sshd_config_match doesn't handle meta characters properly

[raybellis]

The comment field in an sshd_config_match block is auto-generated and may end up containing regex meta-characters in the resource name field, which fail to match correctly and cause repeated "corrective" updates.

This patch ensures that the resource name is escaped before it's passed into the RE that matches for ^#{resource[:name]}:\s*/i.

[coveralls]

Coverage decreased (-65.7%) to 31.209% when pulling 0617d49 on raybellis:master into a0f3728 on hercules-team:master.

[coveralls]

Coverage decreased (-65.7%) to 31.209% when pulling 0617d49 on raybellis:master into a0f3728 on hercules-team:master.

[raybellis]

I think these new CI errors are issues with Travis rather than with the code.

[raphink]

Thanks for this. Could you add a unit test for this please?

[raybellis]

Sorry - not sure how. We were able to figure out the Ruby code sufficiently to identify and resolve the issue, but we've no familiarity with the test framework you use.

What I can tell you is that lines such as Match 192.168.*.5 would typically match, because the .* does actually match (albeit technically it would also overmatch many other strings). However Match fe80:* would fail.

[raybellis]

p.s. I consider this a bug, not an enhancement. With * wildcard matches being common in ssh match rules, it's pretty important that they work properly. Having a manifest return status code 2 because it tries to fix up the file every time the puppet agent runs is a giant PITA.

[vox-pupuli-tasks]

Dear @raybellis, thanks for the PR!

This is Vox Pupuli Tasks, your friendly Vox Pupuli Github Bot. I noticed that your pull request has CI failures. Can you please have a look at the failing CI jobs?
If you need any help, you can reach out to us on our IRC channel voxpupuli on Freenode or our Slack channel voxpupuli at slack.puppet.com.
You can find my sourcecode at voxpupuli/vox-pupuli-tasks