diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile new file mode 100644 index 0000000..12ed4ff --- /dev/null +++ b/.devcontainer/Dockerfile @@ -0,0 +1,6 @@ +FROM puppet/pdk:latest + +# [Optional] Uncomment this section to install additional packages. +# RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \ +# && apt-get -y install --no-install-recommends + diff --git a/.devcontainer/README.md b/.devcontainer/README.md new file mode 100644 index 0000000..cc4675e --- /dev/null +++ b/.devcontainer/README.md @@ -0,0 +1,34 @@ +# devcontainer + + +For format details, see https://aka.ms/devcontainer.json. + +For config options, see the README at: +https://github.com/microsoft/vscode-dev-containers/tree/v0.140.1/containers/puppet + +``` json +{ + "name": "Puppet Development Kit (Community)", + "dockerFile": "Dockerfile", + + // Set *default* container specific settings.json values on container create. + "settings": { + "terminal.integrated.shell.linux": "/bin/bash" + }, + + // Add the IDs of extensions you want installed when the container is created. + "extensions": [ + "puppet.puppet-vscode", + "rebornix.Ruby" + ] + + // Use 'forwardPorts' to make a list of ports inside the container available locally. + "forwardPorts": [], + + // Use 'postCreateCommand' to run commands after the container is created. + "postCreateCommand": "pdk --version", +} +``` + + + diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100644 index 0000000..fe7a8b1 --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,17 @@ +{ + "name": "Puppet Development Kit (Community)", + "dockerFile": "Dockerfile", + + "settings": { + "terminal.integrated.profiles.linux": { + "bash": { + "path": "bash", + } + } + }, + + "extensions": [ + "puppet.puppet-vscode", + "rebornix.Ruby" + ] +} diff --git a/.fixtures.yml b/.fixtures.yml index f381620..2296adb 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -1,5 +1,6 @@ +# This file can be used to install module dependencies for unit testing +# See https://github.com/puppetlabs/puppetlabs_spec_helper#using-fixtures for details +--- fixtures: - repositories: - "stdlib": "git://github.com/puppetlabs/puppetlabs-stdlib.git" - symlinks: - "nslcd": "#{source_dir}" + forge_modules: +# stdlib: "puppetlabs/stdlib" diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9032a01 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,5 @@ +*.rb eol=lf +*.erb eol=lf +*.pp eol=lf +*.sh eol=lf +*.epp eol=lf diff --git a/.gitignore b/.gitignore index 650022e..988dcbb 100644 --- a/.gitignore +++ b/.gitignore @@ -22,3 +22,7 @@ /convert_report.txt /update_report.txt .DS_Store +.project +.envrc +/inventory.yaml +/spec/fixtures/litmus_inventory.yaml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index e369e3c..6d5e786 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -3,39 +3,51 @@ stages: - syntax - unit -cache: - paths: - - vendor/bundle +default: + cache: + paths: + - vendor/bundle -before_script: - - bundle -v - - rm Gemfile.lock || true - - gem update --system - - gem --version - - bundle -v - - bundle install --without system_tests --path vendor/bundle --jobs $(nproc) + before_script: &before_script + - bundle -v + - rm Gemfile.lock || true + - "# Update system gems if requested. This is useful to temporarily workaround troubles in the test runner" + - "# Set `rubygems_version` in the .sync.yml to set a value" + - "# Ignore exit code of SIGPIPE'd yes to not fail with shell's pipefail set" + - '[ -z "$RUBYGEMS_VERSION" ] || (yes || true) | gem update --system $RUBYGEMS_VERSION' + - gem --version + - bundle -v + - bundle install --without system_tests --path vendor/bundle --jobs $(nproc) -parallel_spec-Ruby 2.1.9-Puppet ~> 4.0: - stage: unit - image: ruby:2.1.9 - script: - - bundle exec rake parallel_spec - variables: - PUPPET_GEM_VERSION: '~> 4.0' - -syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop-Ruby 2.4.4-Puppet ~> 5.5: +validate lint check rubocop-Ruby 2.5.7-Puppet ~> 6: stage: syntax - image: ruby:2.4.4 + image: ruby:2.5.7 script: - - bundle exec rake syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop + - bundle exec rake validate lint check rubocop variables: - PUPPET_GEM_VERSION: '~> 5.5' + PUPPET_GEM_VERSION: '~> 6' -parallel_spec-Ruby 2.4.4-Puppet ~> 5.5: +parallel_spec-Ruby 2.5.7-Puppet ~> 6: stage: unit - image: ruby:2.4.4 + image: ruby:2.5.7 script: - bundle exec rake parallel_spec variables: - PUPPET_GEM_VERSION: '~> 5.5' + PUPPET_GEM_VERSION: '~> 6' + +validate lint check rubocop-Ruby 2.7.2-Puppet ~> 7: + stage: syntax + image: ruby:2.7.2 + script: + - bundle exec rake validate lint check rubocop + variables: + PUPPET_GEM_VERSION: '~> 7' + +parallel_spec-Ruby 2.7.2-Puppet ~> 7: + stage: unit + image: ruby:2.7.2 + script: + - bundle exec rake parallel_spec + variables: + PUPPET_GEM_VERSION: '~> 7' diff --git a/.pdkignore b/.pdkignore index 650022e..c538bea 100644 --- a/.pdkignore +++ b/.pdkignore @@ -22,3 +22,26 @@ /convert_report.txt /update_report.txt .DS_Store +.project +.envrc +/inventory.yaml +/spec/fixtures/litmus_inventory.yaml +/appveyor.yml +/.editorconfig +/.fixtures.yml +/Gemfile +/.gitattributes +/.gitignore +/.gitlab-ci.yml +/.pdkignore +/.puppet-lint.rc +/Rakefile +/rakelib/ +/.rspec +/.rubocop.yml +/.travis.yml +/.yardopts +/spec/ +/.vscode/ +/.sync.yml +/.devcontainer/ diff --git a/.puppet-lint.rc b/.puppet-lint.rc new file mode 100644 index 0000000..cc96ece --- /dev/null +++ b/.puppet-lint.rc @@ -0,0 +1 @@ +--relative diff --git a/.rubocop.yml b/.rubocop.yml index b5d66cd..8f782e7 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -1,10 +1,12 @@ --- -require: rubocop-rspec +require: +- rubocop-performance +- rubocop-rspec AllCops: DisplayCopNames: true - TargetRubyVersion: '2.1' + TargetRubyVersion: '2.4' Include: - - "./**/*.rb" + - "**/*.rb" Exclude: - bin/* - ".vendor/**/*" @@ -16,7 +18,7 @@ AllCops: - "**/Puppetfile" - "**/Vagrantfile" - "**/Guardfile" -Metrics/LineLength: +Layout/LineLength: Description: People have wide screens, use them. Max: 200 RSpec/BeforeAfterAll: @@ -27,6 +29,9 @@ RSpec/BeforeAfterAll: RSpec/HookArgument: Description: Prefer explicit :each argument, matching existing module's style EnforcedStyle: each +RSpec/DescribeSymbol: + Exclude: + - spec/unit/facter/**/*.rb Style/BlockDelimiters: Description: Prefer braces for chaining. Mostly an aesthetical choice. Better to be consistent then. @@ -59,7 +64,7 @@ Style/TrailingCommaInArguments: Description: Prefer always trailing comma on multiline argument lists. This makes diffs, and re-ordering nicer. EnforcedStyleForMultiline: comma -Style/TrailingCommaInLiteral: +Style/TrailingCommaInArrayLiteral: Description: Prefer always trailing comma on multiline literals. This makes diffs, and re-ordering nicer. EnforcedStyleForMultiline: comma @@ -74,20 +79,170 @@ Style/Documentation: - spec/**/* Style/WordArray: EnforcedStyle: brackets +Performance/AncestorsInclude: + Enabled: true +Performance/BigDecimalWithNumericArgument: + Enabled: true +Performance/BlockGivenWithExplicitBlock: + Enabled: true +Performance/CaseWhenSplat: + Enabled: true +Performance/ConstantRegexp: + Enabled: true +Performance/MethodObjectAsBlock: + Enabled: true +Performance/RedundantSortBlock: + Enabled: true +Performance/RedundantStringChars: + Enabled: true +Performance/ReverseFirst: + Enabled: true +Performance/SortReverse: + Enabled: true +Performance/Squeeze: + Enabled: true +Performance/StringInclude: + Enabled: true +Performance/Sum: + Enabled: true Style/CollectionMethods: Enabled: true Style/MethodCalledOnDoEndBlock: Enabled: true Style/StringMethods: Enabled: true +Bundler/InsecureProtocolSource: + Enabled: false +Gemspec/DuplicatedAssignment: + Enabled: false +Gemspec/OrderedDependencies: + Enabled: false +Gemspec/RequiredRubyVersion: + Enabled: false +Gemspec/RubyVersionGlobalsUsage: + Enabled: false +Layout/ArgumentAlignment: + Enabled: false +Layout/BeginEndAlignment: + Enabled: false +Layout/ClosingHeredocIndentation: + Enabled: false +Layout/EmptyComment: + Enabled: false +Layout/EmptyLineAfterGuardClause: + Enabled: false +Layout/EmptyLinesAroundArguments: + Enabled: false +Layout/EmptyLinesAroundAttributeAccessor: + Enabled: false Layout/EndOfLine: Enabled: false +Layout/FirstArgumentIndentation: + Enabled: false +Layout/HashAlignment: + Enabled: false Layout/HeredocIndentation: Enabled: false +Layout/LeadingEmptyLines: + Enabled: false +Layout/SpaceAroundMethodCallOperator: + Enabled: false +Layout/SpaceInsideArrayLiteralBrackets: + Enabled: false +Layout/SpaceInsideReferenceBrackets: + Enabled: false +Lint/BigDecimalNew: + Enabled: false +Lint/BooleanSymbol: + Enabled: false +Lint/ConstantDefinitionInBlock: + Enabled: false +Lint/DeprecatedOpenSSLConstant: + Enabled: false +Lint/DisjunctiveAssignmentInConstructor: + Enabled: false +Lint/DuplicateElsifCondition: + Enabled: false +Lint/DuplicateRequire: + Enabled: false +Lint/DuplicateRescueException: + Enabled: false +Lint/EmptyConditionalBody: + Enabled: false +Lint/EmptyFile: + Enabled: false +Lint/ErbNewArguments: + Enabled: false +Lint/FloatComparison: + Enabled: false +Lint/HashCompareByIdentity: + Enabled: false +Lint/IdentityComparison: + Enabled: false +Lint/InterpolationCheck: + Enabled: false +Lint/MissingCopEnableDirective: + Enabled: false +Lint/MixedRegexpCaptureTypes: + Enabled: false +Lint/NestedPercentLiteral: + Enabled: false +Lint/NonDeterministicRequireOrder: + Enabled: false +Lint/OrderedMagicComments: + Enabled: false +Lint/OutOfRangeRegexpRef: + Enabled: false +Lint/RaiseException: + Enabled: false +Lint/RedundantCopEnableDirective: + Enabled: false +Lint/RedundantRequireStatement: + Enabled: false +Lint/RedundantSafeNavigation: + Enabled: false +Lint/RedundantWithIndex: + Enabled: false +Lint/RedundantWithObject: + Enabled: false +Lint/RegexpAsCondition: + Enabled: false +Lint/ReturnInVoidContext: + Enabled: false +Lint/SafeNavigationConsistency: + Enabled: false +Lint/SafeNavigationWithEmpty: + Enabled: false +Lint/SelfAssignment: + Enabled: false +Lint/SendWithMixinArgument: + Enabled: false +Lint/ShadowedArgument: + Enabled: false +Lint/StructNewOverride: + Enabled: false +Lint/ToJSON: + Enabled: false +Lint/TopLevelReturnWithArgument: + Enabled: false +Lint/TrailingCommaInAttributeDeclaration: + Enabled: false +Lint/UnreachableLoop: + Enabled: false +Lint/UriEscapeUnescape: + Enabled: false +Lint/UriRegexp: + Enabled: false +Lint/UselessMethodDefinition: + Enabled: false +Lint/UselessTimes: + Enabled: false Metrics/AbcSize: Enabled: false Metrics/BlockLength: Enabled: false +Metrics/BlockNesting: + Enabled: false Metrics/ClassLength: Enabled: false Metrics/CyclomaticComplexity: @@ -100,19 +255,265 @@ Metrics/ParameterLists: Enabled: false Metrics/PerceivedComplexity: Enabled: false +Migration/DepartmentName: + Enabled: false +Naming/AccessorMethodName: + Enabled: false +Naming/BlockParameterName: + Enabled: false +Naming/HeredocDelimiterCase: + Enabled: false +Naming/HeredocDelimiterNaming: + Enabled: false +Naming/MemoizedInstanceVariableName: + Enabled: false +Naming/MethodParameterName: + Enabled: false +Naming/RescuedExceptionsVariableName: + Enabled: false +Naming/VariableNumber: + Enabled: false +Performance/BindCall: + Enabled: false +Performance/DeletePrefix: + Enabled: false +Performance/DeleteSuffix: + Enabled: false +Performance/InefficientHashSearch: + Enabled: false +Performance/UnfreezeString: + Enabled: false +Performance/UriDefaultParser: + Enabled: false +RSpec/Be: + Enabled: false +RSpec/Capybara/CurrentPathExpectation: + Enabled: false +RSpec/Capybara/FeatureMethods: + Enabled: false +RSpec/Capybara/VisibilityMatcher: + Enabled: false +RSpec/ContextMethod: + Enabled: false +RSpec/ContextWording: + Enabled: false RSpec/DescribeClass: Enabled: false +RSpec/EmptyHook: + Enabled: false +RSpec/EmptyLineAfterExample: + Enabled: false +RSpec/EmptyLineAfterExampleGroup: + Enabled: false +RSpec/EmptyLineAfterHook: + Enabled: false RSpec/ExampleLength: Enabled: false -RSpec/MessageExpectation: +RSpec/ExampleWithoutDescription: + Enabled: false +RSpec/ExpectChange: + Enabled: false +RSpec/ExpectInHook: + Enabled: false +RSpec/FactoryBot/AttributeDefinedStatically: + Enabled: false +RSpec/FactoryBot/CreateList: + Enabled: false +RSpec/FactoryBot/FactoryClassName: + Enabled: false +RSpec/HooksBeforeExamples: + Enabled: false +RSpec/ImplicitBlockExpectation: + Enabled: false +RSpec/ImplicitSubject: + Enabled: false +RSpec/LeakyConstantDeclaration: + Enabled: false +RSpec/LetBeforeExamples: + Enabled: false +RSpec/MissingExampleGroupArgument: Enabled: false RSpec/MultipleExpectations: Enabled: false +RSpec/MultipleMemoizedHelpers: + Enabled: false +RSpec/MultipleSubjects: + Enabled: false RSpec/NestedGroups: Enabled: false +RSpec/PredicateMatcher: + Enabled: false +RSpec/ReceiveCounts: + Enabled: false +RSpec/ReceiveNever: + Enabled: false +RSpec/RepeatedExampleGroupBody: + Enabled: false +RSpec/RepeatedExampleGroupDescription: + Enabled: false +RSpec/RepeatedIncludeExample: + Enabled: false +RSpec/ReturnFromStub: + Enabled: false +RSpec/SharedExamples: + Enabled: false +RSpec/StubbedMock: + Enabled: false +RSpec/UnspecifiedException: + Enabled: false +RSpec/VariableDefinition: + Enabled: false +RSpec/VoidExpect: + Enabled: false +RSpec/Yield: + Enabled: false +Security/Open: + Enabled: false +Style/AccessModifierDeclarations: + Enabled: false +Style/AccessorGrouping: + Enabled: false Style/AsciiComments: Enabled: false +Style/BisectedAttrAccessor: + Enabled: false +Style/CaseLikeIf: + Enabled: false +Style/ClassEqualityComparison: + Enabled: false +Style/ColonMethodDefinition: + Enabled: false +Style/CombinableLoops: + Enabled: false +Style/CommentedKeyword: + Enabled: false +Style/Dir: + Enabled: false +Style/DoubleCopDisableDirective: + Enabled: false +Style/EmptyBlockParameter: + Enabled: false +Style/EmptyLambdaParameter: + Enabled: false +Style/Encoding: + Enabled: false +Style/EvalWithLocation: + Enabled: false +Style/ExpandPathArguments: + Enabled: false +Style/ExplicitBlockArgument: + Enabled: false +Style/ExponentialNotation: + Enabled: false +Style/FloatDivision: + Enabled: false +Style/FrozenStringLiteralComment: + Enabled: false +Style/GlobalStdStream: + Enabled: false +Style/HashAsLastArrayItem: + Enabled: false +Style/HashLikeCase: + Enabled: false +Style/HashTransformKeys: + Enabled: false +Style/HashTransformValues: + Enabled: false Style/IfUnlessModifier: Enabled: false +Style/KeywordParametersOrder: + Enabled: false +Style/MinMax: + Enabled: false +Style/MixinUsage: + Enabled: false +Style/MultilineWhenThen: + Enabled: false +Style/NegatedUnless: + Enabled: false +Style/NumericPredicate: + Enabled: false +Style/OptionalBooleanParameter: + Enabled: false +Style/OrAssignment: + Enabled: false +Style/RandomWithOffset: + Enabled: false +Style/RedundantAssignment: + Enabled: false +Style/RedundantCondition: + Enabled: false +Style/RedundantConditional: + Enabled: false +Style/RedundantFetchBlock: + Enabled: false +Style/RedundantFileExtensionInRequire: + Enabled: false +Style/RedundantRegexpCharacterClass: + Enabled: false +Style/RedundantRegexpEscape: + Enabled: false +Style/RedundantSelfAssignment: + Enabled: false +Style/RedundantSort: + Enabled: false +Style/RescueStandardError: + Enabled: false +Style/SingleArgumentDig: + Enabled: false +Style/SlicingWithRange: + Enabled: false +Style/SoleNestedConditional: + Enabled: false +Style/StderrPuts: + Enabled: false +Style/StringConcatenation: + Enabled: false +Style/Strip: + Enabled: false Style/SymbolProc: Enabled: false +Style/TrailingBodyOnClass: + Enabled: false +Style/TrailingBodyOnMethodDefinition: + Enabled: false +Style/TrailingBodyOnModule: + Enabled: false +Style/TrailingCommaInHashLiteral: + Enabled: false +Style/TrailingMethodEndStatement: + Enabled: false +Style/UnpackFirst: + Enabled: false +Lint/DuplicateBranch: + Enabled: false +Lint/DuplicateRegexpCharacterClassElement: + Enabled: false +Lint/EmptyBlock: + Enabled: false +Lint/EmptyClass: + Enabled: false +Lint/NoReturnInBeginEndBlocks: + Enabled: false +Lint/ToEnumArguments: + Enabled: false +Lint/UnexpectedBlockArity: + Enabled: false +Lint/UnmodifiedReduceAccumulator: + Enabled: false +Performance/CollectionLiteralInLoop: + Enabled: false +Style/ArgumentsForwarding: + Enabled: false +Style/CollectionCompact: + Enabled: false +Style/DocumentDynamicEvalDefinition: + Enabled: false +Style/NegatedIfElseCondition: + Enabled: false +Style/NilLambda: + Enabled: false +Style/RedundantArgument: + Enabled: false +Style/SwapValues: + Enabled: false diff --git a/.sync.yml b/.sync.yml new file mode 100644 index 0000000..8c2c98e --- /dev/null +++ b/.sync.yml @@ -0,0 +1,8 @@ +# This file can be used to customize the files managed by PDK. +# +# See https://github.com/puppetlabs/pdk-templates/blob/main/README.md +# for more information. +# +# See https://github.com/puppetlabs/pdk-templates/blob/main/config_defaults.yml +# for the default values. +--- {} diff --git a/.travis.yml b/.travis.yml index 4ea920d..444e17a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,44 +1,45 @@ --- -sudo: false -dist: trusty +os: linux +dist: xenial language: ruby cache: bundler before_install: - bundle -v - rm -f Gemfile.lock - - gem update --system + - "# Update system gems if requested. This is useful to temporarily workaround troubles in the test runner" + - "# See https://github.com/puppetlabs/pdk-templates/commit/705154d5c437796b821691b707156e1b056d244f for an example of how this was used" + - "# Ignore exit code of SIGPIPE'd yes to not fail with shell's pipefail set" + - '[ -z "$RUBYGEMS_VERSION" ] || (yes || true) | gem update --system $RUBYGEMS_VERSION' - gem --version - bundle -v script: - 'bundle exec rake $CHECK' bundler_args: --without system_tests rvm: - - 2.4.4 -env: - global: - - BEAKER_PUPPET_COLLECTION=puppet5 PUPPET_GEM_VERSION="~> 5.0" -matrix: + - 2.5.7 +stages: + - static + - spec + - acceptance + - + if: tag =~ ^v\d + name: deploy +jobs: fast_finish: true include: - - env: CHECK="syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop" + env: CHECK="validate lint check rubocop" + stage: static - - env: CHECK=parallel_spec + env: PUPPET_GEM_VERSION="~> 6.0" CHECK=parallel_spec + rvm: 2.5.7 + stage: spec - - env: PUPPET_GEM_VERSION="~> 4.0" CHECK=parallel_spec - rvm: 2.1.9 + env: DEPLOY_TO_FORGE=yes + stage: deploy branches: only: - - master + - main - /^v\d/ notifications: email: false -deploy: - provider: puppetforge - user: puppet - password: - secure: "" - on: - tags: true - all_branches: true - condition: "$DEPLOY_TO_FORGE = yes" diff --git a/.vscode/extensions.json b/.vscode/extensions.json new file mode 100644 index 0000000..2f1e4f7 --- /dev/null +++ b/.vscode/extensions.json @@ -0,0 +1,6 @@ +{ + "recommendations": [ + "puppet.puppet-vscode", + "rebornix.Ruby" + ] +} diff --git a/CHANGELOG.md b/CHANGELOG.md index c8765a4..9b6d45e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,19 @@ All notable changes to this project will be documented in this file. +## 0.4.2 (2021-05-11) + +### Addition + +- New parameters (bind_timelimit, timelimit, idle_timelimit, reconnect_sleeptime, reconnect_retrytime) +- New Hiera example files + +### Changed + +- Documentation reviewed and improved +- ldap_search_base parameter is now optional +- Module converted to the latest version of PDK (2.2.0) + ## 0.4.1 (2019-03-11) ### [Related PR : https://github.com/geekix/puppet-nslcd/pull/18] diff --git a/Gemfile b/Gemfile index 5cda86e..a167b88 100644 --- a/Gemfile +++ b/Gemfile @@ -1,42 +1,36 @@ source ENV['GEM_SOURCE'] || 'https://rubygems.org' def location_for(place_or_version, fake_version = nil) - if place_or_version =~ %r{\A(git[:@][^#]*)#(.*)} - [fake_version, { git: Regexp.last_match(1), branch: Regexp.last_match(2), require: false }].compact - elsif place_or_version =~ %r{\Afile:\/\/(.*)} - ['>= 0', { path: File.expand_path(Regexp.last_match(1)), require: false }] + git_url_regex = %r{\A(?(https?|git)[:@][^#]*)(#(?.*))?} + file_url_regex = %r{\Afile:\/\/(?.*)} + + if place_or_version && (git_url = place_or_version.match(git_url_regex)) + [fake_version, { git: git_url[:url], branch: git_url[:branch], require: false }].compact + elsif place_or_version && (file_url = place_or_version.match(file_url_regex)) + ['>= 0', { path: File.expand_path(file_url[:path]), require: false }] else [place_or_version, { require: false }] end end -def gem_type(place_or_version) - if place_or_version =~ %r{\Agit[:@]} - :git - elsif !place_or_version.nil? && place_or_version.start_with?('file:') - :file - else - :gem - end -end - ruby_version_segments = Gem::Version.new(RUBY_VERSION.dup).segments minor_version = ruby_version_segments[0..1].join('.') group :development do - gem "fast_gettext", '1.1.0', require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.1.0') - gem "fast_gettext", require: false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.1.0') - gem "json_pure", '<= 2.0.1', require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0') - gem "json", '= 1.8.1', require: false if Gem::Version.new(RUBY_VERSION.dup) == Gem::Version.new('2.1.9') - gem "json", '<= 2.0.4', require: false if Gem::Version.new(RUBY_VERSION.dup) == Gem::Version.new('2.4.4') - gem "puppet-module-posix-default-r#{minor_version}", require: false, platforms: [:ruby] - gem "puppet-module-posix-dev-r#{minor_version}", require: false, platforms: [:ruby] - gem "puppet-module-win-default-r#{minor_version}", require: false, platforms: [:mswin, :mingw, :x64_mingw] - gem "puppet-module-win-dev-r#{minor_version}", require: false, platforms: [:mswin, :mingw, :x64_mingw] + gem "json", '= 2.0.4', require: false if Gem::Requirement.create('~> 2.4.2').satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "json", '= 2.1.0', require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "json", '= 2.3.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 2.8.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "puppet-module-posix-default-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby] + gem "puppet-module-posix-dev-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby] + gem "puppet-module-win-default-r#{minor_version}", '~> 1.0', require: false, platforms: [:mswin, :mingw, :x64_mingw] + gem "puppet-module-win-dev-r#{minor_version}", '~> 1.0', require: false, platforms: [:mswin, :mingw, :x64_mingw] +end +group :system_tests do + gem "puppet-module-posix-system-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby] + gem "puppet-module-win-system-r#{minor_version}", '~> 1.0', require: false, platforms: [:mswin, :mingw, :x64_mingw] end puppet_version = ENV['PUPPET_GEM_VERSION'] -puppet_type = gem_type(puppet_version) facter_version = ENV['FACTER_GEM_VERSION'] hiera_version = ENV['HIERA_GEM_VERSION'] @@ -50,16 +44,6 @@ gems['puppet'] = location_for(puppet_version) gems['facter'] = location_for(facter_version) if facter_version gems['hiera'] = location_for(hiera_version) if hiera_version -if Gem.win_platform? && puppet_version =~ %r{^(file:///|git://)} - # If we're using a Puppet gem on Windows which handles its own win32-xxx gem - # dependencies (>= 3.5.0), set the maximum versions (see PUP-6445). - gems['win32-dir'] = ['<= 0.4.9', require: false] - gems['win32-eventlog'] = ['<= 0.6.5', require: false] - gems['win32-process'] = ['<= 0.7.5', require: false] - gems['win32-security'] = ['<= 0.2.5', require: false] - gems['win32-service'] = ['0.8.8', require: false] -end - gems.each do |gem_name, gem_params| gem gem_name, *gem_params end diff --git a/README.md b/README.md index ee19ef8..61e6d06 100644 --- a/README.md +++ b/README.md @@ -3,46 +3,40 @@ #### Table of Contents 1. [Overview](#overview) -2. [Module Description - What the module does and why it is useful](#module-description) -3. [Setup - The basics of getting started with nslcd](#setup) - * [What nslcd affects](#what-nslcd-affects) -4. [Usage - Configuration options and additional functionality](#usage) -5. [Reference - An under-the-hood peek at what the module is doing and how](#reference) -5. [Limitations - OS compatibility, etc.](#limitations) -6. [Development - Guide for contributing to the module](#development) +2. [Dependencies](#dependencies) +3. [Usage](#usage) +4. [What the module affects](#what-the-module-affects) +5. [Parameters](#parameters) +6. [Extend the configuration](#extend-the-configuration) +7. [Limitations](#limitations) +8. [Development](#development) ## Overview -This module installs and configured nslcd to get pam/nss data from ldap. +This module installs and configured a local NSLCD daemon. +NSLCD is used to provide LDAP authentication through PAM/NSS. -## Module Description +## Dependencies -This module allows you to install and configure the nslcd daemon (and its dependencies), to provide ldap support for -PAM and NSS. - -## Setup - -### What nslcd affects - -* `nslcd` package and service -* `/etc/nslcd.conf` +[Stdlib - https://forge.puppet.com/modules/puppetlabs/stdlib](https://forge.puppet.com/modules/puppetlabs/stdlib) ## Usage -Simply include/contain/required/declare the nslcd class. -It includes a few sane defaults, so it should work out of the box. -However, we recommend that you declare the class and override a few parameters: +The module includes a few sane defaults, so it should work out of the box. +Just fill in these parameters : -* In the module +* Example ``` -class { 'nslcd': - ldap_uris => ['ldap://ldap01.mycompany.com:389','ldap://ldap02.mycompany.com:389'], - ldap_search_base => 'dc=company,dc=com' +class +{ + 'nslcd': + ldap_uris => ['ldap://ldap01.mycompany.com:389','ldap://ldap02.mycompany.com:389'], + ldap_search_base => 'dc=company,dc=com' } ``` -* In hieradata +* The same in Hiera ``` nslcd::ldap_uris: @@ -51,20 +45,91 @@ nslcd::ldap_uris: nslcd::ldap_search_base: 'dc=company,dc=com' ``` -## Reference +* Will give this in the config file -*todo* +``` +uri ldap://ldap01.company.com:389 ldap://ldap02.company.com:389 +base dc=company,dc=com +``` + +## What the module affects + +* `nslcd` package and service +* `/etc/nslcd.conf` + +## Parameters + +Parameter | Parameter type | Default value | Description +--------- | ---------- | ------------- | ----------- +package_ensure | Variant[Boolean,String] | present | Sets if the package should be present or absent. +package_name | String | Depends on the Linux distrib | Name of the package to install. Set if your platform is not supported. +package_manage | Boolean | true | Sets if the module should manage or not the package installation. +service_ensure | Variant[Boolean,Enum['stopped','running']] | running | Sets if the service should be running or stopped. +service_enable | Boolean | true | Sets if the service should be started on system boot. +service_name | String | nslcd | Sets the name of the service. Set if your platform is not supported. +service_manage | Boolean | true | Sets if the module should manage or not the service. +uid | String | nslcd | Sets the user to start the daemon. +gid | String | Depends on the Linux distrib | Sets the group to start the daemon. +config | Stdlib::Unixpath | /etc/nslcd.conf | Sets the path of the config file. +config_user | String | root | Sets the owner of the config file. +config_group | String | Depends on the Linux distrib | Sets the group of the config file. +config_mode | Stdlib::Filemode | Depends on the Linux distrib | Permission of the config file. +ldap_uris | Array[String] | ldap:/// | Array of LDAP servers. +ldap_version | Enum['2','3'] | 3 | Sets the LDAP version to use. +ldap_binddn | String | undef | Sets the DN (distinguished name) to bind to the LDAP servers. +ldap_bindpw | String | undef | Sets the password to bind to the LDAP servers. Only used if the parameter ldap_binddn is set. +ldap_search_base | String | undef | Sets the base DN (distinguished name) to use as the search base. +ldap_group_base | String | undef | Sets the base DN (distinguished name) to use as the group search base. +ldap_search_scope | Enum['sub','subtree','one','onelevel','base'] | subtree | Sets the search scope depth. +config_options | Hash | {} | Key/Value hash to extend the configuration. +ldap_filters | Hash | {} | Sets the LDAP search filter for specific mapping. +ldap_maps | Hash | {} | Allows for custom attributes to be looked up. +ldap_ssl | Enum['on','off','start_tls'] | off | Whether to use SSL/TLS for the connexion to the LDAP servers. +ldap_tls_reqcert | Enum['never','allow','try','demand','hard'] | allow | Sets what checks to perform on a server-supplied certificate. +ldap_tls_cacertfile | String | undef | Sets the path of the PEM-format file containing certificates for the CA's that will be trusted. +bind_timelimit | Integer | undef | Sets the time limit (in seconds) to setup a connexion with the LDAP server. +timelimit | Integer | undef | Sets the time limit (in seconds) to wait for a response from the LDAP server. +idle_timelimit | Integer | undef | Sets the period if inactivity (in seconds) after which the connection to the LDAP server will be closed. +reconnect_sleeptime | Integer | 1 | Sets the number of seconds to sleep when connecting to all LDAP servers fails. +reconnect_retrytime | Integer | 10 | Sets the time after which the LDAP server is considered to be permanently unavailable. Once this time is reached retries will be done only once per this time period. + +## Extend the configuration + +The module exposes the most commonly used paramaters. However, to extend the configuration use the **config_options** parameter. +It allows you to set any parameter not listed above. + +* Example configuration + +``` +class +{ + 'nslcd': + config_options: + threads: '10' +} +``` + +* The same config in Hiera + +``` +nslcd::config_options: + threads: '10' +``` + +* Will give this in the config file + +``` +threads 10 +``` ## Limitations -The module has been tested with Ubuntu 14.04, Ubuntu 16.04, Ubuntu 18.04, Debian 8, Debian 9 and Puppet 4.10. -It should work with Puppet 4.x. +The module has been tested with : -For additional OS support, you should contribute it back upstream! - -The module doesn't support setting the `rootbinddn` and `rootbindpw` attributes yet, it will be added in a next version. +* Ubuntu 14.04 / 16.04 / 18.04 / 20.04 +* Debian 8 / 9 / 10 / 11 +* Puppet 4 / 5 / 6 ## Development -If you want to improve this module, send us a patch of pull request! - +If you want to improve this module, send us a pull request ! diff --git a/Rakefile b/Rakefile index 204fb18..0f8754e 100644 --- a/Rakefile +++ b/Rakefile @@ -1,7 +1,12 @@ +# frozen_string_literal: true + +require 'bundler' +require 'puppet_litmus/rake_tasks' if Bundler.rubygems.find_name('puppet_litmus').any? require 'puppetlabs_spec_helper/rake_tasks' require 'puppet-syntax/tasks/puppet-syntax' require 'puppet_blacksmith/rake_tasks' if Bundler.rubygems.find_name('puppet-blacksmith').any? require 'github_changelog_generator/task' if Bundler.rubygems.find_name('github_changelog_generator').any? +require 'puppet-strings/tasks' if Bundler.rubygems.find_name('puppet-strings').any? def changelog_user return unless Rake.application.top_level_tasks.include? "changelog" @@ -13,15 +18,24 @@ end def changelog_project return unless Rake.application.top_level_tasks.include? "changelog" - returnVal = nil || JSON.load(File.read('metadata.json'))['name'] - raise "unable to find the changelog_project in .sync.yml or the name in metadata.json" if returnVal.nil? + + returnVal = nil + returnVal ||= begin + metadata_source = JSON.load(File.read('metadata.json'))['source'] + metadata_source_match = metadata_source && metadata_source.match(%r{.*\/([^\/]*?)(?:\.git)?\Z}) + + metadata_source_match && metadata_source_match[1] + end + + raise "unable to find the changelog_project in .sync.yml or calculate it from the source in metadata.json" if returnVal.nil? + puts "GitHubChangelogGenerator project:#{returnVal}" returnVal end def changelog_future_release return unless Rake.application.top_level_tasks.include? "changelog" - returnVal = JSON.load(File.read('metadata.json'))['version'] + returnVal = "v%s" % JSON.load(File.read('metadata.json'))['version'] raise "unable to find the future_release (version) in metadata.json" if returnVal.nil? puts "GitHubChangelogGenerator future_release:#{returnVal}" returnVal @@ -29,6 +43,7 @@ end PuppetLint.configuration.send('disable_relative') + if Bundler.rubygems.find_name('github_changelog_generator').any? GitHubChangelogGenerator::RakeTask.new :changelog do |config| raise "Set CHANGELOG_GITHUB_TOKEN environment variable eg 'export CHANGELOG_GITHUB_TOKEN=valid_token_here'" if Rake.application.top_level_tasks.include? "changelog" and ENV['CHANGELOG_GITHUB_TOKEN'].nil? @@ -39,7 +54,7 @@ if Bundler.rubygems.find_name('github_changelog_generator').any? config.header = "# Change log\n\nAll notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org)." config.add_pr_wo_labels = true config.issues = false - config.merge_prefix = "### UNCATEGORIZED PRS; GO LABEL THEM" + config.merge_prefix = "### UNCATEGORIZED PRS; LABEL THEM ON GITHUB" config.configure_sections = { "Changed" => { "prefix" => "### Changed", @@ -47,11 +62,11 @@ if Bundler.rubygems.find_name('github_changelog_generator').any? }, "Added" => { "prefix" => "### Added", - "labels" => ["feature", "enhancement"], + "labels" => ["enhancement", "feature"], }, "Fixed" => { "prefix" => "### Fixed", - "labels" => ["bugfix"], + "labels" => ["bug", "documentation", "bugfix"], }, } end @@ -59,16 +74,15 @@ else desc 'Generate a Changelog from GitHub' task :changelog do raise <= Gem::Version.new('2.2.2')" + version: '~> 1.15' + condition: "Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.3.0')" EOM end end diff --git a/appveyor.yml b/appveyor.yml index 4a5b227..a70c01e 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -1,5 +1,10 @@ --- version: 1.1.x.{build} +skip_branch_with_pr: true +branches: + only: + - main + - release skip_commits: message: /^\(?doc\)?.*/ clone_depth: 10 @@ -12,23 +17,15 @@ init: environment: matrix: - - RUBY_VERSION: 24-x64 - CHECK: syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop + RUBY_VERSION: 25-x64 + CHECK: validate lint check rubocop - - PUPPET_GEM_VERSION: ~> 4.0 - RUBY_VERSION: 21 + PUPPET_GEM_VERSION: ~> 6.0 + RUBY_VERSION: 25 CHECK: parallel_spec - - PUPPET_GEM_VERSION: ~> 4.0 - RUBY_VERSION: 21-x64 - CHECK: parallel_spec - - - PUPPET_GEM_VERSION: ~> 5.0 - RUBY_VERSION: 24 - CHECK: parallel_spec - - - PUPPET_GEM_VERSION: ~> 5.0 - RUBY_VERSION: 24-x64 + PUPPET_GEM_VERSION: ~> 6.0 + RUBY_VERSION: 25-x64 CHECK: parallel_spec matrix: fast_finish: true diff --git a/data/Debian.yaml b/data/Debian.yaml new file mode 100644 index 0000000..a5e1708 --- /dev/null +++ b/data/Debian.yaml @@ -0,0 +1,28 @@ +--- + +nslcd::package_ensure: 'present' +nslcd::package_name: 'nslcd' +nslcd::package_manage: true +nslcd::service_ensure: 'running' +nslcd::service_enable: true +nslcd::service_name: 'nslcd' +nslcd::service_manage: true +nslcd::uid: 'nslcd' +nslcd::gid: 'nslcd' +nslcd::config: '/etc/nslcd.conf' +nslcd::config_user: 'root' +nslcd::config_group: 'nslcd' +nslcd::config_mode: '0640' +nslcd::ldap_uris: + - 'ldap://ldap01.company.com:389' + - 'ldap://ldap01.company.com:389' +nslcd::ldap_version: '3' +nslcd::ldap_binddn: 'cn=bind_user,ou=user,dc=company,dc=com' +nslcd::ldap_bindpw: 'secure_bind_user_password' +nslcd::ldap_search_base: 'dc=company,dc=com' +nslcd::ldap_group_base: 'ou=groups,dc=company,dc=com' +nslcd::ldap_search_scope: 'subtree' +nslcd::ldap_ssl: 'off' +nslcd::ldap_tls_reqcert: 'allow' +nslcd::reconnect_sleeptime: 1 +nslcd::reconnect_retrytime: 10 diff --git a/data/RedHat.yaml b/data/RedHat.yaml new file mode 100644 index 0000000..33de887 --- /dev/null +++ b/data/RedHat.yaml @@ -0,0 +1,28 @@ +--- + +nslcd::package_ensure: 'present' +nslcd::package_name: 'nss-pam-ldapd' +nslcd::package_manage: true +nslcd::service_ensure: 'running' +nslcd::service_enable: true +nslcd::service_name: 'nslcd' +nslcd::service_manage: true +nslcd::uid: 'nslcd' +nslcd::gid: 'ldap' +nslcd::config: '/etc/nslcd.conf' +nslcd::config_user: 'root' +nslcd::config_group: 'root' +nslcd::config_mode: '0600' +nslcd::ldap_uris: + - 'ldap://ldap01.company.com:389' + - 'ldap://ldap01.company.com:389' +nslcd::ldap_version: '3' +nslcd::ldap_binddn: 'cn=bind_user,ou=user,dc=company,dc=com' +nslcd::ldap_bindpw: 'secure_bind_user_password' +nslcd::ldap_search_base: 'dc=company,dc=com' +nslcd::ldap_group_base: 'ou=groups,dc=company,dc=com' +nslcd::ldap_search_scope: 'subtree' +nslcd::ldap_ssl: 'off' +nslcd::ldap_tls_reqcert: 'allow' +nslcd::reconnect_sleeptime: 1 +nslcd::reconnect_retrytime: 10 diff --git a/data/common.yaml b/data/common.yaml new file mode 100644 index 0000000..c85cab0 --- /dev/null +++ b/data/common.yaml @@ -0,0 +1,6 @@ +--- + +nslcd::ldap_uris: + - 'ldap://ldap01.company.com:389' + - 'ldap://ldap01.company.com:389' +nslcd::ldap_search_base: 'dc=company,dc=com' diff --git a/examples/init.pp b/examples/init.pp deleted file mode 100644 index fc96ede..0000000 --- a/examples/init.pp +++ /dev/null @@ -1,12 +0,0 @@ -# The baseline for module testing used by Puppet Labs is that each manifest -# should have a corresponding test manifest that declares that class or defined -# type. -# -# Tests are then run by using puppet apply --noop (to check for compilation -# errors and view a log of events) or by fully applying the test in a virtual -# environment (to compare the resulting system state to the desired state). -# -# Learn more about module testing here: -# http://docs.puppetlabs.com/guides/tests_smoke.html -# -include nslcd diff --git a/hiera.yaml b/hiera.yaml new file mode 100644 index 0000000..545fff3 --- /dev/null +++ b/hiera.yaml @@ -0,0 +1,21 @@ +--- +version: 5 + +defaults: # Used for any hierarchy level that omits these keys. + datadir: data # This path is relative to hiera.yaml's directory. + data_hash: yaml_data # Use the built-in YAML backend. + +hierarchy: + - name: "osfamily/major release" + paths: + # Used to distinguish between Debian and Ubuntu + - "os/%{facts.os.name}/%{facts.os.release.major}.yaml" + - "os/%{facts.os.family}/%{facts.os.release.major}.yaml" + # Used for Solaris + - "os/%{facts.os.family}/%{facts.kernelrelease}.yaml" + - name: "osfamily" + paths: + - "os/%{facts.os.name}.yaml" + - "os/%{facts.os.family}.yaml" + - name: 'common' + path: 'common.yaml' diff --git a/manifests/config.pp b/manifests/config.pp index 7cfb887..c02d286 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -1,14 +1,16 @@ # == Class: nslcd::config # # Manages the nslcd server configuration file -class nslcd::config inherits nslcd { - - file { $nslcd::config: - ensure => file, - owner => $nslcd::config_user, - group => $nslcd::config_group, - mode => $nslcd::config_mode, - content => template('nslcd/nslcd.erb'), +# +class nslcd::config inherits nslcd +{ + file + { + $nslcd::config: + ensure => file, + owner => $nslcd::config_user, + group => $nslcd::config_group, + mode => $nslcd::config_mode, + content => template('nslcd/nslcd.erb'), } - -} +} \ No newline at end of file diff --git a/manifests/init.pp b/manifests/init.pp index a8911e5..08ee45d 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,7 +1,105 @@ # == Class: nslcd # # This class manages the nslcd server and service. -class nslcd ( +# +# @param package_ensure +# Sets if the package should be present or absent. +# +# @param package_name +# Name of the package to install. Depends on the Linux distrib. +# Set if your platform is not supported. +# +# @param package_manage +# Sets if the module should manage or not the package installation. +# +# @param service_ensure +# Sets if the service should be running or stopped. +# +# @param service_enable +# Sets if the service should be started on startup. +# +# @param service_name +# Sets the name of the service. +# Set if your platform is not supported. +# +# @param service_manage +# Sets if the module should manage or not the service. +# +# @param uid +# Sets the user to start the daemon. +# +# @param gid +# Sets the group to start the daemon. Depends on the Linux distrib. +# +# @param config +# Sets the path of the config file. +# +# @param config_user +# Sets the owner of the config file. +# +# @param config_group +# Sets the group of the config file. Depends on the Linux distrib. +# +# @param config_mode +# Permission of the config file. Depends on the Linux distrib. +# +# @param ldap_uris +# Array of LDAP servers. +# +# @param ldap_version +# Sets the LDAP version to use. +# +# @param ldap_binddn +# Sets the DN (distinguished name) to bind to the LDAP servers. +# +# @param ldap_bindpw +# Sets the password to bind to the LDAP servers. Only used if the parameter ldap_binddn is set. +# +# @param ldap_search_base +# Sets the base DN (distinguished name) to use as the search base. +# +# @param ldap_group_base +# Sets the base DN (distinguished name) to use as the group search base. +# +# @param ldap_search_scope +# Sets the search scope depth. +# +# @param config_options +# Key/Value hash to extend initial configuration. +# +# @param ldap_filters +# Sets the LDAP search filter for specific mapping. +# +# @param ldap_maps +# Allows for custom attributes to be looked up. +# +# @param ldap_ssl +# Whether to use SSL/TLS for the connexion to the LDAP servers. +# +# @param ldap_tls_reqcert +# Sets what checks to perform on a server-supplied certificate. +# +# @param ldap_tls_cacertfile +# Sets the path of the PEM-format file containing certificates for the CA's that will be trusted. +# +# @param bind_timelimit +# Sets the time limit (in seconds) to setup a connexion with the LDAP server. +# +# @param timelimit +# Sets the time limit (in seconds) to wait for a response from the LDAP server. +# +# @param idle_timelimit +# Sets the period if inactivity (in seconds) after which the connection to the LDAP server will be closed. +# +# @param reconnect_sleeptime +# Sets the number of seconds to sleep when connecting to all LDAP servers fails. +# +# @param reconnect_retrytime +# Sets the time after which the LDAP server is considered to be permanently unavailable. +# Once this time is reached retries will be done only once per this time period. +# +class nslcd +( Variant[Boolean,String[1]] $package_ensure = 'present', String[1] $package_name = $nslcd::params::package_name, Boolean $package_manage = true, @@ -26,16 +124,21 @@ class nslcd ( Hash $ldap_filters = {}, Hash $ldap_maps = {}, Enum['on','off','start_tls'] $ldap_ssl = 'off', - Enum['never','allow','try','demand','hard' ] $ldap_tls_reqcert = 'allow', + Enum['never','allow','try','demand','hard'] $ldap_tls_reqcert = 'allow', Optional[String[1]] $ldap_tls_cacertfile = undef, -) inherits nslcd::params { - + Optional[Integer] $bind_timelimit = undef, + Integer $timelimit = 10, + Optional[Integer] $idle_timelimit = undef, + Integer $reconnect_sleeptime = 1, + Integer $reconnect_retrytime = 10, +) +inherits nslcd::params +{ contain nslcd::install contain nslcd::config contain nslcd::service - + Class['nslcd::install'] -> Class['nslcd::config'] ~> Class['nslcd::service'] - -} +} \ No newline at end of file diff --git a/manifests/install.pp b/manifests/install.pp index 22d28da..7008902 100644 --- a/manifests/install.pp +++ b/manifests/install.pp @@ -1,12 +1,15 @@ # == Class: nslcd::install # # Installs the nslcd package. -class nslcd::install inherits nslcd { - - if $nslcd::package_manage { - package { $nslcd::package_name: - ensure => $nslcd::package_ensure, +# +class nslcd::install inherits nslcd +{ + if $nslcd::package_manage + { + package + { + $nslcd::package_name: + ensure => $nslcd::package_ensure, } } - -} +} \ No newline at end of file diff --git a/manifests/params.pp b/manifests/params.pp index 68bddf6..7f29383 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -1,24 +1,28 @@ # == Class: nslcd::params # # Sets the default parameters for the nslcd class. -class nslcd::params { - - case $::osfamily { - 'Debian': { +# +class nslcd::params +{ + case $::osfamily + { + 'Debian': + { $package_name = 'nslcd' $gid = 'nslcd' $config_group = 'nslcd' $config_mode = '0640' } - 'RedHat': { + 'RedHat': + { $package_name = 'nss-pam-ldapd' $gid = 'ldap' $config_group = 'root' $config_mode = '0600' } - default: { + default: + { fail("The ${module_name} module is not supported on an ${::osfamily} based system.") } } - -} +} \ No newline at end of file diff --git a/manifests/service.pp b/manifests/service.pp index 81978dd..d2835ce 100644 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -1,14 +1,17 @@ # == Class: nslcd::service # # Manages the nslcd service. -class nslcd::service inherits nslcd { - - if $nslcd::service_manage { - service { 'nslcd': - ensure => $nslcd::service_ensure, - enable => $nslcd::service_enable, - name => $nslcd::service_name, +# +class nslcd::service inherits nslcd +{ + if $nslcd::service_manage + { + service + { + 'nslcd': + ensure => $nslcd::service_ensure, + enable => $nslcd::service_enable, + name => $nslcd::service_name, } } - -} +} \ No newline at end of file diff --git a/metadata.json b/metadata.json index 1c0ba94..45bf0b6 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "geekix-nslcd", - "version": "0.4.1", + "version": "0.4.2", "author": "geekix", "summary": "Installs and configures nslcd.", "license": "Apache-2.0", @@ -10,7 +10,7 @@ "dependencies": [ { "name": "puppetlabs-stdlib", - "version_requirement": ">= 4.0.0 < 7.0.0" + "version_requirement": ">= 4.0.0 < 8.1.0" } ], "operatingsystem_support": [ @@ -18,7 +18,9 @@ "operatingsystem": "Debian", "operatingsystemrelease": [ "8", - "9" + "9", + "10", + "11" ] }, { @@ -26,7 +28,8 @@ "operatingsystemrelease": [ "14.04", "16.04", - "18.04" + "18.04", + "20.04" ] } ], @@ -40,9 +43,10 @@ "nslcd", "pam", "nss", - "ldap" + "ldap", + "authentication" ], - "pdk-version": "1.7.0", - "template-url": "file:///opt/puppetlabs/pdk/share/cache/pdk-templates.git", - "template-ref": "1.7.0-0-g57412ed" + "pdk-version": "2.2.0", + "template-url": "https://github.com/puppetlabs/pdk-templates#main", + "template-ref": "tags/2.3.0-0-g8aaceff" } diff --git a/spec/acceptance/nodesets/ubuntu-12.04-x86_64-docker.yml b/spec/acceptance/nodesets/ubuntu-12.04-x86_64-docker.yml deleted file mode 100644 index 890730a..0000000 --- a/spec/acceptance/nodesets/ubuntu-12.04-x86_64-docker.yml +++ /dev/null @@ -1,12 +0,0 @@ -HOSTS: - ubuntu-1204-x64: - default_apply_opts: - strict_variables: - platform: ubuntu-12.04-amd64 - hypervisor : docker - image: ubuntu:12.04 - # This stops the image from being deleted on completion, speeding up the process. - docker_preserve_image: true -CONFIG: - type: foss - log_level: debug diff --git a/spec/acceptance/nodesets/ubuntu-12.04-x86_64-vagrant.yml b/spec/acceptance/nodesets/ubuntu-12.04-x86_64-vagrant.yml deleted file mode 100644 index d3c7e15..0000000 --- a/spec/acceptance/nodesets/ubuntu-12.04-x86_64-vagrant.yml +++ /dev/null @@ -1,10 +0,0 @@ -HOSTS: - ubuntu-1204-x64: - default_apply_opts: - strict_variables: - platform: ubuntu-12.04-amd64 - hypervisor : vagrant - box : puppetlabs/ubuntu-12.04-64-nocm -CONFIG: - type: foss - log_level: debug diff --git a/spec/acceptance/nodesets/ubuntu-14.04-x86_64-docker.yml b/spec/acceptance/nodesets/ubuntu-14.04-x86_64-docker.yml deleted file mode 100644 index 744e027..0000000 --- a/spec/acceptance/nodesets/ubuntu-14.04-x86_64-docker.yml +++ /dev/null @@ -1,12 +0,0 @@ -HOSTS: - ubuntu-1404-x64: - default_apply_opts: - strict_variables: - platform: ubuntu-14.04-amd64 - hypervisor : docker - image: ubuntu:14.04 - # This stops the image from being deleted on completion, speeding up the process. - docker_preserve_image: true -CONFIG: - type: foss - log_level: debug diff --git a/spec/acceptance/nodesets/ubuntu-14.04-x86_64-vagrant.yml b/spec/acceptance/nodesets/ubuntu-14.04-x86_64-vagrant.yml deleted file mode 100644 index 7188ccb..0000000 --- a/spec/acceptance/nodesets/ubuntu-14.04-x86_64-vagrant.yml +++ /dev/null @@ -1,10 +0,0 @@ -HOSTS: - ubuntu-1404-x64: - default_apply_opts: - strict_variables: - platform: ubuntu-14.04-amd64 - hypervisor : vagrant - box : puppetlabs/ubuntu-14.04-64-nocm -CONFIG: - type: foss - log_level: debug diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb deleted file mode 100644 index 7ccfa67..0000000 --- a/spec/classes/init_spec.rb +++ /dev/null @@ -1,37 +0,0 @@ -require 'spec_helper' - -describe 'nslcd' do - { 'Ubuntu' => 'Debian', 'Debian' => 'Debian', 'CentOS' => 'RedHat', 'RedHat' => 'RedHat' }.each do |system, family| - context "when on system #{system}" do - facts = { - osfamily: family, - operatingsystem: system, - } - let :facts do - facts - end - - it { is_expected.to contain_class('nslcd') } - it { is_expected.to contain_class('nslcd::install') } - it { is_expected.to contain_class('nslcd::config') } - it { is_expected.to contain_class('nslcd::service') } - - case facts[:osfamily] - when 'Debian' - it { - is_expected.to contain_package('nslcd') - is_expected.to contain_service('nslcd') - } - when 'RedHat' - it { - is_expected.to contain_package('nss-pam-ldapd') - is_expected.to contain_service('nslcd') - } - end - end - end - - context 'when on an unknown system' do - it { is_expected.to raise_error(Puppet::Error) } - end -end diff --git a/spec/default_facts.yml b/spec/default_facts.yml index 3248be5..f777abf 100644 --- a/spec/default_facts.yml +++ b/spec/default_facts.yml @@ -2,7 +2,7 @@ # # Facts specified here will override the values provided by rspec-puppet-facts. --- -concat_basedir: "/tmp" ipaddress: "172.16.254.254" +ipaddress6: "FE80:0000:0000:0000:AAAA:AAAA:AAAA" is_pe: false macaddress: "AA:AA:AA:AA:AA:AA" diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 5e721b7..9b1fa6f 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,11 +1,13 @@ +# frozen_string_literal: true + +RSpec.configure do |c| + c.mock_with :rspec +end + require 'puppetlabs_spec_helper/module_spec_helper' require 'rspec-puppet-facts' -begin - require 'spec_helper_local' if File.file?(File.join(File.dirname(__FILE__), 'spec_helper_local.rb')) -rescue LoadError => loaderror - warn "Could not require spec_helper_local: #{loaderror.message}" -end +require 'spec_helper_local' if File.file?(File.join(File.dirname(__FILE__), 'spec_helper_local.rb')) include RspecPuppetFacts @@ -14,15 +16,24 @@ default_facts = { facterversion: Facter.version, } -default_facts_path = File.expand_path(File.join(File.dirname(__FILE__), 'default_facts.yml')) -default_module_facts_path = File.expand_path(File.join(File.dirname(__FILE__), 'default_module_facts.yml')) +default_fact_files = [ + File.expand_path(File.join(File.dirname(__FILE__), 'default_facts.yml')), + File.expand_path(File.join(File.dirname(__FILE__), 'default_module_facts.yml')), +] -if File.exist?(default_facts_path) && File.readable?(default_facts_path) - default_facts.merge!(YAML.safe_load(File.read(default_facts_path))) +default_fact_files.each do |f| + next unless File.exist?(f) && File.readable?(f) && File.size?(f) + + begin + default_facts.merge!(YAML.safe_load(File.read(f), [], [], true)) + rescue => e + RSpec.configuration.reporter.message "WARNING: Unable to load #{f}: #{e}" + end end -if File.exist?(default_module_facts_path) && File.readable?(default_module_facts_path) - default_facts.merge!(YAML.safe_load(File.read(default_module_facts_path))) +# read default_facts and merge them over what is provided by facterdb +default_facts.each do |fact, value| + add_custom_fact fact, value end RSpec.configure do |c| @@ -31,13 +42,31 @@ RSpec.configure do |c| # set to strictest setting for testing # by default Puppet runs at warning level Puppet.settings[:strict] = :warning + Puppet.settings[:strict_variables] = true + end + c.filter_run_excluding(bolt: true) unless ENV['GEM_BOLT'] + c.after(:suite) do + end + + # Filter backtrace noise + backtrace_exclusion_patterns = [ + %r{spec_helper}, + %r{gems}, + ] + + if c.respond_to?(:backtrace_exclusion_patterns) + c.backtrace_exclusion_patterns = backtrace_exclusion_patterns + elsif c.respond_to?(:backtrace_clean_patterns) + c.backtrace_clean_patterns = backtrace_exclusion_patterns end end +# Ensures that a module is defined +# @param module_name Name of the module def ensure_module_defined(module_name) module_name.split('::').reduce(Object) do |last_module, next_module| - last_module.const_set(next_module, Module.new) unless last_module.const_defined?(next_module) - last_module.const_get(next_module) + last_module.const_set(next_module, Module.new) unless last_module.const_defined?(next_module, false) + last_module.const_get(next_module, false) end end diff --git a/templates/nslcd.erb b/templates/nslcd.erb index 82c91c7..1d8c733 100644 --- a/templates/nslcd.erb +++ b/templates/nslcd.erb @@ -12,15 +12,18 @@ uri <%= @ldap_uris.sort.join(' ') %> # The LDAP protocol version to use. ldap_version <%= @ldap_version %> +<% if @ldap_search_base -%> # The search base that will be used for all queries. base <%= @ldap_search_base %> -<% if @ldap_group_base -%> -base group <%= @ldap_group_base -%> <% end -%> +<% if @ldap_group_base -%> +# The group search base that will be used for all queries. +base group <%= @ldap_group_base %> +<% end -%> <% if @ldap_binddn and @ldap_bindpw -%> -# The DN to bind with for normal lookups. +# The DN to bind with the LDAP server. binddn <%= @ldap_binddn %> bindpw <%= @ldap_bindpw %> <% end -%> @@ -35,14 +38,6 @@ tls_cacertfile <%= @ldap_tls_cacertfile %> # The search scope. scope <%= @ldap_search_scope %> -<% @config_options.sort.each do |k,v| -%> -<% Array(v).each do |av| -%> -<% if ![nil, '', :undef].include?(av) -%> -<%= %Q(#{k} #{av}) %> -<% end -%> -<% end -%> -<% end -%> - <% if @ldap_filters.length > 0 -%> # Custom search filters <% @ldap_filters.sort.each do |map, filter| -%> @@ -58,3 +53,26 @@ map <%= map %> <%= attribute %> <%= newattribute %> <% end -%> <% end -%> <% end -%> + +# Timeouts +<% if @bind_timelimit -%> +bind_timelimit <%= @bind_timelimit %> +<% end -%> +timelimit <%= @timelimit %> +<% if @idle_timelimit -%> +idle_timelimit <%= @idle_timelimit %> +<% end -%> +reconnect_sleeptime <%= @reconnect_sleeptime %> +reconnect_retrytime <%= @reconnect_retrytime %> + +<% if @config_options.length > 0 -%> +# Extended configuration +<% @config_options.sort.each do |k,v| -%> +<% Array(v).each do |av| -%> +<% if ![nil, '', :undef].include?(av) -%> +<%= %Q(#{k} #{av}) %> +<% end -%> +<% end -%> +<% end -%> +<% end -%> +