-
Notifications
You must be signed in to change notification settings - Fork 78
Commit
- Loading branch information
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,75 @@ | ||
# @summary Manage faillock.conf | ||
# | ||
# @param config_file | ||
# The faillock config path | ||
# @param config_file_owner | ||
# The faillock config owner | ||
# @param config_file_group | ||
# The faillock config group | ||
# @param config_file_mode | ||
# The faillock config mode | ||
# @param config_file_template | ||
# The faillock config template | ||
# @param config_file_source | ||
# The faillock config source | ||
# @param dir | ||
# The faillock 'dir' config option | ||
# @param audit_enabled | ||
# The faillock 'audit' config option | ||
# @param silent | ||
# The faillock 'silent' config option | ||
# @param no_log_info | ||
# The faillock 'no_log_info' config option | ||
# @param local_users_only | ||
# The faillock 'local_users_only' config option | ||
# @param deny | ||
# The faillock 'deny' config option | ||
# @param fail_interval | ||
# The faillock 'fail_interval' config option | ||
# @param unlock_time | ||
# The faillock 'unlock_time' config option | ||
# @param even_deny_root | ||
# The faillock 'even_deny_root' config option | ||
# @param root_unlock_time | ||
# The faillock 'root_unlock_time' config option | ||
# @param admin_group | ||
# The faillock 'admin_group' config option | ||
# | ||
class pam::faillock ( | ||
Stdlib::Absolutepath $config_file = '/etc/security/faillock.conf', | ||
String[1] $config_file_owner = 'root', | ||
String[1] $config_file_group = 'root', | ||
Stdlib::Filemode $config_file_mode = '0644', | ||
String[1] $config_file_template = 'pam/faillock.conf.erb', | ||
Optional[Stdlib::Filesource] $config_file_source = undef, | ||
Stdlib::Absolutepath $dir = '/var/run/faillock', | ||
Optional[Boolean] $audit_enabled = undef, | ||
Optional[Boolean] $silent = undef, | ||
Optional[Boolean] $no_log_info = undef, | ||
Optional[Boolean] $local_users_only = undef, | ||
Integer $deny = 3, | ||
Integer $fail_interval = 900, | ||
Integer $unlock_time = 600, | ||
Optional[Boolean] $even_deny_root = undef, | ||
Integer $root_unlock_time = $unlock_time, | ||
Optional[String[1]] $admin_group = undef, | ||
) { | ||
include pam | ||
|
||
if $config_file_source { | ||
$_config_file_content = undef | ||
} else { | ||
$_config_file_content = template($config_file_template) | ||
} | ||
|
||
file { 'faillock.conf': | ||
ensure => 'file', | ||
path => $config_file, | ||
owner => $config_file_owner, | ||
group => $config_file_group, | ||
mode => $config_file_mode, | ||
content => $_config_file_content, | ||
source => $config_file_source, | ||
require => Package[$pam::package_name], | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,101 @@ | ||
require 'spec_helper' | ||
require 'spec_platforms' | ||
|
||
describe 'pam::faillock' do | ||
on_supported_os.each do |os, os_facts| | ||
# this function call mimic hiera data, it is sourced in from spec/spec_platforms.rb | ||
package_name = package_name(os) | ||
|
||
context "on #{os}" do | ||
let(:facts) { os_facts } | ||
let(:content) do | ||
<<-END.gsub(%r{^\s+\|}, '') | ||
|# This file is being maintained by Puppet. | ||
|# DO NOT EDIT | ||
|# | ||
|dir=/var/run/faillock | ||
|deny=3 | ||
|fail_interval=900 | ||
|unlock_time=600 | ||
|root_unlock_time=600 | ||
END | ||
end | ||
|
||
it { is_expected.to compile.with_all_deps } | ||
it { is_expected.to contain_class('pam') } | ||
|
||
it do | ||
is_expected.to contain_file('faillock.conf').with( | ||
'ensure' => 'file', | ||
'path' => '/etc/security/faillock.conf', | ||
'source' => nil, | ||
'content' => content, | ||
'owner' => 'root', | ||
'group' => 'root', | ||
'mode' => '0644', | ||
) | ||
end | ||
|
||
package_name.sort.each do |pkg| | ||
it { is_expected.to contain_file('faillock.conf').that_requires("Package[#{pkg}]") } | ||
end | ||
|
||
context 'with config_file set to a valid path' do | ||
let(:params) { { config_file: '/testing' } } | ||
|
||
it { is_expected.to contain_file('faillock.conf').with_path('/testing') } | ||
end | ||
|
||
context 'with config_file_source set to a valid string' do | ||
let(:params) { { config_file_source: 'puppet:///pam/unit_tests.erb' } } | ||
|
||
it { is_expected.to contain_file('faillock.conf').with_source('puppet:///pam/unit_tests.erb') } | ||
it { is_expected.to contain_file('faillock.conf').with_content(nil) } | ||
end | ||
|
||
context 'with config_file_mode set to a valid string' do | ||
let(:params) { { config_file_mode: '0242' } } | ||
|
||
it { is_expected.to contain_file('faillock.conf').with_mode('0242') } | ||
end | ||
|
||
context 'when config options are non-default' do | ||
let(:params) do | ||
{ | ||
dir: '/foo', | ||
audit: true, | ||
silent: true, | ||
no_log_info: true, | ||
local_users_only: true, | ||
deny: 1, | ||
fail_interval: 2, | ||
unlock_time: 3, | ||
even_deny_root: true, | ||
root_unlock_time: 4, | ||
admin_group: 'admins' | ||
} | ||
end | ||
let(:content) do | ||
<<-END.gsub(%r{^\s+\|}, '') | ||
|# This file is being maintained by Puppet. | ||
|# DO NOT EDIT | ||
|# | ||
|dir=/foo | ||
|audit | ||
|silent | ||
|no_log_info | ||
|local_users_only | ||
|deny=1 | ||
|fail_interval=2 | ||
|unlock_time=3 | ||
|even_deny_root | ||
|root_unlock_time=4 | ||
|admin_group=admins | ||
END | ||
end | ||
|
||
it { is_expected.to contain_file('faillock.conf').with_content(content) } | ||
Check failure on line 97 in spec/classes/faillock_spec.rb GitHub Actions / Puppet 8 (Ruby 3.2.2 fixtures=.fixtures-latest.yml)
Check failure on line 97 in spec/classes/faillock_spec.rb GitHub Actions / Puppet 8 (Ruby 3.2.2 fixtures=.fixtures-latest.yml)
Check failure on line 97 in spec/classes/faillock_spec.rb GitHub Actions / Puppet 8 (Ruby 3.2.2 fixtures=.fixtures-latest.yml)
Check failure on line 97 in spec/classes/faillock_spec.rb GitHub Actions / Puppet 8 (Ruby 3.2.2 fixtures=.fixtures-latest.yml)
Check failure on line 97 in spec/classes/faillock_spec.rb GitHub Actions / Puppet 8 (Ruby 3.2.2 fixtures=.fixtures-latest.yml)
Check failure on line 97 in spec/classes/faillock_spec.rb GitHub Actions / Puppet 8 (Ruby 3.2.2 fixtures=.fixtures-latest.yml)
Check failure on line 97 in spec/classes/faillock_spec.rb GitHub Actions / Puppet 8 (Ruby 3.2.2 fixtures=.fixtures-latest.yml)
Check failure on line 97 in spec/classes/faillock_spec.rb GitHub Actions / Puppet 8 (Ruby 3.2.2 fixtures=.fixtures-latest.yml)
Check failure on line 97 in spec/classes/faillock_spec.rb GitHub Actions / Puppet 8 (Ruby 3.2.2 fixtures=.fixtures-latest.yml)
Check failure on line 97 in spec/classes/faillock_spec.rb GitHub Actions / Puppet 8 (Ruby 3.2.2 fixtures=.fixtures-latest.yml)
Check failure on line 97 in spec/classes/faillock_spec.rb GitHub Actions / Puppet 8 (Ruby 3.2.2 fixtures=.fixtures.yml)
Check failure on line 97 in spec/classes/faillock_spec.rb GitHub Actions / Puppet 8 (Ruby 3.2.2 fixtures=.fixtures.yml)
Check failure on line 97 in spec/classes/faillock_spec.rb GitHub Actions / Puppet 8 (Ruby 3.2.2 fixtures=.fixtures.yml)
Check failure on line 97 in spec/classes/faillock_spec.rb GitHub Actions / Puppet 8 (Ruby 3.2.2 fixtures=.fixtures.yml)
Check failure on line 97 in spec/classes/faillock_spec.rb GitHub Actions / Puppet 8 (Ruby 3.2.2 fixtures=.fixtures.yml)
Check failure on line 97 in spec/classes/faillock_spec.rb GitHub Actions / Puppet 8 (Ruby 3.2.2 fixtures=.fixtures.yml)
Check failure on line 97 in spec/classes/faillock_spec.rb GitHub Actions / Puppet 8 (Ruby 3.2.2 fixtures=.fixtures.yml)
Check failure on line 97 in spec/classes/faillock_spec.rb GitHub Actions / Puppet 8 (Ruby 3.2.2 fixtures=.fixtures.yml)
Check failure on line 97 in spec/classes/faillock_spec.rb GitHub Actions / Puppet 8 (Ruby 3.2.2 fixtures=.fixtures.yml)
Check failure on line 97 in spec/classes/faillock_spec.rb GitHub Actions / Puppet 8 (Ruby 3.2.2 fixtures=.fixtures.yml)
Check failure on line 97 in spec/classes/faillock_spec.rb GitHub Actions / Puppet 7 (Ruby 2.7.8 fixtures=.fixtures.yml)
Check failure on line 97 in spec/classes/faillock_spec.rb GitHub Actions / Puppet 7 (Ruby 2.7.8 fixtures=.fixtures.yml)
Check failure on line 97 in spec/classes/faillock_spec.rb GitHub Actions / Puppet 7 (Ruby 2.7.8 fixtures=.fixtures.yml)
Check failure on line 97 in spec/classes/faillock_spec.rb GitHub Actions / Puppet 7 (Ruby 2.7.8 fixtures=.fixtures.yml)
Check failure on line 97 in spec/classes/faillock_spec.rb GitHub Actions / Puppet 7 (Ruby 2.7.8 fixtures=.fixtures.yml)
Check failure on line 97 in spec/classes/faillock_spec.rb GitHub Actions / Puppet 7 (Ruby 2.7.8 fixtures=.fixtures.yml)
Check failure on line 97 in spec/classes/faillock_spec.rb GitHub Actions / Puppet 7 (Ruby 2.7.8 fixtures=.fixtures.yml)
Check failure on line 97 in spec/classes/faillock_spec.rb GitHub Actions / Puppet 7 (Ruby 2.7.8 fixtures=.fixtures.yml)
Check failure on line 97 in spec/classes/faillock_spec.rb GitHub Actions / Puppet 7 (Ruby 2.7.8 fixtures=.fixtures.yml)
Check failure on line 97 in spec/classes/faillock_spec.rb GitHub Actions / Puppet 7 (Ruby 2.7.8 fixtures=.fixtures.yml)
Check failure on line 97 in spec/classes/faillock_spec.rb GitHub Actions / Puppet 7 (Ruby 2.7.8 fixtures=.fixtures-latest.yml)
Check failure on line 97 in spec/classes/faillock_spec.rb GitHub Actions / Puppet 7 (Ruby 2.7.8 fixtures=.fixtures-latest.yml)
Check failure on line 97 in spec/classes/faillock_spec.rb GitHub Actions / Puppet 7 (Ruby 2.7.8 fixtures=.fixtures-latest.yml)
Check failure on line 97 in spec/classes/faillock_spec.rb GitHub Actions / Puppet 7 (Ruby 2.7.8 fixtures=.fixtures-latest.yml)
Check failure on line 97 in spec/classes/faillock_spec.rb GitHub Actions / Puppet 7 (Ruby 2.7.8 fixtures=.fixtures-latest.yml)
Check failure on line 97 in spec/classes/faillock_spec.rb GitHub Actions / Puppet 7 (Ruby 2.7.8 fixtures=.fixtures-latest.yml)
Check failure on line 97 in spec/classes/faillock_spec.rb GitHub Actions / Puppet 7 (Ruby 2.7.8 fixtures=.fixtures-latest.yml)
Check failure on line 97 in spec/classes/faillock_spec.rb GitHub Actions / Puppet 7 (Ruby 2.7.8 fixtures=.fixtures-latest.yml)
Check failure on line 97 in spec/classes/faillock_spec.rb GitHub Actions / Puppet 7 (Ruby 2.7.8 fixtures=.fixtures-latest.yml)
Check failure on line 97 in spec/classes/faillock_spec.rb GitHub Actions / Puppet 7 (Ruby 2.7.8 fixtures=.fixtures-latest.yml)
|
||
end | ||
end | ||
end | ||
end |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
# This file is being maintained by Puppet. | ||
# DO NOT EDIT | ||
# | ||
dir=<%= @dir %> | ||
<% if @audit_enabled -%> | ||
audit | ||
<% end -%> | ||
<% if @silent -%> | ||
silent | ||
<% end -%> | ||
<% if @no_log_info -%> | ||
no_log_info | ||
<% end -%> | ||
<% if @local_users_only -%> | ||
local_users_only | ||
<% end -%> | ||
deny=<%= @deny %> | ||
fail_interval=<%= @fail_interval %> | ||
unlock_time=<%= @unlock_time %> | ||
<% if @even_deny_root -%> | ||
even_deny_root | ||
<% end -%> | ||
root_unlock_time=<%= @root_unlock_time %> | ||
<% if @admin_group -%> | ||
admin_group=<%= @admin_group %> | ||
<% end -%> |