├── .coveralls.yml ├── spec ├── fixtures │ └── unit │ │ └── puppet │ │ └── provider │ │ └── puppet_auth │ │ └── augeas │ │ ├── empty │ │ ├── broken │ │ └── full ├── spec_helper_acceptance.rb ├── spec_helper.rb └── unit │ └── puppet │ └── provider │ └── puppet_auth │ └── augeas_spec.rb ├── .gitmodules ├── .fixtures.yml ├── .msync.yml ├── .github ├── labeler.yml ├── workflows │ ├── labeler.yml │ ├── ci.yml │ ├── release.yml │ └── prepare_release.yml ├── PULL_REQUEST_TEMPLATE.md ├── ISSUE_TEMPLATE.md └── release.yml ├── .puppet-lint.rc ├── .rubocop.yml ├── .editorconfig ├── .gitignore ├── .sync.yml ├── .pmtignore ├── Gemfile ├── Rakefile ├── .travis.sh ├── .rubocop_todo.yml ├── .overcommit.yml ├── metadata.json ├── lib └── puppet │ ├── type │ └── puppet_auth.rb │ └── provider │ └── puppet_auth │ └── augeas.rb ├── CHANGELOG.md ├── README.md └── LICENSE /.coveralls.yml: -------------------------------------------------------------------------------- 1 | service_name: travis-ci 2 | -------------------------------------------------------------------------------- /spec/fixtures/unit/puppet/provider/puppet_auth/augeas/empty: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /spec/fixtures/unit/puppet/provider/puppet_auth/augeas/broken: -------------------------------------------------------------------------------- 1 | ; 2 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "augeas"] 2 | path = augeas 3 | url = git://github.com/hercules-team/augeas.git 4 | -------------------------------------------------------------------------------- /.fixtures.yml: -------------------------------------------------------------------------------- 1 | --- 2 | fixtures: 3 | repositories: 4 | augeasproviders_core: https://github.com/voxpupuli/puppet-augeasproviders_core.git 5 | -------------------------------------------------------------------------------- /.msync.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Managed by modulesync - DO NOT EDIT 3 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 4 | 5 | modulesync_config_version: '10.4.0' 6 | -------------------------------------------------------------------------------- /.github/labeler.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Managed by modulesync - DO NOT EDIT 3 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 4 | 5 | skip-changelog: 6 | - head-branch: ['^release-*', 'release'] 7 | -------------------------------------------------------------------------------- /.puppet-lint.rc: -------------------------------------------------------------------------------- 1 | # Managed by modulesync - DO NOT EDIT 2 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 3 | 4 | --fail-on-warnings 5 | --no-parameter_documentation-check 6 | --no-parameter_types-check 7 | -------------------------------------------------------------------------------- /.rubocop.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Managed by modulesync - DO NOT EDIT 3 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 4 | 5 | inherit_from: .rubocop_todo.yml 6 | inherit_gem: 7 | voxpupuli-test: rubocop.yml 8 | -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | # editorconfig.org 2 | 3 | # Managed by modulesync - DO NOT EDIT 4 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 5 | 6 | root = true 7 | 8 | [*] 9 | charset = utf-8 10 | end_of_line = lf 11 | indent_size = 2 12 | tab_width = 2 13 | indent_style = space 14 | insert_final_newline = true 15 | trim_trailing_whitespace = true 16 | -------------------------------------------------------------------------------- /spec/spec_helper_acceptance.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | # Managed by modulesync - DO NOT EDIT 4 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 5 | 6 | require 'voxpupuli/acceptance/spec_helper_acceptance' 7 | 8 | configure_beaker(modules: :metadata) 9 | 10 | Dir['./spec/support/acceptance/**/*.rb'].sort.each { |f| require f } 11 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Managed by modulesync - DO NOT EDIT 2 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 3 | 4 | /pkg/ 5 | /Gemfile.lock 6 | /Gemfile.local 7 | /vendor/ 8 | /.vendor/ 9 | /spec/fixtures/manifests/ 10 | /spec/fixtures/modules/ 11 | /.vagrant/ 12 | /.bundle/ 13 | /.ruby-version 14 | /coverage/ 15 | /log/ 16 | /.idea/ 17 | /.dependencies/ 18 | /.librarian/ 19 | /Puppetfile.lock 20 | *.iml 21 | .*.sw? 22 | /.yardoc/ 23 | /Guardfile 24 | bolt-debug.log 25 | .rerun.json 26 | -------------------------------------------------------------------------------- /.github/workflows/labeler.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Managed by modulesync - DO NOT EDIT 3 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 4 | 5 | name: "Pull Request Labeler" 6 | 7 | # yamllint disable-line rule:truthy 8 | on: 9 | pull_request_target: {} 10 | 11 | permissions: 12 | contents: read 13 | pull-requests: write 14 | 15 | jobs: 16 | labeler: 17 | permissions: 18 | contents: read 19 | pull-requests: write 20 | runs-on: ubuntu-latest 21 | steps: 22 | - uses: actions/labeler@v5 23 | -------------------------------------------------------------------------------- /.sync.yml: -------------------------------------------------------------------------------- 1 | --- 2 | .github/workflows/ci.yml: 3 | with: 4 | additional_packages: libaugeas-dev augeas-tools 5 | rubocop: false 6 | Gemfile: 7 | optional: 8 | ':test': 9 | - gem: ruby-augeas 10 | spec/spec_helper.rb: 11 | spec_overrides: 12 | - "require 'fixtures/modules/augeasproviders_core/spec/support/spec/psh_fixtures'" 13 | - "require 'augeas_spec'" 14 | - "# augeasproviders: setting $LOAD_PATH to work around broken type autoloading" 15 | - "$LOAD_PATH.unshift(File.join(__dir__, 'fixtures/modules/augeasproviders_core/lib'))" 16 | spec/spec_helper_acceptance.rb: 17 | unmanaged: false 18 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | 9 | #### Pull Request (PR) description 10 | 13 | 14 | #### This Pull Request (PR) fixes the following issues 15 | 21 | -------------------------------------------------------------------------------- /.github/workflows/ci.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Managed by modulesync - DO NOT EDIT 3 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 4 | 5 | name: CI 6 | 7 | # yamllint disable-line rule:truthy 8 | on: 9 | pull_request: {} 10 | push: 11 | branches: 12 | - main 13 | - master 14 | 15 | concurrency: 16 | group: ${{ github.ref_name }} 17 | cancel-in-progress: true 18 | 19 | permissions: 20 | contents: read 21 | 22 | jobs: 23 | puppet: 24 | name: Puppet 25 | uses: voxpupuli/gha-puppet/.github/workflows/basic.yml@v4 26 | with: 27 | additional_packages: 'libaugeas-dev augeas-tools' 28 | rubocop: false 29 | -------------------------------------------------------------------------------- /.pmtignore: -------------------------------------------------------------------------------- 1 | # Managed by modulesync - DO NOT EDIT 2 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 3 | 4 | /docs/ 5 | /pkg/ 6 | /Gemfile 7 | /Gemfile.lock 8 | /Gemfile.local 9 | /vendor/ 10 | /.vendor/ 11 | /spec/ 12 | /Rakefile 13 | /.vagrant/ 14 | /.bundle/ 15 | /.ruby-version 16 | /coverage/ 17 | /log/ 18 | /.idea/ 19 | /.dependencies/ 20 | /.github/ 21 | /.librarian/ 22 | /Puppetfile.lock 23 | /Puppetfile 24 | *.iml 25 | /.editorconfig 26 | /.fixtures.yml 27 | /.gitignore 28 | /.msync.yml 29 | /.overcommit.yml 30 | /.pmtignore 31 | /.rspec 32 | /.rspec_parallel 33 | /.rubocop.yml 34 | /.sync.yml 35 | .*.sw? 36 | /.yardoc/ 37 | /.yardopts 38 | /Dockerfile 39 | /HISTORY.md 40 | -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Managed by modulesync - DO NOT EDIT 3 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 4 | 5 | name: Release 6 | 7 | # yamllint disable-line rule:truthy 8 | on: 9 | push: 10 | tags: 11 | - '*' 12 | 13 | permissions: 14 | contents: write 15 | 16 | jobs: 17 | release: 18 | name: Release 19 | uses: voxpupuli/gha-puppet/.github/workflows/release.yml@v3 20 | with: 21 | allowed_owner: 'voxpupuli' 22 | secrets: 23 | # Configure secrets here: 24 | # https://docs.github.com/en/actions/security-guides/encrypted-secrets 25 | username: ${{ secrets.PUPPET_FORGE_USERNAME }} 26 | api_key: ${{ secrets.PUPPET_FORGE_API_KEY }} 27 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | 10 | 11 | ## Affected Puppet, Ruby, OS and module versions/distributions 12 | 13 | - Puppet: 14 | - Ruby: 15 | - Distribution: 16 | - Module version: 17 | 18 | ## How to reproduce (e.g Puppet code you use) 19 | 20 | ## What are you seeing 21 | 22 | ## What behaviour did you expect instead 23 | 24 | ## Output log 25 | 26 | ## Any additional information you'd like to impart 27 | -------------------------------------------------------------------------------- /.github/workflows/prepare_release.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Managed by modulesync - DO NOT EDIT 3 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 4 | 5 | name: 'Prepare Release' 6 | 7 | on: 8 | workflow_dispatch: 9 | inputs: 10 | version: 11 | description: 'Module version to be released. Must be a valid semver string without leading v. (1.2.3)' 12 | required: false 13 | 14 | permissions: 15 | contents: write 16 | pull-requests: write 17 | 18 | jobs: 19 | release_prep: 20 | uses: 'voxpupuli/gha-puppet/.github/workflows/prepare_release.yml@v3' 21 | with: 22 | version: ${{ github.event.inputs.version }} 23 | allowed_owner: 'voxpupuli' 24 | secrets: 25 | # Configure secrets here: 26 | # https://docs.github.com/en/actions/security-guides/encrypted-secrets 27 | github_pat: '${{ secrets.PCCI_PAT_RELEASE_PREP }}' 28 | -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | # Managed by modulesync - DO NOT EDIT 2 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 3 | 4 | source ENV['GEM_SOURCE'] || 'https://rubygems.org' 5 | 6 | group :test do 7 | gem 'voxpupuli-test', '~> 13.0', :require => false 8 | gem 'puppet_metadata', '~> 5.0', :require => false 9 | gem 'ruby-augeas', :require => false 10 | end 11 | 12 | group :development do 13 | gem 'guard-rake', :require => false 14 | gem 'overcommit', '>= 0.39.1', :require => false 15 | end 16 | 17 | group :system_tests do 18 | gem 'voxpupuli-acceptance', '~> 4.0', :require => false 19 | end 20 | 21 | group :release do 22 | gem 'voxpupuli-release', '~> 5.0', :require => false 23 | end 24 | 25 | gem 'rake', :require => false 26 | 27 | gem 'openvox', ENV.fetch('OPENVOX_GEM_VERSION', [">= 7", "< 9"]), :require => false, :groups => [:test] 28 | 29 | # vim: syntax=ruby 30 | -------------------------------------------------------------------------------- /.github/release.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Managed by modulesync - DO NOT EDIT 3 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 4 | 5 | # https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes 6 | 7 | changelog: 8 | exclude: 9 | labels: 10 | - duplicate 11 | - invalid 12 | - modulesync 13 | - question 14 | - skip-changelog 15 | - wont-fix 16 | - wontfix 17 | 18 | categories: 19 | - title: Breaking Changes 🛠 20 | labels: 21 | - backwards-incompatible 22 | 23 | - title: New Features 🎉 24 | labels: 25 | - enhancement 26 | 27 | - title: Bug Fixes 🐛 28 | labels: 29 | - bug 30 | 31 | - title: Documentation Updates 📚 32 | labels: 33 | - documentation 34 | - docs 35 | 36 | - title: Dependency Updates ⬆️ 37 | labels: 38 | - dependencies 39 | 40 | - title: Other Changes 41 | labels: 42 | - "*" 43 | -------------------------------------------------------------------------------- /Rakefile: -------------------------------------------------------------------------------- 1 | # Managed by modulesync - DO NOT EDIT 2 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 3 | 4 | begin 5 | require 'voxpupuli/test/rake' 6 | rescue LoadError 7 | # only available if gem group test is installed 8 | end 9 | 10 | begin 11 | require 'voxpupuli/acceptance/rake' 12 | rescue LoadError 13 | # only available if gem group acceptance is installed 14 | end 15 | 16 | begin 17 | require 'voxpupuli/release/rake_tasks' 18 | rescue LoadError 19 | # only available if gem group releases is installed 20 | else 21 | GCGConfig.user = 'voxpupuli' 22 | GCGConfig.project = 'puppet-augeasproviders_puppet' 23 | end 24 | 25 | desc "Run main 'test' task and report merged results to coveralls" 26 | task test_with_coveralls: [:test] do 27 | if Dir.exist?(File.expand_path('../lib', __FILE__)) 28 | require 'coveralls/rake/task' 29 | Coveralls::RakeTask.new 30 | Rake::Task['coveralls:push'].invoke 31 | else 32 | puts 'Skipping reporting to coveralls. Module has no lib dir' 33 | end 34 | end 35 | 36 | # vim: syntax=ruby 37 | -------------------------------------------------------------------------------- /spec/spec_helper.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | # Managed by modulesync - DO NOT EDIT 4 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 5 | 6 | # puppetlabs_spec_helper will set up coverage if the env variable is set. 7 | # We want to do this if lib exists and it hasn't been explicitly set. 8 | ENV['COVERAGE'] ||= 'yes' if Dir.exist?(File.expand_path('../lib', __dir__)) 9 | 10 | require 'voxpupuli/test/spec_helper' 11 | 12 | RSpec.configure do |c| 13 | c.facterdb_string_keys = false 14 | end 15 | 16 | add_mocked_facts! 17 | 18 | if File.exist?(File.join(__dir__, 'default_module_facts.yml')) 19 | facts = YAML.safe_load(File.read(File.join(__dir__, 'default_module_facts.yml'))) 20 | facts&.each do |name, value| 21 | add_custom_fact name.to_sym, value 22 | end 23 | end 24 | 25 | require 'fixtures/modules/augeasproviders_core/spec/support/spec/psh_fixtures' 26 | 27 | require 'augeas_spec' 28 | 29 | # augeasproviders: setting $LOAD_PATH to work around broken type autoloading 30 | 31 | $LOAD_PATH.unshift(File.join(__dir__, 'fixtures/modules/augeasproviders_core/lib')) 32 | Dir['./spec/support/spec/**/*.rb'].sort.each { |f| require f } 33 | -------------------------------------------------------------------------------- /.travis.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -xe 3 | 4 | # Clone submodules in tree 5 | git submodule update --init 6 | 7 | if [ -z $AUGEAS ]; then 8 | # Use latest version of lenses 9 | cd augeas && git pull origin master 10 | PKG_VERSION="" 11 | else 12 | if [ -z $LENSES ]; then 13 | # Use matching version of lenses 14 | cd augeas && git fetch && git checkout release-${AUGEAS} 15 | else 16 | cd augeas && git fetch && git checkout $LENSES 17 | fi 18 | 19 | PKG_VERSION="=${AUGEAS}*" 20 | # Add PPA 21 | sudo add-apt-repository -y ppa:raphink/augeas-1.0.0 22 | sudo add-apt-repository -y ppa:raphink/augeas-1.1.0 23 | sudo add-apt-repository -y ppa:raphink/augeas-1.2.0 24 | sudo add-apt-repository -y ppa:raphink/augeas-1.3.0 25 | fi 26 | sudo add-apt-repository -y ppa:raphink/augeas 27 | sudo apt-get update 28 | sudo apt-get install augeas-tools${PKG_VERSION} \ 29 | augeas-lenses${PKG_VERSION} \ 30 | libaugeas0${PKG_VERSION} \ 31 | libaugeas-dev${PKG_VERSION} \ 32 | libxml2-dev 33 | 34 | # Install gems 35 | gem install bundler 36 | bundle install 37 | 38 | # Reporting only 39 | bundle show 40 | puppet --version 41 | augtool --version 42 | -------------------------------------------------------------------------------- /.rubocop_todo.yml: -------------------------------------------------------------------------------- 1 | # This configuration was generated by 2 | # `rubocop --auto-gen-config` 3 | # on 2023-08-17 21:29:56 UTC using RuboCop version 1.50.2. 4 | # The point is for the user to remove these configuration records 5 | # one by one as the offenses are removed from the code base. 6 | # Note that changes in the inspected code, or installation of new 7 | # versions of RuboCop, may require this file to be generated again. 8 | 9 | # Offense count: 1 10 | # Configuration parameters: AllowedMethods. 11 | # AllowedMethods: enums 12 | Lint/ConstantDefinitionInBlock: 13 | Exclude: 14 | - 'lib/puppet/provider/puppet_auth/augeas.rb' 15 | 16 | # Offense count: 2 17 | # This cop supports unsafe autocorrection (--autocorrect-all). 18 | RSpec/BeEq: 19 | Exclude: 20 | - 'spec/unit/puppet/provider/puppet_auth/augeas_spec.rb' 21 | 22 | # Offense count: 2 23 | # Configuration parameters: AssignmentOnly. 24 | RSpec/InstanceVariable: 25 | Exclude: 26 | - 'spec/unit/puppet/provider/puppet_auth/augeas_spec.rb' 27 | 28 | # Offense count: 2 29 | # Configuration parameters: AllowedChars. 30 | # AllowedChars: © 31 | Style/AsciiComments: 32 | Exclude: 33 | - 'lib/puppet/provider/puppet_auth/augeas.rb' 34 | - 'lib/puppet/type/puppet_auth.rb' 35 | -------------------------------------------------------------------------------- /spec/fixtures/unit/puppet/provider/puppet_auth/augeas/full: -------------------------------------------------------------------------------- 1 | ### Authenticated ACL - those applies only when the client 2 | ### has a valid certificate and is thus authenticated 3 | 4 | # allow nodes to retrieve their own catalog (ie their configuration) 5 | path ~ ^/catalog/([^/]+)$ 6 | method find 7 | allow $1 8 | 9 | # allow nodes to retrieve their own node definition 10 | path ~ ^/node/([^/]+)$ 11 | method find 12 | allow $1 13 | 14 | # allow all nodes to access the certificates services 15 | path /certificate_revocation_list/ca 16 | method find 17 | allow * 18 | 19 | # allow all nodes to store their reports 20 | path /report 21 | method save 22 | allow * 23 | 24 | # inconditionnally allow access to all files services 25 | # which means in practice that fileserver.conf will 26 | # still be used 27 | path /file 28 | allow * 29 | 30 | ### Unauthenticated ACL, for clients for which the current master doesn't 31 | ### have a valid certificate; we allow authenticated users, too, because 32 | ### there isn't a great harm in letting that request through. 33 | 34 | # allow access to the master CA 35 | path /certificate/ca 36 | auth any 37 | method find 38 | allow * 39 | 40 | path /certificate/ 41 | auth any 42 | method find 43 | allow * 44 | 45 | path /certificate_request 46 | auth any 47 | method find, save 48 | allow * 49 | 50 | # this one is not stricly necessary, but it has the merit 51 | # to show the default policy which is deny everything else 52 | path / 53 | auth any 54 | -------------------------------------------------------------------------------- /.overcommit.yml: -------------------------------------------------------------------------------- 1 | # Managed by modulesync - DO NOT EDIT 2 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 3 | # 4 | # Hooks are only enabled if you take action. 5 | # 6 | # To enable the hooks run: 7 | # 8 | # ``` 9 | # bundle exec overcommit --install 10 | # # ensure .overcommit.yml does not harm to you and then 11 | # bundle exec overcommit --sign 12 | # ``` 13 | # 14 | # (it will manage the .git/hooks directory): 15 | # 16 | # Examples howto skip a test for a commit or push: 17 | # 18 | # ``` 19 | # SKIP=RuboCop git commit 20 | # SKIP=PuppetLint git commit 21 | # SKIP=RakeTask git push 22 | # ``` 23 | # 24 | # Don't invoke overcommit at all: 25 | # 26 | # ``` 27 | # OVERCOMMIT_DISABLE=1 git commit 28 | # ``` 29 | # 30 | # Read more about overcommit: https://github.com/brigade/overcommit 31 | # 32 | # To manage this config yourself in your module add 33 | # 34 | # ``` 35 | # .overcommit.yml: 36 | # unmanaged: true 37 | # ``` 38 | # 39 | # to your modules .sync.yml config 40 | --- 41 | PreCommit: 42 | RuboCop: 43 | enabled: true 44 | description: 'Runs rubocop on modified files only' 45 | command: ['bundle', 'exec', 'rubocop'] 46 | RakeTarget: 47 | enabled: true 48 | description: 'Runs lint on modified files only' 49 | targets: 50 | - 'lint' 51 | command: ['bundle', 'exec', 'rake'] 52 | YamlSyntax: 53 | enabled: true 54 | JsonSyntax: 55 | enabled: true 56 | TrailingWhitespace: 57 | enabled: true 58 | 59 | PrePush: 60 | RakeTarget: 61 | enabled: true 62 | description: 'Run rake targets' 63 | targets: 64 | - 'validate' 65 | - 'test' 66 | - 'rubocop' 67 | command: ['bundle', 'exec', 'rake'] 68 | -------------------------------------------------------------------------------- /metadata.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "puppet-augeasproviders_puppet", 3 | "version": "3.0.1-rc0", 4 | "author": "Vox Pupuli", 5 | "summary": "Augeas-based Puppet configuration files types and providers for Puppet", 6 | "license": "Apache-2.0", 7 | "source": "https://github.com/puppet/augeasproviders_puppet", 8 | "project_page": "https://github.com/puppet/augeasproviders_puppet", 9 | "issues_url": "https://github.com/puppet/augeasproviders_puppet/issues", 10 | "description": "This module provides types/providers for Puppet configuration files using the Augeas configuration API library.", 11 | "dependencies": [ 12 | { 13 | "name": "puppet/augeasproviders_core", 14 | "version_requirement": ">=2.4.0 <5.0.0" 15 | } 16 | ], 17 | "operatingsystem_support": [ 18 | { 19 | "operatingsystem": "Debian", 20 | "operatingsystemrelease": [ 21 | "7", 22 | "8", 23 | "9" 24 | ] 25 | }, 26 | { 27 | "operatingsystem": "Ubuntu", 28 | "operatingsystemrelease": [ 29 | "14.04", 30 | "16.04", 31 | "18.04", 32 | "18.10", 33 | "20.04", 34 | "22.04" 35 | ] 36 | }, 37 | { 38 | "operatingsystem": "RedHat", 39 | "operatingsystemrelease": [ 40 | "6", 41 | "7" 42 | ] 43 | }, 44 | { 45 | "operatingsystem": "CentOS", 46 | "operatingsystemrelease": [ 47 | "6", 48 | "7" 49 | ] 50 | }, 51 | { 52 | "operatingsystem": "OracleLinux", 53 | "operatingsystemrelease": [ 54 | "6", 55 | "7" 56 | ] 57 | } 58 | ], 59 | "requirements": [ 60 | { 61 | "name": "openvox", 62 | "version_requirement": ">= 8.19.0 < 9.0.0" 63 | } 64 | ] 65 | } 66 | -------------------------------------------------------------------------------- /lib/puppet/type/puppet_auth.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | # Manages settings in Puppet's auth.conf file 4 | # 5 | # Copyright (c) 2012 Raphaël Pinson 6 | # Licensed under the Apache License, Version 2.0 7 | 8 | Puppet::Type.newtype(:puppet_auth) do 9 | @doc = "Manages settings in Puppet's auth.conf." 10 | 11 | ensurable 12 | 13 | def munge_boolean(value) 14 | case value 15 | when true, 'true', :true 16 | :true 17 | when false, 'false', :false 18 | :false 19 | else 20 | raise('munge_boolean only takes booleans') 21 | end 22 | end 23 | 24 | newparam(:name) do 25 | desc 'The name of the resource.' 26 | isnamevar 27 | end 28 | 29 | newparam(:path) do 30 | desc 'The path for the auth rule.' 31 | end 32 | 33 | newparam(:path_regex, boolean: true) do 34 | desc 'Whether the path is specified as a regex.' 35 | 36 | newvalues(:true, :false) 37 | 38 | munge do |value| 39 | @resource.munge_boolean(value) 40 | end 41 | end 42 | 43 | newparam(:ins_before) do 44 | desc "Optional XPath expression to specify where to insert the auth rule. 45 | 46 | This parameter takes special values working as aliases: 47 | 48 | - `first allow`, mapping to `path[allow][1]`; 49 | - `last allow`, mapping to `path[allow][last()]`; 50 | - `first deny`, mapping to `path[count(allow)=0][1]`; 51 | - `last deny`, mapping to path[count(allow)=0][last()]`" 52 | end 53 | 54 | newparam(:ins_after) do 55 | desc "Optional XPath expression to specify where to insert the auth rule. 56 | 57 | This parameter takes special values working as aliases: 58 | 59 | - `first allow`, mapping to `path[allow][1]`; 60 | - `last allow`, mapping to `path[allow][last()]`; 61 | - `first deny`, mapping to `path[count(allow)=0][1]`; 62 | - `last deny`, mapping to path[count(allow)=0][last()]`" 63 | end 64 | 65 | newproperty(:environments, array_matching: :all) do 66 | desc 'The list of environments the rule applies to.' 67 | end 68 | 69 | newproperty(:methods, array_matching: :all) do 70 | desc "The list of methods the rule applies to. Possible values are: 71 | 72 | - find; 73 | - search; 74 | - save; 75 | - destroy." 76 | end 77 | 78 | newproperty(:allow, array_matching: :all) do 79 | desc "The list of hosts allowed for this rule, 80 | specified by hostname or cername. Regexes are allowed, 81 | as well as the special value `*`." 82 | 83 | validate do |val| 84 | raise ArgumentError, 'The allow parameter cannot be undef' if val == :undef 85 | end 86 | end 87 | 88 | newproperty(:allow_ip, array_matching: :all) do 89 | desc "The list of IPs allowed for this rule. 90 | Requires Puppet 3.0.0 or greater." 91 | end 92 | 93 | newproperty(:authenticated) do 94 | desc "The type of authentication for the rule. Possible values are: 95 | 96 | - yes; 97 | - no; 98 | - on; 99 | - off; 100 | - any." 101 | end 102 | 103 | newparam(:target) do 104 | desc "The file in which to store the settings, defaults to 105 | `/etc/puppet/auth.conf`." 106 | end 107 | 108 | autorequire(:file) do 109 | self[:target] 110 | end 111 | end 112 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | All notable changes to this project will be documented in this file. 4 | Each new release typically also includes the latest modulesync defaults. 5 | These should not affect the functionality of the module. 6 | 7 | ## [v3.0.0](https://github.com/voxpupuli/puppet-augeasproviders_puppet/tree/v3.0.0) (2024-04-09) 8 | 9 | [Full Changelog](https://github.com/voxpupuli/puppet-augeasproviders_puppet/compare/2.2.1...v3.0.0) 10 | 11 | **Breaking changes:** 12 | 13 | - Add Puppet 7 and 8 support; drop Puppet 5 and 6 support [\#8](https://github.com/voxpupuli/puppet-augeasproviders_puppet/pull/8) ([bastelfreak](https://github.com/bastelfreak)) 14 | 15 | **Implemented enhancements:** 16 | 17 | - puppet/augeasproviders\_core: Allow 4.x [\#11](https://github.com/voxpupuli/puppet-augeasproviders_puppet/pull/11) ([zilchms](https://github.com/zilchms)) 18 | - migrate dependency to voxpupuli; puppet/augeasproviders\_core: allow 4.x [\#10](https://github.com/voxpupuli/puppet-augeasproviders_puppet/pull/10) ([zilchms](https://github.com/zilchms)) 19 | - Add ubuntu 20.04 and 22.04 support [\#9](https://github.com/voxpupuli/puppet-augeasproviders_puppet/pull/9) ([zilchms](https://github.com/zilchms)) 20 | 21 | **Merged pull requests:** 22 | 23 | - Metadata: Migrate module to Vox Pupuli [\#13](https://github.com/voxpupuli/puppet-augeasproviders_puppet/pull/13) ([zilchms](https://github.com/zilchms)) 24 | - Update Badges and README [\#12](https://github.com/voxpupuli/puppet-augeasproviders_puppet/pull/12) ([zilchms](https://github.com/zilchms)) 25 | - Fix broken Apache-2 license [\#7](https://github.com/voxpupuli/puppet-augeasproviders_puppet/pull/7) ([bastelfreak](https://github.com/bastelfreak)) 26 | 27 | ## [2.2.1](https://github.com/voxpupuli/puppet-augeasproviders_puppet/tree/2.2.1) (2019-03-01) 28 | 29 | [Full Changelog](https://github.com/voxpupuli/puppet-augeasproviders_puppet/compare/2.2.0...2.2.1) 30 | 31 | ## [2.2.0](https://github.com/voxpupuli/puppet-augeasproviders_puppet/tree/2.2.0) (2019-03-01) 32 | 33 | [Full Changelog](https://github.com/voxpupuli/puppet-augeasproviders_puppet/compare/2.1.1...2.2.0) 34 | 35 | ## [2.1.1](https://github.com/voxpupuli/puppet-augeasproviders_puppet/tree/2.1.1) (2017-10-02) 36 | 37 | [Full Changelog](https://github.com/voxpupuli/puppet-augeasproviders_puppet/compare/2.1.0...2.1.1) 38 | 39 | **Merged pull requests:** 40 | 41 | - Support Puppet 5 [\#5](https://github.com/voxpupuli/puppet-augeasproviders_puppet/pull/5) ([jeefberkey](https://github.com/jeefberkey)) 42 | - Raise exception on missing augeasproviders\_core [\#4](https://github.com/voxpupuli/puppet-augeasproviders_puppet/pull/4) ([igalic](https://github.com/igalic)) 43 | 44 | ## [2.1.0](https://github.com/voxpupuli/puppet-augeasproviders_puppet/tree/2.1.0) (2015-07-15) 45 | 46 | [Full Changelog](https://github.com/voxpupuli/puppet-augeasproviders_puppet/compare/2.0.2...2.1.0) 47 | 48 | **Merged pull requests:** 49 | 50 | - Use Puppet\[:confdir\] instead of static path [\#2](https://github.com/voxpupuli/puppet-augeasproviders_puppet/pull/2) ([raphink](https://github.com/raphink)) 51 | 52 | ## [2.0.2](https://github.com/voxpupuli/puppet-augeasproviders_puppet/tree/2.0.2) (2014-12-09) 53 | 54 | [Full Changelog](https://github.com/voxpupuli/puppet-augeasproviders_puppet/compare/2.0.1...2.0.2) 55 | 56 | ## [2.0.1](https://github.com/voxpupuli/puppet-augeasproviders_puppet/tree/2.0.1) (2014-12-09) 57 | 58 | [Full Changelog](https://github.com/voxpupuli/puppet-augeasproviders_puppet/compare/2.0.0...2.0.1) 59 | 60 | ## [2.0.0](https://github.com/voxpupuli/puppet-augeasproviders_puppet/tree/2.0.0) (2014-08-11) 61 | 62 | [Full Changelog](https://github.com/voxpupuli/puppet-augeasproviders_puppet/compare/a50e49919002129b068e1c0341ca52dc199f83b9...2.0.0) 63 | 64 | 65 | 66 | \* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* 67 | -------------------------------------------------------------------------------- /lib/puppet/provider/puppet_auth/augeas.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | # Alternative Augeas-based providers for Puppet 4 | # 5 | # Copyright (c) 2012 Raphaël Pinson 6 | # Licensed under the Apache License, Version 2.0 7 | 8 | raise('Missing augeasproviders_core dependency') if Puppet::Type.type(:augeasprovider).nil? 9 | 10 | Puppet::Type.type(:puppet_auth).provide(:augeas, parent: Puppet::Type.type(:augeasprovider).provider(:default)) do 11 | desc "Uses Augeas API to update a rule in Puppet's auth.conf." 12 | 13 | INS_ALIASES = { 14 | 'first allow' => 'path[allow][1]', 15 | 'last allow' => 'path[allow][last()]', 16 | 'first deny' => 'path[count(allow)=0][1]', 17 | 'last deny' => 'path[count(allow)=0][last()]', 18 | }.freeze 19 | 20 | default_file { File.join(Puppet[:confdir], 'auth.conf') } 21 | 22 | lens { 'Puppet_Auth.lns' } 23 | 24 | confine feature: :augeas 25 | 26 | resource_path do |resource| 27 | path = resource[:path] 28 | "$target/path[.='#{path}']" 29 | end 30 | 31 | def self.instances 32 | resources = [] 33 | augopen do |aug| 34 | settings = aug.match('$target/path') 35 | 36 | settings.each do |node| 37 | # Set $resource for getters 38 | aug.defvar('resource', node) 39 | 40 | path = aug.get(node) 41 | path_regex = aug.match("#{node}/operator[.='~']").empty? ? :false : :true 42 | environments = attr_aug_reader_environments(aug) 43 | methods = attr_aug_reader_methods(aug) 44 | allow = attr_aug_reader_allow(aug) 45 | allow_ip = attr_aug_reader_allow_ip(aug) 46 | authenticated = attr_aug_reader_authenticated(aug) 47 | name = path_regex == :false ? "Auth rule for #{path}" : "Auth rule matching #{path}" 48 | entry = { ensure: :present, name: name, 49 | path: path, path_regex: path_regex, 50 | environments: environments, methods: methods, 51 | allow: allow, allow_ip: allow_ip, 52 | authenticated: authenticated } 53 | resources << new(entry) if entry[:path] 54 | end 55 | end 56 | resources 57 | end 58 | 59 | def create 60 | apath = resource[:path] 61 | apath_regex = resource[:path_regex] 62 | before = resource[:ins_before] 63 | after = resource[:ins_after] 64 | environments = resource[:environments] 65 | methods = resource[:methods] 66 | allow = resource[:allow] 67 | allow_ip = resource[:allow_ip] 68 | authenticated = resource[:authenticated] 69 | augopen! do |aug| 70 | if before || after 71 | expr = before || after 72 | expr = INS_ALIASES[expr] if INS_ALIASES.key?(expr) 73 | aug.insert("$target/#{expr}", 'path', before ? true : false) 74 | aug.set("$target/path[.='']", apath) 75 | end 76 | 77 | aug.set(resource_path, apath) 78 | # Refresh $resource 79 | setvars(aug) 80 | aug.set('$resource/operator', '~') if apath_regex == :true 81 | attr_aug_writer_environments(aug, environments) 82 | attr_aug_writer_methods(aug, methods) 83 | attr_aug_writer_allow(aug, allow) 84 | attr_aug_writer_allow_ip(aug, allow_ip) 85 | attr_aug_writer_authenticated(aug, authenticated) 86 | end 87 | end 88 | 89 | attr_aug_accessor(:environments, 90 | label: 'environment', 91 | type: :array, 92 | sublabel: :seq, 93 | purge_ident: true) 94 | 95 | attr_aug_accessor(:methods, 96 | label: 'method', 97 | type: :array, 98 | sublabel: :seq, 99 | purge_ident: true) 100 | 101 | attr_aug_accessor(:allow, 102 | type: :array, 103 | sublabel: :seq, 104 | purge_ident: true) 105 | 106 | attr_aug_accessor(:allow_ip, 107 | type: :array, 108 | sublabel: :seq, 109 | purge_ident: true) 110 | 111 | attr_aug_accessor(:authenticated, 112 | label: 'auth', 113 | purge_ident: true) 114 | end 115 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # puppet: types/providers for Puppet files for Puppet 2 | 3 | [![License](https://img.shields.io/github/license/voxpupuli/puppet-augeasproviders_puppet.svg)](https://github.com/voxpupuli/puppet-augeasproviders_puppet/blob/master/LICENSE) 4 | [![Puppet Forge Version](http://img.shields.io/puppetforge/v/puppet/augeasproviders_puppet.svg)](https://forge.puppetlabs.com/puppet/augeasproviders_puppet) 5 | [![Puppet Forge Downloads](http://img.shields.io/puppetforge/dt/puppet/augeasproviders_puppet.svg)](https://forge.puppetlabs.com/puppet/augeasproviders_puppet) 6 | [![Build Status](https://github.com/voxpupuli/puppet-augeasproviders_puppet/workflows/CI/badge.svg)](https://github.com/voxpupuli/puppet-augeasproviders_puppet/actions?query=workflow%3ACI) 7 | [![Donated by Herculesteam](https://img.shields.io/badge/donated%20by-herculesteam-fb7047.svg)](#transfer-notice) 8 | 9 | This module provides a new type/provider for Puppet to read and modify Puppet 10 | config files using the Augeas configuration library. 11 | 12 | The advantage of using Augeas over the default Puppet `parsedfile` 13 | implementations is that Augeas will go to great lengths to preserve file 14 | formatting and comments, while also failing safely when needed. 15 | 16 | This provider will hide *all* of the Augeas commands etc., you don't need to 17 | know anything about Augeas to make use of it. 18 | 19 | ## Requirements 20 | 21 | Ensure both Augeas and ruby-augeas 0.3.0+ bindings are installed and working as 22 | normal. 23 | 24 | See [Puppet/Augeas pre-requisites](http://docs.puppetlabs.com/guides/augeas.html#pre-requisites). 25 | 26 | ## Installing 27 | 28 | On Puppet 2.7.14+, the module can be installed easily ([documentation](http://docs.puppetlabs.com/puppet/latest/reference/modules_installing.html)): 29 | 30 | puppet module install herculesteam/augeasproviders_puppet 31 | 32 | You may see an error similar to this on Puppet 2.x ([#13858](http://projects.puppetlabs.com/issues/13858)): 33 | 34 | Error 400 on SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError: Invalid resource type `puppet_auth` at ... 35 | 36 | Ensure the module is present in your puppetmaster's own environment (it doesn't 37 | have to use it) and that the master has pluginsync enabled. Run the agent on 38 | the puppetmaster to cause the custom types to be synced to its local libdir 39 | (`puppet master --configprint libdir`) and then restart the puppetmaster so it 40 | loads them. 41 | 42 | ## Compatibility 43 | 44 | ### Puppet versions 45 | 46 | Minimum of Puppet 2.7. 47 | 48 | ### Augeas versions 49 | 50 | Augeas Versions | 0.10.0 | 1.0.0 | 1.1.0 | 1.2.0 | 51 | :-------------------------|:-------:|:-------:|:-------:|:-------:| 52 | **PROVIDERS** | 53 | puppet\_auth | **yes** | **yes** | **yes** | **yes** | 54 | 55 | ## Documentation and examples 56 | 57 | Type documentation can be generated with `puppet doc -r type` or viewed on the 58 | [Puppet Forge page](http://forge.puppetlabs.com/herculesteam/augeasproviders_puppet). 59 | 60 | 61 | ### puppet_auth provider 62 | 63 | This is a custom type and provider supplied by `augeasproviders`. 64 | 65 | It requires the `Puppet_Auth.lns` lens, which is provided with versions of Augeas strictly greater than 0.10.0. 66 | 67 | #### manage simple entry 68 | 69 | puppet_auth { 'Deny /facts': 70 | ensure => present, 71 | path => '/facts', 72 | authenticated => 'any', 73 | } 74 | 75 | #### manage regex entry 76 | 77 | puppet_auth { 'Deny ~ ^/facts/([^/]+)$': 78 | ensure => present, 79 | path => '^/facts/([^/]+)$', 80 | path_regex => true, 81 | authenticated => 'any', 82 | } 83 | 84 | #### add multiple environments 85 | 86 | puppet_auth { 'Allow /facts for prod and dev environments from same client': 87 | ensure => present, 88 | path => '/facts', 89 | authenticated => 'any', 90 | allow => '$1', 91 | environments => ['prod', 'dev'], 92 | } 93 | 94 | #### ensure an entry is before a given path 95 | 96 | `ins_after` provides the opposite functionality, so an entry is created after a 97 | given path. 98 | 99 | puppet_auth { 'Allow /facts before first denied rule': 100 | ensure => present, 101 | path => '/facts', 102 | authenticated => 'any', 103 | allow => '*', 104 | ins_before => 'first deny', 105 | } 106 | 107 | #### delete entry 108 | 109 | puppet_auth { 'Remove /facts': 110 | ensure => absent, 111 | path => '/facts', 112 | } 113 | 114 | ## Issues 115 | 116 | Please file any issues or suggestions [on GitHub](https://github.com/hercules-team/augeasproviders_puppet/issues). 117 | 118 | ## Supported OS 119 | 120 | See [metadata.json](metadata.json) for supported OS versions. 121 | 122 | ## Dependencies 123 | 124 | See [metadata.json](metadata.json) for dependencies. 125 | 126 | ## Puppet 127 | 128 | The supported Puppet versions are listed in the [metadata.json](metadata.json) 129 | 130 | ## REFERENCES 131 | 132 | Please see [REFERENCE.md](https://github.com/voxpupuli/puppet-augeasproviders_puppet/blob/master/REFERENCE.md) for more details. 133 | 134 | ## Contributing 135 | 136 | Please report bugs and feature request using [GitHub issue tracker](https://github.com/voxpupuli/puppet-augeasproviders_puppet/issues). 137 | 138 | For pull requests, it is very much appreciated to check your Puppet manifest 139 | with [puppet-lint](https://github.com/puppetlabs/puppet-lint/) to follow the recommended Puppet style guidelines from the 140 | [Puppet Labs style guide](https://www.puppet.com/docs/puppet/latest/style_guide.html). 141 | 142 | ## Transfer Notice 143 | 144 | This plugin was originally authored by [Hercules Team](https://github.com/hercules-team). 145 | The maintainer preferred that Puppet Community take ownership of the module for future improvement and maintenance. 146 | Existing pull requests and issues were transferred over, please fork and continue to contribute here instead of Hercules Team. 147 | -------------------------------------------------------------------------------- /spec/unit/puppet/provider/puppet_auth/augeas_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | provider_class = Puppet::Type.type(:puppet_auth).provider(:augeas) 6 | def valid_lens? 7 | # This lens breaks on Augeas 0.10.0 8 | Puppet::Util::Package.versioncmp(Puppet::Type.type(:puppet_auth).provider(:augeas).aug_version, '0.10.0') > 0 9 | end 10 | 11 | describe provider_class, if: valid_lens? do 12 | before do 13 | allow(FileTest).to receive(:exist?).and_return(false) 14 | allow(FileTest).to receive(:exist?).with('/etc/puppet/auth.conf').and_return(true) 15 | end 16 | 17 | context 'with empty file' do 18 | let(:tmptarget) { aug_fixture('empty') } 19 | let(:target) { tmptarget.path } 20 | 21 | it 'creates simple new entry' do 22 | apply!(Puppet::Type.type(:puppet_auth).new( 23 | name: '/facts rule', 24 | path: '/facts', 25 | authenticated: 'any', 26 | target: target, 27 | provider: 'augeas', 28 | ensure: 'present' 29 | )) 30 | 31 | aug_open(target, 'Puppet_Auth.lns') do |aug| 32 | expect(aug.match('path').size).to eq(1) 33 | expect(aug.get('path')).to eq('/facts') 34 | expect(aug.match('path/operator').size).to eq(0) 35 | expect(aug.get('path/auth')).to eq('any') 36 | end 37 | end 38 | end 39 | 40 | context 'with full file' do 41 | let(:tmptarget) { aug_fixture('full') } 42 | let(:target) { tmptarget.path } 43 | 44 | it 'lists instances' do 45 | allow(provider_class).to receive(:target).and_return(target) 46 | inst = provider_class.instances.map do |p| 47 | { 48 | name: p.get(:name), 49 | ensure: p.get(:ensure), 50 | path: p.get(:path), 51 | path_regex: p.get(:path_regex), 52 | environments: p.get(:environments), 53 | methods: p.get(:methods), 54 | allow: p.get(:allow), 55 | allow_ip: p.get(:allow_ip), 56 | authenticated: p.get(:authenticated), 57 | } 58 | end 59 | 60 | expect(inst.size).to eq(9) 61 | expect(inst[0]).to eq({ path_regex: :true, methods: ['find'], environments: [], authenticated: :absent, allow: ['$1'], allow_ip: [], ensure: :present, name: 'Auth rule matching ^/catalog/([^/]+)$', path: '^/catalog/([^/]+)$' }) 62 | expect(inst[2]).to eq({ path_regex: :false, methods: ['find'], environments: [], authenticated: :absent, allow: ['*'], allow_ip: [], ensure: :present, name: 'Auth rule for /certificate_revocation_list/ca', path: '/certificate_revocation_list/ca' }) 63 | expect(inst[7]).to eq({ path_regex: :false, methods: %w[find save], environments: [], authenticated: 'any', allow: ['*'], allow_ip: [], ensure: :present, name: 'Auth rule for /certificate_request', path: '/certificate_request' }) 64 | end 65 | 66 | describe 'when creating settings' do 67 | it 'creates a simple new entry' do 68 | apply!(Puppet::Type.type(:puppet_auth).new( 69 | name: '/facts before first deny', 70 | path: '/facts', 71 | environments: %w[staging stable], 72 | methods: 'find', 73 | authenticated: 'any', 74 | ins_before: 'first deny', 75 | target: target, 76 | provider: 'augeas', 77 | ensure: 'present' 78 | )) 79 | 80 | aug_open(target, 'Puppet_Auth.lns') do |aug| 81 | expect(aug.get('path[last()-1]')).to eq('/facts') 82 | expect(aug.get("path[.='/facts']/environment/1")).to eq('staging') 83 | expect(aug.match("path[.='/facts']/method/*").size).to eq(1) 84 | expect(aug.get("path[.='/facts']/method/1")).to eq('find') 85 | end 86 | end 87 | 88 | it 'creates an entry with a regex path' do 89 | apply!(Puppet::Type.type(:puppet_auth).new( 90 | name: 'Matching ^/foo/([^/]+)$', 91 | path: '^/foo/([^/]+)$', 92 | path_regex: 'true', 93 | authenticated: 'any', 94 | target: target, 95 | provider: 'augeas', 96 | ensure: 'present' 97 | )) 98 | 99 | aug_open(target, 'Puppet_Auth.lns') do |aug| 100 | expect(aug.get("path[.='^/foo/([^/]+)$']/operator")).to eq('~') 101 | end 102 | end 103 | end 104 | 105 | describe 'when modifying settings' do 106 | it 'modifies the properties' do 107 | apply!(Puppet::Type.type(:puppet_auth).new( 108 | name: 'Apply /certificate/ to staging', 109 | path: '/certificate/', 110 | environments: 'staging', 111 | authenticated: 'on', 112 | allow: ['localhost.localdomain', 'example.com'], 113 | allow_ip: '192.168.0.1/32', 114 | target: target, 115 | provider: 'augeas', 116 | ensure: 'present' 117 | )) 118 | 119 | aug_open(target, 'Puppet_Auth.lns') do |aug| 120 | expect(aug.get("path[.='/certificate/']/environment/1")).to eq('staging') 121 | expect(aug.get("path[.='/certificate/']/auth")).to eq('on') 122 | expect(aug.get("path[.='/certificate/']/allow/1")).to eq('localhost.localdomain') 123 | expect(aug.get("path[.='/certificate/']/allow/2")).to eq('example.com') 124 | expect(aug.get("path[.='/certificate/']/allow_ip/1")).to eq('192.168.0.1/32') 125 | end 126 | end 127 | 128 | it 'removes the save method' do 129 | apply!(Puppet::Type.type(:puppet_auth).new( 130 | name: 'Remove save method from /certificate_request', 131 | path: '/certificate_request', 132 | methods: 'find', 133 | target: target, 134 | provider: 'augeas', 135 | ensure: 'present' 136 | )) 137 | 138 | aug_open(target, 'Puppet_Auth.lns') do |aug| 139 | expect(aug.match("path[.='/certificate_request']/method").size).to eq(1) 140 | expect(aug.get("path[.='/certificate_request']/method/1")).to eq('find') 141 | end 142 | end 143 | 144 | it 'removes the entry' do 145 | apply!(Puppet::Type.type(:puppet_auth).new( 146 | name: 'Remove save method from /certificate_request', 147 | path: '/certificate_request', 148 | target: target, 149 | provider: 'augeas', 150 | ensure: 'absent' 151 | )) 152 | 153 | aug_open(target, 'Puppet_Auth.lns') do |aug| 154 | expect(aug.match("path[.='/certificate_request']").size).to eq(0) 155 | end 156 | end 157 | end 158 | end 159 | 160 | context 'with broken file' do 161 | let(:tmptarget) { aug_fixture('broken') } 162 | let(:target) { tmptarget.path } 163 | 164 | it 'fails to load' do 165 | txn = apply(Puppet::Type.type(:puppet_auth).new( 166 | name: 'Test broken', 167 | path: '/facts', 168 | target: target, 169 | provider: 'augeas', 170 | ensure: 'present' 171 | )) 172 | 173 | expect(txn.any_failed?).not_to eq(nil) 174 | expect(@logs.first.level).to eq(:err) 175 | expect(@logs.first.message.include?(target)).to eq(true) 176 | end 177 | end 178 | end 179 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | --------------------------------------------------------------------------------