diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 56e360c..2503b6b 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -15,22 +15,21 @@ jobs: fail-fast: false matrix: include: - - ruby: 2.7 + - ruby: 2.7.8 puppet: 7 fixtures: .fixtures.yml allow_failure: false - - ruby: 2.7 + - ruby: 2.7.8 puppet: 7 fixtures: .fixtures-latest.yml allow_failure: true env: BUNDLE_WITHOUT: system_tests:release PUPPET_GEM_VERSION: "~> ${{ matrix.puppet }}.0" - FACTER_GEM_VERSION: "< 4.0" FIXTURES_YML: ${{ matrix.fixtures }} name: Puppet ${{ matrix.puppet }} (Ruby ${{ matrix.ruby }} fixtures=${{ matrix.fixtures }}) steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Setup ruby uses: ruby/setup-ruby@v1 with: @@ -48,10 +47,12 @@ jobs: fail-fast: false matrix: set: + - "el8" + - "el9" - "debian-10" - - "rocky-8" - - "ubuntu-1804" + - "debian-11" - "ubuntu-2004" + - "ubuntu-2204" puppet: - "puppet7" env: @@ -70,7 +71,7 @@ jobs: sudo apt-get remove mysql-server --purge sudo apt-get install apparmor-profiles sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.mysqld - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Setup ruby uses: ruby/setup-ruby@v1 with: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 9b3a0d7..bed1e38 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Setup Ruby uses: ruby/setup-ruby@v1 with: diff --git a/.sync.yml b/.sync.yml index 75fcbc5..89cb78d 100644 --- a/.sync.yml +++ b/.sync.yml @@ -7,16 +7,25 @@ # for the default values. --- .github/workflows/ci.yaml: + unit_excludes: + # TODO: nsswitch module uses legacy facts so can't test against Puppet 8 yet. + # https://github.com/trlinkin/puppet-nsswitch/pull/49 + puppet: '8' acceptance_matrix: set: - - rocky-8 + - el8 + - el9 - debian-10 - - ubuntu-1804 + - debian-11 - ubuntu-2004 + - ubuntu-2204 puppet: - puppet7 + # TODO: nsswitch module uses legacy facts so can't test against Puppet 8 yet. + # https://github.com/trlinkin/puppet-nsswitch/pull/49 + - ---puppet8 .github/workflows/release.yaml: - unmanaged: true + username: ghoneycutt spec/spec_helper.rb: coverage_report: true minimum_code_coverage_percentage: 100 diff --git a/Gemfile b/Gemfile index 0969e4f..c5101c4 100644 --- a/Gemfile +++ b/Gemfile @@ -17,33 +17,23 @@ ruby_version_segments = Gem::Version.new(RUBY_VERSION.dup).segments minor_version = ruby_version_segments[0..1].join('.') group :development do - gem "facter", '< 4.0', require: false - gem "fast_gettext", '1.1.0', require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.1.0') - gem "fast_gettext", require: false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.1.0') - gem "json_pure", '<= 2.0.1', require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0') - gem "json", '= 1.8.1', require: false if Gem::Version.new(RUBY_VERSION.dup) == Gem::Version.new('2.1.9') - gem "json", '= 2.0.4', require: false if Gem::Requirement.create('~> 2.4.2').satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) - gem "json", '= 2.1.0', require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) - gem "rb-readline", '= 0.5.5', require: false, platforms: [:mswin, :mingw, :x64_mingw] - gem "puppet-module-posix-default-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby] - gem "puppet-module-posix-dev-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby] - gem "puppet-module-win-default-r#{minor_version}", '~> 1.0', require: false, platforms: [:mswin, :mingw, :x64_mingw] - gem "puppet-module-win-dev-r#{minor_version}", '~> 1.0', require: false, platforms: [:mswin, :mingw, :x64_mingw] - gem "puppet-lint-param-docs", require: false - gem "voxpupuli-puppet-lint-plugins", '>= 3.0', require: false - gem "faraday", '~> 1.0', require: false - gem "github_changelog_generator", require: false + gem "voxpupuli-test", '6.0.0', require: false + gem "rubocop-performance", '~> 1.18', require: false + gem "faraday", '~> 1.0', require: false + gem "github_changelog_generator", require: false + gem "puppet-blacksmith", require: false + gem "puppet-strings", require: false end group :system_tests do - gem "puppet-module-posix-system-r#{minor_version}", '~> 0.5', require: false, platforms: [:ruby] - gem "puppet-module-win-system-r#{minor_version}", '~> 0.5', require: false, platforms: [:mswin, :mingw, :x64_mingw] - gem "beaker", *location_for(ENV['BEAKER_VERSION'] || '~> 4.0') + gem "beaker", *location_for(ENV['BEAKER_VERSION'] || '~> 4.29') gem "beaker-abs", *location_for(ENV['BEAKER_ABS_VERSION'] || '~> 0.1') gem "beaker-pe", require: false gem "beaker-hostgenerator" gem "beaker-rspec" gem "beaker-docker" gem "beaker-puppet" + gem "beaker-puppet_install_helper", require: false + gem "beaker-module_install_helper", require: false end puppet_version = ENV['PUPPET_GEM_VERSION'] diff --git a/Rakefile b/Rakefile index 8d0386c..f80eb34 100644 --- a/Rakefile +++ b/Rakefile @@ -1,7 +1,7 @@ # frozen_string_literal: true require 'bundler' -require 'puppet_litmus/rake_tasks' if Bundler.rubygems.find_name('puppet_litmus').any? +require 'beaker-rspec/rake_task' if Bundler.rubygems.find_name('beaker-rspec').any? require 'puppetlabs_spec_helper/rake_tasks' require 'puppet-syntax/tasks/puppet-syntax' require 'puppet_blacksmith/rake_tasks' if Bundler.rubygems.find_name('puppet-blacksmith').any? diff --git a/metadata.json b/metadata.json index 2d134e6..d4f1198 100644 --- a/metadata.json +++ b/metadata.json @@ -27,9 +27,6 @@ { "operatingsystem": "Debian", "operatingsystemrelease": [ - "7", - "8", - "9", "10", "11" ] @@ -37,8 +34,6 @@ { "operatingsystem": "RedHat", "operatingsystemrelease": [ - "5", - "6", "7", "8", "9" @@ -47,18 +42,12 @@ { "operatingsystem": "CentOS", "operatingsystemrelease": [ - "5", - "6", - "7", - "8", - "9" + "7" ] }, { "operatingsystem": "OracleLinux", "operatingsystemrelease": [ - "5", - "6", "7", "8", "9" @@ -67,11 +56,7 @@ { "operatingsystem": "Scientific", "operatingsystemrelease": [ - "5", - "6", - "7", - "8", - "9" + "7" ] }, { @@ -85,9 +70,6 @@ { "operatingsystem": "SLES", "operatingsystemrelease": [ - "9", - "10", - "11", "12", "15" ] @@ -95,9 +77,6 @@ { "operatingsystem": "SLED", "operatingsystemrelease": [ - "9", - "10", - "11", "12", "15" ] @@ -105,10 +84,6 @@ { "operatingsystem": "Ubuntu", "operatingsystemrelease": [ - "12.04", - "14.04", - "16.04", - "18.04", "20.04", "22.04" ] diff --git a/spec/acceptance/00_pam_spec.rb b/spec/acceptance/00_pam_spec.rb index d72ec40..9e38a13 100644 --- a/spec/acceptance/00_pam_spec.rb +++ b/spec/acceptance/00_pam_spec.rb @@ -27,8 +27,8 @@ it { is_expected.to be_grouped_into 'root' } it { is_expected.to be_mode 644 } it { - if fact('osfamily') == 'RedHat' - if fact('operatingsystemmajrelease') == '8' + if fact('os.family') == 'RedHat' + if fact('os.release.major') =~ %r{8|9} is_expected.not_to match(%r{^account\s+required\s+pam_access.so$}) else is_expected.to match(%r{^account\s+required\s+pam_access.so$}) @@ -43,8 +43,8 @@ it { is_expected.to be_grouped_into 'root' } it { is_expected.to be_mode 644 } it { - if fact('osfamily') == 'RedHat' - if fact('operatingsystemmajrelease') == '8' + if fact('os.family') == 'RedHat' + if fact('os.release.major') =~ %r{8|9} is_expected.not_to match(%r{^account\s+required\s+pam_access.so$}) else is_expected.to match(%r{^account\s+required\s+pam_access.so$}) @@ -70,7 +70,7 @@ its(:content) { is_expected.to match(%r{^$|^#}) } end - if fact('osfamily') == 'RedHat' + if fact('os.family') == 'RedHat' && fact('os.release.major') != '9' ['password-auth', 'system-auth'].each do |f| describe file("/etc/pam.d/#{f}-ac") do it { is_expected.to be_file } @@ -85,7 +85,18 @@ end end - if fact('osfamily') == 'Debian' + if fact('os.family') == 'RedHat' && fact('os.release.major') == '9' + ['password-auth', 'system-auth'].each do |f| + describe file("/etc/pam.d/#{f}") do + it { is_expected.to be_file } + it { is_expected.to be_owned_by 'root' } + it { is_expected.to be_grouped_into 'root' } + it { is_expected.to be_mode 644 } + end + end + end + + if fact('os.family') == 'Debian' ['auth', 'account', 'password', 'session', 'session-noninteractive'].each do |f| describe file("/etc/pam.d/common-#{f}") do it { is_expected.to be_file } diff --git a/spec/acceptance/nodesets/debian-11.yml b/spec/acceptance/nodesets/debian-11.yml index 31f9650..b79cad0 100644 --- a/spec/acceptance/nodesets/debian-11.yml +++ b/spec/acceptance/nodesets/debian-11.yml @@ -1,21 +1,24 @@ HOSTS: debian11: roles: - - agent + - agent platform: debian-11-amd64 hypervisor: docker image: debian:11 docker_preserve_image: true docker_cmd: - - '/sbin/init' + - '/sbin/init' docker_image_commands: - - 'apt-get install -y wget net-tools systemd-sysv locales' - - 'rm -f /usr/sbin/policy-rc.d' - - 'echo "LC_ALL=en_US.UTF-8" >> /etc/environment' - - 'echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen' - - 'echo "LANG=en_US.UTF-8" > /etc/locale.conf' - - 'locale-gen en_US.UTF-8' - docker_container_name: 'pam-debian10' + - 'apt-get install -y wget net-tools systemd-sysv locales apt-transport-https ca-certificates' + - 'echo "LC_ALL=en_US.UTF-8" >> /etc/environment' + - 'echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen' + - 'echo "LANG=en_US.UTF-8" > /etc/locale.conf' + - 'locale-gen en_US.UTF-8' + docker_env: + - LANG=en_US.UTF-8 + - LANGUAGE=en_US.UTF-8 + - LC_ALL=en_US.UTF-8 + docker_container_name: 'pam-debian11' CONFIG: log_level: debug type: foss diff --git a/spec/acceptance/nodesets/rocky-8.yml b/spec/acceptance/nodesets/el8.yml similarity index 61% rename from spec/acceptance/nodesets/rocky-8.yml rename to spec/acceptance/nodesets/el8.yml index 5b506e4..d501ac8 100644 --- a/spec/acceptance/nodesets/rocky-8.yml +++ b/spec/acceptance/nodesets/el8.yml @@ -1,17 +1,21 @@ HOSTS: - rocky-8: + el8: roles: - agent platform: el-8-x86_64 hypervisor: docker - image: rockylinux/rockylinux:8 + image: almalinux:8 docker_preserve_image: true docker_cmd: - '/usr/sbin/init' docker_image_commands: - - 'yum install -y dnf-utils' + - 'dnf install -y dnf-utils' - 'dnf config-manager --set-enabled powertools' - - 'yum install -y wget which cronie iproute initscripts' + - 'dnf install -y wget which cronie iproute initscripts' + docker_env: + - LANG=en_US.UTF-8 + - LANGUAGE=en_US.UTF-8 + - LC_ALL=en_US.UTF-8 docker_container_name: 'pam-el8' CONFIG: log_level: debug @@ -19,4 +23,3 @@ CONFIG: ssh: password: root auth_methods: ["password"] - diff --git a/spec/acceptance/nodesets/el9.yml b/spec/acceptance/nodesets/el9.yml new file mode 100644 index 0000000..80ce74b --- /dev/null +++ b/spec/acceptance/nodesets/el9.yml @@ -0,0 +1,25 @@ +HOSTS: + el9: + roles: + - agent + platform: el-9-x86_64 + hypervisor: docker + image: almalinux:9 + docker_preserve_image: true + docker_cmd: + - '/usr/sbin/init' + docker_image_commands: + - 'dnf install -y dnf-utils' + - 'dnf config-manager --set-enabled crb' + - 'dnf install -y wget which cronie iproute initscripts' + docker_env: + - LANG=en_US.UTF-8 + - LANGUAGE=en_US.UTF-8 + - LC_ALL=en_US.UTF-8 + docker_container_name: 'pam-el9' +CONFIG: + log_level: debug + type: foss +ssh: + password: root + auth_methods: ["password"] diff --git a/spec/acceptance/nodesets/ubuntu-2004.yml b/spec/acceptance/nodesets/ubuntu-2004.yml index 0aea371..85a6a33 100644 --- a/spec/acceptance/nodesets/ubuntu-2004.yml +++ b/spec/acceptance/nodesets/ubuntu-2004.yml @@ -8,12 +8,17 @@ HOSTS: docker_preserve_image: true docker_cmd: '["/sbin/init"]' docker_image_commands: - - 'apt-get install -y -q net-tools wget locales' + - "rm -f /etc/dpkg/dpkg.cfg.d/excludes" + - 'apt-get install -y wget net-tools iproute2 locales apt-transport-https ca-certificates' - 'locale-gen en_US.UTF-8' + docker_env: + - LANG=en_US.UTF-8 + - LANGUAGE=en_US.UTF-8 + - LC_ALL=en_US.UTF-8 docker_container_name: 'pam-ubuntu2004' CONFIG: - type: foss log_level: debug + type: foss ssh: password: root auth_methods: ["password"] diff --git a/spec/acceptance/nodesets/ubuntu-1804.yml b/spec/acceptance/nodesets/ubuntu-2204.yml similarity index 50% rename from spec/acceptance/nodesets/ubuntu-1804.yml rename to spec/acceptance/nodesets/ubuntu-2204.yml index c88143e..3e70653 100644 --- a/spec/acceptance/nodesets/ubuntu-1804.yml +++ b/spec/acceptance/nodesets/ubuntu-2204.yml @@ -1,21 +1,24 @@ HOSTS: - ubuntu1804: + ubuntu2204: roles: - agent - platform: ubuntu-18.04-amd64 + platform: ubuntu-22.04-amd64 hypervisor : docker - image: ubuntu:18.04 + image: ubuntu:22.04 docker_preserve_image: true docker_cmd: '["/sbin/init"]' docker_image_commands: - "rm -f /etc/dpkg/dpkg.cfg.d/excludes" - - 'apt-get install -y wget net-tools locales apt-transport-https ca-certificates' + - 'apt-get install -y wget net-tools iproute2 locales apt-transport-https ca-certificates' - 'locale-gen en_US.UTF-8' - docker_container_name: 'pam-ubuntu1804' + docker_env: + - LANG=en_US.UTF-8 + - LANGUAGE=en_US.UTF-8 + - LC_ALL=en_US.UTF-8 + docker_container_name: 'pam-ubuntu2204' CONFIG: log_level: debug type: foss ssh: password: root auth_methods: ["password"] - diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index 83699cf..40591fa 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -61,7 +61,7 @@ end end - if %r{solaris}.match?(os_id) + if os_id.include?('solaris') it { is_expected.not_to contain_file('pam_d_login') } it { is_expected.not_to contain_file('pam_d_sshd') } else @@ -88,7 +88,7 @@ end end - unless %r{solaris}.match?(os_id) + unless os_id.include?('solaris') it { is_expected.to contain_class('pam::accesslogin') } it { is_expected.to contain_class('pam::limits') } end @@ -135,7 +135,7 @@ |-:ALL:ALL END - if %r{solaris}.match?(os_id) + if os_id.include?('solaris') it { is_expected.not_to contain_file('access_conf') } else it { is_expected.to contain_file('access_conf').with_content(file_header + content) } @@ -168,7 +168,7 @@ |session_line2 END - if %r{solaris}.match?(os_id) + if os_id.include?('solaris') it { is_expected.not_to contain_file('pam_d_sshd') } else it { is_expected.to contain_file('pam_d_sshd').with_content(sshd_custom_content) } @@ -196,7 +196,7 @@ context 'with login_pam_access => absent' do let(:params) { { login_pam_access: 'absent' } } - unless %r{solaris}.match?(os_id) + unless os_id.include?('solaris') it { is_expected.to contain_file('pam_d_login').without_content(%r{^account.*pam_access.so$}) } end end @@ -204,19 +204,19 @@ context 'with sshd_pam_access => absent' do let(:params) { { sshd_pam_access: 'absent' } } - unless %r{solaris}.match?(os_id) + unless os_id.include?('solaris') it { is_expected.to contain_file('pam_d_sshd').without_content(%r{^account.*pam_access.so$}) } end end context 'with password_auth_ac => path' do - if %r{redhat-5}.match?(os_id) + if os_id.include?('redhat-5') it { is_expected.not_to contain_file('password_auth_ac') } end end context 'with password_auth_ac_file => path' do - if %r{redhat-5}.match?(os_id) + if os_id.include?('redhat-5') it { is_expected.not_to contain_file('password_auth_ac_file') } end end @@ -224,9 +224,9 @@ context 'with pam_d_login_oracle_options set to valid array' do let(:params) { { pam_d_login_oracle_options: [ 'session required pam_spectest.so', 'session optional pam_spectest.so' ] } } - if %r{redhat-5}.match?(os_id) + if os_id.include?('redhat-5') it { is_expected.to contain_file('pam_d_login').with_content(%r{^# oracle options\nsession required pam_spectest.so\nsession optional pam_spectest.so$}) } - elsif %r{solaris}.match?(os_id) + elsif os_id.include?('solaris') it { is_expected.not_to contain_file('pam_d_login') } else it { is_expected.to contain_file('pam_d_login').without_content(%r{^# oracle options\nsession required pam_spectest.so\nsession optional pam_spectest.so$}) }