diff --git a/lib/puppet/provider/ssh_config/augeas.rb b/lib/puppet/provider/ssh_config/augeas.rb index d41a88c..3aaba00 100644 --- a/lib/puppet/provider/ssh_config/augeas.rb +++ b/lib/puppet/provider/ssh_config/augeas.rb @@ -104,6 +104,7 @@ def self.set_value(aug, base, path, label, value) end lastsp = aug.match("#{path}[last()]")[0] end + aug.defvar('resource', path) end end @@ -114,6 +115,7 @@ def create # create base_path aug.set(base_path, resource[:host]) self.class.set_value(aug, base_path, "#{base_path}/#{key}", key, resource[:value]) + self.class.set_comment(aug, base_path, resource[:name], resource[:comment]) if resource[:comment] end end @@ -129,4 +131,33 @@ def value=(value) self.class.set_value(aug, self.class.base_path(resource), resource_path, key, value) end end + + def comment + base_path = self.class.base_path(resource) + augopen do |aug| + comment = aug.get("#{base_path}/#comment[following-sibling::*[1][label() =~ regexp('#{resource[:name]}', 'i')]][. =~ regexp('#{resource[:name]}:.*', 'i')]") + comment.sub!(/^#{resource[:name]}:\s*/i, "") if comment + comment || "" + end + end + + def comment=(value) + base_path = self.class.base_path(resource) + augopen! do |aug| + self.class.set_comment(aug, base_path, resource[:name], value) + end + end + + def self.set_comment(aug, base, name, value) + cmtnode = "#{base}/#comment[following-sibling::*[1][label() =~ regexp('#{name}', 'i')]][. =~ regexp('#{name}:.*', 'i')]" + if value.empty? + aug.rm(cmtnode) + else + if aug.match(cmtnode).empty? + aug.insert('$resource', "#comment", true) + end + aug.set("#{base}/#comment[following-sibling::*[1][label() =~ regexp('#{name}', 'i')]]", + "#{name}: #{value}") + end + end end diff --git a/lib/puppet/provider/sshd_config/augeas.rb b/lib/puppet/provider/sshd_config/augeas.rb index 5c3be82..3eb900e 100644 --- a/lib/puppet/provider/sshd_config/augeas.rb +++ b/lib/puppet/provider/sshd_config/augeas.rb @@ -176,15 +176,16 @@ def create aug.insert("#{base_path}/ListenAddress[1]", key, true) end - if key.downcase == 'listenaddress' && !aug.match("#{base_path}/AddressFamily").empty? - aug.insert("#{base_path}/AddressFamily", key, false) - end + if key.downcase == 'listenaddress' && !aug.match("#{base_path}/AddressFamily").empty? + aug.insert("#{base_path}/AddressFamily", key, false) + end - if key.downcase == 'addressfamily' && !aug.match("#{base_path}/ListenAddress").empty? - aug.insert("#{base_path}/ListenAddress", key, true) - end + if key.downcase == 'addressfamily' && !aug.match("#{base_path}/ListenAddress").empty? + aug.insert("#{base_path}/ListenAddress", key, true) + end self.class.set_value(aug, base_path, "#{base_path}/#{key}", key, resource[:value]) + self.class.set_comment(aug, base_path, key, resource[:comment]) if resource[:comment] end end @@ -207,4 +208,35 @@ def value=(value) self.class.set_value(aug, self.class.base_path(resource), resource_path, key, value) end end + + def comment + base_path = self.class.base_path(resource) + key = resource[:key] ? resource[:key] : resource[:name] + augopen do |aug| + comment = aug.get("#{base_path}/#comment[following-sibling::*[1][label() =~ regexp('#{key}', 'i')]][. =~ regexp('#{key}:.*', 'i')]") + comment.sub!(/^#{key}:\s*/i, "") if comment + comment || "" + end + end + + def comment=(value) + base_path = self.class.base_path(resource) + key = resource[:key] ? resource[:key] : resource[:name] + augopen! do |aug| + self.class.set_comment(aug, base_path, key, value) + end + end + + def self.set_comment(aug, base, name, value) + cmtnode = "#{base}/#comment[following-sibling::*[1][label() =~ regexp('#{name}', 'i')]][. =~ regexp('#{name}:.*', 'i')]" + if value.empty? + aug.rm(cmtnode) + else + if aug.match(cmtnode).empty? + aug.insert("#{base}/#{name}", "#comment", true) + end + aug.set("#{base}/#comment[following-sibling::*[1][label() =~ regexp('#{name}', 'i')]]", + "#{name}: #{value}") + end + end end diff --git a/lib/puppet/provider/sshd_config_match/augeas.rb b/lib/puppet/provider/sshd_config_match/augeas.rb index e772269..40298d3 100644 --- a/lib/puppet/provider/sshd_config_match/augeas.rb +++ b/lib/puppet/provider/sshd_config_match/augeas.rb @@ -23,7 +23,8 @@ def self.static_path(resource) end def self.path(resource) - path = "$target/*[label()=~regexp('match', 'i') and *[label()=~regexp('condition', 'i') and count(*)=#{resource[:condition].keys.size}]" + path = "$target/*" + path += "[label()=~regexp('match', 'i') and *[label()=~regexp('condition', 'i') and count(*)=#{resource[:condition].keys.size}]" resource[:condition].each do |c, v| path += "[*[label()=~regexp('#{c}', 'i')]='#{v}']" end @@ -104,6 +105,7 @@ def self.position!(aug, resource) def position! augopen! do |aug| self.class.position!(aug, resource) + self.comment = resource[:comment] end end @@ -115,12 +117,35 @@ def create aug.set("$resource/Condition/#{c}", v) end aug.clear("$resource/Settings") - # At least one entry is mandatory (in the lens at least) - aug.set("$resource/Settings/#comment", 'Created by Puppet') self.class.position!(aug, resource) \ if !self.class.in_position?(aug, resource) and resource[:position] + + # At least one entry is mandatory (in the lens at least) + self.comment = resource[:comment] + end + end + + def comment + augopen do |aug| + comment = aug.get("$resource/Settings/#comment[1]") + comment.sub!(/^#{resource[:name]}:\s*/i, "") if comment + comment || "" + end end - end -end + def comment=(value) + augopen! do |aug| + cmtnode = "$resource/Settings/#comment[1]" + + if aug.match(cmtnode).empty? + if aug.match("$resource/Settings/*").any? + # Insert before first entry + aug.insert("$resource/Settings/*[1]", "#comment", true) + end + end + + aug.set(cmtnode, "#{resource[:name]}: #{resource[:comment]}") + end + end + end diff --git a/lib/puppet/provider/sshd_config_subsystem/augeas.rb b/lib/puppet/provider/sshd_config_subsystem/augeas.rb index 2b4825d..ba989b8 100644 --- a/lib/puppet/provider/sshd_config_subsystem/augeas.rb +++ b/lib/puppet/provider/sshd_config_subsystem/augeas.rb @@ -31,13 +31,16 @@ def self.instances end end - define_aug_method!(:create) do |aug, resource| + def create key = resource[:name] - unless aug.match("$target/Match").empty? - aug.insert("$target/Match[1]", "Subsystem", true) - aug.clear("$target/Subsystem[last()]/#{key}") + augopen! do |aug| + unless aug.match("$target/Match").empty? + aug.insert("$target/Match[1]", "Subsystem", true) + aug.clear("$target/Subsystem[last()]/#{key}") + end + aug.set("$target/Subsystem/#{resource[:name]}", resource[:command]) + self.comment = resource[:comment] if resource[:comment] end - aug.set("$target/Subsystem/#{resource[:name]}", resource[:command]) end define_aug_method!(:destroy) do |aug, resource| @@ -46,4 +49,28 @@ def self.instances end attr_aug_accessor(:command, :label => :resource) + + + def comment + augopen do |aug| + comment = aug.get("$target/#comment[following-sibling::*[1][label() =~ regexp('Subsystem', 'i') and #{resource[:name]}]]") + comment.sub!(/^#{resource[:name]}:\s*/i, "") if comment + comment || "" + end + end + + def comment=(value) + augopen! do |aug| + cmtnode = "$target/#comment[following-sibling::*[1][label() =~ regexp('Subsystem', 'i') and #{resource[:name]}]]" + + if value.empty? + aug.rm(cmtnode) + else + if aug.match(cmtnode).empty? + aug.insert("$target/*[label()=~regexp('Subsystem', 'i') and #{resource[:name]}]", "#comment", true) + end + aug.set(cmtnode, "#{resource[:name]}: #{resource[:comment]}") + end + end + end end diff --git a/lib/puppet/type/ssh_config.rb b/lib/puppet/type/ssh_config.rb index 9722a3f..f51850a 100644 --- a/lib/puppet/type/ssh_config.rb +++ b/lib/puppet/type/ssh_config.rb @@ -9,7 +9,7 @@ The resource name is used for the setting name, but if the `host` is given, then the name can be something else and the `key` given as the name of the setting. -" + " ensurable @@ -50,6 +50,10 @@ defaultto { '*' } end + newproperty(:comment) do + desc "Text to be stored in a comment immediately above the entry. It will be automatically prepended with the name of the variable in order for the provider to know whether it controls the comment or not." + end + autorequire(:file) do self[:target] end diff --git a/lib/puppet/type/sshd_config.rb b/lib/puppet/type/sshd_config.rb index e1b89f6..cfeb28c 100644 --- a/lib/puppet/type/sshd_config.rb +++ b/lib/puppet/type/sshd_config.rb @@ -71,13 +71,13 @@ def sync def should_to_s(new_value) if provider.resource[:array_append] - # Merge the two arrays - is = @resource.property(:value).retrieve - is_arr = Array(is) + # Merge the two arrays + is = @resource.property(:value).retrieve + is_arr = Array(is) - super(is_arr | Array(new_value)) + super(is_arr | Array(new_value)) else - super(new_value) + super(new_value) end end end @@ -117,7 +117,7 @@ def should_to_s(new_value) whitespace. This is used if the `Match` block has multiple criteria. condition => 'Host example.net User root' - " + " munge do |value| if value.is_a? Hash @@ -130,6 +130,10 @@ def should_to_s(new_value) end end + newproperty(:comment) do + desc "Text to be stored in a comment immediately above the entry. It will be automatically prepended with the name of the variable in order for the provider to know whether it controls the comment or not." + end + autorequire(:file) do self[:target] end diff --git a/lib/puppet/type/sshd_config_match.rb b/lib/puppet/type/sshd_config_match.rb index ed48f03..cea8ec3 100644 --- a/lib/puppet/type/sshd_config_match.rb +++ b/lib/puppet/type/sshd_config_match.rb @@ -84,6 +84,11 @@ def self.title_patterns end end + newproperty(:comment) do + desc "Text to be stored in a comment immediately above the entry. It will be automatically prepended with the name of the variable in order for the provider to know whether it controls the comment or not." + defaultto { "created by Puppet" } + end + autorequire(:file) do self[:target] end diff --git a/lib/puppet/type/sshd_config_subsystem.rb b/lib/puppet/type/sshd_config_subsystem.rb index 91b03f0..9eb16bc 100644 --- a/lib/puppet/type/sshd_config_subsystem.rb +++ b/lib/puppet/type/sshd_config_subsystem.rb @@ -22,6 +22,10 @@ `/etc/ssh/sshd_config`." end + newproperty(:comment) do + desc "Text to be stored in a comment immediately above the entry. It will be automatically prepended with the name of the variable in order for the provider to know whether it controls the comment or not." + end + autorequire(:file) do self[:target] end diff --git a/spec/fixtures/unit/puppet/provider/ssh_config/augeas/full b/spec/fixtures/unit/puppet/provider/ssh_config/augeas/full index 98fda84..be14df0 100644 --- a/spec/fixtures/unit/puppet/provider/ssh_config/augeas/full +++ b/spec/fixtures/unit/puppet/provider/ssh_config/augeas/full @@ -45,11 +45,13 @@ Host * # Tunnel no # TunnelDevice any:any # PermitLocalCommand no +# This is a comment # VisualHostKey no # ProxyCommand ssh -q -W %h:%p gateway.example.com # RekeyLimit 1G 1h SendEnv LANG LC_* SendEnv QUX + # HashKnownHosts: more secure HashKnownHosts yes GSSAPIAuthentication yes GSSAPIDelegateCredentials no diff --git a/spec/fixtures/unit/puppet/provider/sshd_config/augeas/full b/spec/fixtures/unit/puppet/provider/sshd_config/augeas/full index 3f5c660..60c7adb 100644 --- a/spec/fixtures/unit/puppet/provider/sshd_config/augeas/full +++ b/spec/fixtures/unit/puppet/provider/sshd_config/augeas/full @@ -29,7 +29,7 @@ ListenAddress :: # Logging # obsoletes QuietMode and FascistLogging -#SyslogFacility AUTH +#SyslogFacility: AUTHPRIV SyslogFacility AUTHPRIV #LogLevel INFO @@ -83,8 +83,8 @@ GSSAPICleanupCredentials yes #GSSAPIStrictAcceptorCheck yes #GSSAPIKeyExchange no -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass @@ -101,6 +101,8 @@ AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE AcceptEnv XMODIFIERS +# This is a comment +# VisualHostKey no #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no diff --git a/spec/fixtures/unit/puppet/provider/sshd_config_match/augeas/full b/spec/fixtures/unit/puppet/provider/sshd_config_match/augeas/full index 3f5c660..3b6ebc7 100644 --- a/spec/fixtures/unit/puppet/provider/sshd_config_match/augeas/full +++ b/spec/fixtures/unit/puppet/provider/sshd_config_match/augeas/full @@ -83,8 +83,8 @@ GSSAPICleanupCredentials yes #GSSAPIStrictAcceptorCheck yes #GSSAPIKeyExchange no -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass @@ -101,6 +101,8 @@ AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE AcceptEnv XMODIFIERS +# This is a comment +# VisualHostKey no #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no @@ -130,7 +132,7 @@ X11Forwarding yes # override default of no subsystems Subsystem sftp /usr/libexec/openssh/sftp-server -# Example of overriding settings on a per-user basis +# User anoncvs: Example of overriding settings on a per-user basis Match User anoncvs X11Forwarding no AllowTcpForwarding no diff --git a/spec/fixtures/unit/puppet/provider/sshd_config_subsystem/augeas/full b/spec/fixtures/unit/puppet/provider/sshd_config_subsystem/augeas/full index 92a1a79..989ce0e 100644 --- a/spec/fixtures/unit/puppet/provider/sshd_config_subsystem/augeas/full +++ b/spec/fixtures/unit/puppet/provider/sshd_config_subsystem/augeas/full @@ -102,6 +102,8 @@ AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE AcceptEnv XMODIFIERS +# This is a comment +# VisualHostKey no #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no diff --git a/spec/unit/puppet/provider/ssh_config/augeas_spec.rb b/spec/unit/puppet/provider/ssh_config/augeas_spec.rb index a455dcc..96b4966 100755 --- a/spec/unit/puppet/provider/ssh_config/augeas_spec.rb +++ b/spec/unit/puppet/provider/ssh_config/augeas_spec.rb @@ -69,6 +69,21 @@ end end + it "should create new comment before entry" do + apply!(Puppet::Type.type(:ssh_config).new( + :name => "DenyUsers", + :host => "example.net", + :value => "example_user", + :target => target, + :provider => "augeas", + :comment => 'Deny example_user access' + )) + + aug_open(target, "Ssh.lns") do |aug| + expect(aug.get("Host[.='example.net']/#comment[following-sibling::DenyUsers][last()]")).to eq("DenyUsers: Deny example_user access") + end + end + context "when declaring two resources with same key" do it "should fail with same name" do expect do @@ -186,6 +201,21 @@ expect(aug.get("Host[.='example.net']/SendEnv/2")).to eq("LANG") end end + + it "should create new comment before entry" do + apply!(Puppet::Type.type(:ssh_config).new( + :name => "DenyUsers", + :host => "example.net", + :value => "example_user", + :target => target, + :provider => "augeas", + :comment => 'Deny example_user access' + )) + + aug_open(target, "Ssh.lns") do |aug| + expect(aug.get("Host[.='example.net']/#comment[following-sibling::DenyUsers][last()]")).to eq("DenyUsers: Deny example_user access") + end + end end describe "when deleting settings" do @@ -202,6 +232,20 @@ expect(aug.match("Host[.='*']/HashKnownHosts").size).to eq(0) end end + + it "should delete a comment" do + apply!(Puppet::Type.type(:ssh_config).new( + :name => "VisualHostKey", + :ensure => "absent", + :host => "*", + :target => target, + :provider => "augeas" + )) + + aug_open(target, "Ssh.lns") do |aug| + expect(aug.match("Host[.='*']/VisualHostKey[preceding-sibling::#comment]").size).to eq(0) + end + end end describe "when updating settings" do @@ -219,6 +263,20 @@ end end + it "should replace the comment" do + apply!(Puppet::Type.type(:ssh_config).new( + :name => "HashKnownHosts", + :host => "*", + :target => target, + :provider => "augeas", + :comment => 'This is a different comment' + )) + + aug_open(target, "Ssh.lns") do |aug| + expect(aug.get("Host[.='*']/#comment[following-sibling::HashKnownHosts][last()]")).to eq("HashKnownHosts: This is a different comment") + end + end + it "should replace the array setting" do apply!(Puppet::Type.type(:ssh_config).new( :name => "SendEnv", diff --git a/spec/unit/puppet/provider/sshd_config/augeas_spec.rb b/spec/unit/puppet/provider/sshd_config/augeas_spec.rb index e03cc8c..7dbb839 100755 --- a/spec/unit/puppet/provider/sshd_config/augeas_spec.rb +++ b/spec/unit/puppet/provider/sshd_config/augeas_spec.rb @@ -41,6 +41,20 @@ end end + it "should create new comment before entry" do + apply!(Puppet::Type.type(:sshd_config).new( + :name => "DenyUsers", + :value => "example_user", + :target => target, + :provider => "augeas", + :comment => 'Deny example_user access' + )) + + aug_open(target, "Sshd.lns") do |aug| + expect(aug.get("#comment[following-sibling::DenyUsers][last()]")).to eq("DenyUsers: Deny example_user access") + end + end + it "should create a simple entry for GSSAPIKexAlgorithms" do apply!(Puppet::Type.type(:sshd_config).new( :name => "GSSAPIKexAlgorithms", @@ -204,7 +218,7 @@ { "Subsystem" { "sftp" = "/usr/libexec/openssh/sftp-server" } } { "#comment" = "Example of overriding settings on a per-user basis" } - ') + ') end it "should add it next to commented out entry with different case" do @@ -229,7 +243,7 @@ { "sftp" = "/usr/libexec/openssh/sftp-server" } } { "#comment" = "Example of overriding settings on a per-user basis" } - ') + ') end it "should create an array entry" do @@ -246,6 +260,19 @@ end end + it "should create new comment before entry" do + apply!(Puppet::Type.type(:sshd_config).new( + :name => "syslogFacility", + :target => target, + :provider => "augeas", + :comment => 'more secure' + )) + + aug_open(target, "Sshd.lns") do |aug| + expect(aug.get("#comment[following-sibling::SyslogFacility][last()]")).to eq("syslogFacility: more secure") + end + end + it "should match the entire Match conditions and create new block" do apply!(Puppet::Type.type(:sshd_config).new( :name => "AllowAgentForwarding", @@ -316,6 +343,19 @@ expect(aug.match(expr)).to eq([]) end end + + it "should delete a comment" do + apply!(Puppet::Type.type(:sshd_config).new( + :name => "AllowGroups", + :ensure => "absent", + :target => target, + :provider => "augeas" + )) + + aug_open(target, "Sshd.lns") do |aug| + expect(aug.match("VisualHostKey[preceding-sibling::#comment]").size).to eq(0) + end + end end describe "when updating settings" do @@ -392,6 +432,20 @@ end end + it "should replace the comment" do + apply!(Puppet::Type.type(:sshd_config).new( + :name => "SyslogFacility", + :value => "AUTHPRIV", + :target => target, + :provider => "augeas", + :comment => 'This is a different comment' + )) + + aug_open(target, "Sshd.lns") do |aug| + expect(aug.get("#comment[following-sibling::SyslogFacility][last()]")).to eq("SyslogFacility: This is a different comment") + end + end + it "should replace settings case insensitively" do apply!(Puppet::Type.type(:sshd_config).new( :name => "PaSswordaUtheNticAtion", @@ -407,20 +461,20 @@ end context "when using array_append" do - it "should not remove existing values" do - apply!(Puppet::Type.type(:sshd_config).new( - :name => "AcceptEnv", - :value => ["BAR", "LC_TIME"], - :array_append => true, - :target => target, - :provider => "augeas" - )) - - aug_open(target, "Sshd.lns") do |aug| - expect(aug.match("AcceptEnv/*").size).to eq(17) - expect(aug.get("AcceptEnv/17")).to eq("BAR") - end + it "should not remove existing values" do + apply!(Puppet::Type.type(:sshd_config).new( + :name => "AcceptEnv", + :value => ["BAR", "LC_TIME"], + :array_append => true, + :target => target, + :provider => "augeas" + )) + + aug_open(target, "Sshd.lns") do |aug| + expect(aug.match("AcceptEnv/*").size).to eq(17) + expect(aug.get("AcceptEnv/17")).to eq("BAR") end + end end end end @@ -505,7 +559,7 @@ { "#comment" = "override default of no subsystems" } { "Subsystem" { "sftp" = "/usr/libexec/openssh/sftp-server" } } - ') + ') end it "should insert Port before the first ListenAddress" do diff --git a/spec/unit/puppet/provider/sshd_config_match/augeas_spec.rb b/spec/unit/puppet/provider/sshd_config_match/augeas_spec.rb index 08589d5..0f2c180 100644 --- a/spec/unit/puppet/provider/sshd_config_match/augeas_spec.rb +++ b/spec/unit/puppet/provider/sshd_config_match/augeas_spec.rb @@ -26,6 +26,20 @@ expect(aug.get("Match/Condition/Host")).to eq("foo") end end + + it "should create new comment before entry" do + apply!(Puppet::Type.type(:sshd_config_match).new( + :name => "Host foo", + :target => target, + :ensure => :present, + :comment => "manage host foo", + :provider => "augeas" + )) + + aug_open(target, "Sshd.lns") do |aug| + expect(aug.get("Match[Condition/Host]/Settings/#comment")).to eq("Host foo: manage host foo") + end + end end context "with full file" do @@ -90,6 +104,19 @@ expect(aug.get("Match/Condition/Fooz")).to eq("bar") end end + + it "should create new comment before entry" do + apply!(Puppet::Type.type(:sshd_config_match).new( + :name => "User bar", + :target => target, + :comment => "bar is a user", + :provider => "augeas" + )) + + aug_open(target, "Sshd.lns") do |aug| + expect(aug.get("Match[Condition/User]/Settings/#comment")).to eq("User bar: bar is a user") + end + end end context "when deleting settings" do @@ -105,6 +132,19 @@ expect(aug.match("Match/Condition/User[.='anoncvs']").size).to eq(0) end end + + it "should delete a comment" do + apply!(Puppet::Type.type(:sshd_config_match).new( + :name => "User anoncvs", + :ensure => "absent", + :target => target, + :provider => "augeas" + )) + + aug_open(target, "Ssh.lns") do |aug| + expect(aug.match("Match[Condition/User]/Settings/#comment").size).to eq(0) + end + end end context "when updating settings" do @@ -123,6 +163,19 @@ expect(aug.get("Match[2]/Settings/X11Forwarding")).to eq("no") end end + + it "should replace the comment" do + apply!(Puppet::Type.type(:sshd_config_match).new( + :name => "User anoncvs", + :target => target, + :provider => "augeas", + :comment => 'This is a different comment' + )) + + aug_open(target, "Sshd.lns") do |aug| + expect(aug.get("Match[Condition/User]/Settings/#comment")).to eq("User anoncvs: This is a different comment") + end + end end end diff --git a/spec/unit/puppet/provider/sshd_config_subsystem/augeas_spec.rb b/spec/unit/puppet/provider/sshd_config_subsystem/augeas_spec.rb index f81d7ef..8a19032 100755 --- a/spec/unit/puppet/provider/sshd_config_subsystem/augeas_spec.rb +++ b/spec/unit/puppet/provider/sshd_config_subsystem/augeas_spec.rb @@ -26,6 +26,20 @@ expect(aug.get("Subsystem/sftp")).to eq("/usr/lib/openssh/sftp-server") end end + + it "should create new comment before entry" do + apply!(Puppet::Type.type(:sshd_config_subsystem).new( + :name => "sftp", + :command => "/usr/lib/openssh/sftp-server", + :target => target, + :provider => "augeas", + :comment => 'Use the external subsystem' + )) + + aug_open(target, "Sshd.lns") do |aug| + expect(aug.get("#comment[following-sibling::Subsystem[sftp]]")).to eq("sftp: Use the external subsystem") + end + end end context "with full file" do @@ -44,7 +58,7 @@ expect(inst.size).to eq(1) expect(inst[0]).to eq({:name=>"sftp", :ensure=>:present, - :command=>"/usr/libexec/openssh/sftp-server"}) + :command=>"/usr/libexec/openssh/sftp-server"}) end describe "when creating settings" do @@ -60,6 +74,20 @@ expect(aug.get("Subsystem/mysub")).to eq("/bin/bash") end end + + it "should create new comment before entry" do + apply!(Puppet::Type.type(:sshd_config_subsystem).new( + :name => "sftp2", + :command => "/usr/lib/openssh/sftp-server2", + :target => target, + :provider => "augeas", + :comment => 'Use the external subsystem' + )) + + aug_open(target, "Sshd.lns") do |aug| + expect(aug.get("#comment[following-sibling::Subsystem[sftp2]][last()]")).to eq("sftp2: Use the external subsystem") + end + end end describe "when deleting settings" do @@ -80,6 +108,19 @@ expect(aug.match(expr)).to eq([]) end end + + it "should delete a comment" do + apply!(Puppet::Type.type(:sshd_config_subsystem).new( + :name => "sftp", + :command => "/usr/lib/openssh/sftp-server", + :target => target, + :provider => "augeas", + )) + + aug_open(target, "Sshd.lns") do |aug| + expect(aug.get("#comment[following-sibling::Subsystem[sftp][1]]")).to eq(nil) + end + end end describe "when updating settings" do @@ -95,6 +136,20 @@ expect(aug.get("Subsystem/sftp")).to eq("/bin/bash") end end + + it "should replace the comment" do + apply!(Puppet::Type.type(:sshd_config_subsystem).new( + :name => "sftp", + :command => "/usr/lib/openssh/sftp-server", + :target => target, + :provider => "augeas", + :comment => 'A different comment' + )) + + aug_open(target, "Sshd.lns") do |aug| + expect(aug.get("#comment[following-sibling::Subsystem[sftp]][last()]")).to eq("sftp: A different comment") + end + end end end