Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

sysctl, sshd_config: create entries after commented out entry

  • Loading branch information...
commit 29d64daa5f37157080f124a4ef2b801ef8847a6c 1 parent b71bc55
@domcleal authored
View
20 lib/puppet/provider/sshd_config/augeas.rb
@@ -68,19 +68,27 @@ def self.set_value(aug, base, path, value)
end
# Insert new values for the rest
+ label = path_label(path)
value.each do |v|
if lastsp
# After the most recent same setting (lastsp)
- aug.insert(lastsp, path_label(path), false)
+ aug.insert(lastsp, label, false)
aug.set("#{path}[last()]", v)
else
- if aug.match("#{base}/Match").empty?
- aug.set("#{path}[last()+1]", v)
+ # Prefer to create the node next to a commented out entry
+ commented = aug.match("#{base}/#comment[.=~regexp('#{label}([^a-z\.].*)?')]")
+ if commented.empty?
+ if aug.match("#{base}/Match").empty?
+ # insert as the last line
+ aug.insert("#{base}/*", label, false)
+ else
+ # before the match block so it's in the main section
+ aug.insert("#{base}/Match[1]", label, true)
+ end
else
- # before the match block so it's in the main section
- aug.insert("#{base}/Match[1]", path_label(path), true)
- aug.set("#{path}[last()]", v)
+ aug.insert(commented.first, label, false)
end
+ aug.set("#{path}[last()]", v)
end
lastsp = aug.match("#{path}[last()]")[0]
end
View
5 lib/puppet/provider/sysctl/augeas.rb
@@ -73,7 +73,12 @@ def create
path = "/files#{self.class.file(resource)}"
begin
aug = self.class.augopen(resource)
+
+ # Prefer to create the node next to a commented out entry
+ commented = aug.match("#{path}/#comment[.=~regexp('#{resource[:name]}([^a-z\.].*)?')]")
+ aug.insert(commented.first, resource[:name], false) unless commented.empty?
aug.set("#{path}/#{resource[:name]}", resource[:value])
+
if resource[:comment]
aug.insert("#{path}/#{resource[:name]}", "#comment", true)
aug.set("#{path}/#comment[following-sibling::*[1][self::#{resource[:name]}]]",
View
2  spec/fixtures/unit/puppet/sysctl/full
@@ -22,5 +22,5 @@ kernel.core_uses_pid = 1
# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0
-net.bridge.bridge-nf-call-iptables = 0
+#net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
View
35 spec/unit/puppet/sshd_config_spec.rb
@@ -99,6 +99,24 @@
end
end
+ it "should add it next to commented out entry" do
+ apply!(Puppet::Type.type(:sshd_config).new(
+ :name => "Banner",
+ :value => "/etc/issue",
+ :target => target,
+ :provider => "augeas"
+ ))
+
+ augparse_filter(target, "Sshd.lns", '*[preceding-sibling::#comment[.="no default banner path"]][label()!="Match"]', '
+ { "#comment" = "Banner none" }
+ { "Banner" = "/etc/issue" }
+ { "#comment" = "override default of no subsystems" }
+ { "Subsystem"
+ { "sftp" = "/usr/libexec/openssh/sftp-server" } }
+ { "#comment" = "Example of overriding settings on a per-user basis" }
+ ')
+ end
+
it "should match the entire Match conditions and create new block" do
apply!(Puppet::Type.type(:sshd_config).new(
:name => "AllowAgentForwarding",
@@ -312,6 +330,23 @@
aug.get("ListenAddress").should == "192.168.1.1"
end
end
+
+ it "should add it next to commented out entry" do
+ apply!(Puppet::Type.type(:sshd_config).new(
+ :name => "Banner",
+ :value => "/etc/issue",
+ :target => target,
+ :provider => "augeas"
+ ))
+
+ augparse_filter(target, "Sshd.lns", '*[preceding-sibling::#comment[.="no default banner path"]]', '
+ { "#comment" = "Banner none" }
+ { "Banner" = "/etc/issue" }
+ { "#comment" = "override default of no subsystems" }
+ { "Subsystem"
+ { "sftp" = "/usr/libexec/openssh/sftp-server" } }
+ ')
+ end
end
describe "when updating settings" do
View
18 spec/unit/puppet/sysctl_spec.rb
@@ -58,13 +58,29 @@
}
}
- inst.size.should == 8
+ inst.size.should == 7
inst[0].should == {:name=>"net.ipv4.ip_forward", :ensure=>:present, :value=>"0", :comment=>:absent}
inst[1].should == {:name=>"net.ipv4.conf.default.rp_filter", :ensure=>:present, :value=>"1", :comment=>:absent}
inst[2].should == {:name=>"net.ipv4.conf.default.accept_source_route", :ensure=>:present, :value=>"0", :comment=>"Do not accept source routing"}
inst[3].should == {:name=>"kernel.sysrq", :ensure=>:present, :value=>"0", :comment=>"controls the System Request debugging functionality of the kernel"}
end
+ it "should create new entry next to commented out entry" do
+ apply!(Puppet::Type.type(:sysctl).new(
+ :name => "net.bridge.bridge-nf-call-iptables",
+ :value => "1",
+ :target => target,
+ :provider => "augeas"
+ ))
+
+ augparse_filter(target, "Sysctl.lns", '*[preceding-sibling::#comment[.="Disable netfilter on bridges."]]', '
+ { "net.bridge.bridge-nf-call-ip6tables" = "0" }
+ { "#comment" = "net.bridge.bridge-nf-call-iptables = 0" }
+ { "net.bridge.bridge-nf-call-iptables" = "1" }
+ { "net.bridge.bridge-nf-call-arptables" = "0" }
+ ')
+ end
+
it "should delete entries" do
apply!(Puppet::Type.type(:sysctl).new(
:name => "kernel.sysrq",
Please sign in to comment.
Something went wrong with that request. Please try again.