Showing with 182 additions and 51 deletions.

+1 −1 .fixtures.yml

+1 −0 .gitignore

+1 −1 .travis.yml

+3 −3 Modulefile

+24 −0 README.md

+10 −4 Rakefile

+34 −11 manifests/init.pp

+108 −31 spec/classes/init_spec.rb
diff --git a/.fixtures.yml b/.fixtures.yml
@@ -5,7 +5,7 @@ fixtures:
       ref: "3.2.0"
     "common":
       repo: "git://github.com/ghoneycutt/puppet-module-common.git"
-      ref: "v1.0.0"
+      ref: "v1.0.2"
     "firewall":
       repo: "git://github.com/puppetlabs/puppetlabs-firewall.git"
   symlinks:

diff --git a/.gitignore b/.gitignore
@@ -29,3 +29,4 @@ metadata.json
 coverage/
 spec/fixtures/modules/*
 Gemfile.lock
+spec/fixtures/
diff --git a/.travis.yml b/.travis.yml
@@ -1,7 +1,7 @@
 ---
 env:
 - PUPPET_VERSION=2.7.23
-- PUPPET_VERSION=3.2.4
+- PUPPET_VERSION=3.3.2
 notifications:
 email: false
 rvm:

diff --git a/Modulefile b/Modulefile
@@ -1,12 +1,12 @@
 name    'ghoneycutt-ssh'
-version '3.4.0'
+version '3.5.0'
 source 'git://github.com/ghoneycutt/puppet-module-ssh.git'
 author 'ghoneycutt'
 license 'Apache License, Version 2.0'
 summary 'Manages SSH'
 description 'Manage SSH'
 project_page 'https://github.com/ghoneycutt/puppet-module-ssh'
 
-dependency 'puppetlabs/stdlib',   '3.2.x'
-dependency 'ghoneycutt/common',   '1.0.2'
+dependency 'puppetlabs/stdlib',   '>= 3.2.0'
+dependency 'ghoneycutt/common',   '>= 1.0.2'
 dependency 'puppetlabs/firewall'
diff --git a/README.md b/README.md
@@ -147,6 +147,30 @@ Banner option in sshd_config.
 
 - *Default*: 'none'
 
+sshd_banner_content
+-------------------
+content parameter for file specified in sshd_config_banner
+
+- *Default*: undef
+
+sshd_banner_owner
+-----------------
+owner parameter for file specified in sshd_config_banner
+
+- *Default*: 'root'
+
+sshd_banner_group
+-----------------
+group parameter for file specified in sshd_config_banner
+
+- *Default*: 'root'
+
+sshd_banner_mode
+----------------
+mode parameter for file specified in sshd_config_banner
+
+- *Default*: '0644'
+
 sshd_config_xauth_location
 --------------------------
 XAuthLocation option in sshd_config.

diff --git a/Rakefile b/Rakefile
@@ -2,11 +2,17 @@ require 'rubygems'
 require 'puppetlabs_spec_helper/rake_tasks'
 require 'puppet-lint/tasks/puppet-lint'
 PuppetLint.configuration.send('disable_80chars')
-PuppetLint.configuration.ignore_paths = ["spec/**/*.pp"]
+PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"]
 
 desc "Run puppet in noop mode and check for syntax errors."
 task :validate do
-   Dir['manifests/**/*.pp'].each do |path|
-     sh "puppet parser validate --noop #{path}"
-   end
+  Dir['manifests/**/*.pp'].each do |manifest|
+    sh "puppet parser validate --noop #{manifest}"
+  end
+  Dir['spec/**/*.rb','lib/**/*.rb'].each do |ruby_file|
+    sh "ruby -c #{ruby_file}" unless ruby_file =~ /spec\/fixtures/
+  end
+  Dir['templates/**/*.erb'].each do |template|
+    sh "erb -P -x -T '-' #{template} | ruby -c"
+  end
 end
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -27,6 +27,10 @@
   $sshd_config_print_motd           = 'yes',
   $sshd_config_use_dns              = 'yes',
   $sshd_config_banner               = 'none',
+  $sshd_banner_content              = undef,
+  $sshd_banner_owner                = 'root',
+  $sshd_banner_group                = 'root',
+  $sshd_banner_mode                 = '0644',
   $sshd_config_xauth_location       = '/usr/bin/xauth',
   $sshd_config_subsystem_sftp       = 'USE_DEFAULTS',
   $service_ensure                   = 'running',
@@ -48,12 +52,19 @@
 
   # validate params
   validate_re($ssh_config_hash_known_hosts, '^(yes|no)$', "ssh_config_hash_known_hosts may be either 'yes' or 'no' and is set to <${ssh_config_hash_known_hosts}>.")
-  validate_re($sshd_config_port, '^\d+$', "sshd_config_port must be a valid number and is set to <${sshd_config_port}>")
-  validate_re($sshd_password_authentication, '^(yes|no)$', "sshd_password_authentication may be either 'yes' or 'no' and is set to <${sshd_password_authentication}>.")
-  validate_re($sshd_allow_tcp_forwarding, '^(yes|no)$', "sshd_allow_tcp_forwarding may be either 'yes' or 'no' and is set to <${sshd_allow_tcp_forwarding}>.")
-  validate_re($sshd_x11_forwarding, '^(yes|no)$', "sshd_x11_forwarding may be either 'yes' or 'no' and is set to <${sshd_x11_forwarding}>.")
-  validate_re($sshd_use_pam, '^(yes|no)$', "sshd_use_pam may be either 'yes' or 'no' and is set to <${sshd_use_pam}>.")
-  if is_integer($sshd_client_alive_interval) == false { fail("sshd_client_alive_interval must be an integer and is set to <${sshd_client_alive_interval}>.") }
+  validate_re($sshd_config_port, '^\d+$', "ssh::sshd_config_port must be a valid number and is set to <${sshd_config_port}>.")
+  validate_re($sshd_password_authentication, '^(yes|no)$', "ssh::sshd_password_authentication may be either 'yes' or 'no' and is set to <${sshd_password_authentication}>.")
+  validate_re($sshd_allow_tcp_forwarding, '^(yes|no)$', "ssh::sshd_allow_tcp_forwarding may be either 'yes' or 'no' and is set to <${sshd_allow_tcp_forwarding}>.")
+  validate_re($sshd_x11_forwarding, '^(yes|no)$', "ssh::sshd_x11_forwarding may be either 'yes' or 'no' and is set to <${sshd_x11_forwarding}>.")
+  validate_re($sshd_use_pam, '^(yes|no)$', "ssh::sshd_use_pam may be either 'yes' or 'no' and is set to <${sshd_use_pam}>.")
+  if is_integer($sshd_client_alive_interval) == false { fail("ssh::sshd_client_alive_interval must be an integer and is set to <${sshd_client_alive_interval}>.") }
+
+  if $sshd_config_banner != 'none' {
+    validate_absolute_path($sshd_config_banner)
+  }
+  if $sshd_banner_content != undef and $sshd_config_banner == 'none' {
+    fail('ssh::sshd_config_banner must be set to be able to use sshd_banner_content.')
+  }
 
   case type($ssh_config_sendenv_xmodifiers) {
     'string': {
@@ -63,7 +74,7 @@
       $ssh_config_sendenv_xmodifiers_real = $ssh_config_sendenv_xmodifiers
     }
     default: {
-      fail("ssh_config_sendenv_xmodifiers type must be true or false.")
+      fail('ssh::ssh_config_sendenv_xmodifiers type must be true or false.')
     }
   }
 
@@ -72,7 +83,7 @@
       # noop
     }
     default: {
-      fail("permit_root_login may be either 'yes', 'without-password', 'forced-commands-only' or 'no' and is set to <${permit_root_login}>")
+      fail("ssh::permit_root_login may be either 'yes', 'without-password', 'forced-commands-only' or 'no' and is set to <${permit_root_login}>.")
     }
   }
 
@@ -84,7 +95,7 @@
       $key = $::sshdsakey
     }
     default: {
-      fail("ssh_key_type must be 'ssh-rsa', 'rsa', 'ssh-dsa', or 'dsa' and is <${ssh_key_type}>")
+      fail("ssh::ssh_key_type must be 'ssh-rsa', 'rsa', 'ssh-dsa', or 'dsa' and is <${ssh_key_type}>.")
     }
   }
 
@@ -93,7 +104,7 @@
       # noop
     }
     default: {
-      fail("purge_keys must be 'true' or 'false' and is <${purge_keys}>")
+      fail("ssh::purge_keys must be 'true' or 'false' and is <${purge_keys}>.")
     }
   }
 
@@ -173,6 +184,18 @@
     require => Package['ssh_packages'],
   }
 
+  if $sshd_config_banner != 'none' and $sshd_banner_content != undef {
+    file { 'sshd_banner' :
+      ensure  => file,
+      path    => $sshd_config_banner,
+      owner   => $sshd_banner_owner,
+      group   => $sshd_banner_group,
+      mode    => $sshd_banner_mode,
+      content => $sshd_banner_content,
+      require => Package['ssh_packages'],
+    }
+  }
+
   case $manage_root_ssh_config {
     'true': {
 
@@ -202,7 +225,7 @@
       # noop
     }
     default: {
-      fail("manage_root_ssh_config is <${manage_root_ssh_config}> and must be \'true\' or \'false\'.")
+      fail("ssh::manage_root_ssh_config is <${manage_root_ssh_config}> and must be \'true\' or \'false\'.")
     }
   }