Showing with 93 additions and 39 deletions.

+5 −3 .fixtures.yml

+1 −0 .travis.yml

+1 −1 Gemfile

+2 −2 Modulefile

+14 −2 README.md

+0 −1 Rakefile

+12 −4 manifests/limits.pp

+10 −10 metadata.json

+48 −15 spec/classes/limits_spec.rb

+0 −1 spec/spec_helper.rb
diff --git a/.fixtures.yml b/.fixtures.yml
@@ -1,10 +1,12 @@
 fixtures:
   repositories:
-    'stdlib':
+    stdlib:
       repo: 'git://github.com/puppetlabs/puppetlabs-stdlib.git'
       ref: '3.2.0'
-    'nsswitch': 'git://github.com/ghoneycutt/puppet-module-nsswitch.git'
-    'common':
+    nsswitch:
+      repo: 'git://github.com/ghoneycutt/puppet-module-nsswitch.git'
+      ref: 'v1.1.0'
+    common:
       repo: 'git://github.com/ghoneycutt/puppet-module-common.git'
       ref: 'v1.0.2'
   symlinks:

diff --git a/.travis.yml b/.travis.yml
@@ -3,6 +3,7 @@ env:
 - PUPPET_VERSION=3.3.2
 - PUPPET_VERSION=3.4.2
 - PUPPET_VERSION=3.5.1
+- PUPPET_VERSION=3.6.0
 notifications:
 email: false
 rvm:

diff --git a/Gemfile b/Gemfile
@@ -1,4 +1,4 @@
-source "https://rubygems.org"
+source 'https://rubygems.org'
 
 puppetversion = ENV.key?('PUPPET_VERSION') ? "= #{ENV['PUPPET_VERSION']}" : ['>= 3.3']
 gem 'puppet', puppetversion

diff --git a/Modulefile b/Modulefile
@@ -1,5 +1,5 @@
 name    'ghoneycutt-pam'
-version '2.5.0'
+version '2.6.0'
 source 'git://github.com/ghoneycutt/puppet-module-pam.git'
 author 'ghoneycutt'
 license 'Apache License, Version 2.0'
@@ -8,5 +8,5 @@ description 'Manages PAM, including specifying users and groups in access.conf,
 project_page 'https://github.com/ghoneycutt/puppet-module-pam'
 
 dependency 'ghoneycutt/common',   '>= 1.0.2'
-dependency 'ghoneycutt/nsswitch', '>= 0.0.1'
+dependency 'ghoneycutt/nsswitch', '>= 1.1.0'
 dependency 'puppetlabs/stdlib',   '>= 3.2.0'
diff --git a/README.md b/README.md
@@ -279,23 +279,35 @@ Content template of access.conf.
 
 ===
 
-# pam::limits define
+# class pam::limits
 Manage PAM limits.conf
 
-## Parameters for `pam::limits` define
+## Parameters for `pam::limits`
 
 config_file
 -----------
 Path to limits.conf
 
 - *Default*: '/etc/security/limits.conf'
 
+config_file_mode
+----------------
+Mode for config_file.
+
+- *Default*: '0640'
+
 limits_d_dir
 ------------
 Path to limits.d directory
 
 - *Default*: '/etc/security/limits.d'
 
+limits_d_dir_mode
+-----------------
+Mode for limits_d_dir.
+
+- *Default*: '0750'
+
 ===
 
 # pam::limits::fragment define

diff --git a/Rakefile b/Rakefile
@@ -1,4 +1,3 @@
-require 'rubygems'
 require 'puppetlabs_spec_helper/rake_tasks'
 require 'puppet-lint/tasks/puppet-lint'
 PuppetLint.configuration.send('disable_80chars')

diff --git a/manifests/limits.pp b/manifests/limits.pp
@@ -3,14 +3,22 @@
 # Manage PAM limits.conf
 #
 class pam::limits (
-  $config_file  = '/etc/security/limits.conf',
-  $limits_d_dir = '/etc/security/limits.d',
+  $config_file       = '/etc/security/limits.conf',
+  $config_file_mode  = '0640',
+  $limits_d_dir      = '/etc/security/limits.d',
+  $limits_d_dir_mode = '0750',
 ) {
 
   # validate params
   validate_absolute_path($config_file)
   validate_absolute_path($limits_d_dir)
 
+  validate_re($config_file_mode, '^[0-7]{4}$',
+    "pam::limits::config_file_mode is <${config_file_mode}> and must be a valid four digit mode in octal notation.")
+
+  validate_re($limits_d_dir_mode, '^[0-7]{4}$',
+    "pam::limits::limits_d_dir_mode is <${limits_d_dir_mode}> and must be a valid four digit mode in octal notation.")
+
   include pam
 
   # ensure target exists
@@ -22,7 +30,7 @@
     path    => $limits_d_dir,
     owner   => 'root',
     group   => 'root',
-    mode    => '0755',
+    mode    => $limits_d_dir_mode,
     require => Package[$pam::my_package_name],
   }
 
@@ -32,7 +40,7 @@
     source  => 'puppet:///modules/pam/limits.conf',
     owner   => 'root',
     group   => 'root',
-    mode    => '0644',
+    mode    => $config_file_mode,
     require => Package[$pam::my_package_name],
   }
 }
diff --git a/metadata.json b/metadata.json
@@ -76,7 +76,7 @@
     }
   ],
   "name": "ghoneycutt-pam",
-  "version": "2.5.0",
+  "version": "2.6.0",
   "source": "git://github.com/ghoneycutt/puppet-module-pam.git",
   "author": "ghoneycutt",
   "license": "Apache License, Version 2.0",
@@ -90,7 +90,7 @@
     },
     {
       "name": "ghoneycutt/nsswitch",
-      "version_requirement": ">= 0.0.1"
+      "version_requirement": ">= 1.1.0"
     },
     {
       "name": "puppetlabs/stdlib",
@@ -102,23 +102,23 @@
   ],
   "checksums": {
     "CHANGELOG": "0a5a2276499688d1c10adebf4fd7a734",
-    "Gemfile": "6992d521994d948eb6e48acd733a07bf",
+    "Gemfile": "f184c7cca73bc8169572ab8c48e223bc",
     "Gemfile.lock": "873e125e8afe971046172cf5e775871d",
     "LICENSE": "567e6cc3941d464d60c74d1f4abd5f46",
-    "Modulefile": "1c26a226002e3f0f93b8de88c4cbf9cd",
-    "README.md": "7ddbc2ba0f056e80242aa9d6ad1b6b47",
-    "Rakefile": "8ff6a0f7db638421d1742c5d365d0266",
+    "Modulefile": "8571add95d03e21ddcb6e3f90db325db",
+    "README.md": "b5281f1168d191d70f48b89f33c77629",
+    "Rakefile": "1cb426d5b98cd8d27b9147563a78ab7c",
     "files/limits.conf": "2486c66ab9728a793f068ed060c0df61",
     "manifests/accesslogin.pp": "e5dd82ec627fa88a449cf1f46be5077e",
     "manifests/init.pp": "f62340f9c308f4460852ef0f8f6f6111",
     "manifests/limits/fragment.pp": "6486a3db8487e4817937a08bc3c18a53",
-    "manifests/limits.pp": "2b87e2f69d38c99694be5f02845bbf0f",
+    "manifests/limits.pp": "d064d44cdc109e34a3ca2801beba2276",
     "manifests/service.pp": "9e97853aff8c57df48c8d01c30424d23",
     "spec/classes/accesslogin_spec.rb": "326a485b8a7fad24ce75f0bcfb6f7236",
     "spec/classes/init_spec.rb": "7706de29bccb805fba7c15c2c70c1554",
-    "spec/classes/limits_spec.rb": "f243fbe2e25f7f4e47bd2bced260e468",
+    "spec/classes/limits_spec.rb": "0d54b340344855cf7e998b6805e17c54",
     "spec/defines/limits/fragment_spec.rb": "19aeaf03de246fa093bba518db62957e",
-    "spec/spec_helper.rb": "3ea886dd135e120afa31e0aab12e85b0",
+    "spec/spec_helper.rb": "0db89c9a486df193c0e40095422e19dc",
     "templates/access.conf.erb": "6af5fdd9963aa92666df0b01cc937858",
     "templates/common-account-pc.erb": "d154847942fffc7ffc32b0ff50ff167f",
     "templates/common-auth-pc.erb": "978cdfa44f891a8ff0fb241821234ae4",
@@ -141,4 +141,4 @@
     "templates/system-auth-ac.erb": "69dd0a7e44d4edd6bd473748522144f1",
     "tests/init.pp": "1b580110b1308350f9b09e1bbca0551e"
   }
-}
+}
diff --git a/spec/classes/limits_spec.rb b/spec/classes/limits_spec.rb
@@ -17,24 +17,26 @@
           'path'    => '/etc/security/limits.conf',
           'owner'   => 'root',
           'group'   => 'root',
-          'mode'    => '0644',
+          'mode'    => '0640',
           'require' => [ 'Package[pam]', 'Package[util-linux]' ],
         })
       }
     end
 
     context 'ensure file exists with custom values for params on a supported platform' do
+      let(:params) do
+        {
+          :config_file      => '/custom/security/limits.conf',
+          :config_file_mode => '0600',
+        }
+      end
       let(:facts) do
         {
           :osfamily          => 'RedHat',
           :lsbmajdistrelease => '5',
         }
       end
 
-      let(:params) do
-        { :config_file  => '/custom/security/limits.conf' }
-      end
-
       it { should contain_class('pam') }
 
       it {
@@ -43,30 +45,45 @@
           'path'    => '/custom/security/limits.conf',
           'owner'   => 'root',
           'group'   => 'root',
-          'mode'    => '0644',
+          'mode'    => '0600',
           'require' => [ 'Package[pam]', 'Package[util-linux]' ],
         })
       }
     end
+
     context 'with config_file specified as an invalid path' do
+      let(:params) { { :config_file => 'custom/security/limits.conf' } }
       let(:facts) do
         {
           :osfamily          => 'RedHat',
           :lsbmajdistrelease => '5',
         }
       end
 
-      let(:params) do
-        { :config_file => 'custom/security/limits.conf' }
+      it 'should fail' do
+        expect {
+          should contain_class('pam::limits')
+        }.to raise_error(Puppet::Error,/not an absolute path/)
+      end
+    end
+
+    context 'with config_file_mode specified as an invalid mode' do
+      let(:params) { { :config_file_mode => '666' } }
+      let(:facts) do
+        {
+          :osfamily          => 'RedHat',
+          :lsbmajdistrelease => '5',
+        }
       end
 
       it 'should fail' do
         expect {
           should contain_class('pam::limits')
-        }.to raise_error(Puppet::Error,/not an absolute path/)
+        }.to raise_error(Puppet::Error,/pam::limits::config_file_mode is <666> and must be a valid four digit mode in octal notation./)
       end
     end
   end
+
   describe 'limits.d' do
     context 'ensure directory exists with default values for params on a supported platform' do
       let(:facts) do
@@ -84,7 +101,7 @@
           'path'    => '/etc/security/limits.d',
           'owner'   => 'root',
           'group'   => 'root',
-          'mode'    => '0755',
+          'mode'    => '0750',
           'require' => [ 'Package[pam]', 'Package[util-linux]' ],
         })
       }
@@ -99,7 +116,10 @@
       end
 
       let(:params) do
-        { :limits_d_dir => '/custom/security/limits.d' }
+        {
+          :limits_d_dir     => '/custom/security/limits.d',
+          :limits_d_dir_mode => '0700',
+        }
       end
 
       it { should contain_class('pam') }
@@ -111,28 +131,41 @@
           'path'    => '/custom/security/limits.d',
           'owner'   => 'root',
           'group'   => 'root',
-          'mode'    => '0755',
+          'mode'    => '0700',
           'require' => [ 'Package[pam]', 'Package[util-linux]' ],
         })
       }
     end
 
     context 'with limits_d_dir specified as an invalid path' do
+      let(:params) { { :limits_d_dir => 'custom/security/limits.d' } }
       let(:facts) do
         {
           :osfamily          => 'RedHat',
           :lsbmajdistrelease => '5',
         }
       end
 
-      let(:params) do
-        { :limits_d_dir => 'custom/security/limits.d' }
+      it 'should fail' do
+        expect {
+          should contain_class('pam::limits')
+        }.to raise_error(Puppet::Error,/not an absolute path/)
+      end
+    end
+
+    context 'with limits_d_dir_mode specified as an invalid mode' do
+      let(:params) { { :limits_d_dir_mode => '777' } }
+      let(:facts) do
+        {
+          :osfamily          => 'RedHat',
+          :lsbmajdistrelease => '5',
+        }
       end
 
       it 'should fail' do
         expect {
           should contain_class('pam::limits')
-        }.to raise_error(Puppet::Error,/not an absolute path/)
+        }.to raise_error(Puppet::Error,/pam::limits::limits_d_dir_mode is <777> and must be a valid four digit mode in octal notation./)
       end
     end
   end

diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
@@ -1,2 +1 @@
-require 'rubygems'
 require 'puppetlabs_spec_helper/module_spec_helper'