Skip to content

Instantly share code, notes, and snippets.

@tom-krieger

tom-krieger/.sync.yml

Last active October 6, 2020 17:54
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save tom-krieger/c4f892e7c014679d09d0cdf4c122d184 to your computer and use it in GitHub Desktop.
Save tom-krieger/c4f892e7c014679d09d0cdf4c122d184 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
.sync.yml
---
Gemfile:
optional:
':development':
- gem: 'github_changelog_generator'
git: 'https://github.com/skywinder/github-changelog-generator'
ref: '20ee04ba1234e9e83eb2ffb5056e23d641c7a018'
condition: "Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.2.2')"
- gem: 'puppet_litmus'
git: 'https://github.com/puppetlabs/puppet_litmus.git'
- gem: 'serverspec'
- gem: 'hiera-puppet-helper'
spec/spec_helper.rb:
mock_with: ':rspec'
spec_overrides:
- 'RSpec.configure do |c|'
- " c.after(:suite) do"
- " RSpec::Puppet::Coverage.report!"
- " end"
- "end"
".rubocop.yml":
default_configs:
inherit_from: ".rubocop_todo.yml"
require:
- rubocop-i18n
- rubocop-rspec
Raw
acceptance_test_example.rb
require 'spec_helper_acceptance'
pp_alt_ssh_dir = <<-PUPPETCODE
class { sshkeymgmt:
users => {
test1 => {
ensure => present,
gid => 5001,
uid => 5001,
homedir => '/home/test1',
sshkeys => ['ssh-rsa AAAA...Hot Test1'],
},
test2 => {
ensure => present,
gid => 5002,
uid => 5002,
homedir => '/home/test2',
sshkeys => ['ssh-rsa AAAA...pnd Test2'],
},
},
groups => {
test1 => {
gid => 5001,
ensure => present,
},
test2 => {
gid => 5002,
ensure => present,
},
},
ssh_key_groups => {
ssh1 => {
ssh_users => ['test1', 'test2'],
},
},
authorized_keys_base_dir => '/tmp/test',
authorized_keys_owner => 'root',
authorized_keys_group => 'root',
authorized_keys_permissions => '0644',
authorized_keys_base_dir_permissions => '0755',
}
PUPPETCODE
pp_ssh_dir_in_user_home = <<-PUPPETCODE
class { sshkeymgmt:
users => {
test1 => {
ensure => present,
gid => 5001,
uid => 5001,
homedir => '/home/test1',
sshkeys => ['ssh-rsa AAAA...Hot Test1'],
},
test2 => {
ensure => present,
gid => 5002,
uid => 5002,
homedir => '/home/test2',
sshkeys => ['ssh-rsa AAAA...pnd Test2'],
},
},
groups => {
test1 => {
gid => 5001,
ensure => present,
},
test2 => {
gid => 5002,
ensure => present,
},
},
ssh_key_groups => {
ssh1 => {
ssh_users => ['test1', 'test2'],
},
},
authorized_keys_base_dir => '',
authorized_keys_owner => '',
authorized_keys_group => '',
authorized_keys_permissions => '',
authorized_keys_base_dir_permissions => '',
}
PUPPETCODE
# @summary: Helper function to run common functionality of MOTD acceptance tests.
# Applies the manifest twice, if not windows checks for file against expected contents.
# If a Debian dynamic test bool is given as true, executes a test for that platform.
# @param [string] pp: Class MOTD definition to be tested
# @param [string] expected_contain: Expected contents of the MOTD file to be compared
# @param [string] filename: MOTD file to be tested
def test_sshkeys(pp, expected_contain, filename)
idempotent_apply(pp)
return unless os[:family] != 'windows'
expect(file(filename)).to be_file
expect(file(filename)).to contain expected_contain
end
describe 'Manage ssh keys' do
context 'when alternate ssh dir is used for ssh keys user test1' do
it do
test_sshkeys(pp_alt_ssh_dir, 'ssh-rsa AAAA...Hot Test1', '/tmp/test/test1.authorized_keys')
end
end
context 'when alternate ssh dir is used for ssh keys user test2' do
it do
test_sshkeys(pp_alt_ssh_dir, 'ssh-rsa AAAA...pnd Test2', '/tmp/test/test2.authorized_keys')
end
end
context 'when alternate ssh dir is used for ssh keys group entry test1' do
it do
test_sshkeys(pp_alt_ssh_dir, 'test1:x:5001:', '/etc/group')
end
end
context 'when alternate ssh dir is used for ssh keys group entry test2' do
it do
test_sshkeys(pp_alt_ssh_dir, 'test2:x:5002:', '/etc/group')
end
end
context 'when ssh keys reside within user home dir user test1' do
it do
test_sshkeys(pp_ssh_dir_in_user_home, 'ssh-rsa AAAA...Hot Test1', '/home/test1/.ssh/authorized_keys')
end
end
context 'when ssh keys reside within user home dir user test2' do
it do
test_sshkeys(pp_ssh_dir_in_user_home, 'ssh-rsa AAAA...pnd Test2', '/home/test2/.ssh/authorized_keys')
end
end
context 'when ssh keys reside within user home dir group entry test1' do
it do
test_sshkeys(pp_alt_ssh_dir, 'test1:x:5001:', '/etc/group')
end
end
context 'when ssh keys reside within user home dir group entry test2' do
it do
test_sshkeys(pp_alt_ssh_dir, 'test2:x:5002:', '/etc/group')
end
end
end
Raw
pdk_unit_test_example.rb
require 'spec_helper'
require 'pp'
describe 'sshkeymgmt' do
on_supported_os.each do |os, os_facts|
context "on #{os} with wrong parameters" do
let(:facts) { os_facts }
let(:params) do
{
'users' => {
'test1' => {
'ensure' => 'present',
'gid' => 5001,
'uid' => 5001,
'homedir' => '/home/test1',
'sshkeys' => ['ssh-rsa AAAA...Hot Test1'],
},
'test2' => {
'ensure' => 'present',
'gid' => 5002,
'uid' => 5002,
'homedir' => '/home/test2',
'sshkeys' => ['ssh-rsa AAAA...pnd Test2'],
},
'test4' => {
'ensure' => 'absent',
'gid' => 5002,
'uid' => 5002,
},
},
'groups' => {
'test1' => {
'gid' => 5001,
'ensure' => 'present',
},
'test2' => {
'gid' => 5002,
'ensure' => 'present',
},
},
'ssh_key_groups' => {
'ssh1' => {
'ssh_users' => ['test1', 'test2'],
},
},
'authorized_keys_base_dir' => '/tmp/test',
}
end
it { is_expected.to compile.and_raise_error(%r{authorized_keys_owner, authorized_keys_group, authorized_keys_base_dir_permissions and authorized_keys_permissions must be set as well}) }
end
context "on #{os} with alternate ssh directory" do
let(:facts) { os_facts }
let(:params) do
{
'users' => {
'test1' => {
'ensure' => 'present',
'gid' => 5001,
'uid' => 5001,
'homedir' => '/home/test1',
'sshkeys' => ['ssh-rsa AAAA...Hot Test1'],
},
'test2' => {
'ensure' => 'present',
'gid' => 5002,
'uid' => 5002,
'homedir' => '/home/test2',
'sshkeys' => ['ssh-rsa AAAA...pnd Test2'],
},
'test4' => {
'ensure' => 'absent',
'gid' => 5002,
'uid' => 5002,
},
},
'groups' => {
'test1' => {
'gid' => 5001,
'ensure' => 'present',
},
'test2' => {
'gid' => 5002,
'ensure' => 'present',
},
},
'ssh_key_groups' => {
'ssh1' => {
'ssh_users' => ['test1', 'test2'],
},
},
'authorized_keys_base_dir' => '/tmp/test',
'authorized_keys_owner' => 'root',
'authorized_keys_group' => 'root',
'authorized_keys_permissions' => '0644',
'authorized_keys_base_dir_permissions' => '0755',
}
end
it { is_expected.to compile }
it do
if ENV['DEBUG']
pp catalogue.resources
end
is_expected.to contain_file('/tmp/test')
.with(
'ensure' => 'directory',
'owner' => 'root',
'group' => 'root',
'mode' => '0755',
)
is_expected.to contain_concat('/tmp/test/test1.authorized_keys')
.with(
'ensure' => 'present',
'owner' => 'root',
'group' => 'root',
'mode' => '0644',
)
is_expected.to contain_concat('/tmp/test/test2.authorized_keys')
.with(
'ensure' => 'present',
'owner' => 'root',
'group' => 'root',
'mode' => '0644',
)
is_expected.to contain_group('test1')
.with(
'ensure' => 'present',
'gid' => '5001',
)
is_expected.to contain_group('test2')
.with(
'ensure' => 'present',
'gid' => '5002',
)
end
end # end context
context "on #{os} with home directory" do
let(:facts) { os_facts }
let(:params) do
{
'users' => {
'test1' => {
'ensure' => 'present',
'gid' => 5001,
'uid' => 5001,
'homedir' => '/home/test1',
'sshkeys' => ['ssh-rsa AAAA...Hot Test1'],
},
'test2' => {
'ensure' => 'present',
'gid' => 5002,
'uid' => 5002,
'homedir' => '/home/test2',
'sshkeys' => ['ssh-rsa AAAA...pnd Test2'],
},
'test4' => {
'ensure' => 'absent',
'gid' => 5002,
'uid' => 5002,
},
},
'groups' => {
'test1' => {
'gid' => 5001,
'ensure' => 'present',
},
'test2' => {
'gid' => 5002,
'ensure' => 'present',
},
},
'ssh_key_groups' => {
'ssh1' => {
'ssh_users' => ['test1', 'test2'],
},
},
'authorized_keys_base_dir' => '',
'authorized_keys_owner' => '',
'authorized_keys_group' => '',
'authorized_keys_permissions' => '',
'authorized_keys_base_dir_permissions' => '',
}
end
it { is_expected.to compile }
it do
if ENV['DEBUG']
pp catalogue.resources
end
is_expected.to contain_file('/home/test1/.ssh')
.with(
'ensure' => 'directory',
'owner' => 5001,
'group' => 5001,
'mode' => '0755',
)
.that_requires('User[test1]')
is_expected.to contain_file('/home/test2/.ssh')
.with(
'ensure' => 'directory',
'owner' => 5002,
'group' => 5002,
'mode' => '0755',
)
.that_requires('User[test2]')
is_expected.to contain_concat('/home/test1/.ssh/authorized_keys')
.with(
'ensure' => 'present',
'owner' => '5001',
'group' => '5001',
'mode' => '0644',
)
is_expected.to contain_concat('/home/test2/.ssh/authorized_keys')
.with(
'ensure' => 'present',
'owner' => '5002',
'group' => '5002',
'mode' => '0644',
)
is_expected.to contain_user('test1')
.with(
'ensure' => 'present',
'gid' => 5001,
'home' => '/home/test1',
'managehome' => true,
'uid' => 5001,
)
is_expected.to contain_user('test2')
.with(
'ensure' => 'present',
'gid' => 5002,
'home' => '/home/test2',
'managehome' => true,
'uid' => 5002,
)
is_expected.to contain_group('test1')
.with(
'ensure' => 'present',
'gid' => '5001',
)
is_expected.to contain_group('test2')
.with(
'ensure' => 'present',
'gid' => '5002',
)
is_expected.to contain_sshkeymgmt__create_user('test1')
is_expected.to contain_sshkeymgmt__create_user('test2')
is_expected.to contain_sshkeymgmt__add_users('ssh1')
is_expected.to contain_concat__fragment('5001-5001-auth')
.with(
'target' => '/home/test1/.ssh/authorized_keys',
)
is_expected.to contain_concat__fragment('5002-5002-auth')
.with(
'target' => '/home/test2/.ssh/authorized_keys',
)
end
end # end context
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment