LICENSE

@@ -1,4 +1,4 @@
-Copyright (C) 2010-2014 Garrett Honeycutt <code@garretthoneycutt.com>
+Copyright (C) 2010-2015 Garrett Honeycutt <code@garretthoneycutt.com>
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

README.md

@@ -101,6 +101,12 @@ Hash of fragments to pass to pam::limits::fragments
 
 - *Default*: undef
 
+limits_fragments_hiera_merge
+----------------------------
+Boolean to control merges of all found instances of pam::limits_fragments in Hiera. This is useful for specifying fragments at different levels of the hierarchy and having them all included in the catalog.
+
+- *Default*: false
+
 package_name
 ------------
 String or Array of packages providing the pam functionality. If undef, parameter is set based on the OS version.

manifests/init.pp

@@ -11,6 +11,7 @@
   $pam_conf_file                       = '/etc/pam.conf',
   $services                            = undef,
   $limits_fragments                    = undef,
+  $limits_fragments_hiera_merge        = false,
   $pam_d_login_oracle_options          = 'UNSET',
   $pam_d_login_path                    = '/etc/pam.d/login',
   $pam_d_login_owner                   = 'root',
@@ -837,6 +838,13 @@
   validate_re($sshd_pam_access, $valid_pam_access_values,
     "pam::sshd_pam_access is <${sshd_pam_access}> and must be either 'required', 'requisite', 'sufficient', 'optional' or 'absent'.")
 
+  if is_string($limits_fragments_hiera_merge) == true {
+    $limits_fragments_hiera_merge_real = str2bool($limits_fragments_hiera_merge)
+  } else {
+    $limits_fragments_hiera_merge_real = $limits_fragments_hiera_merge
+  }
+  validate_bool($limits_fragments_hiera_merge_real)
+
   if $package_name == undef {
     $my_package_name = $default_package_name
   } else {
@@ -904,7 +912,12 @@
   }
 
   if $limits_fragments != undef {
-    create_resources('pam::limits::fragment',$limits_fragments)
+    if $limits_fragments_hiera_merge_real == true {
+      $limits_fragments_real = hiera_hash('pam::limits_fragments')
+    } else {
+      $limits_fragments_real = $limits_fragments
+    }
+    create_resources('pam::limits::fragment',$limits_fragments_real)
   }
 
   case $::osfamily {

metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "ghoneycutt-pam",
-  "version": "2.16.0",
+  "version": "2.17.0",
   "author": "ghoneycutt",
   "summary": "Manage PAM",
   "license": "Apache-2.0",

spec/classes/init_spec.rb

@@ -587,6 +587,48 @@
           }.to raise_error(Puppet::Error)
         end
       end
+
+      context "with limits_fragments_hiera_merge parameter specified as a non-boolean or non-string on #{v[:osfamily]} with #{v[:releasetype]} #{v[:release]}" do
+        let :facts do
+          { :osfamily => v[:osfamily],
+            :"#{v[:releasetype]}" => v[:release],
+          }
+        end
+        let (:params) { {:limits_fragments_hiera_merge => ['not_a_boolean', 'not_a_string'] } }
+        it 'should fail' do
+          expect {
+            should contain_class('pam')
+          }.to raise_error(Puppet::Error,/is not a boolean/)
+        end
+      end
+
+      context "with limits_fragments_hiera_merge prameter specified as an invalid string on #{v[:osfamily]} with #{v[:releasetype]} #{v[:release]}" do
+        let :facts do
+          { :osfamily => v[:osfamily],
+            :"#{v[:releasetype]}" => v[:release],
+          }
+        end
+        let (:params) { {:limits_fragments_hiera_merge => 'invalid_string' } }
+        it 'should fail' do
+          expect {
+            should contain_class('pam')
+          }.to raise_error(Puppet::Error,/Unknown type of boolean given/)
+        end
+      end
+
+      ['true',true,'false',false].each do |value|
+        context "with limits_fragments_hiera_merge prameter specified as a valid value: #{value} on #{v[:osfamily]} with #{v[:releasetype]} #{v[:release]}" do
+          let :facts do
+            { :osfamily => v[:osfamily],
+              :"#{v[:releasetype]}" => v[:release],
+              :lsbdistid => v[:lsbdistid],
+            }
+          end
+          let(:params) {{ :limits_fragments_hiera_merge => value }}
+
+          it { should contain_class('pam') }
+        end
+      end
     end
   end
 end