml`
+    # - env: INSTANCE=default-debian-11-tiamat-py3
+    # - env: INSTANCE=default-debian-10-tiamat-py3
+    # - env: INSTANCE=default-debian-9-tiamat-py3
+    # - env: INSTANCE=default-ubuntu-2204-tiamat-py3
+    # - env: INSTANCE=default-ubuntu-2004-tiamat-py3
+    # - env: INSTANCE=default-ubuntu-1804-tiamat-py3
+    # - env: INSTANCE=default-centos-stream8-tiamat-py3
+    # - env: INSTANCE=default-centos-7-tiamat-py3
+    # - env: INSTANCE=default-amazonlinux-2-tiamat-py3
+    # - env: INSTANCE=default-oraclelinux-8-tiamat-py3
+    # - env: INSTANCE=default-oraclelinux-7-tiamat-py3
+    # - env: INSTANCE=default-almalinux-8-tiamat-py3
+    # - env: INSTANCE=default-rockylinux-8-tiamat-py3
+    - env: INSTANCE=default-debian-11-master-py3
     - env: INSTANCE=default-debian-10-master-py3
+    - env: INSTANCE=default-debian-9-master-py3
+    - env: INSTANCE=default-ubuntu-2204-master-py3
     - env: INSTANCE=default-ubuntu-2004-master-py3
-    # - env: INSTANCE=default-ubuntu-1804-master-py3
+    - env: INSTANCE=default-ubuntu-1804-master-py3
-    - env: INSTANCE=default-centos-8-master-py3
+    - env: INSTANCE=default-centos-stream8-master-py3
-    - env: INSTANCE=default-fedora-32-master-py3
+    - env: INSTANCE=default-centos-7-master-py3
-    # - env: INSTANCE=default-fedora-31-master-py3
+    - env: INSTANCE=default-fedora-36-master-py3
-    - env: INSTANCE=default-opensuse-leap-152-master-py3
+    - env: INSTANCE=default-fedora-35-master-py3
+    - env: INSTANCE=default-opensuse-leap-153-master-py3
+    - env: INSTANCE=default-opensuse-tmbl-latest-master-py3
     - env: INSTANCE=default-amazonlinux-2-master-py3
-    # - env: INSTANCE=default-debian-10-3000-3-py3
+    - env: INSTANCE=default-oraclelinux-8-master-py3
-    # - env: INSTANCE=default-debian-9-3000-3-py3
+    - env: INSTANCE=default-oraclelinux-7-master-py3
-    # - env: INSTANCE=default-ubuntu-1804-3000-3-py3
+    - env: INSTANCE=default-arch-base-latest-master-py3
-    # - env: INSTANCE=default-centos-8-3000-3-py3
+    - env: INSTANCE=default-gentoo-stage3-latest-master-py3
-    # - env: INSTANCE=default-centos-7-3000-3-py3
+    - env: INSTANCE=default-gentoo-stage3-systemd-master-py3
-    # - env: INSTANCE=default-fedora-31-3000-3-py3
+    - env: INSTANCE=default-almalinux-8-master-py3
-    # - env: INSTANCE=default-opensuse-leap-152-3000-3-py3
+    - env: INSTANCE=default-rockylinux-8-master-py3
-    # - env: INSTANCE=default-amazonlinux-2-3000-3-py3
+    # - env: INSTANCE=default-debian-11-3004-1-py3
-    # - env: INSTANCE=default-ubuntu-1804-3000-3-py2
+    # - env: INSTANCE=default-debian-10-3004-1-py3
-    # - env: INSTANCE=default-ubuntu-1604-3000-3-py2
+    # - env: INSTANCE=default-debian-9-3004-1-py3
-    # - env: INSTANCE=default-arch-base-latest-3000-3-py2
+    # - env: INSTANCE=default-ubuntu-2204-3004-1-py3
-    # - env: INSTANCE=default-debian-10-2019-2-py3
+    # - env: INSTANCE=default-ubuntu-2004-3004-1-py3
-    # - env: INSTANCE=default-debian-9-2019-2-py3
+    # - env: INSTANCE=default-ubuntu-1804-3004-1-py3
-    # - env: INSTANCE=default-ubuntu-1804-2019-2-py3
+    # - env: INSTANCE=default-centos-stream8-3004-1-py3
-    # - env: INSTANCE=default-ubuntu-1604-2019-2-py3
+    # - env: INSTANCE=default-centos-7-3004-1-py3
-    # - env: INSTANCE=default-centos-8-2019-2-py3
+    # - env: INSTANCE=default-fedora-36-3004-1-py3
-    # - env: INSTANCE=default-centos-7-2019-2-py3
+    # - env: INSTANCE=default-fedora-35-3004-1-py3
-    # - env: INSTANCE=default-fedora-31-2019-2-py3
+    # - env: INSTANCE=default-amazonlinux-2-3004-1-py3
-    # - env: INSTANCE=default-opensuse-leap-152-2019-2-py3
+    # - env: INSTANCE=default-oraclelinux-8-3004-1-py3
-    # - env: INSTANCE=default-amazonlinux-2-2019-2-py3
+    # - env: INSTANCE=default-oraclelinux-7-3004-1-py3
-    # - env: INSTANCE=default-centos-6-2019-2-py2
+    # - env: INSTANCE=default-arch-base-latest-3004-1-py3
-    # - env: INSTANCE=default-amazonlinux-1-2019-2-py2
+    # - env: INSTANCE=default-gentoo-stage3-latest-3004-1-py3
-    - env: INSTANCE=default-arch-base-latest-2019-2-py2
+    # - env: INSTANCE=default-gentoo-stage3-systemd-3004-1-py3
+    # - env: INSTANCE=default-almalinux-8-3004-1-py3
+    # - env: INSTANCE=default-rockylinux-8-3004-1-py3
+    # - env: INSTANCE=default-opensuse-leap-153-3004-0-py3
+    # - env: INSTANCE=default-opensuse-tmbl-latest-3004-0-py3
+    # - env: INSTANCE=default-debian-10-3003-4-py3
+    # - env: INSTANCE=default-debian-9-3003-4-py3
+    # - env: INSTANCE=default-ubuntu-2004-3003-4-py3
+    # - env: INSTANCE=default-ubuntu-1804-3003-4-py3
+    # - env: INSTANCE=default-centos-stream8-3003-4-py3
+    # - env: INSTANCE=default-centos-7-3003-4-py3
+    # - env: INSTANCE=default-amazonlinux-2-3003-4-py3
+    # - env: INSTANCE=default-oraclelinux-8-3003-4-py3
+    # - env: INSTANCE=default-oraclelinux-7-3003-4-py3
+    # - env: INSTANCE=default-almalinux-8-3003-4-py3
 
     ## Define the release stage that runs `semantic-release`
     - stage: 'release'

.yamllint

@@ -2,16 +2,25 @@
 # vim: ft=yaml
 ---
 # Extend the `default` configuration provided by `yamllint`
-extends: default
+extends: 'default'
 
 # Files to ignore completely
-# 1. All YAML files under directory `node_modules/`, introduced during the Travis run
+# 1. All YAML files under directory `.bundle/`, introduced if gems are installed locally
-# 2. Any SLS files under directory `test/`, which are actually state files
+# 2. All YAML files under directory `.cache/`, introduced during the CI run
-# 3. Any YAML files under directory `.kitchen/`, introduced during local testing
+# 3. All YAML files under directory `.git/`
+# 4. All YAML files under directory `node_modules/`, introduced during the CI run
+# 5. Any SLS files under directory `test/`, which are actually state files
+# 6. Any YAML files under directory `.kitchen/`, introduced during local testing
+# 7. `kitchen.vagrant.yml`, which contains Embedded Ruby (ERB) template syntax
 ignore: |
+  .bundle/
+  .cache/
+  .git/
   node_modules/
   test/**/states/**/*.sls
   .kitchen/
+  kitchen.vagrant.yml
+  test/salt/pillar/default.sls
 
 yaml-files:
   # Default settings

AUTHORS.md

@@ -4,77 +4,79 @@ This list is sorted by the number of commits per contributor in _descending_ ord
 
 Avatar|Contributor|Contributions
 :-:|---|:-:
-<img class='float-left rounded-1' src='https://avatars2.githubusercontent.com/u/10231489?v=4' width='36' height='36' alt='@myii'>|[@myii](https://github.com/myii)|72
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/10231489?v=4' width='36' height='36' alt='@myii'>|[@myii](https://github.com/myii)|165
-<img class='float-left rounded-1' src='https://avatars0.githubusercontent.com/u/1920805?v=4' width='36' height='36' alt='@alxwr'>|[@alxwr](https://github.com/alxwr)|38
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1920805?v=4' width='36' height='36' alt='@alxwr'>|[@alxwr](https://github.com/alxwr)|38
-<img class='float-left rounded-1' src='https://avatars2.githubusercontent.com/u/1396878?v=4' width='36' height='36' alt='@gravyboat'>|[@gravyboat](https://github.com/gravyboat)|28
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1233212?v=4' width='36' height='36' alt='@baby-gnu'>|[@baby-gnu](https://github.com/baby-gnu)|33
-<img class='float-left rounded-1' src='https://avatars0.githubusercontent.com/u/1800660?v=4' width='36' height='36' alt='@aboe76'>|[@aboe76](https://github.com/aboe76)|25
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1396878?v=4' width='36' height='36' alt='@gravyboat'>|[@gravyboat](https://github.com/gravyboat)|28
-<img class='float-left rounded-1' src='https://avatars0.githubusercontent.com/u/1233212?v=4' width='36' height='36' alt='@baby-gnu'>|[@baby-gnu](https://github.com/baby-gnu)|19
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1800660?v=4' width='36' height='36' alt='@aboe76'>|[@aboe76](https://github.com/aboe76)|25
-<img class='float-left rounded-1' src='https://avatars0.githubusercontent.com/u/3374962?v=4' width='36' height='36' alt='@nmadhok'>|[@nmadhok](https://github.com/nmadhok)|15
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/3374962?v=4' width='36' height='36' alt='@nmadhok'>|[@nmadhok](https://github.com/nmadhok)|15
-<img class='float-left rounded-1' src='https://avatars2.githubusercontent.com/u/91293?v=4' width='36' height='36' alt='@whiteinge'>|[@whiteinge](https://github.com/whiteinge)|9
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/91293?v=4' width='36' height='36' alt='@whiteinge'>|[@whiteinge](https://github.com/whiteinge)|9
-<img class='float-left rounded-1' src='https://avatars1.githubusercontent.com/u/8029478?v=4' width='36' height='36' alt='@rfairburn'>|[@rfairburn](https://github.com/rfairburn)|8
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/8029478?v=4' width='36' height='36' alt='@rfairburn'>|[@rfairburn](https://github.com/rfairburn)|8
-<img class='float-left rounded-1' src='https://avatars0.githubusercontent.com/u/6018668?v=4' width='36' height='36' alt='@amendlik'>|[@amendlik](https://github.com/amendlik)|8
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/6018668?v=4' width='36' height='36' alt='@amendlik'>|[@amendlik](https://github.com/amendlik)|8
-<img class='float-left rounded-1' src='https://avatars2.githubusercontent.com/u/941928?v=4' width='36' height='36' alt='@amontalban'>|[@amontalban](https://github.com/amontalban)|7
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/941928?v=4' width='36' height='36' alt='@amontalban'>|[@amontalban](https://github.com/amontalban)|7
-<img class='float-left rounded-1' src='https://avatars2.githubusercontent.com/u/242396?v=4' width='36' height='36' alt='@javierbertoli'>|[@javierbertoli](https://github.com/javierbertoli)|7
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/242396?v=4' width='36' height='36' alt='@javierbertoli'>|[@javierbertoli](https://github.com/javierbertoli)|7
-<img class='float-left rounded-1' src='https://avatars3.githubusercontent.com/u/897349?v=4' width='36' height='36' alt='@kennydo'>|[@kennydo](https://github.com/kennydo)|7
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/897349?v=4' width='36' height='36' alt='@kennydo'>|[@kennydo](https://github.com/kennydo)|7
-<img class='float-left rounded-1' src='https://avatars0.githubusercontent.com/u/17393048?v=4' width='36' height='36' alt='@ek9'>|[@ek9](https://github.com/ek9)|7
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/17393048?v=4' width='36' height='36' alt='@ek9'>|[@ek9](https://github.com/ek9)|7
-<img class='float-left rounded-1' src='https://avatars3.githubusercontent.com/u/6215293?v=4' width='36' height='36' alt='@0xf10e'>|[@0xf10e](https://github.com/0xf10e)|7
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/6215293?v=4' width='36' height='36' alt='@0xf10e'>|[@0xf10e](https://github.com/0xf10e)|7
-<img class='float-left rounded-1' src='https://avatars2.githubusercontent.com/u/642259?v=4' width='36' height='36' alt='@pepoluan'>|[@pepoluan](https://github.com/pepoluan)|5
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/642259?v=4' width='36' height='36' alt='@pepoluan'>|[@pepoluan](https://github.com/pepoluan)|5
-<img class='float-left rounded-1' src='https://avatars1.githubusercontent.com/u/10227523?v=4' width='36' height='36' alt='@llua'>|[@llua](https://github.com/llua)|5
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/10227523?v=4' width='36' height='36' alt='@llua'>|[@llua](https://github.com/llua)|5
-<img class='float-left rounded-1' src='https://avatars1.githubusercontent.com/u/528061?v=4' width='36' height='36' alt='@puneetk'>|[@puneetk](https://github.com/puneetk)|5
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/528061?v=4' width='36' height='36' alt='@puneetk'>|[@puneetk](https://github.com/puneetk)|5
-<img class='float-left rounded-1' src='https://avatars1.githubusercontent.com/u/3375654?v=4' width='36' height='36' alt='@nterupt'>|[@nterupt](https://github.com/nterupt)|4
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/3375654?v=4' width='36' height='36' alt='@nterupt'>|[@nterupt](https://github.com/nterupt)|4
-<img class='float-left rounded-1' src='https://avatars3.githubusercontent.com/u/10141454?v=4' width='36' height='36' alt='@mathieupotier'>|[@mathieupotier](https://github.com/mathieupotier)|4
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/10141454?v=4' width='36' height='36' alt='@mathieupotier'>|[@mathieupotier](https://github.com/mathieupotier)|4
-<img class='float-left rounded-1' src='https://avatars2.githubusercontent.com/u/1079875?v=4' width='36' height='36' alt='@bogdanr'>|[@bogdanr](https://github.com/bogdanr)|3
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1079875?v=4' width='36' height='36' alt='@bogdanr'>|[@bogdanr](https://github.com/bogdanr)|3
-<img class='float-left rounded-1' src='https://avatars1.githubusercontent.com/u/287147?v=4' width='36' height='36' alt='@techhat'>|[@techhat](https://github.com/techhat)|3
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/4195158?v=4' width='36' height='36' alt='@dafyddj'>|[@dafyddj](https://github.com/dafyddj)|3
-<img class='float-left rounded-1' src='https://avatars2.githubusercontent.com/u/13550?v=4' width='36' height='36' alt='@mikemol'>|[@mikemol](https://github.com/mikemol)|3
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/287147?v=4' width='36' height='36' alt='@techhat'>|[@techhat](https://github.com/techhat)|3
-<img class='float-left rounded-1' src='https://avatars2.githubusercontent.com/u/358074?v=4' width='36' height='36' alt='@pcdummy'>|[@pcdummy](https://github.com/pcdummy)|3
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/13550?v=4' width='36' height='36' alt='@mikemol'>|[@mikemol](https://github.com/mikemol)|3
-<img class='float-left rounded-1' src='https://avatars0.githubusercontent.com/u/507599?v=4' width='36' height='36' alt='@thatch45'>|[@thatch45](https://github.com/thatch45)|3
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/507599?v=4' width='36' height='36' alt='@thatch45'>|[@thatch45](https://github.com/thatch45)|3
-<img class='float-left rounded-1' src='https://avatars1.githubusercontent.com/u/117961?v=4' width='36' height='36' alt='@babilen5'>|[@babilen5](https://github.com/babilen5)|3
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/117961?v=4' width='36' height='36' alt='@babilen'>|[@babilen](https://github.com/babilen)|3
-<img class='float-left rounded-1' src='https://avatars3.githubusercontent.com/u/2061751?v=4' width='36' height='36' alt='@matthew-parlette'>|[@matthew-parlette](https://github.com/matthew-parlette)|3
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/2061751?v=4' width='36' height='36' alt='@matthew-parlette'>|[@matthew-parlette](https://github.com/matthew-parlette)|3
-<img class='float-left rounded-1' src='https://avatars1.githubusercontent.com/u/1013915?v=4' width='36' height='36' alt='@rhertzog'>|[@rhertzog](https://github.com/rhertzog)|3
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/13322818?v=4' width='36' height='36' alt='@noelmcloughlin'>|[@noelmcloughlin](https://github.com/noelmcloughlin)|3
-<img class='float-left rounded-1' src='https://avatars1.githubusercontent.com/u/36720?v=4' width='36' height='36' alt='@brot'>|[@brot](https://github.com/brot)|2
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1013915?v=4' width='36' height='36' alt='@rhertzog'>|[@rhertzog](https://github.com/rhertzog)|3
-<img class='float-left rounded-1' src='https://avatars3.githubusercontent.com/u/776662?v=4' width='36' height='36' alt='@carlosperello'>|[@carlosperello](https://github.com/carlosperello)|2
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/36720?v=4' width='36' height='36' alt='@brot'>|[@brot](https://github.com/brot)|2
-<img class='float-left rounded-1' src='https://avatars2.githubusercontent.com/u/114159?v=4' width='36' height='36' alt='@fpletz'>|[@fpletz](https://github.com/fpletz)|2
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/776662?v=4' width='36' height='36' alt='@carlosperello'>|[@carlosperello](https://github.com/carlosperello)|2
-<img class='float-left rounded-1' src='https://avatars2.githubusercontent.com/u/5255388?v=4' width='36' height='36' alt='@ingben'>|[@ingben](https://github.com/ingben)|2
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/114159?v=4' width='36' height='36' alt='@fpletz'>|[@fpletz](https://github.com/fpletz)|2
-<img class='float-left rounded-1' src='https://avatars2.githubusercontent.com/u/675056?v=4' width='36' height='36' alt='@OrangeDog'>|[@OrangeDog](https://github.com/OrangeDog)|2
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/5255388?v=4' width='36' height='36' alt='@ingben'>|[@ingben](https://github.com/ingben)|2
-<img class='float-left rounded-1' src='https://avatars3.githubusercontent.com/u/2285387?v=4' width='36' height='36' alt='@kyrias'>|[@kyrias](https://github.com/kyrias)|2
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/675056?v=4' width='36' height='36' alt='@OrangeDog'>|[@OrangeDog](https://github.com/OrangeDog)|2
-<img class='float-left rounded-1' src='https://avatars0.githubusercontent.com/u/924183?v=4' width='36' height='36' alt='@mschiff'>|[@mschiff](https://github.com/mschiff)|2
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/2285387?v=4' width='36' height='36' alt='@kyrias'>|[@kyrias](https://github.com/kyrias)|2
-<img class='float-left rounded-1' src='https://avatars2.githubusercontent.com/u/3768412?v=4' width='36' height='36' alt='@stp-ip'>|[@stp-ip](https://github.com/stp-ip)|2
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/924183?v=4' width='36' height='36' alt='@mschiff'>|[@mschiff](https://github.com/mschiff)|2
-<img class='float-left rounded-1' src='https://avatars1.githubusercontent.com/u/13322818?v=4' width='36' height='36' alt='@noelmcloughlin'>|[@noelmcloughlin](https://github.com/noelmcloughlin)|2
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/3768412?v=4' width='36' height='36' alt='@stp-ip'>|[@stp-ip](https://github.com/stp-ip)|2
-<img class='float-left rounded-1' src='https://avatars2.githubusercontent.com/u/299386?v=4' width='36' height='36' alt='@excavador'>|[@excavador](https://github.com/excavador)|2
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/299386?v=4' width='36' height='36' alt='@excavador'>|[@excavador](https://github.com/excavador)|2
-<img class='float-left rounded-1' src='https://avatars3.githubusercontent.com/u/4510160?v=4' width='36' height='36' alt='@hudecof'>|[@hudecof](https://github.com/hudecof)|2
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/4510160?v=4' width='36' height='36' alt='@hudecof'>|[@hudecof](https://github.com/hudecof)|2
-<img class='float-left rounded-1' src='https://avatars0.githubusercontent.com/u/1004111?v=4' width='36' height='36' alt='@freach'>|[@freach](https://github.com/freach)|2
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1004111?v=4' width='36' height='36' alt='@freach'>|[@freach](https://github.com/freach)|2
-<img class='float-left rounded-1' src='https://avatars2.githubusercontent.com/u/50891?v=4' width='36' height='36' alt='@westurner'>|[@westurner](https://github.com/westurner)|2
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1353637?v=4' width='36' height='36' alt='@stasjok'>|[@stasjok](https://github.com/stasjok)|2
-<img class='float-left rounded-1' src='https://avatars0.githubusercontent.com/u/228723?v=4' width='36' height='36' alt='@abednarik'>|[@abednarik](https://github.com/abednarik)|2
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/50891?v=4' width='36' height='36' alt='@westurner'>|[@westurner](https://github.com/westurner)|2
-<img class='float-left rounded-1' src='https://avatars1.githubusercontent.com/u/26563851?v=4' width='36' height='36' alt='@chenmen'>|[@chenmen](https://github.com/chenmen)|2
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/228723?v=4' width='36' height='36' alt='@abednarik'>|[@abednarik](https://github.com/abednarik)|2
-<img class='float-left rounded-1' src='https://avatars0.githubusercontent.com/u/850317?v=4' width='36' height='36' alt='@alanpearce'>|[@alanpearce](https://github.com/alanpearce)|1
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/26563851?v=4' width='36' height='36' alt='@chenmen'>|[@chenmen](https://github.com/chenmen)|2
-<img class='float-left rounded-1' src='https://avatars0.githubusercontent.com/u/445200?v=4' width='36' height='36' alt='@arthurlogilab'>|[@arthurlogilab](https://github.com/arthurlogilab)|1
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/850317?v=4' width='36' height='36' alt='@alanpearce'>|[@alanpearce](https://github.com/alanpearce)|1
-<img class='float-left rounded-1' src='https://avatars3.githubusercontent.com/u/1566437?v=4' width='36' height='36' alt='@bkmit'>|[@bkmit](https://github.com/bkmit)|1
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/445200?v=4' width='36' height='36' alt='@arthurlogilab'>|[@arthurlogilab](https://github.com/arthurlogilab)|1
-<img class='float-left rounded-1' src='https://avatars3.githubusercontent.com/u/20098965?v=4' width='36' height='36' alt='@brianholland99'>|[@brianholland99](https://github.com/brianholland99)|1
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1566437?v=4' width='36' height='36' alt='@bkmit'>|[@bkmit](https://github.com/bkmit)|1
-<img class='float-left rounded-1' src='https://avatars1.githubusercontent.com/u/20441?v=4' width='36' height='36' alt='@iggy'>|[@iggy](https://github.com/iggy)|1
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/20098965?v=4' width='36' height='36' alt='@brianholland99'>|[@brianholland99](https://github.com/brianholland99)|1
-<img class='float-left rounded-1' src='https://avatars1.githubusercontent.com/u/13131979?v=4' width='36' height='36' alt='@BT-dschleich'>|[@BT-dschleich](https://github.com/BT-dschleich)|1
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/20441?v=4' width='36' height='36' alt='@iggy'>|[@iggy](https://github.com/iggy)|1
-<img class='float-left rounded-1' src='https://avatars0.githubusercontent.com/u/3012076?v=4' width='36' height='36' alt='@fzipi'>|[@fzipi](https://github.com/fzipi)|1
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/13131979?v=4' width='36' height='36' alt='@BT-dschleich'>|[@BT-dschleich](https://github.com/BT-dschleich)|1
-<img class='float-left rounded-1' src='https://avatars0.githubusercontent.com/u/94157?v=4' width='36' height='36' alt='@imran1008'>|[@imran1008](https://github.com/imran1008)|1
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/3012076?v=4' width='36' height='36' alt='@fzipi'>|[@fzipi](https://github.com/fzipi)|1
-<img class='float-left rounded-1' src='https://avatars3.githubusercontent.com/u/637504?v=4' width='36' height='36' alt='@jasperla'>|[@jasperla](https://github.com/jasperla)|1
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/94157?v=4' width='36' height='36' alt='@imran1008'>|[@imran1008](https://github.com/imran1008)|1
-<img class='float-left rounded-1' src='https://avatars2.githubusercontent.com/u/350294?v=4' width='36' height='36' alt='@anderbubble'>|[@anderbubble](https://github.com/anderbubble)|1
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/637504?v=4' width='36' height='36' alt='@jasperla'>|[@jasperla](https://github.com/jasperla)|1
-<img class='float-left rounded-1' src='https://avatars0.githubusercontent.com/u/7613500?v=4' width='36' height='36' alt='@levlozhkin'>|[@levlozhkin](https://github.com/levlozhkin)|1
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/350294?v=4' width='36' height='36' alt='@anderbubble'>|[@anderbubble](https://github.com/anderbubble)|1
-<img class='float-left rounded-1' src='https://avatars0.githubusercontent.com/u/25535310?v=4' width='36' height='36' alt='@polymeter'>|[@polymeter](https://github.com/polymeter)|1
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/7613500?v=4' width='36' height='36' alt='@levlozhkin'>|[@levlozhkin](https://github.com/levlozhkin)|1
-<img class='float-left rounded-1' src='https://avatars3.githubusercontent.com/u/16899663?v=4' width='36' height='36' alt='@Mario-F'>|[@Mario-F](https://github.com/Mario-F)|1
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/25535310?v=4' width='36' height='36' alt='@polymeter'>|[@polymeter](https://github.com/polymeter)|1
-<img class='float-left rounded-1' src='https://avatars3.githubusercontent.com/u/2869?v=4' width='36' height='36' alt='@nigelsim'>|[@nigelsim](https://github.com/nigelsim)|1
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/16899663?v=4' width='36' height='36' alt='@Mario-F'>|[@Mario-F](https://github.com/Mario-F)|1
-<img class='float-left rounded-1' src='https://avatars2.githubusercontent.com/u/25389335?v=4' width='36' height='36' alt='@antifob'>|[@antifob](https://github.com/antifob)|1
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/2869?v=4' width='36' height='36' alt='@nigelsim'>|[@nigelsim](https://github.com/nigelsim)|1
-<img class='float-left rounded-1' src='https://avatars0.githubusercontent.com/u/1610802?v=4' width='36' height='36' alt='@robinelfrink'>|[@robinelfrink](https://github.com/robinelfrink)|1
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/25389335?v=4' width='36' height='36' alt='@antifob'>|[@antifob](https://github.com/antifob)|1
-<img class='float-left rounded-1' src='https://avatars2.githubusercontent.com/u/2377054?v=4' width='36' height='36' alt='@smlloyd'>|[@smlloyd](https://github.com/smlloyd)|1
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1610802?v=4' width='36' height='36' alt='@robinelfrink'>|[@robinelfrink](https://github.com/robinelfrink)|1
-<img class='float-left rounded-1' src='https://avatars1.githubusercontent.com/u/4156131?v=4' width='36' height='36' alt='@skylerberg'>|[@skylerberg](https://github.com/skylerberg)|1
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/2377054?v=4' width='36' height='36' alt='@smlloyd'>|[@smlloyd](https://github.com/smlloyd)|1
-<img class='float-left rounded-1' src='https://avatars3.githubusercontent.com/u/48949?v=4' width='36' height='36' alt='@tampakrap'>|[@tampakrap](https://github.com/tampakrap)|1
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/4156131?v=4' width='36' height='36' alt='@skylerberg'>|[@skylerberg](https://github.com/skylerberg)|1
-<img class='float-left rounded-1' src='https://avatars3.githubusercontent.com/u/566830?v=4' width='36' height='36' alt='@TJuberg'>|[@TJuberg](https://github.com/TJuberg)|1
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/48949?v=4' width='36' height='36' alt='@tampakrap'>|[@tampakrap](https://github.com/tampakrap)|1
-<img class='float-left rounded-1' src='https://avatars2.githubusercontent.com/u/1974659?v=4' width='36' height='36' alt='@tibold'>|[@tibold](https://github.com/tibold)|1
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/566830?v=4' width='36' height='36' alt='@TJuberg'>|[@TJuberg](https://github.com/TJuberg)|1
-<img class='float-left rounded-1' src='https://avatars3.githubusercontent.com/u/1277162?v=4' width='36' height='36' alt='@brandonparsons'>|[@brandonparsons](https://github.com/brandonparsons)|1
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1974659?v=4' width='36' height='36' alt='@tibold'>|[@tibold](https://github.com/tibold)|1
-<img class='float-left rounded-1' src='https://avatars0.githubusercontent.com/u/1406670?v=4' width='36' height='36' alt='@elfixit'>|[@elfixit](https://github.com/elfixit)|1
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/113170?v=4' width='36' height='36' alt='@TimJones'>|[@TimJones](https://github.com/TimJones)|1
-<img class='float-left rounded-1' src='https://avatars3.githubusercontent.com/u/10122937?v=4' width='36' height='36' alt='@ketzacoatl'>|[@ketzacoatl](https://github.com/ketzacoatl)|1
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1277162?v=4' width='36' height='36' alt='@brandonparsons'>|[@brandonparsons](https://github.com/brandonparsons)|1
-<img class='float-left rounded-1' src='https://avatars3.githubusercontent.com/u/15609251?v=4' width='36' height='36' alt='@omltorg'>|[@omltorg](https://github.com/omltorg)|1
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1406670?v=4' width='36' height='36' alt='@elfixit'>|[@elfixit](https://github.com/elfixit)|1
-<img class='float-left rounded-1' src='https://avatars0.githubusercontent.com/u/1721508?v=4' width='36' height='36' alt='@reschl'>|[@reschl](https://github.com/reschl)|1
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/10122937?v=4' width='36' height='36' alt='@ketzacoatl'>|[@ketzacoatl](https://github.com/ketzacoatl)|1
-<img class='float-left rounded-1' src='https://avatars0.githubusercontent.com/u/991850?v=4' width='36' height='36' alt='@scub'>|[@scub](https://github.com/scub)|1
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/15609251?v=4' width='36' height='36' alt='@omltorg'>|[@omltorg](https://github.com/omltorg)|1
-<img class='float-left rounded-1' src='https://avatars1.githubusercontent.com/u/8021992?v=4' width='36' height='36' alt='@tmeneau'>|[@tmeneau](https://github.com/tmeneau)|1
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1721508?v=4' width='36' height='36' alt='@reschl'>|[@reschl](https://github.com/reschl)|1
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/991850?v=4' width='36' height='36' alt='@scub'>|[@scub](https://github.com/scub)|1
+<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/8021992?v=4' width='36' height='36' alt='@tmeneau'>|[@tmeneau](https://github.com/tmeneau)|1
 
 ---
 
-Auto-generated by a [forked version](https://github.com/myii/maintainer) of [gaocegege/maintainer](https://github.com/gaocegege/maintainer) on 2020-08-26.
+Auto-generated by a [forked version](https://github.com/myii/maintainer) of [gaocegege/maintainer](https://github.com/gaocegege/maintainer) on 2022-02-21.

CHANGELOG.md

@@ -1,5 +1,193 @@
 # Changelog
 
+## [3.0.3](https://github.com/saltstack-formulas/openssh-formula/compare/v3.0.2...v3.0.3) (2022-02-21)
+
+
+### Bug Fixes
+
+* **libmapstack:** allow mapping by booleans and numbers ([40ba5a7](https://github.com/saltstack-formulas/openssh-formula/commit/40ba5a72c6476fa7deb4e73a01e78530da4c45d9))
+
+
+### Continuous Integration
+
+* update linters to latest versions [skip ci] ([81f97c0](https://github.com/saltstack-formulas/openssh-formula/commit/81f97c0457b7b30a6464c066fcb83ca77def9371))
+
+
+### Styles
+
+* **libsaltcli:** fix comments to jinja comments [skip ci] ([3416d94](https://github.com/saltstack-formulas/openssh-formula/commit/3416d94a36ab0c38942dba8d660652592f74a019))
+
+
+### Tests
+
+* **system:** add `build_platform_codename` [skip ci] ([aaa1828](https://github.com/saltstack-formulas/openssh-formula/commit/aaa1828f8683cb306b4532805d8095b095649af5))
+
+## [3.0.2](https://github.com/saltstack-formulas/openssh-formula/compare/v3.0.1...v3.0.2) (2022-02-03)
+
+
+### Bug Fixes
+
+* **libmatchers:** python client API can use `config.get` options ([560a5cc](https://github.com/saltstack-formulas/openssh-formula/commit/560a5ccbbc1c657fce621da945981cd0bd701879))
+
+
+### Code Refactoring
+
+* **map.jinja:** standardise v5 structure [skip ci] ([3162842](https://github.com/saltstack-formulas/openssh-formula/commit/3162842ec5531b72a28fff592e1b63d33aa2cd59))
+
+
+### Continuous Integration
+
+* **3003.1:** update inc. AlmaLinux, Rocky & `rst-lint` [skip ci] ([7190129](https://github.com/saltstack-formulas/openssh-formula/commit/719012908469f50e510779e1b82fb5605f54053a))
+* **freebsd:** update with latest pre-salted Vagrant boxes [skip ci] ([943cf17](https://github.com/saltstack-formulas/openssh-formula/commit/943cf1790370fa32d19f6e367510d513fc9cbbb6))
+* **gemfile:** allow rubygems proxy to be provided as an env var [skip ci] ([8b2cd1b](https://github.com/saltstack-formulas/openssh-formula/commit/8b2cd1b0e6a872928d2095170e9524274c9de3e2))
+* **gemfile+lock:** use `ssf` customised `inspec` repo [skip ci] ([e5d83f3](https://github.com/saltstack-formulas/openssh-formula/commit/e5d83f3f36152c57c6701fdb5d28b624830dc8e0))
+* **kitchen:** move `provisioner` block & update `run_command` [skip ci] ([1685782](https://github.com/saltstack-formulas/openssh-formula/commit/168578285aa3291c4cca775daae299aa0889f1d5))
+* **kitchen+ci:** update with `3004` pre-salted images/boxes [skip ci] ([e59160f](https://github.com/saltstack-formulas/openssh-formula/commit/e59160f8461386c148b8e61f43e4c3a0d0b89587))
+* **kitchen+ci:** update with latest `3003.2` pre-salted images [skip ci] ([d48bdde](https://github.com/saltstack-formulas/openssh-formula/commit/d48bdde2c6919d73a79301f46ec058668d413aac))
+* **kitchen+ci:** update with latest CVE pre-salted images [skip ci] ([5d4ed95](https://github.com/saltstack-formulas/openssh-formula/commit/5d4ed95572dbdb7b93c2ff3cafca71ed8a6a4034))
+* **kitchen+gitlab:** remove Ubuntu 16.04 & Fedora 32 (EOL) [skip ci] ([b7ddbb0](https://github.com/saltstack-formulas/openssh-formula/commit/b7ddbb0e186b74d5c9ae0abd75b187f08aab896e))
+* **kitchen+gitlab:** update for new pre-salted images [skip ci] ([eede9fa](https://github.com/saltstack-formulas/openssh-formula/commit/eede9fa54c84b92aab2f7c036e41f53df1389e0c))
+* **vagrant:** replace FreeBSD 12.2 with 12.3 [skip ci] ([5e8a886](https://github.com/saltstack-formulas/openssh-formula/commit/5e8a88631351c1621da415bc0decae808b9bfc1b))
+* add Debian 11 Bullseye & update `yamllint` configuration [skip ci] ([efb6799](https://github.com/saltstack-formulas/openssh-formula/commit/efb679941a6940b1e94a1b0b3fdbaa25ff3f5d12))
+* **vagrant:** add OpenBSD 6.9 [skip ci] ([fb78927](https://github.com/saltstack-formulas/openssh-formula/commit/fb789274811a3acce1589280137fab8dd78cd0d2))
+* add `arch-master` to matrix and update `.travis.yml` [skip ci] ([1af42b2](https://github.com/saltstack-formulas/openssh-formula/commit/1af42b215e96715f3ddeae13aab6fcbbcfd258b4))
+* **kitchen+gitlab:** adjust matrix to add `3003` [skip ci] ([c82927f](https://github.com/saltstack-formulas/openssh-formula/commit/c82927fbc8dd40aea584c6fbee2a5d08eac7c31e))
+* **vagrant:** add FreeBSD 13.0 [skip ci] ([7c69859](https://github.com/saltstack-formulas/openssh-formula/commit/7c698591c862c412894416f5037892f13f2ed514))
+* **vagrant:** use pre-salted boxes & conditional local settings [skip ci] ([531de16](https://github.com/saltstack-formulas/openssh-formula/commit/531de164b66ef66b66fadd2369ad302916131e39))
+
+
+### Documentation
+
+* **readme:** fix headings [skip ci] ([52abade](https://github.com/saltstack-formulas/openssh-formula/commit/52abade1821ba7afa1ed313ba9a4d8250283938b))
+
+
+### Tests
+
+* **_mapdata:** add verification file for `debian-11` [skip ci] ([42e17b2](https://github.com/saltstack-formulas/openssh-formula/commit/42e17b28712b3bf369ac4629b21705a54c5763d6))
+* **_mapdata:** add verification file for `fedora-34` [skip ci] ([3f6c4a0](https://github.com/saltstack-formulas/openssh-formula/commit/3f6c4a05acbf5b41b771b4a44a897e7353190efa))
+* **alma+rocky:** add platforms (based on CentOS 8) [skip ci] ([2dc565b](https://github.com/saltstack-formulas/openssh-formula/commit/2dc565b7c7a467b55e199e47e0d5fe4486360e34))
+* **default:** use `grains.get` for `oscodename` (for FreeBSD) [skip ci] ([aa8f9db](https://github.com/saltstack-formulas/openssh-formula/commit/aa8f9dbfd6e534e53557b4ae917a90951f8714ac))
+* **freebsd:** add `map.jinja` verification file (for 13.0) ([018a47c](https://github.com/saltstack-formulas/openssh-formula/commit/018a47cdd89dac21c05265db7cb5ee8ec9bd0ada))
+* **pillar:** add `ssh-rsa` Kitchen workaround on Arch Linux [skip ci] ([ecd62e4](https://github.com/saltstack-formulas/openssh-formula/commit/ecd62e45075c19bce13d42d88c9372c1a308699f))
+* **pillar:** add `ssh-rsa` Kitchen workaround on Gentoo [skip ci] ([d65ea55](https://github.com/saltstack-formulas/openssh-formula/commit/d65ea55d94d1cd314412daa6388eda080ab70725))
+* **pillar:** add platforms to `ssh-rsa` Kitchen workaround [skip ci] ([6260e85](https://github.com/saltstack-formulas/openssh-formula/commit/6260e852800a3a5481cc0df73a5f689a48599ea2))
+
+## [3.0.1](https://github.com/saltstack-formulas/openssh-formula/compare/v3.0.0...v3.0.1) (2021-03-26)
+
+
+### Bug Fixes
+
+* **openbsd:** fix `dig_pkg`, avoid `UsePAM` & add verification file ([2868560](https://github.com/saltstack-formulas/openssh-formula/commit/286856058ac1b7231cbd3455826a751963c3ca45))
+
+
+### Continuous Integration
+
+* enable Vagrant-based testing using GitHub Actions ([f1af455](https://github.com/saltstack-formulas/openssh-formula/commit/f1af45593d967c9ac734702fa31b922d28053d32))
+* **gemfile+lock:** use `ssf` customised `kitchen-docker` repo [skip ci] ([01512a0](https://github.com/saltstack-formulas/openssh-formula/commit/01512a0ec47b42ea41fcc949f59372b7e95e817c))
+* **kitchen+ci:** use latest pre-salted images (after CVE) [skip ci] ([79321be](https://github.com/saltstack-formulas/openssh-formula/commit/79321be76fa91234414dd53ea81ee0327276bafe))
+* **kitchen+gitlab-ci:** use latest pre-salted images [skip ci] ([c2a366f](https://github.com/saltstack-formulas/openssh-formula/commit/c2a366f9c721fc0956cd08c5e3f239a751be7a10))
+* **pre-commit:** update hook for `rubocop` [skip ci] ([ccb6a44](https://github.com/saltstack-formulas/openssh-formula/commit/ccb6a4487580eb75b3d735e7cfb398f2b8ebb316))
+
+
+### Documentation
+
+* **readme:** add `Testing with Vagrant` section ([2f8c31c](https://github.com/saltstack-formulas/openssh-formula/commit/2f8c31c66c56d7c7626c5193d7386cc280e16322))
+
+
+### Tests
+
+* **freebsd:** add `map.jinja` verification files (for 11.4 & 12.2) ([4c857fe](https://github.com/saltstack-formulas/openssh-formula/commit/4c857fe07156260a206c9d33c7a87ce60a324803))
+* standardise use of `share` suite & `_mapdata` state [skip ci] ([35a2124](https://github.com/saltstack-formulas/openssh-formula/commit/35a2124a43da14c8cb64040b0b5f2d1b4b7545fe))
+* **_mapdata:** add verification files for new platforms ([748eded](https://github.com/saltstack-formulas/openssh-formula/commit/748ededc7af79b792cac8fa01abcd20c8c27d8ed))
+* **share:** standardise with latest changes [skip ci] ([de969f1](https://github.com/saltstack-formulas/openssh-formula/commit/de969f10f1b22a86491f1b33d1d06eb7d721a980))
+
+# [3.0.0](https://github.com/saltstack-formulas/openssh-formula/compare/v2.0.6...v3.0.0) (2021-01-12)
+
+
+### Code Refactoring
+
+* **map:** compound matchers like parsing with `libmatchers` ([925c86e](https://github.com/saltstack-formulas/openssh-formula/commit/925c86ea698c68f684ba1645a58c88d688e6acc5))
+* **map:** load `defaults.jinja` configuration with `libmapstack` ([174bb68](https://github.com/saltstack-formulas/openssh-formula/commit/174bb68432366a449a8327a9dbb648271f123224))
+* **map:** load `map.jinja` configuration with `libmapstack` ([568bb7c](https://github.com/saltstack-formulas/openssh-formula/commit/568bb7ce4075ee376e8c49a45a1470d252f82ab9))
+* **map:** load formula configuration with `libmatchers` ([ff6b56c](https://github.com/saltstack-formulas/openssh-formula/commit/ff6b56c4a4e282f41ddfc8f379f95096fea0553f))
+
+
+### Documentation
+
+* **map:** document the new `map.jinja` with targeting like syntax ([7ecb24b](https://github.com/saltstack-formulas/openssh-formula/commit/7ecb24bdc1ff84ddac4c7c3e5d8d70c7512f4fb5))
+
+
+### Features
+
+* **map:** use targeting like syntax for configuration ([1be0d87](https://github.com/saltstack-formulas/openssh-formula/commit/1be0d8725ad933034f4e87cc9636bcc5100bd55c))
+* **matchers:** add delimiter option for source definitions ([d69556d](https://github.com/saltstack-formulas/openssh-formula/commit/d69556d5ae79a907d79351d4b9775e0ce2970b39))
+
+
+### Styles
+
+* **mapstack:** variables in macro can't be exported ([7de2d6f](https://github.com/saltstack-formulas/openssh-formula/commit/7de2d6fd756b3e4b7154e660b639d7ce6edb8cfe))
+
+
+### BREAKING CHANGES
+
+* **map:** the configuration `map_jinja:sources` is only
+                 configurable with `salt://parameters/map_jinja.yaml`
+		 and `salt://{{ tplroot }}/parameters/map_jinja.yaml`
+* **map:** the `map_jinja:config_get_roots` is replaced by
+                 compound like `map_jinja:sources`
+* **map:** the two `config_get_lookup` and `config_get` are
+                 replaced by `C@<tplroot>:lookup` and `C@<tplroot>`
+		 sources
+
+## [2.0.6](https://github.com/saltstack-formulas/openssh-formula/compare/v2.0.5...v2.0.6) (2020-12-23)
+
+
+### Code Refactoring
+
+* **map:** use top-level `values:` key in `map.jinja` dumps ([37597e5](https://github.com/saltstack-formulas/openssh-formula/commit/37597e5b12c769be5add3608152215d7d21e8412))
+
+## [2.0.5](https://github.com/saltstack-formulas/openssh-formula/compare/v2.0.4...v2.0.5) (2020-12-22)
+
+
+### Continuous Integration
+
+* **commitlint:** ensure `upstream/master` uses main repo URL [skip ci] ([7af3bf2](https://github.com/saltstack-formulas/openssh-formula/commit/7af3bf255df5d636750edb8b3a95c63b032712b4))
+* **gitlab-ci:** add `rubocop` linter (with `allow_failure`) [skip ci] ([37b9f3a](https://github.com/saltstack-formulas/openssh-formula/commit/37b9f3ac09a895b6aad5e796f062c6f3871e697c))
+* **gitlab-ci:** use GitLab CI as Travis CI replacement ([bccd5fd](https://github.com/saltstack-formulas/openssh-formula/commit/bccd5fd3d88ba22d1b9b91018e7eb2a24620138f))
+* **pre-commit:** add to formula [skip ci] ([4e13609](https://github.com/saltstack-formulas/openssh-formula/commit/4e13609b992d5d2e3e2a540e736016fe1f22c7e2))
+* **pre-commit:** enable/disable `rstcheck` as relevant [skip ci] ([094bef5](https://github.com/saltstack-formulas/openssh-formula/commit/094bef540614043947434a00b0a0e8bfe4665f93))
+* **pre-commit:** finalise `rstcheck` configuration [skip ci] ([75e843a](https://github.com/saltstack-formulas/openssh-formula/commit/75e843a7bdabcc64f29bcea7e7ae6ce204bd5397))
+
+
+### Tests
+
+* **map:** standardise `map.jinja` verification ([2bab68f](https://github.com/saltstack-formulas/openssh-formula/commit/2bab68f5ff5485c9b43712bd2dd17f447ed787f4))
+
+## [2.0.4](https://github.com/saltstack-formulas/openssh-formula/compare/v2.0.3...v2.0.4) (2020-09-27)
+
+
+### Bug Fixes
+
+* **pillar:** `tofs` must not be under `mine_functions` ([c0d5052](https://github.com/saltstack-formulas/openssh-formula/commit/c0d5052f6a4f86ed78df5f79f4848f24113dbe1a))
+
+
+### Tests
+
+* **inspec:** `_mapdata` files should have `tofs` configuration ([5e9033f](https://github.com/saltstack-formulas/openssh-formula/commit/5e9033f500cfa0cc5c06867ebdccd9e6b3298498))
+
+## [2.0.3](https://github.com/saltstack-formulas/openssh-formula/compare/v2.0.2...v2.0.3) (2020-09-09)
+
+
+### Continuous Integration
+
+* **kitchen:** force the hostname of the containers ([208f873](https://github.com/saltstack-formulas/openssh-formula/commit/208f87380ce23995ca62c882401c48ec91de6c86))
+
+
+### Tests
+
+* **inspec:** no more need to mangle mapdata for hostname ([8cb31c6](https://github.com/saltstack-formulas/openssh-formula/commit/8cb31c6967f736f2068ec55911bd177f5ad6ee87))
+* **share:** standardise structure ([15241d3](https://github.com/saltstack-formulas/openssh-formula/commit/15241d39c55441c31ae19863cb383a0ccccaa07e))
+
 ## [2.0.2](https://github.com/saltstack-formulas/openssh-formula/compare/v2.0.1...v2.0.2) (2020-08-26)
 
 

CODEOWNERS

@@ -14,16 +14,27 @@
 # SECTION: Owner(s) for files/directories related to `semantic-release`
 # FILE PATTERN                              OWNER(S)
 /.github/workflows/                         @saltstack-formulas/ssf
+/bin/install-hooks                          @saltstack-formulas/ssf
 /bin/kitchen                                @saltstack-formulas/ssf
 /docs/AUTHORS.rst                           @saltstack-formulas/ssf
 /docs/CHANGELOG.rst                         @saltstack-formulas/ssf
 /docs/TOFS_pattern.rst                      @saltstack-formulas/ssf
-/openssh/libsaltcli.jinja                   @saltstack-formulas/ssf
+/*/_mapdata/                                @saltstack-formulas/ssf
-/openssh/libtofs.jinja                      @saltstack-formulas/ssf
+/*/libmapstack.jinja                        @saltstack-formulas/ssf
+/*/libmatchers.jinja                        @saltstack-formulas/ssf
+/*/libsaltcli.jinja                         @saltstack-formulas/ssf
+/*/libtofs.jinja                            @saltstack-formulas/ssf
+/*/map.jinja                                @saltstack-formulas/ssf
+/test/integration/**/_mapdata.rb            @saltstack-formulas/ssf
+/test/integration/**/libraries/system.rb    @saltstack-formulas/ssf
 /test/integration/**/inspec.yml             @saltstack-formulas/ssf
 /test/integration/**/README.md              @saltstack-formulas/ssf
+/test/salt/pillar/top.sls                   @saltstack-formulas/ssf
 /.gitignore                                 @saltstack-formulas/ssf
 /.cirrus.yml                                @saltstack-formulas/ssf
+/.gitlab-ci.yml                             @saltstack-formulas/ssf
+/.pre-commit-config.yaml                    @saltstack-formulas/ssf
+/.rstcheck.cfg                              @saltstack-formulas/ssf
 /.rubocop.yml                               @saltstack-formulas/ssf
 /.salt-lint                                 @saltstack-formulas/ssf
 /.travis.yml                                @saltstack-formulas/ssf
@@ -36,6 +47,8 @@
 /Gemfile                                    @saltstack-formulas/ssf
 /Gemfile.lock                               @saltstack-formulas/ssf
 /kitchen.yml                                @saltstack-formulas/ssf
+/kitchen.vagrant.yml                        @saltstack-formulas/ssf
+/kitchen.windows.yml                        @saltstack-formulas/ssf
 /pre-commit_semantic-release.sh             @saltstack-formulas/ssf
 /release-rules.js                           @saltstack-formulas/ssf
 /release.config.js                          @saltstack-formulas/ssf

FORMULA

@@ -1,7 +1,7 @@
 name: openssh
 os: Debian, Ubuntu, Raspbian, RedHat, Fedora, CentOS, Suse, openSUSE, Gentoo, Funtoo, Arch, Manjaro, Alpine, FreeBSD, OpenBSD, Solaris, SmartOS, Windows, MacOS
 os_family: Debian, RedHat, Suse, Gentoo, Arch, Alpine, FreeBSD, OpenBSD, Solaris, Windows, MacOS
-version: 2.0.2
+version: 3.0.3
 release: 1
 minimum_version: 2017.7
 summary: openssh formula

Gemfile

@@ -1,10 +1,22 @@
 # frozen_string_literal: true
 
-source 'https://rubygems.org'
+source ENV.fetch('PROXY_RUBYGEMSORG', 'https://rubygems.org')
 
-gem 'kitchen-docker', '>= 2.9'
+# Install the `inspec` gem using `git` because versions after `4.22.22`
-gem 'kitchen-inspec', '>= 1.1'
+# suppress diff output; this version fixes this for our uses.
-gem 'kitchen-salt', '>= 0.6.0'
+# rubocop:disable Layout/LineLength
+gem 'inspec', git: 'https://gitlab.com/saltstack-formulas/infrastructure/inspec', branch: 'ssf'
+# rubocop:enable Layout/LineLength
+
+# Install the `kitchen-docker` gem using `git` in order to gain a performance
+# improvement: avoid package installations which are already covered by the
+# `salt-image-builder` (i.e. the pre-salted images that we're using)
+# rubocop:disable Layout/LineLength
+gem 'kitchen-docker', git: 'https://gitlab.com/saltstack-formulas/infrastructure/kitchen-docker', branch: 'ssf'
+# rubocop:enable Layout/LineLength
+
+gem 'kitchen-inspec', '>= 2.5.0'
+gem 'kitchen-salt', '>= 0.7.2'
 
 group :vagrant do
   gem 'kitchen-vagrant'

Gemfile.lock

@@ -1,317 +1,420 @@
+GIT
+  remote: https://gitlab.com/saltstack-formulas/infrastructure/inspec
+  revision: aaef842906a5666f0fc0b4f186b4dd3498f5b28c
+  branch: ssf
+  specs:
+    inspec (5.18.15)
+      cookstyle
+      faraday_middleware (>= 0.12.2, < 1.1)
+      inspec-core (= 5.18.15)
+      mongo (= 2.13.2)
+      progress_bar (~> 1.3.3)
+      rake
+      train (~> 3.10)
+      train-aws (~> 0.2)
+      train-habitat (~> 0.1)
+      train-winrm (~> 0.2)
+    inspec-core (5.18.15)
+      addressable (~> 2.4)
+      chef-telemetry (~> 1.0, >= 1.0.8)
+      faraday (>= 0.9.0, < 1.5)
+      faraday_middleware (~> 1.0)
+      hashie (>= 3.4, < 5.0)
+      license-acceptance (>= 0.2.13, < 3.0)
+      method_source (>= 0.8, < 2.0)
+      mixlib-log (~> 3.0)
+      multipart-post (~> 2.0)
+      parallel (~> 1.9)
+      parslet (>= 1.5, < 2.0)
+      pry (~> 0.13)
+      rspec (>= 3.9, <= 3.11)
+      rspec-its (~> 1.2)
+      rubyzip (>= 1.2.2, < 3.0)
+      semverse (~> 3.0)
+      sslshake (~> 1.2)
+      thor (>= 0.20, < 2.0)
+      tomlrb (>= 1.2, < 2.1)
+      train-core (~> 3.10)
+      tty-prompt (~> 0.17)
+      tty-table (~> 0.10)
+
+GIT
+  remote: https://gitlab.com/saltstack-formulas/infrastructure/kitchen-docker
+  revision: 9a09bc1e571e25f3ccabf4725ca2048d970fff82
+  branch: ssf
+  specs:
+    kitchen-docker (2.12.0)
+      test-kitchen (>= 1.0.0)
+
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (5.2.4.3)
+    activesupport (7.0.3.1)
       concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
+      i18n (>= 1.6, < 2)
-      minitest (~> 5.1)
+      minitest (>= 5.1)
-      tzinfo (~> 1.1)
+      tzinfo (~> 2.0)
-    addressable (2.7.0)
+    addressable (2.8.0)
       public_suffix (>= 2.0.2, < 5.0)
-    aws-eventstream (1.1.0)
+    ast (2.4.2)
-    aws-partitions (1.338.0)
+    aws-eventstream (1.2.0)
-    aws-sdk-apigateway (1.48.0)
+    aws-partitions (1.607.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+    aws-sdk-alexaforbusiness (1.56.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-apigatewayv2 (1.23.0)
+    aws-sdk-amplify (1.32.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.120.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-athena (1.30.0)
+    aws-sdk-apigateway (1.78.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-autoscaling (1.22.0)
+    aws-sdk-apigatewayv2 (1.42.0)
-      aws-sdk-core (~> 3, >= 3.52.1)
+      aws-sdk-core (~> 3, >= 3.127.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-budgets (1.32.0)
+    aws-sdk-applicationautoscaling (1.51.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.112.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-cloudformation (1.41.0)
+    aws-sdk-athena (1.55.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-cloudfront (1.33.0)
+    aws-sdk-autoscaling (1.63.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.112.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-cloudhsm (1.24.0)
+    aws-sdk-batch (1.47.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.112.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-cloudhsmv2 (1.26.0)
+    aws-sdk-budgets (1.50.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-cloudtrail (1.26.0)
+    aws-sdk-cloudformation (1.70.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-cloudwatch (1.41.0)
+    aws-sdk-cloudfront (1.65.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-cloudwatchlogs (1.34.0)
+    aws-sdk-cloudhsm (1.39.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-codecommit (1.37.0)
+    aws-sdk-cloudhsmv2 (1.42.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-codedeploy (1.34.0)
+    aws-sdk-cloudtrail (1.49.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-codepipeline (1.34.0)
+    aws-sdk-cloudwatch (1.64.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-configservice (1.48.0)
+    aws-sdk-cloudwatchevents (1.46.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.112.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-core (3.103.0)
+    aws-sdk-cloudwatchlogs (1.53.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
+      aws-sigv4 (~> 1.1)
+    aws-sdk-codecommit (1.51.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
+      aws-sigv4 (~> 1.1)
+    aws-sdk-codedeploy (1.49.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
+      aws-sigv4 (~> 1.1)
+    aws-sdk-codepipeline (1.53.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
+      aws-sigv4 (~> 1.1)
+    aws-sdk-cognitoidentity (1.31.0)
+      aws-sdk-core (~> 3, >= 3.112.0)
+      aws-sigv4 (~> 1.1)
+    aws-sdk-cognitoidentityprovider (1.53.0)
+      aws-sdk-core (~> 3, >= 3.112.0)
+      aws-sigv4 (~> 1.1)
+    aws-sdk-configservice (1.79.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
+      aws-sigv4 (~> 1.1)
+    aws-sdk-core (3.131.2)
       aws-eventstream (~> 1, >= 1.0.2)
-      aws-partitions (~> 1, >= 1.239.0)
+      aws-partitions (~> 1, >= 1.525.0)
       aws-sigv4 (~> 1.1)
-      jmespath (~> 1.0)
+      jmespath (~> 1, >= 1.6.1)
-    aws-sdk-costandusagereportservice (1.24.0)
+    aws-sdk-costandusagereportservice (1.40.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-dynamodb (1.51.0)
+    aws-sdk-databasemigrationservice (1.53.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.112.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-ec2 (1.174.0)
+    aws-sdk-dynamodb (1.75.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-ecr (1.34.0)
+    aws-sdk-ec2 (1.322.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-ecs (1.67.0)
+    aws-sdk-ecr (1.56.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-efs (1.32.0)
+    aws-sdk-ecrpublic (1.12.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-eks (1.39.0)
+    aws-sdk-ecs (1.100.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-elasticache (1.40.0)
+    aws-sdk-efs (1.54.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-elasticbeanstalk (1.34.0)
+    aws-sdk-eks (1.75.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-elasticloadbalancing (1.25.0)
+    aws-sdk-elasticache (1.78.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-elasticloadbalancingv2 (1.47.0)
+    aws-sdk-elasticbeanstalk (1.51.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-elasticsearchservice (1.39.0)
+    aws-sdk-elasticloadbalancing (1.40.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-firehose (1.31.0)
+    aws-sdk-elasticloadbalancingv2 (1.78.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-iam (1.43.0)
+    aws-sdk-elasticsearchservice (1.65.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-kafka (1.23.0)
+    aws-sdk-emr (1.53.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.121.2)
       aws-sigv4 (~> 1.1)
-    aws-sdk-kinesis (1.26.0)
+    aws-sdk-eventbridge (1.24.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.112.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-kms (1.36.0)
+    aws-sdk-firehose (1.48.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-lambda (1.46.0)
+    aws-sdk-glue (1.88.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.112.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-organizations (1.17.0)
+    aws-sdk-guardduty (1.58.0)
-      aws-sdk-core (~> 3, >= 3.39.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
-      aws-sigv4 (~> 1.0)
-    aws-sdk-rds (1.92.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-redshift (1.46.0)
+    aws-sdk-iam (1.69.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-route53 (1.40.0)
+    aws-sdk-kafka (1.50.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-route53domains (1.25.0)
+    aws-sdk-kinesis (1.41.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-route53resolver (1.17.0)
+    aws-sdk-kms (1.57.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-s3 (1.73.0)
+    aws-sdk-lambda (1.84.0)
-      aws-sdk-core (~> 3, >= 3.102.1)
+      aws-sdk-core (~> 3, >= 3.127.0)
+      aws-sigv4 (~> 1.1)
+    aws-sdk-mq (1.40.0)
+      aws-sdk-core (~> 3, >= 3.120.0)
+      aws-sigv4 (~> 1.1)
+    aws-sdk-networkfirewall (1.17.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
+      aws-sigv4 (~> 1.1)
+    aws-sdk-networkmanager (1.24.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
+      aws-sigv4 (~> 1.1)
+    aws-sdk-organizations (1.59.0)
+      aws-sdk-core (~> 3, >= 3.112.0)
+      aws-sigv4 (~> 1.1)
+    aws-sdk-ram (1.26.0)
+      aws-sdk-core (~> 3, >= 3.112.0)
+      aws-sigv4 (~> 1.1)
+    aws-sdk-rds (1.148.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
+      aws-sigv4 (~> 1.1)
+    aws-sdk-redshift (1.84.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
+      aws-sigv4 (~> 1.1)
+    aws-sdk-route53 (1.63.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
+      aws-sigv4 (~> 1.1)
+    aws-sdk-route53domains (1.40.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
+      aws-sigv4 (~> 1.1)
+    aws-sdk-route53resolver (1.37.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
+      aws-sigv4 (~> 1.1)
+    aws-sdk-s3 (1.114.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
       aws-sdk-kms (~> 1)
+      aws-sigv4 (~> 1.4)
+    aws-sdk-s3control (1.43.0)
+      aws-sdk-core (~> 3, >= 3.122.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-securityhub (1.29.0)
+    aws-sdk-secretsmanager (1.46.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.112.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-ses (1.33.0)
+    aws-sdk-securityhub (1.67.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-sms (1.23.0)
+    aws-sdk-servicecatalog (1.60.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.112.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-sns (1.27.0)
+    aws-sdk-ses (1.41.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.120.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-sqs (1.30.0)
+    aws-sdk-shield (1.48.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-ssm (1.84.0)
+    aws-sdk-signer (1.32.0)
-      aws-sdk-core (~> 3, >= 3.99.0)
+      aws-sdk-core (~> 3, >= 3.120.0)
       aws-sigv4 (~> 1.1)
-    aws-sigv4 (1.2.1)
+    aws-sdk-simpledb (1.29.0)
+      aws-sdk-core (~> 3, >= 3.120.0)
+      aws-sigv2 (~> 1.0)
+    aws-sdk-sms (1.40.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
+      aws-sigv4 (~> 1.1)
+    aws-sdk-sns (1.53.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
+      aws-sigv4 (~> 1.1)
+    aws-sdk-sqs (1.51.1)
+      aws-sdk-core (~> 3, >= 3.127.0)
+      aws-sigv4 (~> 1.1)
+    aws-sdk-ssm (1.137.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
+      aws-sigv4 (~> 1.1)
+    aws-sdk-states (1.39.0)
+      aws-sdk-core (~> 3, >= 3.112.0)
+      aws-sigv4 (~> 1.1)
+    aws-sdk-synthetics (1.19.0)
+      aws-sdk-core (~> 3, >= 3.121.2)
+      aws-sigv4 (~> 1.1)
+    aws-sdk-transfer (1.34.0)
+      aws-sdk-core (~> 3, >= 3.112.0)
+      aws-sigv4 (~> 1.1)
+    aws-sdk-waf (1.43.0)
+      aws-sdk-core (~> 3, >= 3.122.0)
+      aws-sigv4 (~> 1.1)
+    aws-sigv2 (1.1.0)
+    aws-sigv4 (1.5.0)
       aws-eventstream (~> 1, >= 1.0.2)
     azure_graph_rbac (0.17.2)
       ms_rest_azure (~> 0.12.0)
-    azure_mgmt_key_vault (0.17.6)
+    azure_mgmt_key_vault (0.17.7)
       ms_rest_azure (~> 0.12.0)
-    azure_mgmt_resources (0.17.9)
+    azure_mgmt_resources (0.18.2)
       ms_rest_azure (~> 0.12.0)
-    azure_mgmt_security (0.18.2)
+    azure_mgmt_security (0.19.0)
       ms_rest_azure (~> 0.12.0)
-    azure_mgmt_storage (0.21.2)
+    azure_mgmt_storage (0.23.0)
       ms_rest_azure (~> 0.12.0)
-    bcrypt_pbkdf (1.0.1)
+    bcrypt_pbkdf (1.1.0)
+    bson (4.15.0)
     builder (3.2.4)
-    chef-config (16.2.73)
+    chef-config (17.10.0)
       addressable
-      chef-utils (= 16.2.73)
+      chef-utils (= 17.10.0)
       fuzzyurl
       mixlib-config (>= 2.2.12, < 4.0)
       mixlib-shellout (>= 2.0, < 4.0)
       tomlrb (~> 1.2)
-    chef-telemetry (1.0.8)
+    chef-telemetry (1.1.1)
       chef-config
       concurrent-ruby (~> 1.0)
-      ffi-yajl (~> 2.2)
+    chef-utils (17.10.0)
-    chef-utils (16.2.73)
+      concurrent-ruby
     coderay (1.1.3)
-    concurrent-ruby (1.1.6)
+    concurrent-ruby (1.1.10)
+    cookstyle (7.32.1)
+      rubocop (= 1.25.1)
     declarative (0.0.20)
-    declarative-option (0.1.0)
+    diff-lcs (1.5.0)
-    diff-lcs (1.4.4)
+    docker-api (2.2.0)
-    docker-api (1.34.2)
       excon (>= 0.47.0)
       multi_json
     domain_name (0.5.20190701)
       unf (>= 0.0.5, < 1.0.0)
-    ecma-re-validator (0.2.1)
+    ed25519 (1.3.0)
-      regexp_parser (~> 1.2)
+    erubi (1.10.0)
-    ed25519 (1.2.4)
+    excon (0.92.3)
-    equatable (0.6.1)
+    faraday (1.4.3)
-    erubi (1.9.0)
+      faraday-em_http (~> 1.0)
-    excon (0.75.0)
+      faraday-em_synchrony (~> 1.0)
-    faraday (0.17.3)
+      faraday-excon (~> 1.1)
+      faraday-net_http (~> 1.0)
+      faraday-net_http_persistent (~> 1.1)
       multipart-post (>= 1.2, < 3)
-    faraday-cookie_jar (0.0.6)
+      ruby2_keywords (>= 0.0.4)
-      faraday (>= 0.7.4)
+    faraday-cookie_jar (0.0.7)
+      faraday (>= 0.8.0)
       http-cookie (~> 1.0.0)
-    faraday_middleware (0.12.2)
+    faraday-em_http (1.0.0)
-      faraday (>= 0.7.4, < 1.0)
+    faraday-em_synchrony (1.0.0)
-    ffi (1.13.1)
+    faraday-excon (1.1.0)
-    ffi-yajl (2.3.3)
+    faraday-net_http (1.0.1)
-      libyajl2 (~> 1.2)
+    faraday-net_http_persistent (1.2.0)
+    faraday_middleware (1.0.0)
+      faraday (~> 1.0)
+    ffi (1.15.5)
     fuzzyurl (0.9.0)
-    google-api-client (0.34.1)
+    google-api-client (0.52.0)
       addressable (~> 2.5, >= 2.5.1)
       googleauth (~> 0.9)
       httpclient (>= 2.8.1, < 3.0)
       mini_mime (~> 1.0)
       representable (~> 3.0)
       retriable (>= 2.0, < 4.0)
+      rexml
       signet (~> 0.12)
-    googleauth (0.10.0)
+    googleauth (0.14.0)
-      faraday (~> 0.12)
+      faraday (>= 0.17.3, < 2.0)
       jwt (>= 1.4, < 3.0)
       memoist (~> 0.16)
       multi_json (~> 1.11)
       os (>= 0.9, < 2.0)
-      signet (~> 0.12)
+      signet (~> 0.14)
-    gssapi (1.3.0)
+    gssapi (1.3.1)
       ffi (>= 1.0.1)
-    gyoku (1.3.1)
+    gyoku (1.4.0)
       builder (>= 2.1.2)
-    hana (1.3.6)
+      rexml (~> 3.0)
-    hashie (3.6.0)
+    hashie (4.1.0)
-    htmlentities (4.3.4)
+    highline (2.0.3)
-    http-cookie (1.0.3)
+    http-cookie (1.0.5)
       domain_name (~> 0.5)
     httpclient (2.8.3)
-    i18n (1.8.3)
+    i18n (1.12.0)
       concurrent-ruby (~> 1.0)
     inifile (3.0.0)
-    inspec (4.21.3)
+    jmespath (1.6.1)
-      faraday_middleware (~> 0.12.2)
+    json (2.6.2)
-      inspec-core (= 4.21.3)
+    jwt (2.4.1)
-      train (~> 3.0)
+    kitchen-inspec (2.6.1)
-      train-aws (~> 0.1)
+      hashie (>= 3.4, <= 5.0)
-      train-habitat (~> 0.1)
+      inspec (>= 2.2.64, < 7.0)
-      train-winrm (~> 0.2)
+      test-kitchen (>= 2.7, < 4)
-    inspec-core (4.21.3)
+    kitchen-salt (0.7.2)
-      addressable (~> 2.4)
-      chef-telemetry (~> 1.0)
-      faraday (>= 0.9.0)
-      hashie (~> 3.4)
-      htmlentities (~> 4.3)
-      json_schemer (~> 0.2.1)
-      license-acceptance (>= 0.2.13, < 2.0)
-      method_source (>= 0.8, < 2.0)
-      mixlib-log (~> 3.0)
-      multipart-post (~> 2.0)
-      parallel (~> 1.9)
-      parslet (~> 1.5)
-      pry (~> 0.13)
-      rspec (~> 3.9)
-      rspec-its (~> 1.2)
-      rubyzip (~> 1.2, >= 1.2.2)
-      semverse (~> 3.0)
-      sslshake (~> 1.2)
-      term-ansicolor (~> 1.7)
-      thor (>= 0.20, < 2.0)
-      tomlrb (~> 1.2.0)
-      train-core (~> 3.0)
-      tty-prompt (~> 0.17)
-      tty-table (~> 0.10)
-    jmespath (1.4.0)
-    json (2.3.1)
-    json_schemer (0.2.11)
-      ecma-re-validator (~> 0.2)
-      hana (~> 1.3)
-      regexp_parser (~> 1.5)
-      uri_template (~> 0.7)
-    jwt (2.2.1)
-    kitchen-docker (2.10.0)
-      test-kitchen (>= 1.0.0)
-    kitchen-inspec (2.0.0)
-      hashie (~> 3.4)
-      inspec (>= 2.2.64, < 5.0)
-      test-kitchen (>= 1.6, < 3)
-    kitchen-salt (0.6.3)
       hashie (>= 3.5)
       test-kitchen (>= 1.4)
-    kitchen-vagrant (1.6.1)
+    kitchen-vagrant (1.12.0)
-      test-kitchen (>= 1.4, < 3)
+      test-kitchen (>= 1.4, < 4)
-    libyajl2 (1.2.0)
+    license-acceptance (2.1.13)
-    license-acceptance (1.0.19)
       pastel (~> 0.7)
-      tomlrb (~> 1.2)
+      tomlrb (>= 1.2, < 3.0)
-      tty-box (~> 0.3)
+      tty-box (~> 0.6)
-      tty-prompt (~> 0.18)
+      tty-prompt (~> 0.20)
     little-plugger (1.1.4)
-    logging (2.3.0)
+    logging (2.3.1)
       little-plugger (~> 1.1)
       multi_json (~> 1.14)
     memoist (0.16.2)
     method_source (1.0.0)
-    mini_mime (1.0.2)
+    mini_mime (1.1.2)
-    minitest (5.14.1)
+    minitest (5.16.2)
-    mixlib-config (3.0.6)
+    mixlib-config (3.0.27)
       tomlrb
-    mixlib-install (3.12.1)
+    mixlib-install (3.12.19)
       mixlib-shellout
       mixlib-versioning
       thor
-    mixlib-log (3.0.8)
+    mixlib-log (3.0.9)
-    mixlib-shellout (3.0.9)
+    mixlib-shellout (3.2.7)
+      chef-utils
     mixlib-versioning (1.2.12)
+    mongo (2.13.2)
+      bson (>= 4.8.2, < 5.0.0)
     ms_rest (0.7.6)
       concurrent-ruby (~> 1.0)
       faraday (>= 0.9, < 2.0.0)
@@ -321,68 +424,86 @@ GEM
       faraday (>= 0.9, < 2.0.0)
       faraday-cookie_jar (~> 0.0.6)
       ms_rest (~> 0.7.6)
-    multi_json (1.14.1)
+    multi_json (1.15.0)
-    multipart-post (2.1.1)
+    multipart-post (2.2.3)
-    necromancer (0.5.1)
     net-scp (3.0.0)
       net-ssh (>= 2.6.5, < 7.0.0)
     net-ssh (6.1.0)
     net-ssh-gateway (2.0.0)
       net-ssh (>= 4.0.0)
     nori (2.6.0)
-    os (1.1.0)
+    options (2.3.2)
-    parallel (1.19.2)
+    os (1.1.4)
+    parallel (1.22.1)
+    parser (3.1.2.0)
+      ast (~> 2.4.1)
     parslet (1.8.2)
-    pastel (0.7.4)
+    pastel (0.8.0)
-      equatable (~> 0.6)
       tty-color (~> 0.5)
-    pry (0.13.1)
+    progress_bar (1.3.3)
+      highline (>= 1.6, < 3)
+      options (~> 2.3.0)
+    pry (0.14.1)
       coderay (~> 1.1)
       method_source (~> 1.0)
-    public_suffix (4.0.5)
+    public_suffix (4.0.7)
-    regexp_parser (1.7.1)
+    rainbow (3.1.1)
-    representable (3.0.4)
+    rake (13.0.6)
+    regexp_parser (2.5.0)
+    representable (3.2.0)
       declarative (< 0.1.0)
-      declarative-option (< 0.2.0)
+      trailblazer-option (>= 0.1.1, < 0.2.0)
       uber (< 0.2.0)
     retriable (3.1.2)
-    rspec (3.9.0)
+    rexml (3.2.5)
-      rspec-core (~> 3.9.0)
+    rspec (3.11.0)
-      rspec-expectations (~> 3.9.0)
+      rspec-core (~> 3.11.0)
-      rspec-mocks (~> 3.9.0)
+      rspec-expectations (~> 3.11.0)
-    rspec-core (3.9.2)
+      rspec-mocks (~> 3.11.0)
-      rspec-support (~> 3.9.3)
+    rspec-core (3.11.0)
-    rspec-expectations (3.9.2)
+      rspec-support (~> 3.11.0)
+    rspec-expectations (3.11.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.9.0)
+      rspec-support (~> 3.11.0)
     rspec-its (1.3.0)
       rspec-core (>= 3.0.0)
       rspec-expectations (>= 3.0.0)
-    rspec-mocks (3.9.1)
+    rspec-mocks (3.11.1)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.9.0)
+      rspec-support (~> 3.11.0)
-    rspec-support (3.9.3)
+    rspec-support (3.11.0)
-    rubyntlm (0.6.2)
+    rubocop (1.25.1)
-    rubyzip (1.3.0)
+      parallel (~> 1.10)
-    semverse (3.0.0)
+      parser (>= 3.1.0.0)
-    signet (0.14.0)
+      rainbow (>= 2.2.2, < 4.0)
-      addressable (~> 2.3)
+      regexp_parser (>= 1.8, < 3.0)
-      faraday (>= 0.17.3, < 2.0)
+      rexml
+      rubocop-ast (>= 1.15.1, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.19.1)
+      parser (>= 3.1.1.0)
+    ruby-progressbar (1.11.0)
+    ruby2_keywords (0.0.5)
+    rubyntlm (0.6.3)
+    rubyzip (2.3.2)
+    semverse (3.0.2)
+    signet (0.17.0)
+      addressable (~> 2.8)
+      faraday (>= 0.17.5, < 3.a)
       jwt (>= 1.5, < 3.0)
       multi_json (~> 1.10)
     sslshake (1.3.1)
-    strings (0.1.8)
+    strings (0.2.1)
-      strings-ansi (~> 0.1)
+      strings-ansi (~> 0.2)
-      unicode-display_width (~> 1.5)
+      unicode-display_width (>= 1.5, < 3.0)
       unicode_utils (~> 1.4)
     strings-ansi (0.2.0)
-    sync (0.5.0)
+    test-kitchen (3.3.1)
-    term-ansicolor (1.7.1)
-      tins (~> 1.0)
-    test-kitchen (2.5.2)
       bcrypt_pbkdf (~> 1.0)
+      chef-utils (>= 16.4.35)
       ed25519 (~> 1.2)
-      license-acceptance (~> 1.0, >= 1.0.11)
+      license-acceptance (>= 1.0.11, < 3.0)
       mixlib-install (~> 3.6)
       mixlib-shellout (>= 1.2, < 4.0)
       net-scp (>= 1.1, < 4.0)
@@ -392,30 +513,32 @@ GEM
       winrm (~> 2.0)
       winrm-elevated (~> 1.0)
       winrm-fs (~> 1.1)
-    thor (1.0.1)
+    thor (1.2.1)
-    thread_safe (0.3.6)
     timeliness (0.3.10)
-    tins (1.25.0)
+    tomlrb (1.3.0)
-      sync
+    trailblazer-option (0.1.2)
-    tomlrb (1.2.9)
+    train (3.10.1)
-    train (3.3.6)
+      activesupport (>= 6.0.3.1)
-      activesupport (>= 5.2.4.3, < 6.0.0)
       azure_graph_rbac (~> 0.16)
       azure_mgmt_key_vault (~> 0.17)
       azure_mgmt_resources (~> 0.15)
       azure_mgmt_security (~> 0.18)
       azure_mgmt_storage (~> 0.18)
-      docker-api (~> 1.26)
+      docker-api (>= 1.26, < 3.0)
-      google-api-client (>= 0.23.9, < 0.35.0)
+      google-api-client (>= 0.23.9, <= 0.52.0)
-      googleauth (>= 0.6.6, < 0.11.0)
+      googleauth (>= 0.6.6, <= 0.14.0)
       inifile (~> 3.0)
-      train-core (= 3.3.6)
+      train-core (= 3.10.1)
       train-winrm (~> 0.2)
-    train-aws (0.1.17)
+    train-aws (0.2.24)
+      aws-sdk-alexaforbusiness (~> 1.0)
+      aws-sdk-amplify (~> 1.32.0)
       aws-sdk-apigateway (~> 1.0)
       aws-sdk-apigatewayv2 (~> 1.0)
+      aws-sdk-applicationautoscaling (>= 1.46, < 1.52)
       aws-sdk-athena (~> 1.0)
-      aws-sdk-autoscaling (~> 1.22.0)
+      aws-sdk-autoscaling (>= 1.22, < 1.64)
+      aws-sdk-batch (>= 1.36, < 1.48)
       aws-sdk-budgets (~> 1.0)
       aws-sdk-cloudformation (~> 1.0)
       aws-sdk-cloudfront (~> 1.0)
@@ -423,16 +546,21 @@ GEM
       aws-sdk-cloudhsmv2 (~> 1.0)
       aws-sdk-cloudtrail (~> 1.8)
       aws-sdk-cloudwatch (~> 1.13)
+      aws-sdk-cloudwatchevents (>= 1.36, < 1.47)
       aws-sdk-cloudwatchlogs (~> 1.13)
       aws-sdk-codecommit (~> 1.0)
       aws-sdk-codedeploy (~> 1.0)
       aws-sdk-codepipeline (~> 1.0)
+      aws-sdk-cognitoidentity (>= 1.26, < 1.32)
+      aws-sdk-cognitoidentityprovider (>= 1.46, < 1.54)
       aws-sdk-configservice (~> 1.21)
       aws-sdk-core (~> 3.0)
       aws-sdk-costandusagereportservice (~> 1.6)
+      aws-sdk-databasemigrationservice (>= 1.42, < 1.54)
       aws-sdk-dynamodb (~> 1.31)
       aws-sdk-ec2 (~> 1.70)
       aws-sdk-ecr (~> 1.18)
+      aws-sdk-ecrpublic (~> 1.3)
       aws-sdk-ecs (~> 1.30)
       aws-sdk-efs (~> 1.0)
       aws-sdk-eks (~> 1.9)
@@ -441,67 +569,82 @@ GEM
       aws-sdk-elasticloadbalancing (~> 1.8)
       aws-sdk-elasticloadbalancingv2 (~> 1.0)
       aws-sdk-elasticsearchservice (~> 1.0)
+      aws-sdk-emr (~> 1.53.0)
+      aws-sdk-eventbridge (~> 1.24.0)
       aws-sdk-firehose (~> 1.0)
+      aws-sdk-glue (>= 1.71, < 1.89)
+      aws-sdk-guardduty (~> 1.31)
       aws-sdk-iam (~> 1.13)
       aws-sdk-kafka (~> 1.0)
       aws-sdk-kinesis (~> 1.0)
       aws-sdk-kms (~> 1.13)
       aws-sdk-lambda (~> 1.0)
-      aws-sdk-organizations (~> 1.17.0)
+      aws-sdk-mq (~> 1.40.0)
+      aws-sdk-networkfirewall (>= 1.6.0)
+      aws-sdk-networkmanager (>= 1.13.0)
+      aws-sdk-organizations (>= 1.17, < 1.60)
+      aws-sdk-ram (>= 1.21, < 1.27)
       aws-sdk-rds (~> 1.43)
       aws-sdk-redshift (~> 1.0)
       aws-sdk-route53 (~> 1.0)
       aws-sdk-route53domains (~> 1.0)
       aws-sdk-route53resolver (~> 1.0)
       aws-sdk-s3 (~> 1.30)
+      aws-sdk-s3control (~> 1.43.0)
+      aws-sdk-secretsmanager (>= 1.42, < 1.47)
       aws-sdk-securityhub (~> 1.0)
-      aws-sdk-ses (~> 1.0)
+      aws-sdk-servicecatalog (>= 1.48, < 1.61)
+      aws-sdk-ses (~> 1.41.0)
+      aws-sdk-shield (~> 1.30)
+      aws-sdk-signer (~> 1.32.0)
+      aws-sdk-simpledb (~> 1.29.0)
       aws-sdk-sms (~> 1.0)
       aws-sdk-sns (~> 1.9)
       aws-sdk-sqs (~> 1.10)
       aws-sdk-ssm (~> 1.0)
-    train-core (3.3.6)
+      aws-sdk-states (>= 1.35, < 1.40)
+      aws-sdk-synthetics (~> 1.19.0)
+      aws-sdk-transfer (>= 1.26, < 1.35)
+      aws-sdk-waf (~> 1.43.0)
+    train-core (3.10.1)
       addressable (~> 2.5)
       ffi (!= 1.13.0)
       json (>= 1.8, < 3.0)
       mixlib-shellout (>= 2.0, < 4.0)
       net-scp (>= 1.2, < 4.0)
       net-ssh (>= 2.9, < 7.0)
-    train-habitat (0.2.13)
+    train-habitat (0.2.22)
-    train-winrm (0.2.6)
+    train-winrm (0.2.13)
-      winrm (~> 2.0)
+      winrm (>= 2.3.6, < 3.0)
+      winrm-elevated (~> 1.2.2)
       winrm-fs (~> 1.0)
-    tty-box (0.5.0)
+    tty-box (0.7.0)
-      pastel (~> 0.7.2)
+      pastel (~> 0.8)
-      strings (~> 0.1.6)
+      strings (~> 0.2.0)
       tty-cursor (~> 0.7)
-    tty-color (0.5.1)
+    tty-color (0.6.0)
     tty-cursor (0.7.1)
-    tty-prompt (0.21.0)
+    tty-prompt (0.23.1)
-      necromancer (~> 0.5.0)
+      pastel (~> 0.8)
-      pastel (~> 0.7.0)
+      tty-reader (~> 0.8)
-      tty-reader (~> 0.7.0)
+    tty-reader (0.9.0)
-    tty-reader (0.7.0)
       tty-cursor (~> 0.7)
-      tty-screen (~> 0.7)
+      tty-screen (~> 0.8)
-      wisper (~> 2.0.0)
+      wisper (~> 2.0)
-    tty-screen (0.8.0)
+    tty-screen (0.8.1)
-    tty-table (0.11.0)
+    tty-table (0.12.0)
-      equatable (~> 0.6)
+      pastel (~> 0.8)
-      necromancer (~> 0.5)
+      strings (~> 0.2.0)
-      pastel (~> 0.7.2)
+      tty-screen (~> 0.8)
-      strings (~> 0.1.5)
+    tzinfo (2.0.4)
-      tty-screen (~> 0.7)
+      concurrent-ruby (~> 1.0)
-    tzinfo (1.2.7)
-      thread_safe (~> 0.1)
     uber (0.1.0)
     unf (0.1.4)
       unf_ext
-    unf_ext (0.0.7.7)
+    unf_ext (0.0.8.2)
-    unicode-display_width (1.7.0)
+    unicode-display_width (2.2.0)
     unicode_utils (1.4.0)
-    uri_template (0.7.0)
+    winrm (2.3.6)
-    winrm (2.3.4)
       builder (>= 2.1.2)
       erubi (~> 1.8)
       gssapi (~> 1.2)
@@ -509,15 +652,15 @@ GEM
       httpclient (~> 2.2, >= 2.2.0.2)
       logging (>= 1.6.1, < 3.0)
       nori (~> 2.0)
-      rubyntlm (~> 0.6.0, >= 0.6.1)
+      rubyntlm (~> 0.6.0, >= 0.6.3)
-    winrm-elevated (1.2.1)
+    winrm-elevated (1.2.3)
       erubi (~> 1.8)
       winrm (~> 2.0)
       winrm-fs (~> 1.0)
-    winrm-fs (1.3.3)
+    winrm-fs (1.3.5)
       erubi (~> 1.8)
       logging (>= 1.6.1, < 3.0)
-      rubyzip (~> 1.1)
+      rubyzip (~> 2.0)
       winrm (~> 2.0)
     wisper (2.0.1)
 
@@ -525,9 +668,10 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
-  kitchen-docker (>= 2.9)
+  inspec!
-  kitchen-inspec (>= 1.1)
+  kitchen-docker!
-  kitchen-salt (>= 0.6.0)
+  kitchen-inspec (>= 2.5.0)
+  kitchen-salt (>= 0.7.2)
   kitchen-vagrant
 
 BUNDLED WITH

bin/install-hooks

@@ -0,0 +1,16 @@
+#!/usr/bin/env sh
+set -o nounset # Treat unset variables as an error and immediately exit
+set -o errexit # If a command fails exit the whole script
+
+if [ "${DEBUG:-false}" = "true" ]; then
+  set -x # Run the entire script in debug mode
+fi
+
+if ! command -v pre-commit >/dev/null 2>&1; then
+  echo "pre-commit not found: please install or check your PATH" >&2
+  echo "See https://pre-commit.com/#installation" >&2
+  exit 1
+fi
+
+pre-commit install --install-hooks
+pre-commit install --hook-type commit-msg --install-hooks

bin/kitchen

@@ -19,8 +19,8 @@ if File.file?(bundle_binstub)
     load(bundle_binstub)
   else
     abort(
-      'Your `bin/bundle` was not generated by Bundler, '\
+      'Your `bin/bundle` was not generated by Bundler, ' \
-      'so this binstub cannot run.  Replace `bin/bundle` by running '\
+      'so this binstub cannot run.  Replace `bin/bundle` by running ' \
       '`bundle binstubs bundler --force`, then run this command again.'
     )
   end

commitlint.config.js

@@ -1,3 +1,8 @@
 module.exports = {
     extends: ['@commitlint/config-conventional'],
+    rules: {
+        'body-max-line-length': [2, 'always', 120],
+        'footer-max-line-length': [2, 'always', 120],
+        'header-max-length': [2, 'always', 72],
+    },
 };

docs/AUTHORS.rst

@@ -13,218 +13,224 @@ This list is sorted by the number of commits per contributor in *descending* ord
    * - Avatar
      - Contributor
      - Contributions
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars2.githubusercontent.com/u/10231489?v=4' width='36' height='36' alt='@myii'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/10231489?v=4' width='36' height='36' alt='@myii'>`
      - `@myii <https://github.com/myii>`_
-     - 72
+     - 165
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars0.githubusercontent.com/u/1920805?v=4' width='36' height='36' alt='@alxwr'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1920805?v=4' width='36' height='36' alt='@alxwr'>`
      - `@alxwr <https://github.com/alxwr>`_
      - 38
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars2.githubusercontent.com/u/1396878?v=4' width='36' height='36' alt='@gravyboat'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1233212?v=4' width='36' height='36' alt='@baby-gnu'>`
+     - `@baby-gnu <https://github.com/baby-gnu>`_
+     - 33
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1396878?v=4' width='36' height='36' alt='@gravyboat'>`
      - `@gravyboat <https://github.com/gravyboat>`_
      - 28
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars0.githubusercontent.com/u/1800660?v=4' width='36' height='36' alt='@aboe76'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1800660?v=4' width='36' height='36' alt='@aboe76'>`
      - `@aboe76 <https://github.com/aboe76>`_
      - 25
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars0.githubusercontent.com/u/1233212?v=4' width='36' height='36' alt='@baby-gnu'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/3374962?v=4' width='36' height='36' alt='@nmadhok'>`
-     - `@baby-gnu <https://github.com/baby-gnu>`_
-     - 19
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars0.githubusercontent.com/u/3374962?v=4' width='36' height='36' alt='@nmadhok'>`
      - `@nmadhok <https://github.com/nmadhok>`_
      - 15
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars2.githubusercontent.com/u/91293?v=4' width='36' height='36' alt='@whiteinge'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/91293?v=4' width='36' height='36' alt='@whiteinge'>`
      - `@whiteinge <https://github.com/whiteinge>`_
      - 9
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars1.githubusercontent.com/u/8029478?v=4' width='36' height='36' alt='@rfairburn'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/8029478?v=4' width='36' height='36' alt='@rfairburn'>`
      - `@rfairburn <https://github.com/rfairburn>`_
      - 8
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars0.githubusercontent.com/u/6018668?v=4' width='36' height='36' alt='@amendlik'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/6018668?v=4' width='36' height='36' alt='@amendlik'>`
      - `@amendlik <https://github.com/amendlik>`_
      - 8
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars2.githubusercontent.com/u/941928?v=4' width='36' height='36' alt='@amontalban'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/941928?v=4' width='36' height='36' alt='@amontalban'>`
      - `@amontalban <https://github.com/amontalban>`_
      - 7
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars2.githubusercontent.com/u/242396?v=4' width='36' height='36' alt='@javierbertoli'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/242396?v=4' width='36' height='36' alt='@javierbertoli'>`
      - `@javierbertoli <https://github.com/javierbertoli>`_
      - 7
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars3.githubusercontent.com/u/897349?v=4' width='36' height='36' alt='@kennydo'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/897349?v=4' width='36' height='36' alt='@kennydo'>`
      - `@kennydo <https://github.com/kennydo>`_
      - 7
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars0.githubusercontent.com/u/17393048?v=4' width='36' height='36' alt='@ek9'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/17393048?v=4' width='36' height='36' alt='@ek9'>`
      - `@ek9 <https://github.com/ek9>`_
      - 7
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars3.githubusercontent.com/u/6215293?v=4' width='36' height='36' alt='@0xf10e'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/6215293?v=4' width='36' height='36' alt='@0xf10e'>`
      - `@0xf10e <https://github.com/0xf10e>`_
      - 7
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars2.githubusercontent.com/u/642259?v=4' width='36' height='36' alt='@pepoluan'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/642259?v=4' width='36' height='36' alt='@pepoluan'>`
      - `@pepoluan <https://github.com/pepoluan>`_
      - 5
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars1.githubusercontent.com/u/10227523?v=4' width='36' height='36' alt='@llua'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/10227523?v=4' width='36' height='36' alt='@llua'>`
      - `@llua <https://github.com/llua>`_
      - 5
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars1.githubusercontent.com/u/528061?v=4' width='36' height='36' alt='@puneetk'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/528061?v=4' width='36' height='36' alt='@puneetk'>`
      - `@puneetk <https://github.com/puneetk>`_
      - 5
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars1.githubusercontent.com/u/3375654?v=4' width='36' height='36' alt='@nterupt'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/3375654?v=4' width='36' height='36' alt='@nterupt'>`
      - `@nterupt <https://github.com/nterupt>`_
      - 4
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars3.githubusercontent.com/u/10141454?v=4' width='36' height='36' alt='@mathieupotier'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/10141454?v=4' width='36' height='36' alt='@mathieupotier'>`
      - `@mathieupotier <https://github.com/mathieupotier>`_
      - 4
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars2.githubusercontent.com/u/1079875?v=4' width='36' height='36' alt='@bogdanr'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1079875?v=4' width='36' height='36' alt='@bogdanr'>`
      - `@bogdanr <https://github.com/bogdanr>`_
      - 3
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars1.githubusercontent.com/u/287147?v=4' width='36' height='36' alt='@techhat'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/4195158?v=4' width='36' height='36' alt='@dafyddj'>`
+     - `@dafyddj <https://github.com/dafyddj>`_
+     - 3
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/287147?v=4' width='36' height='36' alt='@techhat'>`
      - `@techhat <https://github.com/techhat>`_
      - 3
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars2.githubusercontent.com/u/13550?v=4' width='36' height='36' alt='@mikemol'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/13550?v=4' width='36' height='36' alt='@mikemol'>`
      - `@mikemol <https://github.com/mikemol>`_
      - 3
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars2.githubusercontent.com/u/358074?v=4' width='36' height='36' alt='@pcdummy'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/507599?v=4' width='36' height='36' alt='@thatch45'>`
-     - `@pcdummy <https://github.com/pcdummy>`_
-     - 3
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars0.githubusercontent.com/u/507599?v=4' width='36' height='36' alt='@thatch45'>`
      - `@thatch45 <https://github.com/thatch45>`_
      - 3
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars1.githubusercontent.com/u/117961?v=4' width='36' height='36' alt='@babilen5'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/117961?v=4' width='36' height='36' alt='@babilen'>`
-     - `@babilen5 <https://github.com/babilen5>`_
+     - `@babilen <https://github.com/babilen>`_
      - 3
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars3.githubusercontent.com/u/2061751?v=4' width='36' height='36' alt='@matthew-parlette'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/2061751?v=4' width='36' height='36' alt='@matthew-parlette'>`
      - `@matthew-parlette <https://github.com/matthew-parlette>`_
      - 3
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars1.githubusercontent.com/u/1013915?v=4' width='36' height='36' alt='@rhertzog'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/13322818?v=4' width='36' height='36' alt='@noelmcloughlin'>`
+     - `@noelmcloughlin <https://github.com/noelmcloughlin>`_
+     - 3
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1013915?v=4' width='36' height='36' alt='@rhertzog'>`
      - `@rhertzog <https://github.com/rhertzog>`_
      - 3
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars1.githubusercontent.com/u/36720?v=4' width='36' height='36' alt='@brot'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/36720?v=4' width='36' height='36' alt='@brot'>`
      - `@brot <https://github.com/brot>`_
      - 2
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars3.githubusercontent.com/u/776662?v=4' width='36' height='36' alt='@carlosperello'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/776662?v=4' width='36' height='36' alt='@carlosperello'>`
      - `@carlosperello <https://github.com/carlosperello>`_
      - 2
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars2.githubusercontent.com/u/114159?v=4' width='36' height='36' alt='@fpletz'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/114159?v=4' width='36' height='36' alt='@fpletz'>`
      - `@fpletz <https://github.com/fpletz>`_
      - 2
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars2.githubusercontent.com/u/5255388?v=4' width='36' height='36' alt='@ingben'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/5255388?v=4' width='36' height='36' alt='@ingben'>`
      - `@ingben <https://github.com/ingben>`_
      - 2
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars2.githubusercontent.com/u/675056?v=4' width='36' height='36' alt='@OrangeDog'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/675056?v=4' width='36' height='36' alt='@OrangeDog'>`
      - `@OrangeDog <https://github.com/OrangeDog>`_
      - 2
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars3.githubusercontent.com/u/2285387?v=4' width='36' height='36' alt='@kyrias'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/2285387?v=4' width='36' height='36' alt='@kyrias'>`
      - `@kyrias <https://github.com/kyrias>`_
      - 2
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars0.githubusercontent.com/u/924183?v=4' width='36' height='36' alt='@mschiff'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/924183?v=4' width='36' height='36' alt='@mschiff'>`
      - `@mschiff <https://github.com/mschiff>`_
      - 2
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars2.githubusercontent.com/u/3768412?v=4' width='36' height='36' alt='@stp-ip'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/3768412?v=4' width='36' height='36' alt='@stp-ip'>`
      - `@stp-ip <https://github.com/stp-ip>`_
      - 2
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars1.githubusercontent.com/u/13322818?v=4' width='36' height='36' alt='@noelmcloughlin'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/299386?v=4' width='36' height='36' alt='@excavador'>`
-     - `@noelmcloughlin <https://github.com/noelmcloughlin>`_
-     - 2
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars2.githubusercontent.com/u/299386?v=4' width='36' height='36' alt='@excavador'>`
      - `@excavador <https://github.com/excavador>`_
      - 2
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars3.githubusercontent.com/u/4510160?v=4' width='36' height='36' alt='@hudecof'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/4510160?v=4' width='36' height='36' alt='@hudecof'>`
      - `@hudecof <https://github.com/hudecof>`_
      - 2
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars0.githubusercontent.com/u/1004111?v=4' width='36' height='36' alt='@freach'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1004111?v=4' width='36' height='36' alt='@freach'>`
      - `@freach <https://github.com/freach>`_
      - 2
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars2.githubusercontent.com/u/50891?v=4' width='36' height='36' alt='@westurner'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1353637?v=4' width='36' height='36' alt='@stasjok'>`
+     - `@stasjok <https://github.com/stasjok>`_
+     - 2
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/50891?v=4' width='36' height='36' alt='@westurner'>`
      - `@westurner <https://github.com/westurner>`_
      - 2
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars0.githubusercontent.com/u/228723?v=4' width='36' height='36' alt='@abednarik'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/228723?v=4' width='36' height='36' alt='@abednarik'>`
      - `@abednarik <https://github.com/abednarik>`_
      - 2
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars1.githubusercontent.com/u/26563851?v=4' width='36' height='36' alt='@chenmen'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/26563851?v=4' width='36' height='36' alt='@chenmen'>`
      - `@chenmen <https://github.com/chenmen>`_
      - 2
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars0.githubusercontent.com/u/850317?v=4' width='36' height='36' alt='@alanpearce'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/850317?v=4' width='36' height='36' alt='@alanpearce'>`
      - `@alanpearce <https://github.com/alanpearce>`_
      - 1
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars0.githubusercontent.com/u/445200?v=4' width='36' height='36' alt='@arthurlogilab'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/445200?v=4' width='36' height='36' alt='@arthurlogilab'>`
      - `@arthurlogilab <https://github.com/arthurlogilab>`_
      - 1
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars3.githubusercontent.com/u/1566437?v=4' width='36' height='36' alt='@bkmit'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1566437?v=4' width='36' height='36' alt='@bkmit'>`
      - `@bkmit <https://github.com/bkmit>`_
      - 1
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars3.githubusercontent.com/u/20098965?v=4' width='36' height='36' alt='@brianholland99'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/20098965?v=4' width='36' height='36' alt='@brianholland99'>`
      - `@brianholland99 <https://github.com/brianholland99>`_
      - 1
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars1.githubusercontent.com/u/20441?v=4' width='36' height='36' alt='@iggy'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/20441?v=4' width='36' height='36' alt='@iggy'>`
      - `@iggy <https://github.com/iggy>`_
      - 1
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars1.githubusercontent.com/u/13131979?v=4' width='36' height='36' alt='@BT-dschleich'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/13131979?v=4' width='36' height='36' alt='@BT-dschleich'>`
      - `@BT-dschleich <https://github.com/BT-dschleich>`_
      - 1
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars0.githubusercontent.com/u/3012076?v=4' width='36' height='36' alt='@fzipi'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/3012076?v=4' width='36' height='36' alt='@fzipi'>`
      - `@fzipi <https://github.com/fzipi>`_
      - 1
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars0.githubusercontent.com/u/94157?v=4' width='36' height='36' alt='@imran1008'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/94157?v=4' width='36' height='36' alt='@imran1008'>`
      - `@imran1008 <https://github.com/imran1008>`_
      - 1
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars3.githubusercontent.com/u/637504?v=4' width='36' height='36' alt='@jasperla'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/637504?v=4' width='36' height='36' alt='@jasperla'>`
      - `@jasperla <https://github.com/jasperla>`_
      - 1
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars2.githubusercontent.com/u/350294?v=4' width='36' height='36' alt='@anderbubble'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/350294?v=4' width='36' height='36' alt='@anderbubble'>`
      - `@anderbubble <https://github.com/anderbubble>`_
      - 1
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars0.githubusercontent.com/u/7613500?v=4' width='36' height='36' alt='@levlozhkin'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/7613500?v=4' width='36' height='36' alt='@levlozhkin'>`
      - `@levlozhkin <https://github.com/levlozhkin>`_
      - 1
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars0.githubusercontent.com/u/25535310?v=4' width='36' height='36' alt='@polymeter'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/25535310?v=4' width='36' height='36' alt='@polymeter'>`
      - `@polymeter <https://github.com/polymeter>`_
      - 1
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars3.githubusercontent.com/u/16899663?v=4' width='36' height='36' alt='@Mario-F'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/16899663?v=4' width='36' height='36' alt='@Mario-F'>`
      - `@Mario-F <https://github.com/Mario-F>`_
      - 1
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars3.githubusercontent.com/u/2869?v=4' width='36' height='36' alt='@nigelsim'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/2869?v=4' width='36' height='36' alt='@nigelsim'>`
      - `@nigelsim <https://github.com/nigelsim>`_
      - 1
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars2.githubusercontent.com/u/25389335?v=4' width='36' height='36' alt='@antifob'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/25389335?v=4' width='36' height='36' alt='@antifob'>`
      - `@antifob <https://github.com/antifob>`_
      - 1
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars0.githubusercontent.com/u/1610802?v=4' width='36' height='36' alt='@robinelfrink'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1610802?v=4' width='36' height='36' alt='@robinelfrink'>`
      - `@robinelfrink <https://github.com/robinelfrink>`_
      - 1
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars2.githubusercontent.com/u/2377054?v=4' width='36' height='36' alt='@smlloyd'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/2377054?v=4' width='36' height='36' alt='@smlloyd'>`
      - `@smlloyd <https://github.com/smlloyd>`_
      - 1
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars1.githubusercontent.com/u/4156131?v=4' width='36' height='36' alt='@skylerberg'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/4156131?v=4' width='36' height='36' alt='@skylerberg'>`
      - `@skylerberg <https://github.com/skylerberg>`_
      - 1
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars3.githubusercontent.com/u/48949?v=4' width='36' height='36' alt='@tampakrap'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/48949?v=4' width='36' height='36' alt='@tampakrap'>`
      - `@tampakrap <https://github.com/tampakrap>`_
      - 1
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars3.githubusercontent.com/u/566830?v=4' width='36' height='36' alt='@TJuberg'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/566830?v=4' width='36' height='36' alt='@TJuberg'>`
      - `@TJuberg <https://github.com/TJuberg>`_
      - 1
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars2.githubusercontent.com/u/1974659?v=4' width='36' height='36' alt='@tibold'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1974659?v=4' width='36' height='36' alt='@tibold'>`
      - `@tibold <https://github.com/tibold>`_
      - 1
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars3.githubusercontent.com/u/1277162?v=4' width='36' height='36' alt='@brandonparsons'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/113170?v=4' width='36' height='36' alt='@TimJones'>`
+     - `@TimJones <https://github.com/TimJones>`_
+     - 1
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1277162?v=4' width='36' height='36' alt='@brandonparsons'>`
      - `@brandonparsons <https://github.com/brandonparsons>`_
      - 1
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars0.githubusercontent.com/u/1406670?v=4' width='36' height='36' alt='@elfixit'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1406670?v=4' width='36' height='36' alt='@elfixit'>`
      - `@elfixit <https://github.com/elfixit>`_
      - 1
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars3.githubusercontent.com/u/10122937?v=4' width='36' height='36' alt='@ketzacoatl'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/10122937?v=4' width='36' height='36' alt='@ketzacoatl'>`
      - `@ketzacoatl <https://github.com/ketzacoatl>`_
      - 1
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars3.githubusercontent.com/u/15609251?v=4' width='36' height='36' alt='@omltorg'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/15609251?v=4' width='36' height='36' alt='@omltorg'>`
      - `@omltorg <https://github.com/omltorg>`_
      - 1
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars0.githubusercontent.com/u/1721508?v=4' width='36' height='36' alt='@reschl'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/1721508?v=4' width='36' height='36' alt='@reschl'>`
      - `@reschl <https://github.com/reschl>`_
      - 1
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars0.githubusercontent.com/u/991850?v=4' width='36' height='36' alt='@scub'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/991850?v=4' width='36' height='36' alt='@scub'>`
      - `@scub <https://github.com/scub>`_
      - 1
-   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars1.githubusercontent.com/u/8021992?v=4' width='36' height='36' alt='@tmeneau'>`
+   * - :raw-html-m2r:`<img class='float-left rounded-1' src='https://avatars.githubusercontent.com/u/8021992?v=4' width='36' height='36' alt='@tmeneau'>`
      - `@tmeneau <https://github.com/tmeneau>`_
      - 1
 
 
 ----
 
-Auto-generated by a `forked version <https://github.com/myii/maintainer>`_ of `gaocegege/maintainer <https://github.com/gaocegege/maintainer>`_ on 2020-08-26.
+Auto-generated by a `forked version <https://github.com/myii/maintainer>`_ of `gaocegege/maintainer <https://github.com/gaocegege/maintainer>`_ on 2022-02-21.

docs/CHANGELOG.rst

@@ -2,6 +2,235 @@
 Changelog
 =========
 
+`3.0.3 <https://github.com/saltstack-formulas/openssh-formula/compare/v3.0.2...v3.0.3>`_ (2022-02-21)
+---------------------------------------------------------------------------------------------------------
+
+Bug Fixes
+^^^^^^^^^
+
+
+* **libmapstack:** allow mapping by booleans and numbers (\ `40ba5a7 <https://github.com/saltstack-formulas/openssh-formula/commit/40ba5a72c6476fa7deb4e73a01e78530da4c45d9>`_\ )
+
+Continuous Integration
+^^^^^^^^^^^^^^^^^^^^^^
+
+
+* update linters to latest versions [skip ci] (\ `81f97c0 <https://github.com/saltstack-formulas/openssh-formula/commit/81f97c0457b7b30a6464c066fcb83ca77def9371>`_\ )
+
+Styles
+^^^^^^
+
+
+* **libsaltcli:** fix comments to jinja comments [skip ci] (\ `3416d94 <https://github.com/saltstack-formulas/openssh-formula/commit/3416d94a36ab0c38942dba8d660652592f74a019>`_\ )
+
+Tests
+^^^^^
+
+
+* **system:** add ``build_platform_codename`` [skip ci] (\ `aaa1828 <https://github.com/saltstack-formulas/openssh-formula/commit/aaa1828f8683cb306b4532805d8095b095649af5>`_\ )
+
+`3.0.2 <https://github.com/saltstack-formulas/openssh-formula/compare/v3.0.1...v3.0.2>`_ (2022-02-03)
+---------------------------------------------------------------------------------------------------------
+
+Bug Fixes
+^^^^^^^^^
+
+
+* **libmatchers:** python client API can use ``config.get`` options (\ `560a5cc <https://github.com/saltstack-formulas/openssh-formula/commit/560a5ccbbc1c657fce621da945981cd0bd701879>`_\ )
+
+Code Refactoring
+^^^^^^^^^^^^^^^^
+
+
+* **map.jinja:** standardise v5 structure [skip ci] (\ `3162842 <https://github.com/saltstack-formulas/openssh-formula/commit/3162842ec5531b72a28fff592e1b63d33aa2cd59>`_\ )
+
+Continuous Integration
+^^^^^^^^^^^^^^^^^^^^^^
+
+
+* **3003.1:** update inc. AlmaLinux, Rocky & ``rst-lint`` [skip ci] (\ `7190129 <https://github.com/saltstack-formulas/openssh-formula/commit/719012908469f50e510779e1b82fb5605f54053a>`_\ )
+* **freebsd:** update with latest pre-salted Vagrant boxes [skip ci] (\ `943cf17 <https://github.com/saltstack-formulas/openssh-formula/commit/943cf1790370fa32d19f6e367510d513fc9cbbb6>`_\ )
+* **gemfile:** allow rubygems proxy to be provided as an env var [skip ci] (\ `8b2cd1b <https://github.com/saltstack-formulas/openssh-formula/commit/8b2cd1b0e6a872928d2095170e9524274c9de3e2>`_\ )
+* **gemfile+lock:** use ``ssf`` customised ``inspec`` repo [skip ci] (\ `e5d83f3 <https://github.com/saltstack-formulas/openssh-formula/commit/e5d83f3f36152c57c6701fdb5d28b624830dc8e0>`_\ )
+* **kitchen:** move ``provisioner`` block & update ``run_command`` [skip ci] (\ `1685782 <https://github.com/saltstack-formulas/openssh-formula/commit/168578285aa3291c4cca775daae299aa0889f1d5>`_\ )
+* **kitchen+ci:** update with ``3004`` pre-salted images/boxes [skip ci] (\ `e59160f <https://github.com/saltstack-formulas/openssh-formula/commit/e59160f8461386c148b8e61f43e4c3a0d0b89587>`_\ )
+* **kitchen+ci:** update with latest ``3003.2`` pre-salted images [skip ci] (\ `d48bdde <https://github.com/saltstack-formulas/openssh-formula/commit/d48bdde2c6919d73a79301f46ec058668d413aac>`_\ )
+* **kitchen+ci:** update with latest CVE pre-salted images [skip ci] (\ `5d4ed95 <https://github.com/saltstack-formulas/openssh-formula/commit/5d4ed95572dbdb7b93c2ff3cafca71ed8a6a4034>`_\ )
+* **kitchen+gitlab:** remove Ubuntu 16.04 & Fedora 32 (EOL) [skip ci] (\ `b7ddbb0 <https://github.com/saltstack-formulas/openssh-formula/commit/b7ddbb0e186b74d5c9ae0abd75b187f08aab896e>`_\ )
+* **kitchen+gitlab:** update for new pre-salted images [skip ci] (\ `eede9fa <https://github.com/saltstack-formulas/openssh-formula/commit/eede9fa54c84b92aab2f7c036e41f53df1389e0c>`_\ )
+* **vagrant:** replace FreeBSD 12.2 with 12.3 [skip ci] (\ `5e8a886 <https://github.com/saltstack-formulas/openssh-formula/commit/5e8a88631351c1621da415bc0decae808b9bfc1b>`_\ )
+* add Debian 11 Bullseye & update ``yamllint`` configuration [skip ci] (\ `efb6799 <https://github.com/saltstack-formulas/openssh-formula/commit/efb679941a6940b1e94a1b0b3fdbaa25ff3f5d12>`_\ )
+* **vagrant:** add OpenBSD 6.9 [skip ci] (\ `fb78927 <https://github.com/saltstack-formulas/openssh-formula/commit/fb789274811a3acce1589280137fab8dd78cd0d2>`_\ )
+* add ``arch-master`` to matrix and update ``.travis.yml`` [skip ci] (\ `1af42b2 <https://github.com/saltstack-formulas/openssh-formula/commit/1af42b215e96715f3ddeae13aab6fcbbcfd258b4>`_\ )
+* **kitchen+gitlab:** adjust matrix to add ``3003`` [skip ci] (\ `c82927f <https://github.com/saltstack-formulas/openssh-formula/commit/c82927fbc8dd40aea584c6fbee2a5d08eac7c31e>`_\ )
+* **vagrant:** add FreeBSD 13.0 [skip ci] (\ `7c69859 <https://github.com/saltstack-formulas/openssh-formula/commit/7c698591c862c412894416f5037892f13f2ed514>`_\ )
+* **vagrant:** use pre-salted boxes & conditional local settings [skip ci] (\ `531de16 <https://github.com/saltstack-formulas/openssh-formula/commit/531de164b66ef66b66fadd2369ad302916131e39>`_\ )
+
+Documentation
+^^^^^^^^^^^^^
+
+
+* **readme:** fix headings [skip ci] (\ `52abade <https://github.com/saltstack-formulas/openssh-formula/commit/52abade1821ba7afa1ed313ba9a4d8250283938b>`_\ )
+
+Tests
+^^^^^
+
+
+* **_mapdata:** add verification file for ``debian-11`` [skip ci] (\ `42e17b2 <https://github.com/saltstack-formulas/openssh-formula/commit/42e17b28712b3bf369ac4629b21705a54c5763d6>`_\ )
+* **_mapdata:** add verification file for ``fedora-34`` [skip ci] (\ `3f6c4a0 <https://github.com/saltstack-formulas/openssh-formula/commit/3f6c4a05acbf5b41b771b4a44a897e7353190efa>`_\ )
+* **alma+rocky:** add platforms (based on CentOS 8) [skip ci] (\ `2dc565b <https://github.com/saltstack-formulas/openssh-formula/commit/2dc565b7c7a467b55e199e47e0d5fe4486360e34>`_\ )
+* **default:** use ``grains.get`` for ``oscodename`` (for FreeBSD) [skip ci] (\ `aa8f9db <https://github.com/saltstack-formulas/openssh-formula/commit/aa8f9dbfd6e534e53557b4ae917a90951f8714ac>`_\ )
+* **freebsd:** add ``map.jinja`` verification file (for 13.0) (\ `018a47c <https://github.com/saltstack-formulas/openssh-formula/commit/018a47cdd89dac21c05265db7cb5ee8ec9bd0ada>`_\ )
+* **pillar:** add ``ssh-rsa`` Kitchen workaround on Arch Linux [skip ci] (\ `ecd62e4 <https://github.com/saltstack-formulas/openssh-formula/commit/ecd62e45075c19bce13d42d88c9372c1a308699f>`_\ )
+* **pillar:** add ``ssh-rsa`` Kitchen workaround on Gentoo [skip ci] (\ `d65ea55 <https://github.com/saltstack-formulas/openssh-formula/commit/d65ea55d94d1cd314412daa6388eda080ab70725>`_\ )
+* **pillar:** add platforms to ``ssh-rsa`` Kitchen workaround [skip ci] (\ `6260e85 <https://github.com/saltstack-formulas/openssh-formula/commit/6260e852800a3a5481cc0df73a5f689a48599ea2>`_\ )
+
+`3.0.1 <https://github.com/saltstack-formulas/openssh-formula/compare/v3.0.0...v3.0.1>`_ (2021-03-26)
+---------------------------------------------------------------------------------------------------------
+
+Bug Fixes
+^^^^^^^^^
+
+
+* **openbsd:** fix ``dig_pkg``\ , avoid ``UsePAM`` & add verification file (\ `2868560 <https://github.com/saltstack-formulas/openssh-formula/commit/286856058ac1b7231cbd3455826a751963c3ca45>`_\ )
+
+Continuous Integration
+^^^^^^^^^^^^^^^^^^^^^^
+
+
+* enable Vagrant-based testing using GitHub Actions (\ `f1af455 <https://github.com/saltstack-formulas/openssh-formula/commit/f1af45593d967c9ac734702fa31b922d28053d32>`_\ )
+* **gemfile+lock:** use ``ssf`` customised ``kitchen-docker`` repo [skip ci] (\ `01512a0 <https://github.com/saltstack-formulas/openssh-formula/commit/01512a0ec47b42ea41fcc949f59372b7e95e817c>`_\ )
+* **kitchen+ci:** use latest pre-salted images (after CVE) [skip ci] (\ `79321be <https://github.com/saltstack-formulas/openssh-formula/commit/79321be76fa91234414dd53ea81ee0327276bafe>`_\ )
+* **kitchen+gitlab-ci:** use latest pre-salted images [skip ci] (\ `c2a366f <https://github.com/saltstack-formulas/openssh-formula/commit/c2a366f9c721fc0956cd08c5e3f239a751be7a10>`_\ )
+* **pre-commit:** update hook for ``rubocop`` [skip ci] (\ `ccb6a44 <https://github.com/saltstack-formulas/openssh-formula/commit/ccb6a4487580eb75b3d735e7cfb398f2b8ebb316>`_\ )
+
+Documentation
+^^^^^^^^^^^^^
+
+
+* **readme:** add ``Testing with Vagrant`` section (\ `2f8c31c <https://github.com/saltstack-formulas/openssh-formula/commit/2f8c31c66c56d7c7626c5193d7386cc280e16322>`_\ )
+
+Tests
+^^^^^
+
+
+* **freebsd:** add ``map.jinja`` verification files (for 11.4 & 12.2) (\ `4c857fe <https://github.com/saltstack-formulas/openssh-formula/commit/4c857fe07156260a206c9d33c7a87ce60a324803>`_\ )
+* standardise use of ``share`` suite & ``_mapdata`` state [skip ci] (\ `35a2124 <https://github.com/saltstack-formulas/openssh-formula/commit/35a2124a43da14c8cb64040b0b5f2d1b4b7545fe>`_\ )
+* **_mapdata:** add verification files for new platforms (\ `748eded <https://github.com/saltstack-formulas/openssh-formula/commit/748ededc7af79b792cac8fa01abcd20c8c27d8ed>`_\ )
+* **share:** standardise with latest changes [skip ci] (\ `de969f1 <https://github.com/saltstack-formulas/openssh-formula/commit/de969f10f1b22a86491f1b33d1d06eb7d721a980>`_\ )
+
+`3.0.0 <https://github.com/saltstack-formulas/openssh-formula/compare/v2.0.6...v3.0.0>`_ (2021-01-12)
+---------------------------------------------------------------------------------------------------------
+
+Code Refactoring
+^^^^^^^^^^^^^^^^
+
+
+* **map:** compound matchers like parsing with ``libmatchers`` (\ `925c86e <https://github.com/saltstack-formulas/openssh-formula/commit/925c86ea698c68f684ba1645a58c88d688e6acc5>`_\ )
+* **map:** load ``defaults.jinja`` configuration with ``libmapstack`` (\ `174bb68 <https://github.com/saltstack-formulas/openssh-formula/commit/174bb68432366a449a8327a9dbb648271f123224>`_\ )
+* **map:** load ``map.jinja`` configuration with ``libmapstack`` (\ `568bb7c <https://github.com/saltstack-formulas/openssh-formula/commit/568bb7ce4075ee376e8c49a45a1470d252f82ab9>`_\ )
+* **map:** load formula configuration with ``libmatchers`` (\ `ff6b56c <https://github.com/saltstack-formulas/openssh-formula/commit/ff6b56c4a4e282f41ddfc8f379f95096fea0553f>`_\ )
+
+Documentation
+^^^^^^^^^^^^^
+
+
+* **map:** document the new ``map.jinja`` with targeting like syntax (\ `7ecb24b <https://github.com/saltstack-formulas/openssh-formula/commit/7ecb24bdc1ff84ddac4c7c3e5d8d70c7512f4fb5>`_\ )
+
+Features
+^^^^^^^^
+
+
+* **map:** use targeting like syntax for configuration (\ `1be0d87 <https://github.com/saltstack-formulas/openssh-formula/commit/1be0d8725ad933034f4e87cc9636bcc5100bd55c>`_\ )
+* **matchers:** add delimiter option for source definitions (\ `d69556d <https://github.com/saltstack-formulas/openssh-formula/commit/d69556d5ae79a907d79351d4b9775e0ce2970b39>`_\ )
+
+Styles
+^^^^^^
+
+
+* **mapstack:** variables in macro can't be exported (\ `7de2d6f <https://github.com/saltstack-formulas/openssh-formula/commit/7de2d6fd756b3e4b7154e660b639d7ce6edb8cfe>`_\ )
+
+BREAKING CHANGES
+^^^^^^^^^^^^^^^^
+
+
+* **map:** the configuration ``map_jinja:sources`` is only
+  .. code-block::
+
+                configurable with `salt://parameters/map_jinja.yaml`
+        and `salt://{{ tplroot }}/parameters/map_jinja.yaml`
+
+* **map:** the ``map_jinja:config_get_roots`` is replaced by
+  .. code-block::
+
+                compound like `map_jinja:sources`
+
+* **map:** the two ``config_get_lookup`` and ``config_get`` are
+  .. code-block::
+
+                replaced by `C@<tplroot>:lookup` and `C@<tplroot>`
+        sources
+
+`2.0.6 <https://github.com/saltstack-formulas/openssh-formula/compare/v2.0.5...v2.0.6>`_ (2020-12-23)
+---------------------------------------------------------------------------------------------------------
+
+Code Refactoring
+^^^^^^^^^^^^^^^^
+
+
+* **map:** use top-level ``values:`` key in ``map.jinja`` dumps (\ `37597e5 <https://github.com/saltstack-formulas/openssh-formula/commit/37597e5b12c769be5add3608152215d7d21e8412>`_\ )
+
+`2.0.5 <https://github.com/saltstack-formulas/openssh-formula/compare/v2.0.4...v2.0.5>`_ (2020-12-22)
+---------------------------------------------------------------------------------------------------------
+
+Continuous Integration
+^^^^^^^^^^^^^^^^^^^^^^
+
+
+* **commitlint:** ensure ``upstream/master`` uses main repo URL [skip ci] (\ `7af3bf2 <https://github.com/saltstack-formulas/openssh-formula/commit/7af3bf255df5d636750edb8b3a95c63b032712b4>`_\ )
+* **gitlab-ci:** add ``rubocop`` linter (with ``allow_failure``\ ) [skip ci] (\ `37b9f3a <https://github.com/saltstack-formulas/openssh-formula/commit/37b9f3ac09a895b6aad5e796f062c6f3871e697c>`_\ )
+* **gitlab-ci:** use GitLab CI as Travis CI replacement (\ `bccd5fd <https://github.com/saltstack-formulas/openssh-formula/commit/bccd5fd3d88ba22d1b9b91018e7eb2a24620138f>`_\ )
+* **pre-commit:** add to formula [skip ci] (\ `4e13609 <https://github.com/saltstack-formulas/openssh-formula/commit/4e13609b992d5d2e3e2a540e736016fe1f22c7e2>`_\ )
+* **pre-commit:** enable/disable ``rstcheck`` as relevant [skip ci] (\ `094bef5 <https://github.com/saltstack-formulas/openssh-formula/commit/094bef540614043947434a00b0a0e8bfe4665f93>`_\ )
+* **pre-commit:** finalise ``rstcheck`` configuration [skip ci] (\ `75e843a <https://github.com/saltstack-formulas/openssh-formula/commit/75e843a7bdabcc64f29bcea7e7ae6ce204bd5397>`_\ )
+
+Tests
+^^^^^
+
+
+* **map:** standardise ``map.jinja`` verification (\ `2bab68f <https://github.com/saltstack-formulas/openssh-formula/commit/2bab68f5ff5485c9b43712bd2dd17f447ed787f4>`_\ )
+
+`2.0.4 <https://github.com/saltstack-formulas/openssh-formula/compare/v2.0.3...v2.0.4>`_ (2020-09-27)
+---------------------------------------------------------------------------------------------------------
+
+Bug Fixes
+^^^^^^^^^
+
+
+* **pillar:** ``tofs`` must not be under ``mine_functions`` (\ `c0d5052 <https://github.com/saltstack-formulas/openssh-formula/commit/c0d5052f6a4f86ed78df5f79f4848f24113dbe1a>`_\ )
+
+Tests
+^^^^^
+
+
+* **inspec:** ``_mapdata`` files should have ``tofs`` configuration (\ `5e9033f <https://github.com/saltstack-formulas/openssh-formula/commit/5e9033f500cfa0cc5c06867ebdccd9e6b3298498>`_\ )
+
+`2.0.3 <https://github.com/saltstack-formulas/openssh-formula/compare/v2.0.2...v2.0.3>`_ (2020-09-09)
+---------------------------------------------------------------------------------------------------------
+
+Continuous Integration
+^^^^^^^^^^^^^^^^^^^^^^
+
+
+* **kitchen:** force the hostname of the containers (\ `208f873 <https://github.com/saltstack-formulas/openssh-formula/commit/208f87380ce23995ca62c882401c48ec91de6c86>`_\ )
+
+Tests
+^^^^^
+
+
+* **inspec:** no more need to mangle mapdata for hostname (\ `8cb31c6 <https://github.com/saltstack-formulas/openssh-formula/commit/8cb31c6967f736f2068ec55911bd177f5ad6ee87>`_\ )
+* **share:** standardise structure (\ `15241d3 <https://github.com/saltstack-formulas/openssh-formula/commit/15241d39c55441c31ae19863cb383a0ccccaa07e>`_\ )
+
 `2.0.2 <https://github.com/saltstack-formulas/openssh-formula/compare/v2.0.1...v2.0.2>`_ (2020-08-26)
 ---------------------------------------------------------------------------------------------------------
 

docs/README.rst

@@ -1,7 +1,6 @@
-.. _readme:
+openssh-formula
+===============
 
-openssh
-=======
 |img_travis| |img_sr|
 
 .. |img_travis| image:: https://travis-ci.com/saltstack-formulas/openssh-formula.svg?branch=master
@@ -31,6 +30,12 @@ which contains the currently released version. This formula is versioned accordi
 
 See `Formula Versioning Section <https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html#versioning>`_ for more details.
 
+If you need (non-default) configuration, please refer to:
+
+- `how to configure the formula with map.jinja <map.jinja.rst>`_
+- the ``pillar.example`` file
+
+
 Contributing to this repo
 -------------------------
 
@@ -85,11 +90,11 @@ so root login will be disabled.
 ``openssh.config_ini``
 ^^^^^^^^^^^^^^^^^^^^^^
 
-Version of managing ``sshd_config`` that uses the 
+Version of managing ``sshd_config`` that uses the
 `ini_managed.option_present <https://docs.saltstack.com/en/latest/ref/states/all/salt.states.ini_manage.html>`_
-state module, so it enables to override only one or 
+state module, so it enables to override only one or
-multiple values and keeping the defaults shipped by your 
+multiple values and keeping the defaults shipped by your
-distribution. 
+distribution.
 
 
 ``openssh.known_hosts``
@@ -231,7 +236,7 @@ To completely disable adding IP addresses::
 Manages the system wide ``/etc/ssh/moduli`` file.
 
 ``openssh._mapdata``
-^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^
 
 Testing state which dumps the ``map.jinja`` values in ``/tmp/salt_mapdata_dump.yaml``.
 This state is not called by any include but is mostly used by kitchen and Inspec infrastructure to validate ``map.jinja``.
@@ -260,7 +265,7 @@ e.g. ``debian-9-2019-2-py3``.
 ``bin/kitchen converge``
 ^^^^^^^^^^^^^^^^^^^^^^^^
 
-Creates the docker instance and runs the ``template`` main state, ready for testing.
+Creates the docker instance and runs the ``openssh`` main states, ready for testing.
 
 ``bin/kitchen verify``
 ^^^^^^^^^^^^^^^^^^^^^^
@@ -282,3 +287,64 @@ Runs all of the stages above in one go: i.e. ``destroy`` + ``converge`` + ``veri
 
 Gives you SSH access to the instance for manual testing.
 
+Testing with Vagrant
+--------------------
+
+Windows/FreeBSD/OpenBSD testing is done with ``kitchen-salt``.
+
+Requirements
+^^^^^^^^^^^^
+
+* Ruby
+* Virtualbox
+* Vagrant
+
+Setup
+^^^^^
+
+.. code-block:: bash
+
+   $ gem install bundler
+   $ bundle install --with=vagrant
+   $ bin/kitchen test [platform]
+
+Where ``[platform]`` is the platform name defined in ``kitchen.vagrant.yml``,
+e.g. ``windows-81-latest-py3``.
+
+Note
+^^^^
+
+When testing using Vagrant you must set the environment variable ``KITCHEN_LOCAL_YAML`` to ``kitchen.vagrant.yml``.  For example:
+
+.. code-block:: bash
+
+   $ KITCHEN_LOCAL_YAML=kitchen.vagrant.yml bin/kitchen test      # Alternatively,
+   $ export KITCHEN_LOCAL_YAML=kitchen.vagrant.yml
+   $ bin/kitchen test
+
+Then run the following commands as needed.
+
+``bin/kitchen converge``
+^^^^^^^^^^^^^^^^^^^^^^^^
+
+Creates the Vagrant instance and runs the ``openssh`` main states, ready for testing.
+
+``bin/kitchen verify``
+^^^^^^^^^^^^^^^^^^^^^^
+
+Runs the ``inspec`` tests on the actual instance.
+
+``bin/kitchen destroy``
+^^^^^^^^^^^^^^^^^^^^^^^
+
+Removes the Vagrant instance.
+
+``bin/kitchen test``
+^^^^^^^^^^^^^^^^^^^^
+
+Runs all of the stages above in one go: i.e. ``destroy`` + ``converge`` + ``verify`` + ``destroy``.
+
+``bin/kitchen login``
+^^^^^^^^^^^^^^^^^^^^^
+
+Gives you RDP/SSH access to the instance for manual testing.

docs/TOFS_pattern.rst

@@ -64,7 +64,7 @@ Example: NTP before applying TOFS
 
 Let's work with the NTP example. A basic formula that follows the `design guidelines <http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html>`_ has the following files and directories tree:
 
-.. code-block::
+.. code-block:: console
 
    /srv/saltstack/salt-formulas/ntp-saltstack-formula/
      ntp/
@@ -226,7 +226,7 @@ We can make different templates coexist for different minions, classified by any
 
 If we decide that we want ``os_family`` as switch, then we could provide the formula template variants for both the ``RedHat`` and ``Debian`` families.
 
-.. code-block::
+.. code-block:: console
 
    /srv/saltstack/salt-formulas/ntp-saltstack-formula/ntp/files/
      default/
@@ -449,7 +449,7 @@ Using sub-directories for ``components``
 
 If your formula is composed of several components, you may prefer to provides files under sub-directories, like in the `systemd-formula <https://github.com/saltstack-formulas/systemd-formula>`_.
 
-.. code-block::
+.. code-block:: console
 
    /srv/saltstack/systemd-formula/
      systemd/

docs/map.jinja.rst

@@ -0,0 +1,492 @@
+.. _map.jinja:
+
+``map.jinja``: gather formula configuration values
+==================================================
+
+The `documentation`_ explains the use of a ``map.jinja`` to gather parameters values for a formula.
+
+As `pillars`_ are rendered on the Salt master for every minion, this increases the load on the master as the pillar values and the number of minions grows.
+
+As a good practice, you should:
+
+- store non-secret data in YAML files distributed by the `fileserver`_
+- store secret data in:
+
+  - `pillars`_ (and look for the use of something like `pillar.vault`_)
+  - `SDB`_ (and look for the use of something like `sdb.vault`_)
+
+Current best practice is to let ``map.jinja`` handle parameters from all sources, to minimise the use of pillars, grains or configuration from ``sls`` files and templates directly.
+
+
+.. contents:: **Table of Contents**
+
+
+For formula users
+-----------------
+
+
+Quick start: configure per role and per DNS domain name values
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+We will see a quick setup to configure the ``TEMPLATE`` formula for different DNS domain name and several roles.
+
+For this example, I'll define 2 kinds of `fileserver`_ sources:
+
+1. formulas git repositories with hard-coded version reference to avoid breaking my setup randomly at upstream update. they are the last sources where files are looked up
+2. parameters of the formulas in the file backend `roots`_
+
+
+Configure the fileserver backends
+`````````````````````````````````
+
+I configure the `fileserver`_ backends to serve:
+
+1. files from `roots`_ first
+2. `gitfs`_ repositories last
+
+Create the file ``/etc/salt/master.d/fileserver.conf`` and restart the ``master``:
+
+.. code-block:: yaml
+
+    ---
+    ##
+    ## file server
+    ##
+    fileserver_backend:
+      # parameters values and override
+      - roots
+      # formulas
+      - gitfs
+
+    # The files in this directory will take precedence over git repositories
+    file_roots:
+      base:
+        - /srv/salt
+
+    # List of formulas I'm using
+    gitfs_remotes:
+      - https://github.com/saltstack-formulas/template-formula.git:
+        - base: v4.1.1
+      - https://github.com/saltstack-formulas/openssh-formula.git:
+        - base: v2.0.1
+    ...
+
+
+Create per DNS configuration for ``TEMPLATE`` formula
+`````````````````````````````````````````````````````
+
+Now, we can provides the per DNS domain name configuration files for the ``TEMPLATE`` formulas under ``/srv/salt/TEMPLATE/parameters/``.
+
+We create the directory for ``dns:domain`` grain and we add a symlink for the ``domain`` grain which is extracted from the minion ``id``:
+
+.. code-block:: console
+
+    mkdir -p /srv/salt/TEMPLATE/parameters/dns:domain/
+    ln -s dns:domain /srv/salt/TEMPLATE/parameters/domain
+
+We create a configuration for the DNS domain ``example.net`` in ``/srv/salt/TEMPLATE/parameters/dns:domain/example.net.yaml``:
+
+.. code-block:: yaml
+
+    ---
+    values:
+      config: /etc/template-formula-example-net.conf
+    ...
+
+We create another configuration for the DNS domain ``example.com`` in ``/srv/salt/TEMPLATE/parameters/dns:domain/example.com.yaml``:
+
+.. code-block:: yaml
+
+    ---
+    values:
+      config: /etc/template-formula-{{ grains['os_family'] }}.conf
+    ...
+
+
+Create per role configuration for ``TEMPLATE`` formula
+``````````````````````````````````````````````````````
+
+Now, we can provides the per role configuration files for the ``TEMPLATE`` formulas under ``/srv/salt/TEMPLATE/parameters/``.
+
+We create the directory for roles:
+
+.. code-block:: console
+
+    mkdir -p /srv/salt/TEMPLATE/parameters/roles
+
+We will define 2 roles:
+
+- ``TEMPLATE/server``
+- ``TEMPLATE/client``
+
+We create a configuration for the role ``TEMPLATE/server`` in ``/srv/salt/TEMPLATE/parameters/roles/TEMPLATE/server.yaml``:
+
+.. code-block:: yaml
+
+    ---
+    values:
+      config: /etc/template-formula-server.conf
+    ...
+
+We create another configuration for the role ``TEMPLATE/client`` in ``/srv/salt/TEMPLATE/parameters/roles/TEMPLATE/client.yaml``:
+
+.. code-block:: yaml
+
+    ---
+    values:
+      config: /etc/template-formula-client.conf
+    ...
+
+
+Enable roles and the ``dns:domain`` and ``domain`` grains for ``map.jinja``
+```````````````````````````````````````````````````````````````````````````
+
+We need to redefine the sources for ``map.jinja`` to load values from our new configuration files, we provide a global configuration for all our minions.
+
+We create the global parameters file ``/srv/salt/parameters/map_jinja.yaml``:
+
+.. code-block:: yaml
+
+    ---
+    values:
+      sources:
+        # default values
+        - "Y:G@osarch"
+        - "Y:G@os_family"
+        - "Y:G@os"
+        - "Y:G@osfinger"
+        - "C@{{ tplroot ~ ':lookup' }}"
+        - "C@{{ tplroot }}"
+
+        # Roles activate/deactivate things
+        # then thing are configured depending on environment
+        # So roles comes before `dns:domain`, `domain` and `id`
+        - "Y:C@roles"
+
+        # DNS domain configured (DHCP or resolv.conf)
+        - "Y:G@dns:domain"
+
+        # Based on minion ID
+        - "Y:G@domain"
+
+        # default values
+        - "Y:G@id"
+    ...
+
+The syntax is explained later at `Sources of configuration values`_.
+
+
+Bind roles to minions
+`````````````````````
+
+We associate roles `grains`_ to minion using `grains.append`_.
+
+For the servers:
+
+.. code-block:: console
+
+    salt 'server-*' grains.append roles TEMPLATE/server
+
+For the clients:
+
+.. code-block:: console
+
+    salt 'client-*' grains.append roles TEMPLATE/client
+
+.. note::
+
+    Since we used ``Y:C@roles``, ``map.jinja`` will do a ``salt['config.get']('roles')`` to retrieve the roles so you could use any other method to bind roles to minions (`pillars`_ or `SDB`_) but `grains`_ seems to be the prefered method.
+
+Note for Microsoft Windows systems
+``````````````````````````````````
+
+If you have a minion running under windows, you can't use colon ``:`` as a delimiter for grain path query (see `bug 58726`_) in which case you should use an alternate delimiter:
+
+Modify ``/srv/salt/parameters/map_jinja.yaml`` to change the query for ``dns:domain`` to define the `alternate delimiter`_:
+
+.. code-block:: yaml
+
+    ---
+    values:
+      sources:
+        # default values
+        - "Y:G@osarch"
+        - "Y:G@os_family"
+        - "Y:G@os"
+        - "Y:G@osfinger"
+        - "C@{{ tplroot ~ ':lookup' }}"
+        - "C@{{ tplroot }}"
+
+        # Roles activate/deactivate things
+        # then thing are configured depending on environment
+        # So roles comes before `dns:domain`, `domain` and `id`
+        - "Y:C@roles"
+
+        # DNS domain configured (DHCP or resolv.conf)
+        - "Y:G:!@dns!domain"
+
+        # Based on minion ID
+        - "Y:G@domain"
+
+        # default values
+        - "Y:G@id"
+    ...
+
+And then, rename the directory:
+
+.. code-block:: console
+
+    mv /srv/salt/TEMPLATE/parameters/dns:domain/  '/srv/salt/TEMPLATE/parameters/dns!domain/'
+
+
+Format of configuration YAML files
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+When you write a new YAML file, note that it must conform to the following layout:
+
+- a mandatory ``values`` key to store the configuration values
+- two optional keys to configure the use of `salt.slsutil.merge`_
+
+  - an optional ``strategy`` key to configure the merging strategy, for example ``strategy: 'recurse'``, the default is ``smart``
+  - an optional ``merge_lists`` key to configure if lists should be merged or overridden for the ``recurse`` and ``overwrite`` strategy, for example ``merge_lists: 'true'``
+
+Here is a valid example:
+
+.. code-block:: yaml
+
+    ---
+    strategy: 'recurse'
+    merge_lists: 'false'
+    values:
+      pkg:
+        name: 'some-package'
+      config: '/path/to/a/configuration/file'
+    ...
+
+You can use `Jinja`_ as with any SLS files:
+
+.. code-block:: yaml
+
+    ---
+    strategy: 'overwrite'
+    merge_lists: 'true'
+    values:
+      output_dir: /tmp/{{ grains['id'] }}
+    ...
+
+
+Sources of configuration values
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+
+Configuring ``map.jinja`` sources
+`````````````````````````````````
+
+The ``map.jinja`` file uses several sources where to lookup parameter values. The list of sources can be modified by two files:
+
+1. a global ``salt://parameters/map_jinja.yaml``
+2. a per formula ``salt://{{ tplroot }}/parameters/map_jinja.yaml``, it overrides the global configuration
+
+Each source definition has the form ``[<TYPE>[:<OPTION>[:<DELIMITER>]]@]<KEY>`` where ``<TYPE>`` can be one of:
+
+- ``Y`` to load values from YAML files from the `fileserver`_, this is the default when no type is defined
+- ``C`` to lookup values with `salt['config.get']`_
+- ``G`` to lookup values with `salt['grains.get']`_
+- ``I`` to lookup values with `salt['pillar.get']`_
+
+The YAML type option can define the query method to lookup the key value to build the file name:
+
+- ``C`` to query with `salt['config.get']`_, this is the default when no query method is defined
+- ``G`` to query with `salt['grains.get']`_
+- ``I`` to query with `salt['pillar.get']`_
+
+The ``C``, ``G`` or ``I`` types can define the ``SUB`` option to store values in the sub key ``mapdata.<KEY>`` instead of directly in ``mapdata``.
+
+All types can define the ``<DELIMITER>`` option to use an `alternate delimiter`_ of the ``<KEY>``, for example: on windows system you can't use colon ``:`` for YAML file path name and you should use something else like exclamation mark ``!``.
+
+Finally, the ``<KEY>`` describes what to lookup to either build the YAML filename or gather values using one of the query methods.
+
+.. note::
+
+    For the YAML type, if the ``<KEY>`` can't be looked up, then it's used a literal string path to a YAML file, for example: ``any/path/can/be/used/here.yaml`` will result in the loading of ``salt://{{ tplroot }}/parameters/any/path/can/be/used/here.yaml`` if it exists.
+
+The built-in ``map_jinja:sources`` is:
+
+.. code-block:: yaml
+
+    - "Y:G@osarch"
+    - "Y:G@os_family"
+    - "Y:G@os"
+    - "Y:G@osfinger"
+    - "C@{{ tplroot ~ ':lookup' }}"
+    - "C@{{ tplroot }}"
+    - "Y:G@id"
+
+This is strictly equivalent to the following ``map_jinja.yaml`` using `Jinja`_:
+
+.. code-block:: sls
+
+    values:
+      sources:
+        - "parameters/osarch/{{ salt['grains.get']('osarch') }}.yaml"
+        - "parameters/os_family/{{ salt['grains.get']('os_family') }}.yaml"
+        - "parameters/os/{{ salt['grains.get']('os') }}.yaml"
+        - "parameters/osfinger/{{ salt['grains.get']('osfinger') }}.yaml"
+        - "C@{{ tplroot ~ ':lookup' }}"
+        - "C@{{ tplroot }}"
+        - "parameters/id/{{ salt['grains.get']('id') }}.yaml"
+
+
+Loading values from the configuration sources
+`````````````````````````````````````````````
+
+For each configuration source defined in ``map_jinja:sources``, ``map.jinja`` will:
+
+#. load values depending on the source type:
+
+   - for YAML file sources
+
+     - if the ``<KEY>`` can be looked up, load values from the YAML file named ``salt://{{ tplroot }}/paramaters/<KEY>/{{ salt['<QUERY_METHOD>']('<KEY>') }}.yaml`` if it exists
+     - otherwise, load the YAML file named ``salt://{{ tplroot }}/parameters/<KEY>.yaml`` if it exists
+
+   - for ``C``, ``G`` or ``I`` source type, lookup the value of ``salt['<QUERY_METHOD>']('<KEY>')``
+
+#. merge the loaded values with the previous ones using `salt.slsutil.merge`_
+
+There will be no error if a YAML file does not exists, they are all optional.
+
+
+Configuration values from ``salt['config.get']``
+````````````````````````````````````````````````
+
+For sources with of type ``C`` declared in ``map_jinja:sources``, you can configure the ``merge`` option of `salt['config.get']`_ by defining per formula ``strategy`` configuration key (retrieved with ``salt['config.get'](tplroot ~ ':strategy')`` with one of the following values:
+
+- ``recurse`` merge recursively dictionaries. Non dictionary values replace already defined values
+- ``overwrite`` new value completely replace old ones
+
+By default, no merging is done, the first value found is returned.
+
+
+Global view of the order of preferences
+```````````````````````````````````````
+
+To summarize, here is a complete example of the load order of formula configuration values for an ``AMD64`` ``Ubuntu 18.04`` minion named ``minion1.example.net`` for the ``libvirt`` formula:
+
+#. ``parameters/defaults.yaml``
+#. ``parameters/osarch/amd64.yaml``
+#. ``parameters/os_family/Debian.yaml``
+#. ``parameters/os/Ubuntu.yaml``
+#. ``parameters/osfinger/Ubuntu-18.04.yaml``
+#. ``salt['config.get']('libvirt:lookup')``
+#. ``salt['config.get']('libvirt')``
+#. ``parameters/id/minion1.example.net``
+
+Remember that the order is important, for example, the value of ``key1:subkey1`` loaded from ``parameters/os_family/Debian.yaml`` is overridden by a value loaded from ``parameters/id/minion1.example.net``.
+
+
+For formula authors and contributors
+------------------------------------
+
+Dependencies
+^^^^^^^^^^^^
+
+``map.jinja`` requires:
+
+- salt minion 2018.3.3 minimum to use the `traverse`_ jinja filter
+- to be located at the root of the formula named directory (e.g. ``libvirt-formula/libvirt/map.jinja``)
+- the ``libsaltcli.jinja`` library, stored in the same directory, to disable the ``merge`` option of `salt['config.get']`_ over `salt-ssh`_
+
+
+Use formula configuration values in ``sls``
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The ``map.jinja`` exports a unique ``mapdata`` variable which could be renamed during import.
+
+Here is the best way to use it in an ``sls`` file:
+
+.. code-block:: sls
+
+    {#- Get the `tplroot` from `tpldir` #}
+    {%- set tplroot = tpldir.split("/")[0] %}
+    {%- from tplroot ~ "/map.jinja" import mapdata as TEMPLATE with context %}
+
+    test-does-nothing-but-display-TEMPLATE-as-json:
+      test.nop:
+        - name: {{ TEMPLATE | json }}
+
+
+Use formula configuration values in templates
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+When you need to process salt templates, you should avoid calling `salt['config.get']`_ (or `salt['pillar.get']`_ and `salt['grains.get']`_) directly from the template. All the needed values should be available within the ``mapdata`` variable exported by ``map.jinja``.
+
+Here is an example based on `template-formula/TEMPLATE/config/file.sls`_:
+
+.. code-block:: sls
+
+    # -*- coding: utf-8 -*-
+    # vim: ft=sls
+
+    {#- Get the `tplroot` from `tpldir` #}
+    {%- set tplroot = tpldir.split('/')[0] %}
+    {%- set sls_package_install = tplroot ~ '.package.install' %}
+    {%- from tplroot ~ "/map.jinja" import mapdata as TEMPLATE with context %}
+    {%- from tplroot ~ "/libtofs.jinja" import files_switch with context %}
+
+    include:
+      - {{ sls_package_install }}
+
+    TEMPLATE-config-file-file-managed:
+      file.managed:
+        - name: {{ TEMPLATE.config }}
+        - source: {{ files_switch(['example.tmpl'],
+                                  lookup='TEMPLATE-config-file-file-managed'
+                     )
+                  }}
+        - mode: 644
+        - user: root
+        - group: {{ TEMPLATE.rootgroup }}
+        - makedirs: True
+        - template: jinja
+        - require:
+          - sls: {{ sls_package_install }}
+        - context:
+            TEMPLATE: {{ TEMPLATE | json }}
+
+This ``sls`` file expose a ``TEMPLATE`` context variable to the jinja template which could be used like this:
+
+.. code-block:: jinja
+
+    ########################################################################
+    # File managed by Salt at <{{ source }}>.
+    # Your changes will be overwritten.
+    ########################################################################
+
+    This is another example file from SaltStack template-formula.
+
+    # This is here for testing purposes
+    {{ TEMPLATE | json }}
+
+    winner of the merge: {{ TEMPLATE['winner'] }}
+
+
+.. _documentation: https://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html#writing-formulas
+.. _fileserver: https://docs.saltstack.com/en/latest/ref/file_server
+.. _salt['config.get']: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.config.html#salt.modules.config.get
+.. _salt['grains.get']: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.grains.html#salt.modules.grains.get
+.. _salt['pillar.get']: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.pillar.html#salt.modules.pillar.get
+.. _alternate delimiter: https://docs.saltstack.com/en/latest/topics/targeting/compound.html#alternate-delimiters
+.. _pillar.vault: https://docs.saltstack.com/en/latest/ref/pillar/all/salt.pillar.vault.html
+.. _pillars: https://docs.saltstack.com/en/latest/topics/pillar/
+.. _grains: https://docs.saltstack.com/en/latest/topics/grains/
+.. _grains.append: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.grains.html#salt.modules.grains.append
+.. _SDB: https://docs.saltstack.com/en/latest/topics/sdb/index.html
+.. _sdb.vault: https://docs.saltstack.com/en/latest/ref/sdb/all/salt.sdb.vault.html
+.. _Jinja: https://docs.saltstack.com/en/latest/topics/jinja
+.. _roots: https://docs.saltstack.com/en/latest/ref/file_server/all/salt.fileserver.roots.html
+.. _gitfs: https://docs.saltstack.com/en/latest/topics/tutorials/gitfs.html
+.. _salt.slsutil.merge: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.slsutil.html
+.. _traverse: https://docs.saltstack.com/en/latest/topics/jinja/index.html#traverse
+.. _salt-ssh: https://docs.saltstack.com/en/latest/topics/ssh/
+.. _template-formula/TEMPLATE/config/file.sls: https://github.com/saltstack-formulas/template-formula/blob/master/TEMPLATE/config/file.sls
+.. _bug 58726: https://github.com/saltstack/salt/issues/58726

kitchen.vagrant.yml

@@ -3,15 +3,36 @@
 ---
 driver:
   name: vagrant
+  cache_directory: false
+  customize:
+    usbxhci: 'off'
+  gui: false
+  ssh:
+    shell: /bin/sh
+  linked_clone: true
+  <% unless ENV['CI'] %>
+  synced_folders:
+    - - '.kitchen/kitchen-vagrant/%{instance_name}/vagrant'
+      - '/vagrant'
+      - 'create: true, disabled: false'
+  <% end %>
 
 platforms:
-  - name: freebsd-120-2019-2-py3
+  - name: freebsd-130-master-py3
     driver:
-      box_url: https://freebsd.z.vstack.com/FreeBSD-12.0.box
+      box: myii/freebsd-13.0-master-py3
-      cache_directory: false
+  - name: freebsd-123-master-py3
-      customize:
+    driver:
-        usbxhci: 'off'
+      box: myii/freebsd-12.3-master-py3
-      gui: false
+  - name: freebsd-130-3004-0-py3
-      linked_clone: true
+    driver:
+      box: myii/freebsd-13.0-3004.0-py3
+  - name: freebsd-123-3004-0-py3
+    driver:
+      box: myii/freebsd-12.3-3004.0-py3
+  - name: openbsd-70-3003-3-py3
+    driver:
+      box: myii/openbsd-7.0-3003.3-py3
       ssh:
-        shell: '/bin/sh'
+        shell: /bin/ksh
+      synced_folders: []

kitchen.yml

@@ -6,128 +6,7 @@ driver:
   name: docker
   use_sudo: false
   privileged: true
-  run_command: /lib/systemd/systemd
+  run_command: /usr/lib/systemd/systemd
-
-# Make sure the platforms listed below match up with
-# the `env.matrix` instances defined in `.travis.yml`
-platforms:
-  ## SALT `master`
-  - name: debian-10-master-py3
-    driver:
-      image: saltimages/salt-master-py3:debian-10
-  - name: ubuntu-2004-master-py3
-    driver:
-      image: saltimages/salt-master-py3:ubuntu-20.04
-  - name: ubuntu-1804-master-py3
-    driver:
-      image: saltimages/salt-master-py3:ubuntu-18.04
-  - name: centos-8-master-py3
-    driver:
-      image: saltimages/salt-master-py3:centos-8
-  - name: fedora-32-master-py3
-    driver:
-      image: saltimages/salt-master-py3:fedora-32
-  - name: fedora-31-master-py3
-    driver:
-      image: saltimages/salt-master-py3:fedora-31
-  - name: opensuse-leap-152-master-py3
-    driver:
-      image: saltimages/salt-master-py3:opensuse-leap-15.2
-      run_command: /usr/lib/systemd/systemd
-    # Workaround to avoid intermittent failures on `opensuse-leap-15.2`:
-    # => SCP did not finish successfully (255):  (Net::SCP::Error)
-    transport:
-      max_ssh_sessions: 1
-  - name: amazonlinux-2-master-py3
-    driver:
-      image: saltimages/salt-master-py3:amazonlinux-2
-
-  ## SALT `3000.3`
-  - name: debian-10-3000-3-py3
-    driver:
-      image: saltimages/salt-3000.3-py3:debian-10
-  - name: debian-9-3000-3-py3
-    driver:
-      image: saltimages/salt-3000.3-py3:debian-9
-  - name: ubuntu-1804-3000-3-py3
-    driver:
-      image: saltimages/salt-3000.3-py3:ubuntu-18.04
-  - name: centos-8-3000-3-py3
-    driver:
-      image: saltimages/salt-3000.3-py3:centos-8
-  - name: centos-7-3000-3-py3
-    driver:
-      image: saltimages/salt-3000.3-py3:centos-7
-  - name: fedora-31-3000-3-py3
-    driver:
-      image: saltimages/salt-3000.3-py3:fedora-31
-  - name: opensuse-leap-152-3000-3-py3
-    driver:
-      image: saltimages/salt-3000.3-py3:opensuse-leap-15.2
-      run_command: /usr/lib/systemd/systemd
-    # Workaround to avoid intermittent failures on `opensuse-leap-15.2`:
-    # => SCP did not finish successfully (255):  (Net::SCP::Error)
-    transport:
-      max_ssh_sessions: 1
-  - name: amazonlinux-2-3000-3-py3
-    driver:
-      image: saltimages/salt-3000.3-py3:amazonlinux-2
-  - name: ubuntu-1804-3000-3-py2
-    driver:
-      image: saltimages/salt-3000.3-py2:ubuntu-18.04
-  - name: ubuntu-1604-3000-3-py2
-    driver:
-      image: saltimages/salt-3000.3-py2:ubuntu-16.04
-  - name: arch-base-latest-3000-3-py2
-    driver:
-      image: saltimages/salt-3000.3-py2:arch-base-latest
-      run_command: /usr/lib/systemd/systemd
-
-  ## SALT `2019.2`
-  - name: debian-10-2019-2-py3
-    driver:
-      image: saltimages/salt-2019.2-py3:debian-10
-  - name: debian-9-2019-2-py3
-    driver:
-      image: saltimages/salt-2019.2-py3:debian-9
-  - name: ubuntu-1804-2019-2-py3
-    driver:
-      image: saltimages/salt-2019.2-py3:ubuntu-18.04
-  - name: ubuntu-1604-2019-2-py3
-    driver:
-      image: saltimages/salt-2019.2-py3:ubuntu-16.04
-  - name: centos-8-2019-2-py3
-    driver:
-      image: saltimages/salt-2019.2-py3:centos-8
-  - name: centos-7-2019-2-py3
-    driver:
-      image: saltimages/salt-2019.2-py3:centos-7
-  - name: fedora-31-2019-2-py3
-    driver:
-      image: saltimages/salt-2019.2-py3:fedora-31
-  - name: opensuse-leap-152-2019-2-py3
-    driver:
-      image: saltimages/salt-2019.2-py3:opensuse-leap-15.2
-      run_command: /usr/lib/systemd/systemd
-    # Workaround to avoid intermittent failures on `opensuse-leap-15.2`:
-    # => SCP did not finish successfully (255):  (Net::SCP::Error)
-    transport:
-      max_ssh_sessions: 1
-  - name: amazonlinux-2-2019-2-py3
-    driver:
-      image: saltimages/salt-2019.2-py3:amazonlinux-2
-  - name: centos-6-2019-2-py2
-    driver:
-      image: saltimages/salt-2019.2-py2:centos-6
-      run_command: /sbin/init
-  - name: amazonlinux-1-2019-2-py2
-    driver:
-      image: saltimages/salt-2019.2-py2:amazonlinux-1
-      run_command: /sbin/init
-  - name: arch-base-latest-2019-2-py2
-    driver:
-      image: saltimages/salt-2019.2-py2:arch-base-latest
-      run_command: /usr/lib/systemd/systemd
 
 provisioner:
   name: salt_solo
@@ -139,16 +18,259 @@ provisioner:
     - .kitchen
     - .git
 
+platforms:
+  ## SALT `tiamat`
+  - name: debian-11-tiamat-py3
+    driver:
+      image: saltimages/salt-tiamat-py3:debian-11
+      run_command: /lib/systemd/systemd
+  - name: debian-10-tiamat-py3
+    driver:
+      image: saltimages/salt-tiamat-py3:debian-10
+      run_command: /lib/systemd/systemd
+  - name: debian-9-tiamat-py3
+    driver:
+      image: saltimages/salt-tiamat-py3:debian-9
+      run_command: /lib/systemd/systemd
+  - name: ubuntu-2204-tiamat-py3
+    driver:
+      image: saltimages/salt-tiamat-py3:ubuntu-22.04
+      run_command: /lib/systemd/systemd
+  - name: ubuntu-2004-tiamat-py3
+    driver:
+      image: saltimages/salt-tiamat-py3:ubuntu-20.04
+      run_command: /lib/systemd/systemd
+  - name: ubuntu-1804-tiamat-py3
+    driver:
+      image: saltimages/salt-tiamat-py3:ubuntu-18.04
+      run_command: /lib/systemd/systemd
+  - name: centos-stream8-tiamat-py3
+    driver:
+      image: saltimages/salt-tiamat-py3:centos-stream8
+  - name: centos-7-tiamat-py3
+    driver:
+      image: saltimages/salt-tiamat-py3:centos-7
+  - name: amazonlinux-2-tiamat-py3
+    driver:
+      image: saltimages/salt-tiamat-py3:amazonlinux-2
+  - name: oraclelinux-8-tiamat-py3
+    driver:
+      image: saltimages/salt-tiamat-py3:oraclelinux-8
+  - name: oraclelinux-7-tiamat-py3
+    driver:
+      image: saltimages/salt-tiamat-py3:oraclelinux-7
+  - name: almalinux-8-tiamat-py3
+    driver:
+      image: saltimages/salt-tiamat-py3:almalinux-8
+  - name: rockylinux-8-tiamat-py3
+    driver:
+      image: saltimages/salt-tiamat-py3:rockylinux-8
+
+  ## SALT `master`
+  - name: debian-11-master-py3
+    driver:
+      image: saltimages/salt-master-py3:debian-11
+      run_command: /lib/systemd/systemd
+  - name: debian-10-master-py3
+    driver:
+      image: saltimages/salt-master-py3:debian-10
+      run_command: /lib/systemd/systemd
+  - name: debian-9-master-py3
+    driver:
+      image: saltimages/salt-master-py3:debian-9
+      run_command: /lib/systemd/systemd
+  - name: ubuntu-2204-master-py3
+    driver:
+      image: saltimages/salt-master-py3:ubuntu-22.04
+      run_command: /lib/systemd/systemd
+  - name: ubuntu-2004-master-py3
+    driver:
+      image: saltimages/salt-master-py3:ubuntu-20.04
+      run_command: /lib/systemd/systemd
+  - name: ubuntu-1804-master-py3
+    driver:
+      image: saltimages/salt-master-py3:ubuntu-18.04
+      run_command: /lib/systemd/systemd
+  - name: centos-stream8-master-py3
+    driver:
+      image: saltimages/salt-master-py3:centos-stream8
+  - name: centos-7-master-py3
+    driver:
+      image: saltimages/salt-master-py3:centos-7
+  - name: fedora-36-master-py3
+    driver:
+      image: saltimages/salt-master-py3:fedora-36
+  - name: fedora-35-master-py3
+    driver:
+      image: saltimages/salt-master-py3:fedora-35
+  - name: opensuse-leap-153-master-py3
+    driver:
+      image: saltimages/salt-master-py3:opensuse-leap-15.3
+    # Workaround to avoid intermittent failures on `opensuse-leap-15.3`:
+    # => SCP did not finish successfully (255):  (Net::SCP::Error)
+    transport:
+      max_ssh_sessions: 1
+  - name: opensuse-tmbl-latest-master-py3
+    driver:
+      image: saltimages/salt-master-py3:opensuse-tumbleweed-latest
+    # Workaround to avoid intermittent failures on `opensuse-tumbleweed`:
+    # => SCP did not finish successfully (255):  (Net::SCP::Error)
+    transport:
+      max_ssh_sessions: 1
+  - name: amazonlinux-2-master-py3
+    driver:
+      image: saltimages/salt-master-py3:amazonlinux-2
+  - name: oraclelinux-8-master-py3
+    driver:
+      image: saltimages/salt-master-py3:oraclelinux-8
+  - name: oraclelinux-7-master-py3
+    driver:
+      image: saltimages/salt-master-py3:oraclelinux-7
+  - name: arch-base-latest-master-py3
+    driver:
+      image: saltimages/salt-master-py3:arch-base-latest
+  - name: gentoo-stage3-latest-master-py3
+    driver:
+      image: saltimages/salt-master-py3:gentoo-stage3-latest
+      run_command: /sbin/init
+  - name: gentoo-stage3-systemd-master-py3
+    driver:
+      image: saltimages/salt-master-py3:gentoo-stage3-systemd
+  - name: almalinux-8-master-py3
+    driver:
+      image: saltimages/salt-master-py3:almalinux-8
+  - name: rockylinux-8-master-py3
+    driver:
+      image: saltimages/salt-master-py3:rockylinux-8
+
+  ## SALT `3004.1`
+  - name: debian-11-3004-1-py3
+    driver:
+      image: saltimages/salt-3004.1-py3:debian-11
+      run_command: /lib/systemd/systemd
+  - name: debian-10-3004-1-py3
+    driver:
+      image: saltimages/salt-3004.1-py3:debian-10
+      run_command: /lib/systemd/systemd
+  - name: debian-9-3004-1-py3
+    driver:
+      image: saltimages/salt-3004.1-py3:debian-9
+      run_command: /lib/systemd/systemd
+  - name: ubuntu-2204-3004-1-py3
+    driver:
+      image: saltimages/salt-3004.1-py3:ubuntu-22.04
+      run_command: /lib/systemd/systemd
+  - name: ubuntu-2004-3004-1-py3
+    driver:
+      image: saltimages/salt-3004.1-py3:ubuntu-20.04
+      run_command: /lib/systemd/systemd
+  - name: ubuntu-1804-3004-1-py3
+    driver:
+      image: saltimages/salt-3004.1-py3:ubuntu-18.04
+      run_command: /lib/systemd/systemd
+  - name: centos-stream8-3004-1-py3
+    driver:
+      image: saltimages/salt-3004.1-py3:centos-stream8
+  - name: centos-7-3004-1-py3
+    driver:
+      image: saltimages/salt-3004.1-py3:centos-7
+  - name: fedora-36-3004-1-py3
+    driver:
+      image: saltimages/salt-3004.1-py3:fedora-36
+  - name: fedora-35-3004-1-py3
+    driver:
+      image: saltimages/salt-3004.1-py3:fedora-35
+  - name: amazonlinux-2-3004-1-py3
+    driver:
+      image: saltimages/salt-3004.1-py3:amazonlinux-2
+  - name: oraclelinux-8-3004-1-py3
+    driver:
+      image: saltimages/salt-3004.1-py3:oraclelinux-8
+  - name: oraclelinux-7-3004-1-py3
+    driver:
+      image: saltimages/salt-3004.1-py3:oraclelinux-7
+  - name: arch-base-latest-3004-1-py3
+    driver:
+      image: saltimages/salt-3004.1-py3:arch-base-latest
+  - name: gentoo-stage3-latest-3004-1-py3
+    driver:
+      image: saltimages/salt-3004.1-py3:gentoo-stage3-latest
+      run_command: /sbin/init
+  - name: gentoo-stage3-systemd-3004-1-py3
+    driver:
+      image: saltimages/salt-3004.1-py3:gentoo-stage3-systemd
+  - name: almalinux-8-3004-1-py3
+    driver:
+      image: saltimages/salt-3004.1-py3:almalinux-8
+  - name: rockylinux-8-3004-1-py3
+    driver:
+      image: saltimages/salt-3004.1-py3:rockylinux-8
+
+  ## SALT `3004.0`
+  - name: opensuse-leap-153-3004-0-py3
+    driver:
+      image: saltimages/salt-3004.0-py3:opensuse-leap-15.3
+    # Workaround to avoid intermittent failures on `opensuse-leap-15.3`:
+    # => SCP did not finish successfully (255):  (Net::SCP::Error)
+    transport:
+      max_ssh_sessions: 1
+  - name: opensuse-tmbl-latest-3004-0-py3
+    driver:
+      image: saltimages/salt-3004.0-py3:opensuse-tumbleweed-latest
+    # Workaround to avoid intermittent failures on `opensuse-tumbleweed`:
+    # => SCP did not finish successfully (255):  (Net::SCP::Error)
+    transport:
+      max_ssh_sessions: 1
+
+  ## SALT `3003.4`
+  - name: debian-10-3003-4-py3
+    driver:
+      image: saltimages/salt-3003.4-py3:debian-10
+      run_command: /lib/systemd/systemd
+  - name: debian-9-3003-4-py3
+    driver:
+      image: saltimages/salt-3003.4-py3:debian-9
+      run_command: /lib/systemd/systemd
+  - name: ubuntu-2004-3003-4-py3
+    driver:
+      image: saltimages/salt-3003.4-py3:ubuntu-20.04
+      run_command: /lib/systemd/systemd
+  - name: ubuntu-1804-3003-4-py3
+    driver:
+      image: saltimages/salt-3003.4-py3:ubuntu-18.04
+      run_command: /lib/systemd/systemd
+  - name: centos-stream8-3003-4-py3
+    driver:
+      image: saltimages/salt-3003.4-py3:centos-stream8
+  - name: centos-7-3003-4-py3
+    driver:
+      image: saltimages/salt-3003.4-py3:centos-7
+  - name: amazonlinux-2-3003-4-py3
+    driver:
+      image: saltimages/salt-3003.4-py3:amazonlinux-2
+  - name: oraclelinux-8-3003-4-py3
+    driver:
+      image: saltimages/salt-3003.4-py3:oraclelinux-8
+  - name: oraclelinux-7-3003-4-py3
+    driver:
+      image: saltimages/salt-3003.4-py3:oraclelinux-7
+  - name: almalinux-8-3003-4-py3
+    driver:
+      image: saltimages/salt-3003.4-py3:almalinux-8
+
 verifier:
   # https://www.inspec.io/
   name: inspec
   sudo: true
-  # cli, documentation, html, progress, json, json-min, json-rspec, junit
   reporter:
+    # cli, documentation, html, progress, json, json-min, json-rspec, junit
     - cli
 
 suites:
   - name: default
+    driver:
+      hostname: example.net
+      vm_hostname: example.net
     provisioner:
       state_top:
         base:

openssh/_mapdata/_mapdata.jinja

@@ -1,9 +1,9 @@
 # yamllint disable rule:indentation rule:line-length
-# {{ grains.get('osfinger', grains.os) }}
+# {{ grains.get("osfinger", grains.os) }}
 ---
 {#- use salt.slsutil.serialize to avoid encoding errors on some platforms #}
-{{ salt['slsutil.serialize'](
+{{ salt["slsutil.serialize"](
-     'yaml',
+     "yaml",
      map,
      default_flow_style=False,
      allow_unicode=True,

openssh/_mapdata/init.sls

@@ -2,12 +2,16 @@
 # vim: ft=sls
 ---
 {#- Get the `tplroot` from `tpldir` #}
-{%- set tplroot = tpldir.split('/')[0] %}
+{%- set tplroot = tpldir.split("/")[0] %}
 {%- from tplroot ~ "/map.jinja" import mapdata with context %}
 
-{%- set output_file = '/tmp/salt_mapdata_dump.yaml' %}
+{%- set _mapdata = {
+      "values": mapdata,
+    } %}
+{%- do salt["log.debug"]("### MAP.JINJA DUMP ###\n" ~ _mapdata | yaml(False)) %}
 
-{%- do salt['log.debug']( mapdata | yaml(False) ) %}
+{%- set output_dir = "/temp" if grains.os_family == "Windows" else "/tmp" %}
+{%- set output_file = output_dir ~ "/salt_mapdata_dump.yaml" %}
 
 {{ tplroot }}-mapdata-dump:
   file.managed:
@@ -15,4 +19,4 @@
     - source: salt://{{ tplroot }}/_mapdata/_mapdata.jinja
     - template: jinja
     - context:
-        map: {{ mapdata | yaml }}
+        map: {{ _mapdata | yaml }}

openssh/known_hosts.sls

@@ -3,9 +3,13 @@
 {%- from tplroot ~ "/libtofs.jinja" import files_switch %}
 {%- set openssh = mapdata.openssh %}
 
+{%- if openssh.dig_pkg %}
 ensure dig is available:
   pkg.installed:
     - name: {{ openssh.dig_pkg }}
+    - require_in:
+      - file: manage ssh_known_hosts file
+{%- endif %}
 
 manage ssh_known_hosts file:
   file.managed:
@@ -19,5 +23,3 @@ manage ssh_known_hosts file:
     - user: root
     - group: {{ openssh.ssh_config_group }}
     - mode: 644
-    - require:
-      - pkg: ensure dig is available

openssh/libmapstack.jinja

@@ -0,0 +1,315 @@
+{#- -*- coding: utf-8 -*- #}
+{#- vim: ft=jinja #}
+
+{#- Get the `tplroot` from `tpldir` #}
+{%- set tplroot = tpldir.split("/")[0] %}
+{%- from tplroot ~ "/libmatchers.jinja" import parse_matchers, query_map with context %}
+
+{%- set _default_config_dirs = [
+      "parameters/",
+      tplroot ~ "/parameters"
+    ] %}
+
+{%- macro mapstack(
+      matchers,
+      defaults=None,
+      dirs=_default_config_dirs,
+      log_prefix="libmapstack: "
+    ) %}
+{#-
+    Load configuration in the order of `matchers` and merge
+    successively the values with `defaults`.
+
+    The `matchers` are processed using `libmatchers.jinja` to select
+    the configuration sources from where the values are loaded.
+
+    Parameters:
+
+      - `matchers`: list of matchers in the form
+        `[<TYPE>[:<OPTION>[:<DELIMITER>]]@]<QUERY>`
+
+      - `defaults`: dictionary of default values to start the merging,
+        they are considered built-ins. It must conform to the same
+        layout as the YAML files: a mandatory `values` key and two
+        optional `strategy` and `merge_lists` keys.
+
+      - `dirs`: list of directory where to look-up the configuration
+        file matching the matchers, by default a global `salt://parameters/`
+        and a per formula `salt://<tplroot>/parameters`
+
+      - `log_prefix`: prefix used in the log outputs, by default it is
+        `libmapstack: `
+
+    Example: On a Debian system with `roles=["nginx/server", "telegraf"]`
+
+      {%- set settings = mapstack(
+            matchers=[
+              "Y:G@os_family",
+              "I@" ~ tplroot,
+              "Y:C@roles",
+            ],
+            dirs=["defaults", tplroot ~ "/parameters"],
+          )
+          | load_yaml %}
+
+      This will merge the values:
+
+        - starting with the default empty dictionary `{}` (no
+          `defaults` parameter)
+
+        - from the YAML files
+
+          - `salt://defaults/os_family/Debian.yaml`
+
+          - `salt://{{ tplroot }}/parameters/os_family/Debian.yaml`
+
+        - from the pillar `salt["pillar.get"](tplroot)`
+
+        - from the `nginx/server` YAML files:
+
+          - `salt://defaults/roles/nginx/server.yaml`
+
+          - `salt://{{ tplroot }}/parameters/roles/nginx/server.yaml`
+
+        - from the `telegraf` YAML files:
+
+          - `salt://defaults/roles/telegraf.yaml`
+
+          - `salt://{{ tplroot }}/parameters/roles/telegraf.yaml`
+
+    Each YAML file and the `defaults` parameters must conform to the
+    following layout:
+
+      - a mandatory `values` key to store the configuration values
+
+      - two optional keys to configure the use of `salt.slsutil.merge`
+
+        - an optional `strategy` key to configure the merging
+          strategy, for example `strategy: 'recurse'`, the default is
+          `smart`
+
+        - an optional `merge_lists` key to configure if lists should
+          be merged or overridden for the `recurse` and `overwrite`
+          strategies, for example `merge_lists: 'true'`
+#}
+{%-   set stack = defaults | default({"values": {} }, boolean=True) %}
+
+{#-   Build configuration file names based on matchers #}
+{%-   set config_get_strategy = salt["config.get"](tplroot ~ ":strategy", None) %}
+{%-   set matchers = parse_matchers(
+        matchers,
+        config_get_strategy=config_get_strategy,
+        log_prefix=log_prefix
+      )
+      | load_yaml %}
+
+{%-   do salt["log.debug"](
+        log_prefix
+        ~ "built-in configuration:\n"
+        ~ {"values": defaults | traverse("values")}
+        | yaml(False)
+      ) %}
+
+{%-   for param_dir in dirs %}
+{%-     for matcher in matchers %}
+{#-       `slsutil.merge` options from #}
+{#-       1. the `value` #}
+{#-       2. the `defaults` #}
+{#-       3. the built-in #}
+{%-       set strategy = matcher.value
+          | traverse(
+            "strategy",
+            defaults
+            | traverse(
+              "strategy",
+              "smart"
+            )
+          ) %}
+{%-       set merge_lists = matcher.value
+          | traverse(
+            "merge_lists",
+            defaults
+            | traverse(
+              "merge_lists",
+              False
+            )
+          )
+          | to_bool %}
+
+{%-       if matcher.type in query_map.keys() %}
+{#-         No value is an empty list, must be a dict for `stack.update` #}
+{%-         set normalized_value = matcher.value | default({}, boolean=True) %}
+
+{#-         Merge in `mapdata.<query>` instead of directly in `mapdata` #}
+{%-         set is_sub_key = matcher.option | default(False) == "SUB" %}
+{%-         if is_sub_key %}
+{#-           Merge values with `mapdata.<key>`, `<key>` and `<key>:lookup` are merged together #}
+{%-           set value = { matcher.query | regex_replace(":lookup$", ""): normalized_value } %}
+{%-         else %}
+{%-           set value = normalized_value %}
+{%-         endif %}
+
+{%-         do salt["log.debug"](
+              log_prefix
+              ~ "merge "
+              ~ "sub key " * is_sub_key
+              ~ "'"
+              ~ matcher.query
+              ~ "' retrieved with '"
+              ~ matcher.query_method
+              ~ "', merge: strategy='"
+              ~ strategy
+              ~ "', lists='"
+              ~ merge_lists
+              ~ "':\n"
+              ~ value
+              | yaml(False)
+            ) %}
+
+{%-         do stack.update(
+              {
+                "values": salt["slsutil.merge"](
+                  stack["values"],
+                  value,
+                  strategy=strategy,
+                  merge_lists=merge_lists,
+                )
+              }
+            ) %}
+
+{%-       else %}
+{#-         Load YAML file matching the grain/pillar/... #}
+{#-         Fallback to use the source name as a direct filename #}
+
+{%-         if matcher.value is sequence and matcher.value | length == 0 %}
+{#-           Mangle `matcher.value` to use it as literal path #}
+{%-           set query_parts = matcher.query.split("/") %}
+{%-           set yaml_dirname = query_parts[0:-1] | join("/") %}
+{%-           set yaml_names = query_parts[-1] %}
+{%-         else %}
+{%-           set yaml_dirname = matcher.query %}
+{%-           set yaml_names = matcher.value %}
+{%-         endif %}
+
+{#-         Some configuration return list #}
+{%-         if yaml_names is string %}
+{%-           set yaml_names = [yaml_names] %}
+{%-         elif yaml_names is sequence %}
+{#-           Convert to strings if it's a sequence of numbers #}
+{%-           set yaml_names = yaml_names | map("string") | list %}
+{%-         else %}
+{%-           set yaml_names = [yaml_names | string] %}
+{%-         endif %}
+
+{#-         Try to load a `.yaml.jinja` file for each `.yaml` file #}
+{%-         set all_yaml_names = [] %}
+{%-         for name in yaml_names %}
+{%-           set extension = name.rpartition(".")[2] %}
+{%-           if extension not in ["yaml", "jinja"] %}
+{%-             do all_yaml_names.extend([name ~ ".yaml", name ~ ".yaml.jinja"]) %}
+{%-           elif extension == "yaml" %}
+{%-             do all_yaml_names.extend([name, name ~ ".jinja"]) %}
+{%-           else %}
+{%-             do all_yaml_names.append(name) %}
+{%-           endif %}
+{%-         endfor %}
+
+{#-         `yaml_dirname` can be an empty string with literal path like `myconf.yaml` #}
+{%-         set yaml_dir = [
+              param_dir,
+              yaml_dirname
+            ]
+            | select
+            | join("/") %}
+
+{%-         for yaml_name in all_yaml_names %}
+{%-           set yaml_filename = [
+                yaml_dir.rstrip("/"),
+                yaml_name
+              ]
+              | select
+              | join("/") %}
+
+{%-           do salt["log.debug"](
+                log_prefix
+                ~ "load configuration values from "
+                ~ yaml_filename
+              ) %}
+{%-           load_yaml as yaml_values %}
+{%-             include yaml_filename ignore missing %}
+{%-           endload %}
+
+{%-           if yaml_values %}
+{%-             do salt["log.debug"](
+                  log_prefix
+                  ~ "loaded configuration values from "
+                  ~ yaml_filename
+                  ~ ":\n"
+                  ~ yaml_values
+                  | yaml(False)
+                ) %}
+
+{#-             `slsutil.merge` options from #}
+{#-             1. the `value` #}
+{#-             2. the `defaults` #}
+{#-             3. the built-in #}
+{%-             set strategy = yaml_values
+                  | traverse(
+                    "strategy",
+                    defaults
+                    | traverse(
+                      "strategy",
+                      "smart"
+                    )
+                  ) %}
+{%-             set merge_lists = yaml_values
+                  | traverse(
+                    "merge_lists",
+                    defaults
+                    | traverse(
+                      "merge_lists",
+                      False
+                    )
+                  )
+                  | to_bool %}
+{%-             do stack.update(
+                  {
+                    "values": salt["slsutil.merge"](
+                      stack["values"],
+                      yaml_values
+                      | traverse("values", {}),
+                      strategy=strategy,
+                      merge_lists=merge_lists,
+                    )
+                  }
+                ) %}
+{%-             do salt["log.debug"](
+                  log_prefix
+                  ~ "merged configuration values from "
+                  ~ yaml_filename
+                  ~ ", merge: strategy='"
+                  ~ strategy
+                  ~ "', merge_lists='"
+                  ~ merge_lists
+                  ~ "':\n"
+                  ~ {"values": stack["values"]}
+                  | yaml(False)
+                ) %}
+{%-           endif %}
+{%-         endfor %}
+{%-       endif %}
+{%-     endfor %}
+{%-   endfor %}
+
+{%-   do salt["log.debug"](
+        log_prefix
+        ~ "final configuration values:\n"
+        ~ {"values": stack["values"]}
+        | yaml(False)
+      ) %}
+
+{#- Output stack as YAML, caller should use with something like #}
+{#- `{%- set config = mapstack(matchers=["foo"]) | load_yaml %}` #}
+{{ stack | yaml }}
+
+{%- endmacro %}

openssh/libmatchers.jinja

@@ -0,0 +1,222 @@
+{#- -*- coding: utf-8 -*- #}
+{#- vim: ft=jinja #}
+
+{#- Get the `tplroot` from `tpldir` #}
+{%- set tplroot = tpldir.split("/")[0] %}
+{%- from tplroot ~ "/libsaltcli.jinja" import cli with context %}
+
+{%- set query_map = {
+      "C": "config.get",
+      "G": "grains.get",
+      "I": "pillar.get",
+    } %}
+
+{#- When no part before `@` is provided: #}
+{#-   - define a YAML file path, noted `Y` #}
+{#-   - use `salt["config.get"]`, noted `C` #}
+{#-   - use colon `:` delimiter for querying #}
+{%- set _defaults = {
+      "type": "Y",
+      "query_type": "C",
+      "query_delimiter": ":"
+    } %}
+
+{%- macro parse_matchers(
+      matchers,
+      config_get_strategy=None,
+      log_prefix="libmatchers: "
+    ) %}
+{#-   matcher format is `[<TYPE>[:<OPTION>[:DELIMITER]]@]<KEY>` #}
+{#-   each matcher has a type: #}
+{#-   - `Y` to build a YAML file name (the default when no type is set) #}
+{#-   - `C` to lookup values with `config.get` #}
+{#-   - `G` to lookup values with `grains.get` #}
+{#-   - `I` to lookup values with `pillar.get` #}
+{#-   The `YAML` type option can define query type to build the file name: #}
+{#-   - `C` for query with `config.get` (the default when to query type is set) #}
+{#-   - `G` for query with `grains.get` #}
+{#-   - `I` for query with `pillar.get` #}
+{#-   With `DELIMITER`, you can choose a different delimiter when doing queries #}
+{%-   set parsed_matchers = [] %}
+{%-   for matcher in matchers %}
+{%-     do salt["log.debug"](
+          log_prefix
+          ~ "process matcher: '"
+          ~ matcher
+          ~ "'"
+        ) %}
+
+{%-     set parsed = {} %}
+{%-     set matcher_parts = matcher.split('@') %}
+{%-     if matcher_parts | length == 1 %}
+{#-       By default we load YAML files for config looked up by `config.get` #}
+{%-       do parsed.update(
+            {
+              "type": _defaults["type"],
+              "option": None,
+              "query_method": query_map[_defaults["query_type"]],
+              "query_delimiter": _defaults["query_delimiter"],
+              "query": matcher
+            }
+          ) %}
+{%-       do salt["log.debug"](
+            log_prefix
+            ~ "use built-in defaults for matcher:\n"
+            ~ parsed
+            | yaml(False)
+            | indent(4, True)
+          ) %}
+{%-     else %}
+{%-       do salt["log.debug"](
+            log_prefix
+            ~ "parse matcher: '"
+            ~ matcher
+            ~ "'"
+          ) %}
+{%-       set metadatas = matcher_parts[0].split(":") %}
+{%-       do parsed.update(
+            {
+              "query": matcher_parts[1]
+            }
+          ) %}
+{%-       if metadatas | length == 1 %}
+{%-         do parsed.update(
+              {
+                "type": metadatas[0],
+                "option": "C",
+                "query_delimiter": ":"
+              }
+            ) %}
+{%-         do salt["log.debug"](
+              log_prefix
+              ~ "parse as 1 metadata matcher:\n"
+              ~ parsed
+              | yaml(False)
+              | indent(4, True)
+            ) %}
+{%-       elif metadatas | length == 2 %}
+{%-         do parsed.update(
+              {
+                "type": metadatas[0],
+                "option": metadatas[1],
+                "query_delimiter": ":"
+              }
+            ) %}
+{%-         do salt["log.debug"](
+              log_prefix
+              ~ "parse as 2 metadata matcher:\n"
+              ~ parsed
+              | yaml(False)
+              | indent(4, True)
+            ) %}
+{%-       elif metadatas | length == 3 %}
+{%-         do parsed.update(
+              {
+                "type": metadatas[0],
+                "option": metadatas[1],
+                "query_delimiter": metadatas[2] | default(":", boolean=True)
+              }
+            ) %}
+{%-         do salt["log.debug"](
+              log_prefix
+              ~ "parse as 3 metadata matcher:\n"
+              ~ parsed
+              | yaml(False)
+              | indent(4, True)
+            ) %}
+{%-       elif metadatas | length == 4 %}
+{#-         The delimiter is `:` #}
+{%-         do parsed.update(
+              {
+                "type": metadatas[0],
+                "option": metadatas[1],
+                "query_delimiter": ":"
+              }
+            ) %}
+{%-         do salt["log.debug"](
+              log_prefix
+              ~ "parse as 4 metadata matcher:\n"
+              ~ parsed
+              | yaml(False)
+              | indent(4, True)
+            ) %}
+{%-       endif %}
+{%-     endif %}
+
+{#-     The `<OPTION>` has different meaning based on type #}
+{%-     if query_map.get(parsed.type, False) %}
+{%-       do parsed.update(
+            {
+              "query_method": query_map[parsed.type]
+            }
+          ) %}
+{%-     else %}
+{%-       do parsed.update(
+            {
+              "query_method": query_map[
+                parsed.option
+                | default("C", boolean=True)
+              ]
+            }
+          ) %}
+{%-     endif %}
+
+{#-     Add `merge:` option to `salt["config.get"]` if configured #}
+{%-     if cli not in ["ssh", "unknown"] and parsed.query_method == "config.get" and config_get_strategy %}
+{%-       set query_opts = {
+            "merge": config_get_strategy,
+            "delimiter": parsed.query_delimiter,
+          } %}
+{%-       set query_opts_msg = (
+            ", delimiter='"
+            ~ parsed.query_delimiter
+            ~ "', merge: strategy='"
+            ~ config_get_strategy
+            ~ "'"
+          ) %}
+{%-     else %}
+{%-       if cli in ["ssh", "unknown"] %}
+{%-         do salt["log.warning"](
+              log_prefix
+              ~ "the 'delimiter' and 'merge' options of 'config.get' are skipped when the salt command type is '"
+              ~ cli
+              ~ "'"
+            ) %}
+{%-       endif %}
+{%-       set query_opts = {} %}
+{%-       set query_opts_msg = "" %}
+{%-     endif %}
+
+{%-     do salt["log.debug"](
+          log_prefix
+          ~ "lookup '"
+          ~ parsed.query
+          ~ "' with '"
+          ~ parsed.query_method
+          ~ "'"
+          ~ query_opts_msg
+        ) %}
+{%-     set values = salt[parsed.query_method](
+          parsed.query,
+          default=[],
+          **query_opts
+        ) %}
+{%-     do parsed.update(
+          {
+            "value": values
+          }
+        ) %}
+
+{%-     do parsed_matchers.append(parsed) %}
+
+{%-   endfor %}
+{%-   do salt["log.debug"](
+        log_prefix
+        ~ "parsed matchers:\n"
+        ~ parsed_matchers
+        | yaml(False)
+        | indent(4, True)
+      ) %}
+
+{{ parsed_matchers | yaml }}
+{%- endmacro %}

openssh/libsaltcli.jinja

@@ -1,5 +1,5 @@
-# -*- coding: utf-8 -*-
+{#- -*- coding: utf-8 -*- #}
-# vim: ft=jinja
+{#- vim: ft=jinja #}
 
 {#- Get the relevant values from the `opts` dict #}
 {%- set opts_cli = opts.get('__cli', '') %}
@@ -10,6 +10,8 @@
 {%-   set cli = 'minion' %}
 {%- elif opts_cli == 'salt-call' %}
 {%-   set cli = 'ssh' if opts_masteropts_cli in ('salt-ssh', 'salt-master') else 'local' %}
+{%- elif opts_cli %}
+{%-   set cli = 'api' %}
 {%- else %}
 {%-   set cli = 'unknown' %}
 {%- endif %}

openssh/map.jinja

@@ -1,207 +1,66 @@
-# -*- coding: utf-8 -*-
+{#- -*- coding: utf-8 -*- #}
-# vim: ft=jinja
+{#- vim: ft=jinja #}
 
 {#- Get the `tplroot` from `tpldir` #}
 {%- set tplroot = tpldir.split("/")[0] %}
-{%- from tplroot ~ "/libsaltcli.jinja" import cli with context %}
+{%- from tplroot ~ "/libmapstack.jinja" import mapstack with context %}
 
 {#- Where to lookup parameters source files #}
-{%- set map_sources_dir = tplroot ~ "/parameters" %}
+{%- set formula_param_dir = tplroot ~ "/parameters" %}
-
-{#- Load defaults first to allow per formula default map.jinja configuration #}
-{%- set _defaults_filename = map_sources_dir ~ "/defaults.yaml" %}
-{%- do salt["log.debug"](
-      "map.jinja: initialise parameters from "
-      ~ _defaults_filename
-    ) %}
-{%- import_yaml _defaults_filename as default_settings %}
 
 {#- List of sources to lookup for parameters #}
-{%- do salt["log.debug"]("map.jinja: lookup 'map_jinja' configuration sources") %}
 {#- Fallback to previously used grains plus minion `id` #}
 {%- set map_sources = [
-      "osarch",
+      "Y:G@osarch",
-      "os_family",
+      "Y:G@os_family",
-      "os",
+      "Y:G@os",
-      "osfinger",
+      "Y:G@osfinger",
-      "config_get_lookup",
+      "C@" ~ tplroot ~ ":lookup",
-      "config_get",
+      "C@" ~ tplroot,
-      "id",
+      "Y:G@id",
     ] %}
-{#- Configure map.jinja from defaults.yaml #}
-{%- set map_sources = default_settings | traverse(
-      "values:map_jinja:sources",
-      map_sources,
-    ) %}
 
-{#- Lookup global sources #}
+{%- set _map_settings = mapstack(
-{%- set map_sources = salt["config.get"]("map_jinja:sources", map_sources) %}
+      matchers=["map_jinja.yaml"],
-{#- Lookup per formula sources #}
+      defaults={
-{%- set map_sources = salt["config.get"](
+        "values": {"sources": map_sources}
-      tplroot ~ ":map_jinja:sources",
+      },
-      map_sources,
+      log_prefix="map.jinja configuration: ",
-    ) %}
+    )
+    | load_yaml %}
 
+{%- set map_sources = _map_settings | traverse("values:sources") %}
 {%- do salt["log.debug"](
-      "map.jinja: load parameters with sources from "
+      "map.jinja: load parameters from sources:\n"
       ~ map_sources
+      | yaml(False)
     ) %}
 
-{#- Lookup with `config.get` from configurable roots #}
+{#- Load formula parameters values #}
-{%- do salt["log.debug"](
+{%- set _formula_matchers = ["defaults.yaml"] + map_sources %}
-      "map.jinja: initialise 'config.get' roots with 'tplroot' "
+
-      ~ tplroot
+{%- set _formula_settings = mapstack(
+      matchers=_formula_matchers,
+      dirs=[formula_param_dir],
+      defaults={
+        "values": {},
+        "merge_strategy": salt["config.get"](tplroot ~ ":strategy", None),
+        "merge_lists": salt["config.get"](tplroot ~ ":merge_lists", False),
+      },
+      log_prefix="map.jinja: ",
+    )
+    | load_yaml %}
+
+{#- Make sure to track `map.jinja` configuration with `_mapdata` #}
+{%- do _formula_settings["values"].update(
+      {
+        "map_jinja": _map_settings["values"]
+      }
     ) %}
-{%- set config_get_roots = [tplroot] %}
-{#- Configure `config.get` from defaults.yaml #}
-{%- set config_get_roots = default_settings | traverse(
-      "values:map_jinja:config_get_roots",
-      config_get_roots
-    ) %}
-{#- Lookup global `config.get` roots #}
-{%- set config_get_roots = salt["config.get"](
-      "map_jinja:config_get_roots",
-      config_get_roots
-    ) %}
-{#- Lookup per formula `config.get` roots #}
-{%- set config_get_roots = salt["config.get"](
-      tplroot ~ ":map_jinja:config_get_roots",
-      config_get_roots,
-    ) %}
-{%- do salt["log.debug"](
-      "map.jinja: load parameters with 'config.get' from roots "
-      ~ config_get_roots
-    ) %}
-
-{#- Work around assignment inside for loop #}
-{#- load configuration values used in `config.get` merging strategies #}
-{%- set _config = {
-      "stack": default_settings.get("values", {}),
-      "merge_strategy": salt["config.get"](tplroot ~ ":strategy", None),
-      "merge_lists": salt["config.get"](tplroot ~ ":merge_lists", False),
-    } %}
-
-{#- the `config.get` merge option only works for `minion` or `local` salt command types #}
-{%- if cli in ["minion", "local"] %}
-{%-   do _config.update(
-        {
-          "merge_opt": {"merge": _config["merge_strategy"]},
-          "merge_msg": ", merge: strategy='" ~ _config["merge_strategy"] ~ "'",
-        }
-      ) %}
-{#- the `config.get` merge option is not available for `ssh` or `unknown` salt command types #}
-{%- else %}
-{%-   if _config["merge_strategy"] %}
-{%-     do salt["log.error"](
-          "map.jinja: the 'merge' option of 'config.get' is skipped when the salt command type is '"
-          ~ cli
-          ~ "'"
-        ) %}
-{%-   endif %}
-{%-   do _config.update(
-        {
-          "merge_opt": {},
-          "merge_msg": "",
-        }
-      ) %}
-{%- endif %}
-
-
-{#- process each `map.jinja` source #}
-{%- for map_source in map_sources %}
-{%-   if map_source  in ["config_get", "config_get_lookup"] %}
-{%-     for _config_root in config_get_roots %}
-{%-       set _config_key = {
-            "config_get": _config_root,
-            "config_get_lookup": _config_root ~ ":lookup",
-          }.get(map_source) %}
-
-{%-       do salt["log.debug"](
-            "map.jinja: retrieve '"
-            ~ _config_key
-            ~ "' with 'config.get'"
-            ~ _config["merge_msg"]
-          ) %}
-{%-       set _config_get = salt["config.get"](
-            _config_key, default={}, **_config["merge_opt"]
-          ) %}
-
-{#-       `slsutil.merge` defaults to `smart` instead of `None` for `config.get` #}
-{%-       set _strategy = _config["merge_strategy"] | default("smart", boolean=True) %}
-{%-       do salt["log.debug"](
-            "map.jinja: merge '"
-            ~ _config_key
-            ~ "' retrieved with 'config.get'"
-            ~ ", merge: strategy='"
-            ~ _strategy
-            ~ "', lists='"
-            ~ _config["merge_lists"]
-            ~ "'"
-          ) %}
-
-{#-       Keep values under each root key when there are more than one #}
-{%-       if config_get_roots|length > 1 %}
-{%-         set _config_get = { _config_root: _config_get } %}
-{%-       endif %}
-{%-       do _config.update(
-            {
-              "stack": salt["slsutil.merge"](
-                _config["stack"],
-                _config_get,
-                strategy=_strategy,
-                merge_lists=_config["merge_lists"],
-              )
-            }
-          ) %}
-{%-     endfor %}
-{%-   else %}
-{#-     Lookup the grain/pillar/... #}
-{#-     Fallback to use the source name as a direct filename #}
-{%-     set map_values = salt["config.get"](map_source, []) %}
-
-{#-     Mangle `map_source` to use it as literal path #}
-{%-     if map_values | length == 0 %}
-{%-       set map_source_parts = map_source.split("/") %}
-{%-       set map_source = map_source_parts[0:-1] | join("/") %}
-{%-       set map_values = map_source_parts[-1].rstrip(".yaml") %}
-{%-     endif %}
-
-{#-     Some configuration return list #}
-{%-     if map_values is string %}
-{%-       set map_values = [map_values] %}
-{%-     endif %}
-
-{%-     for map_value in map_values %}
-{%-       set yamlfile = [
-            map_sources_dir,
-            map_source,
-            map_value ~ ".yaml",
-          ]
-          | join("/")
-          %}
-{%-       do salt["log.debug"]("map.jinja: load parameters from file " ~ yamlfile) %}
-{%-       load_yaml as loaded_values %}
-{%-         include yamlfile ignore missing %}
-{%-       endload %}
-
-{%-       if loaded_values %}
-{#-         Merge loaded values on the stack #}
-{%-         do salt["log.debug"]("map.jinja: merge parameters from " ~ yamlfile) %}
-{%-         do _config.update(
-              {
-                "stack": salt["slsutil.merge"](
-                  _config["stack"],
-                  loaded_values.get("values", {}),
-                  strategy=loaded_values.get("strategy", "smart"),
-                  merge_lists=loaded_values.get("merge_lists", False)
-                  | to_bool,
-                )
-              }
-            ) %}
-{%-       endif %}
-{%-     endfor %}
-{%-   endif %}
-{%- endfor %}
 
 {%- do salt["log.debug"]("map.jinja: save parameters in variable 'mapdata'") %}
-{%- set mapdata = _config["stack"] %}
+{%- set mapdata = _formula_settings["values"] %}
+
+{#- Per formula post-processing of `mapdata` if it exists #}
+{%- do salt["log.debug"]("map.jinja: post-processing of 'mapdata'") %}
+{%- include tplroot ~ "/post-map.jinja" ignore missing %}

openssh/parameters/defaults.yaml

@@ -2,12 +2,6 @@
 # vim: ft=yaml
 ---
 values:
-  map_jinja:
-    config_get_roots:
-      - openssh
-      - sshd_config
-      - ssh_config
-
   openssh:
     sshd_enable: true
     sshd_binary: /usr/sbin/sshd

openssh/parameters/map_jinja.yaml

@@ -0,0 +1,21 @@
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
+values:
+  sources:
+    - "Y:G@osarch"
+    - "Y:G@os_family"
+    - "Y:G@os"
+    - "Y:G@osfinger"
+
+    # Merge values from `config.get` under `mapdata.<key>` to keep
+    # compatibility with user pillars.
+    # The `<key>` and `<key>:lookup` are merged together
+    - "C:SUB@openssh:lookup"
+    - "C:SUB@openssh"
+    - "C:SUB@sshd_config:lookup"
+    - "C:SUB@sshd_config"
+    - "C:SUB@ssh_config:lookup"
+    - "C:SUB@ssh_config"
+
+    - "Y:G@id"

openssh/parameters/os_family/OpenBSD.yaml

@@ -12,6 +12,8 @@
 values:
   openssh:
     service: sshd
+    # Already installed: `base68:/usr/bin/dig`
+    dig_pkg: ~
     sshd_config_group: wheel
     ssh_config_group: wheel
   sshd_config:

pillar.example

@@ -361,16 +361,6 @@ openssh:
   #     salt://files/ssh/moduli.hash
   # These will be automatically referenced to by the ssh_moduli state.
 
-# Required for openssh.known_hosts
-mine_functions:
-  public_ssh_host_keys:
-    mine_function: cmd.run
-    cmd: cat /etc/ssh/ssh_host_*_key.pub
-    python_shell: true
-  public_ssh_hostname:
-    mine_function: grains.get
-    key: id
-
   tofs:
     # The files_switch key serves as a selector for alternative
     # directories under the formula files directory. See TOFS pattern
@@ -399,3 +389,13 @@ mine_functions:
         - alt_ssh_config
       sshd_banner:
         - fire_banner
+
+# Required for openssh.known_hosts
+mine_functions:
+  public_ssh_host_keys:
+    mine_function: cmd.run
+    cmd: cat /etc/ssh/ssh_host_*_key.pub
+    python_shell: true
+  public_ssh_hostname:
+    mine_function: grains.get
+    key: id

pre-commit_semantic-release.sh

@@ -7,16 +7,16 @@ sed -i -e "s_^\(version:\).*_\1 ${1}_" FORMULA
 
 
 ###############################################################################
-# (B) Use `m2r` to convert automatically produced `.md` docs to `.rst`
+# (B) Use `m2r2` to convert automatically produced `.md` docs to `.rst`
 ###############################################################################
 
-# Install `m2r`
+# Install `m2r2`
-sudo -H pip install m2r
+pip3 install m2r2
 
 # Copy and then convert the `.md` docs
 cp ./*.md docs/
 cd docs/ || exit
-m2r --overwrite ./*.md
+m2r2 --overwrite ./*.md
 
 # Change excess `H1` headings to `H2` in converted `CHANGELOG.rst`
 sed -i -e '/^=.*$/s/=/-/g' CHANGELOG.rst

release.config.js

@@ -1,5 +1,6 @@
 module.exports = {
   branch: 'master',
+  repositoryUrl: 'https://github.com/saltstack-formulas/openssh-formula',
   plugins: [
       ['@semantic-release/commit-analyzer', {
         preset: 'angular',

test/integration/default/controls/_mapdata.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+require 'yaml'
+
+control 'openssh._mapdata' do
+  title '`map.jinja` should match the reference file'
+
+  ### Method
+  # The steps below for each file appear convoluted but they are both required
+  # and similar in nature:
+  # 1. The earliest method was to simply compare the files textually but this often
+  #    led to false positives due to inconsistencies (e.g. spacing, ordering)
+  # 2. The next method was to load the files back into YAML structures and then
+  #    compare but InSpec provided block diffs this way, unusable by end users
+  # 3. The final step was to dump the YAML structures back into a string to use
+  #    for the comparison; this both worked and provided human-friendly diffs
+
+  ### Comparison file for the specific platform
+  ### Static, adjusted as part of code contributions, as map data is changed
+  # Strip the `platform[:finger]` version number down to the "OS major release"
+  platform_finger = system.platform[:finger].split('.').first.to_s
+  # Use that to set the path to the file (relative to the InSpec suite directory)
+  mapdata_file_path = "_mapdata/#{platform_finger}.yaml"
+  # Load the mapdata from profile, into a YAML structure
+  # https://docs.chef.io/inspec/profiles/#profile-files
+  mapdata_file_yaml = YAML.load(inspec.profile.file(mapdata_file_path))
+  # Dump the YAML back into a string for comparison
+  mapdata_file_dump = YAML.dump(mapdata_file_yaml)
+
+  ### Output file produced by running the `_mapdata` state
+  ### Dynamic, generated during Kitchen's `converge` phase
+  # Derive the location of the dumped mapdata (differs for Windows)
+  output_dir = platform[:family] == 'windows' ? '/temp' : '/tmp'
+  # Use that to set the path to the file (absolute path, i.e. within the container)
+  output_file_path = "#{output_dir}/salt_mapdata_dump.yaml"
+  # Load the output into a YAML structure using InSpec's `yaml` resource
+  # https://github.com/inspec/inspec/blob/49b7d10/lib/inspec/resources/yaml.rb#L29
+  output_file_yaml = yaml(output_file_path).params
+  # Dump the YAML back into a string for comparison
+  output_file_dump = YAML.dump(output_file_yaml)
+
+  describe 'File content' do
+    it 'should match profile map data exactly' do
+      expect(output_file_dump).to eq(mapdata_file_dump)
+    end
+  end
+end

test/integration/default/controls/_mapdata_spec.rb

@@ -1,18 +0,0 @@
-# frozen_string_literal: true
-
-# Replace per minion strings
-replacement = {
-  hostname: system.hostname
-}
-
-mapdata_file = "_mapdata/#{system.platform[:finger].split('.').first}.yaml"
-mapdata_dump = inspec.profile.file(mapdata_file) % replacement
-
-control '`map.jinja` YAML dump' do
-  title 'should contain the lines'
-
-  describe file('/tmp/salt_mapdata_dump.yaml') do
-    it { should exist }
-    its('content') { should eq mapdata_dump }
-  end
-end

test/integration/default/controls/config_spec.rb

@@ -27,7 +27,9 @@ control 'openssh configuration' do
     its('content') { should include 'PrintMotd no' }
     its('content') { should include 'AcceptEnv LANG LC_*' }
     its('content') { should include 'Subsystem sftp /usr/lib/openssh/sftp-server' }
-    its('content') { should include 'UsePAM yes' }
+    unless %w[openbsd].include?(platform[:name])
+      its('content') { should include 'UsePAM yes' }
+    end
   end
 
   describe file('/etc/ssh/ssh_config') do
@@ -45,7 +47,7 @@ control 'openssh configuration' do
     it { should be_file }
     its('mode') { should cmp '0644' }
     it { should be_owned_by 'root' }
-    it { should be_grouped_into 'root' }
+    it { should be_grouped_into root_group }
     its('content') { should include github_known_host }
     its('content') { should match(gitlab_known_host_re) }
     its('content') { should include minion_rsa_known_host }

test/integration/default/files/_mapdata/almalinux-8.yaml

@@ -0,0 +1,185 @@
+# yamllint disable rule:indentation rule:line-length
+# AlmaLinux-8
+---
+values:
+  map_jinja:
+    sources:
+    - Y:G@osarch
+    - Y:G@os_family
+    - Y:G@os
+    - Y:G@osfinger
+    - C:SUB@openssh:lookup
+    - C:SUB@openssh
+    - C:SUB@sshd_config:lookup
+    - C:SUB@sshd_config
+    - C:SUB@ssh_config:lookup
+    - C:SUB@ssh_config
+    - Y:G@id
+  openssh:
+    absent_dsa_keys: false
+    absent_ecdsa_keys: false
+    absent_ed25519_keys: false
+    absent_rsa_keys: false
+    auth:
+      joe-non-valid-ssh-key:
+      - comment: obsolete key - removed
+        enc: ssh-rsa
+        present: false
+        source: salt://ssh_keys/joe.no-valid.pub
+        user: joe
+      joe-valid-ssh-key-desktop:
+      - comment: main key - desktop
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.desktop.pub
+        user: joe
+      joe-valid-ssh-key-notebook:
+      - comment: main key - notebook
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.netbook.pub
+        user: joe
+    auth_map:
+      personal_keys:
+        source: salt://ssh_keys
+        users:
+          joe:
+            joe.desktop: {}
+            joe.netbook:
+              options: []
+            joe.no-valid:
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client: openssh-clients
+    client_version: latest
+    dig_pkg: bind-utils
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END DSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-dss NOT_DEFINED
+  '
+    ecdsa:
+      private_key: '-----BEGIN EC PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END EC PRIVATE KEY-----
+  '
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+  '
+    ed25519:
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END OPENSSH PRIVATE KEY-----
+  '
+      public_key: 'ssh-ed25519 NOT_DEFINED
+  '
+    enforce_rsa_size: false
+    generate_dsa_keys: false
+    generate_ecdsa_keys: false
+    generate_ed25519_keys: false
+    generate_rsa_keys: false
+    generate_rsa_size: 4096
+    host_key_algos: ecdsa,ed25519,rsa
+    known_hosts:
+      aliases:
+      - cname-to-minion.example.org
+      - alias.example.org
+      hostnames: false
+      include_localhost: false
+      mine_hostname_function: public_ssh_hostname
+      mine_keys_function: public_ssh_host_keys
+      omit_ip_address:
+      - github.com
+      salt_ssh:
+        public_ssh_host_keys:
+          minion.id: 'ssh-rsa [...]
+
+            ssh-ed25519 [...]
+  '
+        public_ssh_host_names:
+          minion.id:
+          - minion.id
+          - alias.of.minion.id
+        user: salt-master
+      static:
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+      target: '*'
+      tgt_type: glob
+    moduli: '# Time Type Tests Tries Size Generator Modulus
+
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+  '
+    provide_dsa_keys: false
+    provide_ecdsa_keys: false
+    provide_ed25519_keys: false
+    provide_rsa_keys: false
+    root_group: root
+    rsa:
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END RSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-rsa NOT_DEFINED
+  '
+    server: openssh-server
+    server_version: latest
+    service: sshd
+    ssh_config: /etc/ssh/ssh_config
+    ssh_config_backup: true
+    ssh_config_group: root
+    ssh_config_mode: '644'
+    ssh_config_src: ssh_config
+    ssh_config_user: root
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
+    ssh_moduli: /etc/ssh/moduli
+    sshd_binary: /usr/sbin/sshd
+    sshd_config: /etc/ssh/sshd_config
+    sshd_config_backup: true
+    sshd_config_group: root
+    sshd_config_mode: '644'
+    sshd_config_src: sshd_config
+    sshd_config_user: root
+    sshd_enable: true
+    tofs:
+      source_files:
+        manage ssh_known_hosts file:
+        - alt_ssh_known_hosts
+        ssh_config:
+        - alt_ssh_config
+        sshd_banner:
+        - fire_banner
+        sshd_config:
+        - alt_sshd_config
+  ssh_config:
+    Hosts:
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    UsePAM: 'yes'
+    X11Forwarding: 'yes'

test/integration/default/files/_mapdata/amazonlinux-1.yaml

@@ -1,166 +1,185 @@
 # yamllint disable rule:indentation rule:line-length
 # Amazon Linux AMI-2018
 ---
-map_jinja:
+values:
-  config_get_roots:
+  map_jinja:
-  - openssh
+    sources:
-  - sshd_config
+    - Y:G@osarch
-  - ssh_config
+    - Y:G@os_family
-openssh:
+    - Y:G@os
-  absent_dsa_keys: false
+    - Y:G@osfinger
-  absent_ecdsa_keys: false
+    - C:SUB@openssh:lookup
-  absent_ed25519_keys: false
+    - C:SUB@openssh
-  absent_rsa_keys: false
+    - C:SUB@sshd_config:lookup
-  auth:
+    - C:SUB@sshd_config
-    joe-non-valid-ssh-key:
+    - C:SUB@ssh_config:lookup
-    - comment: obsolete key - removed
+    - C:SUB@ssh_config
-      enc: ssh-rsa
+    - Y:G@id
-      present: false
+  openssh:
-      source: salt://ssh_keys/joe.no-valid.pub
+    absent_dsa_keys: false
-      user: joe
+    absent_ecdsa_keys: false
-    joe-valid-ssh-key-desktop:
+    absent_ed25519_keys: false
-    - comment: main key - desktop
+    absent_rsa_keys: false
-      enc: ssh-rsa
+    auth:
-      present: true
+      joe-non-valid-ssh-key:
-      source: salt://ssh_keys/joe.desktop.pub
+      - comment: obsolete key - removed
-      user: joe
+        enc: ssh-rsa
-    joe-valid-ssh-key-notebook:
+        present: false
-    - comment: main key - notebook
+        source: salt://ssh_keys/joe.no-valid.pub
-      enc: ssh-rsa
+        user: joe
-      present: true
+      joe-valid-ssh-key-desktop:
-      source: salt://ssh_keys/joe.netbook.pub
+      - comment: main key - desktop
-      user: joe
+        enc: ssh-rsa
-  auth_map:
+        present: true
-    personal_keys:
+        source: salt://ssh_keys/joe.desktop.pub
-      source: salt://ssh_keys
+        user: joe
-      users:
+      joe-valid-ssh-key-notebook:
-        joe:
+      - comment: main key - notebook
-          joe.desktop: {}
+        enc: ssh-rsa
-          joe.netbook:
+        present: true
-            options: []
+        source: salt://ssh_keys/joe.netbook.pub
-          joe.no-valid:
+        user: joe
-            present: false
+    auth_map:
-  banner: /etc/ssh/banner
+      personal_keys:
-  banner_src: banner
+        source: salt://ssh_keys
-  banner_string: 'Welcome to %{hostname}!
+        users:
-'
+          joe:
-  client: openssh-clients
+            joe.desktop: {}
-  client_version: latest
+            joe.netbook:
-  dig_pkg: bind-utils
+              options: []
-  dsa:
+            joe.no-valid:
-    private_key: '-----BEGIN DSA PRIVATE KEY-----
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client: openssh-clients
+    client_version: latest
+    dig_pkg: bind-utils
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END DSA PRIVATE KEY-----
+        -----END DSA PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-dss NOT_DEFINED
+      public_key: 'ssh-dss NOT_DEFINED
-'
+  '
-  ecdsa:
+    ecdsa:
-    private_key: '-----BEGIN EC PRIVATE KEY-----
+      private_key: '-----BEGIN EC PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END EC PRIVATE KEY-----
+        -----END EC PRIVATE KEY-----
-'
+  '
-    public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
-'
+  '
-  ed25519:
+    ed25519:
-    private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END OPENSSH PRIVATE KEY-----
+        -----END OPENSSH PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-ed25519 NOT_DEFINED
+      public_key: 'ssh-ed25519 NOT_DEFINED
-'
+  '
-  enforce_rsa_size: false
+    enforce_rsa_size: false
-  generate_dsa_keys: false
+    generate_dsa_keys: false
-  generate_ecdsa_keys: false
+    generate_ecdsa_keys: false
-  generate_ed25519_keys: false
+    generate_ed25519_keys: false
-  generate_rsa_keys: false
+    generate_rsa_keys: false
-  generate_rsa_size: 4096
+    generate_rsa_size: 4096
-  host_key_algos: ecdsa,ed25519,rsa
+    host_key_algos: ecdsa,ed25519,rsa
-  known_hosts:
+    known_hosts:
-    aliases:
+      aliases:
-    - cname-to-minion.example.org
+      - cname-to-minion.example.org
-    - alias.example.org
+      - alias.example.org
-    hostnames: false
+      hostnames: false
-    include_localhost: false
+      include_localhost: false
-    mine_hostname_function: public_ssh_hostname
+      mine_hostname_function: public_ssh_hostname
-    mine_keys_function: public_ssh_host_keys
+      mine_keys_function: public_ssh_host_keys
-    omit_ip_address:
+      omit_ip_address:
-    - github.com
+      - github.com
-    salt_ssh:
+      salt_ssh:
-      public_ssh_host_keys:
+        public_ssh_host_keys:
-        minion.id: 'ssh-rsa [...]
+          minion.id: 'ssh-rsa [...]
 
-          ssh-ed25519 [...]
+            ssh-ed25519 [...]
-'
+  '
-      public_ssh_host_names:
+        public_ssh_host_names:
-        minion.id:
+          minion.id:
-        - minion.id
+          - minion.id
-        - alias.of.minion.id
+          - alias.of.minion.id
-      user: salt-master
+        user: salt-master
-    static:
+      static:
-      github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
-      gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
-    target: '*'
+      target: '*'
-    tgt_type: glob
+      tgt_type: glob
-  moduli: '# Time Type Tests Tries Size Generator Modulus
+    moduli: '# Time Type Tests Tries Size Generator Modulus
 
-    20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
 
-    20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
 
-    20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
 
-    20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
-'
+  '
-  provide_dsa_keys: false
+    provide_dsa_keys: false
-  provide_ecdsa_keys: false
+    provide_ecdsa_keys: false
-  provide_ed25519_keys: false
+    provide_ed25519_keys: false
-  provide_rsa_keys: false
+    provide_rsa_keys: false
-  root_group: root
+    root_group: root
-  rsa:
+    rsa:
-    private_key: '-----BEGIN RSA PRIVATE KEY-----
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END RSA PRIVATE KEY-----
+        -----END RSA PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-rsa NOT_DEFINED
+      public_key: 'ssh-rsa NOT_DEFINED
-'
+  '
-  server: openssh-server
+    server: openssh-server
-  server_version: latest
+    server_version: latest
-  service: sshd
+    service: sshd
-  ssh_config: /etc/ssh/ssh_config
+    ssh_config: /etc/ssh/ssh_config
-  ssh_config_backup: true
+    ssh_config_backup: true
-  ssh_config_group: root
+    ssh_config_group: root
-  ssh_config_mode: '644'
+    ssh_config_mode: '644'
-  ssh_config_src: ssh_config
+    ssh_config_src: ssh_config
-  ssh_config_user: root
+    ssh_config_user: root
-  ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
-  ssh_known_hosts_src: ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
-  ssh_moduli: /etc/ssh/moduli
+    ssh_moduli: /etc/ssh/moduli
-  sshd_binary: /usr/sbin/sshd
+    sshd_binary: /usr/sbin/sshd
-  sshd_config: /etc/ssh/sshd_config
+    sshd_config: /etc/ssh/sshd_config
-  sshd_config_backup: true
+    sshd_config_backup: true
-  sshd_config_group: root
+    sshd_config_group: root
-  sshd_config_mode: '644'
+    sshd_config_mode: '644'
-  sshd_config_src: sshd_config
+    sshd_config_src: sshd_config
-  sshd_config_user: root
+    sshd_config_user: root
-  sshd_enable: true
+    sshd_enable: true
-ssh_config:
+    tofs:
-  Hosts:
+      source_files:
-    '*':
+        manage ssh_known_hosts file:
-      GSSAPIAuthentication: 'yes'
+        - alt_ssh_known_hosts
-      HashKnownHosts: 'yes'
+        ssh_config:
-      SendEnv: LANG LC_*
+        - alt_ssh_config
-sshd_config:
+        sshd_banner:
-  AcceptEnv: LANG LC_*
+        - fire_banner
-  ChallengeResponseAuthentication: 'no'
+        sshd_config:
-  PrintMotd: 'no'
+        - alt_sshd_config
-  Subsystem: sftp /usr/lib/openssh/sftp-server
+  ssh_config:
-  UsePAM: 'yes'
+    Hosts:
-  X11Forwarding: 'yes'
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    UsePAM: 'yes'
+    X11Forwarding: 'yes'

test/integration/default/files/_mapdata/amazonlinux-2.yaml

@@ -1,166 +1,185 @@
 # yamllint disable rule:indentation rule:line-length
 # Amazon Linux-2
 ---
-map_jinja:
+values:
-  config_get_roots:
+  map_jinja:
-  - openssh
+    sources:
-  - sshd_config
+    - Y:G@osarch
-  - ssh_config
+    - Y:G@os_family
-openssh:
+    - Y:G@os
-  absent_dsa_keys: false
+    - Y:G@osfinger
-  absent_ecdsa_keys: false
+    - C:SUB@openssh:lookup
-  absent_ed25519_keys: false
+    - C:SUB@openssh
-  absent_rsa_keys: false
+    - C:SUB@sshd_config:lookup
-  auth:
+    - C:SUB@sshd_config
-    joe-non-valid-ssh-key:
+    - C:SUB@ssh_config:lookup
-    - comment: obsolete key - removed
+    - C:SUB@ssh_config
-      enc: ssh-rsa
+    - Y:G@id
-      present: false
+  openssh:
-      source: salt://ssh_keys/joe.no-valid.pub
+    absent_dsa_keys: false
-      user: joe
+    absent_ecdsa_keys: false
-    joe-valid-ssh-key-desktop:
+    absent_ed25519_keys: false
-    - comment: main key - desktop
+    absent_rsa_keys: false
-      enc: ssh-rsa
+    auth:
-      present: true
+      joe-non-valid-ssh-key:
-      source: salt://ssh_keys/joe.desktop.pub
+      - comment: obsolete key - removed
-      user: joe
+        enc: ssh-rsa
-    joe-valid-ssh-key-notebook:
+        present: false
-    - comment: main key - notebook
+        source: salt://ssh_keys/joe.no-valid.pub
-      enc: ssh-rsa
+        user: joe
-      present: true
+      joe-valid-ssh-key-desktop:
-      source: salt://ssh_keys/joe.netbook.pub
+      - comment: main key - desktop
-      user: joe
+        enc: ssh-rsa
-  auth_map:
+        present: true
-    personal_keys:
+        source: salt://ssh_keys/joe.desktop.pub
-      source: salt://ssh_keys
+        user: joe
-      users:
+      joe-valid-ssh-key-notebook:
-        joe:
+      - comment: main key - notebook
-          joe.desktop: {}
+        enc: ssh-rsa
-          joe.netbook:
+        present: true
-            options: []
+        source: salt://ssh_keys/joe.netbook.pub
-          joe.no-valid:
+        user: joe
-            present: false
+    auth_map:
-  banner: /etc/ssh/banner
+      personal_keys:
-  banner_src: banner
+        source: salt://ssh_keys
-  banner_string: 'Welcome to %{hostname}!
+        users:
-'
+          joe:
-  client: openssh-clients
+            joe.desktop: {}
-  client_version: latest
+            joe.netbook:
-  dig_pkg: bind-utils
+              options: []
-  dsa:
+            joe.no-valid:
-    private_key: '-----BEGIN DSA PRIVATE KEY-----
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client: openssh-clients
+    client_version: latest
+    dig_pkg: bind-utils
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END DSA PRIVATE KEY-----
+        -----END DSA PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-dss NOT_DEFINED
+      public_key: 'ssh-dss NOT_DEFINED
-'
+  '
-  ecdsa:
+    ecdsa:
-    private_key: '-----BEGIN EC PRIVATE KEY-----
+      private_key: '-----BEGIN EC PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END EC PRIVATE KEY-----
+        -----END EC PRIVATE KEY-----
-'
+  '
-    public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
-'
+  '
-  ed25519:
+    ed25519:
-    private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END OPENSSH PRIVATE KEY-----
+        -----END OPENSSH PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-ed25519 NOT_DEFINED
+      public_key: 'ssh-ed25519 NOT_DEFINED
-'
+  '
-  enforce_rsa_size: false
+    enforce_rsa_size: false
-  generate_dsa_keys: false
+    generate_dsa_keys: false
-  generate_ecdsa_keys: false
+    generate_ecdsa_keys: false
-  generate_ed25519_keys: false
+    generate_ed25519_keys: false
-  generate_rsa_keys: false
+    generate_rsa_keys: false
-  generate_rsa_size: 4096
+    generate_rsa_size: 4096
-  host_key_algos: ecdsa,ed25519,rsa
+    host_key_algos: ecdsa,ed25519,rsa
-  known_hosts:
+    known_hosts:
-    aliases:
+      aliases:
-    - cname-to-minion.example.org
+      - cname-to-minion.example.org
-    - alias.example.org
+      - alias.example.org
-    hostnames: false
+      hostnames: false
-    include_localhost: false
+      include_localhost: false
-    mine_hostname_function: public_ssh_hostname
+      mine_hostname_function: public_ssh_hostname
-    mine_keys_function: public_ssh_host_keys
+      mine_keys_function: public_ssh_host_keys
-    omit_ip_address:
+      omit_ip_address:
-    - github.com
+      - github.com
-    salt_ssh:
+      salt_ssh:
-      public_ssh_host_keys:
+        public_ssh_host_keys:
-        minion.id: 'ssh-rsa [...]
+          minion.id: 'ssh-rsa [...]
 
-          ssh-ed25519 [...]
+            ssh-ed25519 [...]
-'
+  '
-      public_ssh_host_names:
+        public_ssh_host_names:
-        minion.id:
+          minion.id:
-        - minion.id
+          - minion.id
-        - alias.of.minion.id
+          - alias.of.minion.id
-      user: salt-master
+        user: salt-master
-    static:
+      static:
-      github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
-      gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
-    target: '*'
+      target: '*'
-    tgt_type: glob
+      tgt_type: glob
-  moduli: '# Time Type Tests Tries Size Generator Modulus
+    moduli: '# Time Type Tests Tries Size Generator Modulus
 
-    20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
 
-    20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
 
-    20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
 
-    20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
-'
+  '
-  provide_dsa_keys: false
+    provide_dsa_keys: false
-  provide_ecdsa_keys: false
+    provide_ecdsa_keys: false
-  provide_ed25519_keys: false
+    provide_ed25519_keys: false
-  provide_rsa_keys: false
+    provide_rsa_keys: false
-  root_group: root
+    root_group: root
-  rsa:
+    rsa:
-    private_key: '-----BEGIN RSA PRIVATE KEY-----
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END RSA PRIVATE KEY-----
+        -----END RSA PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-rsa NOT_DEFINED
+      public_key: 'ssh-rsa NOT_DEFINED
-'
+  '
-  server: openssh-server
+    server: openssh-server
-  server_version: latest
+    server_version: latest
-  service: sshd
+    service: sshd
-  ssh_config: /etc/ssh/ssh_config
+    ssh_config: /etc/ssh/ssh_config
-  ssh_config_backup: true
+    ssh_config_backup: true
-  ssh_config_group: root
+    ssh_config_group: root
-  ssh_config_mode: '644'
+    ssh_config_mode: '644'
-  ssh_config_src: ssh_config
+    ssh_config_src: ssh_config
-  ssh_config_user: root
+    ssh_config_user: root
-  ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
-  ssh_known_hosts_src: ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
-  ssh_moduli: /etc/ssh/moduli
+    ssh_moduli: /etc/ssh/moduli
-  sshd_binary: /usr/sbin/sshd
+    sshd_binary: /usr/sbin/sshd
-  sshd_config: /etc/ssh/sshd_config
+    sshd_config: /etc/ssh/sshd_config
-  sshd_config_backup: true
+    sshd_config_backup: true
-  sshd_config_group: root
+    sshd_config_group: root
-  sshd_config_mode: '644'
+    sshd_config_mode: '644'
-  sshd_config_src: sshd_config
+    sshd_config_src: sshd_config
-  sshd_config_user: root
+    sshd_config_user: root
-  sshd_enable: true
+    sshd_enable: true
-ssh_config:
+    tofs:
-  Hosts:
+      source_files:
-    '*':
+        manage ssh_known_hosts file:
-      GSSAPIAuthentication: 'yes'
+        - alt_ssh_known_hosts
-      HashKnownHosts: 'yes'
+        ssh_config:
-      SendEnv: LANG LC_*
+        - alt_ssh_config
-sshd_config:
+        sshd_banner:
-  AcceptEnv: LANG LC_*
+        - fire_banner
-  ChallengeResponseAuthentication: 'no'
+        sshd_config:
-  PrintMotd: 'no'
+        - alt_sshd_config
-  Subsystem: sftp /usr/lib/openssh/sftp-server
+  ssh_config:
-  UsePAM: 'yes'
+    Hosts:
-  X11Forwarding: 'yes'
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    UsePAM: 'yes'
+    X11Forwarding: 'yes'

test/integration/default/files/_mapdata/arch-base-latest.yaml

@@ -1,166 +1,186 @@
 # yamllint disable rule:indentation rule:line-length
 # Arch
 ---
-map_jinja:
+values:
-  config_get_roots:
+  map_jinja:
-  - openssh
+    sources:
-  - sshd_config
+    - Y:G@osarch
-  - ssh_config
+    - Y:G@os_family
-openssh:
+    - Y:G@os
-  absent_dsa_keys: false
+    - Y:G@osfinger
-  absent_ecdsa_keys: false
+    - C:SUB@openssh:lookup
-  absent_ed25519_keys: false
+    - C:SUB@openssh
-  absent_rsa_keys: false
+    - C:SUB@sshd_config:lookup
-  auth:
+    - C:SUB@sshd_config
-    joe-non-valid-ssh-key:
+    - C:SUB@ssh_config:lookup
-    - comment: obsolete key - removed
+    - C:SUB@ssh_config
-      enc: ssh-rsa
+    - Y:G@id
-      present: false
+  openssh:
-      source: salt://ssh_keys/joe.no-valid.pub
+    absent_dsa_keys: false
-      user: joe
+    absent_ecdsa_keys: false
-    joe-valid-ssh-key-desktop:
+    absent_ed25519_keys: false
-    - comment: main key - desktop
+    absent_rsa_keys: false
-      enc: ssh-rsa
+    auth:
-      present: true
+      joe-non-valid-ssh-key:
-      source: salt://ssh_keys/joe.desktop.pub
+      - comment: obsolete key - removed
-      user: joe
+        enc: ssh-rsa
-    joe-valid-ssh-key-notebook:
+        present: false
-    - comment: main key - notebook
+        source: salt://ssh_keys/joe.no-valid.pub
-      enc: ssh-rsa
+        user: joe
-      present: true
+      joe-valid-ssh-key-desktop:
-      source: salt://ssh_keys/joe.netbook.pub
+      - comment: main key - desktop
-      user: joe
+        enc: ssh-rsa
-  auth_map:
+        present: true
-    personal_keys:
+        source: salt://ssh_keys/joe.desktop.pub
-      source: salt://ssh_keys
+        user: joe
-      users:
+      joe-valid-ssh-key-notebook:
-        joe:
+      - comment: main key - notebook
-          joe.desktop: {}
+        enc: ssh-rsa
-          joe.netbook:
+        present: true
-            options: []
+        source: salt://ssh_keys/joe.netbook.pub
-          joe.no-valid:
+        user: joe
-            present: false
+    auth_map:
-  banner: /etc/ssh/banner
+      personal_keys:
-  banner_src: banner
+        source: salt://ssh_keys
-  banner_string: 'Welcome to %{hostname}!
+        users:
-'
+          joe:
-  client: openssh
+            joe.desktop: {}
-  client_version: latest
+            joe.netbook:
-  dig_pkg: bind
+              options: []
-  dsa:
+            joe.no-valid:
-    private_key: '-----BEGIN DSA PRIVATE KEY-----
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client: openssh
+    client_version: latest
+    dig_pkg: bind
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END DSA PRIVATE KEY-----
+        -----END DSA PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-dss NOT_DEFINED
+      public_key: 'ssh-dss NOT_DEFINED
-'
+  '
-  ecdsa:
+    ecdsa:
-    private_key: '-----BEGIN EC PRIVATE KEY-----
+      private_key: '-----BEGIN EC PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END EC PRIVATE KEY-----
+        -----END EC PRIVATE KEY-----
-'
+  '
-    public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
-'
+  '
-  ed25519:
+    ed25519:
-    private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END OPENSSH PRIVATE KEY-----
+        -----END OPENSSH PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-ed25519 NOT_DEFINED
+      public_key: 'ssh-ed25519 NOT_DEFINED
-'
+  '
-  enforce_rsa_size: false
+    enforce_rsa_size: false
-  generate_dsa_keys: false
+    generate_dsa_keys: false
-  generate_ecdsa_keys: false
+    generate_ecdsa_keys: false
-  generate_ed25519_keys: false
+    generate_ed25519_keys: false
-  generate_rsa_keys: false
+    generate_rsa_keys: false
-  generate_rsa_size: 4096
+    generate_rsa_size: 4096
-  host_key_algos: ecdsa,ed25519,rsa
+    host_key_algos: ecdsa,ed25519,rsa
-  known_hosts:
+    known_hosts:
-    aliases:
+      aliases:
-    - cname-to-minion.example.org
+      - cname-to-minion.example.org
-    - alias.example.org
+      - alias.example.org
-    hostnames: false
+      hostnames: false
-    include_localhost: false
+      include_localhost: false
-    mine_hostname_function: public_ssh_hostname
+      mine_hostname_function: public_ssh_hostname
-    mine_keys_function: public_ssh_host_keys
+      mine_keys_function: public_ssh_host_keys
-    omit_ip_address:
+      omit_ip_address:
-    - github.com
+      - github.com
-    salt_ssh:
+      salt_ssh:
-      public_ssh_host_keys:
+        public_ssh_host_keys:
-        minion.id: 'ssh-rsa [...]
+          minion.id: 'ssh-rsa [...]
 
-          ssh-ed25519 [...]
+            ssh-ed25519 [...]
-'
+  '
-      public_ssh_host_names:
+        public_ssh_host_names:
-        minion.id:
+          minion.id:
-        - minion.id
+          - minion.id
-        - alias.of.minion.id
+          - alias.of.minion.id
-      user: salt-master
+        user: salt-master
-    static:
+      static:
-      github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
-      gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
-    target: '*'
+      target: '*'
-    tgt_type: glob
+      tgt_type: glob
-  moduli: '# Time Type Tests Tries Size Generator Modulus
+    moduli: '# Time Type Tests Tries Size Generator Modulus
 
-    20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
 
-    20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
 
-    20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
 
-    20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
-'
+  '
-  provide_dsa_keys: false
+    provide_dsa_keys: false
-  provide_ecdsa_keys: false
+    provide_ecdsa_keys: false
-  provide_ed25519_keys: false
+    provide_ed25519_keys: false
-  provide_rsa_keys: false
+    provide_rsa_keys: false
-  root_group: root
+    root_group: root
-  rsa:
+    rsa:
-    private_key: '-----BEGIN RSA PRIVATE KEY-----
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END RSA PRIVATE KEY-----
+        -----END RSA PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-rsa NOT_DEFINED
+      public_key: 'ssh-rsa NOT_DEFINED
-'
+  '
-  server: openssh
+    server: openssh
-  server_version: latest
+    server_version: latest
-  service: sshd
+    service: sshd
-  ssh_config: /etc/ssh/ssh_config
+    ssh_config: /etc/ssh/ssh_config
-  ssh_config_backup: true
+    ssh_config_backup: true
-  ssh_config_group: root
+    ssh_config_group: root
-  ssh_config_mode: '644'
+    ssh_config_mode: '644'
-  ssh_config_src: ssh_config
+    ssh_config_src: ssh_config
-  ssh_config_user: root
+    ssh_config_user: root
-  ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
-  ssh_known_hosts_src: ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
-  ssh_moduli: /etc/ssh/moduli
+    ssh_moduli: /etc/ssh/moduli
-  sshd_binary: /usr/sbin/sshd
+    sshd_binary: /usr/sbin/sshd
-  sshd_config: /etc/ssh/sshd_config
+    sshd_config: /etc/ssh/sshd_config
-  sshd_config_backup: true
+    sshd_config_backup: true
-  sshd_config_group: root
+    sshd_config_group: root
-  sshd_config_mode: '644'
+    sshd_config_mode: '644'
-  sshd_config_src: sshd_config
+    sshd_config_src: sshd_config
-  sshd_config_user: root
+    sshd_config_user: root
-  sshd_enable: true
+    sshd_enable: true
-ssh_config:
+    tofs:
-  Hosts:
+      source_files:
-    '*':
+        manage ssh_known_hosts file:
-      GSSAPIAuthentication: 'yes'
+        - alt_ssh_known_hosts
-      HashKnownHosts: 'yes'
+        ssh_config:
-      SendEnv: LANG LC_*
+        - alt_ssh_config
-sshd_config:
+        sshd_banner:
-  AcceptEnv: LANG LC_*
+        - fire_banner
-  ChallengeResponseAuthentication: 'no'
+        sshd_config:
-  PrintMotd: 'no'
+        - alt_sshd_config
-  Subsystem: sftp /usr/lib/openssh/sftp-server
+  ssh_config:
-  UsePAM: 'yes'
+    Hosts:
-  X11Forwarding: 'yes'
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    PubkeyAcceptedAlgorithms: "+ssh-rsa"
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    UsePAM: 'yes'
+    X11Forwarding: 'yes'

test/integration/default/files/_mapdata/centos-6.yaml

@@ -1,166 +1,185 @@
 # yamllint disable rule:indentation rule:line-length
 # CentOS-6
 ---
-map_jinja:
+values:
-  config_get_roots:
+  map_jinja:
-  - openssh
+    sources:
-  - sshd_config
+    - Y:G@osarch
-  - ssh_config
+    - Y:G@os_family
-openssh:
+    - Y:G@os
-  absent_dsa_keys: false
+    - Y:G@osfinger
-  absent_ecdsa_keys: false
+    - C:SUB@openssh:lookup
-  absent_ed25519_keys: false
+    - C:SUB@openssh
-  absent_rsa_keys: false
+    - C:SUB@sshd_config:lookup
-  auth:
+    - C:SUB@sshd_config
-    joe-non-valid-ssh-key:
+    - C:SUB@ssh_config:lookup
-    - comment: obsolete key - removed
+    - C:SUB@ssh_config
-      enc: ssh-rsa
+    - Y:G@id
-      present: false
+  openssh:
-      source: salt://ssh_keys/joe.no-valid.pub
+    absent_dsa_keys: false
-      user: joe
+    absent_ecdsa_keys: false
-    joe-valid-ssh-key-desktop:
+    absent_ed25519_keys: false
-    - comment: main key - desktop
+    absent_rsa_keys: false
-      enc: ssh-rsa
+    auth:
-      present: true
+      joe-non-valid-ssh-key:
-      source: salt://ssh_keys/joe.desktop.pub
+      - comment: obsolete key - removed
-      user: joe
+        enc: ssh-rsa
-    joe-valid-ssh-key-notebook:
+        present: false
-    - comment: main key - notebook
+        source: salt://ssh_keys/joe.no-valid.pub
-      enc: ssh-rsa
+        user: joe
-      present: true
+      joe-valid-ssh-key-desktop:
-      source: salt://ssh_keys/joe.netbook.pub
+      - comment: main key - desktop
-      user: joe
+        enc: ssh-rsa
-  auth_map:
+        present: true
-    personal_keys:
+        source: salt://ssh_keys/joe.desktop.pub
-      source: salt://ssh_keys
+        user: joe
-      users:
+      joe-valid-ssh-key-notebook:
-        joe:
+      - comment: main key - notebook
-          joe.desktop: {}
+        enc: ssh-rsa
-          joe.netbook:
+        present: true
-            options: []
+        source: salt://ssh_keys/joe.netbook.pub
-          joe.no-valid:
+        user: joe
-            present: false
+    auth_map:
-  banner: /etc/ssh/banner
+      personal_keys:
-  banner_src: banner
+        source: salt://ssh_keys
-  banner_string: 'Welcome to %{hostname}!
+        users:
-'
+          joe:
-  client: openssh-clients
+            joe.desktop: {}
-  client_version: latest
+            joe.netbook:
-  dig_pkg: bind-utils
+              options: []
-  dsa:
+            joe.no-valid:
-    private_key: '-----BEGIN DSA PRIVATE KEY-----
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client: openssh-clients
+    client_version: latest
+    dig_pkg: bind-utils
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END DSA PRIVATE KEY-----
+        -----END DSA PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-dss NOT_DEFINED
+      public_key: 'ssh-dss NOT_DEFINED
-'
+  '
-  ecdsa:
+    ecdsa:
-    private_key: '-----BEGIN EC PRIVATE KEY-----
+      private_key: '-----BEGIN EC PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END EC PRIVATE KEY-----
+        -----END EC PRIVATE KEY-----
-'
+  '
-    public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
-'
+  '
-  ed25519:
+    ed25519:
-    private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END OPENSSH PRIVATE KEY-----
+        -----END OPENSSH PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-ed25519 NOT_DEFINED
+      public_key: 'ssh-ed25519 NOT_DEFINED
-'
+  '
-  enforce_rsa_size: false
+    enforce_rsa_size: false
-  generate_dsa_keys: false
+    generate_dsa_keys: false
-  generate_ecdsa_keys: false
+    generate_ecdsa_keys: false
-  generate_ed25519_keys: false
+    generate_ed25519_keys: false
-  generate_rsa_keys: false
+    generate_rsa_keys: false
-  generate_rsa_size: 4096
+    generate_rsa_size: 4096
-  host_key_algos: ecdsa,rsa
+    host_key_algos: ecdsa,rsa
-  known_hosts:
+    known_hosts:
-    aliases:
+      aliases:
-    - cname-to-minion.example.org
+      - cname-to-minion.example.org
-    - alias.example.org
+      - alias.example.org
-    hostnames: false
+      hostnames: false
-    include_localhost: false
+      include_localhost: false
-    mine_hostname_function: public_ssh_hostname
+      mine_hostname_function: public_ssh_hostname
-    mine_keys_function: public_ssh_host_keys
+      mine_keys_function: public_ssh_host_keys
-    omit_ip_address:
+      omit_ip_address:
-    - github.com
+      - github.com
-    salt_ssh:
+      salt_ssh:
-      public_ssh_host_keys:
+        public_ssh_host_keys:
-        minion.id: 'ssh-rsa [...]
+          minion.id: 'ssh-rsa [...]
 
-          ssh-ed25519 [...]
+            ssh-ed25519 [...]
-'
+  '
-      public_ssh_host_names:
+        public_ssh_host_names:
-        minion.id:
+          minion.id:
-        - minion.id
+          - minion.id
-        - alias.of.minion.id
+          - alias.of.minion.id
-      user: salt-master
+        user: salt-master
-    static:
+      static:
-      github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
-      gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
-    target: '*'
+      target: '*'
-    tgt_type: glob
+      tgt_type: glob
-  moduli: '# Time Type Tests Tries Size Generator Modulus
+    moduli: '# Time Type Tests Tries Size Generator Modulus
 
-    20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
 
-    20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
 
-    20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
 
-    20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
-'
+  '
-  provide_dsa_keys: false
+    provide_dsa_keys: false
-  provide_ecdsa_keys: false
+    provide_ecdsa_keys: false
-  provide_ed25519_keys: false
+    provide_ed25519_keys: false
-  provide_rsa_keys: false
+    provide_rsa_keys: false
-  root_group: root
+    root_group: root
-  rsa:
+    rsa:
-    private_key: '-----BEGIN RSA PRIVATE KEY-----
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END RSA PRIVATE KEY-----
+        -----END RSA PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-rsa NOT_DEFINED
+      public_key: 'ssh-rsa NOT_DEFINED
-'
+  '
-  server: openssh-server
+    server: openssh-server
-  server_version: latest
+    server_version: latest
-  service: sshd
+    service: sshd
-  ssh_config: /etc/ssh/ssh_config
+    ssh_config: /etc/ssh/ssh_config
-  ssh_config_backup: true
+    ssh_config_backup: true
-  ssh_config_group: root
+    ssh_config_group: root
-  ssh_config_mode: '644'
+    ssh_config_mode: '644'
-  ssh_config_src: ssh_config
+    ssh_config_src: ssh_config
-  ssh_config_user: root
+    ssh_config_user: root
-  ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
-  ssh_known_hosts_src: ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
-  ssh_moduli: /etc/ssh/moduli
+    ssh_moduli: /etc/ssh/moduli
-  sshd_binary: /usr/sbin/sshd
+    sshd_binary: /usr/sbin/sshd
-  sshd_config: /etc/ssh/sshd_config
+    sshd_config: /etc/ssh/sshd_config
-  sshd_config_backup: true
+    sshd_config_backup: true
-  sshd_config_group: root
+    sshd_config_group: root
-  sshd_config_mode: '644'
+    sshd_config_mode: '644'
-  sshd_config_src: sshd_config
+    sshd_config_src: sshd_config
-  sshd_config_user: root
+    sshd_config_user: root
-  sshd_enable: true
+    sshd_enable: true
-ssh_config:
+    tofs:
-  Hosts:
+      source_files:
-    '*':
+        manage ssh_known_hosts file:
-      GSSAPIAuthentication: 'yes'
+        - alt_ssh_known_hosts
-      HashKnownHosts: 'yes'
+        ssh_config:
-      SendEnv: LANG LC_*
+        - alt_ssh_config
-sshd_config:
+        sshd_banner:
-  AcceptEnv: LANG LC_*
+        - fire_banner
-  ChallengeResponseAuthentication: 'no'
+        sshd_config:
-  PrintMotd: 'no'
+        - alt_sshd_config
-  Subsystem: sftp /usr/lib/openssh/sftp-server
+  ssh_config:
-  UsePAM: 'yes'
+    Hosts:
-  X11Forwarding: 'yes'
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    UsePAM: 'yes'
+    X11Forwarding: 'yes'

test/integration/default/files/_mapdata/centos-7.yaml

@@ -1,166 +1,185 @@
 # yamllint disable rule:indentation rule:line-length
 # CentOS Linux-7
 ---
-map_jinja:
+values:
-  config_get_roots:
+  map_jinja:
-  - openssh
+    sources:
-  - sshd_config
+    - Y:G@osarch
-  - ssh_config
+    - Y:G@os_family
-openssh:
+    - Y:G@os
-  absent_dsa_keys: false
+    - Y:G@osfinger
-  absent_ecdsa_keys: false
+    - C:SUB@openssh:lookup
-  absent_ed25519_keys: false
+    - C:SUB@openssh
-  absent_rsa_keys: false
+    - C:SUB@sshd_config:lookup
-  auth:
+    - C:SUB@sshd_config
-    joe-non-valid-ssh-key:
+    - C:SUB@ssh_config:lookup
-    - comment: obsolete key - removed
+    - C:SUB@ssh_config
-      enc: ssh-rsa
+    - Y:G@id
-      present: false
+  openssh:
-      source: salt://ssh_keys/joe.no-valid.pub
+    absent_dsa_keys: false
-      user: joe
+    absent_ecdsa_keys: false
-    joe-valid-ssh-key-desktop:
+    absent_ed25519_keys: false
-    - comment: main key - desktop
+    absent_rsa_keys: false
-      enc: ssh-rsa
+    auth:
-      present: true
+      joe-non-valid-ssh-key:
-      source: salt://ssh_keys/joe.desktop.pub
+      - comment: obsolete key - removed
-      user: joe
+        enc: ssh-rsa
-    joe-valid-ssh-key-notebook:
+        present: false
-    - comment: main key - notebook
+        source: salt://ssh_keys/joe.no-valid.pub
-      enc: ssh-rsa
+        user: joe
-      present: true
+      joe-valid-ssh-key-desktop:
-      source: salt://ssh_keys/joe.netbook.pub
+      - comment: main key - desktop
-      user: joe
+        enc: ssh-rsa
-  auth_map:
+        present: true
-    personal_keys:
+        source: salt://ssh_keys/joe.desktop.pub
-      source: salt://ssh_keys
+        user: joe
-      users:
+      joe-valid-ssh-key-notebook:
-        joe:
+      - comment: main key - notebook
-          joe.desktop: {}
+        enc: ssh-rsa
-          joe.netbook:
+        present: true
-            options: []
+        source: salt://ssh_keys/joe.netbook.pub
-          joe.no-valid:
+        user: joe
-            present: false
+    auth_map:
-  banner: /etc/ssh/banner
+      personal_keys:
-  banner_src: banner
+        source: salt://ssh_keys
-  banner_string: 'Welcome to %{hostname}!
+        users:
-'
+          joe:
-  client: openssh-clients
+            joe.desktop: {}
-  client_version: latest
+            joe.netbook:
-  dig_pkg: bind-utils
+              options: []
-  dsa:
+            joe.no-valid:
-    private_key: '-----BEGIN DSA PRIVATE KEY-----
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client: openssh-clients
+    client_version: latest
+    dig_pkg: bind-utils
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END DSA PRIVATE KEY-----
+        -----END DSA PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-dss NOT_DEFINED
+      public_key: 'ssh-dss NOT_DEFINED
-'
+  '
-  ecdsa:
+    ecdsa:
-    private_key: '-----BEGIN EC PRIVATE KEY-----
+      private_key: '-----BEGIN EC PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END EC PRIVATE KEY-----
+        -----END EC PRIVATE KEY-----
-'
+  '
-    public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
-'
+  '
-  ed25519:
+    ed25519:
-    private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END OPENSSH PRIVATE KEY-----
+        -----END OPENSSH PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-ed25519 NOT_DEFINED
+      public_key: 'ssh-ed25519 NOT_DEFINED
-'
+  '
-  enforce_rsa_size: false
+    enforce_rsa_size: false
-  generate_dsa_keys: false
+    generate_dsa_keys: false
-  generate_ecdsa_keys: false
+    generate_ecdsa_keys: false
-  generate_ed25519_keys: false
+    generate_ed25519_keys: false
-  generate_rsa_keys: false
+    generate_rsa_keys: false
-  generate_rsa_size: 4096
+    generate_rsa_size: 4096
-  host_key_algos: ecdsa,ed25519,rsa
+    host_key_algos: ecdsa,ed25519,rsa
-  known_hosts:
+    known_hosts:
-    aliases:
+      aliases:
-    - cname-to-minion.example.org
+      - cname-to-minion.example.org
-    - alias.example.org
+      - alias.example.org
-    hostnames: false
+      hostnames: false
-    include_localhost: false
+      include_localhost: false
-    mine_hostname_function: public_ssh_hostname
+      mine_hostname_function: public_ssh_hostname
-    mine_keys_function: public_ssh_host_keys
+      mine_keys_function: public_ssh_host_keys
-    omit_ip_address:
+      omit_ip_address:
-    - github.com
+      - github.com
-    salt_ssh:
+      salt_ssh:
-      public_ssh_host_keys:
+        public_ssh_host_keys:
-        minion.id: 'ssh-rsa [...]
+          minion.id: 'ssh-rsa [...]
 
-          ssh-ed25519 [...]
+            ssh-ed25519 [...]
-'
+  '
-      public_ssh_host_names:
+        public_ssh_host_names:
-        minion.id:
+          minion.id:
-        - minion.id
+          - minion.id
-        - alias.of.minion.id
+          - alias.of.minion.id
-      user: salt-master
+        user: salt-master
-    static:
+      static:
-      github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
-      gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
-    target: '*'
+      target: '*'
-    tgt_type: glob
+      tgt_type: glob
-  moduli: '# Time Type Tests Tries Size Generator Modulus
+    moduli: '# Time Type Tests Tries Size Generator Modulus
 
-    20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
 
-    20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
 
-    20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
 
-    20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
-'
+  '
-  provide_dsa_keys: false
+    provide_dsa_keys: false
-  provide_ecdsa_keys: false
+    provide_ecdsa_keys: false
-  provide_ed25519_keys: false
+    provide_ed25519_keys: false
-  provide_rsa_keys: false
+    provide_rsa_keys: false
-  root_group: root
+    root_group: root
-  rsa:
+    rsa:
-    private_key: '-----BEGIN RSA PRIVATE KEY-----
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END RSA PRIVATE KEY-----
+        -----END RSA PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-rsa NOT_DEFINED
+      public_key: 'ssh-rsa NOT_DEFINED
-'
+  '
-  server: openssh-server
+    server: openssh-server
-  server_version: latest
+    server_version: latest
-  service: sshd
+    service: sshd
-  ssh_config: /etc/ssh/ssh_config
+    ssh_config: /etc/ssh/ssh_config
-  ssh_config_backup: true
+    ssh_config_backup: true
-  ssh_config_group: root
+    ssh_config_group: root
-  ssh_config_mode: '644'
+    ssh_config_mode: '644'
-  ssh_config_src: ssh_config
+    ssh_config_src: ssh_config
-  ssh_config_user: root
+    ssh_config_user: root
-  ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
-  ssh_known_hosts_src: ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
-  ssh_moduli: /etc/ssh/moduli
+    ssh_moduli: /etc/ssh/moduli
-  sshd_binary: /usr/sbin/sshd
+    sshd_binary: /usr/sbin/sshd
-  sshd_config: /etc/ssh/sshd_config
+    sshd_config: /etc/ssh/sshd_config
-  sshd_config_backup: true
+    sshd_config_backup: true
-  sshd_config_group: root
+    sshd_config_group: root
-  sshd_config_mode: '644'
+    sshd_config_mode: '644'
-  sshd_config_src: sshd_config
+    sshd_config_src: sshd_config
-  sshd_config_user: root
+    sshd_config_user: root
-  sshd_enable: true
+    sshd_enable: true
-ssh_config:
+    tofs:
-  Hosts:
+      source_files:
-    '*':
+        manage ssh_known_hosts file:
-      GSSAPIAuthentication: 'yes'
+        - alt_ssh_known_hosts
-      HashKnownHosts: 'yes'
+        ssh_config:
-      SendEnv: LANG LC_*
+        - alt_ssh_config
-sshd_config:
+        sshd_banner:
-  AcceptEnv: LANG LC_*
+        - fire_banner
-  ChallengeResponseAuthentication: 'no'
+        sshd_config:
-  PrintMotd: 'no'
+        - alt_sshd_config
-  Subsystem: sftp /usr/lib/openssh/sftp-server
+  ssh_config:
-  UsePAM: 'yes'
+    Hosts:
-  X11Forwarding: 'yes'
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    UsePAM: 'yes'
+    X11Forwarding: 'yes'

test/integration/default/files/_mapdata/centos-8.yaml

@@ -1,166 +1,185 @@
 # yamllint disable rule:indentation rule:line-length
 # CentOS Linux-8
 ---
-map_jinja:
+values:
-  config_get_roots:
+  map_jinja:
-  - openssh
+    sources:
-  - sshd_config
+    - Y:G@osarch
-  - ssh_config
+    - Y:G@os_family
-openssh:
+    - Y:G@os
-  absent_dsa_keys: false
+    - Y:G@osfinger
-  absent_ecdsa_keys: false
+    - C:SUB@openssh:lookup
-  absent_ed25519_keys: false
+    - C:SUB@openssh
-  absent_rsa_keys: false
+    - C:SUB@sshd_config:lookup
-  auth:
+    - C:SUB@sshd_config
-    joe-non-valid-ssh-key:
+    - C:SUB@ssh_config:lookup
-    - comment: obsolete key - removed
+    - C:SUB@ssh_config
-      enc: ssh-rsa
+    - Y:G@id
-      present: false
+  openssh:
-      source: salt://ssh_keys/joe.no-valid.pub
+    absent_dsa_keys: false
-      user: joe
+    absent_ecdsa_keys: false
-    joe-valid-ssh-key-desktop:
+    absent_ed25519_keys: false
-    - comment: main key - desktop
+    absent_rsa_keys: false
-      enc: ssh-rsa
+    auth:
-      present: true
+      joe-non-valid-ssh-key:
-      source: salt://ssh_keys/joe.desktop.pub
+      - comment: obsolete key - removed
-      user: joe
+        enc: ssh-rsa
-    joe-valid-ssh-key-notebook:
+        present: false
-    - comment: main key - notebook
+        source: salt://ssh_keys/joe.no-valid.pub
-      enc: ssh-rsa
+        user: joe
-      present: true
+      joe-valid-ssh-key-desktop:
-      source: salt://ssh_keys/joe.netbook.pub
+      - comment: main key - desktop
-      user: joe
+        enc: ssh-rsa
-  auth_map:
+        present: true
-    personal_keys:
+        source: salt://ssh_keys/joe.desktop.pub
-      source: salt://ssh_keys
+        user: joe
-      users:
+      joe-valid-ssh-key-notebook:
-        joe:
+      - comment: main key - notebook
-          joe.desktop: {}
+        enc: ssh-rsa
-          joe.netbook:
+        present: true
-            options: []
+        source: salt://ssh_keys/joe.netbook.pub
-          joe.no-valid:
+        user: joe
-            present: false
+    auth_map:
-  banner: /etc/ssh/banner
+      personal_keys:
-  banner_src: banner
+        source: salt://ssh_keys
-  banner_string: 'Welcome to %{hostname}!
+        users:
-'
+          joe:
-  client: openssh-clients
+            joe.desktop: {}
-  client_version: latest
+            joe.netbook:
-  dig_pkg: bind-utils
+              options: []
-  dsa:
+            joe.no-valid:
-    private_key: '-----BEGIN DSA PRIVATE KEY-----
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client: openssh-clients
+    client_version: latest
+    dig_pkg: bind-utils
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END DSA PRIVATE KEY-----
+        -----END DSA PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-dss NOT_DEFINED
+      public_key: 'ssh-dss NOT_DEFINED
-'
+  '
-  ecdsa:
+    ecdsa:
-    private_key: '-----BEGIN EC PRIVATE KEY-----
+      private_key: '-----BEGIN EC PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END EC PRIVATE KEY-----
+        -----END EC PRIVATE KEY-----
-'
+  '
-    public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
-'
+  '
-  ed25519:
+    ed25519:
-    private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END OPENSSH PRIVATE KEY-----
+        -----END OPENSSH PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-ed25519 NOT_DEFINED
+      public_key: 'ssh-ed25519 NOT_DEFINED
-'
+  '
-  enforce_rsa_size: false
+    enforce_rsa_size: false
-  generate_dsa_keys: false
+    generate_dsa_keys: false
-  generate_ecdsa_keys: false
+    generate_ecdsa_keys: false
-  generate_ed25519_keys: false
+    generate_ed25519_keys: false
-  generate_rsa_keys: false
+    generate_rsa_keys: false
-  generate_rsa_size: 4096
+    generate_rsa_size: 4096
-  host_key_algos: ecdsa,ed25519,rsa
+    host_key_algos: ecdsa,ed25519,rsa
-  known_hosts:
+    known_hosts:
-    aliases:
+      aliases:
-    - cname-to-minion.example.org
+      - cname-to-minion.example.org
-    - alias.example.org
+      - alias.example.org
-    hostnames: false
+      hostnames: false
-    include_localhost: false
+      include_localhost: false
-    mine_hostname_function: public_ssh_hostname
+      mine_hostname_function: public_ssh_hostname
-    mine_keys_function: public_ssh_host_keys
+      mine_keys_function: public_ssh_host_keys
-    omit_ip_address:
+      omit_ip_address:
-    - github.com
+      - github.com
-    salt_ssh:
+      salt_ssh:
-      public_ssh_host_keys:
+        public_ssh_host_keys:
-        minion.id: 'ssh-rsa [...]
+          minion.id: 'ssh-rsa [...]
 
-          ssh-ed25519 [...]
+            ssh-ed25519 [...]
-'
+  '
-      public_ssh_host_names:
+        public_ssh_host_names:
-        minion.id:
+          minion.id:
-        - minion.id
+          - minion.id
-        - alias.of.minion.id
+          - alias.of.minion.id
-      user: salt-master
+        user: salt-master
-    static:
+      static:
-      github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
-      gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
-    target: '*'
+      target: '*'
-    tgt_type: glob
+      tgt_type: glob
-  moduli: '# Time Type Tests Tries Size Generator Modulus
+    moduli: '# Time Type Tests Tries Size Generator Modulus
 
-    20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
 
-    20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
 
-    20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
 
-    20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
-'
+  '
-  provide_dsa_keys: false
+    provide_dsa_keys: false
-  provide_ecdsa_keys: false
+    provide_ecdsa_keys: false
-  provide_ed25519_keys: false
+    provide_ed25519_keys: false
-  provide_rsa_keys: false
+    provide_rsa_keys: false
-  root_group: root
+    root_group: root
-  rsa:
+    rsa:
-    private_key: '-----BEGIN RSA PRIVATE KEY-----
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END RSA PRIVATE KEY-----
+        -----END RSA PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-rsa NOT_DEFINED
+      public_key: 'ssh-rsa NOT_DEFINED
-'
+  '
-  server: openssh-server
+    server: openssh-server
-  server_version: latest
+    server_version: latest
-  service: sshd
+    service: sshd
-  ssh_config: /etc/ssh/ssh_config
+    ssh_config: /etc/ssh/ssh_config
-  ssh_config_backup: true
+    ssh_config_backup: true
-  ssh_config_group: root
+    ssh_config_group: root
-  ssh_config_mode: '644'
+    ssh_config_mode: '644'
-  ssh_config_src: ssh_config
+    ssh_config_src: ssh_config
-  ssh_config_user: root
+    ssh_config_user: root
-  ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
-  ssh_known_hosts_src: ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
-  ssh_moduli: /etc/ssh/moduli
+    ssh_moduli: /etc/ssh/moduli
-  sshd_binary: /usr/sbin/sshd
+    sshd_binary: /usr/sbin/sshd
-  sshd_config: /etc/ssh/sshd_config
+    sshd_config: /etc/ssh/sshd_config
-  sshd_config_backup: true
+    sshd_config_backup: true
-  sshd_config_group: root
+    sshd_config_group: root
-  sshd_config_mode: '644'
+    sshd_config_mode: '644'
-  sshd_config_src: sshd_config
+    sshd_config_src: sshd_config
-  sshd_config_user: root
+    sshd_config_user: root
-  sshd_enable: true
+    sshd_enable: true
-ssh_config:
+    tofs:
-  Hosts:
+      source_files:
-    '*':
+        manage ssh_known_hosts file:
-      GSSAPIAuthentication: 'yes'
+        - alt_ssh_known_hosts
-      HashKnownHosts: 'yes'
+        ssh_config:
-      SendEnv: LANG LC_*
+        - alt_ssh_config
-sshd_config:
+        sshd_banner:
-  AcceptEnv: LANG LC_*
+        - fire_banner
-  ChallengeResponseAuthentication: 'no'
+        sshd_config:
-  PrintMotd: 'no'
+        - alt_sshd_config
-  Subsystem: sftp /usr/lib/openssh/sftp-server
+  ssh_config:
-  UsePAM: 'yes'
+    Hosts:
-  X11Forwarding: 'yes'
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    UsePAM: 'yes'
+    X11Forwarding: 'yes'

test/integration/default/files/_mapdata/debian-10.yaml

@@ -1,166 +1,185 @@
 # yamllint disable rule:indentation rule:line-length
 # Debian-10
 ---
-map_jinja:
+values:
-  config_get_roots:
+  map_jinja:
-  - openssh
+    sources:
-  - sshd_config
+    - Y:G@osarch
-  - ssh_config
+    - Y:G@os_family
-openssh:
+    - Y:G@os
-  absent_dsa_keys: false
+    - Y:G@osfinger
-  absent_ecdsa_keys: false
+    - C:SUB@openssh:lookup
-  absent_ed25519_keys: false
+    - C:SUB@openssh
-  absent_rsa_keys: false
+    - C:SUB@sshd_config:lookup
-  auth:
+    - C:SUB@sshd_config
-    joe-non-valid-ssh-key:
+    - C:SUB@ssh_config:lookup
-    - comment: obsolete key - removed
+    - C:SUB@ssh_config
-      enc: ssh-rsa
+    - Y:G@id
-      present: false
+  openssh:
-      source: salt://ssh_keys/joe.no-valid.pub
+    absent_dsa_keys: false
-      user: joe
+    absent_ecdsa_keys: false
-    joe-valid-ssh-key-desktop:
+    absent_ed25519_keys: false
-    - comment: main key - desktop
+    absent_rsa_keys: false
-      enc: ssh-rsa
+    auth:
-      present: true
+      joe-non-valid-ssh-key:
-      source: salt://ssh_keys/joe.desktop.pub
+      - comment: obsolete key - removed
-      user: joe
+        enc: ssh-rsa
-    joe-valid-ssh-key-notebook:
+        present: false
-    - comment: main key - notebook
+        source: salt://ssh_keys/joe.no-valid.pub
-      enc: ssh-rsa
+        user: joe
-      present: true
+      joe-valid-ssh-key-desktop:
-      source: salt://ssh_keys/joe.netbook.pub
+      - comment: main key - desktop
-      user: joe
+        enc: ssh-rsa
-  auth_map:
+        present: true
-    personal_keys:
+        source: salt://ssh_keys/joe.desktop.pub
-      source: salt://ssh_keys
+        user: joe
-      users:
+      joe-valid-ssh-key-notebook:
-        joe:
+      - comment: main key - notebook
-          joe.desktop: {}
+        enc: ssh-rsa
-          joe.netbook:
+        present: true
-            options: []
+        source: salt://ssh_keys/joe.netbook.pub
-          joe.no-valid:
+        user: joe
-            present: false
+    auth_map:
-  banner: /etc/ssh/banner
+      personal_keys:
-  banner_src: banner
+        source: salt://ssh_keys
-  banner_string: 'Welcome to %{hostname}!
+        users:
-'
+          joe:
-  client: openssh-client
+            joe.desktop: {}
-  client_version: latest
+            joe.netbook:
-  dig_pkg: dnsutils
+              options: []
-  dsa:
+            joe.no-valid:
-    private_key: '-----BEGIN DSA PRIVATE KEY-----
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client: openssh-client
+    client_version: latest
+    dig_pkg: dnsutils
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END DSA PRIVATE KEY-----
+        -----END DSA PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-dss NOT_DEFINED
+      public_key: 'ssh-dss NOT_DEFINED
-'
+  '
-  ecdsa:
+    ecdsa:
-    private_key: '-----BEGIN EC PRIVATE KEY-----
+      private_key: '-----BEGIN EC PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END EC PRIVATE KEY-----
+        -----END EC PRIVATE KEY-----
-'
+  '
-    public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
-'
+  '
-  ed25519:
+    ed25519:
-    private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END OPENSSH PRIVATE KEY-----
+        -----END OPENSSH PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-ed25519 NOT_DEFINED
+      public_key: 'ssh-ed25519 NOT_DEFINED
-'
+  '
-  enforce_rsa_size: false
+    enforce_rsa_size: false
-  generate_dsa_keys: false
+    generate_dsa_keys: false
-  generate_ecdsa_keys: false
+    generate_ecdsa_keys: false
-  generate_ed25519_keys: false
+    generate_ed25519_keys: false
-  generate_rsa_keys: false
+    generate_rsa_keys: false
-  generate_rsa_size: 4096
+    generate_rsa_size: 4096
-  host_key_algos: ecdsa,ed25519,rsa
+    host_key_algos: ecdsa,ed25519,rsa
-  known_hosts:
+    known_hosts:
-    aliases:
+      aliases:
-    - cname-to-minion.example.org
+      - cname-to-minion.example.org
-    - alias.example.org
+      - alias.example.org
-    hostnames: false
+      hostnames: false
-    include_localhost: false
+      include_localhost: false
-    mine_hostname_function: public_ssh_hostname
+      mine_hostname_function: public_ssh_hostname
-    mine_keys_function: public_ssh_host_keys
+      mine_keys_function: public_ssh_host_keys
-    omit_ip_address:
+      omit_ip_address:
-    - github.com
+      - github.com
-    salt_ssh:
+      salt_ssh:
-      public_ssh_host_keys:
+        public_ssh_host_keys:
-        minion.id: 'ssh-rsa [...]
+          minion.id: 'ssh-rsa [...]
 
-          ssh-ed25519 [...]
+            ssh-ed25519 [...]
-'
+  '
-      public_ssh_host_names:
+        public_ssh_host_names:
-        minion.id:
+          minion.id:
-        - minion.id
+          - minion.id
-        - alias.of.minion.id
+          - alias.of.minion.id
-      user: salt-master
+        user: salt-master
-    static:
+      static:
-      github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
-      gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
-    target: '*'
+      target: '*'
-    tgt_type: glob
+      tgt_type: glob
-  moduli: '# Time Type Tests Tries Size Generator Modulus
+    moduli: '# Time Type Tests Tries Size Generator Modulus
 
-    20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
 
-    20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
 
-    20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
 
-    20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
-'
+  '
-  provide_dsa_keys: false
+    provide_dsa_keys: false
-  provide_ecdsa_keys: false
+    provide_ecdsa_keys: false
-  provide_ed25519_keys: false
+    provide_ed25519_keys: false
-  provide_rsa_keys: false
+    provide_rsa_keys: false
-  root_group: root
+    root_group: root
-  rsa:
+    rsa:
-    private_key: '-----BEGIN RSA PRIVATE KEY-----
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END RSA PRIVATE KEY-----
+        -----END RSA PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-rsa NOT_DEFINED
+      public_key: 'ssh-rsa NOT_DEFINED
-'
+  '
-  server: openssh-server
+    server: openssh-server
-  server_version: latest
+    server_version: latest
-  service: ssh
+    service: ssh
-  ssh_config: /etc/ssh/ssh_config
+    ssh_config: /etc/ssh/ssh_config
-  ssh_config_backup: true
+    ssh_config_backup: true
-  ssh_config_group: root
+    ssh_config_group: root
-  ssh_config_mode: '644'
+    ssh_config_mode: '644'
-  ssh_config_src: ssh_config
+    ssh_config_src: ssh_config
-  ssh_config_user: root
+    ssh_config_user: root
-  ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
-  ssh_known_hosts_src: ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
-  ssh_moduli: /etc/ssh/moduli
+    ssh_moduli: /etc/ssh/moduli
-  sshd_binary: /usr/sbin/sshd
+    sshd_binary: /usr/sbin/sshd
-  sshd_config: /etc/ssh/sshd_config
+    sshd_config: /etc/ssh/sshd_config
-  sshd_config_backup: true
+    sshd_config_backup: true
-  sshd_config_group: root
+    sshd_config_group: root
-  sshd_config_mode: '644'
+    sshd_config_mode: '644'
-  sshd_config_src: sshd_config
+    sshd_config_src: sshd_config
-  sshd_config_user: root
+    sshd_config_user: root
-  sshd_enable: true
+    sshd_enable: true
-ssh_config:
+    tofs:
-  Hosts:
+      source_files:
-    '*':
+        manage ssh_known_hosts file:
-      GSSAPIAuthentication: 'yes'
+        - alt_ssh_known_hosts
-      HashKnownHosts: 'yes'
+        ssh_config:
-      SendEnv: LANG LC_*
+        - alt_ssh_config
-sshd_config:
+        sshd_banner:
-  AcceptEnv: LANG LC_*
+        - fire_banner
-  ChallengeResponseAuthentication: 'no'
+        sshd_config:
-  PrintMotd: 'no'
+        - alt_sshd_config
-  Subsystem: sftp /usr/lib/openssh/sftp-server
+  ssh_config:
-  UsePAM: 'yes'
+    Hosts:
-  X11Forwarding: 'yes'
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    UsePAM: 'yes'
+    X11Forwarding: 'yes'

test/integration/default/files/_mapdata/debian-11.yaml

@@ -0,0 +1,185 @@
+# yamllint disable rule:indentation rule:line-length
+# Debian-11
+---
+values:
+  map_jinja:
+    sources:
+    - Y:G@osarch
+    - Y:G@os_family
+    - Y:G@os
+    - Y:G@osfinger
+    - C:SUB@openssh:lookup
+    - C:SUB@openssh
+    - C:SUB@sshd_config:lookup
+    - C:SUB@sshd_config
+    - C:SUB@ssh_config:lookup
+    - C:SUB@ssh_config
+    - Y:G@id
+  openssh:
+    absent_dsa_keys: false
+    absent_ecdsa_keys: false
+    absent_ed25519_keys: false
+    absent_rsa_keys: false
+    auth:
+      joe-non-valid-ssh-key:
+      - comment: obsolete key - removed
+        enc: ssh-rsa
+        present: false
+        source: salt://ssh_keys/joe.no-valid.pub
+        user: joe
+      joe-valid-ssh-key-desktop:
+      - comment: main key - desktop
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.desktop.pub
+        user: joe
+      joe-valid-ssh-key-notebook:
+      - comment: main key - notebook
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.netbook.pub
+        user: joe
+    auth_map:
+      personal_keys:
+        source: salt://ssh_keys
+        users:
+          joe:
+            joe.desktop: {}
+            joe.netbook:
+              options: []
+            joe.no-valid:
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client: openssh-client
+    client_version: latest
+    dig_pkg: dnsutils
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END DSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-dss NOT_DEFINED
+  '
+    ecdsa:
+      private_key: '-----BEGIN EC PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END EC PRIVATE KEY-----
+  '
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+  '
+    ed25519:
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END OPENSSH PRIVATE KEY-----
+  '
+      public_key: 'ssh-ed25519 NOT_DEFINED
+  '
+    enforce_rsa_size: false
+    generate_dsa_keys: false
+    generate_ecdsa_keys: false
+    generate_ed25519_keys: false
+    generate_rsa_keys: false
+    generate_rsa_size: 4096
+    host_key_algos: ecdsa,ed25519,rsa
+    known_hosts:
+      aliases:
+      - cname-to-minion.example.org
+      - alias.example.org
+      hostnames: false
+      include_localhost: false
+      mine_hostname_function: public_ssh_hostname
+      mine_keys_function: public_ssh_host_keys
+      omit_ip_address:
+      - github.com
+      salt_ssh:
+        public_ssh_host_keys:
+          minion.id: 'ssh-rsa [...]
+
+            ssh-ed25519 [...]
+  '
+        public_ssh_host_names:
+          minion.id:
+          - minion.id
+          - alias.of.minion.id
+        user: salt-master
+      static:
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+      target: '*'
+      tgt_type: glob
+    moduli: '# Time Type Tests Tries Size Generator Modulus
+
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+  '
+    provide_dsa_keys: false
+    provide_ecdsa_keys: false
+    provide_ed25519_keys: false
+    provide_rsa_keys: false
+    root_group: root
+    rsa:
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END RSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-rsa NOT_DEFINED
+  '
+    server: openssh-server
+    server_version: latest
+    service: ssh
+    ssh_config: /etc/ssh/ssh_config
+    ssh_config_backup: true
+    ssh_config_group: root
+    ssh_config_mode: '644'
+    ssh_config_src: ssh_config
+    ssh_config_user: root
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
+    ssh_moduli: /etc/ssh/moduli
+    sshd_binary: /usr/sbin/sshd
+    sshd_config: /etc/ssh/sshd_config
+    sshd_config_backup: true
+    sshd_config_group: root
+    sshd_config_mode: '644'
+    sshd_config_src: sshd_config
+    sshd_config_user: root
+    sshd_enable: true
+    tofs:
+      source_files:
+        manage ssh_known_hosts file:
+        - alt_ssh_known_hosts
+        ssh_config:
+        - alt_ssh_config
+        sshd_banner:
+        - fire_banner
+        sshd_config:
+        - alt_sshd_config
+  ssh_config:
+    Hosts:
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    UsePAM: 'yes'
+    X11Forwarding: 'yes'

test/integration/default/files/_mapdata/debian-9.yaml

@@ -1,166 +1,185 @@
 # yamllint disable rule:indentation rule:line-length
 # Debian-9
 ---
-map_jinja:
+values:
-  config_get_roots:
+  map_jinja:
-  - openssh
+    sources:
-  - sshd_config
+    - Y:G@osarch
-  - ssh_config
+    - Y:G@os_family
-openssh:
+    - Y:G@os
-  absent_dsa_keys: false
+    - Y:G@osfinger
-  absent_ecdsa_keys: false
+    - C:SUB@openssh:lookup
-  absent_ed25519_keys: false
+    - C:SUB@openssh
-  absent_rsa_keys: false
+    - C:SUB@sshd_config:lookup
-  auth:
+    - C:SUB@sshd_config
-    joe-non-valid-ssh-key:
+    - C:SUB@ssh_config:lookup
-    - comment: obsolete key - removed
+    - C:SUB@ssh_config
-      enc: ssh-rsa
+    - Y:G@id
-      present: false
+  openssh:
-      source: salt://ssh_keys/joe.no-valid.pub
+    absent_dsa_keys: false
-      user: joe
+    absent_ecdsa_keys: false
-    joe-valid-ssh-key-desktop:
+    absent_ed25519_keys: false
-    - comment: main key - desktop
+    absent_rsa_keys: false
-      enc: ssh-rsa
+    auth:
-      present: true
+      joe-non-valid-ssh-key:
-      source: salt://ssh_keys/joe.desktop.pub
+      - comment: obsolete key - removed
-      user: joe
+        enc: ssh-rsa
-    joe-valid-ssh-key-notebook:
+        present: false
-    - comment: main key - notebook
+        source: salt://ssh_keys/joe.no-valid.pub
-      enc: ssh-rsa
+        user: joe
-      present: true
+      joe-valid-ssh-key-desktop:
-      source: salt://ssh_keys/joe.netbook.pub
+      - comment: main key - desktop
-      user: joe
+        enc: ssh-rsa
-  auth_map:
+        present: true
-    personal_keys:
+        source: salt://ssh_keys/joe.desktop.pub
-      source: salt://ssh_keys
+        user: joe
-      users:
+      joe-valid-ssh-key-notebook:
-        joe:
+      - comment: main key - notebook
-          joe.desktop: {}
+        enc: ssh-rsa
-          joe.netbook:
+        present: true
-            options: []
+        source: salt://ssh_keys/joe.netbook.pub
-          joe.no-valid:
+        user: joe
-            present: false
+    auth_map:
-  banner: /etc/ssh/banner
+      personal_keys:
-  banner_src: banner
+        source: salt://ssh_keys
-  banner_string: 'Welcome to %{hostname}!
+        users:
-'
+          joe:
-  client: openssh-client
+            joe.desktop: {}
-  client_version: latest
+            joe.netbook:
-  dig_pkg: dnsutils
+              options: []
-  dsa:
+            joe.no-valid:
-    private_key: '-----BEGIN DSA PRIVATE KEY-----
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client: openssh-client
+    client_version: latest
+    dig_pkg: dnsutils
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END DSA PRIVATE KEY-----
+        -----END DSA PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-dss NOT_DEFINED
+      public_key: 'ssh-dss NOT_DEFINED
-'
+  '
-  ecdsa:
+    ecdsa:
-    private_key: '-----BEGIN EC PRIVATE KEY-----
+      private_key: '-----BEGIN EC PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END EC PRIVATE KEY-----
+        -----END EC PRIVATE KEY-----
-'
+  '
-    public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
-'
+  '
-  ed25519:
+    ed25519:
-    private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END OPENSSH PRIVATE KEY-----
+        -----END OPENSSH PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-ed25519 NOT_DEFINED
+      public_key: 'ssh-ed25519 NOT_DEFINED
-'
+  '
-  enforce_rsa_size: false
+    enforce_rsa_size: false
-  generate_dsa_keys: false
+    generate_dsa_keys: false
-  generate_ecdsa_keys: false
+    generate_ecdsa_keys: false
-  generate_ed25519_keys: false
+    generate_ed25519_keys: false
-  generate_rsa_keys: false
+    generate_rsa_keys: false
-  generate_rsa_size: 4096
+    generate_rsa_size: 4096
-  host_key_algos: ecdsa,ed25519,rsa
+    host_key_algos: ecdsa,ed25519,rsa
-  known_hosts:
+    known_hosts:
-    aliases:
+      aliases:
-    - cname-to-minion.example.org
+      - cname-to-minion.example.org
-    - alias.example.org
+      - alias.example.org
-    hostnames: false
+      hostnames: false
-    include_localhost: false
+      include_localhost: false
-    mine_hostname_function: public_ssh_hostname
+      mine_hostname_function: public_ssh_hostname
-    mine_keys_function: public_ssh_host_keys
+      mine_keys_function: public_ssh_host_keys
-    omit_ip_address:
+      omit_ip_address:
-    - github.com
+      - github.com
-    salt_ssh:
+      salt_ssh:
-      public_ssh_host_keys:
+        public_ssh_host_keys:
-        minion.id: 'ssh-rsa [...]
+          minion.id: 'ssh-rsa [...]
 
-          ssh-ed25519 [...]
+            ssh-ed25519 [...]
-'
+  '
-      public_ssh_host_names:
+        public_ssh_host_names:
-        minion.id:
+          minion.id:
-        - minion.id
+          - minion.id
-        - alias.of.minion.id
+          - alias.of.minion.id
-      user: salt-master
+        user: salt-master
-    static:
+      static:
-      github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
-      gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
-    target: '*'
+      target: '*'
-    tgt_type: glob
+      tgt_type: glob
-  moduli: '# Time Type Tests Tries Size Generator Modulus
+    moduli: '# Time Type Tests Tries Size Generator Modulus
 
-    20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
 
-    20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
 
-    20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
 
-    20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
-'
+  '
-  provide_dsa_keys: false
+    provide_dsa_keys: false
-  provide_ecdsa_keys: false
+    provide_ecdsa_keys: false
-  provide_ed25519_keys: false
+    provide_ed25519_keys: false
-  provide_rsa_keys: false
+    provide_rsa_keys: false
-  root_group: root
+    root_group: root
-  rsa:
+    rsa:
-    private_key: '-----BEGIN RSA PRIVATE KEY-----
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END RSA PRIVATE KEY-----
+        -----END RSA PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-rsa NOT_DEFINED
+      public_key: 'ssh-rsa NOT_DEFINED
-'
+  '
-  server: openssh-server
+    server: openssh-server
-  server_version: latest
+    server_version: latest
-  service: ssh
+    service: ssh
-  ssh_config: /etc/ssh/ssh_config
+    ssh_config: /etc/ssh/ssh_config
-  ssh_config_backup: true
+    ssh_config_backup: true
-  ssh_config_group: root
+    ssh_config_group: root
-  ssh_config_mode: '644'
+    ssh_config_mode: '644'
-  ssh_config_src: ssh_config
+    ssh_config_src: ssh_config
-  ssh_config_user: root
+    ssh_config_user: root
-  ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
-  ssh_known_hosts_src: ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
-  ssh_moduli: /etc/ssh/moduli
+    ssh_moduli: /etc/ssh/moduli
-  sshd_binary: /usr/sbin/sshd
+    sshd_binary: /usr/sbin/sshd
-  sshd_config: /etc/ssh/sshd_config
+    sshd_config: /etc/ssh/sshd_config
-  sshd_config_backup: true
+    sshd_config_backup: true
-  sshd_config_group: root
+    sshd_config_group: root
-  sshd_config_mode: '644'
+    sshd_config_mode: '644'
-  sshd_config_src: sshd_config
+    sshd_config_src: sshd_config
-  sshd_config_user: root
+    sshd_config_user: root
-  sshd_enable: true
+    sshd_enable: true
-ssh_config:
+    tofs:
-  Hosts:
+      source_files:
-    '*':
+        manage ssh_known_hosts file:
-      GSSAPIAuthentication: 'yes'
+        - alt_ssh_known_hosts
-      HashKnownHosts: 'yes'
+        ssh_config:
-      SendEnv: LANG LC_*
+        - alt_ssh_config
-sshd_config:
+        sshd_banner:
-  AcceptEnv: LANG LC_*
+        - fire_banner
-  ChallengeResponseAuthentication: 'no'
+        sshd_config:
-  PrintMotd: 'no'
+        - alt_sshd_config
-  Subsystem: sftp /usr/lib/openssh/sftp-server
+  ssh_config:
-  UsePAM: 'yes'
+    Hosts:
-  X11Forwarding: 'yes'
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    UsePAM: 'yes'
+    X11Forwarding: 'yes'

test/integration/default/files/_mapdata/fedora-31.yaml

@@ -1,166 +1,185 @@
 # yamllint disable rule:indentation rule:line-length
 # Fedora-31
 ---
-map_jinja:
+values:
-  config_get_roots:
+  map_jinja:
-  - openssh
+    sources:
-  - sshd_config
+    - Y:G@osarch
-  - ssh_config
+    - Y:G@os_family
-openssh:
+    - Y:G@os
-  absent_dsa_keys: false
+    - Y:G@osfinger
-  absent_ecdsa_keys: false
+    - C:SUB@openssh:lookup
-  absent_ed25519_keys: false
+    - C:SUB@openssh
-  absent_rsa_keys: false
+    - C:SUB@sshd_config:lookup
-  auth:
+    - C:SUB@sshd_config
-    joe-non-valid-ssh-key:
+    - C:SUB@ssh_config:lookup
-    - comment: obsolete key - removed
+    - C:SUB@ssh_config
-      enc: ssh-rsa
+    - Y:G@id
-      present: false
+  openssh:
-      source: salt://ssh_keys/joe.no-valid.pub
+    absent_dsa_keys: false
-      user: joe
+    absent_ecdsa_keys: false
-    joe-valid-ssh-key-desktop:
+    absent_ed25519_keys: false
-    - comment: main key - desktop
+    absent_rsa_keys: false
-      enc: ssh-rsa
+    auth:
-      present: true
+      joe-non-valid-ssh-key:
-      source: salt://ssh_keys/joe.desktop.pub
+      - comment: obsolete key - removed
-      user: joe
+        enc: ssh-rsa
-    joe-valid-ssh-key-notebook:
+        present: false
-    - comment: main key - notebook
+        source: salt://ssh_keys/joe.no-valid.pub
-      enc: ssh-rsa
+        user: joe
-      present: true
+      joe-valid-ssh-key-desktop:
-      source: salt://ssh_keys/joe.netbook.pub
+      - comment: main key - desktop
-      user: joe
+        enc: ssh-rsa
-  auth_map:
+        present: true
-    personal_keys:
+        source: salt://ssh_keys/joe.desktop.pub
-      source: salt://ssh_keys
+        user: joe
-      users:
+      joe-valid-ssh-key-notebook:
-        joe:
+      - comment: main key - notebook
-          joe.desktop: {}
+        enc: ssh-rsa
-          joe.netbook:
+        present: true
-            options: []
+        source: salt://ssh_keys/joe.netbook.pub
-          joe.no-valid:
+        user: joe
-            present: false
+    auth_map:
-  banner: /etc/ssh/banner
+      personal_keys:
-  banner_src: banner
+        source: salt://ssh_keys
-  banner_string: 'Welcome to %{hostname}!
+        users:
-'
+          joe:
-  client: openssh-clients
+            joe.desktop: {}
-  client_version: latest
+            joe.netbook:
-  dig_pkg: bind-utils
+              options: []
-  dsa:
+            joe.no-valid:
-    private_key: '-----BEGIN DSA PRIVATE KEY-----
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client: openssh-clients
+    client_version: latest
+    dig_pkg: bind-utils
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END DSA PRIVATE KEY-----
+        -----END DSA PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-dss NOT_DEFINED
+      public_key: 'ssh-dss NOT_DEFINED
-'
+  '
-  ecdsa:
+    ecdsa:
-    private_key: '-----BEGIN EC PRIVATE KEY-----
+      private_key: '-----BEGIN EC PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END EC PRIVATE KEY-----
+        -----END EC PRIVATE KEY-----
-'
+  '
-    public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
-'
+  '
-  ed25519:
+    ed25519:
-    private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END OPENSSH PRIVATE KEY-----
+        -----END OPENSSH PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-ed25519 NOT_DEFINED
+      public_key: 'ssh-ed25519 NOT_DEFINED
-'
+  '
-  enforce_rsa_size: false
+    enforce_rsa_size: false
-  generate_dsa_keys: false
+    generate_dsa_keys: false
-  generate_ecdsa_keys: false
+    generate_ecdsa_keys: false
-  generate_ed25519_keys: false
+    generate_ed25519_keys: false
-  generate_rsa_keys: false
+    generate_rsa_keys: false
-  generate_rsa_size: 4096
+    generate_rsa_size: 4096
-  host_key_algos: ecdsa,ed25519,rsa
+    host_key_algos: ecdsa,ed25519,rsa
-  known_hosts:
+    known_hosts:
-    aliases:
+      aliases:
-    - cname-to-minion.example.org
+      - cname-to-minion.example.org
-    - alias.example.org
+      - alias.example.org
-    hostnames: false
+      hostnames: false
-    include_localhost: false
+      include_localhost: false
-    mine_hostname_function: public_ssh_hostname
+      mine_hostname_function: public_ssh_hostname
-    mine_keys_function: public_ssh_host_keys
+      mine_keys_function: public_ssh_host_keys
-    omit_ip_address:
+      omit_ip_address:
-    - github.com
+      - github.com
-    salt_ssh:
+      salt_ssh:
-      public_ssh_host_keys:
+        public_ssh_host_keys:
-        minion.id: 'ssh-rsa [...]
+          minion.id: 'ssh-rsa [...]
 
-          ssh-ed25519 [...]
+            ssh-ed25519 [...]
-'
+  '
-      public_ssh_host_names:
+        public_ssh_host_names:
-        minion.id:
+          minion.id:
-        - minion.id
+          - minion.id
-        - alias.of.minion.id
+          - alias.of.minion.id
-      user: salt-master
+        user: salt-master
-    static:
+      static:
-      github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
-      gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
-    target: '*'
+      target: '*'
-    tgt_type: glob
+      tgt_type: glob
-  moduli: '# Time Type Tests Tries Size Generator Modulus
+    moduli: '# Time Type Tests Tries Size Generator Modulus
 
-    20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
 
-    20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
 
-    20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
 
-    20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
-'
+  '
-  provide_dsa_keys: false
+    provide_dsa_keys: false
-  provide_ecdsa_keys: false
+    provide_ecdsa_keys: false
-  provide_ed25519_keys: false
+    provide_ed25519_keys: false
-  provide_rsa_keys: false
+    provide_rsa_keys: false
-  root_group: root
+    root_group: root
-  rsa:
+    rsa:
-    private_key: '-----BEGIN RSA PRIVATE KEY-----
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END RSA PRIVATE KEY-----
+        -----END RSA PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-rsa NOT_DEFINED
+      public_key: 'ssh-rsa NOT_DEFINED
-'
+  '
-  server: openssh-server
+    server: openssh-server
-  server_version: latest
+    server_version: latest
-  service: sshd
+    service: sshd
-  ssh_config: /etc/ssh/ssh_config
+    ssh_config: /etc/ssh/ssh_config
-  ssh_config_backup: true
+    ssh_config_backup: true
-  ssh_config_group: root
+    ssh_config_group: root
-  ssh_config_mode: '644'
+    ssh_config_mode: '644'
-  ssh_config_src: ssh_config
+    ssh_config_src: ssh_config
-  ssh_config_user: root
+    ssh_config_user: root
-  ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
-  ssh_known_hosts_src: ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
-  ssh_moduli: /etc/ssh/moduli
+    ssh_moduli: /etc/ssh/moduli
-  sshd_binary: /usr/sbin/sshd
+    sshd_binary: /usr/sbin/sshd
-  sshd_config: /etc/ssh/sshd_config
+    sshd_config: /etc/ssh/sshd_config
-  sshd_config_backup: true
+    sshd_config_backup: true
-  sshd_config_group: root
+    sshd_config_group: root
-  sshd_config_mode: '644'
+    sshd_config_mode: '644'
-  sshd_config_src: sshd_config
+    sshd_config_src: sshd_config
-  sshd_config_user: root
+    sshd_config_user: root
-  sshd_enable: true
+    sshd_enable: true
-ssh_config:
+    tofs:
-  Hosts:
+      source_files:
-    '*':
+        manage ssh_known_hosts file:
-      GSSAPIAuthentication: 'yes'
+        - alt_ssh_known_hosts
-      HashKnownHosts: 'yes'
+        ssh_config:
-      SendEnv: LANG LC_*
+        - alt_ssh_config
-sshd_config:
+        sshd_banner:
-  AcceptEnv: LANG LC_*
+        - fire_banner
-  ChallengeResponseAuthentication: 'no'
+        sshd_config:
-  PrintMotd: 'no'
+        - alt_sshd_config
-  Subsystem: sftp /usr/lib/openssh/sftp-server
+  ssh_config:
-  UsePAM: 'yes'
+    Hosts:
-  X11Forwarding: 'yes'
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    UsePAM: 'yes'
+    X11Forwarding: 'yes'

test/integration/default/files/_mapdata/fedora-32.yaml

@@ -1,166 +1,185 @@
 # yamllint disable rule:indentation rule:line-length
 # Fedora-32
 ---
-map_jinja:
+values:
-  config_get_roots:
+  map_jinja:
-  - openssh
+    sources:
-  - sshd_config
+    - Y:G@osarch
-  - ssh_config
+    - Y:G@os_family
-openssh:
+    - Y:G@os
-  absent_dsa_keys: false
+    - Y:G@osfinger
-  absent_ecdsa_keys: false
+    - C:SUB@openssh:lookup
-  absent_ed25519_keys: false
+    - C:SUB@openssh
-  absent_rsa_keys: false
+    - C:SUB@sshd_config:lookup
-  auth:
+    - C:SUB@sshd_config
-    joe-non-valid-ssh-key:
+    - C:SUB@ssh_config:lookup
-    - comment: obsolete key - removed
+    - C:SUB@ssh_config
-      enc: ssh-rsa
+    - Y:G@id
-      present: false
+  openssh:
-      source: salt://ssh_keys/joe.no-valid.pub
+    absent_dsa_keys: false
-      user: joe
+    absent_ecdsa_keys: false
-    joe-valid-ssh-key-desktop:
+    absent_ed25519_keys: false
-    - comment: main key - desktop
+    absent_rsa_keys: false
-      enc: ssh-rsa
+    auth:
-      present: true
+      joe-non-valid-ssh-key:
-      source: salt://ssh_keys/joe.desktop.pub
+      - comment: obsolete key - removed
-      user: joe
+        enc: ssh-rsa
-    joe-valid-ssh-key-notebook:
+        present: false
-    - comment: main key - notebook
+        source: salt://ssh_keys/joe.no-valid.pub
-      enc: ssh-rsa
+        user: joe
-      present: true
+      joe-valid-ssh-key-desktop:
-      source: salt://ssh_keys/joe.netbook.pub
+      - comment: main key - desktop
-      user: joe
+        enc: ssh-rsa
-  auth_map:
+        present: true
-    personal_keys:
+        source: salt://ssh_keys/joe.desktop.pub
-      source: salt://ssh_keys
+        user: joe
-      users:
+      joe-valid-ssh-key-notebook:
-        joe:
+      - comment: main key - notebook
-          joe.desktop: {}
+        enc: ssh-rsa
-          joe.netbook:
+        present: true
-            options: []
+        source: salt://ssh_keys/joe.netbook.pub
-          joe.no-valid:
+        user: joe
-            present: false
+    auth_map:
-  banner: /etc/ssh/banner
+      personal_keys:
-  banner_src: banner
+        source: salt://ssh_keys
-  banner_string: 'Welcome to %{hostname}!
+        users:
-'
+          joe:
-  client: openssh-clients
+            joe.desktop: {}
-  client_version: latest
+            joe.netbook:
-  dig_pkg: bind-utils
+              options: []
-  dsa:
+            joe.no-valid:
-    private_key: '-----BEGIN DSA PRIVATE KEY-----
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client: openssh-clients
+    client_version: latest
+    dig_pkg: bind-utils
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END DSA PRIVATE KEY-----
+        -----END DSA PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-dss NOT_DEFINED
+      public_key: 'ssh-dss NOT_DEFINED
-'
+  '
-  ecdsa:
+    ecdsa:
-    private_key: '-----BEGIN EC PRIVATE KEY-----
+      private_key: '-----BEGIN EC PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END EC PRIVATE KEY-----
+        -----END EC PRIVATE KEY-----
-'
+  '
-    public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
-'
+  '
-  ed25519:
+    ed25519:
-    private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END OPENSSH PRIVATE KEY-----
+        -----END OPENSSH PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-ed25519 NOT_DEFINED
+      public_key: 'ssh-ed25519 NOT_DEFINED
-'
+  '
-  enforce_rsa_size: false
+    enforce_rsa_size: false
-  generate_dsa_keys: false
+    generate_dsa_keys: false
-  generate_ecdsa_keys: false
+    generate_ecdsa_keys: false
-  generate_ed25519_keys: false
+    generate_ed25519_keys: false
-  generate_rsa_keys: false
+    generate_rsa_keys: false
-  generate_rsa_size: 4096
+    generate_rsa_size: 4096
-  host_key_algos: ecdsa,ed25519,rsa
+    host_key_algos: ecdsa,ed25519,rsa
-  known_hosts:
+    known_hosts:
-    aliases:
+      aliases:
-    - cname-to-minion.example.org
+      - cname-to-minion.example.org
-    - alias.example.org
+      - alias.example.org
-    hostnames: false
+      hostnames: false
-    include_localhost: false
+      include_localhost: false
-    mine_hostname_function: public_ssh_hostname
+      mine_hostname_function: public_ssh_hostname
-    mine_keys_function: public_ssh_host_keys
+      mine_keys_function: public_ssh_host_keys
-    omit_ip_address:
+      omit_ip_address:
-    - github.com
+      - github.com
-    salt_ssh:
+      salt_ssh:
-      public_ssh_host_keys:
+        public_ssh_host_keys:
-        minion.id: 'ssh-rsa [...]
+          minion.id: 'ssh-rsa [...]
 
-          ssh-ed25519 [...]
+            ssh-ed25519 [...]
-'
+  '
-      public_ssh_host_names:
+        public_ssh_host_names:
-        minion.id:
+          minion.id:
-        - minion.id
+          - minion.id
-        - alias.of.minion.id
+          - alias.of.minion.id
-      user: salt-master
+        user: salt-master
-    static:
+      static:
-      github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
-      gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
-    target: '*'
+      target: '*'
-    tgt_type: glob
+      tgt_type: glob
-  moduli: '# Time Type Tests Tries Size Generator Modulus
+    moduli: '# Time Type Tests Tries Size Generator Modulus
 
-    20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
 
-    20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
 
-    20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
 
-    20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
-'
+  '
-  provide_dsa_keys: false
+    provide_dsa_keys: false
-  provide_ecdsa_keys: false
+    provide_ecdsa_keys: false
-  provide_ed25519_keys: false
+    provide_ed25519_keys: false
-  provide_rsa_keys: false
+    provide_rsa_keys: false
-  root_group: root
+    root_group: root
-  rsa:
+    rsa:
-    private_key: '-----BEGIN RSA PRIVATE KEY-----
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END RSA PRIVATE KEY-----
+        -----END RSA PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-rsa NOT_DEFINED
+      public_key: 'ssh-rsa NOT_DEFINED
-'
+  '
-  server: openssh-server
+    server: openssh-server
-  server_version: latest
+    server_version: latest
-  service: sshd
+    service: sshd
-  ssh_config: /etc/ssh/ssh_config
+    ssh_config: /etc/ssh/ssh_config
-  ssh_config_backup: true
+    ssh_config_backup: true
-  ssh_config_group: root
+    ssh_config_group: root
-  ssh_config_mode: '644'
+    ssh_config_mode: '644'
-  ssh_config_src: ssh_config
+    ssh_config_src: ssh_config
-  ssh_config_user: root
+    ssh_config_user: root
-  ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
-  ssh_known_hosts_src: ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
-  ssh_moduli: /etc/ssh/moduli
+    ssh_moduli: /etc/ssh/moduli
-  sshd_binary: /usr/sbin/sshd
+    sshd_binary: /usr/sbin/sshd
-  sshd_config: /etc/ssh/sshd_config
+    sshd_config: /etc/ssh/sshd_config
-  sshd_config_backup: true
+    sshd_config_backup: true
-  sshd_config_group: root
+    sshd_config_group: root
-  sshd_config_mode: '644'
+    sshd_config_mode: '644'
-  sshd_config_src: sshd_config
+    sshd_config_src: sshd_config
-  sshd_config_user: root
+    sshd_config_user: root
-  sshd_enable: true
+    sshd_enable: true
-ssh_config:
+    tofs:
-  Hosts:
+      source_files:
-    '*':
+        manage ssh_known_hosts file:
-      GSSAPIAuthentication: 'yes'
+        - alt_ssh_known_hosts
-      HashKnownHosts: 'yes'
+        ssh_config:
-      SendEnv: LANG LC_*
+        - alt_ssh_config
-sshd_config:
+        sshd_banner:
-  AcceptEnv: LANG LC_*
+        - fire_banner
-  ChallengeResponseAuthentication: 'no'
+        sshd_config:
-  PrintMotd: 'no'
+        - alt_sshd_config
-  Subsystem: sftp /usr/lib/openssh/sftp-server
+  ssh_config:
-  UsePAM: 'yes'
+    Hosts:
-  X11Forwarding: 'yes'
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    UsePAM: 'yes'
+    X11Forwarding: 'yes'

test/integration/default/files/_mapdata/fedora-33.yaml

@@ -0,0 +1,185 @@
+# yamllint disable rule:indentation rule:line-length
+# Fedora-33
+---
+values:
+  map_jinja:
+    sources:
+    - Y:G@osarch
+    - Y:G@os_family
+    - Y:G@os
+    - Y:G@osfinger
+    - C:SUB@openssh:lookup
+    - C:SUB@openssh
+    - C:SUB@sshd_config:lookup
+    - C:SUB@sshd_config
+    - C:SUB@ssh_config:lookup
+    - C:SUB@ssh_config
+    - Y:G@id
+  openssh:
+    absent_dsa_keys: false
+    absent_ecdsa_keys: false
+    absent_ed25519_keys: false
+    absent_rsa_keys: false
+    auth:
+      joe-non-valid-ssh-key:
+      - comment: obsolete key - removed
+        enc: ssh-rsa
+        present: false
+        source: salt://ssh_keys/joe.no-valid.pub
+        user: joe
+      joe-valid-ssh-key-desktop:
+      - comment: main key - desktop
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.desktop.pub
+        user: joe
+      joe-valid-ssh-key-notebook:
+      - comment: main key - notebook
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.netbook.pub
+        user: joe
+    auth_map:
+      personal_keys:
+        source: salt://ssh_keys
+        users:
+          joe:
+            joe.desktop: {}
+            joe.netbook:
+              options: []
+            joe.no-valid:
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client: openssh-clients
+    client_version: latest
+    dig_pkg: bind-utils
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END DSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-dss NOT_DEFINED
+  '
+    ecdsa:
+      private_key: '-----BEGIN EC PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END EC PRIVATE KEY-----
+  '
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+  '
+    ed25519:
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END OPENSSH PRIVATE KEY-----
+  '
+      public_key: 'ssh-ed25519 NOT_DEFINED
+  '
+    enforce_rsa_size: false
+    generate_dsa_keys: false
+    generate_ecdsa_keys: false
+    generate_ed25519_keys: false
+    generate_rsa_keys: false
+    generate_rsa_size: 4096
+    host_key_algos: ecdsa,ed25519,rsa
+    known_hosts:
+      aliases:
+      - cname-to-minion.example.org
+      - alias.example.org
+      hostnames: false
+      include_localhost: false
+      mine_hostname_function: public_ssh_hostname
+      mine_keys_function: public_ssh_host_keys
+      omit_ip_address:
+      - github.com
+      salt_ssh:
+        public_ssh_host_keys:
+          minion.id: 'ssh-rsa [...]
+
+            ssh-ed25519 [...]
+  '
+        public_ssh_host_names:
+          minion.id:
+          - minion.id
+          - alias.of.minion.id
+        user: salt-master
+      static:
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+      target: '*'
+      tgt_type: glob
+    moduli: '# Time Type Tests Tries Size Generator Modulus
+
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+  '
+    provide_dsa_keys: false
+    provide_ecdsa_keys: false
+    provide_ed25519_keys: false
+    provide_rsa_keys: false
+    root_group: root
+    rsa:
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END RSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-rsa NOT_DEFINED
+  '
+    server: openssh-server
+    server_version: latest
+    service: sshd
+    ssh_config: /etc/ssh/ssh_config
+    ssh_config_backup: true
+    ssh_config_group: root
+    ssh_config_mode: '644'
+    ssh_config_src: ssh_config
+    ssh_config_user: root
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
+    ssh_moduli: /etc/ssh/moduli
+    sshd_binary: /usr/sbin/sshd
+    sshd_config: /etc/ssh/sshd_config
+    sshd_config_backup: true
+    sshd_config_group: root
+    sshd_config_mode: '644'
+    sshd_config_src: sshd_config
+    sshd_config_user: root
+    sshd_enable: true
+    tofs:
+      source_files:
+        manage ssh_known_hosts file:
+        - alt_ssh_known_hosts
+        ssh_config:
+        - alt_ssh_config
+        sshd_banner:
+        - fire_banner
+        sshd_config:
+        - alt_sshd_config
+  ssh_config:
+    Hosts:
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    UsePAM: 'yes'
+    X11Forwarding: 'yes'

test/integration/default/files/_mapdata/fedora-34.yaml

@@ -0,0 +1,185 @@
+# yamllint disable rule:indentation rule:line-length
+# Fedora-34
+---
+values:
+  map_jinja:
+    sources:
+    - Y:G@osarch
+    - Y:G@os_family
+    - Y:G@os
+    - Y:G@osfinger
+    - C:SUB@openssh:lookup
+    - C:SUB@openssh
+    - C:SUB@sshd_config:lookup
+    - C:SUB@sshd_config
+    - C:SUB@ssh_config:lookup
+    - C:SUB@ssh_config
+    - Y:G@id
+  openssh:
+    absent_dsa_keys: false
+    absent_ecdsa_keys: false
+    absent_ed25519_keys: false
+    absent_rsa_keys: false
+    auth:
+      joe-non-valid-ssh-key:
+      - comment: obsolete key - removed
+        enc: ssh-rsa
+        present: false
+        source: salt://ssh_keys/joe.no-valid.pub
+        user: joe
+      joe-valid-ssh-key-desktop:
+      - comment: main key - desktop
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.desktop.pub
+        user: joe
+      joe-valid-ssh-key-notebook:
+      - comment: main key - notebook
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.netbook.pub
+        user: joe
+    auth_map:
+      personal_keys:
+        source: salt://ssh_keys
+        users:
+          joe:
+            joe.desktop: {}
+            joe.netbook:
+              options: []
+            joe.no-valid:
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client: openssh-clients
+    client_version: latest
+    dig_pkg: bind-utils
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END DSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-dss NOT_DEFINED
+  '
+    ecdsa:
+      private_key: '-----BEGIN EC PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END EC PRIVATE KEY-----
+  '
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+  '
+    ed25519:
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END OPENSSH PRIVATE KEY-----
+  '
+      public_key: 'ssh-ed25519 NOT_DEFINED
+  '
+    enforce_rsa_size: false
+    generate_dsa_keys: false
+    generate_ecdsa_keys: false
+    generate_ed25519_keys: false
+    generate_rsa_keys: false
+    generate_rsa_size: 4096
+    host_key_algos: ecdsa,ed25519,rsa
+    known_hosts:
+      aliases:
+      - cname-to-minion.example.org
+      - alias.example.org
+      hostnames: false
+      include_localhost: false
+      mine_hostname_function: public_ssh_hostname
+      mine_keys_function: public_ssh_host_keys
+      omit_ip_address:
+      - github.com
+      salt_ssh:
+        public_ssh_host_keys:
+          minion.id: 'ssh-rsa [...]
+
+            ssh-ed25519 [...]
+  '
+        public_ssh_host_names:
+          minion.id:
+          - minion.id
+          - alias.of.minion.id
+        user: salt-master
+      static:
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+      target: '*'
+      tgt_type: glob
+    moduli: '# Time Type Tests Tries Size Generator Modulus
+
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+  '
+    provide_dsa_keys: false
+    provide_ecdsa_keys: false
+    provide_ed25519_keys: false
+    provide_rsa_keys: false
+    root_group: root
+    rsa:
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END RSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-rsa NOT_DEFINED
+  '
+    server: openssh-server
+    server_version: latest
+    service: sshd
+    ssh_config: /etc/ssh/ssh_config
+    ssh_config_backup: true
+    ssh_config_group: root
+    ssh_config_mode: '644'
+    ssh_config_src: ssh_config
+    ssh_config_user: root
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
+    ssh_moduli: /etc/ssh/moduli
+    sshd_binary: /usr/sbin/sshd
+    sshd_config: /etc/ssh/sshd_config
+    sshd_config_backup: true
+    sshd_config_group: root
+    sshd_config_mode: '644'
+    sshd_config_src: sshd_config
+    sshd_config_user: root
+    sshd_enable: true
+    tofs:
+      source_files:
+        manage ssh_known_hosts file:
+        - alt_ssh_known_hosts
+        ssh_config:
+        - alt_ssh_config
+        sshd_banner:
+        - fire_banner
+        sshd_config:
+        - alt_sshd_config
+  ssh_config:
+    Hosts:
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    UsePAM: 'yes'
+    X11Forwarding: 'yes'

test/integration/default/files/_mapdata/fedora-35.yaml

@@ -0,0 +1,185 @@
+# yamllint disable rule:indentation rule:line-length
+# Fedora-35
+---
+values:
+  map_jinja:
+    sources:
+    - Y:G@osarch
+    - Y:G@os_family
+    - Y:G@os
+    - Y:G@osfinger
+    - C:SUB@openssh:lookup
+    - C:SUB@openssh
+    - C:SUB@sshd_config:lookup
+    - C:SUB@sshd_config
+    - C:SUB@ssh_config:lookup
+    - C:SUB@ssh_config
+    - Y:G@id
+  openssh:
+    absent_dsa_keys: false
+    absent_ecdsa_keys: false
+    absent_ed25519_keys: false
+    absent_rsa_keys: false
+    auth:
+      joe-non-valid-ssh-key:
+      - comment: obsolete key - removed
+        enc: ssh-rsa
+        present: false
+        source: salt://ssh_keys/joe.no-valid.pub
+        user: joe
+      joe-valid-ssh-key-desktop:
+      - comment: main key - desktop
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.desktop.pub
+        user: joe
+      joe-valid-ssh-key-notebook:
+      - comment: main key - notebook
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.netbook.pub
+        user: joe
+    auth_map:
+      personal_keys:
+        source: salt://ssh_keys
+        users:
+          joe:
+            joe.desktop: {}
+            joe.netbook:
+              options: []
+            joe.no-valid:
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client: openssh-clients
+    client_version: latest
+    dig_pkg: bind-utils
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END DSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-dss NOT_DEFINED
+  '
+    ecdsa:
+      private_key: '-----BEGIN EC PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END EC PRIVATE KEY-----
+  '
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+  '
+    ed25519:
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END OPENSSH PRIVATE KEY-----
+  '
+      public_key: 'ssh-ed25519 NOT_DEFINED
+  '
+    enforce_rsa_size: false
+    generate_dsa_keys: false
+    generate_ecdsa_keys: false
+    generate_ed25519_keys: false
+    generate_rsa_keys: false
+    generate_rsa_size: 4096
+    host_key_algos: ecdsa,ed25519,rsa
+    known_hosts:
+      aliases:
+      - cname-to-minion.example.org
+      - alias.example.org
+      hostnames: false
+      include_localhost: false
+      mine_hostname_function: public_ssh_hostname
+      mine_keys_function: public_ssh_host_keys
+      omit_ip_address:
+      - github.com
+      salt_ssh:
+        public_ssh_host_keys:
+          minion.id: 'ssh-rsa [...]
+
+            ssh-ed25519 [...]
+  '
+        public_ssh_host_names:
+          minion.id:
+          - minion.id
+          - alias.of.minion.id
+        user: salt-master
+      static:
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+      target: '*'
+      tgt_type: glob
+    moduli: '# Time Type Tests Tries Size Generator Modulus
+
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+  '
+    provide_dsa_keys: false
+    provide_ecdsa_keys: false
+    provide_ed25519_keys: false
+    provide_rsa_keys: false
+    root_group: root
+    rsa:
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END RSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-rsa NOT_DEFINED
+  '
+    server: openssh-server
+    server_version: latest
+    service: sshd
+    ssh_config: /etc/ssh/ssh_config
+    ssh_config_backup: true
+    ssh_config_group: root
+    ssh_config_mode: '644'
+    ssh_config_src: ssh_config
+    ssh_config_user: root
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
+    ssh_moduli: /etc/ssh/moduli
+    sshd_binary: /usr/sbin/sshd
+    sshd_config: /etc/ssh/sshd_config
+    sshd_config_backup: true
+    sshd_config_group: root
+    sshd_config_mode: '644'
+    sshd_config_src: sshd_config
+    sshd_config_user: root
+    sshd_enable: true
+    tofs:
+      source_files:
+        manage ssh_known_hosts file:
+        - alt_ssh_known_hosts
+        ssh_config:
+        - alt_ssh_config
+        sshd_banner:
+        - fire_banner
+        sshd_config:
+        - alt_sshd_config
+  ssh_config:
+    Hosts:
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    UsePAM: 'yes'
+    X11Forwarding: 'yes'

test/integration/default/files/_mapdata/fedora-36.yaml

@@ -0,0 +1,186 @@
+# yamllint disable rule:indentation rule:line-length
+# Fedora-36
+---
+values:
+  map_jinja:
+    sources:
+    - Y:G@osarch
+    - Y:G@os_family
+    - Y:G@os
+    - Y:G@osfinger
+    - C:SUB@openssh:lookup
+    - C:SUB@openssh
+    - C:SUB@sshd_config:lookup
+    - C:SUB@sshd_config
+    - C:SUB@ssh_config:lookup
+    - C:SUB@ssh_config
+    - Y:G@id
+  openssh:
+    absent_dsa_keys: false
+    absent_ecdsa_keys: false
+    absent_ed25519_keys: false
+    absent_rsa_keys: false
+    auth:
+      joe-non-valid-ssh-key:
+      - comment: obsolete key - removed
+        enc: ssh-rsa
+        present: false
+        source: salt://ssh_keys/joe.no-valid.pub
+        user: joe
+      joe-valid-ssh-key-desktop:
+      - comment: main key - desktop
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.desktop.pub
+        user: joe
+      joe-valid-ssh-key-notebook:
+      - comment: main key - notebook
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.netbook.pub
+        user: joe
+    auth_map:
+      personal_keys:
+        source: salt://ssh_keys
+        users:
+          joe:
+            joe.desktop: {}
+            joe.netbook:
+              options: []
+            joe.no-valid:
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client: openssh-clients
+    client_version: latest
+    dig_pkg: bind-utils
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END DSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-dss NOT_DEFINED
+  '
+    ecdsa:
+      private_key: '-----BEGIN EC PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END EC PRIVATE KEY-----
+  '
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+  '
+    ed25519:
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END OPENSSH PRIVATE KEY-----
+  '
+      public_key: 'ssh-ed25519 NOT_DEFINED
+  '
+    enforce_rsa_size: false
+    generate_dsa_keys: false
+    generate_ecdsa_keys: false
+    generate_ed25519_keys: false
+    generate_rsa_keys: false
+    generate_rsa_size: 4096
+    host_key_algos: ecdsa,ed25519,rsa
+    known_hosts:
+      aliases:
+      - cname-to-minion.example.org
+      - alias.example.org
+      hostnames: false
+      include_localhost: false
+      mine_hostname_function: public_ssh_hostname
+      mine_keys_function: public_ssh_host_keys
+      omit_ip_address:
+      - github.com
+      salt_ssh:
+        public_ssh_host_keys:
+          minion.id: 'ssh-rsa [...]
+
+            ssh-ed25519 [...]
+  '
+        public_ssh_host_names:
+          minion.id:
+          - minion.id
+          - alias.of.minion.id
+        user: salt-master
+      static:
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+      target: '*'
+      tgt_type: glob
+    moduli: '# Time Type Tests Tries Size Generator Modulus
+
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+  '
+    provide_dsa_keys: false
+    provide_ecdsa_keys: false
+    provide_ed25519_keys: false
+    provide_rsa_keys: false
+    root_group: root
+    rsa:
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END RSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-rsa NOT_DEFINED
+  '
+    server: openssh-server
+    server_version: latest
+    service: sshd
+    ssh_config: /etc/ssh/ssh_config
+    ssh_config_backup: true
+    ssh_config_group: root
+    ssh_config_mode: '644'
+    ssh_config_src: ssh_config
+    ssh_config_user: root
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
+    ssh_moduli: /etc/ssh/moduli
+    sshd_binary: /usr/sbin/sshd
+    sshd_config: /etc/ssh/sshd_config
+    sshd_config_backup: true
+    sshd_config_group: root
+    sshd_config_mode: '644'
+    sshd_config_src: sshd_config
+    sshd_config_user: root
+    sshd_enable: true
+    tofs:
+      source_files:
+        manage ssh_known_hosts file:
+        - alt_ssh_known_hosts
+        ssh_config:
+        - alt_ssh_config
+        sshd_banner:
+        - fire_banner
+        sshd_config:
+        - alt_sshd_config
+  ssh_config:
+    Hosts:
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    PubkeyAcceptedAlgorithms: "+ssh-rsa"
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    UsePAM: 'yes'
+    X11Forwarding: 'yes'

test/integration/default/files/_mapdata/freebsd-11.yaml

@@ -0,0 +1,183 @@
+# yamllint disable rule:indentation rule:line-length
+# FreeBSD-12
+---
+values:
+  map_jinja:
+    sources:
+    - Y:G@osarch
+    - Y:G@os_family
+    - Y:G@os
+    - Y:G@osfinger
+    - C:SUB@openssh:lookup
+    - C:SUB@openssh
+    - C:SUB@sshd_config:lookup
+    - C:SUB@sshd_config
+    - C:SUB@ssh_config:lookup
+    - C:SUB@ssh_config
+    - Y:G@id
+  openssh:
+    absent_dsa_keys: false
+    absent_ecdsa_keys: false
+    absent_ed25519_keys: false
+    absent_rsa_keys: false
+    auth:
+      joe-non-valid-ssh-key:
+      - comment: obsolete key - removed
+        enc: ssh-rsa
+        present: false
+        source: salt://ssh_keys/joe.no-valid.pub
+        user: joe
+      joe-valid-ssh-key-desktop:
+      - comment: main key - desktop
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.desktop.pub
+        user: joe
+      joe-valid-ssh-key-notebook:
+      - comment: main key - notebook
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.netbook.pub
+        user: joe
+    auth_map:
+      personal_keys:
+        source: salt://ssh_keys
+        users:
+          joe:
+            joe.desktop: {}
+            joe.netbook:
+              options: []
+            joe.no-valid:
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client_version: latest
+    dig_pkg: bind-tools
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END DSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-dss NOT_DEFINED
+  '
+    ecdsa:
+      private_key: '-----BEGIN EC PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END EC PRIVATE KEY-----
+  '
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+  '
+    ed25519:
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END OPENSSH PRIVATE KEY-----
+  '
+      public_key: 'ssh-ed25519 NOT_DEFINED
+  '
+    enforce_rsa_size: false
+    generate_dsa_keys: false
+    generate_ecdsa_keys: false
+    generate_ed25519_keys: false
+    generate_rsa_keys: false
+    generate_rsa_size: 4096
+    host_key_algos: ecdsa,ed25519,rsa
+    known_hosts:
+      aliases:
+      - cname-to-minion.example.org
+      - alias.example.org
+      hostnames: false
+      include_localhost: false
+      mine_hostname_function: public_ssh_hostname
+      mine_keys_function: public_ssh_host_keys
+      omit_ip_address:
+      - github.com
+      salt_ssh:
+        public_ssh_host_keys:
+          minion.id: 'ssh-rsa [...]
+
+            ssh-ed25519 [...]
+  '
+        public_ssh_host_names:
+          minion.id:
+          - minion.id
+          - alias.of.minion.id
+        user: salt-master
+      static:
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+      target: '*'
+      tgt_type: glob
+    moduli: '# Time Type Tests Tries Size Generator Modulus
+
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+  '
+    provide_dsa_keys: false
+    provide_ecdsa_keys: false
+    provide_ed25519_keys: false
+    provide_rsa_keys: false
+    root_group: root
+    rsa:
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END RSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-rsa NOT_DEFINED
+  '
+    server_version: latest
+    service: sshd
+    ssh_config: /etc/ssh/ssh_config
+    ssh_config_backup: true
+    ssh_config_group: wheel
+    ssh_config_mode: '644'
+    ssh_config_src: ssh_config
+    ssh_config_user: root
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
+    ssh_moduli: /etc/ssh/moduli
+    sshd_binary: /usr/sbin/sshd
+    sshd_config: /etc/ssh/sshd_config
+    sshd_config_backup: true
+    sshd_config_group: wheel
+    sshd_config_mode: '644'
+    sshd_config_src: sshd_config
+    sshd_config_user: root
+    sshd_enable: true
+    tofs:
+      source_files:
+        manage ssh_known_hosts file:
+        - alt_ssh_known_hosts
+        ssh_config:
+        - alt_ssh_config
+        sshd_banner:
+        - fire_banner
+        sshd_config:
+        - alt_sshd_config
+  ssh_config:
+    Hosts:
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    UsePAM: 'yes'
+    X11Forwarding: 'yes'

test/integration/default/files/_mapdata/freebsd-12.yaml

@@ -0,0 +1,183 @@
+# yamllint disable rule:indentation rule:line-length
+# FreeBSD-12
+---
+values:
+  map_jinja:
+    sources:
+    - Y:G@osarch
+    - Y:G@os_family
+    - Y:G@os
+    - Y:G@osfinger
+    - C:SUB@openssh:lookup
+    - C:SUB@openssh
+    - C:SUB@sshd_config:lookup
+    - C:SUB@sshd_config
+    - C:SUB@ssh_config:lookup
+    - C:SUB@ssh_config
+    - Y:G@id
+  openssh:
+    absent_dsa_keys: false
+    absent_ecdsa_keys: false
+    absent_ed25519_keys: false
+    absent_rsa_keys: false
+    auth:
+      joe-non-valid-ssh-key:
+      - comment: obsolete key - removed
+        enc: ssh-rsa
+        present: false
+        source: salt://ssh_keys/joe.no-valid.pub
+        user: joe
+      joe-valid-ssh-key-desktop:
+      - comment: main key - desktop
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.desktop.pub
+        user: joe
+      joe-valid-ssh-key-notebook:
+      - comment: main key - notebook
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.netbook.pub
+        user: joe
+    auth_map:
+      personal_keys:
+        source: salt://ssh_keys
+        users:
+          joe:
+            joe.desktop: {}
+            joe.netbook:
+              options: []
+            joe.no-valid:
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client_version: latest
+    dig_pkg: bind-tools
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END DSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-dss NOT_DEFINED
+  '
+    ecdsa:
+      private_key: '-----BEGIN EC PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END EC PRIVATE KEY-----
+  '
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+  '
+    ed25519:
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END OPENSSH PRIVATE KEY-----
+  '
+      public_key: 'ssh-ed25519 NOT_DEFINED
+  '
+    enforce_rsa_size: false
+    generate_dsa_keys: false
+    generate_ecdsa_keys: false
+    generate_ed25519_keys: false
+    generate_rsa_keys: false
+    generate_rsa_size: 4096
+    host_key_algos: ecdsa,ed25519,rsa
+    known_hosts:
+      aliases:
+      - cname-to-minion.example.org
+      - alias.example.org
+      hostnames: false
+      include_localhost: false
+      mine_hostname_function: public_ssh_hostname
+      mine_keys_function: public_ssh_host_keys
+      omit_ip_address:
+      - github.com
+      salt_ssh:
+        public_ssh_host_keys:
+          minion.id: 'ssh-rsa [...]
+
+            ssh-ed25519 [...]
+  '
+        public_ssh_host_names:
+          minion.id:
+          - minion.id
+          - alias.of.minion.id
+        user: salt-master
+      static:
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+      target: '*'
+      tgt_type: glob
+    moduli: '# Time Type Tests Tries Size Generator Modulus
+
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+  '
+    provide_dsa_keys: false
+    provide_ecdsa_keys: false
+    provide_ed25519_keys: false
+    provide_rsa_keys: false
+    root_group: root
+    rsa:
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END RSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-rsa NOT_DEFINED
+  '
+    server_version: latest
+    service: sshd
+    ssh_config: /etc/ssh/ssh_config
+    ssh_config_backup: true
+    ssh_config_group: wheel
+    ssh_config_mode: '644'
+    ssh_config_src: ssh_config
+    ssh_config_user: root
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
+    ssh_moduli: /etc/ssh/moduli
+    sshd_binary: /usr/sbin/sshd
+    sshd_config: /etc/ssh/sshd_config
+    sshd_config_backup: true
+    sshd_config_group: wheel
+    sshd_config_mode: '644'
+    sshd_config_src: sshd_config
+    sshd_config_user: root
+    sshd_enable: true
+    tofs:
+      source_files:
+        manage ssh_known_hosts file:
+        - alt_ssh_known_hosts
+        ssh_config:
+        - alt_ssh_config
+        sshd_banner:
+        - fire_banner
+        sshd_config:
+        - alt_sshd_config
+  ssh_config:
+    Hosts:
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    UsePAM: 'yes'
+    X11Forwarding: 'yes'

test/integration/default/files/_mapdata/freebsd-13.yaml

@@ -0,0 +1,183 @@
+# yamllint disable rule:indentation rule:line-length
+# FreeBSD-13
+---
+values:
+  map_jinja:
+    sources:
+    - Y:G@osarch
+    - Y:G@os_family
+    - Y:G@os
+    - Y:G@osfinger
+    - C:SUB@openssh:lookup
+    - C:SUB@openssh
+    - C:SUB@sshd_config:lookup
+    - C:SUB@sshd_config
+    - C:SUB@ssh_config:lookup
+    - C:SUB@ssh_config
+    - Y:G@id
+  openssh:
+    absent_dsa_keys: false
+    absent_ecdsa_keys: false
+    absent_ed25519_keys: false
+    absent_rsa_keys: false
+    auth:
+      joe-non-valid-ssh-key:
+      - comment: obsolete key - removed
+        enc: ssh-rsa
+        present: false
+        source: salt://ssh_keys/joe.no-valid.pub
+        user: joe
+      joe-valid-ssh-key-desktop:
+      - comment: main key - desktop
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.desktop.pub
+        user: joe
+      joe-valid-ssh-key-notebook:
+      - comment: main key - notebook
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.netbook.pub
+        user: joe
+    auth_map:
+      personal_keys:
+        source: salt://ssh_keys
+        users:
+          joe:
+            joe.desktop: {}
+            joe.netbook:
+              options: []
+            joe.no-valid:
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client_version: latest
+    dig_pkg: bind-tools
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END DSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-dss NOT_DEFINED
+  '
+    ecdsa:
+      private_key: '-----BEGIN EC PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END EC PRIVATE KEY-----
+  '
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+  '
+    ed25519:
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END OPENSSH PRIVATE KEY-----
+  '
+      public_key: 'ssh-ed25519 NOT_DEFINED
+  '
+    enforce_rsa_size: false
+    generate_dsa_keys: false
+    generate_ecdsa_keys: false
+    generate_ed25519_keys: false
+    generate_rsa_keys: false
+    generate_rsa_size: 4096
+    host_key_algos: ecdsa,ed25519,rsa
+    known_hosts:
+      aliases:
+      - cname-to-minion.example.org
+      - alias.example.org
+      hostnames: false
+      include_localhost: false
+      mine_hostname_function: public_ssh_hostname
+      mine_keys_function: public_ssh_host_keys
+      omit_ip_address:
+      - github.com
+      salt_ssh:
+        public_ssh_host_keys:
+          minion.id: 'ssh-rsa [...]
+
+            ssh-ed25519 [...]
+  '
+        public_ssh_host_names:
+          minion.id:
+          - minion.id
+          - alias.of.minion.id
+        user: salt-master
+      static:
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+      target: '*'
+      tgt_type: glob
+    moduli: '# Time Type Tests Tries Size Generator Modulus
+
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+  '
+    provide_dsa_keys: false
+    provide_ecdsa_keys: false
+    provide_ed25519_keys: false
+    provide_rsa_keys: false
+    root_group: root
+    rsa:
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END RSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-rsa NOT_DEFINED
+  '
+    server_version: latest
+    service: sshd
+    ssh_config: /etc/ssh/ssh_config
+    ssh_config_backup: true
+    ssh_config_group: wheel
+    ssh_config_mode: '644'
+    ssh_config_src: ssh_config
+    ssh_config_user: root
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
+    ssh_moduli: /etc/ssh/moduli
+    sshd_binary: /usr/sbin/sshd
+    sshd_config: /etc/ssh/sshd_config
+    sshd_config_backup: true
+    sshd_config_group: wheel
+    sshd_config_mode: '644'
+    sshd_config_src: sshd_config
+    sshd_config_user: root
+    sshd_enable: true
+    tofs:
+      source_files:
+        manage ssh_known_hosts file:
+        - alt_ssh_known_hosts
+        ssh_config:
+        - alt_ssh_config
+        sshd_banner:
+        - fire_banner
+        sshd_config:
+        - alt_sshd_config
+  ssh_config:
+    Hosts:
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    UsePAM: 'yes'
+    X11Forwarding: 'yes'

test/integration/default/files/_mapdata/gentoo-2-sysd.yaml

@@ -0,0 +1,186 @@
+# yamllint disable rule:indentation rule:line-length
+# Gentoo-2
+---
+values:
+  map_jinja:
+    sources:
+    - Y:G@osarch
+    - Y:G@os_family
+    - Y:G@os
+    - Y:G@osfinger
+    - C:SUB@openssh:lookup
+    - C:SUB@openssh
+    - C:SUB@sshd_config:lookup
+    - C:SUB@sshd_config
+    - C:SUB@ssh_config:lookup
+    - C:SUB@ssh_config
+    - Y:G@id
+  openssh:
+    absent_dsa_keys: false
+    absent_ecdsa_keys: false
+    absent_ed25519_keys: false
+    absent_rsa_keys: false
+    auth:
+      joe-non-valid-ssh-key:
+      - comment: obsolete key - removed
+        enc: ssh-rsa
+        present: false
+        source: salt://ssh_keys/joe.no-valid.pub
+        user: joe
+      joe-valid-ssh-key-desktop:
+      - comment: main key - desktop
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.desktop.pub
+        user: joe
+      joe-valid-ssh-key-notebook:
+      - comment: main key - notebook
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.netbook.pub
+        user: joe
+    auth_map:
+      personal_keys:
+        source: salt://ssh_keys
+        users:
+          joe:
+            joe.desktop: {}
+            joe.netbook:
+              options: []
+            joe.no-valid:
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client: net-misc/openssh
+    client_version: latest
+    dig_pkg: net-dns/bind-tools
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END DSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-dss NOT_DEFINED
+  '
+    ecdsa:
+      private_key: '-----BEGIN EC PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END EC PRIVATE KEY-----
+  '
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+  '
+    ed25519:
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END OPENSSH PRIVATE KEY-----
+  '
+      public_key: 'ssh-ed25519 NOT_DEFINED
+  '
+    enforce_rsa_size: false
+    generate_dsa_keys: false
+    generate_ecdsa_keys: false
+    generate_ed25519_keys: false
+    generate_rsa_keys: false
+    generate_rsa_size: 4096
+    host_key_algos: ecdsa,ed25519,rsa
+    known_hosts:
+      aliases:
+      - cname-to-minion.example.org
+      - alias.example.org
+      hostnames: false
+      include_localhost: false
+      mine_hostname_function: public_ssh_hostname
+      mine_keys_function: public_ssh_host_keys
+      omit_ip_address:
+      - github.com
+      salt_ssh:
+        public_ssh_host_keys:
+          minion.id: 'ssh-rsa [...]
+
+            ssh-ed25519 [...]
+  '
+        public_ssh_host_names:
+          minion.id:
+          - minion.id
+          - alias.of.minion.id
+        user: salt-master
+      static:
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+      target: '*'
+      tgt_type: glob
+    moduli: '# Time Type Tests Tries Size Generator Modulus
+
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+  '
+    provide_dsa_keys: false
+    provide_ecdsa_keys: false
+    provide_ed25519_keys: false
+    provide_rsa_keys: false
+    root_group: root
+    rsa:
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END RSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-rsa NOT_DEFINED
+  '
+    server: net-misc/openssh
+    server_version: latest
+    service: sshd
+    ssh_config: /etc/ssh/ssh_config
+    ssh_config_backup: true
+    ssh_config_group: root
+    ssh_config_mode: '644'
+    ssh_config_src: ssh_config
+    ssh_config_user: root
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
+    ssh_moduli: /etc/ssh/moduli
+    sshd_binary: /usr/sbin/sshd
+    sshd_config: /etc/ssh/sshd_config
+    sshd_config_backup: true
+    sshd_config_group: root
+    sshd_config_mode: '644'
+    sshd_config_src: sshd_config
+    sshd_config_user: root
+    sshd_enable: true
+    tofs:
+      source_files:
+        manage ssh_known_hosts file:
+        - alt_ssh_known_hosts
+        ssh_config:
+        - alt_ssh_config
+        sshd_banner:
+        - fire_banner
+        sshd_config:
+        - alt_sshd_config
+  ssh_config:
+    Hosts:
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    PubkeyAcceptedAlgorithms: "+ssh-rsa"
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    UsePAM: 'yes'
+    X11Forwarding: 'yes'

test/integration/default/files/_mapdata/gentoo-2-sysv.yaml

@@ -0,0 +1,186 @@
+# yamllint disable rule:indentation rule:line-length
+# Gentoo-2
+---
+values:
+  map_jinja:
+    sources:
+    - Y:G@osarch
+    - Y:G@os_family
+    - Y:G@os
+    - Y:G@osfinger
+    - C:SUB@openssh:lookup
+    - C:SUB@openssh
+    - C:SUB@sshd_config:lookup
+    - C:SUB@sshd_config
+    - C:SUB@ssh_config:lookup
+    - C:SUB@ssh_config
+    - Y:G@id
+  openssh:
+    absent_dsa_keys: false
+    absent_ecdsa_keys: false
+    absent_ed25519_keys: false
+    absent_rsa_keys: false
+    auth:
+      joe-non-valid-ssh-key:
+      - comment: obsolete key - removed
+        enc: ssh-rsa
+        present: false
+        source: salt://ssh_keys/joe.no-valid.pub
+        user: joe
+      joe-valid-ssh-key-desktop:
+      - comment: main key - desktop
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.desktop.pub
+        user: joe
+      joe-valid-ssh-key-notebook:
+      - comment: main key - notebook
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.netbook.pub
+        user: joe
+    auth_map:
+      personal_keys:
+        source: salt://ssh_keys
+        users:
+          joe:
+            joe.desktop: {}
+            joe.netbook:
+              options: []
+            joe.no-valid:
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client: net-misc/openssh
+    client_version: latest
+    dig_pkg: net-dns/bind-tools
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END DSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-dss NOT_DEFINED
+  '
+    ecdsa:
+      private_key: '-----BEGIN EC PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END EC PRIVATE KEY-----
+  '
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+  '
+    ed25519:
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END OPENSSH PRIVATE KEY-----
+  '
+      public_key: 'ssh-ed25519 NOT_DEFINED
+  '
+    enforce_rsa_size: false
+    generate_dsa_keys: false
+    generate_ecdsa_keys: false
+    generate_ed25519_keys: false
+    generate_rsa_keys: false
+    generate_rsa_size: 4096
+    host_key_algos: ecdsa,ed25519,rsa
+    known_hosts:
+      aliases:
+      - cname-to-minion.example.org
+      - alias.example.org
+      hostnames: false
+      include_localhost: false
+      mine_hostname_function: public_ssh_hostname
+      mine_keys_function: public_ssh_host_keys
+      omit_ip_address:
+      - github.com
+      salt_ssh:
+        public_ssh_host_keys:
+          minion.id: 'ssh-rsa [...]
+
+            ssh-ed25519 [...]
+  '
+        public_ssh_host_names:
+          minion.id:
+          - minion.id
+          - alias.of.minion.id
+        user: salt-master
+      static:
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+      target: '*'
+      tgt_type: glob
+    moduli: '# Time Type Tests Tries Size Generator Modulus
+
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+  '
+    provide_dsa_keys: false
+    provide_ecdsa_keys: false
+    provide_ed25519_keys: false
+    provide_rsa_keys: false
+    root_group: root
+    rsa:
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END RSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-rsa NOT_DEFINED
+  '
+    server: net-misc/openssh
+    server_version: latest
+    service: sshd
+    ssh_config: /etc/ssh/ssh_config
+    ssh_config_backup: true
+    ssh_config_group: root
+    ssh_config_mode: '644'
+    ssh_config_src: ssh_config
+    ssh_config_user: root
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
+    ssh_moduli: /etc/ssh/moduli
+    sshd_binary: /usr/sbin/sshd
+    sshd_config: /etc/ssh/sshd_config
+    sshd_config_backup: true
+    sshd_config_group: root
+    sshd_config_mode: '644'
+    sshd_config_src: sshd_config
+    sshd_config_user: root
+    sshd_enable: true
+    tofs:
+      source_files:
+        manage ssh_known_hosts file:
+        - alt_ssh_known_hosts
+        ssh_config:
+        - alt_ssh_config
+        sshd_banner:
+        - fire_banner
+        sshd_config:
+        - alt_sshd_config
+  ssh_config:
+    Hosts:
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    PubkeyAcceptedAlgorithms: "+ssh-rsa"
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    UsePAM: 'yes'
+    X11Forwarding: 'yes'

test/integration/default/files/_mapdata/openbsd-6.yaml

@@ -0,0 +1,183 @@
+# yamllint disable rule:indentation rule:line-length
+# OpenBSD-6
+---
+values:
+  map_jinja:
+    sources:
+    - Y:G@osarch
+    - Y:G@os_family
+    - Y:G@os
+    - Y:G@osfinger
+    - C:SUB@openssh:lookup
+    - C:SUB@openssh
+    - C:SUB@sshd_config:lookup
+    - C:SUB@sshd_config
+    - C:SUB@ssh_config:lookup
+    - C:SUB@ssh_config
+    - Y:G@id
+  openssh:
+    absent_dsa_keys: false
+    absent_ecdsa_keys: false
+    absent_ed25519_keys: false
+    absent_rsa_keys: false
+    auth:
+      joe-non-valid-ssh-key:
+      - comment: obsolete key - removed
+        enc: ssh-rsa
+        present: false
+        source: salt://ssh_keys/joe.no-valid.pub
+        user: joe
+      joe-valid-ssh-key-desktop:
+      - comment: main key - desktop
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.desktop.pub
+        user: joe
+      joe-valid-ssh-key-notebook:
+      - comment: main key - notebook
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.netbook.pub
+        user: joe
+    auth_map:
+      personal_keys:
+        source: salt://ssh_keys
+        users:
+          joe:
+            joe.desktop: {}
+            joe.netbook:
+              options: []
+            joe.no-valid:
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client_version: latest
+    dig_pkg: ~
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END DSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-dss NOT_DEFINED
+  '
+    ecdsa:
+      private_key: '-----BEGIN EC PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END EC PRIVATE KEY-----
+  '
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+  '
+    ed25519:
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END OPENSSH PRIVATE KEY-----
+  '
+      public_key: 'ssh-ed25519 NOT_DEFINED
+  '
+    enforce_rsa_size: false
+    generate_dsa_keys: false
+    generate_ecdsa_keys: false
+    generate_ed25519_keys: false
+    generate_rsa_keys: false
+    generate_rsa_size: 4096
+    host_key_algos: ecdsa,ed25519,rsa
+    known_hosts:
+      aliases:
+      - cname-to-minion.example.org
+      - alias.example.org
+      hostnames: false
+      include_localhost: false
+      mine_hostname_function: public_ssh_hostname
+      mine_keys_function: public_ssh_host_keys
+      omit_ip_address:
+      - github.com
+      salt_ssh:
+        public_ssh_host_keys:
+          minion.id: 'ssh-rsa [...]
+
+            ssh-ed25519 [...]
+  '
+        public_ssh_host_names:
+          minion.id:
+          - minion.id
+          - alias.of.minion.id
+        user: salt-master
+      static:
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+      target: '*'
+      tgt_type: glob
+    moduli: '# Time Type Tests Tries Size Generator Modulus
+
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+  '
+    provide_dsa_keys: false
+    provide_ecdsa_keys: false
+    provide_ed25519_keys: false
+    provide_rsa_keys: false
+    root_group: root
+    rsa:
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END RSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-rsa NOT_DEFINED
+  '
+    server_version: latest
+    service: sshd
+    ssh_config: /etc/ssh/ssh_config
+    ssh_config_backup: true
+    ssh_config_group: wheel
+    ssh_config_mode: '644'
+    ssh_config_src: ssh_config
+    ssh_config_user: root
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
+    ssh_moduli: /etc/ssh/moduli
+    sshd_binary: /usr/sbin/sshd
+    sshd_config: /etc/ssh/sshd_config
+    sshd_config_backup: true
+    sshd_config_group: wheel
+    sshd_config_mode: '644'
+    sshd_config_src: sshd_config
+    sshd_config_user: root
+    sshd_enable: true
+    tofs:
+      source_files:
+        manage ssh_known_hosts file:
+        - alt_ssh_known_hosts
+        ssh_config:
+        - alt_ssh_config
+        sshd_banner:
+        - fire_banner
+        sshd_config:
+        - alt_sshd_config
+  ssh_config:
+    Hosts:
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    PubkeyAcceptedAlgorithms: "+ssh-rsa"
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    X11Forwarding: 'yes'

test/integration/default/files/_mapdata/openbsd-7.yaml

@@ -0,0 +1,183 @@
+# yamllint disable rule:indentation rule:line-length
+# OpenBSD-7
+---
+values:
+  map_jinja:
+    sources:
+    - Y:G@osarch
+    - Y:G@os_family
+    - Y:G@os
+    - Y:G@osfinger
+    - C:SUB@openssh:lookup
+    - C:SUB@openssh
+    - C:SUB@sshd_config:lookup
+    - C:SUB@sshd_config
+    - C:SUB@ssh_config:lookup
+    - C:SUB@ssh_config
+    - Y:G@id
+  openssh:
+    absent_dsa_keys: false
+    absent_ecdsa_keys: false
+    absent_ed25519_keys: false
+    absent_rsa_keys: false
+    auth:
+      joe-non-valid-ssh-key:
+      - comment: obsolete key - removed
+        enc: ssh-rsa
+        present: false
+        source: salt://ssh_keys/joe.no-valid.pub
+        user: joe
+      joe-valid-ssh-key-desktop:
+      - comment: main key - desktop
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.desktop.pub
+        user: joe
+      joe-valid-ssh-key-notebook:
+      - comment: main key - notebook
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.netbook.pub
+        user: joe
+    auth_map:
+      personal_keys:
+        source: salt://ssh_keys
+        users:
+          joe:
+            joe.desktop: {}
+            joe.netbook:
+              options: []
+            joe.no-valid:
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client_version: latest
+    dig_pkg: ~
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END DSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-dss NOT_DEFINED
+  '
+    ecdsa:
+      private_key: '-----BEGIN EC PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END EC PRIVATE KEY-----
+  '
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+  '
+    ed25519:
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END OPENSSH PRIVATE KEY-----
+  '
+      public_key: 'ssh-ed25519 NOT_DEFINED
+  '
+    enforce_rsa_size: false
+    generate_dsa_keys: false
+    generate_ecdsa_keys: false
+    generate_ed25519_keys: false
+    generate_rsa_keys: false
+    generate_rsa_size: 4096
+    host_key_algos: ecdsa,ed25519,rsa
+    known_hosts:
+      aliases:
+      - cname-to-minion.example.org
+      - alias.example.org
+      hostnames: false
+      include_localhost: false
+      mine_hostname_function: public_ssh_hostname
+      mine_keys_function: public_ssh_host_keys
+      omit_ip_address:
+      - github.com
+      salt_ssh:
+        public_ssh_host_keys:
+          minion.id: 'ssh-rsa [...]
+
+            ssh-ed25519 [...]
+  '
+        public_ssh_host_names:
+          minion.id:
+          - minion.id
+          - alias.of.minion.id
+        user: salt-master
+      static:
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+      target: '*'
+      tgt_type: glob
+    moduli: '# Time Type Tests Tries Size Generator Modulus
+
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+  '
+    provide_dsa_keys: false
+    provide_ecdsa_keys: false
+    provide_ed25519_keys: false
+    provide_rsa_keys: false
+    root_group: root
+    rsa:
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END RSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-rsa NOT_DEFINED
+  '
+    server_version: latest
+    service: sshd
+    ssh_config: /etc/ssh/ssh_config
+    ssh_config_backup: true
+    ssh_config_group: wheel
+    ssh_config_mode: '644'
+    ssh_config_src: ssh_config
+    ssh_config_user: root
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
+    ssh_moduli: /etc/ssh/moduli
+    sshd_binary: /usr/sbin/sshd
+    sshd_config: /etc/ssh/sshd_config
+    sshd_config_backup: true
+    sshd_config_group: wheel
+    sshd_config_mode: '644'
+    sshd_config_src: sshd_config
+    sshd_config_user: root
+    sshd_enable: true
+    tofs:
+      source_files:
+        manage ssh_known_hosts file:
+        - alt_ssh_known_hosts
+        ssh_config:
+        - alt_ssh_config
+        sshd_banner:
+        - fire_banner
+        sshd_config:
+        - alt_sshd_config
+  ssh_config:
+    Hosts:
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    PubkeyAcceptedAlgorithms: "+ssh-rsa"
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    X11Forwarding: 'yes'

test/integration/default/files/_mapdata/opensuse-15.yaml

@@ -1,166 +1,185 @@
 # yamllint disable rule:indentation rule:line-length
 # Leap-15
 ---
-map_jinja:
+values:
-  config_get_roots:
+  map_jinja:
-  - openssh
+    sources:
-  - sshd_config
+    - Y:G@osarch
-  - ssh_config
+    - Y:G@os_family
-openssh:
+    - Y:G@os
-  absent_dsa_keys: false
+    - Y:G@osfinger
-  absent_ecdsa_keys: false
+    - C:SUB@openssh:lookup
-  absent_ed25519_keys: false
+    - C:SUB@openssh
-  absent_rsa_keys: false
+    - C:SUB@sshd_config:lookup
-  auth:
+    - C:SUB@sshd_config
-    joe-non-valid-ssh-key:
+    - C:SUB@ssh_config:lookup
-    - comment: obsolete key - removed
+    - C:SUB@ssh_config
-      enc: ssh-rsa
+    - Y:G@id
-      present: false
+  openssh:
-      source: salt://ssh_keys/joe.no-valid.pub
+    absent_dsa_keys: false
-      user: joe
+    absent_ecdsa_keys: false
-    joe-valid-ssh-key-desktop:
+    absent_ed25519_keys: false
-    - comment: main key - desktop
+    absent_rsa_keys: false
-      enc: ssh-rsa
+    auth:
-      present: true
+      joe-non-valid-ssh-key:
-      source: salt://ssh_keys/joe.desktop.pub
+      - comment: obsolete key - removed
-      user: joe
+        enc: ssh-rsa
-    joe-valid-ssh-key-notebook:
+        present: false
-    - comment: main key - notebook
+        source: salt://ssh_keys/joe.no-valid.pub
-      enc: ssh-rsa
+        user: joe
-      present: true
+      joe-valid-ssh-key-desktop:
-      source: salt://ssh_keys/joe.netbook.pub
+      - comment: main key - desktop
-      user: joe
+        enc: ssh-rsa
-  auth_map:
+        present: true
-    personal_keys:
+        source: salt://ssh_keys/joe.desktop.pub
-      source: salt://ssh_keys
+        user: joe
-      users:
+      joe-valid-ssh-key-notebook:
-        joe:
+      - comment: main key - notebook
-          joe.desktop: {}
+        enc: ssh-rsa
-          joe.netbook:
+        present: true
-            options: []
+        source: salt://ssh_keys/joe.netbook.pub
-          joe.no-valid:
+        user: joe
-            present: false
+    auth_map:
-  banner: /etc/ssh/banner
+      personal_keys:
-  banner_src: banner
+        source: salt://ssh_keys
-  banner_string: 'Welcome to %{hostname}!
+        users:
-'
+          joe:
-  client: openssh
+            joe.desktop: {}
-  client_version: latest
+            joe.netbook:
-  dig_pkg: bind-utils
+              options: []
-  dsa:
+            joe.no-valid:
-    private_key: '-----BEGIN DSA PRIVATE KEY-----
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client: openssh
+    client_version: latest
+    dig_pkg: bind-utils
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END DSA PRIVATE KEY-----
+        -----END DSA PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-dss NOT_DEFINED
+      public_key: 'ssh-dss NOT_DEFINED
-'
+  '
-  ecdsa:
+    ecdsa:
-    private_key: '-----BEGIN EC PRIVATE KEY-----
+      private_key: '-----BEGIN EC PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END EC PRIVATE KEY-----
+        -----END EC PRIVATE KEY-----
-'
+  '
-    public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
-'
+  '
-  ed25519:
+    ed25519:
-    private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END OPENSSH PRIVATE KEY-----
+        -----END OPENSSH PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-ed25519 NOT_DEFINED
+      public_key: 'ssh-ed25519 NOT_DEFINED
-'
+  '
-  enforce_rsa_size: false
+    enforce_rsa_size: false
-  generate_dsa_keys: false
+    generate_dsa_keys: false
-  generate_ecdsa_keys: false
+    generate_ecdsa_keys: false
-  generate_ed25519_keys: false
+    generate_ed25519_keys: false
-  generate_rsa_keys: false
+    generate_rsa_keys: false
-  generate_rsa_size: 4096
+    generate_rsa_size: 4096
-  host_key_algos: ecdsa,ed25519,rsa
+    host_key_algos: ecdsa,ed25519,rsa
-  known_hosts:
+    known_hosts:
-    aliases:
+      aliases:
-    - cname-to-minion.example.org
+      - cname-to-minion.example.org
-    - alias.example.org
+      - alias.example.org
-    hostnames: false
+      hostnames: false
-    include_localhost: false
+      include_localhost: false
-    mine_hostname_function: public_ssh_hostname
+      mine_hostname_function: public_ssh_hostname
-    mine_keys_function: public_ssh_host_keys
+      mine_keys_function: public_ssh_host_keys
-    omit_ip_address:
+      omit_ip_address:
-    - github.com
+      - github.com
-    salt_ssh:
+      salt_ssh:
-      public_ssh_host_keys:
+        public_ssh_host_keys:
-        minion.id: 'ssh-rsa [...]
+          minion.id: 'ssh-rsa [...]
 
-          ssh-ed25519 [...]
+            ssh-ed25519 [...]
-'
+  '
-      public_ssh_host_names:
+        public_ssh_host_names:
-        minion.id:
+          minion.id:
-        - minion.id
+          - minion.id
-        - alias.of.minion.id
+          - alias.of.minion.id
-      user: salt-master
+        user: salt-master
-    static:
+      static:
-      github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
-      gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
-    target: '*'
+      target: '*'
-    tgt_type: glob
+      tgt_type: glob
-  moduli: '# Time Type Tests Tries Size Generator Modulus
+    moduli: '# Time Type Tests Tries Size Generator Modulus
 
-    20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
 
-    20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
 
-    20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
 
-    20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
-'
+  '
-  provide_dsa_keys: false
+    provide_dsa_keys: false
-  provide_ecdsa_keys: false
+    provide_ecdsa_keys: false
-  provide_ed25519_keys: false
+    provide_ed25519_keys: false
-  provide_rsa_keys: false
+    provide_rsa_keys: false
-  root_group: root
+    root_group: root
-  rsa:
+    rsa:
-    private_key: '-----BEGIN RSA PRIVATE KEY-----
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END RSA PRIVATE KEY-----
+        -----END RSA PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-rsa NOT_DEFINED
+      public_key: 'ssh-rsa NOT_DEFINED
-'
+  '
-  server: openssh
+    server: openssh
-  server_version: latest
+    server_version: latest
-  service: sshd
+    service: sshd
-  ssh_config: /etc/ssh/ssh_config
+    ssh_config: /etc/ssh/ssh_config
-  ssh_config_backup: true
+    ssh_config_backup: true
-  ssh_config_group: root
+    ssh_config_group: root
-  ssh_config_mode: '644'
+    ssh_config_mode: '644'
-  ssh_config_src: ssh_config
+    ssh_config_src: ssh_config
-  ssh_config_user: root
+    ssh_config_user: root
-  ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
-  ssh_known_hosts_src: ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
-  ssh_moduli: /etc/ssh/moduli
+    ssh_moduli: /etc/ssh/moduli
-  sshd_binary: /usr/sbin/sshd
+    sshd_binary: /usr/sbin/sshd
-  sshd_config: /etc/ssh/sshd_config
+    sshd_config: /etc/ssh/sshd_config
-  sshd_config_backup: true
+    sshd_config_backup: true
-  sshd_config_group: root
+    sshd_config_group: root
-  sshd_config_mode: '644'
+    sshd_config_mode: '644'
-  sshd_config_src: sshd_config
+    sshd_config_src: sshd_config
-  sshd_config_user: root
+    sshd_config_user: root
-  sshd_enable: true
+    sshd_enable: true
-ssh_config:
+    tofs:
-  Hosts:
+      source_files:
-    '*':
+        manage ssh_known_hosts file:
-      GSSAPIAuthentication: 'yes'
+        - alt_ssh_known_hosts
-      HashKnownHosts: 'yes'
+        ssh_config:
-      SendEnv: LANG LC_*
+        - alt_ssh_config
-sshd_config:
+        sshd_banner:
-  AcceptEnv: LANG LC_*
+        - fire_banner
-  ChallengeResponseAuthentication: 'no'
+        sshd_config:
-  PrintMotd: 'no'
+        - alt_sshd_config
-  Subsystem: sftp /usr/lib/openssh/sftp-server
+  ssh_config:
-  UsePAM: 'yes'
+    Hosts:
-  X11Forwarding: 'yes'
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    UsePAM: 'yes'
+    X11Forwarding: 'yes'

test/integration/default/files/_mapdata/opensuse-tumbleweed.yaml

@@ -0,0 +1,186 @@
+# yamllint disable rule:indentation rule:line-length
+# openSUSE Tumbleweed-yyyymmdd
+---
+values:
+  map_jinja:
+    sources:
+    - Y:G@osarch
+    - Y:G@os_family
+    - Y:G@os
+    - Y:G@osfinger
+    - C:SUB@openssh:lookup
+    - C:SUB@openssh
+    - C:SUB@sshd_config:lookup
+    - C:SUB@sshd_config
+    - C:SUB@ssh_config:lookup
+    - C:SUB@ssh_config
+    - Y:G@id
+  openssh:
+    absent_dsa_keys: false
+    absent_ecdsa_keys: false
+    absent_ed25519_keys: false
+    absent_rsa_keys: false
+    auth:
+      joe-non-valid-ssh-key:
+      - comment: obsolete key - removed
+        enc: ssh-rsa
+        present: false
+        source: salt://ssh_keys/joe.no-valid.pub
+        user: joe
+      joe-valid-ssh-key-desktop:
+      - comment: main key - desktop
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.desktop.pub
+        user: joe
+      joe-valid-ssh-key-notebook:
+      - comment: main key - notebook
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.netbook.pub
+        user: joe
+    auth_map:
+      personal_keys:
+        source: salt://ssh_keys
+        users:
+          joe:
+            joe.desktop: {}
+            joe.netbook:
+              options: []
+            joe.no-valid:
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client: openssh
+    client_version: latest
+    dig_pkg: bind-utils
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END DSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-dss NOT_DEFINED
+  '
+    ecdsa:
+      private_key: '-----BEGIN EC PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END EC PRIVATE KEY-----
+  '
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+  '
+    ed25519:
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END OPENSSH PRIVATE KEY-----
+  '
+      public_key: 'ssh-ed25519 NOT_DEFINED
+  '
+    enforce_rsa_size: false
+    generate_dsa_keys: false
+    generate_ecdsa_keys: false
+    generate_ed25519_keys: false
+    generate_rsa_keys: false
+    generate_rsa_size: 4096
+    host_key_algos: ecdsa,ed25519,rsa
+    known_hosts:
+      aliases:
+      - cname-to-minion.example.org
+      - alias.example.org
+      hostnames: false
+      include_localhost: false
+      mine_hostname_function: public_ssh_hostname
+      mine_keys_function: public_ssh_host_keys
+      omit_ip_address:
+      - github.com
+      salt_ssh:
+        public_ssh_host_keys:
+          minion.id: 'ssh-rsa [...]
+
+            ssh-ed25519 [...]
+  '
+        public_ssh_host_names:
+          minion.id:
+          - minion.id
+          - alias.of.minion.id
+        user: salt-master
+      static:
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+      target: '*'
+      tgt_type: glob
+    moduli: '# Time Type Tests Tries Size Generator Modulus
+
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+  '
+    provide_dsa_keys: false
+    provide_ecdsa_keys: false
+    provide_ed25519_keys: false
+    provide_rsa_keys: false
+    root_group: root
+    rsa:
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END RSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-rsa NOT_DEFINED
+  '
+    server: openssh
+    server_version: latest
+    service: sshd
+    ssh_config: /etc/ssh/ssh_config
+    ssh_config_backup: true
+    ssh_config_group: root
+    ssh_config_mode: '644'
+    ssh_config_src: ssh_config
+    ssh_config_user: root
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
+    ssh_moduli: /etc/ssh/moduli
+    sshd_binary: /usr/sbin/sshd
+    sshd_config: /etc/ssh/sshd_config
+    sshd_config_backup: true
+    sshd_config_group: root
+    sshd_config_mode: '644'
+    sshd_config_src: sshd_config
+    sshd_config_user: root
+    sshd_enable: true
+    tofs:
+      source_files:
+        manage ssh_known_hosts file:
+        - alt_ssh_known_hosts
+        ssh_config:
+        - alt_ssh_config
+        sshd_banner:
+        - fire_banner
+        sshd_config:
+        - alt_sshd_config
+  ssh_config:
+    Hosts:
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    PubkeyAcceptedAlgorithms: "+ssh-rsa"
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    UsePAM: 'yes'
+    X11Forwarding: 'yes'

test/integration/default/files/_mapdata/oraclelinux-7.yaml

@@ -0,0 +1,185 @@
+# yamllint disable rule:indentation rule:line-length
+# Oracle Linux Server-7
+---
+values:
+  map_jinja:
+    sources:
+    - Y:G@osarch
+    - Y:G@os_family
+    - Y:G@os
+    - Y:G@osfinger
+    - C:SUB@openssh:lookup
+    - C:SUB@openssh
+    - C:SUB@sshd_config:lookup
+    - C:SUB@sshd_config
+    - C:SUB@ssh_config:lookup
+    - C:SUB@ssh_config
+    - Y:G@id
+  openssh:
+    absent_dsa_keys: false
+    absent_ecdsa_keys: false
+    absent_ed25519_keys: false
+    absent_rsa_keys: false
+    auth:
+      joe-non-valid-ssh-key:
+      - comment: obsolete key - removed
+        enc: ssh-rsa
+        present: false
+        source: salt://ssh_keys/joe.no-valid.pub
+        user: joe
+      joe-valid-ssh-key-desktop:
+      - comment: main key - desktop
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.desktop.pub
+        user: joe
+      joe-valid-ssh-key-notebook:
+      - comment: main key - notebook
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.netbook.pub
+        user: joe
+    auth_map:
+      personal_keys:
+        source: salt://ssh_keys
+        users:
+          joe:
+            joe.desktop: {}
+            joe.netbook:
+              options: []
+            joe.no-valid:
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client: openssh-clients
+    client_version: latest
+    dig_pkg: bind-utils
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END DSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-dss NOT_DEFINED
+  '
+    ecdsa:
+      private_key: '-----BEGIN EC PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END EC PRIVATE KEY-----
+  '
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+  '
+    ed25519:
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END OPENSSH PRIVATE KEY-----
+  '
+      public_key: 'ssh-ed25519 NOT_DEFINED
+  '
+    enforce_rsa_size: false
+    generate_dsa_keys: false
+    generate_ecdsa_keys: false
+    generate_ed25519_keys: false
+    generate_rsa_keys: false
+    generate_rsa_size: 4096
+    host_key_algos: ecdsa,ed25519,rsa
+    known_hosts:
+      aliases:
+      - cname-to-minion.example.org
+      - alias.example.org
+      hostnames: false
+      include_localhost: false
+      mine_hostname_function: public_ssh_hostname
+      mine_keys_function: public_ssh_host_keys
+      omit_ip_address:
+      - github.com
+      salt_ssh:
+        public_ssh_host_keys:
+          minion.id: 'ssh-rsa [...]
+
+            ssh-ed25519 [...]
+  '
+        public_ssh_host_names:
+          minion.id:
+          - minion.id
+          - alias.of.minion.id
+        user: salt-master
+      static:
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+      target: '*'
+      tgt_type: glob
+    moduli: '# Time Type Tests Tries Size Generator Modulus
+
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+  '
+    provide_dsa_keys: false
+    provide_ecdsa_keys: false
+    provide_ed25519_keys: false
+    provide_rsa_keys: false
+    root_group: root
+    rsa:
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END RSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-rsa NOT_DEFINED
+  '
+    server: openssh-server
+    server_version: latest
+    service: sshd
+    ssh_config: /etc/ssh/ssh_config
+    ssh_config_backup: true
+    ssh_config_group: root
+    ssh_config_mode: '644'
+    ssh_config_src: ssh_config
+    ssh_config_user: root
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
+    ssh_moduli: /etc/ssh/moduli
+    sshd_binary: /usr/sbin/sshd
+    sshd_config: /etc/ssh/sshd_config
+    sshd_config_backup: true
+    sshd_config_group: root
+    sshd_config_mode: '644'
+    sshd_config_src: sshd_config
+    sshd_config_user: root
+    sshd_enable: true
+    tofs:
+      source_files:
+        manage ssh_known_hosts file:
+        - alt_ssh_known_hosts
+        ssh_config:
+        - alt_ssh_config
+        sshd_banner:
+        - fire_banner
+        sshd_config:
+        - alt_sshd_config
+  ssh_config:
+    Hosts:
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    UsePAM: 'yes'
+    X11Forwarding: 'yes'

test/integration/default/files/_mapdata/oraclelinux-8.yaml

@@ -0,0 +1,185 @@
+# yamllint disable rule:indentation rule:line-length
+# Oracle Linux Server-8
+---
+values:
+  map_jinja:
+    sources:
+    - Y:G@osarch
+    - Y:G@os_family
+    - Y:G@os
+    - Y:G@osfinger
+    - C:SUB@openssh:lookup
+    - C:SUB@openssh
+    - C:SUB@sshd_config:lookup
+    - C:SUB@sshd_config
+    - C:SUB@ssh_config:lookup
+    - C:SUB@ssh_config
+    - Y:G@id
+  openssh:
+    absent_dsa_keys: false
+    absent_ecdsa_keys: false
+    absent_ed25519_keys: false
+    absent_rsa_keys: false
+    auth:
+      joe-non-valid-ssh-key:
+      - comment: obsolete key - removed
+        enc: ssh-rsa
+        present: false
+        source: salt://ssh_keys/joe.no-valid.pub
+        user: joe
+      joe-valid-ssh-key-desktop:
+      - comment: main key - desktop
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.desktop.pub
+        user: joe
+      joe-valid-ssh-key-notebook:
+      - comment: main key - notebook
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.netbook.pub
+        user: joe
+    auth_map:
+      personal_keys:
+        source: salt://ssh_keys
+        users:
+          joe:
+            joe.desktop: {}
+            joe.netbook:
+              options: []
+            joe.no-valid:
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client: openssh-clients
+    client_version: latest
+    dig_pkg: bind-utils
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END DSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-dss NOT_DEFINED
+  '
+    ecdsa:
+      private_key: '-----BEGIN EC PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END EC PRIVATE KEY-----
+  '
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+  '
+    ed25519:
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END OPENSSH PRIVATE KEY-----
+  '
+      public_key: 'ssh-ed25519 NOT_DEFINED
+  '
+    enforce_rsa_size: false
+    generate_dsa_keys: false
+    generate_ecdsa_keys: false
+    generate_ed25519_keys: false
+    generate_rsa_keys: false
+    generate_rsa_size: 4096
+    host_key_algos: ecdsa,ed25519,rsa
+    known_hosts:
+      aliases:
+      - cname-to-minion.example.org
+      - alias.example.org
+      hostnames: false
+      include_localhost: false
+      mine_hostname_function: public_ssh_hostname
+      mine_keys_function: public_ssh_host_keys
+      omit_ip_address:
+      - github.com
+      salt_ssh:
+        public_ssh_host_keys:
+          minion.id: 'ssh-rsa [...]
+
+            ssh-ed25519 [...]
+  '
+        public_ssh_host_names:
+          minion.id:
+          - minion.id
+          - alias.of.minion.id
+        user: salt-master
+      static:
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+      target: '*'
+      tgt_type: glob
+    moduli: '# Time Type Tests Tries Size Generator Modulus
+
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+  '
+    provide_dsa_keys: false
+    provide_ecdsa_keys: false
+    provide_ed25519_keys: false
+    provide_rsa_keys: false
+    root_group: root
+    rsa:
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END RSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-rsa NOT_DEFINED
+  '
+    server: openssh-server
+    server_version: latest
+    service: sshd
+    ssh_config: /etc/ssh/ssh_config
+    ssh_config_backup: true
+    ssh_config_group: root
+    ssh_config_mode: '644'
+    ssh_config_src: ssh_config
+    ssh_config_user: root
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
+    ssh_moduli: /etc/ssh/moduli
+    sshd_binary: /usr/sbin/sshd
+    sshd_config: /etc/ssh/sshd_config
+    sshd_config_backup: true
+    sshd_config_group: root
+    sshd_config_mode: '644'
+    sshd_config_src: sshd_config
+    sshd_config_user: root
+    sshd_enable: true
+    tofs:
+      source_files:
+        manage ssh_known_hosts file:
+        - alt_ssh_known_hosts
+        ssh_config:
+        - alt_ssh_config
+        sshd_banner:
+        - fire_banner
+        sshd_config:
+        - alt_sshd_config
+  ssh_config:
+    Hosts:
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    UsePAM: 'yes'
+    X11Forwarding: 'yes'

test/integration/default/files/_mapdata/rockylinux-8.yaml

@@ -0,0 +1,185 @@
+# yamllint disable rule:indentation rule:line-length
+# Rocky Linux-8
+---
+values:
+  map_jinja:
+    sources:
+    - Y:G@osarch
+    - Y:G@os_family
+    - Y:G@os
+    - Y:G@osfinger
+    - C:SUB@openssh:lookup
+    - C:SUB@openssh
+    - C:SUB@sshd_config:lookup
+    - C:SUB@sshd_config
+    - C:SUB@ssh_config:lookup
+    - C:SUB@ssh_config
+    - Y:G@id
+  openssh:
+    absent_dsa_keys: false
+    absent_ecdsa_keys: false
+    absent_ed25519_keys: false
+    absent_rsa_keys: false
+    auth:
+      joe-non-valid-ssh-key:
+      - comment: obsolete key - removed
+        enc: ssh-rsa
+        present: false
+        source: salt://ssh_keys/joe.no-valid.pub
+        user: joe
+      joe-valid-ssh-key-desktop:
+      - comment: main key - desktop
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.desktop.pub
+        user: joe
+      joe-valid-ssh-key-notebook:
+      - comment: main key - notebook
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.netbook.pub
+        user: joe
+    auth_map:
+      personal_keys:
+        source: salt://ssh_keys
+        users:
+          joe:
+            joe.desktop: {}
+            joe.netbook:
+              options: []
+            joe.no-valid:
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client: openssh-clients
+    client_version: latest
+    dig_pkg: bind-utils
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END DSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-dss NOT_DEFINED
+  '
+    ecdsa:
+      private_key: '-----BEGIN EC PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END EC PRIVATE KEY-----
+  '
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+  '
+    ed25519:
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END OPENSSH PRIVATE KEY-----
+  '
+      public_key: 'ssh-ed25519 NOT_DEFINED
+  '
+    enforce_rsa_size: false
+    generate_dsa_keys: false
+    generate_ecdsa_keys: false
+    generate_ed25519_keys: false
+    generate_rsa_keys: false
+    generate_rsa_size: 4096
+    host_key_algos: ecdsa,ed25519,rsa
+    known_hosts:
+      aliases:
+      - cname-to-minion.example.org
+      - alias.example.org
+      hostnames: false
+      include_localhost: false
+      mine_hostname_function: public_ssh_hostname
+      mine_keys_function: public_ssh_host_keys
+      omit_ip_address:
+      - github.com
+      salt_ssh:
+        public_ssh_host_keys:
+          minion.id: 'ssh-rsa [...]
+
+            ssh-ed25519 [...]
+  '
+        public_ssh_host_names:
+          minion.id:
+          - minion.id
+          - alias.of.minion.id
+        user: salt-master
+      static:
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+      target: '*'
+      tgt_type: glob
+    moduli: '# Time Type Tests Tries Size Generator Modulus
+
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+  '
+    provide_dsa_keys: false
+    provide_ecdsa_keys: false
+    provide_ed25519_keys: false
+    provide_rsa_keys: false
+    root_group: root
+    rsa:
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END RSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-rsa NOT_DEFINED
+  '
+    server: openssh-server
+    server_version: latest
+    service: sshd
+    ssh_config: /etc/ssh/ssh_config
+    ssh_config_backup: true
+    ssh_config_group: root
+    ssh_config_mode: '644'
+    ssh_config_src: ssh_config
+    ssh_config_user: root
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
+    ssh_moduli: /etc/ssh/moduli
+    sshd_binary: /usr/sbin/sshd
+    sshd_config: /etc/ssh/sshd_config
+    sshd_config_backup: true
+    sshd_config_group: root
+    sshd_config_mode: '644'
+    sshd_config_src: sshd_config
+    sshd_config_user: root
+    sshd_enable: true
+    tofs:
+      source_files:
+        manage ssh_known_hosts file:
+        - alt_ssh_known_hosts
+        ssh_config:
+        - alt_ssh_config
+        sshd_banner:
+        - fire_banner
+        sshd_config:
+        - alt_sshd_config
+  ssh_config:
+    Hosts:
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    UsePAM: 'yes'
+    X11Forwarding: 'yes'

test/integration/default/files/_mapdata/ubuntu-16.yaml

@@ -1,166 +1,185 @@
 # yamllint disable rule:indentation rule:line-length
 # Ubuntu-16.04
 ---
-map_jinja:
+values:
-  config_get_roots:
+  map_jinja:
-  - openssh
+    sources:
-  - sshd_config
+    - Y:G@osarch
-  - ssh_config
+    - Y:G@os_family
-openssh:
+    - Y:G@os
-  absent_dsa_keys: false
+    - Y:G@osfinger
-  absent_ecdsa_keys: false
+    - C:SUB@openssh:lookup
-  absent_ed25519_keys: false
+    - C:SUB@openssh
-  absent_rsa_keys: false
+    - C:SUB@sshd_config:lookup
-  auth:
+    - C:SUB@sshd_config
-    joe-non-valid-ssh-key:
+    - C:SUB@ssh_config:lookup
-    - comment: obsolete key - removed
+    - C:SUB@ssh_config
-      enc: ssh-rsa
+    - Y:G@id
-      present: false
+  openssh:
-      source: salt://ssh_keys/joe.no-valid.pub
+    absent_dsa_keys: false
-      user: joe
+    absent_ecdsa_keys: false
-    joe-valid-ssh-key-desktop:
+    absent_ed25519_keys: false
-    - comment: main key - desktop
+    absent_rsa_keys: false
-      enc: ssh-rsa
+    auth:
-      present: true
+      joe-non-valid-ssh-key:
-      source: salt://ssh_keys/joe.desktop.pub
+      - comment: obsolete key - removed
-      user: joe
+        enc: ssh-rsa
-    joe-valid-ssh-key-notebook:
+        present: false
-    - comment: main key - notebook
+        source: salt://ssh_keys/joe.no-valid.pub
-      enc: ssh-rsa
+        user: joe
-      present: true
+      joe-valid-ssh-key-desktop:
-      source: salt://ssh_keys/joe.netbook.pub
+      - comment: main key - desktop
-      user: joe
+        enc: ssh-rsa
-  auth_map:
+        present: true
-    personal_keys:
+        source: salt://ssh_keys/joe.desktop.pub
-      source: salt://ssh_keys
+        user: joe
-      users:
+      joe-valid-ssh-key-notebook:
-        joe:
+      - comment: main key - notebook
-          joe.desktop: {}
+        enc: ssh-rsa
-          joe.netbook:
+        present: true
-            options: []
+        source: salt://ssh_keys/joe.netbook.pub
-          joe.no-valid:
+        user: joe
-            present: false
+    auth_map:
-  banner: /etc/ssh/banner
+      personal_keys:
-  banner_src: banner
+        source: salt://ssh_keys
-  banner_string: 'Welcome to %{hostname}!
+        users:
-'
+          joe:
-  client: openssh-client
+            joe.desktop: {}
-  client_version: latest
+            joe.netbook:
-  dig_pkg: dnsutils
+              options: []
-  dsa:
+            joe.no-valid:
-    private_key: '-----BEGIN DSA PRIVATE KEY-----
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client: openssh-client
+    client_version: latest
+    dig_pkg: dnsutils
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END DSA PRIVATE KEY-----
+        -----END DSA PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-dss NOT_DEFINED
+      public_key: 'ssh-dss NOT_DEFINED
-'
+  '
-  ecdsa:
+    ecdsa:
-    private_key: '-----BEGIN EC PRIVATE KEY-----
+      private_key: '-----BEGIN EC PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END EC PRIVATE KEY-----
+        -----END EC PRIVATE KEY-----
-'
+  '
-    public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
-'
+  '
-  ed25519:
+    ed25519:
-    private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END OPENSSH PRIVATE KEY-----
+        -----END OPENSSH PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-ed25519 NOT_DEFINED
+      public_key: 'ssh-ed25519 NOT_DEFINED
-'
+  '
-  enforce_rsa_size: false
+    enforce_rsa_size: false
-  generate_dsa_keys: false
+    generate_dsa_keys: false
-  generate_ecdsa_keys: false
+    generate_ecdsa_keys: false
-  generate_ed25519_keys: false
+    generate_ed25519_keys: false
-  generate_rsa_keys: false
+    generate_rsa_keys: false
-  generate_rsa_size: 4096
+    generate_rsa_size: 4096
-  host_key_algos: ecdsa,ed25519,rsa
+    host_key_algos: ecdsa,ed25519,rsa
-  known_hosts:
+    known_hosts:
-    aliases:
+      aliases:
-    - cname-to-minion.example.org
+      - cname-to-minion.example.org
-    - alias.example.org
+      - alias.example.org
-    hostnames: false
+      hostnames: false
-    include_localhost: false
+      include_localhost: false
-    mine_hostname_function: public_ssh_hostname
+      mine_hostname_function: public_ssh_hostname
-    mine_keys_function: public_ssh_host_keys
+      mine_keys_function: public_ssh_host_keys
-    omit_ip_address:
+      omit_ip_address:
-    - github.com
+      - github.com
-    salt_ssh:
+      salt_ssh:
-      public_ssh_host_keys:
+        public_ssh_host_keys:
-        minion.id: 'ssh-rsa [...]
+          minion.id: 'ssh-rsa [...]
 
-          ssh-ed25519 [...]
+            ssh-ed25519 [...]
-'
+  '
-      public_ssh_host_names:
+        public_ssh_host_names:
-        minion.id:
+          minion.id:
-        - minion.id
+          - minion.id
-        - alias.of.minion.id
+          - alias.of.minion.id
-      user: salt-master
+        user: salt-master
-    static:
+      static:
-      github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
-      gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
-    target: '*'
+      target: '*'
-    tgt_type: glob
+      tgt_type: glob
-  moduli: '# Time Type Tests Tries Size Generator Modulus
+    moduli: '# Time Type Tests Tries Size Generator Modulus
 
-    20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
 
-    20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
 
-    20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
 
-    20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
-'
+  '
-  provide_dsa_keys: false
+    provide_dsa_keys: false
-  provide_ecdsa_keys: false
+    provide_ecdsa_keys: false
-  provide_ed25519_keys: false
+    provide_ed25519_keys: false
-  provide_rsa_keys: false
+    provide_rsa_keys: false
-  root_group: root
+    root_group: root
-  rsa:
+    rsa:
-    private_key: '-----BEGIN RSA PRIVATE KEY-----
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END RSA PRIVATE KEY-----
+        -----END RSA PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-rsa NOT_DEFINED
+      public_key: 'ssh-rsa NOT_DEFINED
-'
+  '
-  server: openssh-server
+    server: openssh-server
-  server_version: latest
+    server_version: latest
-  service: ssh
+    service: ssh
-  ssh_config: /etc/ssh/ssh_config
+    ssh_config: /etc/ssh/ssh_config
-  ssh_config_backup: true
+    ssh_config_backup: true
-  ssh_config_group: root
+    ssh_config_group: root
-  ssh_config_mode: '644'
+    ssh_config_mode: '644'
-  ssh_config_src: ssh_config
+    ssh_config_src: ssh_config
-  ssh_config_user: root
+    ssh_config_user: root
-  ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
-  ssh_known_hosts_src: ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
-  ssh_moduli: /etc/ssh/moduli
+    ssh_moduli: /etc/ssh/moduli
-  sshd_binary: /usr/sbin/sshd
+    sshd_binary: /usr/sbin/sshd
-  sshd_config: /etc/ssh/sshd_config
+    sshd_config: /etc/ssh/sshd_config
-  sshd_config_backup: true
+    sshd_config_backup: true
-  sshd_config_group: root
+    sshd_config_group: root
-  sshd_config_mode: '644'
+    sshd_config_mode: '644'
-  sshd_config_src: sshd_config
+    sshd_config_src: sshd_config
-  sshd_config_user: root
+    sshd_config_user: root
-  sshd_enable: true
+    sshd_enable: true
-ssh_config:
+    tofs:
-  Hosts:
+      source_files:
-    '*':
+        manage ssh_known_hosts file:
-      GSSAPIAuthentication: 'yes'
+        - alt_ssh_known_hosts
-      HashKnownHosts: 'yes'
+        ssh_config:
-      SendEnv: LANG LC_*
+        - alt_ssh_config
-sshd_config:
+        sshd_banner:
-  AcceptEnv: LANG LC_*
+        - fire_banner
-  ChallengeResponseAuthentication: 'no'
+        sshd_config:
-  PrintMotd: 'no'
+        - alt_sshd_config
-  Subsystem: sftp /usr/lib/openssh/sftp-server
+  ssh_config:
-  UsePAM: 'yes'
+    Hosts:
-  X11Forwarding: 'yes'
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    UsePAM: 'yes'
+    X11Forwarding: 'yes'

test/integration/default/files/_mapdata/ubuntu-18.yaml

@@ -1,166 +1,185 @@
 # yamllint disable rule:indentation rule:line-length
 # Ubuntu-18.04
 ---
-map_jinja:
+values:
-  config_get_roots:
+  map_jinja:
-  - openssh
+    sources:
-  - sshd_config
+    - Y:G@osarch
-  - ssh_config
+    - Y:G@os_family
-openssh:
+    - Y:G@os
-  absent_dsa_keys: false
+    - Y:G@osfinger
-  absent_ecdsa_keys: false
+    - C:SUB@openssh:lookup
-  absent_ed25519_keys: false
+    - C:SUB@openssh
-  absent_rsa_keys: false
+    - C:SUB@sshd_config:lookup
-  auth:
+    - C:SUB@sshd_config
-    joe-non-valid-ssh-key:
+    - C:SUB@ssh_config:lookup
-    - comment: obsolete key - removed
+    - C:SUB@ssh_config
-      enc: ssh-rsa
+    - Y:G@id
-      present: false
+  openssh:
-      source: salt://ssh_keys/joe.no-valid.pub
+    absent_dsa_keys: false
-      user: joe
+    absent_ecdsa_keys: false
-    joe-valid-ssh-key-desktop:
+    absent_ed25519_keys: false
-    - comment: main key - desktop
+    absent_rsa_keys: false
-      enc: ssh-rsa
+    auth:
-      present: true
+      joe-non-valid-ssh-key:
-      source: salt://ssh_keys/joe.desktop.pub
+      - comment: obsolete key - removed
-      user: joe
+        enc: ssh-rsa
-    joe-valid-ssh-key-notebook:
+        present: false
-    - comment: main key - notebook
+        source: salt://ssh_keys/joe.no-valid.pub
-      enc: ssh-rsa
+        user: joe
-      present: true
+      joe-valid-ssh-key-desktop:
-      source: salt://ssh_keys/joe.netbook.pub
+      - comment: main key - desktop
-      user: joe
+        enc: ssh-rsa
-  auth_map:
+        present: true
-    personal_keys:
+        source: salt://ssh_keys/joe.desktop.pub
-      source: salt://ssh_keys
+        user: joe
-      users:
+      joe-valid-ssh-key-notebook:
-        joe:
+      - comment: main key - notebook
-          joe.desktop: {}
+        enc: ssh-rsa
-          joe.netbook:
+        present: true
-            options: []
+        source: salt://ssh_keys/joe.netbook.pub
-          joe.no-valid:
+        user: joe
-            present: false
+    auth_map:
-  banner: /etc/ssh/banner
+      personal_keys:
-  banner_src: banner
+        source: salt://ssh_keys
-  banner_string: 'Welcome to %{hostname}!
+        users:
-'
+          joe:
-  client: openssh-client
+            joe.desktop: {}
-  client_version: latest
+            joe.netbook:
-  dig_pkg: dnsutils
+              options: []
-  dsa:
+            joe.no-valid:
-    private_key: '-----BEGIN DSA PRIVATE KEY-----
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client: openssh-client
+    client_version: latest
+    dig_pkg: dnsutils
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END DSA PRIVATE KEY-----
+        -----END DSA PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-dss NOT_DEFINED
+      public_key: 'ssh-dss NOT_DEFINED
-'
+  '
-  ecdsa:
+    ecdsa:
-    private_key: '-----BEGIN EC PRIVATE KEY-----
+      private_key: '-----BEGIN EC PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END EC PRIVATE KEY-----
+        -----END EC PRIVATE KEY-----
-'
+  '
-    public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
-'
+  '
-  ed25519:
+    ed25519:
-    private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END OPENSSH PRIVATE KEY-----
+        -----END OPENSSH PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-ed25519 NOT_DEFINED
+      public_key: 'ssh-ed25519 NOT_DEFINED
-'
+  '
-  enforce_rsa_size: false
+    enforce_rsa_size: false
-  generate_dsa_keys: false
+    generate_dsa_keys: false
-  generate_ecdsa_keys: false
+    generate_ecdsa_keys: false
-  generate_ed25519_keys: false
+    generate_ed25519_keys: false
-  generate_rsa_keys: false
+    generate_rsa_keys: false
-  generate_rsa_size: 4096
+    generate_rsa_size: 4096
-  host_key_algos: ecdsa,ed25519,rsa
+    host_key_algos: ecdsa,ed25519,rsa
-  known_hosts:
+    known_hosts:
-    aliases:
+      aliases:
-    - cname-to-minion.example.org
+      - cname-to-minion.example.org
-    - alias.example.org
+      - alias.example.org
-    hostnames: false
+      hostnames: false
-    include_localhost: false
+      include_localhost: false
-    mine_hostname_function: public_ssh_hostname
+      mine_hostname_function: public_ssh_hostname
-    mine_keys_function: public_ssh_host_keys
+      mine_keys_function: public_ssh_host_keys
-    omit_ip_address:
+      omit_ip_address:
-    - github.com
+      - github.com
-    salt_ssh:
+      salt_ssh:
-      public_ssh_host_keys:
+        public_ssh_host_keys:
-        minion.id: 'ssh-rsa [...]
+          minion.id: 'ssh-rsa [...]
 
-          ssh-ed25519 [...]
+            ssh-ed25519 [...]
-'
+  '
-      public_ssh_host_names:
+        public_ssh_host_names:
-        minion.id:
+          minion.id:
-        - minion.id
+          - minion.id
-        - alias.of.minion.id
+          - alias.of.minion.id
-      user: salt-master
+        user: salt-master
-    static:
+      static:
-      github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
-      gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
-    target: '*'
+      target: '*'
-    tgt_type: glob
+      tgt_type: glob
-  moduli: '# Time Type Tests Tries Size Generator Modulus
+    moduli: '# Time Type Tests Tries Size Generator Modulus
 
-    20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
 
-    20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
 
-    20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
 
-    20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
-'
+  '
-  provide_dsa_keys: false
+    provide_dsa_keys: false
-  provide_ecdsa_keys: false
+    provide_ecdsa_keys: false
-  provide_ed25519_keys: false
+    provide_ed25519_keys: false
-  provide_rsa_keys: false
+    provide_rsa_keys: false
-  root_group: root
+    root_group: root
-  rsa:
+    rsa:
-    private_key: '-----BEGIN RSA PRIVATE KEY-----
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END RSA PRIVATE KEY-----
+        -----END RSA PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-rsa NOT_DEFINED
+      public_key: 'ssh-rsa NOT_DEFINED
-'
+  '
-  server: openssh-server
+    server: openssh-server
-  server_version: latest
+    server_version: latest
-  service: ssh
+    service: ssh
-  ssh_config: /etc/ssh/ssh_config
+    ssh_config: /etc/ssh/ssh_config
-  ssh_config_backup: true
+    ssh_config_backup: true
-  ssh_config_group: root
+    ssh_config_group: root
-  ssh_config_mode: '644'
+    ssh_config_mode: '644'
-  ssh_config_src: ssh_config
+    ssh_config_src: ssh_config
-  ssh_config_user: root
+    ssh_config_user: root
-  ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
-  ssh_known_hosts_src: ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
-  ssh_moduli: /etc/ssh/moduli
+    ssh_moduli: /etc/ssh/moduli
-  sshd_binary: /usr/sbin/sshd
+    sshd_binary: /usr/sbin/sshd
-  sshd_config: /etc/ssh/sshd_config
+    sshd_config: /etc/ssh/sshd_config
-  sshd_config_backup: true
+    sshd_config_backup: true
-  sshd_config_group: root
+    sshd_config_group: root
-  sshd_config_mode: '644'
+    sshd_config_mode: '644'
-  sshd_config_src: sshd_config
+    sshd_config_src: sshd_config
-  sshd_config_user: root
+    sshd_config_user: root
-  sshd_enable: true
+    sshd_enable: true
-ssh_config:
+    tofs:
-  Hosts:
+      source_files:
-    '*':
+        manage ssh_known_hosts file:
-      GSSAPIAuthentication: 'yes'
+        - alt_ssh_known_hosts
-      HashKnownHosts: 'yes'
+        ssh_config:
-      SendEnv: LANG LC_*
+        - alt_ssh_config
-sshd_config:
+        sshd_banner:
-  AcceptEnv: LANG LC_*
+        - fire_banner
-  ChallengeResponseAuthentication: 'no'
+        sshd_config:
-  PrintMotd: 'no'
+        - alt_sshd_config
-  Subsystem: sftp /usr/lib/openssh/sftp-server
+  ssh_config:
-  UsePAM: 'yes'
+    Hosts:
-  X11Forwarding: 'yes'
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    UsePAM: 'yes'
+    X11Forwarding: 'yes'

test/integration/default/files/_mapdata/ubuntu-20.yaml

@@ -1,166 +1,185 @@
 # yamllint disable rule:indentation rule:line-length
 # Ubuntu-20.04
 ---
-map_jinja:
+values:
-  config_get_roots:
+  map_jinja:
-  - openssh
+    sources:
-  - sshd_config
+    - Y:G@osarch
-  - ssh_config
+    - Y:G@os_family
-openssh:
+    - Y:G@os
-  absent_dsa_keys: false
+    - Y:G@osfinger
-  absent_ecdsa_keys: false
+    - C:SUB@openssh:lookup
-  absent_ed25519_keys: false
+    - C:SUB@openssh
-  absent_rsa_keys: false
+    - C:SUB@sshd_config:lookup
-  auth:
+    - C:SUB@sshd_config
-    joe-non-valid-ssh-key:
+    - C:SUB@ssh_config:lookup
-    - comment: obsolete key - removed
+    - C:SUB@ssh_config
-      enc: ssh-rsa
+    - Y:G@id
-      present: false
+  openssh:
-      source: salt://ssh_keys/joe.no-valid.pub
+    absent_dsa_keys: false
-      user: joe
+    absent_ecdsa_keys: false
-    joe-valid-ssh-key-desktop:
+    absent_ed25519_keys: false
-    - comment: main key - desktop
+    absent_rsa_keys: false
-      enc: ssh-rsa
+    auth:
-      present: true
+      joe-non-valid-ssh-key:
-      source: salt://ssh_keys/joe.desktop.pub
+      - comment: obsolete key - removed
-      user: joe
+        enc: ssh-rsa
-    joe-valid-ssh-key-notebook:
+        present: false
-    - comment: main key - notebook
+        source: salt://ssh_keys/joe.no-valid.pub
-      enc: ssh-rsa
+        user: joe
-      present: true
+      joe-valid-ssh-key-desktop:
-      source: salt://ssh_keys/joe.netbook.pub
+      - comment: main key - desktop
-      user: joe
+        enc: ssh-rsa
-  auth_map:
+        present: true
-    personal_keys:
+        source: salt://ssh_keys/joe.desktop.pub
-      source: salt://ssh_keys
+        user: joe
-      users:
+      joe-valid-ssh-key-notebook:
-        joe:
+      - comment: main key - notebook
-          joe.desktop: {}
+        enc: ssh-rsa
-          joe.netbook:
+        present: true
-            options: []
+        source: salt://ssh_keys/joe.netbook.pub
-          joe.no-valid:
+        user: joe
-            present: false
+    auth_map:
-  banner: /etc/ssh/banner
+      personal_keys:
-  banner_src: banner
+        source: salt://ssh_keys
-  banner_string: 'Welcome to %{hostname}!
+        users:
-'
+          joe:
-  client: openssh-client
+            joe.desktop: {}
-  client_version: latest
+            joe.netbook:
-  dig_pkg: dnsutils
+              options: []
-  dsa:
+            joe.no-valid:
-    private_key: '-----BEGIN DSA PRIVATE KEY-----
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client: openssh-client
+    client_version: latest
+    dig_pkg: dnsutils
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END DSA PRIVATE KEY-----
+        -----END DSA PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-dss NOT_DEFINED
+      public_key: 'ssh-dss NOT_DEFINED
-'
+  '
-  ecdsa:
+    ecdsa:
-    private_key: '-----BEGIN EC PRIVATE KEY-----
+      private_key: '-----BEGIN EC PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END EC PRIVATE KEY-----
+        -----END EC PRIVATE KEY-----
-'
+  '
-    public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
-'
+  '
-  ed25519:
+    ed25519:
-    private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END OPENSSH PRIVATE KEY-----
+        -----END OPENSSH PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-ed25519 NOT_DEFINED
+      public_key: 'ssh-ed25519 NOT_DEFINED
-'
+  '
-  enforce_rsa_size: false
+    enforce_rsa_size: false
-  generate_dsa_keys: false
+    generate_dsa_keys: false
-  generate_ecdsa_keys: false
+    generate_ecdsa_keys: false
-  generate_ed25519_keys: false
+    generate_ed25519_keys: false
-  generate_rsa_keys: false
+    generate_rsa_keys: false
-  generate_rsa_size: 4096
+    generate_rsa_size: 4096
-  host_key_algos: ecdsa,ed25519,rsa
+    host_key_algos: ecdsa,ed25519,rsa
-  known_hosts:
+    known_hosts:
-    aliases:
+      aliases:
-    - cname-to-minion.example.org
+      - cname-to-minion.example.org
-    - alias.example.org
+      - alias.example.org
-    hostnames: false
+      hostnames: false
-    include_localhost: false
+      include_localhost: false
-    mine_hostname_function: public_ssh_hostname
+      mine_hostname_function: public_ssh_hostname
-    mine_keys_function: public_ssh_host_keys
+      mine_keys_function: public_ssh_host_keys
-    omit_ip_address:
+      omit_ip_address:
-    - github.com
+      - github.com
-    salt_ssh:
+      salt_ssh:
-      public_ssh_host_keys:
+        public_ssh_host_keys:
-        minion.id: 'ssh-rsa [...]
+          minion.id: 'ssh-rsa [...]
 
-          ssh-ed25519 [...]
+            ssh-ed25519 [...]
-'
+  '
-      public_ssh_host_names:
+        public_ssh_host_names:
-        minion.id:
+          minion.id:
-        - minion.id
+          - minion.id
-        - alias.of.minion.id
+          - alias.of.minion.id
-      user: salt-master
+        user: salt-master
-    static:
+      static:
-      github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
-      gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
-    target: '*'
+      target: '*'
-    tgt_type: glob
+      tgt_type: glob
-  moduli: '# Time Type Tests Tries Size Generator Modulus
+    moduli: '# Time Type Tests Tries Size Generator Modulus
 
-    20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
 
-    20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
 
-    20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
 
-    20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
-'
+  '
-  provide_dsa_keys: false
+    provide_dsa_keys: false
-  provide_ecdsa_keys: false
+    provide_ecdsa_keys: false
-  provide_ed25519_keys: false
+    provide_ed25519_keys: false
-  provide_rsa_keys: false
+    provide_rsa_keys: false
-  root_group: root
+    root_group: root
-  rsa:
+    rsa:
-    private_key: '-----BEGIN RSA PRIVATE KEY-----
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
 
-      NOT_DEFINED
+        NOT_DEFINED
 
-      -----END RSA PRIVATE KEY-----
+        -----END RSA PRIVATE KEY-----
-'
+  '
-    public_key: 'ssh-rsa NOT_DEFINED
+      public_key: 'ssh-rsa NOT_DEFINED
-'
+  '
-  server: openssh-server
+    server: openssh-server
-  server_version: latest
+    server_version: latest
-  service: ssh
+    service: ssh
-  ssh_config: /etc/ssh/ssh_config
+    ssh_config: /etc/ssh/ssh_config
-  ssh_config_backup: true
+    ssh_config_backup: true
-  ssh_config_group: root
+    ssh_config_group: root
-  ssh_config_mode: '644'
+    ssh_config_mode: '644'
-  ssh_config_src: ssh_config
+    ssh_config_src: ssh_config
-  ssh_config_user: root
+    ssh_config_user: root
-  ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
-  ssh_known_hosts_src: ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
-  ssh_moduli: /etc/ssh/moduli
+    ssh_moduli: /etc/ssh/moduli
-  sshd_binary: /usr/sbin/sshd
+    sshd_binary: /usr/sbin/sshd
-  sshd_config: /etc/ssh/sshd_config
+    sshd_config: /etc/ssh/sshd_config
-  sshd_config_backup: true
+    sshd_config_backup: true
-  sshd_config_group: root
+    sshd_config_group: root
-  sshd_config_mode: '644'
+    sshd_config_mode: '644'
-  sshd_config_src: sshd_config
+    sshd_config_src: sshd_config
-  sshd_config_user: root
+    sshd_config_user: root
-  sshd_enable: true
+    sshd_enable: true
-ssh_config:
+    tofs:
-  Hosts:
+      source_files:
-    '*':
+        manage ssh_known_hosts file:
-      GSSAPIAuthentication: 'yes'
+        - alt_ssh_known_hosts
-      HashKnownHosts: 'yes'
+        ssh_config:
-      SendEnv: LANG LC_*
+        - alt_ssh_config
-sshd_config:
+        sshd_banner:
-  AcceptEnv: LANG LC_*
+        - fire_banner
-  ChallengeResponseAuthentication: 'no'
+        sshd_config:
-  PrintMotd: 'no'
+        - alt_sshd_config
-  Subsystem: sftp /usr/lib/openssh/sftp-server
+  ssh_config:
-  UsePAM: 'yes'
+    Hosts:
-  X11Forwarding: 'yes'
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    UsePAM: 'yes'
+    X11Forwarding: 'yes'

test/integration/default/files/_mapdata/ubuntu-22.yaml

@@ -0,0 +1,186 @@
+# yamllint disable rule:indentation rule:line-length
+# Ubuntu-22.04
+---
+values:
+  map_jinja:
+    sources:
+    - Y:G@osarch
+    - Y:G@os_family
+    - Y:G@os
+    - Y:G@osfinger
+    - C:SUB@openssh:lookup
+    - C:SUB@openssh
+    - C:SUB@sshd_config:lookup
+    - C:SUB@sshd_config
+    - C:SUB@ssh_config:lookup
+    - C:SUB@ssh_config
+    - Y:G@id
+  openssh:
+    absent_dsa_keys: false
+    absent_ecdsa_keys: false
+    absent_ed25519_keys: false
+    absent_rsa_keys: false
+    auth:
+      joe-non-valid-ssh-key:
+      - comment: obsolete key - removed
+        enc: ssh-rsa
+        present: false
+        source: salt://ssh_keys/joe.no-valid.pub
+        user: joe
+      joe-valid-ssh-key-desktop:
+      - comment: main key - desktop
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.desktop.pub
+        user: joe
+      joe-valid-ssh-key-notebook:
+      - comment: main key - notebook
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.netbook.pub
+        user: joe
+    auth_map:
+      personal_keys:
+        source: salt://ssh_keys
+        users:
+          joe:
+            joe.desktop: {}
+            joe.netbook:
+              options: []
+            joe.no-valid:
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client: openssh-client
+    client_version: latest
+    dig_pkg: dnsutils
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END DSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-dss NOT_DEFINED
+  '
+    ecdsa:
+      private_key: '-----BEGIN EC PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END EC PRIVATE KEY-----
+  '
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+  '
+    ed25519:
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END OPENSSH PRIVATE KEY-----
+  '
+      public_key: 'ssh-ed25519 NOT_DEFINED
+  '
+    enforce_rsa_size: false
+    generate_dsa_keys: false
+    generate_ecdsa_keys: false
+    generate_ed25519_keys: false
+    generate_rsa_keys: false
+    generate_rsa_size: 4096
+    host_key_algos: ecdsa,ed25519,rsa
+    known_hosts:
+      aliases:
+      - cname-to-minion.example.org
+      - alias.example.org
+      hostnames: false
+      include_localhost: false
+      mine_hostname_function: public_ssh_hostname
+      mine_keys_function: public_ssh_host_keys
+      omit_ip_address:
+      - github.com
+      salt_ssh:
+        public_ssh_host_keys:
+          minion.id: 'ssh-rsa [...]
+
+            ssh-ed25519 [...]
+  '
+        public_ssh_host_names:
+          minion.id:
+          - minion.id
+          - alias.of.minion.id
+        user: salt-master
+      static:
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+      target: '*'
+      tgt_type: glob
+    moduli: '# Time Type Tests Tries Size Generator Modulus
+
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+  '
+    provide_dsa_keys: false
+    provide_ecdsa_keys: false
+    provide_ed25519_keys: false
+    provide_rsa_keys: false
+    root_group: root
+    rsa:
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END RSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-rsa NOT_DEFINED
+  '
+    server: openssh-server
+    server_version: latest
+    service: ssh
+    ssh_config: /etc/ssh/ssh_config
+    ssh_config_backup: true
+    ssh_config_group: root
+    ssh_config_mode: '644'
+    ssh_config_src: ssh_config
+    ssh_config_user: root
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
+    ssh_moduli: /etc/ssh/moduli
+    sshd_binary: /usr/sbin/sshd
+    sshd_config: /etc/ssh/sshd_config
+    sshd_config_backup: true
+    sshd_config_group: root
+    sshd_config_mode: '644'
+    sshd_config_src: sshd_config
+    sshd_config_user: root
+    sshd_enable: true
+    tofs:
+      source_files:
+        manage ssh_known_hosts file:
+        - alt_ssh_known_hosts
+        ssh_config:
+        - alt_ssh_config
+        sshd_banner:
+        - fire_banner
+        sshd_config:
+        - alt_sshd_config
+  ssh_config:
+    Hosts:
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    PubkeyAcceptedAlgorithms: "+ssh-rsa"
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    UsePAM: 'yes'
+    X11Forwarding: 'yes'

test/integration/default/inspec.yml

@@ -17,5 +17,12 @@ supports:
   - platform-name: opensuse
   - platform-name: suse
   - platform-name: freebsd
+  - platform-name: openbsd
   - platform-name: amazon
+  - platform-name: oracle
   - platform-name: arch
+  - platform-name: gentoo
+  - platform-name: almalinux
+  - platform-name: rocky
+  - platform-name: mac_os_x
+  - platform: windows

test/integration/share/README.md

@@ -2,19 +2,21 @@
 
 This shows the implementation of the `share` InSpec [profile](https://github.com/inspec/inspec/blob/master/docs/profiles.md).
 
-It's goal is to share the libraries between all profiles.
+Its goal is to share the libraries between all profiles.
 
 ## Libraries
 
 ### `system`
 
-The `system` library provides easy access to system dependents informations:
+The `system` library provides easy access to system dependent information:
 
-- `system.hostname`: return the result of `hostname -s` or `hostnamectl --static` based on the availability of each commans
+- `system.platform`: based on `inspec.platform`, modify to values that are more consistent from a SaltStack perspective
-- `system.platform`: take `inspec.platform` and mangle things a bit to be useful
+  - `system.platform[:family]` provide a family name for Arch and Gentoo
-  - `system.platform[:family]` provides a family name for Arch
+  - `system.platform[:name]` append `linux` to both `amazon` and `oracle`; ensure Windows platforms are resolved as simply `windows`
-  - `system.platform[:name]` modify `amazon` to `amazonlinux`
+  - `system.platform[:release]` tweak Arch, Amazon Linux, Gentoo, openSUSE and Windows:
-  - `system.platform[:release]` tweak for Arch and Amazon Linux:
+    - `Arch` is always `base-latest`
-    - `Arch` is always `base-later`
+    - `Amazon Linux` release `2018` is resolved as `1`
-    - `Amazon Linux` release `2018` became `1`
+    - `Gentoo` release is trimmed to its major version number and then the init system is appended (i.e. `sysv` or `sysd`)
-  - `system.platform[:finger]` is just the concatenation of the name and the first release number (except for Ubuntu which gives `20.04` for example)
+    - `openSUSE` is resolved as `tumbleweed` if the `platform[:release]` is in date format
+    - `Windows` uses the widely-used release number (e.g. `8.1` or `2019-server`) in place of the actual system release version
+  - `system.platform[:finger]` is the concatenation of the name and the major release number (except for Ubuntu, which gives `ubuntu-20.04` for example)

test/integration/share/inspec.yml

@@ -1,7 +1,7 @@
 # -*- coding: utf-8 -*-
 # vim: ft=yaml
 ---
-name: shared
+name: share
 title: InSpec shared resources
 maintainer: SaltStack Formulas
 license: Apache-2.0
@@ -14,5 +14,12 @@ supports:
   - platform-name: opensuse
   - platform-name: suse
   - platform-name: freebsd
+  - platform-name: openbsd
   - platform-name: amazon
+  - platform-name: oracle
   - platform-name: arch
+  - platform-name: gentoo
+  - platform-name: almalinux
+  - platform-name: rocky
+  - platform-name: mac_os_x
+  - platform: windows

test/integration/share/libraries/system.rb

@@ -4,60 +4,33 @@
 # Author: Daniel Dehennin <daniel.dehennin@ac-dijon.fr>
 # Copyright (C) 2020 Daniel Dehennin <daniel.dehennin@ac-dijon.fr>
 
-HOSTNAME_CMDS = %w[hostname hostnamectl].freeze
+# rubocop:disable Metrics/ClassLength
-HOSTNAME_CMDS_OPT = {
-  'hostname' => '-s',
-  'hostnamectl' => '--static'
-}.freeze
-
 class SystemResource < Inspec.resource(1)
   name 'system'
 
   attr_reader :platform
-  attr_reader :hostname
 
   def initialize
+    super
     @platform = build_platform
-    @hostname = found_hostname
   end
 
   private
 
-  def found_hostname
-    cmd = guess_hostname_cmd
-
-    unless cmd.exit_status.zero?
-      raise Inspec::Exceptions::ResourceSkipped,
-            "Error running '#{cmd}': #{cmd.stderr}"
-    end
-
-    cmd.stdout.chomp
-  end
-
-  def guess_hostname_cmd
-    HOSTNAME_CMDS.each do |cmd|
-      if inspec.command(cmd).exist?
-        return inspec.command("#{cmd} #{HOSTNAME_CMDS_OPT[cmd]}")
-      end
-    end
-
-    raise Inspec::Exceptions::ResourceSkipped,
-          "Error: #{@platform[:finger]}} has none of #{HOSTNAME_CMDS.join(', ')}"
-  end
-
   def build_platform
     {
       family: build_platform_family,
       name: build_platform_name,
       release: build_platform_release,
-      finger: build_platform_finger
+      finger: build_platform_finger,
+      codename: build_platform_codename
     }
   end
 
   def build_platform_family
     case inspec.platform[:name]
-    when 'arch'
+    when 'arch', 'gentoo'
-      'arch'
+      inspec.platform[:name]
     else
       inspec.platform[:family]
     end
@@ -65,24 +38,48 @@ class SystemResource < Inspec.resource(1)
 
   def build_platform_name
     case inspec.platform[:name]
-    when 'amazon'
+    when 'amazon', 'oracle', 'rocky'
-      'amazonlinux'
+      "#{inspec.platform[:name]}linux"
+    when /^windows_/
+      inspec.platform[:family]
     else
       inspec.platform[:name]
     end
   end
 
+  # rubocop:disable Metrics/MethodLength,Metrics/AbcSize,Metrics/CyclomaticComplexity
   def build_platform_release
     case inspec.platform[:name]
     when 'amazon'
-      # `2018` relase is named `1` in kitchen.yaml
+      # `2018` relase is named `1` in `kitchen.yml`
       inspec.platform[:release].gsub(/2018.*/, '1')
     when 'arch'
       'base-latest'
+    when 'gentoo'
+      "#{inspec.platform[:release].split('.')[0]}-#{derive_gentoo_init_system}"
+    when 'mac_os_x'
+      inspec.command('sw_vers -productVersion').stdout.to_s
+    when 'opensuse'
+      # rubocop:disable Style/NumericLiterals,Layout/LineLength
+      inspec.platform[:release].to_i > 20210101 ? 'tumbleweed' : inspec.platform[:release]
+      # rubocop:enable Style/NumericLiterals,Layout/LineLength
+    when 'windows_8.1_pro'
+      '8.1'
+    when 'windows_server_2022_datacenter'
+      '2022-server'
+    when 'windows_server_2019_datacenter'
+      '2019-server'
+    when 'windows_server_2016_datacenter'
+      '2016-server'
     else
       inspec.platform[:release]
     end
   end
+  # rubocop:enable Metrics/MethodLength,Metrics/AbcSize,Metrics/CyclomaticComplexity
+
+  def derive_gentoo_init_system
+    inspec.command('systemctl').exist? ? 'sysd' : 'sysv'
+  end
 
   def build_platform_finger
     "#{build_platform_name}-#{build_finger_release}"
@@ -96,4 +93,46 @@ class SystemResource < Inspec.resource(1)
       build_platform_release.split('.')[0]
     end
   end
+
+  # rubocop:disable Metrics/MethodLength,Metrics/CyclomaticComplexity
+  def build_platform_codename
+    case build_platform_finger
+    when 'ubuntu-22.04'
+      'jammy'
+    when 'ubuntu-20.04'
+      'focal'
+    when 'ubuntu-18.04'
+      'bionic'
+    when 'debian-11'
+      'bullseye'
+    when 'debian-10'
+      'buster'
+    when 'debian-9'
+      'stretch'
+    when 'almalinux-8'
+      "AlmaLinux #{build_platform_release} (Arctic Sphynx)"
+    when 'amazonlinux-2'
+      'Amazon Linux 2'
+    when 'arch-base-latest'
+      'Arch Linux'
+    when 'centos-7'
+      'CentOS Linux 7 (Core)'
+    when 'centos-8'
+      'CentOS Stream 8'
+    when 'opensuse-tumbleweed'
+      'openSUSE Tumbleweed'
+    when 'opensuse-15'
+      "openSUSE Leap #{build_platform_release}"
+    when 'oraclelinux-8', 'oraclelinux-7'
+      "Oracle Linux Server #{build_platform_release}"
+    when 'gentoo-2-sysd', 'gentoo-2-sysv'
+      'Gentoo/Linux'
+    when 'rockylinux-8'
+      "Rocky Linux #{build_platform_release} (Green Obsidian)"
+    else
+      ''
+    end
+  end
+  # rubocop:enable Metrics/MethodLength,Metrics/CyclomaticComplexity
 end
+# rubocop:enable Metrics/ClassLength

test/salt/pillar/default.sls

@@ -22,7 +22,16 @@ sshd_config:
   PrintMotd: 'no'
   AcceptEnv: "LANG LC_*"
   Subsystem: "sftp /usr/lib/openssh/sftp-server"
+  {%- if grains.os != "OpenBSD" %}
   UsePAM: 'yes'
+  {%- endif %}
+  {#- Need this on various platforms to avoid the `kitchen verify` failure as mentioned above; see: #}
+  {#- * https://gitlab.com/saltstack-formulas/infrastructure/salt-image-builder/-/commit/cb6781a2bba9 #}
+  {%- if grains.os in ["Arch", "OpenBSD", "Gentoo"]
+      or grains.get("oscodename", "") in ["openSUSE Tumbleweed"]
+      or grains.get("osfinger", "") in ["Fedora Linux-36", "Ubuntu-22.04"] %}
+  PubkeyAcceptedAlgorithms: "+ssh-rsa"
+  {%- endif %}
 
 ssh_config:
   Hosts:
@@ -189,16 +198,6 @@ openssh:
   #     salt://files/ssh/moduli.hash
   # These will be automatically referenced to by the ssh_moduli state.
 
-# Required for openssh.known_hosts
-mine_functions:
-  public_ssh_host_keys:
-    mine_function: cmd.run
-    cmd: cat /etc/ssh/ssh_host_*_key.pub
-    python_shell: true
-  public_ssh_hostname:
-    mine_function: grains.get
-    key: id
-
   tofs:
     # The files_switch key serves as a selector for alternative
     # directories under the formula files directory. See TOFS pattern
@@ -227,3 +226,13 @@ mine_functions:
         - alt_ssh_config
       sshd_banner:
         - fire_banner
+
+# Required for openssh.known_hosts
+mine_functions:
+  public_ssh_host_keys:
+    mine_function: cmd.run
+    cmd: cat /etc/ssh/ssh_host_*_key.pub
+    python_shell: true
+  public_ssh_hostname:
+    mine_function: grains.get
+    key: id