Skip to content

Commit

Permalink
Support Amazon Linux 2 (#121)
Browse files Browse the repository at this point in the history
Closes #120
  • Loading branch information
trevor-vaughan committed Mar 28, 2022
1 parent 1e05c92 commit cae52d9
Show file tree
Hide file tree
Showing 10 changed files with 124 additions and 8 deletions.
7 changes: 6 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,12 @@
.idea/
dist
/pkg
/spec/fixtures
# Read everything in fixtures
/spec/fixtures/*
# Un-ignore hieradata
!/spec/fixtures/hieradata/*
# Except this one, which is auto-generated
/spec/fixtures/hieradata/hiera.yaml
/spec/rp_env
/.rspec_system
/.vagrant
Expand Down
6 changes: 6 additions & 0 deletions .gitlab-ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -357,6 +357,12 @@ pup6.pe-oel:
script:
- 'bundle exec rake beaker:suites[default,oel]'

pup6.pe-amzn2:
<<: *pup_6_pe
<<: *acceptance_base
script:
- 'bundle exec rake beaker:suites[default,amzn2]'

pup6.pe-oel-fips:
<<: *pup_6_pe
<<: *acceptance_base
Expand Down
3 changes: 3 additions & 0 deletions CHANGELOG
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
* Sun Mar 20 2022 Trevor Vaughan <trevor@sicura.us> - 6.10.1
- Support Amazon Linux 2

* Thu Aug 26 2021 Kendall Moore <kendall.moore@onyxpoint.com> - 6.10.0
- Add pre section content for auth files
- Add extra content for su
Expand Down
2 changes: 1 addition & 1 deletion Gemfile
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ end
group :system_tests do
gem 'beaker'
gem 'beaker-rspec'
gem 'simp-beaker-helpers', ENV['SIMP_BEAKER_HELPERS_VERSION'] || ['>= 1.23.2', '< 2']
gem 'simp-beaker-helpers', ENV['SIMP_BEAKER_HELPERS_VERSION'] || ['>= 1.24.2', '< 2']
end

# Evaluate extra gemfiles if they exist
Expand Down
40 changes: 40 additions & 0 deletions REFERENCE.md
Original file line number Diff line number Diff line change
Expand Up @@ -85,9 +85,11 @@ The following parameters are available in the `pam` class:
* [`use_openshift`](#use_openshift)
* [`sssd`](#sssd)
* [`tty_audit_users`](#tty_audit_users)
* [`su_content_extra`](#su_content_extra)
* [`su_content`](#su_content)
* [`other_content`](#other_content)
* [`auth_sections`](#auth_sections)
* [`auth_content_pre`](#auth_content_pre)
* [`fingerprint_auth_content`](#fingerprint_auth_content)
* [`system_auth_content`](#system_auth_content)
* [`password_auth_content`](#password_auth_content)
Expand Down Expand Up @@ -506,6 +508,15 @@ The users for which TTY auditing is enabled

Default value: `[ 'root' ]`

##### <a name="su_content_extra"></a>`su_content_extra`

Data type: `Optional[Array[String]]`

User-specified content to be added to ``/etc/pam.d/su`` in addition to
the rest of the templated content

Default value: ``undef``

##### <a name="su_content"></a>`su_content`

Data type: `Optional[String]`
Expand Down Expand Up @@ -534,6 +545,16 @@ The PAM ``*-auth`` files to manage

Default value: `[ 'fingerprint', 'system', 'password', 'smartcard' ]`

##### <a name="auth_content_pre"></a>`auth_content_pre`

Data type: `Optional[Array[String]]`

Content to prepend to the auth configs in addition to templated content

* Set to an empty Array to not prepend any default content

Default value: ``undef``

##### <a name="fingerprint_auth_content"></a>`fingerprint_auth_content`

Data type: `Optional[String]`
Expand Down Expand Up @@ -745,6 +766,7 @@ The following parameters are available in the `pam::wheel` class:
* [`wheel_group`](#wheel_group)
* [`root_only`](#root_only)
* [`use_openshift`](#use_openshift)
* [`su_content_extra`](#su_content_extra)
* [`content`](#content)

##### <a name="wheel_group"></a>`wheel_group`
Expand Down Expand Up @@ -772,6 +794,15 @@ puppet code is compatible

Default value: `$pam::use_openshift`

##### <a name="su_content_extra"></a>`su_content_extra`

Data type: `Optional[Array[String]]`

User-specified content added after rootok but before further templated
content

Default value: `$pam::su_content_extra`

##### <a name="content"></a>`content`

Data type: `Optional[String[1]]`
Expand Down Expand Up @@ -918,6 +949,7 @@ The following parameters are available in the `pam::auth` defined type:

* [`password_check_backend`](#password_check_backend)
* [`locale_file`](#locale_file)
* [`auth_content_pre`](#auth_content_pre)
* [`cracklib_enforce_for_root`](#cracklib_enforce_for_root)
* [`cracklib_reject_username`](#cracklib_reject_username)
* [`cracklib_difok`](#cracklib_difok)
Expand Down Expand Up @@ -972,6 +1004,14 @@ Data type: `Optional[Stdlib::Absolutepath]`

Default value: `$pam::locale_file`

##### <a name="auth_content_pre"></a>`auth_content_pre`

Data type: `Optional[Array[String]]`



Default value: `$pam::auth_content_pre`

##### <a name="cracklib_enforce_for_root"></a>`cracklib_enforce_for_root`

Data type: `Boolean`
Expand Down
8 changes: 7 additions & 1 deletion metadata.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "simp-pam",
"version": "6.10.0",
"version": "6.10.1",
"author": "SIMP Team",
"summary": "A SIMP puppet module for managing pam",
"license": "Apache-2.0",
Expand Down Expand Up @@ -38,6 +38,12 @@
]
},
"operatingsystem_support": [
{
"operatingsystem": "Amazon",
"operatingsystemrelease": [
"2"
]
},
{
"operatingsystem": "CentOS",
"operatingsystemrelease": [
Expand Down
23 changes: 23 additions & 0 deletions spec/acceptance/nodesets/amzn2.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
<%
if ENV['BEAKER_HYPERVISOR']
hypervisor = ENV['BEAKER_HYPERVISOR']
else
hypervisor = 'vagrant'
end
-%>
HOSTS:
amzn2:
roles:
- default
platform: el-7-x86_64
box: gbailey/amzn2
hypervisor: <%= hypervisor %>

CONFIG:
log_level: verbose
synced_folder : disabled
type: aio
vagrant_memsize: 512
<% if ENV['BEAKER_PUPPET_COLLECTION'] -%>
puppet_collection: <%= ENV['BEAKER_PUPPET_COLLECTION'] %>
<% end -%>
3 changes: 2 additions & 1 deletion spec/acceptance/suites/default/00_default_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,8 @@

os_major = fact_on(host, 'operatingsystemmajrelease')

if os_major == '7'
# Total hack to support Amazon without a bunch of logic
if ['7','2'].include?(os_major)
it 'should replace authconfig and authconfi-tui links' do
result = on(host, 'ls -l /usr/sbin/authconfig')
expect(result.stdout).to match(/authconfig -> \/usr\/local\/sbin\/simp_authconfig.sh/)
Expand Down
27 changes: 27 additions & 0 deletions spec/acceptance/suites/security_modules/nodesets/amzn2.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
<%
if ENV['BEAKER_HYPERVISOR']
hypervisor = ENV['BEAKER_HYPERVISOR']
else
hypervisor = 'vagrant'
end
-%>
HOSTS:
amzn2-server:
roles:
- default
platform: el-7-x86_64
box: gbailey/amzn2
hypervisor: <%= hypervisor %>

amzn2-client:
platform: el-7-x86_64
box: gbailey/amzn2
hypervisor: <%= hypervisor %>

CONFIG:
log_level: verbose
type: aio
vagrant_memsize: 512
<% if ENV['BEAKER_PUPPET_COLLECTION'] -%>
puppet_collection: <%= ENV['BEAKER_PUPPET_COLLECTION'] %>
<% end -%>
13 changes: 9 additions & 4 deletions spec/spec_helper_acceptance.rb
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,6 @@
else
install_puppet
end
# Install git, it's a dependency for inspec profiles
# Found this when experiencing https://github.com/chef/inspec/issues/1270
install_package(host, 'git')
end
end

Expand All @@ -35,12 +32,20 @@
begin
# Install modules and dependencies from spec/fixtures/modules
copy_fixture_modules_to( hosts )
begin
server = only_host_with_role(hosts, 'server')
rescue ArgumentError =>e
server = only_host_with_role(hosts, 'default')
end

# Generate and install PKI certificates on each SUT
Dir.mktmpdir do |cert_dir|
run_fake_pki_ca_on( default, hosts, cert_dir )
run_fake_pki_ca_on(server, hosts, cert_dir )
hosts.each{ |sut| copy_pki_to( sut, cert_dir, '/etc/pki/simp-testing' )}
end

# add PKI keys
copy_keydist_to(server)
rescue StandardError, ScriptError => e
if ENV['PRY']
require 'pry'; binding.pry
Expand Down

0 comments on commit cae52d9

Please sign in to comment.