Gabriel Nagy [Wed, 27 May 2020 14:01:20 +0000 (17:01 +0300)]
(PUP-10510) Fix sshkeys not being correctly purged
After adding support for composite namevars in version 2.0.0, the module
lost the ability to purge sshkeys. This happens due to Puppet being
unable to correctly match the names and types of the sshkeys to be
purged.
Part of the fix was done in
https://github.com/puppetlabs/puppet/pull/8174, which changes how a
resource is initialized if the provider implements a `title` method.
Additionally, we add the key name and type to be included in the output
shown by `puppet resource`.
Gabriel Nagy [Tue, 13 Aug 2019 09:41:03 +0000 (12:41 +0300)]
(MODULES-9578) Create authorized_key in root path
Previously, when the `target` property was set, the ssh_authorized_key
resource could not create directories/files within root-owned paths.
This behavior is due to the module switching context to the user, then
attempting to create the directory/file as the specified user,
ultimately failing because of insufficient permissions.
This commit adds a new parameter, `drop_privileges` which when set to
false allows the module to write a ssh_authorized_key file in a
privileged path. Due to the possible security implications of this,
the parameter must be manually specified in order to activate this
functionality.
A path is considered to be privileged/trusted if all of its ancestors:
- do not contain any symlinks
- have the same owner as the user who runs Puppet
- are not world/group writable
Josh Cooper [Wed, 28 Nov 2018 00:49:54 +0000 (16:49 -0800)]
Account for pre-5 behavior
In Puppet4, the Report class requires a kind argument. Also the is_to_s
and should_to_s methods returned an array of strings and a flattened
array as a string. That behavior was changed in PUP-7616 (commit c14b28f9c427) so that both methods return a string as the name
implies.
Nate McCurdy [Wed, 31 Oct 2018 16:32:09 +0000 (09:32 -0700)]
ssh_authorzed_key: Fix invalid 'options' error
Prior to this, the example of a valid "options" value for the
ssh_authorized_key type was syntactically incorrect; it did not include
the closing single quote.
Example of incorrect error message:
```
Error: Parameter options failed on Ssh_authorized_key[testkey]: Option from=foo.com is not valid. A single option must either be of the form 'option' or 'option="value". Multiple options must be provided as an array (file: /tmp/test.pp, line: 5)
```
After this, the error shows the correct syntax for specifying an option:
```
Error: Parameter options failed on Ssh_authorized_key[testkey]: Option from=foo.com is not valid. A single option must either be of the form 'option' or 'option="value"'. Multiple options must be provided as an array (file: /tmp/test.pp, line: 5)
```
Rob Thomas [Mon, 8 Oct 2018 02:03:59 +0000 (12:03 +1000)]
Document 'options' param of ssh_authorized_key
I ended up having to trawl through the source code to figure out how to do this, so
I'm sure that someone ELSE would like to save their time by having it documented!
Jacob Helwig [Tue, 24 Jul 2018 16:46:02 +0000 (09:46 -0700)]
(maint) Import the User type unit tests specific to ssh_authorized_keys
Since these tests require both the User & Ssh_authorized_keys types are
available, they are unlikely to be run as part of the Puppet test suite as
this module is unlikely to be installed & available to Puppet's test
suite. By moving the tests into this module, we can ensure that they're at
least run as part of development of the module.
Jacob Helwig [Mon, 2 Jul 2018 17:07:18 +0000 (10:07 -0700)]
Remove test blocked on ticket marked as "Won't Do"
Since PUP-1605 was closed as "Won't Do", there doesn't seem to be much
reason in keeping around an acceptance test (even if it is a pending one)
that tests the scenario that PUP-1605 would have allowed.
Jacob Helwig [Tue, 26 Jun 2018 17:40:18 +0000 (10:40 -0700)]
Update Travis config to test against Puppet 5 & modern Ruby
Rather than using the default config of testing against Puppet 4, and an
old Ruby version, we now run the spec tests against Puppet 5, and a
version of Ruby that is supported by Puppet 5.
Jacob Helwig [Mon, 25 Jun 2018 16:39:09 +0000 (09:39 -0700)]
Disable Rubocop Metrics/LineLength check for SSH key lines
SSH keys are long, and splitting them into multiple lines can be
error-prone, so we'll just disable the Metrics/LineLength check for lines
that are SSH keys.
Jacob Helwig [Mon, 25 Jun 2018 16:08:53 +0000 (09:08 -0700)]
Fix duplicate test removing RSpec/RepeatedExample violation
The "array host_alias" test was never actually testing against a list of
host aliases, as it was using the exact same code as the "single
host_alias" test. We now test against an actual array of host aliases in
the manifest, and check that it is properly written out to the file.
projects / puppet-sshkeys_core.git / log