diff --git a/.github/workflows/pr_tests.yml b/.github/workflows/pr_tests.yml index 21ca28c..bcc5fb0 100644 --- a/.github/workflows/pr_tests.yml +++ b/.github/workflows/pr_tests.yml @@ -35,7 +35,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - name: "Install Ruby ${{matrix.puppet.ruby_version}}" + - name: "Install Ruby 2.7" uses: ruby/setup-ruby@v1 # ruby/setup-ruby@ec106b438a1ff6ff109590de34ddc62c540232e0 with: ruby-version: 2.7 @@ -47,7 +47,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - name: "Install Ruby ${{matrix.puppet.ruby_version}}" + - name: "Install Ruby 2.7" uses: ruby/setup-ruby@v1 with: ruby-version: 2.7 @@ -56,13 +56,12 @@ jobs: - run: "bundle exec rake metadata_lint" ruby-style: - if: false # TODO Modules will need: rubocop in Gemfile, .rubocop.yml - name: 'Ruby Style (experimental)' + name: 'Ruby Style' runs-on: ubuntu-latest continue-on-error: true steps: - uses: actions/checkout@v3 - - name: "Install Ruby ${{matrix.puppet.ruby_version}}" + - name: "Install Ruby 2.7" uses: ruby/setup-ruby@v1 with: ruby-version: 2.7 @@ -89,7 +88,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - name: 'Install Ruby ${{matrix.puppet.ruby_version}}' + - name: 'Install Ruby 2.7' uses: ruby/setup-ruby@v1 with: ruby-version: 2.7 diff --git a/.rubocop.yml b/.rubocop.yml new file mode 100644 index 0000000..65c8c0a --- /dev/null +++ b/.rubocop.yml @@ -0,0 +1,699 @@ +--- +require: + - rubocop-performance + - rubocop-rake + - rubocop-rspec +AllCops: + NewCops: enable + DisplayCopNames: true + TargetRubyVersion: "2.7" + Include: + - "**/*.rb" + Exclude: + - bin/* + - ".vendor/**/*" + - pkg/**/* + - spec/fixtures/**/* + - vendor/**/* + - "**/Puppetfile" + - "**/Vagrantfile" + - "**/Guardfile" +Layout/LineLength: + Description: People have wide screens, use them. + Max: 200 +RSpec/BeforeAfterAll: + Description: + Beware of using after(:all) as it may cause state to leak between tests. + A necessary evil in acceptance testing. + Exclude: + - spec/acceptance/**/*.rb +RSpec/HookArgument: + Description: Prefer explicit :each argument, matching existing module's style + EnforcedStyle: each +RSpec/DescribeSymbol: + Exclude: + - spec/unit/facter/**/*.rb +Style/BlockDelimiters: + Description: + Prefer braces for chaining. Mostly an aesthetical choice. Better to + be consistent then. + EnforcedStyle: braces_for_chaining +Style/ClassAndModuleChildren: + Description: Compact style reduces the required amount of indentation. + EnforcedStyle: compact +Style/EmptyElse: + Description: Enforce against empty else clauses, but allow `nil` for clarity. + EnforcedStyle: empty +Style/FormatString: + Description: Following the main puppet project's style, prefer the % format format. + EnforcedStyle: percent +Style/FormatStringToken: + Description: + Following the main puppet project's style, prefer the simpler template + tokens over annotated ones. + EnforcedStyle: template +Style/Lambda: + Description: Prefer the keyword for easier discoverability. + EnforcedStyle: literal +Style/RegexpLiteral: + Description: Community preference. See https://github.com/voxpupuli/modulesync_config/issues/168 + EnforcedStyle: percent_r +Style/TernaryParentheses: + Description: + Checks for use of parentheses around ternary conditions. Enforce parentheses + on complex expressions for better readability, but seriously consider breaking + it up. + EnforcedStyle: require_parentheses_when_complex +Style/TrailingCommaInArguments: + Description: + Prefer always trailing comma on multiline argument lists. This makes + diffs, and re-ordering nicer. + EnforcedStyleForMultiline: comma +Style/TrailingCommaInArrayLiteral: + Description: + Prefer always trailing comma on multiline literals. This makes diffs, + and re-ordering nicer. + EnforcedStyleForMultiline: comma +Style/SymbolArray: + Description: Using percent style obscures symbolic intent of array's contents. + EnforcedStyle: brackets +RSpec/MessageSpies: + EnforcedStyle: receive +Style/Documentation: + Exclude: + - lib/puppet/parser/functions/**/* + - spec/**/* +Style/WordArray: + EnforcedStyle: brackets +Performance/AncestorsInclude: + Enabled: true +Performance/BigDecimalWithNumericArgument: + Enabled: true +Performance/BlockGivenWithExplicitBlock: + Enabled: true +Performance/CaseWhenSplat: + Enabled: true +Performance/ConstantRegexp: + Enabled: true +Performance/MethodObjectAsBlock: + Enabled: true +Performance/RedundantSortBlock: + Enabled: true +Performance/RedundantStringChars: + Enabled: true +Performance/ReverseFirst: + Enabled: true +Performance/SortReverse: + Enabled: true +Performance/Squeeze: + Enabled: true +Performance/StringInclude: + Enabled: true +Performance/Sum: + Enabled: true +Style/CollectionMethods: + Enabled: true +Style/MethodCalledOnDoEndBlock: + Enabled: true +Style/StringMethods: + Enabled: true +Bundler/GemFilename: + Enabled: false +Bundler/InsecureProtocolSource: + Enabled: false +Gemspec/DuplicatedAssignment: + Enabled: false +Gemspec/OrderedDependencies: + Enabled: false +Gemspec/RequiredRubyVersion: + Enabled: false +Gemspec/RubyVersionGlobalsUsage: + Enabled: false +Layout/ArgumentAlignment: + Enabled: false +Layout/BeginEndAlignment: + Enabled: false +Layout/ClosingHeredocIndentation: + Enabled: false +Layout/EmptyComment: + Enabled: false +Layout/EmptyLineAfterGuardClause: + Enabled: false +Layout/EmptyLinesAroundArguments: + Enabled: false +Layout/EmptyLinesAroundAttributeAccessor: + Enabled: false +Layout/EndOfLine: + Enabled: false +Layout/FirstArgumentIndentation: + Enabled: false +Layout/HashAlignment: + Enabled: false +Layout/HeredocIndentation: + Enabled: false +Layout/LeadingEmptyLines: + Enabled: false +Layout/SpaceAroundMethodCallOperator: + Enabled: false +Layout/SpaceInsideArrayLiteralBrackets: + Enabled: false +Layout/SpaceInsideReferenceBrackets: + Enabled: false +Lint/BigDecimalNew: + Enabled: false +Lint/BooleanSymbol: + Enabled: false +Lint/ConstantDefinitionInBlock: + Enabled: false +Lint/DeprecatedOpenSSLConstant: + Enabled: false +Lint/DisjunctiveAssignmentInConstructor: + Enabled: false +Lint/DuplicateElsifCondition: + Enabled: false +Lint/DuplicateRequire: + Enabled: false +Lint/DuplicateRescueException: + Enabled: false +Lint/EmptyConditionalBody: + Enabled: false +Lint/EmptyFile: + Enabled: false +Lint/ErbNewArguments: + Enabled: false +Lint/FloatComparison: + Enabled: false +Lint/HashCompareByIdentity: + Enabled: false +Lint/IdentityComparison: + Enabled: false +Lint/InterpolationCheck: + Enabled: false +Lint/MissingCopEnableDirective: + Enabled: false +Lint/MixedRegexpCaptureTypes: + Enabled: false +Lint/NestedPercentLiteral: + Enabled: false +Lint/NonDeterministicRequireOrder: + Enabled: false +Lint/OrderedMagicComments: + Enabled: false +Lint/OutOfRangeRegexpRef: + Enabled: false +Lint/RaiseException: + Enabled: false +Lint/RedundantCopEnableDirective: + Enabled: false +Lint/RedundantRequireStatement: + Enabled: false +Lint/RedundantSafeNavigation: + Enabled: false +Lint/RedundantWithIndex: + Enabled: false +Lint/RedundantWithObject: + Enabled: false +Lint/RegexpAsCondition: + Enabled: false +Lint/ReturnInVoidContext: + Enabled: false +Lint/SafeNavigationConsistency: + Enabled: false +Lint/SafeNavigationWithEmpty: + Enabled: false +Lint/SelfAssignment: + Enabled: false +Lint/SendWithMixinArgument: + Enabled: false +Lint/ShadowedArgument: + Enabled: false +Lint/StructNewOverride: + Enabled: false +Lint/ToJSON: + Enabled: false +Lint/TopLevelReturnWithArgument: + Enabled: false +Lint/TrailingCommaInAttributeDeclaration: + Enabled: false +Lint/UnreachableLoop: + Enabled: false +Lint/UriEscapeUnescape: + Enabled: false +Lint/UriRegexp: + Enabled: false +Lint/UselessMethodDefinition: + Enabled: false +Lint/UselessTimes: + Enabled: false +Metrics/AbcSize: + Enabled: false +Metrics/BlockLength: + Enabled: false +Metrics/BlockNesting: + Enabled: false +Metrics/ClassLength: + Enabled: false +Metrics/CyclomaticComplexity: + Enabled: false +Metrics/MethodLength: + Enabled: false +Metrics/ModuleLength: + Enabled: false +Metrics/ParameterLists: + Enabled: false +Metrics/PerceivedComplexity: + Enabled: false +Migration/DepartmentName: + Enabled: false +Naming/AccessorMethodName: + Enabled: false +Naming/BlockParameterName: + Enabled: false +Naming/HeredocDelimiterCase: + Enabled: false +Naming/HeredocDelimiterNaming: + Enabled: false +Naming/MemoizedInstanceVariableName: + Enabled: false +Naming/MethodParameterName: + Enabled: false +Naming/RescuedExceptionsVariableName: + Enabled: false +Naming/VariableNumber: + Enabled: false +Performance/BindCall: + Enabled: false +Performance/DeletePrefix: + Enabled: false +Performance/DeleteSuffix: + Enabled: false +Performance/InefficientHashSearch: + Enabled: false +Performance/UnfreezeString: + Enabled: false +Performance/UriDefaultParser: + Enabled: false +RSpec/Be: + Enabled: false +RSpec/Dialect: + Enabled: false +RSpec/ContainExactly: + Enabled: false +RSpec/ContextMethod: + Enabled: false +RSpec/ContextWording: + Enabled: false +RSpec/DescribeClass: + Enabled: false +RSpec/EmptyHook: + Enabled: false +RSpec/EmptyLineAfterExample: + Enabled: false +RSpec/EmptyLineAfterExampleGroup: + Enabled: false +RSpec/EmptyLineAfterHook: + Enabled: false +RSpec/ExampleLength: + Enabled: false +RSpec/ExampleWithoutDescription: + Enabled: false +RSpec/ExpectChange: + Enabled: false +RSpec/ExpectInHook: + Enabled: false +RSpec/HooksBeforeExamples: + Enabled: false +RSpec/ImplicitBlockExpectation: + Enabled: false +RSpec/ImplicitSubject: + Enabled: false +RSpec/LeakyConstantDeclaration: + Enabled: false +RSpec/LetBeforeExamples: + Enabled: false +RSpec/MatchArray: + Enabled: false +RSpec/MissingExampleGroupArgument: + Enabled: false +RSpec/MultipleExpectations: + Enabled: false +RSpec/MultipleMemoizedHelpers: + Enabled: false +RSpec/MultipleSubjects: + Enabled: false +RSpec/NestedGroups: + Enabled: false +RSpec/PredicateMatcher: + Enabled: false +RSpec/ReceiveCounts: + Enabled: false +RSpec/ReceiveNever: + Enabled: false +RSpec/RepeatedExampleGroupBody: + Enabled: false +RSpec/RepeatedExampleGroupDescription: + Enabled: false +RSpec/RepeatedIncludeExample: + Enabled: false +RSpec/ReturnFromStub: + Enabled: false +RSpec/SharedExamples: + Enabled: false +RSpec/StubbedMock: + Enabled: false +RSpec/UnspecifiedException: + Enabled: false +RSpec/VariableDefinition: + Enabled: false +RSpec/VoidExpect: + Enabled: false +RSpec/Yield: + Enabled: false +Security/Open: + Enabled: false +Style/AccessModifierDeclarations: + Enabled: false +Style/AccessorGrouping: + Enabled: false +Style/BisectedAttrAccessor: + Enabled: false +Style/CaseLikeIf: + Enabled: false +Style/ClassEqualityComparison: + Enabled: false +Style/ColonMethodDefinition: + Enabled: false +Style/CombinableLoops: + Enabled: false +Style/CommentedKeyword: + Enabled: false +Style/Dir: + Enabled: false +Style/DoubleCopDisableDirective: + Enabled: false +Style/EmptyBlockParameter: + Enabled: false +Style/EmptyLambdaParameter: + Enabled: false +Style/Encoding: + Enabled: false +Style/EvalWithLocation: + Enabled: false +Style/ExpandPathArguments: + Enabled: false +Style/ExplicitBlockArgument: + Enabled: false +Style/ExponentialNotation: + Enabled: false +Style/FloatDivision: + Enabled: false +Style/FrozenStringLiteralComment: + Enabled: false +Style/GlobalStdStream: + Enabled: false +Style/HashAsLastArrayItem: + Enabled: false +Style/HashLikeCase: + Enabled: false +Style/HashTransformKeys: + Enabled: false +Style/HashTransformValues: + Enabled: false +Style/IfUnlessModifier: + Enabled: false +Style/KeywordParametersOrder: + Enabled: false +Style/MinMax: + Enabled: false +Style/MixinUsage: + Enabled: false +Style/MultilineWhenThen: + Enabled: false +Style/NegatedUnless: + Enabled: false +Style/NumericPredicate: + Enabled: false +Style/OptionalBooleanParameter: + Enabled: false +Style/OrAssignment: + Enabled: false +Style/RandomWithOffset: + Enabled: false +Style/RedundantAssignment: + Enabled: false +Style/RedundantCondition: + Enabled: false +Style/RedundantConditional: + Enabled: false +Style/RedundantFetchBlock: + Enabled: false +Style/RedundantFileExtensionInRequire: + Enabled: false +Style/RedundantRegexpCharacterClass: + Enabled: false +Style/RedundantRegexpEscape: + Enabled: false +Style/RedundantSelfAssignment: + Enabled: false +Style/RedundantSort: + Enabled: false +Style/RescueStandardError: + Enabled: false +Style/SingleArgumentDig: + Enabled: false +Style/SlicingWithRange: + Enabled: false +Style/SoleNestedConditional: + Enabled: false +Style/StderrPuts: + Enabled: false +Style/StringConcatenation: + Enabled: false +Style/Strip: + Enabled: false +Style/SymbolProc: + Enabled: false +Style/TrailingBodyOnClass: + Enabled: false +Style/TrailingBodyOnMethodDefinition: + Enabled: false +Style/TrailingBodyOnModule: + Enabled: false +Style/TrailingCommaInHashLiteral: + Enabled: false +Style/TrailingMethodEndStatement: + Enabled: false +Style/UnpackFirst: + Enabled: false +Gemspec/DeprecatedAttributeAssignment: + Enabled: false +Gemspec/DevelopmentDependencies: + Enabled: false +Gemspec/RequireMFA: + Enabled: false +Layout/LineContinuationLeadingSpace: + Enabled: false +Layout/LineContinuationSpacing: + Enabled: false +Layout/LineEndStringConcatenationIndentation: + Enabled: false +Layout/SpaceBeforeBrackets: + Enabled: false +Lint/AmbiguousAssignment: + Enabled: false +Lint/AmbiguousOperatorPrecedence: + Enabled: false +Lint/AmbiguousRange: + Enabled: false +Lint/ConstantOverwrittenInRescue: + Enabled: false +Lint/DeprecatedConstants: + Enabled: false +Lint/DuplicateBranch: + Enabled: false +Lint/DuplicateMagicComment: + Enabled: false +Lint/DuplicateMatchPattern: + Enabled: false +Lint/DuplicateRegexpCharacterClassElement: + Enabled: false +Lint/EmptyBlock: + Enabled: false +Lint/EmptyClass: + Enabled: false +Lint/EmptyInPattern: + Enabled: false +Lint/IncompatibleIoSelectWithFiberScheduler: + Enabled: false +Lint/LambdaWithoutLiteralBlock: + Enabled: false +Lint/NoReturnInBeginEndBlocks: + Enabled: false +Lint/NonAtomicFileOperation: + Enabled: false +Lint/NumberedParameterAssignment: + Enabled: false +Lint/OrAssignmentToConstant: + Enabled: false +Lint/RedundantDirGlobSort: + Enabled: false +Lint/RefinementImportMethods: + Enabled: false +Lint/RequireRangeParentheses: + Enabled: false +Lint/RequireRelativeSelfPath: + Enabled: false +Lint/SymbolConversion: + Enabled: false +Lint/ToEnumArguments: + Enabled: false +Lint/TripleQuotes: + Enabled: false +Lint/UnexpectedBlockArity: + Enabled: false +Lint/UnmodifiedReduceAccumulator: + Enabled: false +Lint/UselessRescue: + Enabled: false +Lint/UselessRuby2Keywords: + Enabled: false +Metrics/CollectionLiteralLength: + Enabled: false +Naming/BlockForwarding: + Enabled: false +Performance/CollectionLiteralInLoop: + Enabled: false +Performance/ConcurrentMonotonicTime: + Enabled: false +Performance/MapCompact: + Enabled: false +Performance/RedundantEqualityComparisonBlock: + Enabled: false +Performance/RedundantSplitRegexpArgument: + Enabled: false +Performance/StringIdentifierArgument: + Enabled: false +RSpec/BeEq: + Enabled: false +RSpec/BeNil: + Enabled: false +RSpec/ChangeByZero: + Enabled: false +RSpec/ClassCheck: + Enabled: false +RSpec/DuplicatedMetadata: + Enabled: false +RSpec/ExcessiveDocstringSpacing: + Enabled: false +RSpec/IdenticalEqualityAssertion: + Enabled: false +RSpec/NoExpectationExample: + Enabled: false +RSpec/PendingWithoutReason: + Enabled: false +RSpec/RedundantAround: + Enabled: false +RSpec/SkipBlockInsideExample: + Enabled: false +RSpec/SortMetadata: + Enabled: false +RSpec/SubjectDeclaration: + Enabled: false +RSpec/VerifiedDoubleReference: + Enabled: false +Security/CompoundHash: + Enabled: false +Security/IoMethods: + Enabled: false +Style/ArgumentsForwarding: + Enabled: false +Style/ArrayIntersect: + Enabled: false +Style/CollectionCompact: + Enabled: false +Style/ComparableClamp: + Enabled: false +Style/ConcatArrayLiterals: + Enabled: false +Style/DataInheritance: + Enabled: false +Style/DirEmpty: + Enabled: false +Style/DocumentDynamicEvalDefinition: + Enabled: false +Style/EmptyHeredoc: + Enabled: false +Style/EndlessMethod: + Enabled: false +Style/EnvHome: + Enabled: false +Style/FetchEnvVar: + Enabled: false +Style/FileEmpty: + Enabled: false +Style/FileRead: + Enabled: false +Style/FileWrite: + Enabled: false +Style/HashConversion: + Enabled: false +Style/HashExcept: + Enabled: false +Style/IfWithBooleanLiteralBranches: + Enabled: false +Style/InPatternThen: + Enabled: false +Style/MagicCommentFormat: + Enabled: false +Style/MapCompactWithConditionalBlock: + Enabled: false +Style/MapToHash: + Enabled: false +Style/MapToSet: + Enabled: false +Style/MinMaxComparison: + Enabled: false +Style/MultilineInPatternThen: + Enabled: false +Style/NegatedIfElseCondition: + Enabled: false +Style/NestedFileDirname: + Enabled: false +Style/NilLambda: + Enabled: false +Style/NumberedParameters: + Enabled: false +Style/NumberedParametersLimit: + Enabled: false +Style/ObjectThen: + Enabled: false +Style/OpenStructUse: + Enabled: false +Style/OperatorMethodCall: + Enabled: false +Style/QuotedSymbols: + Enabled: false +Style/RedundantArgument: + Enabled: false +Style/RedundantConstantBase: + Enabled: false +Style/RedundantDoubleSplatHashBraces: + Enabled: false +Style/RedundantEach: + Enabled: false +Style/RedundantHeredocDelimiterQuotes: + Enabled: false +Style/RedundantInitialize: + Enabled: false +Style/RedundantLineContinuation: + Enabled: false +Style/RedundantSelfAssignmentBranch: + Enabled: false +Style/RedundantStringEscape: + Enabled: false +Style/SelectByRegexp: + Enabled: false +Style/StringChars: + Enabled: false +Style/SwapValues: + Enabled: false diff --git a/Gemfile b/Gemfile index e74c3da..7c330d6 100644 --- a/Gemfile +++ b/Gemfile @@ -10,16 +10,23 @@ ENV['PDK_DISABLE_ANALYTICS'] ||= 'true' gem_sources.each { |gem_source| source gem_source } +group :syntax do + gem 'metadata-json-lint' + gem 'puppet-lint-trailing_comma-check', require: false + gem 'rubocop', '~> 1.68.0' + gem 'rubocop-performance', '~> 1.23.0' + gem 'rubocop-rake', '~> 0.6.0' + gem 'rubocop-rspec', '~> 3.2.0' +end + group :test do puppet_version = ENV.fetch('PUPPET_VERSION', ['>= 7', '< 9']) major_puppet_version = Array(puppet_version).first.scan(%r{(\d+)(?:\.|\Z)}).flatten.first.to_i gem 'hiera-puppet-helper' - gem 'metadata-json-lint' gem 'pathspec', '~> 0.2' if Gem::Requirement.create('< 2.6').satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) gem('pdk', ENV.fetch('PDK_VERSION', ['>= 2.0', '< 4.0']), require: false) if major_puppet_version > 5 gem 'puppet', puppet_version gem 'puppetlabs_spec_helper' - gem 'puppet-lint-trailing_comma-check', require: false gem 'puppet-strings' gem 'rake' gem 'rspec' diff --git a/lib/facter/sssd_version.rb b/lib/facter/sssd_version.rb index ddc2e02..6cf529e 100644 --- a/lib/facter/sssd_version.rb +++ b/lib/facter/sssd_version.rb @@ -6,6 +6,6 @@ confine { sssd } setcode do - %x{sssd --version}.strip + `sssd --version`.strip end end diff --git a/spec/acceptance/suites/ad/00_setup_ad_spec.rb b/spec/acceptance/suites/ad/00_setup_ad_spec.rb index 66a8bcc..090e54d 100644 --- a/spec/acceptance/suites/ad/00_setup_ad_spec.rb +++ b/spec/acceptance/suites/ad/00_setup_ad_spec.rb @@ -5,15 +5,14 @@ test_name 'Prepare Windows for AD' describe 'AD' do - - ad_servers = hosts_with_role(hosts,'ad') + ad_servers = hosts_with_role(hosts, 'ad') domain_pass = '@dm1n=P@ssw0r' ad_servers.each do |server| domain = fact_on(server, 'domain').strip - ldap_dc = domain.split('.').map{|x| "DC=#{x}"}.join(',') + ldap_dc = domain.split('.').map { |x| "DC=#{x}" }.join(',') - it 'should install the AD feature' do + it 'installs the AD feature' do # https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/install-active-directory-domain-services--level-100-#BKMK_PS exec_ps_script_on(server, 'Install-WindowsFeature AD-Domain-Services -IncludeManagementTools') exec_ps_script_on(server, 'Import-Module ADDSDeployment') @@ -25,19 +24,19 @@ %(-DomainName "#{domain}"), '-InstallDns', '-SafeModeAdministratorPassword $Pass', - '-LogPath C:\Windows\Logs' + '-LogPath C:\Windows\Logs', ].join(' ') # this command reboots the system on(server, exec_ps_cmd(forest_cmd), expect_connection_failure: true) end - it 'should add unix compatibility' do + it 'adds unix compatibility' do # on(server, exec_ps_cmd('dism.exe /online /enable-feature /featurename:adminui /featurename:nis /all /quiet')) on(server, exec_ps_cmd('Enable-WindowsOptionalFeature -Online -FeatureName NIS -All -NoRestart')) on(server, exec_ps_cmd('Enable-WindowsOptionalFeature -Online -FeatureName AdminUI -All -NoRestart')) end - it 'should set the time' do + it 'sets the time' do time_cmd = 'w32tm.exe /config /manualpeerlist:"time.nist.gov" /syncfromflags:manual /reliable:YES /update' on(server, time_cmd) on(server, 'w32tm.exe /config /update') @@ -53,7 +52,7 @@ it 'with a healthy forest' do # https://technet.microsoft.com/en-us/library/cc758753(v=ws.10).aspx result = on(server, 'dcdiag') - expect(result.stdout).not_to match(/failed/) + expect(result.stdout).not_to match(%r{failed}) end # it 'with a healthy DDNS service' do # result = on(server, 'dcdiag /test:dns /DnsDynamicUpdate') @@ -61,17 +60,17 @@ # end end - it 'should set the Administrator password' do + it 'sets the Administrator password' do cmd = [ '([adsi]\\"WinNT://' + domain.split('.').first.upcase + '/Administrator\\").SetPassword(\\"', domain_pass, - '\\")' + '\\")', ].join on(server, exec_ps_cmd(cmd)) end - it 'should create test users' do - users_csv = <<-EOF.gsub(/^\s{8}/,'') + it 'creates test users' do + users_csv = <<-EOF.gsub(%r{^\s{8}}, '') SamAccountName;GivenName;Surname;Name;Password mike.hammer;Mike;Hammer;Mike Hammer;suP3rP@ssw0r! john.franklin;John;Franklin;John Franklin;suP3rP@ssw0r! @@ -86,12 +85,12 @@ sleep 40 end - it 'should have users from the CSV and vagrant' do + it 'has users from the CSV and vagrant' do # https://social.technet.microsoft.com/Forums/ie/en-US/67aab9d3-1ced-4d33-8252-66a6f88713b0/exporting-ad-user-list-to-a-text-or-excel-document?forum=winserverDS result = exec_ps_script_on(server, 'Get-ADUser -Filter * -SearchBase "' + ldap_dc + '" | select Name') - expect(result.stdout).to match(/vagrant/) - expect(result.stdout).to match(/Mike Hammer/) - expect(result.stdout).to match(/John Franklin/) + expect(result.stdout).to match(%r{vagrant}) + expect(result.stdout).to match(%r{Mike Hammer}) + expect(result.stdout).to match(%r{John Franklin}) end end end diff --git a/spec/acceptance/suites/ad/50_ad_spec.rb b/spec/acceptance/suites/ad/50_ad_spec.rb index 2767676..a199a7e 100644 --- a/spec/acceptance/suites/ad/50_ad_spec.rb +++ b/spec/acceptance/suites/ad/50_ad_spec.rb @@ -3,25 +3,27 @@ test_name 'SSSD connecting to an AD' describe 'sssd class' do - clients = hosts_with_role(hosts,'client') - ad = hosts_with_role(hosts,'ad').first + clients = hosts_with_role(hosts, 'client') + ad = hosts_with_role(hosts, 'ad').first domain_pass = '@dm1n=P@ssw0r' domain = fact_on(clients.first, 'domain') - ldap_dc = domain.split('.').map{|x| "DC=#{x}"}.join(',') + ldap_dc = domain.split('.').map { |x| "DC=#{x}" }.join(',') require 'json' - ad_ip = JSON.load(on(ad, 'puppet facts').stdout)['values']['networking']['interfaces']['Ethernet 2']['ip'] + ad_ip = JSON.parse(on(ad, 'puppet facts').stdout)['values']['networking']['interfaces']['Ethernet 2']['ip'] - let(:v2_manifest) { <<-EOF + let(:v2_manifest) do + <<-EOF include 'sssd' include 'resolv' include 'pam' include 'simp::nsswitch' include 'ssh' EOF - } + end - let(:ad_manifest) { <<-EOF + let(:ad_manifest) do + <<-EOF #################################################################### # AD CONFIG sssd::domain { 'AD': @@ -50,7 +52,7 @@ krb5_store_password_if_offline => true } EOF - } + end hieradata = <<~EOM --- @@ -75,17 +77,17 @@ context 'fix the hosts file' do clients.each do |host| - it 'should install packages for testing' do + it 'installs packages for testing' do host.install_package('epel-release') host.install_package('sshpass') end # On windows hosts, beaker does not detect the domain (that or it # isn't set yet), so the bunk value must be removed and replaced with # the FQDN of the AD server - it 'should have the ad host with its fqdn' do + it 'has the ad host with its fqdn' do require 'yaml' # Find the IP of the AD host and make a new host entry with FQDN and IP - ad_host = YAML.load(on(host, "puppet resource host ad. --to_yaml").stdout) + ad_host = YAML.safe_load(on(host, 'puppet resource host ad. --to_yaml').stdout) ip = ad_host['host']['ad.']['ip'] on(host, "puppet resource host ad.#{domain} ensure=present ip=#{ip} host_aliases=ad") # Remove incorrect and incomplete hosts entry @@ -93,7 +95,7 @@ # Also remove hosts entry with just a host shortname on(host, "puppet resource host #{host} ensure=absent") end - it 'should install the realm or adcli packages' do + it 'installs the realm or adcli packages' do # Some of these packages only exist on EL6 or EL7 pp = "package { ['realmd','adcli','oddjob','oddjob-mkhomedir','samba-common-tools','pam_krb5','samba4-common','krb5-workstation']: ensure => installed }" apply_manifest_on(host, pp) @@ -105,7 +107,7 @@ clients.each do |host| client_hiera = hieradata.dup - let(:manifest){ v2_manifest } + let(:manifest) { v2_manifest } # An error is raised if the domain is already in the sssd.conf so # need to configure sssd without the domain. (It looks like this @@ -117,12 +119,12 @@ sssd::domains: [] EOM - it 'should run puppet without error configure basic SSSD' do + it 'runs puppet without error configure basic SSSD' do set_hieradata_on(host, client_hiera) apply_manifest_on(host, manifest, catch_failures: true) end - it 'should be idempotent' do + it 'is idempotent' do apply_manifest_on(host, manifest, catch_changes: true) end end @@ -130,26 +132,25 @@ context 'joining AD' do clients.each do |host| - it 'should join the AD domain' do + it 'joins the AD domain' do on(host, "echo -n '#{domain_pass}' | adcli join -v -S #{ad} -U Administrator #{domain} -H #{host}.#{domain} --stdin-password --show-details") end - it 'should have a realm listed' do + it 'has a realm listed' do result = on(host, "adcli info -S #{ad} #{domain}") - expect(result.stdout).to match(/domain-name = #{domain}/) + expect(result.stdout).to match(%r{domain-name = #{domain}}) end end end context 'when connected to AD' do - clients.each do |host| let(:manifest) { v2_manifest } - it 'should update sssd::domains in hiera' do - #you can't have the domain in sssd before joing the realm or it + it 'updates sssd::domains in hiera' do + # you can't have the domain in sssd before joing the realm or it # errors out so add it n here. - client_hiera = hieradata + <<-EOM.gsub(/^\s+/,'') + client_hiera = hieradata + <<-EOM.gsub(%r{^\s+}, '') simp_options::dns::servers: ["#{ad_ip}"] sssd::domains: ['AD'] EOM @@ -157,21 +158,21 @@ set_hieradata_on(host, client_hiera) end - let(:_ad_manifest) { + let(:_ad_manifest) do [manifest, ad_manifest].join("\n") - } - it "should run puppet without error connected to AD" do + end + it 'runs puppet without error connected to AD' do apply_manifest_on(host, _ad_manifest, catch_failures: true) end - it 'should be idempotent' do + it 'is idempotent' do apply_manifest_on(host, _ad_manifest, catch_changes: true) end - it 'should be able to id one of the test users' do - ['mike.hammer','john.franklin','davegrohl'].each do |user| + it 'is able to id one of the test users' do + ['mike.hammer', 'john.franklin', 'davegrohl'].each do |user| id = on(host, "id #{user}@AD") - expect(id.stdout).to match(/#{user}@AD/) + expect(id.stdout).to match(%r{#{user}@AD}) su = on(host, "su #{user}@AD -c 'cd; pwd; exit'") expect(su.stdout).to match(%r{/home/#{user}@AD}) @@ -188,8 +189,8 @@ } clients.each do |host| - users.each do |user,pass| - it 'should be able to log in with password' do + users.each_key do |user| + it 'is able to log in with password' do ssh_cmd = [ 'sshpass', "-p 'suP3rP@ssw0r!'", @@ -199,7 +200,7 @@ '-o StrictHostKeyChecking=no', "-l #{user}@AD", "#{host}.#{domain}", - "'cd; pwd; exit'" + "'cd; pwd; exit'", ].join(' ') ssh = on(host, ssh_cmd) diff --git a/spec/acceptance/suites/default/00_default_spec.rb b/spec/acceptance/suites/default/00_default_spec.rb index b7a97a4..623d77a 100644 --- a/spec/acceptance/suites/default/00_default_spec.rb +++ b/spec/acceptance/suites/default/00_default_spec.rb @@ -3,25 +3,24 @@ test_name 'SSSD Base Tests' describe 'sssd class' do + clients = hosts_with_role(hosts, 'client') - clients = hosts_with_role(hosts,'client') - - let(:default_hieradata) { + let(:default_hieradata) do { 'simp_options::pki' => true, 'simp_options::pki::source' => '/etc/pki/simp-testing/pki', # This causes a lot of noise and reboots 'sssd::auditd' => false } - } + end - let(:manifest) { + let(:manifest) do <<-EOS include sssd EOS - } + end - let(:manifest_el7) { + let(:manifest_el7) do <<-EOS # sssctl does not work with just the implicat_file domain on el7 so we set # up a basic file provider here. @@ -38,9 +37,9 @@ class { 'sssd': sssd::provider::files { 'FILES': } EOS - } + end - let(:manifest_el8) { + let(:manifest_el8) do <<-EOS # Note: IFP is not needed for SSSD to work # it gives a simple way to test if sssd is working @@ -48,66 +47,63 @@ class {'sssd': services => ['nss','pam',"sudo", 'ssh', 'ifp'] } EOS - } - + end clients.each do |client| context 'default parameters' do it 'manifest should work with no errors' do set_hieradata_on(client, default_hieradata) - apply_manifest_on(client, manifest, :catch_failures => true) + apply_manifest_on(client, manifest, catch_failures: true) # idempotent - apply_manifest_on(client, manifest, :catch_changes => true) + apply_manifest_on(client, manifest, catch_changes: true) end - it 'should start sssd' do - on(client, 'systemctl status sssd', :acceptable_exit_codes => [0]) + it 'starts sssd' do + on(client, 'systemctl status sssd', acceptable_exit_codes: [0]) end - end context 'with default files domain set up' do - # To make sssctl work ifd needs to be turned on in EL8 and # a files domain needs to be created in EL7. os_release = fact_on(client, 'operatingsystemmajrelease') it 'manifest should work with no errors' do - if os_release >= '8' - _manifest = manifest_el8 - else - _manifest = manifest_el7 - end + _manifest = if os_release >= '8' + manifest_el8 + else + manifest_el7 + end set_hieradata_on(client, default_hieradata) - apply_manifest_on(client, _manifest, :catch_failures => true) + apply_manifest_on(client, _manifest, catch_failures: true) # idempotent - apply_manifest_on(client, _manifest, :catch_changes => true) + apply_manifest_on(client, _manifest, catch_changes: true) end - it 'should get local user information' do + it 'gets local user information' do on(client, 'useradd testuser --password "mypassword" -M -u 97979 -U') # Allow sssd to wake up and do whatever it does :-| sleep(10) result = on(client, 'sssctl user-checks testuser').stdout - expect(result).to match(/.*- user id: 97979.*/) + expect(result).to match(%r{.*- user id: 97979.*}) end if os_release >= '8' - it 'should be running and have set up implicit_files domain' do + it 'is running and have set up implicit_files domain' do result = on(client, 'sssctl domain-list; sssctl domain-list').stdout - expect(result).to match(/.*implicit_files.*/) + expect(result).to match(%r{.*implicit_files.*}) end end - it 'should get local user information' do - result = on(client, 'sssctl user-checks testuser 2>&1', :accept_all_exit_codes => true).stdout - expect(result).to match(/.*- user id: 97979.*/) + it 'gets local user information' do + result = on(client, 'sssctl user-checks testuser 2>&1', accept_all_exit_codes: true).stdout + expect(result).to match(%r{.*- user id: 97979.*}) end end end diff --git a/spec/acceptance/suites/default/10_sssd_conf_spec.rb b/spec/acceptance/suites/default/10_sssd_conf_spec.rb index a4ec781..4843342 100644 --- a/spec/acceptance/suites/default/10_sssd_conf_spec.rb +++ b/spec/acceptance/suites/default/10_sssd_conf_spec.rb @@ -19,10 +19,11 @@ 'simp_options::ldap::bind_pw' => '', # This causes a lot of noise and reboots 'sssd::auditd' => false, - 'sssd::domains' => [ 'local','test.case' ] + 'sssd::domains' => [ 'local', 'test.case' ] } - let(:manifest) { <<-EOF + let(:manifest) do + <<-EOF include 'sssd' #{local_config} @@ -49,44 +50,43 @@ ldap_default_authtok_type => 'password', } EOF - } + end context 'generate a good sssd.conf' do hosts.each do |host| - let(:local_config) { '' } local_hiera = hiera.merge( { 'sssd::enable_files_domain' => true, 'sssd::domains' => [ 'test.case' ] - } + }, ) - it 'should apply enough to generate sssd.conf' do + it 'applies enough to generate sssd.conf' do set_hieradata_on(host, local_hiera) apply_manifest_on(host, manifest) end - it 'should be idempotent' do - apply_manifest_on(host, manifest, :catch_changes => true) + it 'is idempotent' do + apply_manifest_on(host, manifest, catch_changes: true) end - it 'should be running sssd' do - response = YAML.load(on(host, %{puppet resource service sssd --to_yaml}).stdout.strip) + it 'is running sssd' do + response = YAML.safe_load(on(host, %(puppet resource service sssd --to_yaml)).stdout.strip) expect(response['service']['sssd']['ensure']).to eq('running') expect(response['service']['sssd']['enable']).to eq('true') end - it 'should be running sssd-sudo.socket' do - response = YAML.load(on(host, %{puppet resource service sssd-sudo.socket --to_yaml}).stdout.strip) + it 'is running sssd-sudo.socket' do + response = YAML.safe_load(on(host, %(puppet resource service sssd-sudo.socket --to_yaml)).stdout.strip) expect(response['service']['sssd-sudo.socket']['ensure']).to eq('running') expect(response['service']['sssd-sudo.socket']['enable']).to eq('true') end - it 'should not change the system after reboot' do + it 'does not change the system after reboot' do host.reboot - apply_manifest_on(host, manifest, :catch_changes => true) + apply_manifest_on(host, manifest, catch_changes: true) end end end diff --git a/spec/acceptance/suites/ds389/00_setup_389ds_spec.rb b/spec/acceptance/suites/ds389/00_setup_389ds_spec.rb index 12e8ffa..8b4d9b0 100644 --- a/spec/acceptance/suites/ds389/00_setup_389ds_spec.rb +++ b/spec/acceptance/suites/ds389/00_setup_389ds_spec.rb @@ -3,13 +3,12 @@ require 'spec_helper_acceptance' describe 'sssd' do - - ldapservers = hosts_with_role(hosts, 'ldap') + ldapservers = hosts_with_role(hosts, 'ldap') ldapservers.each do |host| - let(:root_pw) {'s00perS3kr!tP@ssw0rd'} + let(:root_pw) { 's00perS3kr!tP@ssw0rd' } let(:base_dn) { 'dc=test,dc=org' } - let(:ds_root_name) { 'accounts'} + let(:ds_root_name) { 'accounts' } let(:manifest) do <<~MANIFEST @@ -31,20 +30,21 @@ } RMANIFEST end - let(:sssd_extra){ <<~EOM + let(:sssd_extra) do + <<~EOM simp_ds389::instances::accounts::root_pw: #{root_pw} EOM - } - let(:server_hieradata) { - ERB.new(File.read(File.expand_path('templates/ds389_hiera.yaml.erb',File.dirname(__FILE__)))).result(binding) + "\n#{sssd_extra}" - } + end + let(:server_hieradata) do + ERB.new(File.read(File.expand_path('templates/ds389_hiera.yaml.erb', File.dirname(__FILE__)))).result(binding) + "\n#{sssd_extra}" + end let(:fqdn) do - fact_on(host,'fqdn').strip + fact_on(host, 'fqdn').strip end # server_fqdn is used in hiera.yaml ERB. In this case server_fqdn and fqdn are the same. - let(:server_fqdn) { "#{fqdn}" } + let(:server_fqdn) { fqdn.to_s } let(:domain) do - fact_on(host,'domain').strip + fact_on(host, 'domain').strip end context 'install the server' do @@ -80,8 +80,5 @@ on(host, '/tmp/ldap_add_user') end end - end end - - diff --git a/spec/acceptance/suites/ds389/10_setup_clients_spec.rb b/spec/acceptance/suites/ds389/10_setup_clients_spec.rb index 4c11c2a..0a5955f 100644 --- a/spec/acceptance/suites/ds389/10_setup_clients_spec.rb +++ b/spec/acceptance/suites/ds389/10_setup_clients_spec.rb @@ -3,13 +3,13 @@ test_name 'Setup SSSD clients to talk to LDAP' describe '389ds' do - - ldap_servers = hosts_with_role(hosts,'ldap') - clients = hosts_with_role(hosts,'client') - #base dn must match what is set in server setup. + ldap_servers = hosts_with_role(hosts, 'ldap') + clients = hosts_with_role(hosts, 'client') + # base dn must match what is set in server setup. base_dn = 'dc=test,dc=org' - let(:client_manifest) { <<~EOS + let(:client_manifest) do + <<~EOS include 'sssd' include 'sssd::service::nss' include 'sssd::service::pam' @@ -49,50 +49,52 @@ class { 'nsswitch': sudoers => ['files', 'sss'] } EOS - } + end + ldap_servers.each do |server| - server_fqdn = fact_on(server,'fqdn') + server_fqdn = fact_on(server, 'fqdn') domain = fact_on(server, 'domain') clients.each do |client| context 'on each client set up sssd' do # set sssd domains for template - let(:sssd_extra) { <<~EOM + let(:sssd_extra) do + <<~EOM sssd::enable_files_domain: true EOM - } - let(:fqdn) {fact_on(client,'fqdn')} + end + let(:fqdn) { fact_on(client, 'fqdn') } - let(:client_hieradata) { - ERB.new(File.read(File.expand_path('templates/ds389_hiera.yaml.erb',File.dirname(__FILE__)))).result(binding) + "\n#{sssd_extra}" - } + let(:client_hieradata) do + ERB.new(File.read(File.expand_path('templates/ds389_hiera.yaml.erb', File.dirname(__FILE__)))).result(binding) + "\n#{sssd_extra}" + end - it 'should run puppet' do + it 'runs puppet' do set_hieradata_on(client, client_hieradata) - apply_manifest_on(client, client_manifest, :catch_failures => true) + apply_manifest_on(client, client_manifest, catch_failures: true) end - it 'should be idempotent' do + it 'is idempotent' do # ldap provider has checks for sssd version when creating the # sssd.conf entry. Therefore it might chnage the second run when # it knows the version. Check for idempotency on the third run - apply_manifest_on(client, client_manifest, :catch_failures => true) - apply_manifest_on(client, client_manifest, :catch_changes => true) + apply_manifest_on(client, client_manifest, catch_failures: true) + apply_manifest_on(client, client_manifest, catch_changes: true) end - it 'should see ldap users' do - ['testuser','realuser'].each do |user| + it 'sees ldap users' do + ['testuser', 'realuser'].each do |user| id = on(client, "id #{user}") - expect(id.stdout).to match(/#{user}/) + expect(id.stdout).to match(%r{#{user}}) end end - it 'should run sssd-sudo after querying for sudo rules' do + it 'runs sssd-sudo after querying for sudo rules' do on(client, 'sudo -l') response = YAML.safe_load(on(client, %(puppet resource service sssd-sudo --to_yaml)).stdout) expect(response['service']['sssd-sudo']['ensure']).to eq('running') end - it 'should have a sssd_sudo.log file after querying for sudo rules' do + it 'has a sssd_sudo.log file after querying for sudo rules' do response = YAML.safe_load(on(client, %(puppet resource file /var/log/sssd/sssd_sudo.log --to_yaml)).stdout) expect(response['file']['/var/log/sssd/sssd_sudo.log']['ensure']).to eq('file') end diff --git a/spec/acceptance/suites/ldap/00_setup_ldap_spec.rb b/spec/acceptance/suites/ldap/00_setup_ldap_spec.rb index 72ac483..1336a51 100644 --- a/spec/acceptance/suites/ldap/00_setup_ldap_spec.rb +++ b/spec/acceptance/suites/ldap/00_setup_ldap_spec.rb @@ -2,39 +2,34 @@ test_name 'Setup LDAP' - - describe 'LDAP' do + ldap_servers = hosts_with_role(hosts, 'ldap') - ldap_servers = hosts_with_role(hosts,'ldap') - -let(:server_manifest) { - <<-EOS + let(:server_manifest) do + <<-EOS include 'simp_openldap::server' EOS -} - + end ldap_servers.each do |server| - server_fqdn = fact_on(server,'fqdn') + server_fqdn = fact_on(server, 'fqdn') domain = fact_on(server, 'domain') - base_dn = domain.split('.').map{ |d| "dc=#{d}" }.join(',') + base_dn = domain.split('.').map { |d| "dc=#{d}" }.join(',') - let(:server_hieradata) { + let(:server_hieradata) do ERB.new(File.read(File.expand_path('templates/server_hieradata_tls.yaml.erb', File.dirname(__FILE__)))).result(binding) - } - let(:add_testuser){ + end + let(:add_testuser) do File.read(File.expand_path('templates/add_testuser.ldif.erb', File.dirname(__FILE__))) - } + end - it 'should run puppet' do + it 'runs puppet' do on(server, 'mkdir -p /usr/local/sbin/simp') set_hieradata_on(server, server_hieradata) - apply_manifest_on(server, server_manifest, :catch_failures => true) + apply_manifest_on(server, server_manifest, catch_failures: true) end - it 'should be able to add a user' do - + it 'is able to add a user' do create_remote_file(server, '/tmp/add_testuser.ldif', ERB.new(add_testuser).result(binding)) on(server, "ldapadd -D cn=LDAPAdmin,ou=People,#{base_dn} -H ldaps://#{server_fqdn} -w suP3rP@ssw0r! -x -f /tmp/add_testuser.ldif") @@ -42,6 +37,5 @@ result = on(server, "ldapsearch -LLL -D cn=LDAPAdmin,ou=People,#{base_dn} -H ldaps://#{server_fqdn} -w suP3rP@ssw0r! -x uid=test.user") expect(result.stdout).to include("dn: uid=test.user,ou=People,#{base_dn}") end - end end diff --git a/spec/acceptance/suites/ldap/10_setup_clients_spec.rb b/spec/acceptance/suites/ldap/10_setup_clients_spec.rb index 4615fe9..5e87b1c 100644 --- a/spec/acceptance/suites/ldap/10_setup_clients_spec.rb +++ b/spec/acceptance/suites/ldap/10_setup_clients_spec.rb @@ -2,17 +2,15 @@ test_name 'Setup SSSD clients to talk to LDAP' - - describe 'LDAP' do - - ldap_servers = hosts_with_role(hosts,'ldap') - clients = hosts_with_role(hosts,'client') - server_fqdn = fact_on(ldap_servers.first,'fqdn') + ldap_servers = hosts_with_role(hosts, 'ldap') + clients = hosts_with_role(hosts, 'client') + server_fqdn = fact_on(ldap_servers.first, 'fqdn') domain = fact_on(ldap_servers.first, 'domain') - base_dn = domain.split('.').map{ |d| "DC=#{d}" }.join(',') + base_dn = domain.split('.').map { |d| "DC=#{d}" }.join(',') - let(:client_manifest) { <<~EOS + let(:client_manifest) do + <<~EOS #{local_domain} sssd::domain { 'LDAP': @@ -39,42 +37,43 @@ class { 'nsswitch': shadow => ['sss', 'files'], } EOS - } + end clients.each do |client| context 'on each client set up sssd' do # set sssd domains for template - let(:sssd_extra) { <<~EOM + let(:sssd_extra) do + <<~EOM sssd::domains: ['LDAP'] sssd::enable_files_domain: true EOM - } + end let(:local_domain) { '' } - let(:sssd_domains) {['LDAP']} + let(:sssd_domains) { ['LDAP'] } - let(:client_hieradata) { + let(:client_hieradata) do ERB.new(File.read(File.expand_path('templates/server_hieradata_tls.yaml.erb', File.dirname(__FILE__)))).result(binding) + "\n#{sssd_extra}" - } + end - it 'should run puppet' do + it 'runs puppet' do on(client, 'mkdir -p /usr/local/sbin/simp') set_hieradata_on(client, client_hieradata) - apply_manifest_on(client, client_manifest, :catch_failures => true) + apply_manifest_on(client, client_manifest, catch_failures: true) end - it 'should be idempotent' do + it 'is idempotent' do # ldap provider has checks for sssd version when creating the # sssd.conf entry. There for it might chnage the second run when # it knows the version. Check for idempotency on the third run - apply_manifest_on(client, client_manifest, :catch_failures => true) - apply_manifest_on(client, client_manifest, :catch_changes => true) + apply_manifest_on(client, client_manifest, catch_failures: true) + apply_manifest_on(client, client_manifest, catch_changes: true) end - it 'should see ldap users' do - ['test.user','real.user'].each do |user| + it 'sees ldap users' do + ['test.user', 'real.user'].each do |user| id = on(client, "id #{user}") - expect(id.stdout).to match(/#{user}/) + expect(id.stdout).to match(%r{#{user}}) end end end diff --git a/spec/classes/config/ipa_domain_spec.rb b/spec/classes/config/ipa_domain_spec.rb index e127324..a6907cd 100644 --- a/spec/classes/config/ipa_domain_spec.rb +++ b/spec/classes/config/ipa_domain_spec.rb @@ -14,13 +14,13 @@ context 'when joined to an IPA domain' do let(:facts) do os_facts.merge( - :ipa => { - :basedn => "dc=example,dc=com", - :domain => 'ipa.example.com', - :realm => 'EXAMPLE.COM', - :server => 'ipaserver.example.com', - :connected => true - } + ipa: { + basedn: 'dc=example,dc=com', + domain: 'ipa.example.com', + realm: 'EXAMPLE.COM', + server: 'ipaserver.example.com', + connected: true + }, ) end @@ -50,12 +50,12 @@ context 'when not joined to an IPA domain' do let(:facts) do os_facts.merge( - :ipa => { - :basedn => "dc=example,dc=com", - :domain => 'ipa.example.com', - :realm => 'EXAMPLE.COM', - :connected => false - } + ipa: { + basedn: 'dc=example,dc=com', + domain: 'ipa.example.com', + realm: 'EXAMPLE.COM', + connected: false + }, ) end diff --git a/spec/classes/config_spec.rb b/spec/classes/config_spec.rb index 7ecd75c..8d38715 100644 --- a/spec/classes/config_spec.rb +++ b/spec/classes/config_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper' -default_content = < 'directory', - :mode => 'go-rw' - }) } - it { is_expected.to contain_file('/etc/sssd/sssd.conf').with({ - :owner => 'root', - :group => 'root', - :mode => '0600', - :content => content - }) + it { + is_expected.to contain_file('/etc/sssd').with({ + ensure: 'directory', + mode: 'go-rw' + }) + } + it { + is_expected.to contain_file('/etc/sssd/sssd.conf').with({ + owner: 'root', + group: 'root', + mode: '0600', + content: content + }) } end @@ -65,107 +68,113 @@ # class described needs to be the class instantiated, i.e., sssd. describe 'sssd' do let(:sssd_domains) { ['FILE', 'LDAP'] } - let(:ipa_fact_joined) { + let(:ipa_fact_joined) do { - :ipa => { - :domain => 'ipa.example.com', - :server => 'ipaserver.example.com', + ipa: { + domain: 'ipa.example.com', + server: 'ipaserver.example.com', } } - } + end context 'supported operating systems' do on_supported_os.each do |os, os_facts| context "on #{os}" do - let(:facts){ os_facts } + let(:facts) { os_facts } context 'with default params' do - let(:facts){ os_facts } - let(:params) {{ :domains => [] }} + let(:facts) { os_facts } + let(:params) { { domains: [] } } + # make sure no IPA domains are defined - it { is_expected.to_not contain_class('sssd::config::ipa_domain') } - it_should_behave_like 'a sssd::config', default_content + it { is_expected.not_to contain_class('sssd::config::ipa_domain') } + it_behaves_like 'a sssd::config', default_content end context 'with domains defined used by sssd::config' do - let(:params) {{ :domains => sssd_domains }} + let(:params) { { domains: sssd_domains } } context 'when not joined to an IPA domain' do let(:facts) { os_facts } - it_should_behave_like 'a sssd::config', default_content_with_domains - it { is_expected.to_not contain_class('sssd::config::ipa_domain') } + it_behaves_like 'a sssd::config', default_content_with_domains + it { is_expected.not_to contain_class('sssd::config::ipa_domain') } end context 'when joined to an IPA domain' do - let(:facts) { os_facts.merge( ipa_fact_joined ) } + let(:facts) { os_facts.merge(ipa_fact_joined) } - it_should_behave_like 'a sssd::config', default_content_with_ipa_domain + it_behaves_like 'a sssd::config', default_content_with_ipa_domain it { is_expected.to contain_class('sssd::config::ipa_domain') } end end context 'with all optional sssd config parameters specified' do - let(:params) { { - :domains => sssd_domains, - :debug_level => 3, - :description => 'sssd section description', - :re_expression => '(.+)@(.+)', - :enable_files_domain => false, - :full_name_format => ' %1$s@%2$s', - :try_inotify => true, - :krb5_rcache_dir => '__LIBKRB5_DEFAULTS__', - :user => 'sssduser', - :default_domain_suffix => 'example.com', - :override_space => '__', - } } - - it_should_behave_like 'a sssd::config', default_content_plus_optional + let(:params) do + { + domains: sssd_domains, + debug_level: 3, + description: 'sssd section description', + re_expression: '(.+)@(.+)', + enable_files_domain: false, + full_name_format: ' %1$s@%2$s', + try_inotify: true, + krb5_rcache_dir: '__LIBKRB5_DEFAULTS__', + user: 'sssduser', + default_domain_suffix: 'example.com', + override_space: '__', + } + end + + it_behaves_like 'a sssd::config', default_content_plus_optional end context 'when $::sssd::auto_add_ip_domain is false' do - let(:params) { { - :domains => sssd_domains, - :auto_add_ipa_domain => false - } } + let(:params) do + { + domains: sssd_domains, + auto_add_ipa_domain: false + } + end context 'when not joined to an IPA domain' do - it_should_behave_like 'a sssd::config', default_content_with_domains - it { is_expected.to_not contain_class('sssd::config::ipa_domain') } + it_behaves_like 'a sssd::config', default_content_with_domains + it { is_expected.not_to contain_class('sssd::config::ipa_domain') } end context 'when joined to an IPA domain' do - let(:facts) { os_facts.merge( ipa_fact_joined ) } + let(:facts) { os_facts.merge(ipa_fact_joined) } - it_should_behave_like 'a sssd::config', default_content_with_domains - it { is_expected.to_not contain_class('sssd::config::ipa_domain') } + it_behaves_like 'a sssd::config', default_content_with_domains + it { is_expected.not_to contain_class('sssd::config::ipa_domain') } end - end context 'when $::sssd::domains has duplicate entries' do - let(:params) {{ :domains => sssd_domains + sssd_domains }} + let(:params) { { domains: sssd_domains + sssd_domains } } # this verifies domain list is deduped in content - it_should_behave_like 'a sssd::config', default_content_with_domains - it { is_expected.to_not contain_class('sssd::config::ipa_domain') } + it_behaves_like 'a sssd::config', default_content_with_domains + it { is_expected.not_to contain_class('sssd::config::ipa_domain') } end context 'with service ifp requested' do - let(:params) {{ - :domains => sssd_domains, - :services => ['nss','pam','ifp'] - }} + let(:params) do + { + domains: sssd_domains, + services: ['nss', 'pam', 'ifp'] + } + end + if os_facts[:init_systems].member?('systemd') it { is_expected.to compile.with_all_deps } it { is_expected.to contain_class('sssd::service::ifp') } else - it 'should fail because ifp is not available ' do - expect { should raise_error(Puppet::Error, /SSSD service ifp is not valid on systems without systemd/)} + it 'fails because ifp is not available' do + expect { is_expected.to raise_error(Puppet::Error, %r{SSSD service ifp is not valid on systems without systemd}) } end end end - end end end diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index 5236b9f..3070d79 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -4,7 +4,7 @@ context 'supported operating systems' do on_supported_os.each do |os, os_facts| context "on #{os}" do - let(:facts){ os_facts } + let(:facts) { os_facts } context 'with_defaults' do it { is_expected.to compile.with_all_deps } @@ -12,96 +12,106 @@ it { is_expected.to create_class('sssd::install').that_comes_before('Class[sssd::config]') } it { is_expected.to create_class('sssd::config') } it { is_expected.to create_class('sssd::service') } - it { is_expected.to_not create_class('auditd') } - it { is_expected.to_not create_audit__rule('sssd') } - it { is_expected.to_not create_class('sssd::pki') } - it { is_expected.to_not create_pki__copy('sssd') } + it { is_expected.not_to create_class('auditd') } + it { is_expected.not_to create_audit__rule('sssd') } + it { is_expected.not_to create_class('sssd::pki') } + it { is_expected.not_to create_pki__copy('sssd') } end context 'with an unsupported version of sssd' do - let(:facts) { - os_facts.merge({:sssd_version => '1.14.0'}) - } + let(:facts) do + os_facts.merge({ sssd_version: '1.14.0' }) + end - it { is_expected.to compile.and_raise_error(/does not support/) } + it { is_expected.to compile.and_raise_error(%r{does not support}) } end context 'with auditd = true' do - let(:params) {{ :auditd => true }} + let(:params) { { auditd: true } } - it { is_expected.to create_class('auditd')} - it { is_expected.to create_auditd__rule('sssd').with({ - :content => '-w /etc/sssd/ -p wa -k CFG_sssd' }) + it { is_expected.to create_class('auditd') } + it { + is_expected.to create_auditd__rule('sssd').with({ + content: '-w /etc/sssd/ -p wa -k CFG_sssd' + }) } end context 'with pki = true' do - let(:params) {{ :pki => true}} + let(:params) { { pki: true } } it { is_expected.to create_class('sssd::pki') } - it { is_expected.to create_pki__copy('sssd').with({ - :source => '/etc/pki/simp/x509', - :pki => true - }) + it { + is_expected.to create_pki__copy('sssd').with({ + source: '/etc/pki/simp/x509', + pki: true + }) } end context 'with pki = simp' do - let(:params) {{ :pki => 'simp'}} + let(:params) { { pki: 'simp' } } it { is_expected.to create_class('sssd::pki') } - it { is_expected.to create_pki__copy('sssd').with({ - :source => '/etc/pki/simp/x509', - :pki => 'simp' - }) + it { + is_expected.to create_pki__copy('sssd').with({ + source: '/etc/pki/simp/x509', + pki: 'simp' + }) } end context 'with debug_level as an integer' do - let(:params) {{ :debug_level => 9 }} + let(:params) { { debug_level: 9 } } + it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('sssd') } end context 'with debug_level as a two-byte hexidecimal' do - let(:params) {{ :debug_level => '0x1234' }} + let(:params) { { debug_level: '0x1234' } } + it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('sssd') } end context 'with debug_level as an invalid hex Sssd::DebugLevel' do - let(:params) {{ :debug_level => '0x123z' }} - it { is_expected.to compile.and_raise_error(/parameter 'debug_level' expects a/)} + let(:params) { { debug_level: '0x123z' } } + + it { is_expected.to compile.and_raise_error(%r{parameter 'debug_level' expects a}) } end context 'with debug_level as an invalid integer Sssd::DebugLevel' do - let(:params) {{ :debug_level => 99 }} - it { is_expected.to compile.and_raise_error(/parameter 'debug_level' expects a/)} + let(:params) { { debug_level: 99 } } + + it { is_expected.to compile.and_raise_error(%r{parameter 'debug_level' expects a}) } end context 'with a custom config' do - let(:params) {{ :custom_config => 'foo' }} + let(:params) { { custom_config: 'foo' } } it { is_expected.to create_sssd__config__entry('puppet_custom') .with_content('foo') - .with_order(99999) + .with_order(99_999) } end context 'with ldap provider' do - let(:params) {{ - :ldap_providers => { - :test_provider => { - :ldap_access_filter => 'memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com', + let(:params) do + { + ldap_providers: { + test_provider: { + ldap_access_filter: 'memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com', + } } } - }} + end it { - is_expected.to create_sssd__provider__ldap('test_provider').with( { - :ldap_access_filter => 'memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com', - } ) + is_expected.to create_sssd__provider__ldap('test_provider').with({ + ldap_access_filter: 'memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com', + }) } end end diff --git a/spec/classes/install_spec.rb b/spec/classes/install_spec.rb index c2c7ff3..3cb6afb 100644 --- a/spec/classes/install_spec.rb +++ b/spec/classes/install_spec.rb @@ -4,8 +4,8 @@ context 'supported operating systems' do on_supported_os.each do |os, os_facts| context "on #{os}" do - let(:facts){ os_facts } - let(:precondition){ "include 'sssd'"} + let(:facts) { os_facts } + let(:precondition) { "include 'sssd'" } context 'with_defaults' do it { is_expected.to compile.with_all_deps } @@ -18,12 +18,12 @@ end context 'when install* params set to other then default' do - let(:hieradata) {"sssd_install"} - let(:params) {{ :services => ['nss','pam','ifp'] }} + let(:hieradata) { 'sssd_install' } + let(:params) { { services: ['nss', 'pam', 'ifp'] } } it { is_expected.to compile.with_all_deps } it { is_expected.to contain_package('sssd').with_ensure('installed') } - it { is_expected.to_not contain_package('sssd-tools').with_ensure('installed') } + it { is_expected.not_to contain_package('sssd-tools').with_ensure('installed') } it { is_expected.to contain_package('sssd-client').with_ensure('installed') } it { is_expected.to contain_package('sssd-dbus').with_ensure('installed') } end diff --git a/spec/classes/service/autofs_spec.rb b/spec/classes/service/autofs_spec.rb index 818ef5c..1629236 100644 --- a/spec/classes/service/autofs_spec.rb +++ b/spec/classes/service/autofs_spec.rb @@ -4,24 +4,26 @@ context 'supported operating systems' do on_supported_os.each do |os, os_facts| context "on #{os}" do - let(:facts){ os_facts } + let(:facts) { os_facts } context 'with defaults' do it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('sssd::service') } - it { is_expected.to create_sssd__config__entry('puppet_service_autofs').without_content(%r(=\s*$)) } + it { is_expected.to create_sssd__config__entry('puppet_service_autofs').without_content(%r{=\s*$}) } end context 'with custom options' do - let(:params) {{ - 'custom_options' => { 'key1' => 'value1', 'key2' => 'value2'} - }} + let(:params) do + { + 'custom_options' => { 'key1' => 'value1', 'key2' => 'value2' } + } + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('sssd::service') } it { is_expected.to create_sssd__config__entry('puppet_service_autofs') - .with_content(<<~CONTENT + .with_content(<<~CONTENT, # # This section is auto generated from a user supplied Hash [autofs] @@ -29,7 +31,7 @@ key2 = value2 # CONTENT - ) + ) } end end diff --git a/spec/classes/service/ifp_spec.rb b/spec/classes/service/ifp_spec.rb index 3cd7b9d..d3a51a3 100644 --- a/spec/classes/service/ifp_spec.rb +++ b/spec/classes/service/ifp_spec.rb @@ -4,9 +4,9 @@ context 'supported operating systems' do on_supported_os.each do |os, os_facts| context "on #{os}" do - let(:facts){ os_facts } + let(:facts) { os_facts } - context "with default params" do + context 'with default params' do expected = <<~EXPECTED # sssd::service::ifp [ifp] @@ -19,12 +19,14 @@ it { is_expected.to create_sssd__config__entry('puppet_service_ifp').with_content(expected) } end - context "with parameters" do - let (:params){{ - 'wildcard_limit' => 5, - 'allowed_uids' => ["me","you"], - 'user_attributes' => ['x', 'y','z'] - }} + context 'with parameters' do + let(:params) do + { + 'wildcard_limit' => 5, + 'allowed_uids' => ['me', 'you'], + 'user_attributes' => ['x', 'y', 'z'] + } + end expected = <<~EXPECTED # sssd::service::ifp diff --git a/spec/classes/service/nss_spec.rb b/spec/classes/service/nss_spec.rb index c4e55c1..c80fe40 100644 --- a/spec/classes/service/nss_spec.rb +++ b/spec/classes/service/nss_spec.rb @@ -1,26 +1,25 @@ require 'spec_helper' - describe 'sssd::service::nss' do context 'supported operating systems' do on_supported_os.each do |os, os_facts| context "on #{os}" do - let(:facts){ os_facts } - context 'with defalt params' do + let(:facts) { os_facts } + context 'with defalt params' do it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('sssd::service') } - it { is_expected.to create_sssd__config__entry('puppet_service_nss').without_content(%r(=\s*$)) } + it { is_expected.to create_sssd__config__entry('puppet_service_nss').without_content(%r{=\s*$}) } end context 'with custom options' do - let(:hieradata){ 'service_nss'} + let(:hieradata) { 'service_nss' } it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('sssd::service') } it { is_expected.to create_sssd__config__entry('puppet_service_nss') .with_content( - <<~CONTENT + <<~CONTENT, # # This section is auto generated from a user supplied Hash [nss] diff --git a/spec/classes/service/pac_spec.rb b/spec/classes/service/pac_spec.rb index 2ad10e2..5bc86ac 100644 --- a/spec/classes/service/pac_spec.rb +++ b/spec/classes/service/pac_spec.rb @@ -4,10 +4,10 @@ context 'supported operating systems' do on_supported_os.each do |os, os_facts| context "on #{os}" do - let(:facts){ os_facts } + let(:facts) { os_facts } it { is_expected.to compile.with_all_deps } - it { is_expected.to create_sssd__config__entry('puppet_service_pac').without_content(%r(=\s*$)) } + it { is_expected.to create_sssd__config__entry('puppet_service_pac').without_content(%r{=\s*$}) } end end end diff --git a/spec/classes/service/pam_spec.rb b/spec/classes/service/pam_spec.rb index a2c4909..ff12098 100644 --- a/spec/classes/service/pam_spec.rb +++ b/spec/classes/service/pam_spec.rb @@ -4,10 +4,10 @@ context 'supported operating systems' do on_supported_os.each do |os, os_facts| context "on #{os}" do - let(:facts){ os_facts } + let(:facts) { os_facts } it { is_expected.to compile.with_all_deps } - it { is_expected.to create_sssd__config__entry('puppet_service_pam').without_content(%r(=\s*$)) } + it { is_expected.to create_sssd__config__entry('puppet_service_pam').without_content(%r{=\s*$}) } end end end diff --git a/spec/classes/service/ssh_spec.rb b/spec/classes/service/ssh_spec.rb index a094790..db40513 100644 --- a/spec/classes/service/ssh_spec.rb +++ b/spec/classes/service/ssh_spec.rb @@ -4,10 +4,10 @@ context 'supported operating systems' do on_supported_os.each do |os, os_facts| context "on #{os}" do - let(:facts){ os_facts } + let(:facts) { os_facts } it { is_expected.to compile.with_all_deps } - it { is_expected.to create_sssd__config__entry('puppet_service_ssh').without_content(%r(=\s*$)) } + it { is_expected.to create_sssd__config__entry('puppet_service_ssh').without_content(%r{=\s*$}) } end end end diff --git a/spec/classes/service/sudo_spec.rb b/spec/classes/service/sudo_spec.rb index 1564f03..7477f07 100644 --- a/spec/classes/service/sudo_spec.rb +++ b/spec/classes/service/sudo_spec.rb @@ -4,17 +4,17 @@ context 'supported operating systems' do on_supported_os.each do |os, os_facts| context "on #{os}" do - let(:facts){ os_facts } + let(:facts) { os_facts } it { is_expected.to compile.with_all_deps } - it { is_expected.to create_sssd__config__entry('puppet_service_sudo').without_content(%r(=\s*$)) } + it { is_expected.to create_sssd__config__entry('puppet_service_sudo').without_content(%r{=\s*$}) } it { is_expected.to create_systemd__dropin_file('00_sssd_sudo_user_group.conf') .with_unit('sssd-sudo.service') - .with_content(%r(ExecStartPre=-/bin/touch /var/log/sssd/sssd_sudo.log)) - .with_content(%r(ExecStartPre=-/bin/chown sssd:sssd /var/log/sssd/sssd_sudo.log)) - .with_content(/User=root/) - .with_content(/Group=root/) + .with_content(%r{ExecStartPre=-/bin/touch /var/log/sssd/sssd_sudo.log}) + .with_content(%r{ExecStartPre=-/bin/chown sssd:sssd /var/log/sssd/sssd_sudo.log}) + .with_content(%r{User=root}) + .with_content(%r{Group=root}) .with_selinux_ignore_defaults(true) } it { diff --git a/spec/classes/service_spec.rb b/spec/classes/service_spec.rb index 23caa85..238b970 100644 --- a/spec/classes/service_spec.rb +++ b/spec/classes/service_spec.rb @@ -4,13 +4,13 @@ context 'supported operating systems' do on_supported_os.each do |os, os_facts| context "on #{os}" do - let(:facts){ os_facts } + let(:facts) { os_facts } - let(:pre_condition){ + let(:pre_condition) do <<~PRE_CONDITION function assert_private{ } PRE_CONDITION - } + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('sssd::service') } @@ -21,9 +21,9 @@ } context 'with an unsupported version of sssd' do - let(:facts){ - os_facts.merge({:sssd_version => '1.14.0'}) - } + let(:facts) do + os_facts.merge({ sssd_version: '1.14.0' }) + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('sssd::service') } diff --git a/spec/defines/config/entry_spec.rb b/spec/defines/config/entry_spec.rb index 15d70e0..917c574 100644 --- a/spec/defines/config/entry_spec.rb +++ b/spec/defines/config/entry_spec.rb @@ -4,22 +4,22 @@ context 'supported operating systems' do on_supported_os.each do |os, os_facts| context "on #{os}" do - let(:facts){ os_facts } + let(:facts) { os_facts } - let(:pre_condition){ + let(:pre_condition) do <<~PRE_CONDITION function assert_private(){} PRE_CONDITION - } + end - let(:title) {'test'} - let(:params) {{ :content => 'foo' }} + let(:title) { 'test' } + let(:params) { { content: 'foo' } } it { is_expected.to compile.with_all_deps } it { is_expected.to contain_class('sssd::config') } it { is_expected.to contain_class('sssd::service') } it { - is_expected.to contain_file("/etc/sssd/conf.d/50_test.conf") + is_expected.to contain_file('/etc/sssd/conf.d/50_test.conf') .with_owner('root') .with_group('root') .with_mode('0600') diff --git a/spec/defines/domain_spec.rb b/spec/defines/domain_spec.rb index a77772f..e6a8d46 100644 --- a/spec/defines/domain_spec.rb +++ b/spec/defines/domain_spec.rb @@ -4,15 +4,17 @@ context 'supported operating systems' do on_supported_os.each do |os, os_facts| context "on #{os}" do - let(:facts){ os_facts } + let(:facts) { os_facts } - let(:title) {'ldap'} - let(:params) {{ - :id_provider => 'ldap' - }} + let(:title) { 'ldap' } + let(:params) do + { + id_provider: 'ldap' + } + end it { is_expected.to compile.with_all_deps } - it { is_expected.to contain_sssd__config__entry("puppet_domain_#{title}").without_content(%r(=\s*$)) } + it { is_expected.to contain_sssd__config__entry("puppet_domain_#{title}").without_content(%r{=\s*$}) } end end end diff --git a/spec/defines/provider/ad_spec.rb b/spec/defines/provider/ad_spec.rb index eafdf23..332f8fd 100644 --- a/spec/defines/provider/ad_spec.rb +++ b/spec/defines/provider/ad_spec.rb @@ -3,9 +3,9 @@ describe 'sssd::provider::ad' do on_supported_os.each do |os, os_facts| context "on #{os}" do - let(:facts){ os_facts } + let(:facts) { os_facts } - let(:title) {'test_ad_provider'} + let(:title) { 'test_ad_provider' } context 'with default parameters' do it { is_expected.to compile.with_all_deps } @@ -26,15 +26,17 @@ context 'with dyndns_update false' do # set all optional dyndns_update parameters, even though # they are inapplicable - let(:params) {{ - :dyndns_update => false, - :dyndns_ttl => 3, - :dyndns_ifaces => ['iface1', 'iface2'], - :dyndns_refresh_interval => 4, - :dyndns_update_ptr => false, - :dyndns_force_tcp => false, - :dyndns_server => 'my.dyndns.server' - }} + let(:params) do + { + dyndns_update: false, + dyndns_ttl: 3, + dyndns_ifaces: ['iface1', 'iface2'], + dyndns_refresh_interval: 4, + dyndns_update_ptr: false, + dyndns_force_tcp: false, + dyndns_server: 'my.dyndns.server' + } + end it { is_expected.to compile.with_all_deps } it do @@ -54,56 +56,58 @@ # This set of parameters exercises the logic in the code but is NOT at all # realistic! context 'with all optional parameters set' do - let(:params) {{ - :ad_domain => 'my_ad_domain', - :ad_enabled_domains => ['enabled_domain1', 'enabled_domain2'], - :ad_servers => ['server1.example.domain', 'server2.example.domain'], - :ad_backup_servers => ['backup1.example.domain', 'backup2.example.domain'], - :ad_hostname => 'my.ad.hostname', - :ad_enable_dns_sites => false, - :ad_access_filters => ['filter1', 'filter2'], - :ad_site => 'my_ad_site', - :ad_enable_gc => false, - :ad_gpo_access_control => 'enforcing', - :ad_gpo_cache_timeout => 1, - :ad_gpo_map_interactive => ['interactive1','interactive2'], - :ad_gpo_map_remote_interactive => ['remote_interactive1','remote_interactive2'], - :ad_gpo_map_network => ['network1','network2'], - :ad_gpo_map_batch => ['batch1','batch2'], - :ad_gpo_map_service => ['service1','service2'], - :ad_gpo_map_permit => ['permit1','permit2'], - :ad_gpo_map_deny => ['deny1','deny2'], - :ad_gpo_default_right => 'interactive', - :ad_maximum_machine_account_password_age => 2, - :ad_machine_account_password_renewal_opts => '1234:567', - :default_shell => 'my_default_shell', - :dyndns_update => true, - :dyndns_ttl => 3, - :dyndns_ifaces => ['iface1', 'iface2'], - :dyndns_refresh_interval => 4, - :dyndns_update_ptr => false, - :dyndns_force_tcp => false, - :dyndns_server => 'my.dyndns.server', - :override_homedir => 'my_override_homedir', - :fallback_homedir => 'my_fallback_homedir', - :homedir_substring => '/my/homedir/substring', - :krb5_realm => 'my_krb5_realm', - :krb5_confd_path => 'none', - :krb5_use_enterprise_principal => false, - :krb5_store_password_if_offline => true, - :ldap_schema => 'my_ldap_schema', - :ldap_idmap_range_min => 5, - :ldap_idmap_range_max => 6, - :ldap_idmap_range_size => 7, - :ldap_idmap_default_domain_sid => 'my_ldap_idmap_default_domain_sid', - :ldap_idmap_default_domain => 'my_ldap_idmap_default_domain', - :ldap_idmap_autorid_compat => false, - :ldap_idmap_helper_table_size => 8, - :ldap_group_objectsid => 'my_ldap_group_objectsid', - :ldap_user_objectsid => 'my_ldap_user_objectsid', - :ldap_user_extra_attrs => 'altSecurityIdentities', - :ldap_user_ssh_public_key => 'altSecurityIdentities' - }} + let(:params) do + { + ad_domain: 'my_ad_domain', + ad_enabled_domains: ['enabled_domain1', 'enabled_domain2'], + ad_servers: ['server1.example.domain', 'server2.example.domain'], + ad_backup_servers: ['backup1.example.domain', 'backup2.example.domain'], + ad_hostname: 'my.ad.hostname', + ad_enable_dns_sites: false, + ad_access_filters: ['filter1', 'filter2'], + ad_site: 'my_ad_site', + ad_enable_gc: false, + ad_gpo_access_control: 'enforcing', + ad_gpo_cache_timeout: 1, + ad_gpo_map_interactive: ['interactive1', 'interactive2'], + ad_gpo_map_remote_interactive: ['remote_interactive1', 'remote_interactive2'], + ad_gpo_map_network: ['network1', 'network2'], + ad_gpo_map_batch: ['batch1', 'batch2'], + ad_gpo_map_service: ['service1', 'service2'], + ad_gpo_map_permit: ['permit1', 'permit2'], + ad_gpo_map_deny: ['deny1', 'deny2'], + ad_gpo_default_right: 'interactive', + ad_maximum_machine_account_password_age: 2, + ad_machine_account_password_renewal_opts: '1234:567', + default_shell: 'my_default_shell', + dyndns_update: true, + dyndns_ttl: 3, + dyndns_ifaces: ['iface1', 'iface2'], + dyndns_refresh_interval: 4, + dyndns_update_ptr: false, + dyndns_force_tcp: false, + dyndns_server: 'my.dyndns.server', + override_homedir: 'my_override_homedir', + fallback_homedir: 'my_fallback_homedir', + homedir_substring: '/my/homedir/substring', + krb5_realm: 'my_krb5_realm', + krb5_confd_path: 'none', + krb5_use_enterprise_principal: false, + krb5_store_password_if_offline: true, + ldap_schema: 'my_ldap_schema', + ldap_idmap_range_min: 5, + ldap_idmap_range_max: 6, + ldap_idmap_range_size: 7, + ldap_idmap_default_domain_sid: 'my_ldap_idmap_default_domain_sid', + ldap_idmap_default_domain: 'my_ldap_idmap_default_domain', + ldap_idmap_autorid_compat: false, + ldap_idmap_helper_table_size: 8, + ldap_group_objectsid: 'my_ldap_group_objectsid', + ldap_user_objectsid: 'my_ldap_user_objectsid', + ldap_user_extra_attrs: 'altSecurityIdentities', + ldap_user_ssh_public_key: 'altSecurityIdentities' + } + end it do expected = <<~EXPECTED diff --git a/spec/defines/provider/files_spec.rb b/spec/defines/provider/files_spec.rb index 45ede63..0a38490 100644 --- a/spec/defines/provider/files_spec.rb +++ b/spec/defines/provider/files_spec.rb @@ -4,8 +4,8 @@ context 'supported operating systems' do on_supported_os.each do |os, os_facts| context "on #{os}" do - let(:facts){ os_facts } - let(:title) {'test_files_provider'} + let(:facts) { os_facts } + let(:title) { 'test_files_provider' } context('with default parameters') do it { is_expected.to compile.with_all_deps } @@ -17,14 +17,16 @@ EOM is_expected.to create_sssd__config__entry("puppet_provider_#{title}_files").with_content(expected) - } + } end context('with explicit parameters') do - let(:params) {{ - :passwd_files => [ '/etc/passwd1', '/etc/passwd2'], - :group_files => [ '/etc/group1', '/etc/group2'], - }} + let(:params) do + { + passwd_files: [ '/etc/passwd1', '/etc/passwd2'], + group_files: [ '/etc/group1', '/etc/group2'], + } + end it { is_expected.to compile.with_all_deps } @@ -37,7 +39,7 @@ EOM is_expected.to create_sssd__config__entry("puppet_provider_#{title}_files").with_content(expected) - } + } end end end diff --git a/spec/defines/provider/ipa_spec.rb b/spec/defines/provider/ipa_spec.rb index 44be58a..2c583b4 100644 --- a/spec/defines/provider/ipa_spec.rb +++ b/spec/defines/provider/ipa_spec.rb @@ -4,14 +4,16 @@ context 'supported operating systems' do on_supported_os.each do |os, os_facts| context "on #{os}" do - let(:facts){ os_facts } - let(:title) {'test_ldap_provider'} + let(:facts) { os_facts } + let(:title) { 'test_ldap_provider' } context('with default parameters') do - let(:params) {{ - :ipa_domain => facts[:domain], - :ipa_server => ["ipaserver.#{facts[:domain]}"] - }} + let(:params) do + { + ipa_domain: facts[:domain], + ipa_server: ["ipaserver.#{facts[:domain]}"] + } + end it { is_expected.to compile.with_all_deps } it { @@ -31,43 +33,45 @@ EXPECTED is_expected.to create_sssd__config__entry("puppet_provider_#{title}_ipa").with_content(expected) - } + } end context('with explicit parameters and use_service_discovery=false') do # The parameters being set are NOT realistic....just want to verify # content gets generated appropriately. - let(:params) {{ - :ipa_domain => facts[:domain], - :ipa_server => ["ipaserver1.#{facts[:domain]}"], - :ipa_backup_server => ["ipaserver2.#{facts[:domain]}"], - :ipa_hostname => "ipaclient1.#{facts[:domain]}", - :ipa_enable_dns_sites => true, - :ipa_server_mode => true, - :dyndns_auth => 'none', - :dyndns_force_tcp => false, - :dyndns_iface => ['*'], - :dyndns_refresh_interval => 20, - :dyndns_server => "dns1.#{facts[:domain]}", - :dyndns_ttl => 10, - :dyndns_update => false, - :dyndns_update_ptr => false, - :ipa_automount_location => 'export', - :ipa_hbac_refresh => 30, - :ipa_hbac_search_base => 'cn=hbacSearch,dc=example,dc=com', - :ipa_hbac_selinux => 40, - :ipa_host_search_base => 'cn=hostSearch,dc=example,dc=com', - :ipa_master_domains_search_base => 'cn=masterDomainsSearch,dc=example,dc=com', - :ipa_selinux_search_base => 'cn=selinuxSearch,dc=example,dc=com', - :ipa_subdomains_search_base => 'cn=subdomainsSearch,dc=example,dc=com', - :ipa_views_search_base => 'cn=ipaViewsSearch,dc=example,dc=com', - :krb5_confd_path => '/etc/sssd/krb5', - :krb5_realm => 'EXAMPLE.COM', - :krb5_store_password_if_offline => false, - :ldap_tls_cacert => '/etc/ipa/cacert.crt', - :ldap_tls_cipher_suite => ['HIGH'], - :use_service_discovery => false - }} + let(:params) do + { + ipa_domain: facts[:domain], + ipa_server: ["ipaserver1.#{facts[:domain]}"], + ipa_backup_server: ["ipaserver2.#{facts[:domain]}"], + ipa_hostname: "ipaclient1.#{facts[:domain]}", + ipa_enable_dns_sites: true, + ipa_server_mode: true, + dyndns_auth: 'none', + dyndns_force_tcp: false, + dyndns_iface: ['*'], + dyndns_refresh_interval: 20, + dyndns_server: "dns1.#{facts[:domain]}", + dyndns_ttl: 10, + dyndns_update: false, + dyndns_update_ptr: false, + ipa_automount_location: 'export', + ipa_hbac_refresh: 30, + ipa_hbac_search_base: 'cn=hbacSearch,dc=example,dc=com', + ipa_hbac_selinux: 40, + ipa_host_search_base: 'cn=hostSearch,dc=example,dc=com', + ipa_master_domains_search_base: 'cn=masterDomainsSearch,dc=example,dc=com', + ipa_selinux_search_base: 'cn=selinuxSearch,dc=example,dc=com', + ipa_subdomains_search_base: 'cn=subdomainsSearch,dc=example,dc=com', + ipa_views_search_base: 'cn=ipaViewsSearch,dc=example,dc=com', + krb5_confd_path: '/etc/sssd/krb5', + krb5_realm: 'EXAMPLE.COM', + krb5_store_password_if_offline: false, + ldap_tls_cacert: '/etc/ipa/cacert.crt', + ldap_tls_cipher_suite: ['HIGH'], + use_service_discovery: false + } + end it { is_expected.to compile.with_all_deps } it { @@ -105,7 +109,7 @@ EXPECTED is_expected.to create_sssd__config__entry("puppet_provider_#{title}_ipa").with_content(expected) - } + } end end end diff --git a/spec/defines/provider/krb5_spec.rb b/spec/defines/provider/krb5_spec.rb index 18ae35b..9045485 100644 --- a/spec/defines/provider/krb5_spec.rb +++ b/spec/defines/provider/krb5_spec.rb @@ -3,18 +3,22 @@ describe 'sssd::provider::krb5' do on_supported_os.each do |os, os_facts| context "on #{os}" do - let(:facts){ os_facts } + let(:facts) { os_facts } + + let(:title) { 'krb5_test_domain' } - let(:title) {'krb5_test_domain'} context 'with default parameters' do - let(:params) {{ - :krb5_server => 'test.example.domain', - :krb5_realm => 'EXAMPLE.REALM' - }} + let(:params) do + { + krb5_server: 'test.example.domain', + krb5_realm: 'EXAMPLE.REALM' + } + end it { is_expected.to compile.with_all_deps } - it { is_expected.to create_sssd__config__entry("puppet_provider_#{title}_krb5") - .with_content(<<~EOM + it { + is_expected.to create_sssd__config__entry("puppet_provider_#{title}_krb5") + .with_content(<<~EOM, [domain/krb5_test_domain] # sssd::provider::krb5 debug_timestamps = true @@ -26,27 +30,30 @@ krb5_store_password_if_offline = false krb5_renew_interval = 0 EOM - ) + ) } end context 'with optional parameters' do - let(:params) {{ - :krb5_server => 'test.example.domain', - :krb5_realm => 'EXAMPLE.REALM', - :debug_level => '0x0080', - :krb5_kpasswd => 'the_krb5_kpasswd', - :krb5_ccachedir => '/alternate/krb5/ccache/dir', - :krb5_ccname_template => '/alternate/krb5/ccname/template', - :krb5_keytab => '/alternate/krb5/keytab', - :krb5_renewable_lifetime => '60m', - :krb5_lifetime => '90m', - :krb5_use_fast => 'try' - }} + let(:params) do + { + krb5_server: 'test.example.domain', + krb5_realm: 'EXAMPLE.REALM', + debug_level: '0x0080', + krb5_kpasswd: 'the_krb5_kpasswd', + krb5_ccachedir: '/alternate/krb5/ccache/dir', + krb5_ccname_template: '/alternate/krb5/ccname/template', + krb5_keytab: '/alternate/krb5/keytab', + krb5_renewable_lifetime: '60m', + krb5_lifetime: '90m', + krb5_use_fast: 'try' + } + end it { is_expected.to compile.with_all_deps } - it { is_expected.to create_sssd__config__entry("puppet_provider_#{title}_krb5") - .with_content(<<~EOM + it { + is_expected.to create_sssd__config__entry("puppet_provider_#{title}_krb5") + .with_content(<<~EOM, [domain/krb5_test_domain] # sssd::provider::krb5 debug_level = 0x0080 @@ -66,7 +73,7 @@ krb5_renew_interval = 0 krb5_use_fast = try EOM - ) + ) } end end diff --git a/spec/defines/provider/ldap_spec.rb b/spec/defines/provider/ldap_spec.rb index b1106dc..6719f47 100644 --- a/spec/defines/provider/ldap_spec.rb +++ b/spec/defines/provider/ldap_spec.rb @@ -6,13 +6,13 @@ describe 'sssd::provider::ldap' do on_supported_os.each do |os, os_facts| context "on #{os}" do - let(:facts) { os_facts} + let(:facts) { os_facts } let(:title) { 'ldap' } context 'with sssd_version 1.16.0' do - let(:facts) { - os_facts.merge({:sssd_version => '1.16.0'}) - } + let(:facts) do + os_facts.merge({ sssd_version: '1.16.0' }) + end it do ldap_tls_cipher_suite = 'ldap_tls_cipher_suite = HIGH:-SSLv2' @@ -59,9 +59,9 @@ end context 'with sssd_version > 2.0.0 ' do - let(:facts) { - os_facts.merge({:sssd_version => '2.2.0'}) - } + let(:facts) do + os_facts.merge({ sssd_version: '2.2.0' }) + end it do ldap_tls_cipher_suite = 'ldap_tls_cipher_suite = HIGH:-SSLv2' @@ -106,205 +106,209 @@ end context 'with ldap_user_cert set' do - let(:params) {{ :ldap_user_cert => 'userCertificate;binary' }} - + let(:params) { { ldap_user_cert: 'userCertificate;binary' } } + it { is_expected.to compile.with_all_deps } it { is_expected.to create_sssd__config__entry("puppet_provider_#{title}_ldap") - .with_content(%r(ldap_user_cert = userCertificate;binary)) + .with_content(%r{ldap_user_cert = userCertificate;binary}) } end context 'with app_pki_ca_dir set' do - let(:params) {{ :app_pki_ca_dir => '/path/to/ca' }} + let(:params) { { app_pki_ca_dir: '/path/to/ca' } } it { is_expected.to compile.with_all_deps } it { is_expected.to create_sssd__config__entry("puppet_provider_#{title}_ldap") - .with_content(%r(ldap_tls_cacertdir = /path/to/ca)) + .with_content(%r{ldap_tls_cacertdir = /path/to/ca}) } end context 'with app_pki_key set' do - let(:params) {{ :app_pki_key => '/path/to/private/fqdn.pem' }} + let(:params) { { app_pki_key: '/path/to/private/fqdn.pem' } } it { is_expected.to compile.with_all_deps } it { is_expected.to create_sssd__config__entry("puppet_provider_#{title}_ldap") - .with_content(%r(ldap_tls_key = /path/to/private/fqdn.pem)) + .with_content(%r{ldap_tls_key = /path/to/private/fqdn.pem}) } end context 'with app_pki_cert set' do - let(:params) {{ :app_pki_cert => '/path/to/public/fqdn.pub' }} + let(:params) { { app_pki_cert: '/path/to/public/fqdn.pub' } } it { is_expected.to compile.with_all_deps } it { is_expected.to create_sssd__config__entry("puppet_provider_#{title}_ldap") - .with_content(%r(ldap_tls_cert = /path/to/public/fqdn.pub)) + .with_content(%r{ldap_tls_cert = /path/to/public/fqdn.pub}) } end context 'with empty ldap_account_expire_policy' do - let(:params) {{ :ldap_account_expire_policy => '' }} + let(:params) { { ldap_account_expire_policy: '' } } it { is_expected.to compile.with_all_deps } it { is_expected.to create_sssd__config__entry("puppet_provider_#{title}_ldap") - .without_content(%r(ldap_account_expire_policy)) + .without_content(%r{ldap_account_expire_policy}) } end context 'with multiple ldap_uri values' do - let(:params) {{ - :ldap_uri => ['ldap://test1.example.domain', 'ldap://test2.example.domain'] - }} + let(:params) do + { + ldap_uri: ['ldap://test1.example.domain', 'ldap://test2.example.domain'] + } + end it { is_expected.to compile.with_all_deps } it { is_expected.to create_sssd__config__entry("puppet_provider_#{title}_ldap") - .with_content(%r(ldap_uri = ldap://test1.example.domain,ldap://test2.example.domain)) + .with_content(%r{ldap_uri = ldap://test1.example.domain,ldap://test2.example.domain}) } end context 'with client_tls set to false' do - let(:params) {{ :client_tls => false }} + let(:params) { { client_tls: false } } it { is_expected.to compile.with_all_deps } it { is_expected.to create_sssd__config__entry("puppet_provider_#{title}_ldap") - .without_content(%r(ldap_tls_cacertdir)) - .without_content(%r(ldap_tls_key)) - .without_content(%r(ldap_tls_cert)) + .without_content(%r{ldap_tls_cacertdir}) + .without_content(%r{ldap_tls_key}) + .without_content(%r{ldap_tls_cert}) } end # This set of parameters exercises the logic in the code but is NOT at all # realistic! context 'with other optional parameters set' do - let(:facts) { - os_facts.merge({:sssd_version => '1.16.0'}) - } + let(:facts) do + os_facts.merge({ sssd_version: '1.16.0' }) + end - let(:params) {{ - :debug_level => 3, - :debug_timestamps => false, - :krb5_backup_server => [ '1.2.3.4:5678', 'backup.example.domain'], - :krb5_realm => 'my_krb5_realm', - :krb5_server => [ '1.2.3.5:5678', 'primary.example.domain'], - :ldap_access_filter => 'my_ldap_access_filter', - :ldap_autofs_entry_key => 'my_ldap_autofs_entry_key', - :ldap_autofs_entry_object_class => 'my_ldap_autofs_entry_object_class', - :ldap_autofs_entry_value => 'my_ldap_autofs_entry_value', - :ldap_autofs_map_master_name => 'my_ldap_autofs_map_master_name', - :ldap_autofs_map_name => 'my_ldap_autofs_map_name', - :ldap_autofs_map_object_class => 'my_ldap_autofs_map_object_class', - :ldap_autofs_search_base => 'my_ldap_autofs_search_base', - :ldap_backup_uri => ['ldap://backup1.example.domain', 'ldap://backup2.example.domain'], - :ldap_chpass_backup_uri => ['ldap://backup3.example.domain', 'ldap://backup4.example.domain'], - :ldap_chpass_dns_service_name => 'my_ldap_chpass_dns_service_name', - :ldap_chpass_uri => ['ldap://chpass1.example.domain', 'ldap://chpass2.example.domain'], - :ldap_connection_expire_timeout => 4, - :ldap_default_authtok_type => 'password', - :ldap_deref_threshold => 5, - :ldap_deref => 'finding', - :ldap_dns_service_name => 'my_ldap_dns_service_name', - :ldap_enumeration_refresh_timeout => 6, - :ldap_enumeration_search_timeout => 7, - :ldap_group_gid_number => 'my_ldap_group_gid_number', - :ldap_group_member => 'my_ldap_group_member', - :ldap_group_modify_timestamp => 'my_ldap_group_modify_timestamp', - :ldap_group_name => 'my_ldap_group_name', - :ldap_group_nesting_level => 8, - :ldap_group_object_class => 'my_ldap_group_object_class', - :ldap_group_objectsid => 'my_ldap_group_objectsid', - :ldap_group_search_base => 'my_ldap_group_search_base', - :ldap_group_type => 9, - :ldap_group_uuid => 'my_ldap_group_uuid', - :ldap_idmap_default_domain => 'my_ldap_idmap_default_domain', - :ldap_idmap_default_domain_sid => 'my_ldap_idmap_default_domain_sid', - :ldap_idmap_range_max => 10, - :ldap_idmap_range_min => 11, - :ldap_idmap_range_size => 12, - :ldap_krb5_keytab => '/my_ldap_krb5_keytab', - :ldap_krb5_ticket_lifetime => 13, - :ldap_max_id => 14, - :ldap_min_id => 15, - :ldap_netgroup_member => 'my_ldap_netgroup_member', - :ldap_netgroup_modify_timestamp => 'my_ldap_netgroup_modify_timestamp', - :ldap_netgroup_name => 'my_ldap_netgroup_name', - :ldap_netgroup_object_class => 'my_ldap_netgroup_object_class', - :ldap_netgroup_search_base => 'my_ldap_netgroup_search_base', - :ldap_netgroup_triple => 'my_ldap_netgroup_triple', - :ldap_netgroup_uuid => 'my_ldap_netgroup_uuid', - :ldap_network_timeout => 16, - :ldap_ns_account_lock => 'my_ldap_ns_account_lock', - :ldap_opt_timeout => 17, - :ldap_page_size => 18, - :ldap_purge_cache_timeout => 19, - :ldap_pwdlockout_dn => 'my_ldap_pwdlockout_dn', - :ldap_sasl_authid => 'my_ldap_sasl_authid', - :ldap_sasl_mech => 'my_ldap_sasl_mech', - :ldap_sasl_minssf => 20, - :ldap_sasl_realm => 'my_ldap_sasl_realm', - :ldap_search_timeout => 21, - :ldap_service_name => 'my_ldap_service_name', - :ldap_service_port => 'my_ldap_service_port', - :ldap_service_proto => 'my_ldap_service_proto', - :ldap_service_search_base => 'my_sldap_ervice_search_base', - :ldap_sudo_full_refresh_interval => 22, - :ldap_sudo_hostnames => ['sudo1.example.com', 'sudo2.example.com'], - :ldap_sudo_ip => [ '2.3.4.1', '2.3.4.2'], - :ldap_sudo_search_base => 'my_ldap_sudo_search_base', - :ldap_sudo_smart_refresh_interval => 23, - :ldap_sudorule_command => 'my_ldap_sudorule_command', - :ldap_sudorule_host => 'my_ldap_sudorule_host', - :ldap_sudorule_name => 'my_ldap_sudorule_name', - :ldap_sudorule_notafter => 'my_ldap_sudorule_notafter', - :ldap_sudorule_notbefore => 'my_ldap_sudorule_notbefore', - :ldap_sudorule_object_class => 'my_ldap_sudorule_object_class', - :ldap_sudorule_option => 'my_ldap_sudorule_option', - :ldap_sudorule_order => 'my_ldap_sudorule_order', - :ldap_sudorule_runasgroup => 'my_ldap_sudorule_runasgroup', - :ldap_sudorule_runasuser => 'my_ldap_sudorule_runasuser', - :ldap_sudorule_user => 'my_ldap_sudorule_user', - :ldap_tls_cacert => '/path/to/cacert.pem', - :ldap_user_ad_account_expires => 'my_ldap_user_ad_account_expires', - :ldap_user_ad_user_account_control => 'my_ldap_user_ad_user_account_control', - :ldap_user_authorized_host => 'my_ldap_user_authorized_host', - :ldap_user_authorized_service => 'my_ldap_user_authorized_service', - :ldap_user_extra_attrs => [ 'attr1', 'attr2' ], - :ldap_user_fullname => 'my_ldap_user_fullname', - :ldap_user_gecos => 'my_ldap_user_gecos', - :ldap_user_gid_number => 'my_ldap_user_gid_number', - :ldap_user_home_directory => 'my_ldap_user_home_directory', - :ldap_user_krb_last_pwd_change => 'my_ldap_user_krb_last_pwd_change', - :ldap_user_krb_password_expiration => 'my_ldap_user_krb_password_expiration', - :ldap_user_member_of => 'my_ldap_user_member_of', - :ldap_user_modify_timestamp => 'my_ldap_user_modify_timestamp', - :ldap_user_name => 'my_ldap_user_name', - :ldap_user_nds_login_allowed_time_map => 'my_ldap_user_nds_login_allowed_time_map', - :ldap_user_nds_login_disabled => 'my_ldap_user_nds_login_disabled', - :ldap_user_nds_login_expiration_time => 'my_ldap_user_nds_login_expiration_time', - :ldap_user_object_class => 'my_ldap_user_object_class', - :ldap_user_objectsid => 'my_ldap_user_objectsid', - :ldap_user_principal => 'my_ldap_user_principal', - :ldap_user_search_base => 'my_ldap_user_search_base', - :ldap_user_shadow_expire => 'my_ldap_user_shadow_expire', - :ldap_user_shadow_inactive => 'my_ldap_user_shadow_inactive', - :ldap_user_shadow_last_change => 'my_ldap_user_shadow_last_change', - :ldap_user_shadow_max => 'my_ldap_user_shadow_max', - :ldap_user_shadow_min => 'my_ldap_user_shadow_min', - :ldap_user_shadow_warning => 'my_ldap_user_shadow_warning', - :ldap_user_shell => 'my_ldap_user_shell', - :ldap_user_ssh_public_key => 'my_ldap_user_ssh_public_key', - :ldap_user_uid_number => 'my_ldap_user_uid_number', - :ldap_user_uuid => 'my_ldap_user_uuid' - }} + let(:params) do + { + debug_level: 3, + debug_timestamps: false, + krb5_backup_server: [ '1.2.3.4:5678', 'backup.example.domain'], + krb5_realm: 'my_krb5_realm', + krb5_server: [ '1.2.3.5:5678', 'primary.example.domain'], + ldap_access_filter: 'my_ldap_access_filter', + ldap_autofs_entry_key: 'my_ldap_autofs_entry_key', + ldap_autofs_entry_object_class: 'my_ldap_autofs_entry_object_class', + ldap_autofs_entry_value: 'my_ldap_autofs_entry_value', + ldap_autofs_map_master_name: 'my_ldap_autofs_map_master_name', + ldap_autofs_map_name: 'my_ldap_autofs_map_name', + ldap_autofs_map_object_class: 'my_ldap_autofs_map_object_class', + ldap_autofs_search_base: 'my_ldap_autofs_search_base', + ldap_backup_uri: ['ldap://backup1.example.domain', 'ldap://backup2.example.domain'], + ldap_chpass_backup_uri: ['ldap://backup3.example.domain', 'ldap://backup4.example.domain'], + ldap_chpass_dns_service_name: 'my_ldap_chpass_dns_service_name', + ldap_chpass_uri: ['ldap://chpass1.example.domain', 'ldap://chpass2.example.domain'], + ldap_connection_expire_timeout: 4, + ldap_default_authtok_type: 'password', + ldap_deref_threshold: 5, + ldap_deref: 'finding', + ldap_dns_service_name: 'my_ldap_dns_service_name', + ldap_enumeration_refresh_timeout: 6, + ldap_enumeration_search_timeout: 7, + ldap_group_gid_number: 'my_ldap_group_gid_number', + ldap_group_member: 'my_ldap_group_member', + ldap_group_modify_timestamp: 'my_ldap_group_modify_timestamp', + ldap_group_name: 'my_ldap_group_name', + ldap_group_nesting_level: 8, + ldap_group_object_class: 'my_ldap_group_object_class', + ldap_group_objectsid: 'my_ldap_group_objectsid', + ldap_group_search_base: 'my_ldap_group_search_base', + ldap_group_type: 9, + ldap_group_uuid: 'my_ldap_group_uuid', + ldap_idmap_default_domain: 'my_ldap_idmap_default_domain', + ldap_idmap_default_domain_sid: 'my_ldap_idmap_default_domain_sid', + ldap_idmap_range_max: 10, + ldap_idmap_range_min: 11, + ldap_idmap_range_size: 12, + ldap_krb5_keytab: '/my_ldap_krb5_keytab', + ldap_krb5_ticket_lifetime: 13, + ldap_max_id: 14, + ldap_min_id: 15, + ldap_netgroup_member: 'my_ldap_netgroup_member', + ldap_netgroup_modify_timestamp: 'my_ldap_netgroup_modify_timestamp', + ldap_netgroup_name: 'my_ldap_netgroup_name', + ldap_netgroup_object_class: 'my_ldap_netgroup_object_class', + ldap_netgroup_search_base: 'my_ldap_netgroup_search_base', + ldap_netgroup_triple: 'my_ldap_netgroup_triple', + ldap_netgroup_uuid: 'my_ldap_netgroup_uuid', + ldap_network_timeout: 16, + ldap_ns_account_lock: 'my_ldap_ns_account_lock', + ldap_opt_timeout: 17, + ldap_page_size: 18, + ldap_purge_cache_timeout: 19, + ldap_pwdlockout_dn: 'my_ldap_pwdlockout_dn', + ldap_sasl_authid: 'my_ldap_sasl_authid', + ldap_sasl_mech: 'my_ldap_sasl_mech', + ldap_sasl_minssf: 20, + ldap_sasl_realm: 'my_ldap_sasl_realm', + ldap_search_timeout: 21, + ldap_service_name: 'my_ldap_service_name', + ldap_service_port: 'my_ldap_service_port', + ldap_service_proto: 'my_ldap_service_proto', + ldap_service_search_base: 'my_sldap_ervice_search_base', + ldap_sudo_full_refresh_interval: 22, + ldap_sudo_hostnames: ['sudo1.example.com', 'sudo2.example.com'], + ldap_sudo_ip: [ '2.3.4.1', '2.3.4.2'], + ldap_sudo_search_base: 'my_ldap_sudo_search_base', + ldap_sudo_smart_refresh_interval: 23, + ldap_sudorule_command: 'my_ldap_sudorule_command', + ldap_sudorule_host: 'my_ldap_sudorule_host', + ldap_sudorule_name: 'my_ldap_sudorule_name', + ldap_sudorule_notafter: 'my_ldap_sudorule_notafter', + ldap_sudorule_notbefore: 'my_ldap_sudorule_notbefore', + ldap_sudorule_object_class: 'my_ldap_sudorule_object_class', + ldap_sudorule_option: 'my_ldap_sudorule_option', + ldap_sudorule_order: 'my_ldap_sudorule_order', + ldap_sudorule_runasgroup: 'my_ldap_sudorule_runasgroup', + ldap_sudorule_runasuser: 'my_ldap_sudorule_runasuser', + ldap_sudorule_user: 'my_ldap_sudorule_user', + ldap_tls_cacert: '/path/to/cacert.pem', + ldap_user_ad_account_expires: 'my_ldap_user_ad_account_expires', + ldap_user_ad_user_account_control: 'my_ldap_user_ad_user_account_control', + ldap_user_authorized_host: 'my_ldap_user_authorized_host', + ldap_user_authorized_service: 'my_ldap_user_authorized_service', + ldap_user_extra_attrs: [ 'attr1', 'attr2' ], + ldap_user_fullname: 'my_ldap_user_fullname', + ldap_user_gecos: 'my_ldap_user_gecos', + ldap_user_gid_number: 'my_ldap_user_gid_number', + ldap_user_home_directory: 'my_ldap_user_home_directory', + ldap_user_krb_last_pwd_change: 'my_ldap_user_krb_last_pwd_change', + ldap_user_krb_password_expiration: 'my_ldap_user_krb_password_expiration', + ldap_user_member_of: 'my_ldap_user_member_of', + ldap_user_modify_timestamp: 'my_ldap_user_modify_timestamp', + ldap_user_name: 'my_ldap_user_name', + ldap_user_nds_login_allowed_time_map: 'my_ldap_user_nds_login_allowed_time_map', + ldap_user_nds_login_disabled: 'my_ldap_user_nds_login_disabled', + ldap_user_nds_login_expiration_time: 'my_ldap_user_nds_login_expiration_time', + ldap_user_object_class: 'my_ldap_user_object_class', + ldap_user_objectsid: 'my_ldap_user_objectsid', + ldap_user_principal: 'my_ldap_user_principal', + ldap_user_search_base: 'my_ldap_user_search_base', + ldap_user_shadow_expire: 'my_ldap_user_shadow_expire', + ldap_user_shadow_inactive: 'my_ldap_user_shadow_inactive', + ldap_user_shadow_last_change: 'my_ldap_user_shadow_last_change', + ldap_user_shadow_max: 'my_ldap_user_shadow_max', + ldap_user_shadow_min: 'my_ldap_user_shadow_min', + ldap_user_shadow_warning: 'my_ldap_user_shadow_warning', + ldap_user_shell: 'my_ldap_user_shell', + ldap_user_ssh_public_key: 'my_ldap_user_ssh_public_key', + ldap_user_uid_number: 'my_ldap_user_uid_number', + ldap_user_uuid: 'my_ldap_user_uuid' + } + end - it { is_expected.to compile.with_all_deps } - it do - expected = <<~EXPECTED + it { is_expected.to compile.with_all_deps } + it do + expected = <<~EXPECTED [domain/#{title}] # sssd::provider::ldap debug_level = 3 @@ -454,10 +458,9 @@ ldap_user_uuid = my_ldap_user_uuid EXPECTED - is_expected.to create_sssd__config__entry("puppet_provider_#{title}_ldap").with_content(expected) + is_expected.to create_sssd__config__entry("puppet_provider_#{title}_ldap").with_content(expected) end end end end end - diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index ef4fe64..acc4013 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,4 +1,5 @@ # frozen_string_literal: true + # # ------------------------------------------------------------------------------ # NOTICE: **This file is maintained with puppetsync** @@ -90,7 +91,7 @@ def set_hieradata(hieradata) # If nothing else... c.default_facts = { production: { - #:fqdn => 'production.rspec.test.localdomain', + # :fqdn => 'production.rspec.test.localdomain', path: '/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin', concat_basedir: '/tmp' } @@ -150,9 +151,9 @@ def set_hieradata(hieradata) # sanitize hieradata if defined?(hieradata) - set_hieradata(hieradata.gsub(':', '_')) + set_hieradata(hieradata.tr(':', '_')) elsif defined?(class_name) - set_hieradata(class_name.gsub(':', '_')) + set_hieradata(class_name.tr(':', '_')) end end @@ -164,9 +165,7 @@ def set_hieradata(hieradata) end Dir.glob("#{RSpec.configuration.module_path}/*").each do |dir| - begin - Pathname.new(dir).realpath - rescue StandardError - raise "ERROR: The module '#{dir}' is not installed. Tests cannot continue." - end + Pathname.new(dir).realpath +rescue StandardError + raise "ERROR: The module '#{dir}' is not installed. Tests cannot continue." end diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index 11e2466..2bef8ce 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -24,7 +24,7 @@ hosts.each do |host| # https://petersouter.co.uk/testing-windows-puppet-with-beaker/ case host['platform'] - when /windows/ + when %r{windows} GEOTRUST_GLOBAL_CA = <<-EOM.freeze -----BEGIN CERTIFICATE----- MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT @@ -51,7 +51,6 @@ end end - RSpec.configure do |c| # ensure that environment OS is ready on each host fix_errata_on(hosts) @@ -61,30 +60,26 @@ # Configure all nodes in nodeset c.before :suite do + nonwin = hosts.dup + nonwin.delete_if { |h| h[:platform].include?('windows') } + # Install modules and dependencies from spec/fixtures/modules + copy_fixture_modules_to(nonwin) begin - nonwin = hosts.dup - nonwin.delete_if {|h| h[:platform] =~ /windows/ } - # Install modules and dependencies from spec/fixtures/modules - copy_fixture_modules_to( nonwin ) - begin - server = only_host_with_role(nonwin, 'server') - rescue ArgumentError => e - server = only_host_with_role(nonwin, 'default') - end - # Generate and install PKI certificates on each SUT - Dir.mktmpdir do |cert_dir| - run_fake_pki_ca_on(server, nonwin, cert_dir ) - nonwin.each{ |sut| copy_pki_to( sut, cert_dir, '/etc/pki/simp-testing' )} - end - - # add PKI keys - copy_keydist_to(server) - rescue StandardError, ScriptError => e - if ENV['PRY'] - require 'pry'; binding.pry - else - raise e - end + server = only_host_with_role(nonwin, 'server') + rescue ArgumentError => e + server = only_host_with_role(nonwin, 'default') end + # Generate and install PKI certificates on each SUT + Dir.mktmpdir do |cert_dir| + run_fake_pki_ca_on(server, nonwin, cert_dir) + nonwin.each { |sut| copy_pki_to(sut, cert_dir, '/etc/pki/simp-testing') } + end + + # add PKI keys + copy_keydist_to(server) + rescue StandardError, ScriptError => e + raise e unless ENV['PRY'] + require 'pry' + binding.pry end end diff --git a/spec/unit/compliance_engine/compliance_engine_enforce_spec.rb b/spec/unit/compliance_engine/compliance_engine_enforce_spec.rb index bd5a6d8..5a57212 100644 --- a/spec/unit/compliance_engine/compliance_engine_enforce_spec.rb +++ b/spec/unit/compliance_engine/compliance_engine_enforce_spec.rb @@ -7,10 +7,9 @@ # This is the class that needs to be added to the catalog last to make the # reporting work. describe 'compliance_markup', type: :class do - compliance_profiles = [ 'disa_stig', - 'nist_800_53:rev4' + 'nist_800_53:rev4', ] # A list of classes that we expect to be included for compliance @@ -20,60 +19,61 @@ expected_classes = [ 'sssd', 'sssd::service::pam', - 'sssd::service::ssh' + 'sssd::service::ssh', ] allowed_failures = { 'documented_missing_parameters' => [ - ] + expected_classes.map{|c| Regexp.new("^(?!#{c}(::.*)?)")}, + ] + expected_classes.map { |c| Regexp.new("^(?!#{c}(::.*)?)") }, 'documented_missing_resources' => [ - ] + expected_classes.map{|c| Regexp.new("^(?!#{c}(::.*)?)")} + ] + expected_classes.map { |c| Regexp.new("^(?!#{c}(::.*)?)") } } # Add any defined types that are necessary for full evaluation here - let(:required_defined_types){<<-EOM + let(:required_defined_types) do + <<-EOM sssd::provider::ldap{ 'test': } EOM - } + end on_supported_os.each do |os, os_facts| context "on #{os}" do compliance_profiles.each do |target_profile| context "with compliance profile '#{target_profile}'" do - let(:facts){ + let(:facts) do os_facts.merge({ - :target_compliance_profile => target_profile - }) - } - - let(:pre_condition) {%( - #{required_defined_types} - #{expected_classes.map{|c| %{include #{c}}}.join("\n")} - )} - - let(:hieradata){ 'compliance-engine' } - - it { is_expected.to compile } - - let(:compliance_report) { - @compliance_report ||= JSON.load( - catalogue.resource("File[#{facts[:puppet_vardir]}/compliance_report.json]")[:content] + target_compliance_profile: target_profile + }) + end + let(:compliance_report) do + @compliance_report ||= JSON.parse( + catalogue.resource("File[#{facts[:puppet_vardir]}/compliance_report.json]")[:content], ) @compliance_report - } - - let(:compliance_profile_data) { + end + let(:compliance_profile_data) do @compliance_profile_data ||= compliance_report['compliance_profiles'][target_profile] @compliance_profile_data - } + end + + let(:pre_condition) do + %( + #{required_defined_types} + #{expected_classes.map { |c| %(include #{c}) }.join("\n")} + ) + end + + let(:hieradata) { 'compliance-engine' } + + it { is_expected.to compile } - it 'should have a compliance profile report' do - expect(compliance_profile_data).to_not be_nil + it 'has a compliance profile report' do + expect(compliance_profile_data).not_to be_nil end - it 'should have a 100% compliant report' do + it 'has a 100% compliant report' do expect(compliance_profile_data['summary']['percent_compliant']).to eq(100) end @@ -93,29 +93,29 @@ # classes included, this report may be useless and is disabled by # default. # - 'documented_missing_resources' + 'documented_missing_resources', ] report_validators.each do |report_section| - it "should have no issues with the '#{report_section}' report" do + it "has no issues with the '#{report_section}' report" do if compliance_profile_data[report_section] # This just gets us a good print out of what went wrong - compliance_profile_data[report_section].delete_if{ |item| - rm = false - - Array(allowed_failures[report_section]).each do |allowed| - if allowed.is_a?(Regexp) - if allowed.match?(item) - rm = true - break - end - else - rm = (allowed == item) + compliance_profile_data[report_section].delete_if do |item| + rm = false + + Array(allowed_failures[report_section]).each do |allowed| + if allowed.is_a?(Regexp) + if allowed.match?(item) + rm = true + break end + else + rm = (allowed == item) end + end - rm - } + rm + end expect(compliance_profile_data[report_section]).to eq([]) end