simp-cli 1.0.12

data/spec/lib/simp/cli/config/item/files/FakeCA/cacertkey

@@ -0,0 +1 @@
+dummyvalues

data/spec/lib/simp/cli/config/item/files/FakeCA/gencerts_nopass.sh

@@ -0,0 +1,10 @@
+#!/bin/sh
+# mocked gencerts_nopass.sh
+for hosts in `cat togen`; do
+  hosts=`echo $hosts | sed -e 's/[ \t]//g'`
+  hname=`echo $hosts | cut -d',' -f1`
+  keydist="../keydist" # location in testing framework
+  mkdir -p "${keydist}/${hname}"
+  echo "$hname: dummy generated" >>  ${keydist}/${hname}/${hname}.pub
+  cat ${keydist}/${hname}/${hname}.pub >> ${keydist}/${hname}/${hname}.pem
+done

data/spec/lib/simp/cli/config/item/files/autosign.conf.new

@@ -0,0 +1,11 @@
+#
+# You should place any hostnames/domains here that you wish to autosign.
+# The most security concious method is to list each individual hostname:
+#    hosta.your.domain
+#    hostb.your.domain
+#
+# Wildcard domains work, but absolutely should NOT be used unless you fully
+# trust your network.
+#    *.your.domain
+#
+puppet.your.domain

data/spec/lib/simp/cli/config/item/files/autosign.conf.used

@@ -0,0 +1,15 @@
+# You should place any hostnames/domains here that you wish to autosign.
+# The most security conscious method is to list each individual hostname:
+#   hosta.your.domain
+#   hostb.your.domain
+#
+# Wildcard domains work, but absolutely should NOT be used unless you fully
+# trust your network.
+#   *.your.domain
+
+# TODO: provide an executable for autosign validation instead of an unvalidated
+#       list of certnames.
+puppet.fake.domain
+server1.fake.domain
+server2.fake.domain
+

data/spec/lib/simp/cli/config/item/files/fileserver.conf

@@ -0,0 +1,41 @@
+# fileserver.conf
+
+# Puppet automatically serves PLUGINS and FILES FROM MODULES: anything in
+# <module name>/files/<file name> is available to authenticated nodes at
+# puppet:///modules/<module name>/<file name>. You do not need to edit this
+# file to enable this.
+
+# MOUNT POINTS
+
+# If you need to serve files from a directory that is NOT in a module,
+# you must create a static mount point in this file:
+#
+# [extra_files]
+#   path /etc/puppet/files
+#   allow *
+#
+# In the example above, anything in /etc/puppet/files/<file name> would be
+# available to authenticated nodes at puppet:///extra_files/<file name>.
+#
+# Mount points may also use three placeholders as part of their path:
+#
+# %H - The node's certname.
+# %h - The portion of the node's certname before the first dot. (Usually the
+#      node's short hostname.)
+# %d - The portion of the node's certname after the first dot. (Usually the
+#      node's domain name.)
+
+# PERMISSIONS
+
+# Every static mount point should have an `allow *` line; setting more
+# granular permissions in this file is deprecated. Instead, you can
+# control file access in auth.conf by controlling the
+# /file_metadata/<mount point> and /file_content/<mount point> paths:
+#
+# path ~ ^/file_(metadata|content)/extra_files/
+# auth yes
+# allow /^(.+)\.example\.com$/
+# allow_ip 192.168.100.0/24
+#
+# If added to auth.conf BEFORE the "path /file" rule, the rule above
+# will add stricter restrictions to the extra_files mount point.

data/spec/lib/simp/cli/config/item/files/hosts

@@ -0,0 +1,2 @@
+127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

data/spec/lib/simp/cli/config/item/files/hosts.old_puppet_entry

@@ -0,0 +1,3 @@
+127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
+99.99.99.99 puppet.example.com puppet

data/spec/lib/simp/cli/config/item/files/puppet.conf

@@ -0,0 +1,25 @@
+[main]
+    # The Puppet log directory.
+    # The default value is '$vardir/log'.
+    logdir = /var/log/puppet
+
+    # Where Puppet PID files are kept.
+    # The default value is '$vardir/run'.
+    rundir = /var/run/puppet
+
+    # Where SSL certificates are kept.
+    # The default value is '$confdir/ssl'.
+    ssldir = $vardir/ssl
+
+[agent]
+    # The file in which puppetd stores a list of the classes
+    # associated with the retrieved configuratiion.  Can be loaded in
+    # the separate ``puppet`` executable using the ``--loadclasses``
+    # option.
+    # The default value is '$confdir/classes.txt'.
+    classfile = $vardir/classes.txt
+
+    # Where puppetd caches the local configuration.  An
+    # extension indicating the cache format is added automatically.
+    # The default value is '$confdir/localconfig'.
+    localconfig = $vardir/localconfig

data/spec/lib/simp/cli/config/item/files/puppet.your.domain.yaml

@@ -0,0 +1,21 @@
+---
+# This must be a copy of at least 'client_nets' from simp_def.yaml if
+# you want this to cover your base YUM repo services.
+# The fact that you can't include other arrays from Hiera is
+# registered in the Puppet Labs JIRA as HI-183.
+#
+apache::conf::allowroot : "%{hiera('client_nets')}"
+
+rsync::server : '127.0.0.1'
+
+# Disable hooking to the remote SIMP repos so that the local filesystem is
+# always hit first.
+#
+# You should change this if using external yum repositories.
+#
+simp::yum::enable_simp_repos : false
+
+classes :
+  - 'simp::server'
+  - 'simp::yum_server'
+  - 'simp::kickstart_server'

data/spec/lib/simp/cli/config/item/files/resolv.conf__multiple

@@ -0,0 +1,10 @@
+nameserver 10.0.0.1
+nameserver 10.0.0.2
+nameserver 10.0.0.3
+domain tasty.bacon
+# NOTE: the resolver only uses the last of multiple search declarations,
+#       therefore 'useless.bacon' is superfluous and should be ignored.
+search useless.bacon
+search tasty.bacon yucky.bacon instant.bacon
+options ndots:1 timeout:2 attempts:2 rotate
+

data/spec/lib/simp/cli/config/item/files/resolv.conf__single

@@ -0,0 +1,4 @@
+options ndots:1 timeout:2 attempts:2 rotate
+nameserver 10.0.0.1
+domain tasty.bacon
+search tasty.bacon

data/spec/lib/simp/cli/config/item/files/rsyncd.conf

@@ -0,0 +1,225 @@
+pid file = /var/run/rsyncd.pid
+syslog facility = daemon
+port = 873
+address = 127.0.0.1
+[apache]
+comment = Apache configurations
+path = /srv/rsync/apache
+use chroot = false
+max connections = 0
+max verbosity = 1
+lock file = /var/run/rsyncd.lock
+read only = true
+write only = false
+list = false
+uid = root
+gid = root
+outgoing chmod = o-rwx
+ignore nonreadable = true
+transfer logging = true
+log format = '%o %h [%a] %m (%u) %f %l'
+dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.iso *.bz2 *.tbz *.rar *.jar *.pdf *.sar *.war
+hosts allow = 127.0.0.1
+hosts deny = *
+auth users = apache_rsync
+secrets file = /etc/rsync/apache.rsyncd.secrets
+[bind_dns_default]
+comment = Default DNS configurations for named
+path = /srv/rsync/bind_dns/default
+use chroot = false
+max connections = 0
+max verbosity = 1
+lock file = /var/run/rsyncd.lock
+read only = true
+write only = false
+list = false
+uid = root
+gid = root
+outgoing chmod = o-w
+ignore nonreadable = true
+transfer logging = true
+log format = '%o %h [%a] %m (%u) %f %l'
+dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.iso *.bz2 *.tbz *.rar *.jar *.pdf *.sar *.war
+hosts allow = 127.0.0.1
+hosts deny = *
+auth users = bind_dns_default_rsync
+secrets file = /etc/rsync/bind_dns_default.rsyncd.secrets
+[clamav]
+comment = ClamAV Virus Database Updates
+path = /srv/rsync/clamav
+use chroot = false
+max connections = 0
+max verbosity = 1
+lock file = /var/run/rsyncd.lock
+read only = true
+write only = false
+list = false
+uid = root
+gid = root
+outgoing chmod = o-w
+ignore nonreadable = true
+transfer logging = true
+log format = '%o %h [%a] %m (%u) %f %l'
+dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.iso *.bz2 *.tbz *.rar *.jar *.pdf *.sar *.war
+hosts allow = 127.0.0.1
+hosts deny = *
+[default]
+comment = The default file path
+path = /srv/rsync/default
+use chroot = false
+max connections = 0
+max verbosity = 1
+lock file = /var/run/rsyncd.lock
+read only = true
+write only = false
+list = false
+uid = root
+gid = root
+outgoing chmod = o-w
+ignore nonreadable = true
+transfer logging = true
+log format = '%o %h [%a] %m (%u) %f %l'
+dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.iso *.bz2 *.tbz *.rar *.jar *.pdf *.sar *.war
+hosts allow = 127.0.0.1
+hosts deny = *
+[dhcpd]
+comment = DHCP Configurations
+path = /srv/rsync/dhcpd
+use chroot = false
+max connections = 0
+max verbosity = 1
+lock file = /var/run/rsyncd.lock
+read only = true
+write only = false
+list = false
+uid = root
+gid = root
+outgoing chmod = o-w
+ignore nonreadable = true
+transfer logging = true
+log format = '%o %h [%a] %m (%u) %f %l'
+dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.iso *.bz2 *.tbz *.rar *.jar *.pdf *.sar *.war
+hosts allow = 127.0.0.1
+hosts deny = *
+auth users = dhcpd_rsync
+secrets file = /etc/rsync/dhcpd.rsyncd.secrets
+[freeradius]
+comment = Freeradius configuration files
+path = /srv/rsync/freeradius
+use chroot = false
+max connections = 0
+max verbosity = 1
+lock file = /var/run/rsyncd.lock
+read only = true
+write only = false
+list = false
+uid = root
+gid = root
+outgoing chmod = o-w
+ignore nonreadable = true
+transfer logging = true
+log format = '%o %h [%a] %m (%u) %f %l'
+dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.iso *.bz2 *.tbz *.rar *.jar *.pdf *.sar *.war
+hosts allow = 127.0.0.1
+hosts deny = *
+auth users = freeradius_systems
+secrets file = /etc/rsync/freeradius.rsyncd.secrets
+[jenkins_plugins]
+comment = Jenkins Configuration
+path = /srv/rsync/jenkins_plugins
+use chroot = false
+max connections = 0
+max verbosity = 1
+lock file = /var/run/rsyncd.lock
+read only = true
+write only = false
+list = false
+uid = root
+gid = root
+outgoing chmod = o-w
+ignore nonreadable = true
+transfer logging = true
+log format = '%o %h [%a] %m (%u) %f %l'
+dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.iso *.bz2 *.tbz *.rar *.jar *.pdf *.sar *.war
+hosts allow = 127.0.0.1
+hosts deny = *
+[mcafee]
+comment = McAfee DAT files
+path = /srv/rsync/mcafee
+use chroot = false
+max connections = 0
+max verbosity = 1
+lock file = /var/run/rsyncd.lock
+read only = true
+write only = false
+list = false
+uid = root
+gid = root
+outgoing chmod = o-w
+ignore nonreadable = true
+transfer logging = true
+log format = '%o %h [%a] %m (%u) %f %l'
+dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.iso *.bz2 *.tbz *.rar *.jar *.pdf *.sar *.war
+hosts allow = 127.0.0.1
+hosts deny = *
+[openldap_server]
+comment = Configuration for OpenLDAP
+path = /srv/rsync/openldap/server
+use chroot = false
+max connections = 0
+max verbosity = 1
+lock file = /var/run/rsyncd.lock
+read only = true
+write only = false
+list = false
+uid = root
+gid = root
+outgoing chmod = o-w
+ignore nonreadable = true
+transfer logging = true
+log format = '%o %h [%a] %m (%u) %f %l'
+dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.iso *.bz2 *.tbz *.rar *.jar *.pdf *.sar *.war
+hosts allow = 127.0.0.1
+hosts deny = *
+auth users = openldap_rsync
+secrets file = /etc/rsync/openldap_server.rsyncd.secrets
+[snmp]
+comment = SNMP MIBs and Modules
+path = /srv/rsync/snmp
+use chroot = false
+max connections = 0
+max verbosity = 1
+lock file = /var/run/rsyncd.lock
+read only = true
+write only = false
+list = false
+uid = root
+gid = root
+outgoing chmod = o-w
+ignore nonreadable = true
+transfer logging = true
+log format = '%o %h [%a] %m (%u) %f %l'
+dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.iso *.bz2 *.tbz *.rar *.jar *.pdf *.sar *.war
+hosts allow = 127.0.0.1
+hosts deny = *
+[tftpboot]
+comment = Tftpboot server configurations
+path = /srv/rsync/tftpboot
+use chroot = false
+max connections = 0
+max verbosity = 1
+lock file = /var/run/rsyncd.lock
+read only = true
+write only = false
+list = false
+uid = root
+gid = root
+outgoing chmod = o-w
+ignore nonreadable = true
+transfer logging = true
+log format = '%o %h [%a] %m (%u) %f %l'
+dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.iso *.bz2 *.tbz *.rar *.jar *.pdf *.sar *.war
+hosts allow = 127.0.0.1
+hosts deny = *
+auth users = tftpboot_rsync
+secrets file = /etc/rsync/tftpboot.rsyncd.secrets

data/spec/lib/simp/cli/config/item/gateway_spec.rb

@@ -0,0 +1,23 @@
+require 'simp/cli/config/item/gateway'
+require 'rspec/its'
+require_relative( 'spec_helper' )
+
+describe Simp::Cli::Config::Item::Gateway do
+  before :each do
+    @ci = Simp::Cli::Config::Item::Gateway.new
+  end
+
+  describe "#validate" do
+    it "validates plausible gateways" do
+      expect( @ci.validate '192.168.1.0' ).to eq true
+    end
+
+    it "doesn't validate impossible gateways" do
+      expect( @ci.validate nil ).to eq false
+      expect( @ci.validate false ).to eq false
+      expect( @ci.validate '999.999.999.999' ).to eq false
+    end
+  end
+
+  it_behaves_like "a child of Simp::Cli::Config::Item"
+end

data/spec/lib/simp/cli/config/item/grub_password_spec.rb

@@ -0,0 +1,24 @@
+require 'simp/cli/config/item/grub_password'
+require_relative( 'spec_helper' )
+
+describe Simp::Cli::Config::Item::GrubPassword do
+  before :each do
+    @ci = Simp::Cli::Config::Item::GrubPassword.new
+    @ci.silent = true
+  end
+
+  describe "#encrypt" do
+    # NOTE: not much we can test except the hashed string length and characteristics of the type of hash
+    it "encrypts grub_passwords" do
+      crypted_pw = @ci.encrypt( 'foo' )
+      if Facter.value('lsbmajdistrelease') <= '6'
+        expect( crypted_pw ).to match /^\$6\$/
+        expect( 97..98 ).to cover( crypted_pw.length )
+      else
+        skip "TODO: define tests for EL7+ grub passwords"
+      end
+    end
+  end
+
+  it_behaves_like "a child of Simp::Cli::Config::Item"
+end

data/spec/lib/simp/cli/config/item/hostname_conf_spec.rb

@@ -0,0 +1,27 @@
+require 'simp/cli/config/item/hostname_conf'
+
+require 'simp/cli/config/item/network_interface'
+require 'simp/cli/config/item/dns_search'
+require 'simp/cli/config/item/dns_servers'
+require 'simp/cli/config/item/gateway'
+require 'simp/cli/config/item/hostname'
+require 'simp/cli/config/item/ipaddress'
+require 'simp/cli/config/item/netmask'
+require 'simp/cli/config/item/network_dhcp'
+
+require_relative( 'spec_helper' )
+
+describe Simp::Cli::Config::Item::HostnameConf do
+  before :each do
+    @ci = Simp::Cli::Config::Item::HostnameConf.new
+  end
+
+  # TODO: how to test this?
+  describe "#apply" do
+    it "will do everything right" do
+      skip "FIXME: how shall we test HostnameConf#apply()?"
+    end
+  end
+
+  it_behaves_like "an Item that doesn't output YAML"
+end