rspec-puppet-augeas 0.1.0

data/.gitignore

@@ -0,0 +1,3 @@
+pkg/
+*.gem
+Gemfile.lock

data/Gemfile

@@ -0,0 +1,3 @@
+source :rubygems
+
+gem 'rspec-puppet'

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2013 Dominic Cleal
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,122 @@
+# RSpec tests for Augeas resources inside Puppet manifests
+
+## Summary
+
+rspec-puppet-augeas is an extension of rodjek's popular rspec-puppet tool.  It
+adds to your RSpec tests for a single class or define (or anything resulting in
+a catalog) and allows you to run and test individual Augeas resources within it.
+
+It takes a set of input files (fixtures) that the resource(s) will modify, runs
+the resource, can verify it changed and is idempotent, then provides
+Augeas-based tools to help verify the modification was made.
+
+## Setting up
+
+Install the gem first:
+
+    gem install rspec-puppet-augeas
+
+Extend your usual rspec-puppet class test, e.g. for the 'sshd' class:
+
+    $ cat spec/classes/sshd_config_spec.rb
+    describe 'sshd' do
+      it 'should have an augeas resource' do
+        should contain_augeas('root login')
+      end
+
+      # Expects Augeas['root login']
+      describe_augeas 'root login' do
+        it 'should change PermitRootLogin' do
+          # Run the resource against the fixtures, check it changed
+          should execute.with_change
+
+          # Check changes in the file with aug_get and aug_match
+          aug_get('PermitRootLogin').should == 'no'
+
+          # Verify idempotence last to prevent false positive
+          should execute.idempotently
+        end
+      end
+    end
+
+Copy original input files to `spec/fixtures/augeas` using the same filesystem
+layout that the resource expects:
+
+    $ tree spec/fixtures/augeas/
+    spec/fixtures/augeas/
+    `-- etc
+        `-- ssh
+            `-- sshd_config
+
+
+Lastly, in your `spec/spec_helper.rb`, load ruby-puppet-augeas and configure the
+fixtures directory.
+
+    require 'rspec-puppet-augeas'
+    RSpec.configure do |c|
+      c.augeas_fixtures = File.join(File.dirname(File.expand_path(__FILE__)), 'fixtures', 'augeas')
+    end
+
+## Usage
+
+### describe\_augeas example group
+
+`describe_augeas` adds an example group, like describe/context, but that describes
+an Augeas resource from the catalog.  The description given to run\_augeas must
+match the resource title.  `run_augeas` is a synonym. 
+
+It takes optional hash arguments:
+
+* `:fixtures` manages the files to run the resource against
+  * a hash of fixtures to copy from the source (under augeas\_fixtures) to a
+    destination path, e.g. `{ 'dest/file/location' => 'src/file/location' }`
+  * a string of the source path, copied to the path given by the resource's
+    `incl` parameter (TODO: or `:target`)
+  * nil, by default copies all fixtures
+* `:target` is the path of the file that the resource should modify 
+* `:lens` is the lens to use when opening the target file (for `aug_*` etc.)
+
+It sets the following variables inside examples:
+
+* `subject` (used implicitly) to an object representing the resource
+* `output_root` to the path of the fixtures directory after one run
+
+### execute matcher
+
+The `execute` matcher is used to check how a resource has run, e.g.
+
+    subject.should execute
+
+(subject is implicit and so can be left out)
+
+It has methods to add to the checks it performs:
+
+* `with_change` ensures the resource was "applied" and didn't no-op
+* `idempotently` runs the resource again to ensure it only applies once
+
+### Test utilities
+
+Helpers are provided to check the modifications made to files after applying
+the resource.  Some require certain options, which can be supplied in the
+`describe_augeas` statement or as arguments to the method.
+
+* `output_root` returns the root directory of the modified fixtures
+* `open_target` opens the target file and returns the handle, closes it too if
+  given a block (expects `:target` option)
+* `aug_open` opens the target file and returns an Augeas object, closes it too
+  if given a block (expects `:target` and `:lens`)
+* `aug_get(path)` runs `Augeas#get(path)` against the target file (expects
+  `:target` and `:lens`), returns the value of the node
+* `aug_match(path)` runs `Augeas#match(path)` against the target file (expects
+  `:target` and `:lens`), returns an array of matches
+
+### RSpec configuration
+
+New RSpec configuration options:
+
+* `augeas_fixtures` is the path to the root of the fixtures directory
+  containing source files
+
+## Issues
+
+Please file any issues or suggestions [on GitHub](https://github.com/domcleal/rspec-puppet-augeas/issues).

data/Rakefile

@@ -0,0 +1,7 @@
+require 'rake'
+require 'rspec/core/rake_task'
+
+task :default => :test
+task :spec => :test
+
+RSpec::Core::RakeTask.new(:test)

data/lib/rspec-puppet-augeas.rb

@@ -0,0 +1,15 @@
+require 'rspec-puppet'
+
+module RSpec::Puppet::Augeas
+  class Error < StandardError
+  end
+end
+
+require 'rspec-puppet-augeas/example'
+require 'rspec-puppet-augeas/matchers'
+require 'rspec-puppet-augeas/test_utils'
+
+RSpec.configure do |c|
+  c.add_setting :augeas_fixtures, :default => nil
+  c.include RSpec::Puppet::Augeas::TestUtils, :type => :augeas
+end

data/lib/rspec-puppet-augeas/example.rb

@@ -0,0 +1,6 @@
+require 'rspec-puppet-augeas/example/run_augeas_example_group'
+
+RSpec::configure do |c|
+  c.extend RSpec::Puppet::Augeas::RunAugeasExampleGroup::ClassMethods
+  c.include RSpec::Puppet::Augeas::RunAugeasExampleGroup::InstanceMethods, :type => :augeas
+end

data/lib/rspec-puppet-augeas/example/run_augeas_example_group.rb

@@ -0,0 +1,65 @@
+require 'rspec-puppet-augeas/resource'
+
+module RSpec::Puppet::Augeas
+  module RunAugeasExampleGroup
+
+    module ClassMethods
+      # new example group, much like 'describe'
+      #   title (arg #1) must match title of Augeas resource
+      #   args may be hash containing:
+      #     :fixture =>
+      #       String -> relative path of source fixture file
+      #       Hash   -> { "/dest/path" => "source/fixture/path", ... }
+      #     :target  => path of destination file to be modified
+      #     :lens    => lens used for opening target
+      def run_augeas(*args, &block)
+        options = args.last.is_a?(::Hash) ? args.pop : {}
+
+        title = "Augeas[#{args.shift}]"
+        describe(title, *args, :type => :augeas) do
+          # inside here (the type augeas block), subject will be initialised
+          # to the augeas resource object
+
+          # initialise arguments passed into the run_augeas block
+          # TODO: target can be initialised from incl if available
+          target = options.delete(:target)
+          let(:target) { target }
+
+          # TODO: ditto
+          lens = options.delete(:lens)
+          let(:lens) { lens }
+
+          fixture = options.delete(:fixture)
+          fixture = { target => fixture } if fixture.is_a? String and target
+          let(:fixture) { fixture }
+
+          class_exec(&block)
+        end
+      end
+
+      # Synonym for run_augeas
+      def describe_augeas(*args, &block)
+        run_augeas(*args, &block)
+      end
+    end
+
+    module InstanceMethods
+      # Initialises the implicit example group 'subject' to an Augeas resource
+      #
+      # Requires that the title of this example group is the resource title and
+      # that the parent example group subject is a catalog (use rspec-puppet)
+      def subject
+        unless @resource
+          title = self.class.description
+          title = $1 if title =~ /^Augeas\[(.*)\]$/
+          @resource = Resource.new(catalogue.resource('Augeas', title), fixture)
+        end
+        @resource
+      end
+
+      def output_root
+        subject.root
+      end
+    end
+  end
+end

data/lib/rspec-puppet-augeas/fixtures.rb

@@ -0,0 +1,59 @@
+require 'augeas'
+require 'tempfile'
+require 'tmpdir'
+
+module RSpec::Puppet::Augeas
+  module Fixtures
+    # Copies test fixtures to a temporary directory
+    # If file is nil, copies the entire augeas_fixtures directory
+    # If file is a string, it copies that file from augeas_fixtures
+    #   to the path being edited by the resource
+    # If file is a hash, it copies the "value" from augeas_fixtures
+    #   to each "key" path
+    def load_fixtures(resource, file)
+      if block_given?
+        Dir.mktmpdir("rspec-puppet-augeas") do |dir|
+          prepare_fixtures(dir, resource, file)
+          yield dir
+        end
+      else
+        dir = Dir.mktmpdir("rspec-puppet-augeas")
+        prepare_fixtures(dir, resource, file)
+        dir
+      end
+    end
+
+    def prepare_fixtures(dir, resource, file)
+      if file.nil?
+        FileUtils.cp_r File.join(RSpec.configuration.augeas_fixtures, "."), dir
+      elsif file.is_a? Hash
+        file.each do |dest,src|
+          FileUtils.mkdir_p File.join(dir, File.dirname(dest))
+          src = File.join(RSpec.configuration.augeas_fixtures, src) unless src.start_with? File::SEPARATOR
+          FileUtils.cp_r src, File.join(dir, dest)
+        end
+      elsif file.respond_to? :to_s
+        target = get_resource_target(resource)
+        raise ArgumentError, "Unable to determine file being edited from #{resource.name}.  Supply :fixtures as a hash of { '/dest/path' => 'source/fixture/path' } instead." unless target
+        FileUtils.mkdir_p File.join(dir, File.dirname(target))
+        FileUtils.cp File.join(RSpec.configuration.augeas_fixtures, file.to_s), File.join(dir, target)
+      end
+    end
+
+    # Take a best guess at the file the user's editing
+    def get_resource_target(resource)
+      return resource[:incl] if resource[:incl]
+      # TODO: make reliable
+      #return $1 if resource[:context] and resource[:context] =~ %r{/files(/.*)}
+      nil
+    end
+
+    # Runs a particular resource via a catalog
+    def apply(resource)
+      catalog = Puppet::Resource::Catalog.new
+      catalog.add_resource resource
+      catalog = catalog.to_ral if resource.is_a? Puppet::Resource
+      catalog.apply
+    end
+  end
+end

data/lib/rspec-puppet-augeas/matchers.rb

@@ -0,0 +1,5 @@
+require 'rspec-puppet-augeas/matchers/execute'
+
+RSpec::configure do |c|
+  c.include RSpec::Puppet::Augeas::Matchers, :type => :augeas
+end

data/lib/rspec-puppet-augeas/matchers/execute.rb

@@ -0,0 +1,70 @@
+require 'rspec-puppet-augeas/fixtures'
+
+module RSpec::Puppet::Augeas::Matchers
+  # <subject>.should execute()
+  #   where subject must be an Augeas resource
+  class Execute
+    attr_reader :resource, :idempotent, :change
+
+    def initialize
+      @change = false
+      @idempotent = false
+    end
+
+    def matches?(resource)
+      @resource = resource
+      return false if resource.txn.any_failed?
+      return false if change and !resource.txn.changed?.any?
+      return false if idempotent and resource.idempotent.changed?.any?
+      true
+    end
+
+    # verifies the resource was 'applied'
+    def with_change
+      @change = true
+      self
+    end
+
+    # verifies the resource only applies once
+    def idempotently
+      @change = true
+      @idempotent = true
+      self
+    end
+
+    def description
+      if idempotent
+        "should change once only (idempotently)"
+      elsif change
+        "should change successfully at least once"
+      else
+        "should execute without failure"
+      end
+    end
+
+    def failure_message_for_should
+      # FIXME: the branch should depend on outcome, not chaining
+      if idempotent
+        "#{resource} isn't idempotent, it changes on every run"
+      elsif change
+        "#{resource} doesn't change when executed"
+      else
+        "#{resource} fails when executed"
+      end
+    end
+
+    def failure_message_for_should_not
+      if idempotent
+        "#{resource} is idempotent, it doesn't change on every run"
+      elsif change
+        "#{resource} changes when executed"
+      else
+        "#{resource} succeeds when executed"
+      end
+    end
+  end
+
+  def execute
+    Execute.new
+  end
+end

data/lib/rspec-puppet-augeas/resource.rb

@@ -0,0 +1,45 @@
+require 'rspec-puppet-augeas/fixtures'
+
+module RSpec::Puppet::Augeas
+  class Resource
+    attr_reader :resource, :txn, :txn_idempotent, :root
+
+    def initialize(resource, fixtures)
+      @resource = resource
+
+      # The directory where the resource has run will be valuable, so keep it
+      # for analysis and tests by the user
+      @root = load_fixtures(resource, fixtures)
+      ObjectSpace.define_finalizer(self, self.class.finalize(@root))
+
+      resource[:root] = @root
+      @txn = apply(resource)
+    end
+
+    def self.finalize(root)
+      proc { FileUtils.rm_rf root }
+    end
+
+    # Run the resource a second time, against the output dir from the first
+    #
+    # @return [Puppet::Transaction] repeated transaction
+    def idempotent
+      root = load_fixtures(resource, {"." => "#{@root}/."})
+
+      oldroot = resource[:root]
+      resource[:root] = root
+      @txn_idempotent = apply(resource)
+      FileUtils.rm_r root
+      resource[:root] = oldroot
+
+      @txn_idempotent
+    end
+
+    def to_s
+      resource.to_s
+    end
+
+    private
+    include RSpec::Puppet::Augeas::Fixtures
+  end
+end

data/lib/rspec-puppet-augeas/test_utils.rb

@@ -0,0 +1,148 @@
+require 'augeas'
+require 'tempfile'
+
+module RSpec::Puppet::Augeas
+  module TestUtils
+    def open_target(opts = {})
+      file = opts[:target] || self.target or raise ArgumentError, ":target must be supplied"
+      f = File.open(File.join(self.output_root, file))
+      return f unless block_given?
+      yield f
+      f.close
+    end
+
+    def aug_get(path, opts = {})
+      aug_open(opts) do |aug|
+        aug.get(path)
+      end
+    end
+
+    def aug_match(path, opts = {})
+      aug_open(opts) do |aug|
+        aug.match(path)
+      end
+    end
+
+    # Open Augeas on a given file, by default the target / lens specified in
+    # options to the run_augeas block
+    def aug_open(opts = {})
+      file = opts[:target] || self.target or raise ArgumentError, ":target must be supplied"
+      file = "/#{file}" unless file.start_with? '/'
+      lens = opts[:lens] || self.lens or raise ArgumentError, ":lens must be supplied"
+      lens = "#{lens}.lns" unless lens.include? '.'
+
+      aug = Augeas.open(self.output_root, nil, Augeas::NO_MODL_AUTOLOAD)
+      begin
+        aug.transform(
+          :lens => lens,
+          :name => lens.split(".")[0],
+          :incl => file
+        )
+        aug.set("/augeas/context", "/files#{file}")
+        aug.load!
+        raise RSpec::Puppet::Augeas::Error, "Augeas didn't load #{file}" if aug.match(".").empty?
+        yield aug
+      rescue Augeas::Error
+        errors = []
+        aug.match("/augeas//error").each do |errnode|
+          aug.match("#{errnode}/*").each do |subnode|
+            subvalue = aug.get(subnode)
+            errors << "#{subnode} = #{subvalue}"
+          end
+        end
+        raise RSpec::Puppet::Augeas::Error, errors.join("\n")
+      ensure
+        aug.close
+      end
+    end
+
+    # Creates a simple test file, reads in a fixture (that's been modified by
+    # the provider) and runs augparse against the expected tree.
+    def augparse(opts = {})
+      file = opts[:target] || self.target or raise ArgumentError, ":target must be supplied"
+      file = File.join(self.output_path, file) unless file.start_with? '/'
+      lens = opts[:lens] || self.lens or raise ArgumentError, ":lens must be supplied"
+      lens = "#{lens}.lns" unless lens.include? '.'
+      result = opts[:result] || "?"
+
+      Dir.mktmpdir { |dir|
+        # Augeas always starts with a blank line when creating new files, so
+        # reprocess file and remove it to make writing tests easier
+        File.open("#{dir}/input", "w") do |finput|
+          File.open(file, "r") do |ffile|
+            line = ffile.readline
+            finput.write line unless line == "\n"
+            ffile.each {|line| finput.write line }
+          end
+        end
+
+        # Test module, Augeas reads back in the input file
+        testaug = "#{dir}/test_augeasproviders.aug"
+        File.open(testaug, "w") { |tf|
+          tf.write(<<eos)
+module Test_Augeasproviders =
+  test #{lens} get Sys.read_file "#{dir}/input" =
+    #{result}
+eos
+        }
+
+        output = %x(augparse #{testaug} 2>&1)
+        raise RSpec::Puppet::Augeas::Error, "augparse failed:\n#{output}" unless $? == 0 && output.empty?
+      }
+    end
+
+    # Takes a full fixture file, loads it in Augeas, uses the relative path
+    # and/or filter and saves just that part in a new file.  That's then passed
+    # into augparse and compared against the expected tree.  Saves creating a
+    # tree of the entire file.
+    #
+    # Because the filtered fragment is saved in a new file, seq labels will reset
+    # too, so it'll be "1" rather than what it was in the original fixture.
+    def augparse_filter(opts = {})
+      file = opts[:target] || self.target or raise ArgumentError, ":target must be supplied"
+      file = File.join(self.output_path, file) unless file.start_with? '/'
+      lens = opts[:lens] || self.lens or raise ArgumentError, ":lens must be supplied"
+      lens = "#{lens}.lns" unless lens.include? '.'
+      filter = opts[:filter] or raise ArgumentError, ":filter must be supplied"
+      result = opts[:result] || "?"
+
+      # duplicate the original since we use aug.mv
+      tmpin = Tempfile.new("original")
+      tmpin.write(File.read(file))
+      tmpin.close
+
+      tmpout = Tempfile.new("filtered")
+      tmpout.close
+
+      aug_open(tmpin.path, lens) do |aug|
+        # Load a transform of the target, so Augeas can write into it
+        aug.transform(
+          :lens => lens,
+          :name => lens.split(".")[0],
+          :incl => tmpout.path
+        )
+        aug.load!
+        tmpaug = "/files#{tmpout.path}"
+        raise RSpec::Puppet::Augeas::Error, "Augeas didn't load empty file #{tmpout.path}" if aug.match(tmpaug).empty?
+
+        # Check the filter matches something and move it
+        ftmatch = aug.match(filter)
+        raise RSpec::Puppet::Augeas::Error, "Filter #{filter} within #{file} matched #{ftmatch.size} nodes, should match at least one" if ftmatch.empty?
+
+        begin
+          # Loop on aug_match as path indexes will change as we move nodes
+          fp = ftmatch.first
+          aug.mv(fp, "#{tmpaug}/#{fp.split(/\//)[-1]}")
+          ftmatch = aug.match(filter)
+        end while not ftmatch.empty?
+
+        aug.save!
+      end
+
+      augparse(tmpout.path, lens, result)
+    ensure
+      tmpin.unlink
+      tmpout.unlink
+    end
+  end
+end

data/rspec-puppet-augeas.gemspec

@@ -0,0 +1,35 @@
+Gem::Specification.new do |s|
+  s.name = 'rspec-puppet-augeas'
+  s.version = '0.1.0'
+  s.homepage = 'https://github.com/domcleal/rspec-puppet-augeas/'
+  s.summary = 'RSpec tests for Augeas resources in Puppet manifests'
+  s.description = 'RSpec tests for Augeas resources in Puppet manifests'
+
+  s.files = [
+    '.gitignore',
+    'Gemfile',
+    'LICENSE',
+    'README.md',
+    'Rakefile',
+    'lib/rspec-puppet-augeas.rb',
+    'lib/rspec-puppet-augeas/example.rb',
+    'lib/rspec-puppet-augeas/example/run_augeas_example_group.rb',
+    'lib/rspec-puppet-augeas/fixtures.rb',
+    'lib/rspec-puppet-augeas/matchers.rb',
+    'lib/rspec-puppet-augeas/matchers/execute.rb',
+    'lib/rspec-puppet-augeas/resource.rb',
+    'lib/rspec-puppet-augeas/test_utils.rb',
+    'rspec-puppet-augeas.gemspec',
+    'spec/classes/sshd_config_spec.rb',
+    'spec/fixtures/augeas/etc/ssh/sshd_config',
+    'spec/fixtures/augeas/etc/ssh/sshd_config_2',
+    'spec/fixtures/manifests/site.pp',
+    'spec/fixtures/modules/sshd/manifests/init.pp',
+    'spec/spec_helper.rb'
+  ]
+
+  s.add_dependency 'rspec-puppet'
+
+  s.authors = ['Dominic Cleal']
+  s.email = 'dcleal@redhat.com'
+end

data/spec/classes/sshd_config_spec.rb

@@ -0,0 +1,58 @@
+require 'spec_helper'
+
+describe 'sshd' do
+  it 'should have an augeas resource' do
+    should contain_augeas('root login')
+  end
+
+  describe 'specify target+lens upfront, use all fixtures' do
+    describe_augeas 'root login', :lens => 'Sshd', :target => 'etc/ssh/sshd_config' do
+      it 'should test resource' do
+        aug_get('#comment[1]').should =~ /OpenBSD/
+        open_target { |f| f.readline.should =~ /OpenBSD/ }
+
+        should execute.with_change
+        aug_get('PermitRootLogin').should == 'yes'
+        open_target { |f| f.read.should =~ /^PermitRootLogin\s+yes$/ }
+
+        should execute.idempotently
+      end
+    end
+  end
+
+  describe 'specify fixtures as a hash' do
+    describe_augeas 'root login', :fixture => { 'etc/ssh/sshd_config' => 'etc/ssh/sshd_config_2' } do
+      it 'should test resource with second fixture' do
+        aug_get('#comment[1]', :lens => 'Sshd', :target => 'etc/ssh/sshd_config').should == 'Fixture 2'
+        should execute.with_change
+        aug_get('PermitRootLogin', :lens => 'Sshd', :target => 'etc/ssh/sshd_config').should == 'yes'
+        should execute.idempotently
+      end
+    end
+  end
+
+  describe 'specify target and non-standard fixture' do
+    describe_augeas 'root login', :lens => 'Sshd', :target => 'etc/ssh/sshd_config', :fixture => 'etc/ssh/sshd_config_2' do
+      it 'should test resource with second fixture' do
+        aug_get('#comment[1]').should == 'Fixture 2'
+        should execute.with_change
+        aug_get('PermitRootLogin').should == 'yes'
+        should execute.idempotently
+      end
+    end
+  end
+
+  describe_augeas 'fail to add root login' do
+    it 'should fail to run entirely' do
+      should_not execute
+    end
+  end
+
+  run_augeas 'add root login', :lens => 'Sshd', :target => 'etc/ssh/sshd_config' do
+    it 'should fail on idempotency' do
+      should execute.with_change
+      aug_match('PermitRootLogin').size.should == 2
+      should_not execute.idempotently
+    end
+  end
+end

data/spec/fixtures/augeas/etc/ssh/sshd_config

@@ -0,0 +1,138 @@
+#	$OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options change a
+# default value.
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+# The default requires explicit activation of protocol 1
+#Protocol 2
+
+# HostKey for protocol version 1
+#HostKey /etc/ssh/ssh_host_key
+# HostKeys for protocol version 2
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_dsa_key
+
+# Lifetime and size of ephemeral version 1 server key
+#KeyRegenerationInterval 1h
+#ServerKeyBits 1024
+
+# Logging
+# obsoletes QuietMode and FascistLogging
+#SyslogFacility AUTH
+SyslogFacility AUTHPRIV
+#LogLevel INFO
+
+# Authentication:
+
+AllowGroups sshusers
+
+#LoginGraceTime 2m
+PermitRootLogin without-password
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#RSAAuthentication yes
+#PubkeyAuthentication yes
+#AuthorizedKeysFile	.ssh/authorized_keys
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandRunAs nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#RhostsRSAAuthentication no
+# similar for protocol version 2
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# RhostsRSAAuthentication and HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+#PasswordAuthentication yes
+#PermitEmptyPasswords no
+PasswordAuthentication yes
+
+# Change to no to disable s/key passwords
+#ChallengeResponseAuthentication yes
+ChallengeResponseAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+#KerberosUseKuserok yes
+
+# GSSAPI options
+#GSSAPIAuthentication no
+GSSAPIAuthentication yes
+#GSSAPICleanupCredentials yes
+GSSAPICleanupCredentials yes
+#GSSAPIStrictAcceptorCheck yes
+#GSSAPIKeyExchange no
+
+# Set this to 'yes' to enable PAM authentication, account processing, 
+# and session processing. If this is enabled, PAM authentication will 
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+#UsePAM no
+UsePAM yes
+
+# Accept locale-related environment variables
+AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
+AcceptEnv XMODIFIERS
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+#X11Forwarding no
+X11Forwarding yes
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PrintMotd yes
+#PrintLastLog yes
+#TCPKeepAlive yes
+#UseLogin no
+#UsePrivilegeSeparation yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#ShowPatchLevel no
+#UseDNS yes
+#PidFile /var/run/sshd.pid
+#MaxStartups 10
+#PermitTunnel no
+#ChrootDirectory none
+
+# no default banner path
+#Banner none
+
+# override default of no subsystems
+Subsystem	sftp	/usr/libexec/openssh/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	ForceCommand cvs server

data/spec/fixtures/augeas/etc/ssh/sshd_config_2

@@ -0,0 +1,2 @@
+# Fixture 2
+PermitRootLogin no

data/spec/fixtures/modules/sshd/manifests/init.pp

@@ -0,0 +1,19 @@
+class sshd {
+  augeas { "root login":
+    context => '/files/etc/ssh/sshd_config',
+    changes => 'set PermitRootLogin yes',
+  }
+
+  augeas { "add root login":
+    context => '/files/etc/ssh/sshd_config',
+    changes => [
+      'ins PermitRootLogin after *[last()]',
+      'set PermitRootLogin[last()] yes'
+    ],
+  }
+
+  augeas { "fail to add root login":
+    context => '/files/etc/ssh/sshd_config',
+    changes => 'ins PermitRootLogin after *[last()]',
+  }
+}

data/spec/spec_helper.rb

@@ -0,0 +1,7 @@
+require 'rspec-puppet-augeas'
+
+RSpec.configure do |c|
+  c.augeas_fixtures = File.join(File.dirname(File.expand_path(__FILE__)), 'fixtures', 'augeas')
+  c.module_path = File.join(File.dirname(File.expand_path(__FILE__)), 'fixtures', 'modules')
+  c.manifest_dir = File.join(File.dirname(File.expand_path(__FILE__)), 'fixtures', 'manifests')
+end

metadata

@@ -0,0 +1,80 @@
+--- !ruby/object:Gem::Specification
+name: rspec-puppet-augeas
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+  prerelease: 
+platform: ruby
+authors:
+- Dominic Cleal
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-01-28 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec-puppet
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: RSpec tests for Augeas resources in Puppet manifests
+email: dcleal@redhat.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- lib/rspec-puppet-augeas.rb
+- lib/rspec-puppet-augeas/example.rb
+- lib/rspec-puppet-augeas/example/run_augeas_example_group.rb
+- lib/rspec-puppet-augeas/fixtures.rb
+- lib/rspec-puppet-augeas/matchers.rb
+- lib/rspec-puppet-augeas/matchers/execute.rb
+- lib/rspec-puppet-augeas/resource.rb
+- lib/rspec-puppet-augeas/test_utils.rb
+- rspec-puppet-augeas.gemspec
+- spec/classes/sshd_config_spec.rb
+- spec/fixtures/augeas/etc/ssh/sshd_config
+- spec/fixtures/augeas/etc/ssh/sshd_config_2
+- spec/fixtures/manifests/site.pp
+- spec/fixtures/modules/sshd/manifests/init.pp
+- spec/spec_helper.rb
+homepage: https://github.com/domcleal/rspec-puppet-augeas/
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.24
+signing_key: 
+specification_version: 3
+summary: RSpec tests for Augeas resources in Puppet manifests
+test_files: []