Upgrade module to version 0.4.2 (see changelog)

This commit is contained in:
geekix 2021-11-06 12:36:59 +01:00
parent c63004c8fe
commit 8b46443435
37 changed files with 1065 additions and 317 deletions

6
.devcontainer/Dockerfile Normal file
View File

@ -0,0 +1,6 @@
FROM puppet/pdk:latest
# [Optional] Uncomment this section to install additional packages.
# RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
# && apt-get -y install --no-install-recommends <your-package-list-here>

34
.devcontainer/README.md Normal file
View File

@ -0,0 +1,34 @@
# devcontainer
For format details, see https://aka.ms/devcontainer.json.
For config options, see the README at:
https://github.com/microsoft/vscode-dev-containers/tree/v0.140.1/containers/puppet
``` json
{
"name": "Puppet Development Kit (Community)",
"dockerFile": "Dockerfile",
// Set *default* container specific settings.json values on container create.
"settings": {
"terminal.integrated.shell.linux": "/bin/bash"
},
// Add the IDs of extensions you want installed when the container is created.
"extensions": [
"puppet.puppet-vscode",
"rebornix.Ruby"
]
// Use 'forwardPorts' to make a list of ports inside the container available locally.
"forwardPorts": [],
// Use 'postCreateCommand' to run commands after the container is created.
"postCreateCommand": "pdk --version",
}
```

View File

@ -0,0 +1,17 @@
{
"name": "Puppet Development Kit (Community)",
"dockerFile": "Dockerfile",
"settings": {
"terminal.integrated.profiles.linux": {
"bash": {
"path": "bash",
}
}
},
"extensions": [
"puppet.puppet-vscode",
"rebornix.Ruby"
]
}

View File

@ -1,5 +1,6 @@
# This file can be used to install module dependencies for unit testing
# See https://github.com/puppetlabs/puppetlabs_spec_helper#using-fixtures for details
---
fixtures: fixtures:
repositories: forge_modules:
"stdlib": "git://github.com/puppetlabs/puppetlabs-stdlib.git" # stdlib: "puppetlabs/stdlib"
symlinks:
"nslcd": "#{source_dir}"

5
.gitattributes vendored Normal file
View File

@ -0,0 +1,5 @@
*.rb eol=lf
*.erb eol=lf
*.pp eol=lf
*.sh eol=lf
*.epp eol=lf

4
.gitignore vendored
View File

@ -22,3 +22,7 @@
/convert_report.txt /convert_report.txt
/update_report.txt /update_report.txt
.DS_Store .DS_Store
.project
.envrc
/inventory.yaml
/spec/fixtures/litmus_inventory.yaml

View File

@ -3,39 +3,51 @@ stages:
- syntax - syntax
- unit - unit
cache: default:
cache:
paths: paths:
- vendor/bundle - vendor/bundle
before_script: before_script: &before_script
- bundle -v - bundle -v
- rm Gemfile.lock || true - rm Gemfile.lock || true
- gem update --system - "# Update system gems if requested. This is useful to temporarily workaround troubles in the test runner"
- "# Set `rubygems_version` in the .sync.yml to set a value"
- "# Ignore exit code of SIGPIPE'd yes to not fail with shell's pipefail set"
- '[ -z "$RUBYGEMS_VERSION" ] || (yes || true) | gem update --system $RUBYGEMS_VERSION'
- gem --version - gem --version
- bundle -v - bundle -v
- bundle install --without system_tests --path vendor/bundle --jobs $(nproc) - bundle install --without system_tests --path vendor/bundle --jobs $(nproc)
parallel_spec-Ruby 2.1.9-Puppet ~> 4.0: validate lint check rubocop-Ruby 2.5.7-Puppet ~> 6:
stage: unit
image: ruby:2.1.9
script:
- bundle exec rake parallel_spec
variables:
PUPPET_GEM_VERSION: '~> 4.0'
syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop-Ruby 2.4.4-Puppet ~> 5.5:
stage: syntax stage: syntax
image: ruby:2.4.4 image: ruby:2.5.7
script: script:
- bundle exec rake syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop - bundle exec rake validate lint check rubocop
variables: variables:
PUPPET_GEM_VERSION: '~> 5.5' PUPPET_GEM_VERSION: '~> 6'
parallel_spec-Ruby 2.4.4-Puppet ~> 5.5: parallel_spec-Ruby 2.5.7-Puppet ~> 6:
stage: unit stage: unit
image: ruby:2.4.4 image: ruby:2.5.7
script: script:
- bundle exec rake parallel_spec - bundle exec rake parallel_spec
variables: variables:
PUPPET_GEM_VERSION: '~> 5.5' PUPPET_GEM_VERSION: '~> 6'
validate lint check rubocop-Ruby 2.7.2-Puppet ~> 7:
stage: syntax
image: ruby:2.7.2
script:
- bundle exec rake validate lint check rubocop
variables:
PUPPET_GEM_VERSION: '~> 7'
parallel_spec-Ruby 2.7.2-Puppet ~> 7:
stage: unit
image: ruby:2.7.2
script:
- bundle exec rake parallel_spec
variables:
PUPPET_GEM_VERSION: '~> 7'

View File

@ -22,3 +22,26 @@
/convert_report.txt /convert_report.txt
/update_report.txt /update_report.txt
.DS_Store .DS_Store
.project
.envrc
/inventory.yaml
/spec/fixtures/litmus_inventory.yaml
/appveyor.yml
/.editorconfig
/.fixtures.yml
/Gemfile
/.gitattributes
/.gitignore
/.gitlab-ci.yml
/.pdkignore
/.puppet-lint.rc
/Rakefile
/rakelib/
/.rspec
/.rubocop.yml
/.travis.yml
/.yardopts
/spec/
/.vscode/
/.sync.yml
/.devcontainer/

1
.puppet-lint.rc Normal file
View File

@ -0,0 +1 @@
--relative

View File

@ -1,10 +1,12 @@
--- ---
require: rubocop-rspec require:
- rubocop-performance
- rubocop-rspec
AllCops: AllCops:
DisplayCopNames: true DisplayCopNames: true
TargetRubyVersion: '2.1' TargetRubyVersion: '2.4'
Include: Include:
- "./**/*.rb" - "**/*.rb"
Exclude: Exclude:
- bin/* - bin/*
- ".vendor/**/*" - ".vendor/**/*"
@ -16,7 +18,7 @@ AllCops:
- "**/Puppetfile" - "**/Puppetfile"
- "**/Vagrantfile" - "**/Vagrantfile"
- "**/Guardfile" - "**/Guardfile"
Metrics/LineLength: Layout/LineLength:
Description: People have wide screens, use them. Description: People have wide screens, use them.
Max: 200 Max: 200
RSpec/BeforeAfterAll: RSpec/BeforeAfterAll:
@ -27,6 +29,9 @@ RSpec/BeforeAfterAll:
RSpec/HookArgument: RSpec/HookArgument:
Description: Prefer explicit :each argument, matching existing module's style Description: Prefer explicit :each argument, matching existing module's style
EnforcedStyle: each EnforcedStyle: each
RSpec/DescribeSymbol:
Exclude:
- spec/unit/facter/**/*.rb
Style/BlockDelimiters: Style/BlockDelimiters:
Description: Prefer braces for chaining. Mostly an aesthetical choice. Better to Description: Prefer braces for chaining. Mostly an aesthetical choice. Better to
be consistent then. be consistent then.
@ -59,7 +64,7 @@ Style/TrailingCommaInArguments:
Description: Prefer always trailing comma on multiline argument lists. This makes Description: Prefer always trailing comma on multiline argument lists. This makes
diffs, and re-ordering nicer. diffs, and re-ordering nicer.
EnforcedStyleForMultiline: comma EnforcedStyleForMultiline: comma
Style/TrailingCommaInLiteral: Style/TrailingCommaInArrayLiteral:
Description: Prefer always trailing comma on multiline literals. This makes diffs, Description: Prefer always trailing comma on multiline literals. This makes diffs,
and re-ordering nicer. and re-ordering nicer.
EnforcedStyleForMultiline: comma EnforcedStyleForMultiline: comma
@ -74,20 +79,170 @@ Style/Documentation:
- spec/**/* - spec/**/*
Style/WordArray: Style/WordArray:
EnforcedStyle: brackets EnforcedStyle: brackets
Performance/AncestorsInclude:
Enabled: true
Performance/BigDecimalWithNumericArgument:
Enabled: true
Performance/BlockGivenWithExplicitBlock:
Enabled: true
Performance/CaseWhenSplat:
Enabled: true
Performance/ConstantRegexp:
Enabled: true
Performance/MethodObjectAsBlock:
Enabled: true
Performance/RedundantSortBlock:
Enabled: true
Performance/RedundantStringChars:
Enabled: true
Performance/ReverseFirst:
Enabled: true
Performance/SortReverse:
Enabled: true
Performance/Squeeze:
Enabled: true
Performance/StringInclude:
Enabled: true
Performance/Sum:
Enabled: true
Style/CollectionMethods: Style/CollectionMethods:
Enabled: true Enabled: true
Style/MethodCalledOnDoEndBlock: Style/MethodCalledOnDoEndBlock:
Enabled: true Enabled: true
Style/StringMethods: Style/StringMethods:
Enabled: true Enabled: true
Bundler/InsecureProtocolSource:
Enabled: false
Gemspec/DuplicatedAssignment:
Enabled: false
Gemspec/OrderedDependencies:
Enabled: false
Gemspec/RequiredRubyVersion:
Enabled: false
Gemspec/RubyVersionGlobalsUsage:
Enabled: false
Layout/ArgumentAlignment:
Enabled: false
Layout/BeginEndAlignment:
Enabled: false
Layout/ClosingHeredocIndentation:
Enabled: false
Layout/EmptyComment:
Enabled: false
Layout/EmptyLineAfterGuardClause:
Enabled: false
Layout/EmptyLinesAroundArguments:
Enabled: false
Layout/EmptyLinesAroundAttributeAccessor:
Enabled: false
Layout/EndOfLine: Layout/EndOfLine:
Enabled: false Enabled: false
Layout/FirstArgumentIndentation:
Enabled: false
Layout/HashAlignment:
Enabled: false
Layout/HeredocIndentation: Layout/HeredocIndentation:
Enabled: false Enabled: false
Layout/LeadingEmptyLines:
Enabled: false
Layout/SpaceAroundMethodCallOperator:
Enabled: false
Layout/SpaceInsideArrayLiteralBrackets:
Enabled: false
Layout/SpaceInsideReferenceBrackets:
Enabled: false
Lint/BigDecimalNew:
Enabled: false
Lint/BooleanSymbol:
Enabled: false
Lint/ConstantDefinitionInBlock:
Enabled: false
Lint/DeprecatedOpenSSLConstant:
Enabled: false
Lint/DisjunctiveAssignmentInConstructor:
Enabled: false
Lint/DuplicateElsifCondition:
Enabled: false
Lint/DuplicateRequire:
Enabled: false
Lint/DuplicateRescueException:
Enabled: false
Lint/EmptyConditionalBody:
Enabled: false
Lint/EmptyFile:
Enabled: false
Lint/ErbNewArguments:
Enabled: false
Lint/FloatComparison:
Enabled: false
Lint/HashCompareByIdentity:
Enabled: false
Lint/IdentityComparison:
Enabled: false
Lint/InterpolationCheck:
Enabled: false
Lint/MissingCopEnableDirective:
Enabled: false
Lint/MixedRegexpCaptureTypes:
Enabled: false
Lint/NestedPercentLiteral:
Enabled: false
Lint/NonDeterministicRequireOrder:
Enabled: false
Lint/OrderedMagicComments:
Enabled: false
Lint/OutOfRangeRegexpRef:
Enabled: false
Lint/RaiseException:
Enabled: false
Lint/RedundantCopEnableDirective:
Enabled: false
Lint/RedundantRequireStatement:
Enabled: false
Lint/RedundantSafeNavigation:
Enabled: false
Lint/RedundantWithIndex:
Enabled: false
Lint/RedundantWithObject:
Enabled: false
Lint/RegexpAsCondition:
Enabled: false
Lint/ReturnInVoidContext:
Enabled: false
Lint/SafeNavigationConsistency:
Enabled: false
Lint/SafeNavigationWithEmpty:
Enabled: false
Lint/SelfAssignment:
Enabled: false
Lint/SendWithMixinArgument:
Enabled: false
Lint/ShadowedArgument:
Enabled: false
Lint/StructNewOverride:
Enabled: false
Lint/ToJSON:
Enabled: false
Lint/TopLevelReturnWithArgument:
Enabled: false
Lint/TrailingCommaInAttributeDeclaration:
Enabled: false
Lint/UnreachableLoop:
Enabled: false
Lint/UriEscapeUnescape:
Enabled: false
Lint/UriRegexp:
Enabled: false
Lint/UselessMethodDefinition:
Enabled: false
Lint/UselessTimes:
Enabled: false
Metrics/AbcSize: Metrics/AbcSize:
Enabled: false Enabled: false
Metrics/BlockLength: Metrics/BlockLength:
Enabled: false Enabled: false
Metrics/BlockNesting:
Enabled: false
Metrics/ClassLength: Metrics/ClassLength:
Enabled: false Enabled: false
Metrics/CyclomaticComplexity: Metrics/CyclomaticComplexity:
@ -100,19 +255,265 @@ Metrics/ParameterLists:
Enabled: false Enabled: false
Metrics/PerceivedComplexity: Metrics/PerceivedComplexity:
Enabled: false Enabled: false
Migration/DepartmentName:
Enabled: false
Naming/AccessorMethodName:
Enabled: false
Naming/BlockParameterName:
Enabled: false
Naming/HeredocDelimiterCase:
Enabled: false
Naming/HeredocDelimiterNaming:
Enabled: false
Naming/MemoizedInstanceVariableName:
Enabled: false
Naming/MethodParameterName:
Enabled: false
Naming/RescuedExceptionsVariableName:
Enabled: false
Naming/VariableNumber:
Enabled: false
Performance/BindCall:
Enabled: false
Performance/DeletePrefix:
Enabled: false
Performance/DeleteSuffix:
Enabled: false
Performance/InefficientHashSearch:
Enabled: false
Performance/UnfreezeString:
Enabled: false
Performance/UriDefaultParser:
Enabled: false
RSpec/Be:
Enabled: false
RSpec/Capybara/CurrentPathExpectation:
Enabled: false
RSpec/Capybara/FeatureMethods:
Enabled: false
RSpec/Capybara/VisibilityMatcher:
Enabled: false
RSpec/ContextMethod:
Enabled: false
RSpec/ContextWording:
Enabled: false
RSpec/DescribeClass: RSpec/DescribeClass:
Enabled: false Enabled: false
RSpec/EmptyHook:
Enabled: false
RSpec/EmptyLineAfterExample:
Enabled: false
RSpec/EmptyLineAfterExampleGroup:
Enabled: false
RSpec/EmptyLineAfterHook:
Enabled: false
RSpec/ExampleLength: RSpec/ExampleLength:
Enabled: false Enabled: false
RSpec/MessageExpectation: RSpec/ExampleWithoutDescription:
Enabled: false
RSpec/ExpectChange:
Enabled: false
RSpec/ExpectInHook:
Enabled: false
RSpec/FactoryBot/AttributeDefinedStatically:
Enabled: false
RSpec/FactoryBot/CreateList:
Enabled: false
RSpec/FactoryBot/FactoryClassName:
Enabled: false
RSpec/HooksBeforeExamples:
Enabled: false
RSpec/ImplicitBlockExpectation:
Enabled: false
RSpec/ImplicitSubject:
Enabled: false
RSpec/LeakyConstantDeclaration:
Enabled: false
RSpec/LetBeforeExamples:
Enabled: false
RSpec/MissingExampleGroupArgument:
Enabled: false Enabled: false
RSpec/MultipleExpectations: RSpec/MultipleExpectations:
Enabled: false Enabled: false
RSpec/MultipleMemoizedHelpers:
Enabled: false
RSpec/MultipleSubjects:
Enabled: false
RSpec/NestedGroups: RSpec/NestedGroups:
Enabled: false Enabled: false
RSpec/PredicateMatcher:
Enabled: false
RSpec/ReceiveCounts:
Enabled: false
RSpec/ReceiveNever:
Enabled: false
RSpec/RepeatedExampleGroupBody:
Enabled: false
RSpec/RepeatedExampleGroupDescription:
Enabled: false
RSpec/RepeatedIncludeExample:
Enabled: false
RSpec/ReturnFromStub:
Enabled: false
RSpec/SharedExamples:
Enabled: false
RSpec/StubbedMock:
Enabled: false
RSpec/UnspecifiedException:
Enabled: false
RSpec/VariableDefinition:
Enabled: false
RSpec/VoidExpect:
Enabled: false
RSpec/Yield:
Enabled: false
Security/Open:
Enabled: false
Style/AccessModifierDeclarations:
Enabled: false
Style/AccessorGrouping:
Enabled: false
Style/AsciiComments: Style/AsciiComments:
Enabled: false Enabled: false
Style/BisectedAttrAccessor:
Enabled: false
Style/CaseLikeIf:
Enabled: false
Style/ClassEqualityComparison:
Enabled: false
Style/ColonMethodDefinition:
Enabled: false
Style/CombinableLoops:
Enabled: false
Style/CommentedKeyword:
Enabled: false
Style/Dir:
Enabled: false
Style/DoubleCopDisableDirective:
Enabled: false
Style/EmptyBlockParameter:
Enabled: false
Style/EmptyLambdaParameter:
Enabled: false
Style/Encoding:
Enabled: false
Style/EvalWithLocation:
Enabled: false
Style/ExpandPathArguments:
Enabled: false
Style/ExplicitBlockArgument:
Enabled: false
Style/ExponentialNotation:
Enabled: false
Style/FloatDivision:
Enabled: false
Style/FrozenStringLiteralComment:
Enabled: false
Style/GlobalStdStream:
Enabled: false
Style/HashAsLastArrayItem:
Enabled: false
Style/HashLikeCase:
Enabled: false
Style/HashTransformKeys:
Enabled: false
Style/HashTransformValues:
Enabled: false
Style/IfUnlessModifier: Style/IfUnlessModifier:
Enabled: false Enabled: false
Style/KeywordParametersOrder:
Enabled: false
Style/MinMax:
Enabled: false
Style/MixinUsage:
Enabled: false
Style/MultilineWhenThen:
Enabled: false
Style/NegatedUnless:
Enabled: false
Style/NumericPredicate:
Enabled: false
Style/OptionalBooleanParameter:
Enabled: false
Style/OrAssignment:
Enabled: false
Style/RandomWithOffset:
Enabled: false
Style/RedundantAssignment:
Enabled: false
Style/RedundantCondition:
Enabled: false
Style/RedundantConditional:
Enabled: false
Style/RedundantFetchBlock:
Enabled: false
Style/RedundantFileExtensionInRequire:
Enabled: false
Style/RedundantRegexpCharacterClass:
Enabled: false
Style/RedundantRegexpEscape:
Enabled: false
Style/RedundantSelfAssignment:
Enabled: false
Style/RedundantSort:
Enabled: false
Style/RescueStandardError:
Enabled: false
Style/SingleArgumentDig:
Enabled: false
Style/SlicingWithRange:
Enabled: false
Style/SoleNestedConditional:
Enabled: false
Style/StderrPuts:
Enabled: false
Style/StringConcatenation:
Enabled: false
Style/Strip:
Enabled: false
Style/SymbolProc: Style/SymbolProc:
Enabled: false Enabled: false
Style/TrailingBodyOnClass:
Enabled: false
Style/TrailingBodyOnMethodDefinition:
Enabled: false
Style/TrailingBodyOnModule:
Enabled: false
Style/TrailingCommaInHashLiteral:
Enabled: false
Style/TrailingMethodEndStatement:
Enabled: false
Style/UnpackFirst:
Enabled: false
Lint/DuplicateBranch:
Enabled: false
Lint/DuplicateRegexpCharacterClassElement:
Enabled: false
Lint/EmptyBlock:
Enabled: false
Lint/EmptyClass:
Enabled: false
Lint/NoReturnInBeginEndBlocks:
Enabled: false
Lint/ToEnumArguments:
Enabled: false
Lint/UnexpectedBlockArity:
Enabled: false
Lint/UnmodifiedReduceAccumulator:
Enabled: false
Performance/CollectionLiteralInLoop:
Enabled: false
Style/ArgumentsForwarding:
Enabled: false
Style/CollectionCompact:
Enabled: false
Style/DocumentDynamicEvalDefinition:
Enabled: false
Style/NegatedIfElseCondition:
Enabled: false
Style/NilLambda:
Enabled: false
Style/RedundantArgument:
Enabled: false
Style/SwapValues:
Enabled: false

8
.sync.yml Normal file
View File

@ -0,0 +1,8 @@
# This file can be used to customize the files managed by PDK.
#
# See https://github.com/puppetlabs/pdk-templates/blob/main/README.md
# for more information.
#
# See https://github.com/puppetlabs/pdk-templates/blob/main/config_defaults.yml
# for the default values.
--- {}

View File

@ -1,44 +1,45 @@
--- ---
sudo: false os: linux
dist: trusty dist: xenial
language: ruby language: ruby
cache: bundler cache: bundler
before_install: before_install:
- bundle -v - bundle -v
- rm -f Gemfile.lock - rm -f Gemfile.lock
- gem update --system - "# Update system gems if requested. This is useful to temporarily workaround troubles in the test runner"
- "# See https://github.com/puppetlabs/pdk-templates/commit/705154d5c437796b821691b707156e1b056d244f for an example of how this was used"
- "# Ignore exit code of SIGPIPE'd yes to not fail with shell's pipefail set"
- '[ -z "$RUBYGEMS_VERSION" ] || (yes || true) | gem update --system $RUBYGEMS_VERSION'
- gem --version - gem --version
- bundle -v - bundle -v
script: script:
- 'bundle exec rake $CHECK' - 'bundle exec rake $CHECK'
bundler_args: --without system_tests bundler_args: --without system_tests
rvm: rvm:
- 2.4.4 - 2.5.7
env: stages:
global: - static
- BEAKER_PUPPET_COLLECTION=puppet5 PUPPET_GEM_VERSION="~> 5.0" - spec
matrix: - acceptance
-
if: tag =~ ^v\d
name: deploy
jobs:
fast_finish: true fast_finish: true
include: include:
- -
env: CHECK="syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop" env: CHECK="validate lint check rubocop"
stage: static
- -
env: CHECK=parallel_spec env: PUPPET_GEM_VERSION="~> 6.0" CHECK=parallel_spec
rvm: 2.5.7
stage: spec
- -
env: PUPPET_GEM_VERSION="~> 4.0" CHECK=parallel_spec env: DEPLOY_TO_FORGE=yes
rvm: 2.1.9 stage: deploy
branches: branches:
only: only:
- master - main
- /^v\d/ - /^v\d/
notifications: notifications:
email: false email: false
deploy:
provider: puppetforge
user: puppet
password:
secure: ""
on:
tags: true
all_branches: true
condition: "$DEPLOY_TO_FORGE = yes"

6
.vscode/extensions.json vendored Normal file
View File

@ -0,0 +1,6 @@
{
"recommendations": [
"puppet.puppet-vscode",
"rebornix.Ruby"
]
}

View File

@ -2,6 +2,19 @@
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
## 0.4.2 (2021-05-11)
### Addition
- New parameters (bind_timelimit, timelimit, idle_timelimit, reconnect_sleeptime, reconnect_retrytime)
- New Hiera example files
### Changed
- Documentation reviewed and improved
- ldap_search_base parameter is now optional
- Module converted to the latest version of PDK (2.2.0)
## 0.4.1 (2019-03-11) ## 0.4.1 (2019-03-11)
### [Related PR : https://github.com/geekix/puppet-nslcd/pull/18] ### [Related PR : https://github.com/geekix/puppet-nslcd/pull/18]

52
Gemfile
View File

@ -1,42 +1,36 @@
source ENV['GEM_SOURCE'] || 'https://rubygems.org' source ENV['GEM_SOURCE'] || 'https://rubygems.org'
def location_for(place_or_version, fake_version = nil) def location_for(place_or_version, fake_version = nil)
if place_or_version =~ %r{\A(git[:@][^#]*)#(.*)} git_url_regex = %r{\A(?<url>(https?|git)[:@][^#]*)(#(?<branch>.*))?}
[fake_version, { git: Regexp.last_match(1), branch: Regexp.last_match(2), require: false }].compact file_url_regex = %r{\Afile:\/\/(?<path>.*)}
elsif place_or_version =~ %r{\Afile:\/\/(.*)}
['>= 0', { path: File.expand_path(Regexp.last_match(1)), require: false }] if place_or_version && (git_url = place_or_version.match(git_url_regex))
[fake_version, { git: git_url[:url], branch: git_url[:branch], require: false }].compact
elsif place_or_version && (file_url = place_or_version.match(file_url_regex))
['>= 0', { path: File.expand_path(file_url[:path]), require: false }]
else else
[place_or_version, { require: false }] [place_or_version, { require: false }]
end end
end end
def gem_type(place_or_version)
if place_or_version =~ %r{\Agit[:@]}
:git
elsif !place_or_version.nil? && place_or_version.start_with?('file:')
:file
else
:gem
end
end
ruby_version_segments = Gem::Version.new(RUBY_VERSION.dup).segments ruby_version_segments = Gem::Version.new(RUBY_VERSION.dup).segments
minor_version = ruby_version_segments[0..1].join('.') minor_version = ruby_version_segments[0..1].join('.')
group :development do group :development do
gem "fast_gettext", '1.1.0', require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.1.0') gem "json", '= 2.0.4', require: false if Gem::Requirement.create('~> 2.4.2').satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
gem "fast_gettext", require: false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.1.0') gem "json", '= 2.1.0', require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
gem "json_pure", '<= 2.0.1', require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0') gem "json", '= 2.3.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 2.8.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
gem "json", '= 1.8.1', require: false if Gem::Version.new(RUBY_VERSION.dup) == Gem::Version.new('2.1.9') gem "puppet-module-posix-default-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby]
gem "json", '<= 2.0.4', require: false if Gem::Version.new(RUBY_VERSION.dup) == Gem::Version.new('2.4.4') gem "puppet-module-posix-dev-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby]
gem "puppet-module-posix-default-r#{minor_version}", require: false, platforms: [:ruby] gem "puppet-module-win-default-r#{minor_version}", '~> 1.0', require: false, platforms: [:mswin, :mingw, :x64_mingw]
gem "puppet-module-posix-dev-r#{minor_version}", require: false, platforms: [:ruby] gem "puppet-module-win-dev-r#{minor_version}", '~> 1.0', require: false, platforms: [:mswin, :mingw, :x64_mingw]
gem "puppet-module-win-default-r#{minor_version}", require: false, platforms: [:mswin, :mingw, :x64_mingw] end
gem "puppet-module-win-dev-r#{minor_version}", require: false, platforms: [:mswin, :mingw, :x64_mingw] group :system_tests do
gem "puppet-module-posix-system-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby]
gem "puppet-module-win-system-r#{minor_version}", '~> 1.0', require: false, platforms: [:mswin, :mingw, :x64_mingw]
end end
puppet_version = ENV['PUPPET_GEM_VERSION'] puppet_version = ENV['PUPPET_GEM_VERSION']
puppet_type = gem_type(puppet_version)
facter_version = ENV['FACTER_GEM_VERSION'] facter_version = ENV['FACTER_GEM_VERSION']
hiera_version = ENV['HIERA_GEM_VERSION'] hiera_version = ENV['HIERA_GEM_VERSION']
@ -50,16 +44,6 @@ gems['puppet'] = location_for(puppet_version)
gems['facter'] = location_for(facter_version) if facter_version gems['facter'] = location_for(facter_version) if facter_version
gems['hiera'] = location_for(hiera_version) if hiera_version gems['hiera'] = location_for(hiera_version) if hiera_version
if Gem.win_platform? && puppet_version =~ %r{^(file:///|git://)}
# If we're using a Puppet gem on Windows which handles its own win32-xxx gem
# dependencies (>= 3.5.0), set the maximum versions (see PUP-6445).
gems['win32-dir'] = ['<= 0.4.9', require: false]
gems['win32-eventlog'] = ['<= 0.6.5', require: false]
gems['win32-process'] = ['<= 0.7.5', require: false]
gems['win32-security'] = ['<= 0.2.5', require: false]
gems['win32-service'] = ['0.8.8', require: false]
end
gems.each do |gem_name, gem_params| gems.each do |gem_name, gem_params|
gem gem_name, *gem_params gem gem_name, *gem_params
end end

131
README.md
View File

@ -3,46 +3,40 @@
#### Table of Contents #### Table of Contents
1. [Overview](#overview) 1. [Overview](#overview)
2. [Module Description - What the module does and why it is useful](#module-description) 2. [Dependencies](#dependencies)
3. [Setup - The basics of getting started with nslcd](#setup) 3. [Usage](#usage)
* [What nslcd affects](#what-nslcd-affects) 4. [What the module affects](#what-the-module-affects)
4. [Usage - Configuration options and additional functionality](#usage) 5. [Parameters](#parameters)
5. [Reference - An under-the-hood peek at what the module is doing and how](#reference) 6. [Extend the configuration](#extend-the-configuration)
5. [Limitations - OS compatibility, etc.](#limitations) 7. [Limitations](#limitations)
6. [Development - Guide for contributing to the module](#development) 8. [Development](#development)
## Overview ## Overview
This module installs and configured nslcd to get pam/nss data from ldap. This module installs and configured a local NSLCD daemon.
NSLCD is used to provide LDAP authentication through PAM/NSS.
## Module Description ## Dependencies
This module allows you to install and configure the nslcd daemon (and its dependencies), to provide ldap support for [Stdlib - https://forge.puppet.com/modules/puppetlabs/stdlib](https://forge.puppet.com/modules/puppetlabs/stdlib)
PAM and NSS.
## Setup
### What nslcd affects
* `nslcd` package and service
* `/etc/nslcd.conf`
## Usage ## Usage
Simply include/contain/required/declare the nslcd class. The module includes a few sane defaults, so it should work out of the box.
It includes a few sane defaults, so it should work out of the box. Just fill in these parameters :
However, we recommend that you declare the class and override a few parameters:
* In the module * Example
``` ```
class { 'nslcd': class
{
'nslcd':
ldap_uris => ['ldap://ldap01.mycompany.com:389','ldap://ldap02.mycompany.com:389'], ldap_uris => ['ldap://ldap01.mycompany.com:389','ldap://ldap02.mycompany.com:389'],
ldap_search_base => 'dc=company,dc=com' ldap_search_base => 'dc=company,dc=com'
} }
``` ```
* In hieradata * The same in Hiera
``` ```
nslcd::ldap_uris: nslcd::ldap_uris:
@ -51,20 +45,91 @@ nslcd::ldap_uris:
nslcd::ldap_search_base: 'dc=company,dc=com' nslcd::ldap_search_base: 'dc=company,dc=com'
``` ```
## Reference * Will give this in the config file
*todo* ```
uri ldap://ldap01.company.com:389 ldap://ldap02.company.com:389
base dc=company,dc=com
```
## What the module affects
* `nslcd` package and service
* `/etc/nslcd.conf`
## Parameters
Parameter | Parameter type | Default value | Description
--------- | ---------- | ------------- | -----------
package_ensure | Variant[Boolean,String] | present | Sets if the package should be present or absent.
package_name | String | Depends on the Linux distrib | Name of the package to install. Set if your platform is not supported.
package_manage | Boolean | true | Sets if the module should manage or not the package installation.
service_ensure | Variant[Boolean,Enum['stopped','running']] | running | Sets if the service should be running or stopped.
service_enable | Boolean | true | Sets if the service should be started on system boot.
service_name | String | nslcd | Sets the name of the service. Set if your platform is not supported.
service_manage | Boolean | true | Sets if the module should manage or not the service.
uid | String | nslcd | Sets the user to start the daemon.
gid | String | Depends on the Linux distrib | Sets the group to start the daemon.
config | Stdlib::Unixpath | /etc/nslcd.conf | Sets the path of the config file.
config_user | String | root | Sets the owner of the config file.
config_group | String | Depends on the Linux distrib | Sets the group of the config file.
config_mode | Stdlib::Filemode | Depends on the Linux distrib | Permission of the config file.
ldap_uris | Array[String] | ldap:/// | Array of LDAP servers.
ldap_version | Enum['2','3'] | 3 | Sets the LDAP version to use.
ldap_binddn | String | undef | Sets the DN (distinguished name) to bind to the LDAP servers.
ldap_bindpw | String | undef | Sets the password to bind to the LDAP servers. Only used if the parameter ldap_binddn is set.
ldap_search_base | String | undef | Sets the base DN (distinguished name) to use as the search base.
ldap_group_base | String | undef | Sets the base DN (distinguished name) to use as the group search base.
ldap_search_scope | Enum['sub','subtree','one','onelevel','base'] | subtree | Sets the search scope depth.
config_options | Hash | {} | Key/Value hash to extend the configuration.
ldap_filters | Hash | {} | Sets the LDAP search filter for specific mapping.
ldap_maps | Hash | {} | Allows for custom attributes to be looked up.
ldap_ssl | Enum['on','off','start_tls'] | off | Whether to use SSL/TLS for the connexion to the LDAP servers.
ldap_tls_reqcert | Enum['never','allow','try','demand','hard'] | allow | Sets what checks to perform on a server-supplied certificate.
ldap_tls_cacertfile | String | undef | Sets the path of the PEM-format file containing certificates for the CA's that will be trusted.
bind_timelimit | Integer | undef | Sets the time limit (in seconds) to setup a connexion with the LDAP server.
timelimit | Integer | undef | Sets the time limit (in seconds) to wait for a response from the LDAP server.
idle_timelimit | Integer | undef | Sets the period if inactivity (in seconds) after which the connection to the LDAP server will be closed.
reconnect_sleeptime | Integer | 1 | Sets the number of seconds to sleep when connecting to all LDAP servers fails.
reconnect_retrytime | Integer | 10 | Sets the time after which the LDAP server is considered to be permanently unavailable. Once this time is reached retries will be done only once per this time period.
## Extend the configuration
The module exposes the most commonly used paramaters. However, to extend the configuration use the **config_options** parameter.
It allows you to set any parameter not listed above.
* Example configuration
```
class
{
'nslcd':
config_options:
threads: '10'
}
```
* The same config in Hiera
```
nslcd::config_options:
threads: '10'
```
* Will give this in the config file
```
threads 10
```
## Limitations ## Limitations
The module has been tested with Ubuntu 14.04, Ubuntu 16.04, Ubuntu 18.04, Debian 8, Debian 9 and Puppet 4.10. The module has been tested with :
It should work with Puppet 4.x.
For additional OS support, you should contribute it back upstream! * Ubuntu 14.04 / 16.04 / 18.04 / 20.04
* Debian 8 / 9 / 10 / 11
The module doesn't support setting the `rootbinddn` and `rootbindpw` attributes yet, it will be added in a next version. * Puppet 4 / 5 / 6
## Development ## Development
If you want to improve this module, send us a patch of pull request! If you want to improve this module, send us a pull request !

View File

@ -1,7 +1,12 @@
# frozen_string_literal: true
require 'bundler'
require 'puppet_litmus/rake_tasks' if Bundler.rubygems.find_name('puppet_litmus').any?
require 'puppetlabs_spec_helper/rake_tasks' require 'puppetlabs_spec_helper/rake_tasks'
require 'puppet-syntax/tasks/puppet-syntax' require 'puppet-syntax/tasks/puppet-syntax'
require 'puppet_blacksmith/rake_tasks' if Bundler.rubygems.find_name('puppet-blacksmith').any? require 'puppet_blacksmith/rake_tasks' if Bundler.rubygems.find_name('puppet-blacksmith').any?
require 'github_changelog_generator/task' if Bundler.rubygems.find_name('github_changelog_generator').any? require 'github_changelog_generator/task' if Bundler.rubygems.find_name('github_changelog_generator').any?
require 'puppet-strings/tasks' if Bundler.rubygems.find_name('puppet-strings').any?
def changelog_user def changelog_user
return unless Rake.application.top_level_tasks.include? "changelog" return unless Rake.application.top_level_tasks.include? "changelog"
@ -13,15 +18,24 @@ end
def changelog_project def changelog_project
return unless Rake.application.top_level_tasks.include? "changelog" return unless Rake.application.top_level_tasks.include? "changelog"
returnVal = nil || JSON.load(File.read('metadata.json'))['name']
raise "unable to find the changelog_project in .sync.yml or the name in metadata.json" if returnVal.nil? returnVal = nil
returnVal ||= begin
metadata_source = JSON.load(File.read('metadata.json'))['source']
metadata_source_match = metadata_source && metadata_source.match(%r{.*\/([^\/]*?)(?:\.git)?\Z})
metadata_source_match && metadata_source_match[1]
end
raise "unable to find the changelog_project in .sync.yml or calculate it from the source in metadata.json" if returnVal.nil?
puts "GitHubChangelogGenerator project:#{returnVal}" puts "GitHubChangelogGenerator project:#{returnVal}"
returnVal returnVal
end end
def changelog_future_release def changelog_future_release
return unless Rake.application.top_level_tasks.include? "changelog" return unless Rake.application.top_level_tasks.include? "changelog"
returnVal = JSON.load(File.read('metadata.json'))['version'] returnVal = "v%s" % JSON.load(File.read('metadata.json'))['version']
raise "unable to find the future_release (version) in metadata.json" if returnVal.nil? raise "unable to find the future_release (version) in metadata.json" if returnVal.nil?
puts "GitHubChangelogGenerator future_release:#{returnVal}" puts "GitHubChangelogGenerator future_release:#{returnVal}"
returnVal returnVal
@ -29,6 +43,7 @@ end
PuppetLint.configuration.send('disable_relative') PuppetLint.configuration.send('disable_relative')
if Bundler.rubygems.find_name('github_changelog_generator').any? if Bundler.rubygems.find_name('github_changelog_generator').any?
GitHubChangelogGenerator::RakeTask.new :changelog do |config| GitHubChangelogGenerator::RakeTask.new :changelog do |config|
raise "Set CHANGELOG_GITHUB_TOKEN environment variable eg 'export CHANGELOG_GITHUB_TOKEN=valid_token_here'" if Rake.application.top_level_tasks.include? "changelog" and ENV['CHANGELOG_GITHUB_TOKEN'].nil? raise "Set CHANGELOG_GITHUB_TOKEN environment variable eg 'export CHANGELOG_GITHUB_TOKEN=valid_token_here'" if Rake.application.top_level_tasks.include? "changelog" and ENV['CHANGELOG_GITHUB_TOKEN'].nil?
@ -39,7 +54,7 @@ if Bundler.rubygems.find_name('github_changelog_generator').any?
config.header = "# Change log\n\nAll notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org)." config.header = "# Change log\n\nAll notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org)."
config.add_pr_wo_labels = true config.add_pr_wo_labels = true
config.issues = false config.issues = false
config.merge_prefix = "### UNCATEGORIZED PRS; GO LABEL THEM" config.merge_prefix = "### UNCATEGORIZED PRS; LABEL THEM ON GITHUB"
config.configure_sections = { config.configure_sections = {
"Changed" => { "Changed" => {
"prefix" => "### Changed", "prefix" => "### Changed",
@ -47,11 +62,11 @@ if Bundler.rubygems.find_name('github_changelog_generator').any?
}, },
"Added" => { "Added" => {
"prefix" => "### Added", "prefix" => "### Added",
"labels" => ["feature", "enhancement"], "labels" => ["enhancement", "feature"],
}, },
"Fixed" => { "Fixed" => {
"prefix" => "### Fixed", "prefix" => "### Fixed",
"labels" => ["bugfix"], "labels" => ["bug", "documentation", "bugfix"],
}, },
} }
end end
@ -59,16 +74,15 @@ else
desc 'Generate a Changelog from GitHub' desc 'Generate a Changelog from GitHub'
task :changelog do task :changelog do
raise <<EOM raise <<EOM
The changelog tasks depends on unreleased features of the github_changelog_generator gem. The changelog tasks depends on recent features of the github_changelog_generator gem.
Please manually add it to your .sync.yml for now, and run `pdk update`: Please manually add it to your .sync.yml for now, and run `pdk update`:
--- ---
Gemfile: Gemfile:
optional: optional:
':development': ':development':
- gem: 'github_changelog_generator' - gem: 'github_changelog_generator'
git: 'https://github.com/skywinder/github-changelog-generator' version: '~> 1.15'
ref: '20ee04ba1234e9e83eb2ffb5056e23d641c7a018' condition: "Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.3.0')"
condition: "Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.2.2')"
EOM EOM
end end
end end

View File

@ -1,5 +1,10 @@
--- ---
version: 1.1.x.{build} version: 1.1.x.{build}
skip_branch_with_pr: true
branches:
only:
- main
- release
skip_commits: skip_commits:
message: /^\(?doc\)?.*/ message: /^\(?doc\)?.*/
clone_depth: 10 clone_depth: 10
@ -12,23 +17,15 @@ init:
environment: environment:
matrix: matrix:
- -
RUBY_VERSION: 24-x64 RUBY_VERSION: 25-x64
CHECK: syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop CHECK: validate lint check rubocop
- -
PUPPET_GEM_VERSION: ~> 4.0 PUPPET_GEM_VERSION: ~> 6.0
RUBY_VERSION: 21 RUBY_VERSION: 25
CHECK: parallel_spec CHECK: parallel_spec
- -
PUPPET_GEM_VERSION: ~> 4.0 PUPPET_GEM_VERSION: ~> 6.0
RUBY_VERSION: 21-x64 RUBY_VERSION: 25-x64
CHECK: parallel_spec
-
PUPPET_GEM_VERSION: ~> 5.0
RUBY_VERSION: 24
CHECK: parallel_spec
-
PUPPET_GEM_VERSION: ~> 5.0
RUBY_VERSION: 24-x64
CHECK: parallel_spec CHECK: parallel_spec
matrix: matrix:
fast_finish: true fast_finish: true

28
data/Debian.yaml Normal file
View File

@ -0,0 +1,28 @@
---
nslcd::package_ensure: 'present'
nslcd::package_name: 'nslcd'
nslcd::package_manage: true
nslcd::service_ensure: 'running'
nslcd::service_enable: true
nslcd::service_name: 'nslcd'
nslcd::service_manage: true
nslcd::uid: 'nslcd'
nslcd::gid: 'nslcd'
nslcd::config: '/etc/nslcd.conf'
nslcd::config_user: 'root'
nslcd::config_group: 'nslcd'
nslcd::config_mode: '0640'
nslcd::ldap_uris:
- 'ldap://ldap01.company.com:389'
- 'ldap://ldap01.company.com:389'
nslcd::ldap_version: '3'
nslcd::ldap_binddn: 'cn=bind_user,ou=user,dc=company,dc=com'
nslcd::ldap_bindpw: 'secure_bind_user_password'
nslcd::ldap_search_base: 'dc=company,dc=com'
nslcd::ldap_group_base: 'ou=groups,dc=company,dc=com'
nslcd::ldap_search_scope: 'subtree'
nslcd::ldap_ssl: 'off'
nslcd::ldap_tls_reqcert: 'allow'
nslcd::reconnect_sleeptime: 1
nslcd::reconnect_retrytime: 10

28
data/RedHat.yaml Normal file
View File

@ -0,0 +1,28 @@
---
nslcd::package_ensure: 'present'
nslcd::package_name: 'nss-pam-ldapd'
nslcd::package_manage: true
nslcd::service_ensure: 'running'
nslcd::service_enable: true
nslcd::service_name: 'nslcd'
nslcd::service_manage: true
nslcd::uid: 'nslcd'
nslcd::gid: 'ldap'
nslcd::config: '/etc/nslcd.conf'
nslcd::config_user: 'root'
nslcd::config_group: 'root'
nslcd::config_mode: '0600'
nslcd::ldap_uris:
- 'ldap://ldap01.company.com:389'
- 'ldap://ldap01.company.com:389'
nslcd::ldap_version: '3'
nslcd::ldap_binddn: 'cn=bind_user,ou=user,dc=company,dc=com'
nslcd::ldap_bindpw: 'secure_bind_user_password'
nslcd::ldap_search_base: 'dc=company,dc=com'
nslcd::ldap_group_base: 'ou=groups,dc=company,dc=com'
nslcd::ldap_search_scope: 'subtree'
nslcd::ldap_ssl: 'off'
nslcd::ldap_tls_reqcert: 'allow'
nslcd::reconnect_sleeptime: 1
nslcd::reconnect_retrytime: 10

6
data/common.yaml Normal file
View File

@ -0,0 +1,6 @@
---
nslcd::ldap_uris:
- 'ldap://ldap01.company.com:389'
- 'ldap://ldap01.company.com:389'
nslcd::ldap_search_base: 'dc=company,dc=com'

View File

@ -1,12 +0,0 @@
# The baseline for module testing used by Puppet Labs is that each manifest
# should have a corresponding test manifest that declares that class or defined
# type.
#
# Tests are then run by using puppet apply --noop (to check for compilation
# errors and view a log of events) or by fully applying the test in a virtual
# environment (to compare the resulting system state to the desired state).
#
# Learn more about module testing here:
# http://docs.puppetlabs.com/guides/tests_smoke.html
#
include nslcd

21
hiera.yaml Normal file
View File

@ -0,0 +1,21 @@
---
version: 5
defaults: # Used for any hierarchy level that omits these keys.
datadir: data # This path is relative to hiera.yaml's directory.
data_hash: yaml_data # Use the built-in YAML backend.
hierarchy:
- name: "osfamily/major release"
paths:
# Used to distinguish between Debian and Ubuntu
- "os/%{facts.os.name}/%{facts.os.release.major}.yaml"
- "os/%{facts.os.family}/%{facts.os.release.major}.yaml"
# Used for Solaris
- "os/%{facts.os.family}/%{facts.kernelrelease}.yaml"
- name: "osfamily"
paths:
- "os/%{facts.os.name}.yaml"
- "os/%{facts.os.family}.yaml"
- name: 'common'
path: 'common.yaml'

View File

@ -1,14 +1,16 @@
# == Class: nslcd::config # == Class: nslcd::config
# #
# Manages the nslcd server configuration file # Manages the nslcd server configuration file
class nslcd::config inherits nslcd { #
class nslcd::config inherits nslcd
file { $nslcd::config: {
file
{
$nslcd::config:
ensure => file, ensure => file,
owner => $nslcd::config_user, owner => $nslcd::config_user,
group => $nslcd::config_group, group => $nslcd::config_group,
mode => $nslcd::config_mode, mode => $nslcd::config_mode,
content => template('nslcd/nslcd.erb'), content => template('nslcd/nslcd.erb'),
} }
} }

View File

@ -1,7 +1,105 @@
# == Class: nslcd # == Class: nslcd
# #
# This class manages the nslcd server and service. # This class manages the nslcd server and service.
class nslcd ( #
# @param package_ensure
# Sets if the package should be present or absent.
#
# @param package_name
# Name of the package to install. Depends on the Linux distrib.
# Set if your platform is not supported.
#
# @param package_manage
# Sets if the module should manage or not the package installation.
#
# @param service_ensure
# Sets if the service should be running or stopped.
#
# @param service_enable
# Sets if the service should be started on startup.
#
# @param service_name
# Sets the name of the service.
# Set if your platform is not supported.
#
# @param service_manage
# Sets if the module should manage or not the service.
#
# @param uid
# Sets the user to start the daemon.
#
# @param gid
# Sets the group to start the daemon. Depends on the Linux distrib.
#
# @param config
# Sets the path of the config file.
#
# @param config_user
# Sets the owner of the config file.
#
# @param config_group
# Sets the group of the config file. Depends on the Linux distrib.
#
# @param config_mode
# Permission of the config file. Depends on the Linux distrib.
#
# @param ldap_uris
# Array of LDAP servers.
#
# @param ldap_version
# Sets the LDAP version to use.
#
# @param ldap_binddn
# Sets the DN (distinguished name) to bind to the LDAP servers.
#
# @param ldap_bindpw
# Sets the password to bind to the LDAP servers. Only used if the parameter ldap_binddn is set.
#
# @param ldap_search_base
# Sets the base DN (distinguished name) to use as the search base.
#
# @param ldap_group_base
# Sets the base DN (distinguished name) to use as the group search base.
#
# @param ldap_search_scope
# Sets the search scope depth.
#
# @param config_options
# Key/Value hash to extend initial configuration.
#
# @param ldap_filters
# Sets the LDAP search filter for specific mapping.
#
# @param ldap_maps
# Allows for custom attributes to be looked up.
#
# @param ldap_ssl
# Whether to use SSL/TLS for the connexion to the LDAP servers.
#
# @param ldap_tls_reqcert
# Sets what checks to perform on a server-supplied certificate.
#
# @param ldap_tls_cacertfile
# Sets the path of the PEM-format file containing certificates for the CA's that will be trusted.
#
# @param bind_timelimit
# Sets the time limit (in seconds) to setup a connexion with the LDAP server.
#
# @param timelimit
# Sets the time limit (in seconds) to wait for a response from the LDAP server.
#
# @param idle_timelimit
# Sets the period if inactivity (in seconds) after which the connection to the LDAP server will be closed.
#
# @param reconnect_sleeptime
# Sets the number of seconds to sleep when connecting to all LDAP servers fails.
#
# @param reconnect_retrytime
# Sets the time after which the LDAP server is considered to be permanently unavailable.
# Once this time is reached retries will be done only once per this time period.
#
class nslcd
(
Variant[Boolean,String[1]] $package_ensure = 'present', Variant[Boolean,String[1]] $package_ensure = 'present',
String[1] $package_name = $nslcd::params::package_name, String[1] $package_name = $nslcd::params::package_name,
Boolean $package_manage = true, Boolean $package_manage = true,
@ -26,10 +124,16 @@ class nslcd (
Hash $ldap_filters = {}, Hash $ldap_filters = {},
Hash $ldap_maps = {}, Hash $ldap_maps = {},
Enum['on','off','start_tls'] $ldap_ssl = 'off', Enum['on','off','start_tls'] $ldap_ssl = 'off',
Enum['never','allow','try','demand','hard' ] $ldap_tls_reqcert = 'allow', Enum['never','allow','try','demand','hard'] $ldap_tls_reqcert = 'allow',
Optional[String[1]] $ldap_tls_cacertfile = undef, Optional[String[1]] $ldap_tls_cacertfile = undef,
) inherits nslcd::params { Optional[Integer] $bind_timelimit = undef,
Integer $timelimit = 10,
Optional[Integer] $idle_timelimit = undef,
Integer $reconnect_sleeptime = 1,
Integer $reconnect_retrytime = 10,
)
inherits nslcd::params
{
contain nslcd::install contain nslcd::install
contain nslcd::config contain nslcd::config
contain nslcd::service contain nslcd::service
@ -37,5 +141,4 @@ class nslcd (
Class['nslcd::install'] Class['nslcd::install']
-> Class['nslcd::config'] -> Class['nslcd::config']
~> Class['nslcd::service'] ~> Class['nslcd::service']
} }

View File

@ -1,12 +1,15 @@
# == Class: nslcd::install # == Class: nslcd::install
# #
# Installs the nslcd package. # Installs the nslcd package.
class nslcd::install inherits nslcd { #
class nslcd::install inherits nslcd
if $nslcd::package_manage { {
package { $nslcd::package_name: if $nslcd::package_manage
{
package
{
$nslcd::package_name:
ensure => $nslcd::package_ensure, ensure => $nslcd::package_ensure,
} }
} }
} }

View File

@ -1,24 +1,28 @@
# == Class: nslcd::params # == Class: nslcd::params
# #
# Sets the default parameters for the nslcd class. # Sets the default parameters for the nslcd class.
class nslcd::params { #
class nslcd::params
case $::osfamily { {
'Debian': { case $::osfamily
{
'Debian':
{
$package_name = 'nslcd' $package_name = 'nslcd'
$gid = 'nslcd' $gid = 'nslcd'
$config_group = 'nslcd' $config_group = 'nslcd'
$config_mode = '0640' $config_mode = '0640'
} }
'RedHat': { 'RedHat':
{
$package_name = 'nss-pam-ldapd' $package_name = 'nss-pam-ldapd'
$gid = 'ldap' $gid = 'ldap'
$config_group = 'root' $config_group = 'root'
$config_mode = '0600' $config_mode = '0600'
} }
default: { default:
{
fail("The ${module_name} module is not supported on an ${::osfamily} based system.") fail("The ${module_name} module is not supported on an ${::osfamily} based system.")
} }
} }
} }

View File

@ -1,14 +1,17 @@
# == Class: nslcd::service # == Class: nslcd::service
# #
# Manages the nslcd service. # Manages the nslcd service.
class nslcd::service inherits nslcd { #
class nslcd::service inherits nslcd
if $nslcd::service_manage { {
service { 'nslcd': if $nslcd::service_manage
{
service
{
'nslcd':
ensure => $nslcd::service_ensure, ensure => $nslcd::service_ensure,
enable => $nslcd::service_enable, enable => $nslcd::service_enable,
name => $nslcd::service_name, name => $nslcd::service_name,
} }
} }
} }

View File

@ -1,6 +1,6 @@
{ {
"name": "geekix-nslcd", "name": "geekix-nslcd",
"version": "0.4.1", "version": "0.4.2",
"author": "geekix", "author": "geekix",
"summary": "Installs and configures nslcd.", "summary": "Installs and configures nslcd.",
"license": "Apache-2.0", "license": "Apache-2.0",
@ -10,7 +10,7 @@
"dependencies": [ "dependencies": [
{ {
"name": "puppetlabs-stdlib", "name": "puppetlabs-stdlib",
"version_requirement": ">= 4.0.0 < 7.0.0" "version_requirement": ">= 4.0.0 < 8.1.0"
} }
], ],
"operatingsystem_support": [ "operatingsystem_support": [
@ -18,7 +18,9 @@
"operatingsystem": "Debian", "operatingsystem": "Debian",
"operatingsystemrelease": [ "operatingsystemrelease": [
"8", "8",
"9" "9",
"10",
"11"
] ]
}, },
{ {
@ -26,7 +28,8 @@
"operatingsystemrelease": [ "operatingsystemrelease": [
"14.04", "14.04",
"16.04", "16.04",
"18.04" "18.04",
"20.04"
] ]
} }
], ],
@ -40,9 +43,10 @@
"nslcd", "nslcd",
"pam", "pam",
"nss", "nss",
"ldap" "ldap",
"authentication"
], ],
"pdk-version": "1.7.0", "pdk-version": "2.2.0",
"template-url": "file:///opt/puppetlabs/pdk/share/cache/pdk-templates.git", "template-url": "https://github.com/puppetlabs/pdk-templates#main",
"template-ref": "1.7.0-0-g57412ed" "template-ref": "tags/2.3.0-0-g8aaceff"
} }

View File

@ -1,12 +0,0 @@
HOSTS:
ubuntu-1204-x64:
default_apply_opts:
strict_variables:
platform: ubuntu-12.04-amd64
hypervisor : docker
image: ubuntu:12.04
# This stops the image from being deleted on completion, speeding up the process.
docker_preserve_image: true
CONFIG:
type: foss
log_level: debug

View File

@ -1,10 +0,0 @@
HOSTS:
ubuntu-1204-x64:
default_apply_opts:
strict_variables:
platform: ubuntu-12.04-amd64
hypervisor : vagrant
box : puppetlabs/ubuntu-12.04-64-nocm
CONFIG:
type: foss
log_level: debug

View File

@ -1,12 +0,0 @@
HOSTS:
ubuntu-1404-x64:
default_apply_opts:
strict_variables:
platform: ubuntu-14.04-amd64
hypervisor : docker
image: ubuntu:14.04
# This stops the image from being deleted on completion, speeding up the process.
docker_preserve_image: true
CONFIG:
type: foss
log_level: debug

View File

@ -1,10 +0,0 @@
HOSTS:
ubuntu-1404-x64:
default_apply_opts:
strict_variables:
platform: ubuntu-14.04-amd64
hypervisor : vagrant
box : puppetlabs/ubuntu-14.04-64-nocm
CONFIG:
type: foss
log_level: debug

View File

@ -1,37 +0,0 @@
require 'spec_helper'
describe 'nslcd' do
{ 'Ubuntu' => 'Debian', 'Debian' => 'Debian', 'CentOS' => 'RedHat', 'RedHat' => 'RedHat' }.each do |system, family|
context "when on system #{system}" do
facts = {
osfamily: family,
operatingsystem: system,
}
let :facts do
facts
end
it { is_expected.to contain_class('nslcd') }
it { is_expected.to contain_class('nslcd::install') }
it { is_expected.to contain_class('nslcd::config') }
it { is_expected.to contain_class('nslcd::service') }
case facts[:osfamily]
when 'Debian'
it {
is_expected.to contain_package('nslcd')
is_expected.to contain_service('nslcd')
}
when 'RedHat'
it {
is_expected.to contain_package('nss-pam-ldapd')
is_expected.to contain_service('nslcd')
}
end
end
end
context 'when on an unknown system' do
it { is_expected.to raise_error(Puppet::Error) }
end
end

View File

@ -2,7 +2,7 @@
# #
# Facts specified here will override the values provided by rspec-puppet-facts. # Facts specified here will override the values provided by rspec-puppet-facts.
--- ---
concat_basedir: "/tmp"
ipaddress: "172.16.254.254" ipaddress: "172.16.254.254"
ipaddress6: "FE80:0000:0000:0000:AAAA:AAAA:AAAA"
is_pe: false is_pe: false
macaddress: "AA:AA:AA:AA:AA:AA" macaddress: "AA:AA:AA:AA:AA:AA"

View File

@ -1,11 +1,13 @@
# frozen_string_literal: true
RSpec.configure do |c|
c.mock_with :rspec
end
require 'puppetlabs_spec_helper/module_spec_helper' require 'puppetlabs_spec_helper/module_spec_helper'
require 'rspec-puppet-facts' require 'rspec-puppet-facts'
begin require 'spec_helper_local' if File.file?(File.join(File.dirname(__FILE__), 'spec_helper_local.rb'))
require 'spec_helper_local' if File.file?(File.join(File.dirname(__FILE__), 'spec_helper_local.rb'))
rescue LoadError => loaderror
warn "Could not require spec_helper_local: #{loaderror.message}"
end
include RspecPuppetFacts include RspecPuppetFacts
@ -14,15 +16,24 @@ default_facts = {
facterversion: Facter.version, facterversion: Facter.version,
} }
default_facts_path = File.expand_path(File.join(File.dirname(__FILE__), 'default_facts.yml')) default_fact_files = [
default_module_facts_path = File.expand_path(File.join(File.dirname(__FILE__), 'default_module_facts.yml')) File.expand_path(File.join(File.dirname(__FILE__), 'default_facts.yml')),
File.expand_path(File.join(File.dirname(__FILE__), 'default_module_facts.yml')),
]
if File.exist?(default_facts_path) && File.readable?(default_facts_path) default_fact_files.each do |f|
default_facts.merge!(YAML.safe_load(File.read(default_facts_path))) next unless File.exist?(f) && File.readable?(f) && File.size?(f)
begin
default_facts.merge!(YAML.safe_load(File.read(f), [], [], true))
rescue => e
RSpec.configuration.reporter.message "WARNING: Unable to load #{f}: #{e}"
end
end end
if File.exist?(default_module_facts_path) && File.readable?(default_module_facts_path) # read default_facts and merge them over what is provided by facterdb
default_facts.merge!(YAML.safe_load(File.read(default_module_facts_path))) default_facts.each do |fact, value|
add_custom_fact fact, value
end end
RSpec.configure do |c| RSpec.configure do |c|
@ -31,13 +42,31 @@ RSpec.configure do |c|
# set to strictest setting for testing # set to strictest setting for testing
# by default Puppet runs at warning level # by default Puppet runs at warning level
Puppet.settings[:strict] = :warning Puppet.settings[:strict] = :warning
Puppet.settings[:strict_variables] = true
end
c.filter_run_excluding(bolt: true) unless ENV['GEM_BOLT']
c.after(:suite) do
end
# Filter backtrace noise
backtrace_exclusion_patterns = [
%r{spec_helper},
%r{gems},
]
if c.respond_to?(:backtrace_exclusion_patterns)
c.backtrace_exclusion_patterns = backtrace_exclusion_patterns
elsif c.respond_to?(:backtrace_clean_patterns)
c.backtrace_clean_patterns = backtrace_exclusion_patterns
end end
end end
# Ensures that a module is defined
# @param module_name Name of the module
def ensure_module_defined(module_name) def ensure_module_defined(module_name)
module_name.split('::').reduce(Object) do |last_module, next_module| module_name.split('::').reduce(Object) do |last_module, next_module|
last_module.const_set(next_module, Module.new) unless last_module.const_defined?(next_module) last_module.const_set(next_module, Module.new) unless last_module.const_defined?(next_module, false)
last_module.const_get(next_module) last_module.const_get(next_module, false)
end end
end end

View File

@ -12,15 +12,18 @@ uri <%= @ldap_uris.sort.join(' ') %>
# The LDAP protocol version to use. # The LDAP protocol version to use.
ldap_version <%= @ldap_version %> ldap_version <%= @ldap_version %>
<% if @ldap_search_base -%>
# The search base that will be used for all queries. # The search base that will be used for all queries.
base <%= @ldap_search_base %> base <%= @ldap_search_base %>
<% if @ldap_group_base -%>
base group <%= @ldap_group_base -%>
<% end -%> <% end -%>
<% if @ldap_group_base -%>
# The group search base that will be used for all queries.
base group <%= @ldap_group_base %>
<% end -%>
<% if @ldap_binddn and @ldap_bindpw -%> <% if @ldap_binddn and @ldap_bindpw -%>
# The DN to bind with for normal lookups. # The DN to bind with the LDAP server.
binddn <%= @ldap_binddn %> binddn <%= @ldap_binddn %>
bindpw <%= @ldap_bindpw %> bindpw <%= @ldap_bindpw %>
<% end -%> <% end -%>
@ -35,14 +38,6 @@ tls_cacertfile <%= @ldap_tls_cacertfile %>
# The search scope. # The search scope.
scope <%= @ldap_search_scope %> scope <%= @ldap_search_scope %>
<% @config_options.sort.each do |k,v| -%>
<% Array(v).each do |av| -%>
<% if ![nil, '', :undef].include?(av) -%>
<%= %Q(#{k} #{av}) %>
<% end -%>
<% end -%>
<% end -%>
<% if @ldap_filters.length > 0 -%> <% if @ldap_filters.length > 0 -%>
# Custom search filters # Custom search filters
<% @ldap_filters.sort.each do |map, filter| -%> <% @ldap_filters.sort.each do |map, filter| -%>
@ -58,3 +53,26 @@ map <%= map %> <%= attribute %> <%= newattribute %>
<% end -%> <% end -%>
<% end -%> <% end -%>
<% end -%> <% end -%>
# Timeouts
<% if @bind_timelimit -%>
bind_timelimit <%= @bind_timelimit %>
<% end -%>
timelimit <%= @timelimit %>
<% if @idle_timelimit -%>
idle_timelimit <%= @idle_timelimit %>
<% end -%>
reconnect_sleeptime <%= @reconnect_sleeptime %>
reconnect_retrytime <%= @reconnect_retrytime %>
<% if @config_options.length > 0 -%>
# Extended configuration
<% @config_options.sort.each do |k,v| -%>
<% Array(v).each do |av| -%>
<% if ![nil, '', :undef].include?(av) -%>
<%= %Q(#{k} #{av}) %>
<% end -%>
<% end -%>
<% end -%>
<% end -%>