diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 12ed4ff1..021af66a 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -1,4 +1,4 @@ -FROM puppet/pdk:latest +FROM --platform=x86_64 puppet/pdk:latest # [Optional] Uncomment this section to install additional packages. # RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \ diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index fe7a8b12..cdd65d22 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -5,7 +5,7 @@ "settings": { "terminal.integrated.profiles.linux": { "bash": { - "path": "bash", + "path": "bash" } } }, diff --git a/.fixtures.yml b/.fixtures.yml index 02c2eb77..de2f16d3 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -5,4 +5,4 @@ fixtures: logrotate: "puppet/logrotate" rsyslog: "saz/rsyslog" stdlib: "puppetlabs/stdlib" - systemd: "camptocamp/systemd" + systemd: "puppet/systemd" diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index e2808ab4..87601740 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -11,13 +11,13 @@ jobs: steps: - name: Get latest tag id: vars - run: echo ::set-output name=tag::${GITHUB_REF:10} + run: echo "{tag}=${GITHUB_REF:10}" >> $GITHUB_OUTPUT - name: Clone repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: ref: ${{ steps.vars.outputs.tag }} - name: Build and publish module - uses: barnumbirr/action-forge-publish@v2.8.0 + uses: barnumbirr/action-forge-publish@v2 env: FORGE_API_KEY: ${{ secrets.FORGE_API_KEY }} REPOSITORY_URL: https://forgeapi.puppet.com/v3/releases diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 4b39db11..eeb6512e 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Clone repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Run unit tests uses: puppets-epic-show-theatre/action-pdk-test-unit@v1 @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Clone repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Run PDK validate uses: puppets-epic-show-theatre/action-pdk-validate@v1 diff --git a/.gitignore b/.gitignore index 988dcbbe..3f155121 100644 --- a/.gitignore +++ b/.gitignore @@ -16,7 +16,7 @@ /log/ /pkg/ /spec/fixtures/manifests/ -/spec/fixtures/modules/ +/spec/fixtures/modules/* /tmp/ /vendor/ /convert_report.txt diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index 6d5e786c..00000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,53 +0,0 @@ ---- -stages: - - syntax - - unit - -default: - cache: - paths: - - vendor/bundle - - before_script: &before_script - - bundle -v - - rm Gemfile.lock || true - - "# Update system gems if requested. This is useful to temporarily workaround troubles in the test runner" - - "# Set `rubygems_version` in the .sync.yml to set a value" - - "# Ignore exit code of SIGPIPE'd yes to not fail with shell's pipefail set" - - '[ -z "$RUBYGEMS_VERSION" ] || (yes || true) | gem update --system $RUBYGEMS_VERSION' - - gem --version - - bundle -v - - bundle install --without system_tests --path vendor/bundle --jobs $(nproc) - -validate lint check rubocop-Ruby 2.5.7-Puppet ~> 6: - stage: syntax - image: ruby:2.5.7 - script: - - bundle exec rake validate lint check rubocop - variables: - PUPPET_GEM_VERSION: '~> 6' - -parallel_spec-Ruby 2.5.7-Puppet ~> 6: - stage: unit - image: ruby:2.5.7 - script: - - bundle exec rake parallel_spec - variables: - PUPPET_GEM_VERSION: '~> 6' - -validate lint check rubocop-Ruby 2.7.2-Puppet ~> 7: - stage: syntax - image: ruby:2.7.2 - script: - - bundle exec rake validate lint check rubocop - variables: - PUPPET_GEM_VERSION: '~> 7' - -parallel_spec-Ruby 2.7.2-Puppet ~> 7: - stage: unit - image: ruby:2.7.2 - script: - - bundle exec rake parallel_spec - variables: - PUPPET_GEM_VERSION: '~> 7' - diff --git a/.pdkignore b/.pdkignore index c538bea8..584438f9 100644 --- a/.pdkignore +++ b/.pdkignore @@ -16,7 +16,7 @@ /log/ /pkg/ /spec/fixtures/manifests/ -/spec/fixtures/modules/ +/spec/fixtures/modules/* /tmp/ /vendor/ /convert_report.txt @@ -26,20 +26,16 @@ .envrc /inventory.yaml /spec/fixtures/litmus_inventory.yaml -/appveyor.yml -/.editorconfig /.fixtures.yml /Gemfile /.gitattributes /.gitignore -/.gitlab-ci.yml /.pdkignore /.puppet-lint.rc /Rakefile /rakelib/ /.rspec -/.rubocop.yml -/.travis.yml +/..yml /.yardopts /spec/ /.vscode/ diff --git a/.rubocop.yml b/.rubocop.yml index 31e8248f..5be1f9fa 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -4,7 +4,7 @@ require: - rubocop-rspec AllCops: DisplayCopNames: true - TargetRubyVersion: '2.5' + TargetRubyVersion: '2.6' Include: - "**/*.rb" Exclude: @@ -111,8 +111,14 @@ Style/MethodCalledOnDoEndBlock: Enabled: true Style/StringMethods: Enabled: true +Bundler/GemFilename: + Enabled: false Bundler/InsecureProtocolSource: Enabled: false +Capybara/CurrentPathExpectation: + Enabled: false +Capybara/VisibilityMatcher: + Enabled: false Gemspec/DuplicatedAssignment: Enabled: false Gemspec/OrderedDependencies: @@ -287,11 +293,9 @@ Performance/UriDefaultParser: Enabled: false RSpec/Be: Enabled: false -RSpec/Capybara/CurrentPathExpectation: - Enabled: false RSpec/Capybara/FeatureMethods: Enabled: false -RSpec/Capybara/VisibilityMatcher: +RSpec/ContainExactly: Enabled: false RSpec/ContextMethod: Enabled: false @@ -331,6 +335,8 @@ RSpec/LeakyConstantDeclaration: Enabled: false RSpec/LetBeforeExamples: Enabled: false +RSpec/MatchArray: + Enabled: false RSpec/MissingExampleGroupArgument: Enabled: false RSpec/MultipleExpectations: @@ -373,8 +379,6 @@ Style/AccessModifierDeclarations: Enabled: false Style/AccessorGrouping: Enabled: false -Style/AsciiComments: - Enabled: false Style/BisectedAttrAccessor: Enabled: false Style/CaseLikeIf: @@ -485,35 +489,235 @@ Style/TrailingMethodEndStatement: Enabled: false Style/UnpackFirst: Enabled: false +Capybara/MatchStyle: + Enabled: false +Capybara/NegationMatcher: + Enabled: false +Capybara/SpecificActions: + Enabled: false +Capybara/SpecificFinders: + Enabled: false +Capybara/SpecificMatcher: + Enabled: false +Gemspec/DeprecatedAttributeAssignment: + Enabled: false +Gemspec/DevelopmentDependencies: + Enabled: false +Gemspec/RequireMFA: + Enabled: false +Layout/LineContinuationLeadingSpace: + Enabled: false +Layout/LineContinuationSpacing: + Enabled: false +Layout/LineEndStringConcatenationIndentation: + Enabled: false +Layout/SpaceBeforeBrackets: + Enabled: false +Lint/AmbiguousAssignment: + Enabled: false +Lint/AmbiguousOperatorPrecedence: + Enabled: false +Lint/AmbiguousRange: + Enabled: false +Lint/ConstantOverwrittenInRescue: + Enabled: false +Lint/DeprecatedConstants: + Enabled: false Lint/DuplicateBranch: Enabled: false +Lint/DuplicateMagicComment: + Enabled: false Lint/DuplicateRegexpCharacterClassElement: Enabled: false Lint/EmptyBlock: Enabled: false Lint/EmptyClass: Enabled: false +Lint/EmptyInPattern: + Enabled: false +Lint/IncompatibleIoSelectWithFiberScheduler: + Enabled: false +Lint/LambdaWithoutLiteralBlock: + Enabled: false Lint/NoReturnInBeginEndBlocks: Enabled: false +Lint/NonAtomicFileOperation: + Enabled: false +Lint/NumberedParameterAssignment: + Enabled: false +Lint/OrAssignmentToConstant: + Enabled: false +Lint/RedundantDirGlobSort: + Enabled: false +Lint/RefinementImportMethods: + Enabled: false +Lint/RequireRangeParentheses: + Enabled: false +Lint/RequireRelativeSelfPath: + Enabled: false +Lint/SymbolConversion: + Enabled: false Lint/ToEnumArguments: Enabled: false +Lint/TripleQuotes: + Enabled: false Lint/UnexpectedBlockArity: Enabled: false Lint/UnmodifiedReduceAccumulator: Enabled: false +Lint/UselessRescue: + Enabled: false +Lint/UselessRuby2Keywords: + Enabled: false +Metrics/CollectionLiteralLength: + Enabled: false +Naming/BlockForwarding: + Enabled: false Performance/CollectionLiteralInLoop: Enabled: false +Performance/ConcurrentMonotonicTime: + Enabled: false +Performance/MapCompact: + Enabled: false +Performance/RedundantEqualityComparisonBlock: + Enabled: false +Performance/RedundantSplitRegexpArgument: + Enabled: false +Performance/StringIdentifierArgument: + Enabled: false +RSpec/BeEq: + Enabled: false +RSpec/BeNil: + Enabled: false +RSpec/ChangeByZero: + Enabled: false +RSpec/ClassCheck: + Enabled: false +RSpec/DuplicatedMetadata: + Enabled: false +RSpec/ExcessiveDocstringSpacing: + Enabled: false +RSpec/FactoryBot/ConsistentParenthesesStyle: + Enabled: false +RSpec/FactoryBot/FactoryNameStyle: + Enabled: false +RSpec/FactoryBot/SyntaxMethods: + Enabled: false +RSpec/IdenticalEqualityAssertion: + Enabled: false +RSpec/NoExpectationExample: + Enabled: false +RSpec/PendingWithoutReason: + Enabled: false +RSpec/Rails/AvoidSetupHook: + Enabled: false +RSpec/Rails/HaveHttpStatus: + Enabled: false +RSpec/Rails/InferredSpecType: + Enabled: false +RSpec/Rails/MinitestAssertions: + Enabled: false +RSpec/Rails/TravelAround: + Enabled: false +RSpec/RedundantAround: + Enabled: false +RSpec/SkipBlockInsideExample: + Enabled: false +RSpec/SortMetadata: + Enabled: false +RSpec/SubjectDeclaration: + Enabled: false +RSpec/VerifiedDoubleReference: + Enabled: false +Security/CompoundHash: + Enabled: false +Security/IoMethods: + Enabled: false Style/ArgumentsForwarding: Enabled: false +Style/ArrayIntersect: + Enabled: false Style/CollectionCompact: Enabled: false +Style/ComparableClamp: + Enabled: false +Style/ConcatArrayLiterals: + Enabled: false +Style/DirEmpty: + Enabled: false Style/DocumentDynamicEvalDefinition: Enabled: false +Style/EmptyHeredoc: + Enabled: false +Style/EndlessMethod: + Enabled: false +Style/EnvHome: + Enabled: false +Style/FetchEnvVar: + Enabled: false +Style/FileEmpty: + Enabled: false +Style/FileRead: + Enabled: false +Style/FileWrite: + Enabled: false +Style/HashConversion: + Enabled: false +Style/HashExcept: + Enabled: false +Style/IfWithBooleanLiteralBranches: + Enabled: false +Style/InPatternThen: + Enabled: false +Style/MagicCommentFormat: + Enabled: false +Style/MapCompactWithConditionalBlock: + Enabled: false +Style/MapToHash: + Enabled: false +Style/MapToSet: + Enabled: false +Style/MinMaxComparison: + Enabled: false +Style/MultilineInPatternThen: + Enabled: false Style/NegatedIfElseCondition: Enabled: false +Style/NestedFileDirname: + Enabled: false Style/NilLambda: Enabled: false +Style/NumberedParameters: + Enabled: false +Style/NumberedParametersLimit: + Enabled: false +Style/ObjectThen: + Enabled: false +Style/OpenStructUse: + Enabled: false +Style/OperatorMethodCall: + Enabled: false +Style/QuotedSymbols: + Enabled: false Style/RedundantArgument: Enabled: false +Style/RedundantConstantBase: + Enabled: false +Style/RedundantDoubleSplatHashBraces: + Enabled: false +Style/RedundantEach: + Enabled: false +Style/RedundantHeredocDelimiterQuotes: + Enabled: false +Style/RedundantInitialize: + Enabled: false +Style/RedundantSelfAssignmentBranch: + Enabled: false +Style/RedundantStringEscape: + Enabled: false +Style/SelectByRegexp: + Enabled: false +Style/StringChars: + Enabled: false Style/SwapValues: Enabled: false diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 444e17ac..00000000 --- a/.travis.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -os: linux -dist: xenial -language: ruby -cache: bundler -before_install: - - bundle -v - - rm -f Gemfile.lock - - "# Update system gems if requested. This is useful to temporarily workaround troubles in the test runner" - - "# See https://github.com/puppetlabs/pdk-templates/commit/705154d5c437796b821691b707156e1b056d244f for an example of how this was used" - - "# Ignore exit code of SIGPIPE'd yes to not fail with shell's pipefail set" - - '[ -z "$RUBYGEMS_VERSION" ] || (yes || true) | gem update --system $RUBYGEMS_VERSION' - - gem --version - - bundle -v -script: - - 'bundle exec rake $CHECK' -bundler_args: --without system_tests -rvm: - - 2.5.7 -stages: - - static - - spec - - acceptance - - - if: tag =~ ^v\d - name: deploy -jobs: - fast_finish: true - include: - - - env: CHECK="validate lint check rubocop" - stage: static - - - env: PUPPET_GEM_VERSION="~> 6.0" CHECK=parallel_spec - rvm: 2.5.7 - stage: spec - - - env: DEPLOY_TO_FORGE=yes - stage: deploy -branches: - only: - - main - - /^v\d/ -notifications: - email: false diff --git a/Gemfile b/Gemfile index 4ffa7860..add18735 100644 --- a/Gemfile +++ b/Gemfile @@ -14,30 +14,31 @@ def location_for(place_or_version, fake_version = nil) end group :development do - gem "json", '= 2.1.0', require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) - gem "json", '= 2.3.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) - gem "json", '= 2.5.1', require: false if Gem::Requirement.create(['>= 3.0.0', '< 3.0.5']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) - gem "json", '= 2.6.1', require: false if Gem::Requirement.create(['>= 3.1.0', '< 3.1.3']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) - gem "json", '= 2.6.3', require: false if Gem::Requirement.create(['>= 3.2.0', '< 4.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) - gem "voxpupuli-puppet-lint-plugins", '~> 3.1', require: false - gem "facterdb", '~> 1.18', require: false - gem "metadata-json-lint", '>= 2.0.2', '< 4.0.0', require: false - gem "puppetlabs_spec_helper", '>= 3.0.0', '< 5.0.0', require: false - gem "rspec-puppet-facts", '~> 2.0', require: false - gem "codecov", '~> 0.2', require: false - gem "dependency_checker", '~> 0.2', require: false - gem "parallel_tests", '~> 3.4', require: false - gem "pry", '~> 0.10', require: false - gem "simplecov-console", '~> 0.5', require: false - gem "puppet-debugger", '~> 1.0', require: false - gem "rubocop", '= 1.6.1', require: false - gem "rubocop-performance", '= 1.9.1', require: false - gem "rubocop-rspec", '= 2.0.1', require: false - gem "rb-readline", '= 0.5.5', require: false, platforms: [:mswin, :mingw, :x64_mingw] + gem "json", '= 2.1.0', require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "json", '= 2.3.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "json", '= 2.5.1', require: false if Gem::Requirement.create(['>= 3.0.0', '< 3.0.5']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "json", '= 2.6.1', require: false if Gem::Requirement.create(['>= 3.1.0', '< 3.1.3']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "json", '= 2.6.3', require: false if Gem::Requirement.create(['>= 3.2.0', '< 4.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "racc", '~> 1.4.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "voxpupuli-puppet-lint-plugins", '~> 5.0', require: false + gem "facterdb", '~> 1.18', require: false + gem "metadata-json-lint", '~> 3.0', require: false + gem "puppetlabs_spec_helper", '~> 6.0', require: false + gem "rspec-puppet-facts", '~> 2.0', require: false + gem "codecov", '~> 0.2', require: false + gem "dependency_checker", '~> 1.0.0', require: false + gem "parallel_tests", '= 3.12.1', require: false + gem "pry", '~> 0.10', require: false + gem "simplecov-console", '~> 0.5', require: false + gem "puppet-debugger", '~> 1.0', require: false + gem "rubocop", '= 1.48.1', require: false + gem "rubocop-performance", '= 1.16.0', require: false + gem "rubocop-rspec", '= 2.19.0', require: false + gem "rb-readline", '= 0.5.5', require: false, platforms: [:mswin, :mingw, :x64_mingw] end group :system_tests do - gem "puppet_litmus", '< 1.0.0', require: false, platforms: [:ruby] - gem "serverspec", '~> 2.41', require: false + gem "puppet_litmus", '~> 1.0', require: false, platforms: [:ruby, :x64_mingw] + gem "serverspec", '~> 2.41', require: false end puppet_version = ENV['PUPPET_GEM_VERSION'] diff --git a/Rakefile b/Rakefile index 0f8754eb..74415a96 100644 --- a/Rakefile +++ b/Rakefile @@ -1,12 +1,11 @@ # frozen_string_literal: true require 'bundler' -require 'puppet_litmus/rake_tasks' if Bundler.rubygems.find_name('puppet_litmus').any? +require 'puppet_litmus/rake_tasks' if Gem.loaded_specs.key? 'puppet_litmus' require 'puppetlabs_spec_helper/rake_tasks' require 'puppet-syntax/tasks/puppet-syntax' -require 'puppet_blacksmith/rake_tasks' if Bundler.rubygems.find_name('puppet-blacksmith').any? -require 'github_changelog_generator/task' if Bundler.rubygems.find_name('github_changelog_generator').any? -require 'puppet-strings/tasks' if Bundler.rubygems.find_name('puppet-strings').any? +require 'github_changelog_generator/task' if Gem.loaded_specs.key? 'github_changelog_generator' +require 'puppet-strings/tasks' if Gem.loaded_specs.key? 'puppet-strings' def changelog_user return unless Rake.application.top_level_tasks.include? "changelog" @@ -44,7 +43,7 @@ end PuppetLint.configuration.send('disable_relative') -if Bundler.rubygems.find_name('github_changelog_generator').any? +if Gem.loaded_specs.key? 'github_changelog_generator' GitHubChangelogGenerator::RakeTask.new :changelog do |config| raise "Set CHANGELOG_GITHUB_TOKEN environment variable eg 'export CHANGELOG_GITHUB_TOKEN=valid_token_here'" if Rake.application.top_level_tasks.include? "changelog" and ENV['CHANGELOG_GITHUB_TOKEN'].nil? config.user = "#{changelog_user}" diff --git a/manifests/attr.pp b/manifests/attr.pp index f44c0856..cfceb69d 100644 --- a/manifests/attr.pp +++ b/manifests/attr.pp @@ -6,27 +6,24 @@ Optional[String] $prefix = 'filter', Optional[Freeradius::Boolean] $relaxed = undef, ) { - $fr_package = $::freeradius::params::fr_package - $fr_service = $::freeradius::params::fr_service - $fr_basepath = $::freeradius::params::fr_basepath $fr_group = $::freeradius::params::fr_group $fr_moduleconfigpath = $::freeradius::params::fr_moduleconfigpath - $fr_modulepath = $::freeradius::params::fr_modulepath # Install the attribute filter snippet - file { "${fr_moduleconfigpath}/attr_filter/${name}": + file { "freeradius attr_filter/${name}": ensure => $ensure, + path => "${fr_moduleconfigpath}/attr_filter/${name}", mode => '0640', owner => 'root', group => $fr_group, source => $source, - require => [Package[$fr_package], Group[$fr_group]], - notify => Service[$fr_service], + require => [Package['freeradius'], Group['radiusd']], + notify => Service['radiusd'], } # Reference all attribute snippets in one file - concat::fragment { "attr-${name}": - target => "${fr_basepath}/mods-available/attr_filter", + concat::fragment { "freeradius attr-${name}": + target => 'freeradius mods-available/attr_filter', content => template('freeradius/attr.erb'), order => 20, } diff --git a/manifests/blank.pp b/manifests/blank.pp index 408e1f02..b0eae925 100644 --- a/manifests/blank.pp +++ b/manifests/blank.pp @@ -1,21 +1,20 @@ # Blank unneeded config files to reduce complexity define freeradius::blank { - $fr_package = $::freeradius::params::fr_package - $fr_service = $::freeradius::params::fr_service $fr_basepath = $::freeradius::params::fr_basepath $fr_group = $::freeradius::params::fr_group - file { "${fr_basepath}/${name}": + file { "freeradius ${name}": + path => "${fr_basepath}/${name}", mode => '0644', owner => 'root', group => $fr_group, - require => [File[$fr_basepath], Package[$fr_package], Group[$fr_group]], - notify => Service[$fr_service], + require => [File['freeradius raddb'], Package['freeradius'], Group['radiusd']], + notify => Service['radiusd'], content => @(BLANK/L), - # This file is intentionally left blank to reduce complexity. \ - Blanking it but leaving it present is safer than deleting it, \ - since the package manager will replace some files if they are \ - deleted, leading to unexpected behaviour! - |-BLANK + # This file is intentionally left blank to reduce complexity. \ + Blanking it but leaving it present is safer than deleting it, \ + since the package manager will replace some files if they are \ + deleted, leading to unexpected behaviour! + |-BLANK } } diff --git a/manifests/cert.pp b/manifests/cert.pp index 89c2764b..d334d1ff 100644 --- a/manifests/cert.pp +++ b/manifests/cert.pp @@ -5,8 +5,6 @@ Optional[String] $type = 'key', Freeradius::Ensure $ensure = present, ) { - $fr_package = $::freeradius::params::fr_package - $fr_service = $::freeradius::params::fr_service $fr_basepath = $::freeradius::params::fr_basepath $fr_group = $::freeradius::params::fr_group @@ -16,15 +14,16 @@ default => '0644', } - file { "${fr_basepath}/certs/${name}": + file { "freeradius certs/${name}": ensure => $ensure, + path => "${fr_basepath}/certs/${name}", mode => $permission, owner => 'root', group => $fr_group, source => $source, content => $content, show_diff => false, - require => [File["${fr_basepath}/certs"], Package[$fr_package], Group[$fr_group]], - notify => Service[$fr_service], + require => [File['freeradius certs'], Package['freeradius'], Group['radiusd']], + notify => Service['radiusd'], } } diff --git a/manifests/client.pp b/manifests/client.pp index 1bbf8727..f8fc7e4d 100644 --- a/manifests/client.pp +++ b/manifests/client.pp @@ -37,19 +37,18 @@ Variant[Array, Hash, String] $attributes = [], Optional[String] $huntgroups = undef, ) { - $fr_package = $::freeradius::params::fr_package - $fr_service = $::freeradius::params::fr_service $fr_basepath = $::freeradius::params::fr_basepath $fr_group = $::freeradius::params::fr_group - file { "${fr_basepath}/clients.d/${shortname}.conf": + file { "freeradius clients.d/${shortname}.conf": ensure => $ensure, + path => "${fr_basepath}/clients.d/${shortname}.conf", mode => '0640', owner => 'root', group => $fr_group, content => template('freeradius/client.conf.erb'), - require => [File["${fr_basepath}/clients.d"], Group[$fr_group]], - notify => Service[$fr_service], + require => [File['freeradius clients.d'], Group['radiusd']], + notify => Service['radiusd'], } if ($firewall and $ensure == 'present') { @@ -61,14 +60,14 @@ if $port { if $ip { - firewall { "100 ${shortname} ${port_description} v4": + firewall { "100 ${name} ${port_description} v4": proto => 'udp', dport => $port, action => 'accept', source => $ip, } } elsif $ip6 { - firewall { "100 ${shortname} ${port_description} v6": + firewall { "100 ${name} ${port_description} v6": proto => 'udp', dport => $port, action => 'accept', @@ -83,7 +82,7 @@ if $huntgroups { $huntgroups.each |$index, $huntgroup| { - freeradius::huntgroup { "huntgroup.client.${shortname}.${index}": + freeradius::huntgroup { "huntgroup.client.${name}.${index}": * => $huntgroup } } diff --git a/manifests/config.pp b/manifests/config.pp index 9492e9db..02bc67da 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -4,19 +4,18 @@ Optional[String] $content = undef, Freeradius::Ensure $ensure = present, ) { - $fr_package = $::freeradius::params::fr_package - $fr_service = $::freeradius::params::fr_service $fr_group = $::freeradius::params::fr_group $fr_moduleconfigpath = $::freeradius::params::fr_moduleconfigpath - file { "${fr_moduleconfigpath}/${name}": + file { "freeradius mods-config/${name}": ensure => $ensure, + path => "${fr_moduleconfigpath}/${name}", mode => '0640', owner => 'root', group => $fr_group, source => $source, content => $content, - require => [Package[$fr_package], Group[$fr_group]], - notify => Service[$fr_service], + require => [Package['freeradius'], Group['radiusd']], + notify => Service['radiusd'], } } diff --git a/manifests/dictionary.pp b/manifests/dictionary.pp index c18ca6cc..1b314051 100644 --- a/manifests/dictionary.pp +++ b/manifests/dictionary.pp @@ -5,8 +5,6 @@ Optional[Integer] $order = 50, Freeradius::Ensure $ensure = 'present', ) { - $fr_package = $::freeradius::params::fr_package - $fr_service = $::freeradius::params::fr_service $fr_basepath = $::freeradius::params::fr_basepath $fr_group = $::freeradius::params::fr_group @@ -15,15 +13,16 @@ } # Install dictionary in dictionary.d - file { "${fr_basepath}/dictionary.d/dictionary.${name}": + file { "freeradius dictionary.d/dictionary.${name}": ensure => $ensure, + path => "${fr_basepath}/dictionary.d/dictionary.${name}", mode => '0644', owner => 'root', group => $fr_group, source => $source, content => $content, - require => [File["${fr_basepath}/dictionary.d"], Package[$fr_package], Group[$fr_group]], - notify => Service[$fr_service], + require => [File['freeradius dictionary.d'], Package['freeradius'], Group['radiusd']], + notify => Service['radiusd'], } # Reference policy.d in the global includes file @@ -31,10 +30,10 @@ if ($ensure == 'present') { concat::fragment { "dictionary.${name}": - target => "${fr_basepath}/dictionary", + target => 'freeradius dictionary', content => "\$INCLUDE ${fr_basepath}/dictionary.d/dictionary.${name}", order => $order, - require => File["${fr_basepath}/dictionary.d/dictionary.${name}"], + require => File["freeradius dictionary.d/dictionary.${name}"], } } } diff --git a/manifests/home_server.pp b/manifests/home_server.pp index e3657952..dc431f9b 100644 --- a/manifests/home_server.pp +++ b/manifests/home_server.pp @@ -20,11 +20,9 @@ Optional[String] $virtual_server = undef, Optional[Integer] $zombie_period = undef, ) { - $fr_basepath = $::freeradius::params::fr_basepath - # Configure config fragment for this home server concat::fragment { "homeserver-${name}": - target => "${fr_basepath}/proxy.conf", + target => 'freeradius proxy.conf', content => template('freeradius/home_server.erb'), order => 10, } diff --git a/manifests/home_server_pool.pp b/manifests/home_server_pool.pp index bb3ae7d0..d45492e9 100644 --- a/manifests/home_server_pool.pp +++ b/manifests/home_server_pool.pp @@ -5,11 +5,9 @@ Optional[String] $virtual_server = undef, Optional[String] $fallback = undef, ) { - $fr_basepath = $::freeradius::params::fr_basepath - # Configure config fragment for this home server concat::fragment { "homeserverpool-${name}": - target => "${fr_basepath}/proxy.conf", + target => 'freeradius proxy.conf', content => template('freeradius/home_server_pool.erb'), order => 20, } diff --git a/manifests/huntgroup.pp b/manifests/huntgroup.pp index e137c11e..8827ca57 100644 --- a/manifests/huntgroup.pp +++ b/manifests/huntgroup.pp @@ -5,13 +5,10 @@ Optional[Array[String]] $conditions = [], Optional[Variant[String, Integer]] $order = 50, ) { - $fr_basepath = $::freeradius::params::fr_basepath - $fr_service = $::freeradius::params::fr_service - concat::fragment { "huntgroup.${title}": - target => "${fr_basepath}/mods-config/preprocess/huntgroups", + target => 'freeradius mods-config/preprocess/huntgroups', content => template('freeradius/huntgroup.erb'), order => $order, - notify => Service[$fr_service], + notify => Service['radiusd'], } } diff --git a/manifests/init.pp b/manifests/init.pp index 0e1c922a..b855fe20 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,27 +1,27 @@ # Base class to install FreeRADIUS class freeradius ( - Boolean $control_socket = false, - Integer $max_servers = 4096, - Integer $max_requests = 4096, - Integer $max_request_time = 30, - Boolean $mysql_support = false, - Boolean $pgsql_support = false, - Boolean $perl_support = false, - Boolean $utils_support = false, - Boolean $ldap_support = false, - Boolean $dhcp_support = false, - Boolean $krb5_support = false, - Boolean $wpa_supplicant = false, - Boolean $winbind_support = false, - String $log_destination = 'files', - Boolean $syslog = false, - String $syslog_facility = 'daemon', - Freeradius::Boolean $log_auth = 'no', - Boolean $preserve_mods = true, - Boolean $correct_escapes = true, - Boolean $manage_logpath = true, - Optional[String] $package_ensure = 'installed', - String $radacctdir = $freeradius::params::radacctdir, + Boolean $control_socket = false, + Integer $max_servers = 4096, + Integer $max_requests = 4096, + Integer $max_request_time = 30, + Boolean $mysql_support = false, + Boolean $pgsql_support = false, + Boolean $perl_support = false, + Boolean $utils_support = false, + Boolean $ldap_support = false, + Boolean $dhcp_support = false, + Boolean $krb5_support = false, + Boolean $wpa_supplicant = false, + Boolean $winbind_support = false, + Enum['files', 'syslog', 'stdout', 'stderr'] $log_destination = 'files', + Boolean $syslog = false, + String $syslog_facility = 'daemon', + Freeradius::Boolean $log_auth = 'no', + Boolean $preserve_mods = true, + Boolean $correct_escapes = true, + Boolean $manage_logpath = true, + Optional[String] $package_ensure = 'installed', + String $radacctdir = $freeradius::params::radacctdir, ) inherits freeradius::params { if $freeradius::fr_version !~ /^3/ { notify { 'This module is only compatible with FreeRADIUS 3.': } @@ -37,9 +37,6 @@ $fr_3_1 = false } - validate_re($log_destination, '^(files|syslog|stdout|stderr)$', - "log_destination value (${log_destination}) is not a valid value") - if $control_socket == true { warning(@(WARN/L) Use of the control_socket parameter in the freeradius class is deprecated. \ @@ -50,62 +47,80 @@ # Always restart the service after every module operation Freeradius::Module { - notify => Service[$freeradius::fr_service] + notify => Service['radiusd'] } - file { 'radiusd.conf': + file { 'freeradius radiusd.conf': name => "${freeradius::fr_basepath}/radiusd.conf", mode => '0644', owner => 'root', group => $freeradius::fr_group, content => template('freeradius/radiusd.conf.erb'), require => [Package[$freeradius::fr_package], Group[$freeradius::fr_group]], - notify => Service[$freeradius::fr_service], + notify => Service['radiusd'], } # Create various directories - file { [ - "${freeradius::fr_basepath}/statusclients.d", - $freeradius::fr_basepath, - "${freeradius::fr_basepath}/conf.d", - "${freeradius::fr_basepath}/attr.d", - "${freeradius::fr_basepath}/users.d", - "${freeradius::fr_basepath}/policy.d", - "${freeradius::fr_basepath}/dictionary.d", - "${freeradius::fr_basepath}/scripts", - "${freeradius::fr_basepath}/mods-config", - "${freeradius::fr_basepath}/mods-config/attr_filter", - "${freeradius::fr_basepath}/mods-config/preprocess", - "${freeradius::fr_basepath}/mods-config/sql", - "${freeradius::fr_basepath}/sites-available", - "${freeradius::fr_basepath}/mods-available", - ]: - ensure => directory, - mode => '0755', - owner => 'root', - group => $freeradius::fr_group, - require => [Package[$freeradius::fr_package], Group[$freeradius::fr_group]], - notify => Service[$freeradius::fr_service], + $dirs = { + 'freeradius statusclients.d' => "${freeradius::fr_basepath}/statusclients.d", + 'freeradius raddb' => $freeradius::fr_basepath, + 'freeradius conf.d' => "${freeradius::fr_basepath}/conf.d", + 'freeradius attr.d' => "${freeradius::fr_basepath}/attr.d", + 'freeradius users.d' => "${freeradius::fr_basepath}/users.d", + 'freeradius policy.d' => "${freeradius::fr_basepath}/policy.d", + 'freeradius dictionary.d' => "${freeradius::fr_basepath}/dictionary.d", + 'freeradius scripts' => "${freeradius::fr_basepath}/scripts", + 'freeradius mods-config' => "${freeradius::fr_basepath}/mods-config", + 'freeradius mods-config/attr_filter' => "${freeradius::fr_basepath}/mods-config/attr_filter", + 'freeradius mods-config/preprocess' => "${freeradius::fr_basepath}/mods-config/preprocess", + 'freeradius mods-config/sql' => "${freeradius::fr_basepath}/mods-config/sql", + 'freeradius sites-available' => "${freeradius::fr_basepath}/sites-available", + 'freeradius mods-available' => "${freeradius::fr_basepath}/mods-available", + } + $dirs.each |$name, $path| { + file { $name: + ensure => directory, + path => $path, + mode => '0755', + owner => 'root', + group => $freeradius::fr_group, + require => [Package['freeradius'], Group['radiusd']], + notify => Service['radiusd'], + } } # Create these directories separately so we can set purge option # Anything in these dirs NOT managed by puppet will be removed! - file { [ - "${freeradius::fr_basepath}/certs", - "${freeradius::fr_basepath}/clients.d", - "${freeradius::fr_basepath}/listen.d", - "${freeradius::fr_basepath}/sites-enabled", - "${freeradius::fr_basepath}/mods-enabled", - "${freeradius::fr_basepath}/instantiate", - ]: - ensure => directory, - purge => true, - recurse => true, - mode => '0755', - owner => 'root', - group => $freeradius::fr_group, - require => [Package[$freeradius::fr_package], Group[$freeradius::fr_group]], - notify => Service[$freeradius::fr_service], + $purged_dirs = { + 'freeradius certs' => "${freeradius::fr_basepath}/certs", + 'freeradius clients.d' => "${freeradius::fr_basepath}/clients.d", + 'freeradius listen.d' => "${freeradius::fr_basepath}/listen.d", + 'freeradius sites-enabled' => "${freeradius::fr_basepath}/sites-enabled", + 'freeradius mods-enabled' => "${freeradius::fr_basepath}/mods-enabled", + 'freeradius instantiate' => "${freeradius::fr_basepath}/instantiate", + } + $purged_dirs.each |$name, $path| { + file { $name: + ensure => directory, + path => $path, + purge => true, + recurse => true, + mode => '0755', + owner => 'root', + group => $freeradius::fr_group, + require => [Package['freeradius'], Group['radiusd']], + notify => Service['radiusd'], + } + } + + # Add systemd unit to override default file on RHEL8 systems. + if ($facts['os']['family'] == 'RedHat' and $facts['os']['release']['major'] == '8') { + systemd::dropin_file { 'freeradius remove bootstrap': + ensure => present, + filename => 'remove_bootstrap.conf', + unit => 'radiusd.service', + content => template('freeradius/systemd_dropin_rhel8.erb'), + } } # Preserve some stock modules @@ -145,140 +160,152 @@ # Set up concat policy file, as there is only one global policy # We also add standard header and footer - concat { "${freeradius::fr_basepath}/policy.conf": + concat { 'freeradius policy.conf': + path => "${freeradius::fr_basepath}/policy.conf", owner => 'root', group => $freeradius::fr_group, mode => '0640', ensure_newline => true, - require => [Package[$freeradius::fr_package], Group[$freeradius::fr_group]], - notify => Service[$freeradius::fr_service], + require => [Package['freeradius'], Group['radiusd']], + notify => Service['radiusd'], } concat::fragment { 'policy_header': - target => "${freeradius::fr_basepath}/policy.conf", + target => 'freeradius policy.conf', content => 'policy {', order => 10, } concat::fragment { 'policy_footer': - target => "${freeradius::fr_basepath}/policy.conf", + target => 'freeradius policy.conf', content => '}', order => '99', } # Set up concat template file - concat { "${freeradius::fr_basepath}/templates.conf": + concat { 'freeradius templates.conf': + path => "${freeradius::fr_basepath}/templates.conf", owner => 'root', group => $freeradius::fr_group, mode => '0640', ensure_newline => true, - require => [Package[$freeradius::fr_package], Group[$freeradius::fr_group]], - notify => Service[$freeradius::fr_service], + require => [Package['freeradius'], Group['radiusd']], + notify => Service['radiusd'], } concat::fragment { 'template_header': - target => "${freeradius::fr_basepath}/templates.conf", + target => 'freeradius templates.conf', source => 'puppet:///modules/freeradius/template.header', order => '05', } concat::fragment { 'template_footer': - target => "${freeradius::fr_basepath}/templates.conf", + target => 'freeradius templates.conf', content => '}', order => '95', } # Set up concat proxy file - concat { "${freeradius::fr_basepath}/proxy.conf": + concat { 'freeradius proxy.conf': + path => "${freeradius::fr_basepath}/proxy.conf", owner => 'root', group => $freeradius::fr_group, mode => '0640', ensure_newline => true, - require => [Package[$freeradius::fr_package], Group[$freeradius::fr_group]], - notify => Service[$freeradius::fr_service], + require => [Package['freeradius'], Group['radiusd']], + notify => Service['radiusd'], } concat::fragment { 'proxy_header': - target => "${freeradius::fr_basepath}/proxy.conf", + target => 'freeradius proxy.conf', content => '# Proxy config', order => '05', } # Set up attribute filter file - concat { "${freeradius::fr_basepath}/mods-available/attr_filter": + concat { 'freeradius mods-available/attr_filter': + path => "${freeradius::fr_basepath}/mods-available/attr_filter", owner => 'root', group => $freeradius::fr_group, mode => '0640', ensure_newline => true, - require => [Package[$freeradius::fr_package], Group[$freeradius::fr_group]], - notify => Service[$freeradius::fr_service], + require => [Package['freeradius'], Group['radiusd']], + notify => Service['radiusd'], } - file { "${freeradius::fr_modulepath}/attr_filter": + file { 'freeradius mods-enabled/attr_filter': ensure => link, + path => "${freeradius::fr_modulepath}/attr_filter", target => '../mods-available/attr_filter', - notify => Service[$freeradius::fr_service], + notify => Service['radiusd'], } # Install default attribute filters concat::fragment { 'attr-default': - target => "${freeradius::fr_basepath}/mods-available/attr_filter", + target => 'freeradius mods-available/attr_filter', content => template('freeradius/attr_default.erb'), order => 10, } # Manage the file permissions for files defined in attr_filter - file { [ - "${freeradius::fr_basepath}/mods-config/attr_filter/access_challenge", - "${freeradius::fr_basepath}/mods-config/attr_filter/access_reject", - "${freeradius::fr_basepath}/mods-config/attr_filter/accounting_response", - "${freeradius::fr_basepath}/mods-config/attr_filter/post-proxy", - "${freeradius::fr_basepath}/mods-config/attr_filter/pre-proxy", - ]: - ensure => 'present', - mode => '0640', - owner => 'root', - group => $freeradius::fr_group, - require => [Package[$freeradius::fr_package], Group[$freeradius::fr_group]], - notify => Service[$freeradius::fr_service], + $attr_filter_files = { + 'freeradius mods-config/attr_filter/access_challenge' => "${freeradius::fr_basepath}/mods-config/attr_filter/access_challenge", + 'freeradius mods-config/attr_filter/access_reject' => "${freeradius::fr_basepath}/mods-config/attr_filter/access_reject", + 'freeradius mods-config/attr_filter/accounting_response' => "${freeradius::fr_basepath}/mods-config/attr_filter/accounting_response", + 'freeradius mods-config/attr_filter/post-proxy' => "${freeradius::fr_basepath}/mods-config/attr_filter/post-proxy", + 'freeradius mods-config/attr_filter/pre-proxy' => "${freeradius::fr_basepath}/mods-config/attr_filter/pre-proxy", + } + $attr_filter_files.each |$name, $path| { + file { $name: + ensure => present, + path => $path, + mode => '0640', + owner => 'root', + group => $freeradius::fr_group, + require => [Package['freeradius'], Group['radiusd']], + notify => Service['radiusd'], + } } # Install a slightly tweaked stock dictionary that includes # our custom dictionaries - concat { "${freeradius::fr_basepath}/dictionary": + concat { 'freeradius dictionary': + path => "${freeradius::fr_basepath}/dictionary", owner => 'root', group => $freeradius::fr_group, mode => '0644', ensure_newline => true, - require => [Package[$freeradius::fr_package], Group[$freeradius::fr_group]], + require => [Package['freeradius'], Group['radiusd']], } - concat::fragment { 'dictionary_header': - target => "${freeradius::fr_basepath}/dictionary", + concat::fragment { 'freeradius dictionary_header': + target => 'freeradius dictionary', source => 'puppet:///modules/freeradius/dictionary.header', order => 10, } - concat::fragment { 'dictionary_footer': - target => "${freeradius::fr_basepath}/dictionary", + concat::fragment { 'freeradius dictionary_footer': + target => 'freeradius dictionary', source => 'puppet:///modules/freeradius/dictionary.footer', order => 90, } # Install a huntgroups file - concat { "${freeradius::fr_basepath}/mods-config/preprocess/huntgroups": + concat { 'freeradius mods-config/preprocess/huntgroups': + path => "${freeradius::fr_basepath}/mods-config/preprocess/huntgroups", owner => 'root', group => $freeradius::fr_group, mode => '0640', ensure_newline => true, - require => [Package[$freeradius::fr_package], Group[$freeradius::fr_group]], - notify => Service[$freeradius::fr_service], + require => [Package['freeradius'], Group['radiusd']], + notify => Service['radiusd'], } - concat::fragment { 'huntgroups_header': - target => "${freeradius::fr_basepath}/mods-config/preprocess/huntgroups", + concat::fragment { 'freeradius huntgroups_header': + target => 'freeradius mods-config/preprocess/huntgroups', source => 'puppet:///modules/freeradius/huntgroups.header', order => 10, } # Fix the permissions on the hints file - file { "${freeradius::fr_basepath}/mods-config/preprocess/hints": - ensure => 'present', + file { 'freeradius mods-config/preprocess/hints': + ensure => present, + path => "${freeradius::fr_basepath}/mods-config/preprocess/hints", mode => '0640', owner => 'root', group => $freeradius::fr_group, - require => [Package[$freeradius::fr_package], Group[$freeradius::fr_group]], + require => [Package['freeradius'], Group['radiusd']], } # Install FreeRADIUS packages @@ -289,36 +316,43 @@ if $mysql_support { package { 'freeradius-mysql': ensure => $package_ensure, + name => 'freeradius-mysql', } } if $pgsql_support { package { 'freeradius-postgresql': ensure => $package_ensure, + name => 'freeradius-postgresql', } } if $perl_support { package { 'freeradius-perl': ensure => $package_ensure, + name => 'freeradius-perl', } } if $utils_support { package { 'freeradius-utils': ensure => $package_ensure, + name => 'freeradius-utils', } } if $ldap_support { package { 'freeradius-ldap': ensure => $package_ensure, + name => 'freeradius-ldap', } } if $dhcp_support { package { 'freeradius-dhcp': ensure => $package_ensure, + name => 'freeradius-dhcp', } } if $krb5_support { package { 'freeradius-krb5': ensure => $package_ensure, + name => 'freeradius-krb5', } } if $wpa_supplicant { @@ -330,10 +364,10 @@ # radiusd always tests its config before restarting the service, to avoid outage. If the config is not valid, the service # won't get restarted, and the puppet run will fail. - service { $freeradius::fr_service: + service { 'radiusd': ensure => running, name => $freeradius::fr_service, - require => [Exec['radiusd-config-test'], File['radiusd.conf'], User[$freeradius::fr_user], Package[$freeradius::fr_package],], + require => [Exec['radiusd-config-test'], File['freeradius radiusd.conf'], User['radiusd'], Package['freeradius'],], enable => true, hasstatus => $freeradius::fr_service_has_status, hasrestart => true, @@ -346,18 +380,20 @@ true => $freeradius::fr_wbpriv_user, default => undef, } - user { $freeradius::fr_user: + user { 'radiusd': ensure => present, + name => $freeradius::fr_user, groups => $fr_user_group, - require => Package[$freeradius::fr_package], + require => Package['freeradius'], } # We don't want to add the radiusd group but it must be defined # here so we can depend on it. WE depend on the FreeRADIUS # package to be sure that the group has been created. - group { $freeradius::fr_group: + group { 'radiusd': ensure => present, - require => Package[$freeradius::fr_package], + name => $freeradius::fr_group, + require => Package['freeradius'], } # Syslog rules @@ -369,21 +405,26 @@ if $manage_logpath { # Make the radius log dir traversable - file { [ - $freeradius::fr_logpath, - "${freeradius::fr_logpath}/radacct", - ]: - group => $freeradius::fr_group, - mode => '0750', - owner => $freeradius::fr_user, - require => Package[$freeradius::fr_package], + $logdirs = { + 'freeradius logdir' => $freeradius::fr_logpath, + 'freeradius logdir/radacct' => "${freeradius::fr_logpath}/radacct", + } + $logdirs.each |$name, $path| { + file { $name: + path => $path, + group => $freeradius::fr_group, + mode => '0750', + owner => $freeradius::fr_user, + require => Package['freeradius'], + } } - file { "${freeradius::fr_logpath}/radius.log": + file { 'freeradius radius.log': + path => "${freeradius::fr_logpath}/radius.log", owner => $freeradius::fr_user, group => $freeradius::fr_group, seltype => 'radiusd_log_t', - require => [Package[$freeradius::fr_package], User[$freeradius::fr_user], Group[$freeradius::fr_group]], + require => [Package['freeradius'], User['radiusd'], Group['radiusd']], } } @@ -422,24 +463,31 @@ # Placeholder resource for dh and random as they are dynamically generated, so they # exist in the catalogue and don't get purged - file { ["${freeradius::fr_basepath}/certs/dh", "${freeradius::fr_basepath}/certs/random"]: - require => Exec['dh', 'random'], + $cert_files = { + 'freeradius certs/dh' => "${freeradius::fr_basepath}/certs/dh", + 'freeradius certs/random' => "${freeradius::fr_basepath}/certs/random", + } + $cert_files.each |$name,$path| { + file { $name: + path => $path, + require => Exec['freeradius dh', 'freeradius random'], + } } # Generate global SSL parameters - exec { 'dh': + exec { 'freeradius dh': command => "openssl dhparam -out ${freeradius::fr_basepath}/certs/dh 1024", creates => "${freeradius::fr_basepath}/certs/dh", path => '/usr/bin', - require => File["${freeradius::fr_basepath}/certs"], + require => File['freeradius certs'], } # Generate global SSL parameters - exec { 'random': + exec { 'freeradius random': command => "dd if=/dev/urandom of=${freeradius::fr_basepath}/certs/random count=10 >/dev/null 2>&1", creates => "${freeradius::fr_basepath}/certs/random", path => '/bin', - require => File["${freeradius::fr_basepath}/certs"], + require => File['freeradius certs'], } # This exec tests the radius config and fails if it's bad @@ -454,16 +502,20 @@ # Blank a couple of default files that will break our config. This is more effective than deleting them # as they won't get overwritten when FR is upgraded from RPM, whereas missing files are replaced. - file { [ - "${freeradius::fr_basepath}/clients.conf", - "${freeradius::fr_basepath}/sql.conf", - ]: - content => '# FILE INTENTIONALLY BLANK', - mode => '0644', - owner => 'root', - group => $freeradius::fr_group, - require => [Package[$freeradius::fr_package], Group[$freeradius::fr_group]], - notify => Service[$freeradius::fr_service], + $blank_files = { + 'freeradius clients.conf' => "${freeradius::fr_basepath}/clients.conf", + 'freeradius sql.conf' => "${freeradius::fr_basepath}/sql.conf", + } + $blank_files.each |$name, $path| { + file { $name: + path => $path, + content => '# FILE INTENTIONALLY BLANK', + mode => '0644', + owner => 'root', + group => $freeradius::fr_group, + require => [Package['freeradius'], Group['radiusd']], + notify => Service['radiusd'], + } } # Delete *.rpmnew and *.rpmsave files from the radius config dir because diff --git a/manifests/instantiate.pp b/manifests/instantiate.pp index fd3bc4bd..3109792d 100644 --- a/manifests/instantiate.pp +++ b/manifests/instantiate.pp @@ -2,18 +2,17 @@ define freeradius::instantiate ( Freeradius::Ensure $ensure = present, ) { - $fr_package = $::freeradius::params::fr_package - $fr_service = $::freeradius::params::fr_service $fr_basepath = $::freeradius::params::fr_basepath $fr_group = $::freeradius::params::fr_group - file { "${fr_basepath}/instantiate/${name}": + file { "freeradius instantiate/${name}": ensure => $ensure, + path => "${fr_basepath}/instantiate/${name}", mode => '0640', owner => 'root', group => $fr_group, content => $name, - require => [Package[$fr_package], Group[$fr_group]], - notify => Service[$fr_service], + require => [Package['freeradius'], Group['radiusd']], + notify => Service['radiusd'], } } diff --git a/manifests/krb5.pp b/manifests/krb5.pp index a53c7720..919d1f34 100644 --- a/manifests/krb5.pp +++ b/manifests/krb5.pp @@ -8,24 +8,24 @@ Freeradius::Integer $spare = "\${thread[pool].max_spare_servers}", Freeradius::Ensure $ensure = 'present', ) { - $fr_package = $::freeradius::params::fr_package - $fr_service = $::freeradius::params::fr_service $fr_modulepath = $::freeradius::params::fr_modulepath $fr_basepath = $::freeradius::params::fr_basepath $fr_group = $::freeradius::params::fr_group # Generate a module config - file { "${fr_basepath}/mods-available/${name}": + file { "freeradius mods-available/${name}": ensure => $ensure, + path => "${fr_basepath}/mods-available/${name}", mode => '0640', owner => 'root', group => $fr_group, content => template('freeradius/krb5.erb'), - require => [Package[$fr_package], Group[$fr_group]], - notify => Service[$fr_service], + require => [Package['freeradius'], Group['radiusd']], + notify => Service['radiusd'], } - file { "${fr_modulepath}/${name}": + file { "freeradius mods-enabled/${name}": ensure => link, + path => "${fr_modulepath}/${name}", target => "../mods-available/${name}", } } diff --git a/manifests/listen.pp b/manifests/listen.pp index 4f177d9d..e73d2f25 100644 --- a/manifests/listen.pp +++ b/manifests/listen.pp @@ -13,8 +13,6 @@ Integer $lifetime = 0, Integer $idle_timeout = 30, ) { - $fr_package = $::freeradius::params::fr_package - $fr_service = $::freeradius::params::fr_service $fr_basepath = $::freeradius::params::fr_basepath $fr_group = $::freeradius::params::fr_group @@ -31,16 +29,17 @@ fail('Only one of ip or ip6 can be used') } - file { "${fr_basepath}/listen.d/${name}.conf": + file { "freeradius listen.d/${name}.conf": ensure => $ensure, + path => "${fr_basepath}/listen.d/${name}.conf", owner => 'root', group => $fr_group, mode => '0640', content => template('freeradius/listen.erb'), require => [ - File["${fr_basepath}/listen.d"], - Group[$fr_group], + File['freeradius listen.d'], + Group['radiusd'], ], - notify => Service[$fr_service], + notify => Service['radiusd'], } } diff --git a/manifests/module.pp b/manifests/module.pp index 17fbb142..2d273df1 100644 --- a/manifests/module.pp +++ b/manifests/module.pp @@ -5,8 +5,6 @@ Freeradius::Ensure $ensure = present, Boolean $preserve = false, ) { - $fr_package = $::freeradius::params::fr_package - $fr_service = $::freeradius::params::fr_service $fr_modulepath = $::freeradius::params::fr_modulepath $fr_basepath = $::freeradius::params::fr_basepath $fr_group = $::freeradius::params::fr_group @@ -18,28 +16,31 @@ if ($preserve) { # Symlink to mods-available for stock modules - file { "${fr_modulepath}/${name}": + file { "freeradius mods-enabled/${name}": ensure => $ensure_link, + path => "${fr_modulepath}/${name}", target => "../mods-available/${name}", - notify => Service[$fr_service], + notify => Service['radiusd'], } } else { # Deploy actual module to mods-available, and link it to mods-enabled - file { "${fr_basepath}/mods-available/${name}": + file { "freeradius mods-available/${name}": ensure => $ensure, + path => "${fr_basepath}/mods-available/${name}", mode => '0640', owner => 'root', group => $fr_group, source => $source, content => $content, - require => [Package[$fr_package], Group[$fr_group]], - notify => Service[$fr_service], + require => [Package['freeradius'], Group['radiusd']], + notify => Service['radiusd'], } - file { "${fr_modulepath}/${name}": + file { "freeradius mods-enabled/${name}": ensure => $ensure_link, + path => "${fr_modulepath}/${name}", target => "../mods-available/${name}", - require => File["${fr_basepath}/mods-available/${name}"], - notify => Service[$fr_service], + require => File["freeradius mods-available/${name}"], + notify => Service['radiusd'], } } } diff --git a/manifests/module/detail.pp b/manifests/module/detail.pp index 0dbecf45..e0fe6d07 100644 --- a/manifests/module/detail.pp +++ b/manifests/module/detail.pp @@ -9,12 +9,8 @@ String $header = '%t', Optional[Freeradius::Boolean] $locking = undef, Optional[Freeradius::Boolean] $log_packet_header = undef, - Array[String] $suppress = [], + Optional[Array[String]] $suppress = [], ) { - if $suppress { - validate_array($suppress) - } - freeradius::module { "detail.${name}": ensure => $ensure, content => template('freeradius/detail.erb'), diff --git a/manifests/module/ldap.pp b/manifests/module/ldap.pp index 5120f2bb..279e3771 100644 --- a/manifests/module/ldap.pp +++ b/manifests/module/ldap.pp @@ -153,8 +153,9 @@ } # Generate a module config, based on ldap.conf - file { "${fr_basepath}/mods-available/${name}": + file { "freeradius mods-available/${name}": ensure => $ensure, + path => "${fr_basepath}/mods-available/${name}", mode => '0640', owner => 'root', group => $fr_group, @@ -162,8 +163,9 @@ require => [Package[$fr_package], Group[$fr_group]], notify => Service[$fr_service], } - file { "${fr_modulepath}/${name}": + file { "freeradius mods-enabled/${name}": ensure => link, + path => "${fr_modulepath}/${name}", target => "../mods-available/${name}", } } diff --git a/manifests/params.pp b/manifests/params.pp index fb6431c4..c584c77f 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -37,6 +37,7 @@ '15.10' => '2', '18.04' => '3', '20.04' => '3', + '22.04' => '3', default => '2', } } @@ -93,17 +94,21 @@ $fr_basepath = $::operatingsystemmajrelease ? { '9' => '/etc/freeradius/3.0', '10' => '/etc/freeradius/3.0', + '11' => '/etc/freeradius/3.0', 'buster/sid' => '/etc/freeradius/3.0', '18.04' => '/etc/freeradius/3.0', '20.04' => '/etc/freeradius/3.0', + '22.04' => '/etc/freeradius/3.0', default => '/etc/freeradius', } $fr_raddbdir = $::operatingsystemmajrelease ? { '9' => "\${sysconfdir}/freeradius/3.0", '10' => "\${sysconfdir}/freeradius/3.0", + '11' => "\${sysconfdir}/freeradius/3.0", 'buster/sid' => "\${sysconfdir}/freeradius/3.0", '18.04' => "\${sysconfdir}/freeradius/3.0", '20.04' => "\${sysconfdir}/freeradius/3.0", + '22.04' => "\${sysconfdir}/freeradius/3.0", default => "\${sysconfdir}/freeradius", } } diff --git a/manifests/policy.pp b/manifests/policy.pp index d4896547..27226673 100644 --- a/manifests/policy.pp +++ b/manifests/policy.pp @@ -4,30 +4,29 @@ Optional[Integer] $order = 50, Freeradius::Ensure $ensure = present, ) { - $fr_package = $::freeradius::params::fr_package - $fr_service = $::freeradius::params::fr_service $fr_basepath = $::freeradius::params::fr_basepath $fr_group = $::freeradius::params::fr_group # Install policy in policy.d - file { "${fr_basepath}/policy.d/${name}": + file { "freeradius policy.d/${name}": ensure => $ensure, + path => "${fr_basepath}/policy.d/${name}", mode => '0644', owner => 'root', group => $fr_group, source => $source, - require => [Package[$fr_package], Group[$fr_group]], - notify => Service[$fr_service], + require => [Package['freeradius'], Group['radiusd']], + notify => Service['radiusd'], } # Reference policy.d in the global includes file # If no order priority is given, assume 50 if ($ensure == 'present') { - concat::fragment { "policy-${name}": - target => "${fr_basepath}/policy.conf", + concat::fragment { "freeradius policy-${name}": + target => 'freeradius policy.conf', content => "\t\$INCLUDE ${fr_basepath}/policy.d/${name}", order => $order, - require => File["${fr_basepath}/policy.d/${name}"], + require => File["freeradius policy.d/${name}"], } } } diff --git a/manifests/radsniff.pp b/manifests/radsniff.pp index 094629be..5ff9da1f 100644 --- a/manifests/radsniff.pp +++ b/manifests/radsniff.pp @@ -36,7 +36,8 @@ $escaped_cmd = $options.regsubst('"','\\\\"','G') - file { $final_envfile: + file { 'freeradius radsniff envfile': + path => $final_envfile, content => @("SYSCONFIG"), RADSNIFF_OPTIONS="${escaped_cmd}" | SYSCONFIG diff --git a/manifests/realm.pp b/manifests/realm.pp index 640215f3..dd2b1e04 100644 --- a/manifests/realm.pp +++ b/manifests/realm.pp @@ -7,11 +7,9 @@ Optional[Boolean] $nostrip = false, Optional[Integer] $order = 30, ) { - $fr_basepath = $::freeradius::params::fr_basepath - # Configure config fragment for this realm - concat::fragment { "realm-${name}": - target => "${fr_basepath}/proxy.conf", + concat::fragment { "freeradius realm-${name}": + target => 'freeradius proxy.conf', content => template('freeradius/realm.erb'), order => $order, } diff --git a/manifests/script.pp b/manifests/script.pp index 8202ea4d..50435bec 100644 --- a/manifests/script.pp +++ b/manifests/script.pp @@ -3,18 +3,17 @@ String $source, Freeradius::Ensure $ensure = present, ) { - $fr_package = $::freeradius::params::fr_package - $fr_service = $::freeradius::params::fr_service $fr_basepath = $::freeradius::params::fr_basepath $fr_group = $::freeradius::params::fr_group - file { "${fr_basepath}/scripts/${name}": + file { "freeradius scripts/${name}": + path => "${fr_basepath}/scripts/${name}", ensure => $ensure, mode => '0750', owner => 'root', group => $fr_group, source => $source, - require => [File["${fr_basepath}/scripts"], Package[$fr_package], Group[$fr_group]], - notify => Service[$fr_service], + require => [File['freeradius scripts'], Package['freeradius'], Group['radiusd']], + notify => Service['radiusd'], } } diff --git a/manifests/site.pp b/manifests/site.pp index ced5d737..b1b351a5 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -13,8 +13,6 @@ Array[String] $post_proxy = [], Array[Hash] $listen = [], ) { - $fr_package = $::freeradius::params::fr_package - $fr_service = $::freeradius::params::fr_service $fr_basepath = $::freeradius::params::fr_basepath $fr_group = $::freeradius::params::fr_group @@ -31,18 +29,20 @@ default => 'link' } - file { "${fr_basepath}/sites-available/${name}": + file { "freeradius sites-available/${name}": ensure => $ensure, + path => "${fr_basepath}/sites-available/${name}", mode => '0640', owner => 'root', group => $fr_group, source => $source, content => $manage_content, - require => [Package[$fr_package], Group[$fr_group]], - notify => Service[$fr_service], + require => [Package['freeradius'], Group['radiusd']], + notify => Service['radiusd'], } - file { "${fr_basepath}/sites-enabled/${name}": + file { "freeradius sites-enabled/${name}": ensure => $ensure_link, + path => "${fr_basepath}/sites-enabled/${name}", target => "${fr_basepath}/sites-available/${name}", } } diff --git a/manifests/sql.pp b/manifests/sql.pp index 72c528b8..2d928708 100644 --- a/manifests/sql.pp +++ b/manifests/sql.pp @@ -2,56 +2,43 @@ define freeradius::sql ( Enum['mysql', 'mssql', 'oracle', 'postgresql'] $database, Freeradius::Password $password, - Optional[String] $server = 'localhost', - Optional[String] $login = 'radius', - Optional[String] $radius_db = 'radius', - Freeradius::Integer $num_sql_socks = "\${thread[pool].max_servers}", - Optional[String] $query_file = "\${modconfdir}/\${.:name}/main/\${dialect}/queries.conf", - Optional[String] $custom_query_file = undef, - Optional[Integer] $lifetime = 0, - Optional[Integer] $max_queries = 0, - Freeradius::Ensure $ensure = present, - Optional[String] $acct_table1 = 'radacct', - Optional[String] $acct_table2 = 'radacct', - Optional[String] $postauth_table = 'radpostauth', - Optional[String] $authcheck_table = 'radcheck', - Optional[String] $authreply_table = 'radreply', - Optional[String] $groupcheck_table = 'radgroupcheck', - Optional[String] $groupreply_table = 'radgroupreply', - Optional[String] $usergroup_table = 'radusergroup', - Freeradius::Boolean $deletestalesessions = 'yes', - Freeradius::Boolean $sqltrace = 'no', - Optional[String] $sqltracefile = "\${logdir}/sqllog.sql", - Optional[Integer] $connect_failure_retry_delay = 60, - Optional[String] $nas_table = 'nas', - Freeradius::Boolean $read_groups = 'yes', - Optional[Integer] $port = 3306, - Freeradius::Boolean $readclients = 'no', - Optional[Integer] $pool_start = 1, - Optional[Integer] $pool_min = 1, - Optional[Integer] $pool_spare = 1, - Optional[Integer] $pool_idle_timeout = 60, - Optional[Float] $pool_connect_timeout = undef, + Variant[Stdlib::Host, Stdlib::IP::Address] $server = 'localhost', + Optional[String] $login = 'radius', + Optional[String] $radius_db = 'radius', + Variant[Freeradius::Integer, Enum["\${thread[pool].max_servers}"]] $num_sql_socks = "\${thread[pool].max_servers}", + Optional[String] $query_file = "\${modconfdir}/\${.:name}/main/\${dialect}/queries.conf", + Optional[String] $custom_query_file = undef, + Optional[Integer] $lifetime = 0, + Optional[Integer] $max_queries = 0, + Freeradius::Ensure $ensure = present, + Optional[String] $acct_table1 = 'radacct', + Optional[String] $acct_table2 = 'radacct', + Optional[String] $postauth_table = 'radpostauth', + Optional[String] $authcheck_table = 'radcheck', + Optional[String] $authreply_table = 'radreply', + Optional[String] $groupcheck_table = 'radgroupcheck', + Optional[String] $groupreply_table = 'radgroupreply', + Optional[String] $usergroup_table = 'radusergroup', + Freeradius::Boolean $deletestalesessions = 'yes', + Freeradius::Boolean $sqltrace = 'no', + Optional[String] $sqltracefile = "\${logdir}/sqllog.sql", + Optional[Integer] $connect_failure_retry_delay = 60, + Optional[String] $nas_table = 'nas', + Freeradius::Boolean $read_groups = 'yes', + Optional[Integer] $port = 3306, + Freeradius::Boolean $readclients = 'no', + Optional[Integer] $pool_start = 1, + Optional[Integer] $pool_min = 1, + Optional[Integer] $pool_spare = 1, + Optional[Integer] $pool_idle_timeout = 60, + Optional[Float] $pool_connect_timeout = undef, ) { - $fr_package = $::freeradius::params::fr_package - $fr_service = $::freeradius::params::fr_service $fr_basepath = $::freeradius::params::fr_basepath $fr_modulepath = $::freeradius::params::fr_modulepath $fr_group = $::freeradius::params::fr_group $fr_logpath = $::freeradius::params::fr_logpath $fr_moduleconfigpath = $::freeradius::params::fr_moduleconfigpath - # Validate our inputs - # Hostnames - unless (is_domain_name($server) or is_ip_address($server)) { - fail('$server must be a valid hostname or IP address') - } - - # Validate integers - unless is_integer($num_sql_socks) or $num_sql_socks == "\${thread[pool].max_servers}" { - fail('$num_sql_socks must be an integer') - } - # Warn if the user tries to set a FreeRADIUS 3.1.x specific parameter, and # we detect that they are not on (or not installing) a FreeRADIUS 3.1.x # then show them some errors @@ -97,17 +84,19 @@ } # Generate a module config, based on sql.conf - file { "${fr_basepath}/mods-available/${name}": + file { "freeradius mods-available/${name}": ensure => $ensure, + path => "${fr_basepath}/mods-available/${name}", mode => '0640', owner => 'root', group => $fr_group, content => template('freeradius/sql.conf.erb'), - require => [Package[$fr_package], Group[$fr_group]], - notify => Service[$fr_service], + require => [Package['freeradius'], Group['radiusd']], + notify => Service['radiusd'], } - file { "${fr_modulepath}/${name}": + file { "freeradius mods-enabled/${name}": ensure => link, + path => "${fr_modulepath}/${name}", target => "../mods-available/${name}", } diff --git a/manifests/statusclient.pp b/manifests/statusclient.pp index 3743ed95..d5396b52 100644 --- a/manifests/statusclient.pp +++ b/manifests/statusclient.pp @@ -7,18 +7,17 @@ Optional[String] $shortname = $name, Freeradius::Ensure $ensure = present, ) { - $fr_package = $::freeradius::params::fr_package - $fr_service = $::freeradius::params::fr_service $fr_basepath = $::freeradius::params::fr_basepath $fr_group = $::freeradius::params::fr_group - file { "${fr_basepath}/statusclients.d/${name}.conf": + file { "freeradius statusclients.d/${name}.conf": ensure => $ensure, + path => "${fr_basepath}/statusclients.d/${name}.conf", mode => '0640', owner => 'root', group => $fr_group, content => template('freeradius/client.conf.erb'), - require => [File["${fr_basepath}/clients.d"], Package[$fr_package], Group[$fr_group]], - notify => Service[$fr_service], + require => [File['freeradius clients.d'], Package['freeradius'], Group['radiusd']], + notify => Service['radiusd'], } } diff --git a/manifests/template.pp b/manifests/template.pp index 9b33abe9..0dbf6285 100644 --- a/manifests/template.pp +++ b/manifests/template.pp @@ -3,11 +3,9 @@ Optional[String] $source = undef, Optional[String] $content = undef, ) { - $fr_basepath = $::freeradius::params::fr_basepath - # Configure config fragment for this template - concat::fragment { "template -${name}": - target => "${fr_basepath}/templates.conf", + concat::fragment { "freeradius template ${name}": + target => 'freeradius templates.conf', source => $source, content => $content, order => 10, diff --git a/manifests/virtual_module.pp b/manifests/virtual_module.pp index 0075b7a3..ad5433bd 100644 --- a/manifests/virtual_module.pp +++ b/manifests/virtual_module.pp @@ -1,27 +1,20 @@ # Define a virtual module, made up of others define freeradius::virtual_module ( - Array[String] $submodules, + Array[String, 1] $submodules, Freeradius::Ensure $ensure = present, Enum['redundant','load-balance','redundant-load-balance','group'] $type = 'redundant-load-balance', ) { - $fr_package = $::freeradius::params::fr_package - $fr_service = $::freeradius::params::fr_service $fr_basepath = $::freeradius::params::fr_basepath $fr_group = $::freeradius::params::fr_group - # Make sure $submodules is a non-zero array - validate_array($submodules) - if count($submodules) < 1 { - fail('Must specify at least one $submodule') - } - - file { "${fr_basepath}/instantiate/${name}": + file { "freeradius instantiate/${name}": ensure => $ensure, + path => "${fr_basepath}/instantiate/${name}", mode => '0640', owner => 'root', group => $fr_group, content => template('freeradius/virtual_module.erb'), - require => [Package[$fr_package], Group[$fr_group]], - notify => Service[$fr_service], + require => [Package['freeradius'], Group['radiusd']], + notify => Service['radiusd'], } } diff --git a/metadata.json b/metadata.json index 71d533b3..8025bcae 100644 --- a/metadata.json +++ b/metadata.json @@ -10,11 +10,11 @@ "dependencies": [ { "name": "puppetlabs/stdlib", - "version_requirement": ">=4.0.0 <7.0.0" + "version_requirement": ">=4.25.0 <10.0.0" }, { "name": "puppetlabs/firewall", - "version_requirement": ">=1.0.0 <3.0.0" + "version_requirement": ">=1.0.0 <7.0.0" }, { "name": "saz/rsyslog", @@ -22,15 +22,15 @@ }, { "name": "puppet/logrotate", - "version_requirement": ">=1.4.0 <4.0.0" + "version_requirement": ">=1.4.0 <8.0.0" }, { "name": "puppetlabs/concat", - "version_requirement": ">=1.0.0 <7.0.0" + "version_requirement": ">=1.0.0 <10.0.0" }, { - "name": "camptocamp/systemd", - "version_requirement": ">=2.0.0 <3.0.0" + "name": "puppet/systemd", + "version_requirement": ">=3.0.0 <6.0.0" } ], "operatingsystem_support": [ @@ -92,10 +92,10 @@ "requirements": [ { "name": "puppet", - "version_requirement": ">=4.0.0 <7.0.0" + "version_requirement": ">=7.0.0 <9.0.0" } ], - "pdk-version": "2.6.1", - "template-url": "pdk-default#2.7.1", - "template-ref": "tags/2.7.1-0-g9a16c87" + "pdk-version": "3.0.0", + "template-url": "pdk-default#3.0.0", + "template-ref": "tags/3.0.0-0-g056e50d" } diff --git a/spec/classes/freeradius_spec.rb b/spec/classes/freeradius_spec.rb index a6b66900..a1aaef34 100644 --- a/spec/classes/freeradius_spec.rb +++ b/spec/classes/freeradius_spec.rb @@ -11,7 +11,7 @@ let(:params) { {} } it do - is_expected.to contain_file('radiusd.conf') + is_expected.to contain_file('freeradius radiusd.conf') .with( 'group' => 'radiusd', 'mode' => '0644', @@ -24,23 +24,24 @@ end it do - [ - '/etc/raddb/statusclients.d', - '/etc/raddb', - '/etc/raddb/conf.d', - '/etc/raddb/attr.d', - '/etc/raddb/users.d', - '/etc/raddb/policy.d', - '/etc/raddb/dictionary.d', - '/etc/raddb/scripts', - '/etc/raddb/mods-config', - '/etc/raddb/mods-config/attr_filter', - '/etc/raddb/mods-config/preprocess', - '/etc/raddb/mods-config/sql', - '/etc/raddb/sites-available', - '/etc/raddb/mods-available', - ].each do |file| - is_expected.to contain_file(file) + { + 'freeradius statusclients.d': '/etc/raddb/statusclients.d', + 'freeradius raddb': '/etc/raddb', + 'freeradius conf.d': '/etc/raddb/conf.d', + 'freeradius attr.d': '/etc/raddb/attr.d', + 'freeradius users.d': '/etc/raddb/users.d', + 'freeradius policy.d': '/etc/raddb/policy.d', + 'freeradius dictionary.d': '/etc/raddb/dictionary.d', + 'freeradius scripts': '/etc/raddb/scripts', + 'freeradius mods-config': '/etc/raddb/mods-config', + 'freeradius mods-config/attr_filter': '/etc/raddb/mods-config/attr_filter', + 'freeradius mods-config/preprocess': '/etc/raddb/mods-config/preprocess', + 'freeradius mods-config/sql': '/etc/raddb/mods-config/sql', + 'freeradius sites-available': '/etc/raddb/sites-available', + 'freeradius mods-available': '/etc/raddb/mods-available', + }.each do |name, path| + is_expected.to contain_file(name) + .with_path(path) .with( 'ensure' => 'directory', 'group' => 'radiusd', @@ -54,14 +55,15 @@ end it do - [ - '/etc/raddb/certs', - '/etc/raddb/clients.d', - '/etc/raddb/listen.d', - '/etc/raddb/sites-enabled', - '/etc/raddb/instantiate', - ].each do |file| - is_expected.to contain_file(file) + { + 'freeradius certs': '/etc/raddb/certs', + 'freeradius clients.d': '/etc/raddb/clients.d', + 'freeradius listen.d': '/etc/raddb/listen.d', + 'freeradius sites-enabled': '/etc/raddb/sites-enabled', + 'freeradius instantiate': '/etc/raddb/instantiate', + }.each do |name, path| + is_expected.to contain_file(name) + .with_path(path) .with( 'ensure' => 'directory', 'group' => 'radiusd', @@ -77,7 +79,8 @@ end it do - is_expected.to contain_concat('/etc/raddb/policy.conf') + is_expected.to contain_concat('freeradius policy.conf') + .with_path('/etc/raddb/policy.conf') .with( 'group' => 'radiusd', 'mode' => '0640', @@ -94,7 +97,7 @@ .with( 'content' => 'policy {', 'order' => '10', - 'target' => '/etc/raddb/policy.conf', + 'target' => 'freeradius policy.conf', ) end @@ -103,12 +106,13 @@ .with( 'content' => '}', 'order' => '99', - 'target' => '/etc/raddb/policy.conf', + 'target' => 'freeradius policy.conf', ) end it do - is_expected.to contain_concat('/etc/raddb/proxy.conf') + is_expected.to contain_concat('freeradius proxy.conf') + .with_path('/etc/raddb/proxy.conf') .with( 'group' => 'radiusd', 'mode' => '0640', @@ -125,12 +129,13 @@ .with( 'content' => '# Proxy config', 'order' => '05', - 'target' => '/etc/raddb/proxy.conf', + 'target' => 'freeradius proxy.conf', ) end it do - is_expected.to contain_concat('/etc/raddb/mods-available/attr_filter') + is_expected.to contain_concat('freeradius mods-available/attr_filter') + .with_path('/etc/raddb/mods-available/attr_filter') .with( 'group' => 'radiusd', 'mode' => '0640', @@ -146,12 +151,13 @@ is_expected.to contain_concat__fragment('attr-default') .with( 'order' => '10', - 'target' => '/etc/raddb/mods-available/attr_filter', + 'target' => 'freeradius mods-available/attr_filter', ) end it do - is_expected.to contain_concat('/etc/raddb/dictionary') + is_expected.to contain_concat('freeradius dictionary') + .with_path('/etc/raddb/dictionary') .with( 'group' => 'radiusd', 'mode' => '0644', @@ -163,20 +169,20 @@ end it do - is_expected.to contain_concat__fragment('dictionary_header') + is_expected.to contain_concat__fragment('freeradius dictionary_header') .with( 'order' => '10', 'source' => 'puppet:///modules/freeradius/dictionary.header', - 'target' => '/etc/raddb/dictionary', + 'target' => 'freeradius dictionary', ) end it do - is_expected.to contain_concat__fragment('dictionary_footer') + is_expected.to contain_concat__fragment('freeradius dictionary_footer') .with( 'order' => '90', 'source' => 'puppet:///modules/freeradius/dictionary.footer', - 'target' => '/etc/raddb/dictionary', + 'target' => 'freeradius dictionary', ) end @@ -200,7 +206,7 @@ .that_requires('Package[freeradius]') .that_requires('User[radiusd]') .that_requires('Exec[radiusd-config-test]') - .that_requires('File[radiusd.conf]') + .that_requires('File[freeradius radiusd.conf]') end it do @@ -221,6 +227,7 @@ it do is_expected.to contain_user('radiusd') + .with_name('radiusd') .with( 'groups' => 'wbpriv', ) @@ -229,6 +236,7 @@ it do is_expected.to contain_group('radiusd') + .with_name('radiusd') .with( 'ensure' => 'present', ) @@ -251,11 +259,12 @@ end it do - [ - '/var/log/radius', - '/var/log/radius/radacct', - ].each do |file| - is_expected.to contain_file(file) + { + 'freeradius logdir': '/var/log/radius', + 'freeradius logdir/radacct': '/var/log/radius/radacct', + }.each do |name, path| + is_expected.to contain_file(name) + .with_path(path) .with( 'mode' => '0750', 'owner' => 'radiusd', @@ -266,7 +275,8 @@ end it do - is_expected.to contain_file('/var/log/radius/radius.log') + is_expected.to contain_file('freeradius radius.log') + .with_path('/var/log/radius/radius.log') .with( 'group' => 'radiusd', 'owner' => 'radiusd', @@ -320,34 +330,35 @@ end it do - [ - '/etc/raddb/certs/dh', - '/etc/raddb/certs/random', - ].each do |file| - is_expected.to contain_file(file) - .that_requires('Exec[dh]') - .that_requires('Exec[random]') + { + 'freeradius certs/dh': '/etc/raddb/certs/dh', + 'freeradius certs/random': '/etc/raddb/certs/random', + }.each do |name, path| + is_expected.to contain_file(name) + .with_path(path) + .that_requires('Exec[freeradius dh]') + .that_requires('Exec[freeradius random]') end end it do - is_expected.to contain_exec('dh') + is_expected.to contain_exec('freeradius dh') .with( 'command' => 'openssl dhparam -out /etc/raddb/certs/dh 1024', 'creates' => '/etc/raddb/certs/dh', 'path' => '/usr/bin', ) - .that_requires('File[/etc/raddb/certs]') + .that_requires('File[freeradius certs]') end it do - is_expected.to contain_exec('random') + is_expected.to contain_exec('freeradius random') .with( 'command' => 'dd if=/dev/urandom of=/etc/raddb/certs/random count=10 >/dev/null 2>&1', 'creates' => '/etc/raddb/certs/random', 'path' => '/bin', ) - .that_requires('File[/etc/raddb/certs]') + .that_requires('File[freeradius certs]') end it do @@ -362,11 +373,12 @@ end it do - [ - '/etc/raddb/clients.conf', - '/etc/raddb/sql.conf', - ].each do |file| - is_expected.to contain_file(file) + { + 'freeradius clients.conf': '/etc/raddb/clients.conf', + 'freeradius sql.conf': '/etc/raddb/sql.conf', + }.each do |name, path| + is_expected.to contain_file(name) + .with_path(path) .with( 'content' => '# FILE INTENTIONALLY BLANK', 'group' => 'radiusd', @@ -379,6 +391,18 @@ end end + it do + if ['rocky-8-x86_64', 'centos-8-x86_64', 'redhat-8-x86_64', 'almalinux-8-x86_64'].include? os + is_expected.to contain_systemd__dropin_file('freeradius remove bootstrap') + .with_ensure('present') + .with_filename('remove_bootstrap.conf') + .with_unit('radiusd.service') + .with_content(%r{^ExecStartPre=$}) + else + is_expected.not_to contain_systemd__dropin_file('freeradius remove bootstrap') + end + end + context 'with mysql' do let(:params) do super().merge( @@ -388,6 +412,7 @@ it do is_expected.to contain_package('freeradius-mysql') + .with_name('freeradius-mysql') .with( 'ensure' => 'installed', ) @@ -403,6 +428,7 @@ it do is_expected.to contain_package('freeradius-postgresql') + .with_name('freeradius-postgresql') .with( 'ensure' => 'installed', ) @@ -418,6 +444,7 @@ it do is_expected.to contain_package('freeradius-perl') + .with_name('freeradius-perl') .with( 'ensure' => 'installed', ) @@ -433,6 +460,7 @@ it do is_expected.to contain_package('freeradius-utils') + .with_name('freeradius-utils') .with( 'ensure' => 'installed', ) @@ -448,6 +476,7 @@ it do is_expected.to contain_package('freeradius-ldap') + .with_name('freeradius-ldap') .with( 'ensure' => 'installed', ) @@ -463,6 +492,7 @@ it do is_expected.to contain_package('freeradius-dhcp') + .with_name('freeradius-dhcp') .with( 'ensure' => 'installed', ) @@ -478,6 +508,7 @@ it do is_expected.to contain_package('freeradius-krb5') + .with_name('freeradius-krb5') .with( 'ensure' => 'installed', ) @@ -493,9 +524,9 @@ it do is_expected.to contain_package('wpa_supplicant') + .with_name('wpa_supplicant') .with( 'ensure' => 'installed', - 'name' => 'wpa_supplicant', ) end end diff --git a/spec/classes/radsniff_spec.rb b/spec/classes/radsniff_spec.rb index 4857ec6e..9eb3b067 100644 --- a/spec/classes/radsniff_spec.rb +++ b/spec/classes/radsniff_spec.rb @@ -52,7 +52,8 @@ case os_facts[:osfamily] when 'RedHat' it do - is_expected.to contain_file('/etc/sysconfig/radsniff') + is_expected.to contain_file('freeradius radsniff envfile') + .with_path('/etc/sysconfig/radsniff') .with_content(%r{RADSNIFF_OPTIONS="radsniff cmd \\"line\\" options"}) .that_notifies('Service[radsniff]') .that_requires('Package[freeradius-utils]') @@ -67,7 +68,8 @@ end when 'Debian' it do - is_expected.to contain_file('/etc/defaults/radsniff') + is_expected.to contain_file('freeradius radsniff envfile') + .with_path('/etc/defaults/radsniff') .with_content(%r{RADSNIFF_OPTIONS="radsniff cmd \\"line\\" options"}) .that_notifies('Service[radsniff]') .that_requires('Package[freeradius-utils]') @@ -104,7 +106,8 @@ end it do - is_expected.to contain_file('/test/env/file') + is_expected.to contain_file('freeradius radsniff envfile') + .with_path('/test/env/file') .with_content(%r{RADSNIFF_OPTIONS="radsniff cmd \\"line\\" options"}) .that_notifies('Service[radsniff]') .that_requires('Package[freeradius-utils]') diff --git a/spec/defines/attr_spec.rb b/spec/defines/attr_spec.rb index 82c21649..5afc56cc 100644 --- a/spec/defines/attr_spec.rb +++ b/spec/defines/attr_spec.rb @@ -12,7 +12,8 @@ end it do - is_expected.to contain_file('/etc/raddb/mods-config/attr_filter/test') + is_expected.to contain_file('freeradius attr_filter/test') + .with_path('/etc/raddb/mods-config/attr_filter/test') .that_notifies('Service[radiusd]') .that_requires('Group[radiusd]') .that_requires('Package[freeradius]') @@ -24,11 +25,11 @@ end it do - is_expected.to contain_concat__fragment('attr-test') + is_expected.to contain_concat__fragment('freeradius attr-test') .with_content(%r{^attr_filter filter.test {\n\s+key = "\%{User-Name}"\n\s+filename = \${modconfdir}/\${\.:name}/test\n}}) .without_content(%r{^\s+relaxed\s+.*$}) .with_order('20') - .with_target('/etc/raddb/mods-available/attr_filter') + .with_target('freeradius mods-available/attr_filter') end context 'with relaxed = no' do @@ -37,7 +38,7 @@ end it do - is_expected.to contain_concat__fragment('attr-test') + is_expected.to contain_concat__fragment('freeradius attr-test') .with_content(%r{^\s+relaxed\s+=\s+no$}) end end @@ -48,7 +49,7 @@ end it do - is_expected.to contain_concat__fragment('attr-test') + is_expected.to contain_concat__fragment('freeradius attr-test') .with_content(%r{^\s+relaxed\s+=\s+yes$}) end end diff --git a/spec/defines/blank_spec.rb b/spec/defines/blank_spec.rb index 7e6e466f..19d0ac68 100644 --- a/spec/defines/blank_spec.rb +++ b/spec/defines/blank_spec.rb @@ -8,9 +8,10 @@ let(:params) { {} } it do - is_expected.to contain_file('/etc/raddb/test') + is_expected.to contain_file('freeradius test') + .with_path('/etc/raddb/test') .that_notifies('Service[radiusd]') - .that_requires('File[/etc/raddb]') + .that_requires('File[freeradius raddb]') .that_requires('Group[radiusd]') .that_requires('Package[freeradius]') .with_content(%r{^# This file is intentionally left blank .*}) diff --git a/spec/defines/cert_spec.rb b/spec/defines/cert_spec.rb index 54a202f8..47264e28 100644 --- a/spec/defines/cert_spec.rb +++ b/spec/defines/cert_spec.rb @@ -14,9 +14,10 @@ end it do - is_expected.to contain_file('/etc/raddb/certs/test') + is_expected.to contain_file('freeradius certs/test') + .with_path('/etc/raddb/certs/test') .that_notifies('Service[radiusd]') - .that_requires('File[/etc/raddb/certs]') + .that_requires('File[freeradius certs]') .that_requires('Group[radiusd]') .that_requires('Package[freeradius]') .with_content(%r{test data}) @@ -39,9 +40,9 @@ end it do - is_expected.to contain_file('/etc/raddb/certs/test') + is_expected.to contain_file('freeradius certs/test') .that_notifies('Service[radiusd]') - .that_requires('File[/etc/raddb/certs]') + .that_requires('File[freeradius certs]') .that_requires('Group[radiusd]') .that_requires('Package[freeradius]') .with_content(nil) diff --git a/spec/defines/client_spec.rb b/spec/defines/client_spec.rb index 28ce2102..fcf8c73f 100644 --- a/spec/defines/client_spec.rb +++ b/spec/defines/client_spec.rb @@ -14,14 +14,15 @@ end it do - is_expected.to contain_file('/etc/raddb/clients.d/test_short.conf') + is_expected.to contain_file('freeradius clients.d/test_short.conf') + .with_path('/etc/raddb/clients.d/test_short.conf') .with_content(%r{^client test_short {\n\s+ipaddr = 1.2.3.4\n\s+proto = \*\n\s+shortname = test_short\n\s+secret = "secret_value"\n\s+require_message_authenticator = no\n}\n}) .with_ensure('present') .with_group('radiusd') .with_mode('0640') .with_owner('root') .that_notifies('Service[radiusd]') - .that_requires('File[/etc/raddb/clients.d]') + .that_requires('File[freeradius clients.d]') .that_requires('Group[radiusd]') end @@ -57,7 +58,7 @@ end it do - is_expected.to contain_file('/etc/raddb/clients.d/test_short.conf') + is_expected.to contain_file('freeradius clients.d/test_short.conf') .with_content(%r{^\s+password = "foo bar"$}) end end @@ -81,7 +82,7 @@ end it do - is_expected.to contain_firewall('100 test_short 1234 v4') + is_expected.to contain_firewall('100 test 1234 v4') .with_proto('udp') .with_dport(1234) .with_action('accept') @@ -96,9 +97,9 @@ end it do - is_expected.not_to contain_firewall('100 test_short 1234 v4') + is_expected.not_to contain_firewall('100 test 1234 v4') - is_expected.to contain_firewall('100 test_short 1234 v6') + is_expected.to contain_firewall('100 test 1234 v6') .with_proto('udp') .with_dport(1234) .with_action('accept') @@ -116,7 +117,7 @@ end it do - is_expected.to contain_firewall('100 test_short 1234,4321 v4') + is_expected.to contain_firewall('100 test 1234,4321 v4') .with_proto('udp') .with_dport([1234, 4321]) .with_action('accept') @@ -131,9 +132,9 @@ end it do - is_expected.not_to contain_firewall('100 test_short 1234,4321 v4') + is_expected.not_to contain_firewall('100 test 1234,4321 v4') - is_expected.to contain_firewall('100 test_short 1234,4321 v6') + is_expected.to contain_firewall('100 test 1234,4321 v6') .with_proto('udp') .with_dport([1234, 4321]) .with_action('accept') diff --git a/spec/defines/config_spec.rb b/spec/defines/config_spec.rb index 34d52e24..beb3c1ff 100644 --- a/spec/defines/config_spec.rb +++ b/spec/defines/config_spec.rb @@ -12,7 +12,8 @@ end it do - is_expected.to contain_file('/etc/raddb/mods-config/test') + is_expected.to contain_file('freeradius mods-config/test') + .with_path('/etc/raddb/mods-config/test') .with_content('test content') .with_ensure('present') .with_group('radiusd') diff --git a/spec/defines/dictionary_spec.rb b/spec/defines/dictionary_spec.rb index 8c6139ab..cc6830c1 100644 --- a/spec/defines/dictionary_spec.rb +++ b/spec/defines/dictionary_spec.rb @@ -12,14 +12,15 @@ end it do - is_expected.to contain_file('/etc/raddb/dictionary.d/dictionary.test') + is_expected.to contain_file('freeradius dictionary.d/dictionary.test') + .with_path('/etc/raddb/dictionary.d/dictionary.test') .with_ensure('present') .with_group('radiusd') .with_mode('0644') .with_owner('root') .with_source('puppet:///modules/test/path/to/dict') .that_notifies('Service[radiusd]') - .that_requires('File[/etc/raddb/dictionary.d]') + .that_requires('File[freeradius dictionary.d]') .that_requires('Package[freeradius]') .that_requires('Group[radiusd]') end @@ -28,7 +29,7 @@ is_expected.to contain_concat__fragment('dictionary.test') .with_content(%r{^\$INCLUDE /etc/raddb/dictionary\.d/dictionary\.test$}) .with_order('50') - .with_target('/etc/raddb/dictionary') - .that_requires('File[/etc/raddb/dictionary.d/dictionary.test]') + .with_target('freeradius dictionary') + .that_requires('File[freeradius dictionary.d/dictionary.test]') end end diff --git a/spec/defines/home_server_pool_spec.rb b/spec/defines/home_server_pool_spec.rb index bf1ac346..bbf4e2aa 100644 --- a/spec/defines/home_server_pool_spec.rb +++ b/spec/defines/home_server_pool_spec.rb @@ -18,6 +18,6 @@ is_expected.to contain_concat__fragment('homeserverpool-test') .with_content(%r{home_server_pool test {\n\s+type = fail-over\n\s+home_server = test_home_server_1\n\s+home_server = test_home_server_2\n}\n}) .with_order('20') - .with_target('/etc/raddb/proxy.conf') + .with_target('freeradius proxy.conf') end end diff --git a/spec/defines/home_server_spec.rb b/spec/defines/home_server_spec.rb index 23810cb6..b76ded79 100644 --- a/spec/defines/home_server_spec.rb +++ b/spec/defines/home_server_spec.rb @@ -16,7 +16,7 @@ is_expected.to contain_concat__fragment('homeserver-test') .with_content(%r{home_server test {\n\s+type = auth\n\s+ipaddr = 1.2.3.4\n\s+port = 1812\n\s+proto = udp\n\s+secret = "test_secret"\n\s+status_check = none\n}\n}) .with_order('10') - .with_target('/etc/raddb/proxy.conf') + .with_target('freeradius proxy.conf') end context 'with secret containing a newline' do diff --git a/spec/defines/instantiate_spec.rb b/spec/defines/instantiate_spec.rb index 33585863..6936b2b8 100644 --- a/spec/defines/instantiate_spec.rb +++ b/spec/defines/instantiate_spec.rb @@ -8,7 +8,8 @@ let(:params) { {} } it do - is_expected.to contain_file('/etc/raddb/instantiate/test') + is_expected.to contain_file('freeradius instantiate/test') + .with_path('/etc/raddb/instantiate/test') .with_content('test') .with_ensure('present') .with_group('radiusd') diff --git a/spec/defines/krb5_spec.rb b/spec/defines/krb5_spec.rb index c768373a..71762d88 100644 --- a/spec/defines/krb5_spec.rb +++ b/spec/defines/krb5_spec.rb @@ -13,7 +13,8 @@ end it do - is_expected.to contain_file('/etc/raddb/mods-available/test') + is_expected.to contain_file('freeradius mods-available/test') + .with_path('/etc/raddb/mods-available/test') .with_content(%r{^\s+keytab = test_keytab$}) .with_content(%r{^\s+service_principal = test_principal$}) .with_ensure('present') @@ -26,7 +27,8 @@ end it do - is_expected.to contain_file('/etc/raddb/mods-enabled/test') + is_expected.to contain_file('freeradius mods-enabled/test') + .with_path('/etc/raddb/mods-enabled/test') .with_ensure('link') .with_target('../mods-available/test') end diff --git a/spec/defines/module/ldap_spec.rb b/spec/defines/module/ldap_spec.rb index 58e84897..c1cc6730 100644 --- a/spec/defines/module/ldap_spec.rb +++ b/spec/defines/module/ldap_spec.rb @@ -27,12 +27,14 @@ end it do - is_expected.to contain_file('/etc/raddb/mods-available/test') + is_expected.to contain_file('freeradius mods-available/test') + .with_path('/etc/raddb/mods-available/test') .with_content(%r{^ldap test \{\n}) .with_content(%r{^\s+server = 'localhost'\n}) .with_content(%r{^\s+identity = 'cn=root,dc=example,dc=com'\n}) .with_content(%r{^\s+password = 'test password'\n}) .with_content(%r{^\s+base_dn = 'dc=example,dc=com'\n}) + .with_content(%r{^\s+update \{\n}) .without_content(%r{^\s+connect_timeout = .*}) .with_ensure('present') .with_group('radiusd') @@ -44,7 +46,8 @@ end it do - is_expected.to contain_file('/etc/raddb/mods-enabled/test') + is_expected.to contain_file('freeradius mods-enabled/test') + .with_path('/etc/raddb/mods-enabled/test') .with_ensure('link') .with_target('../mods-available/test') end @@ -63,7 +66,7 @@ end it do - is_expected.to contain_file('/etc/raddb/mods-available/test') + is_expected.to contain_file('freeradius mods-available/test') .with_content(%r{^\s+connect_timeout = 3.0}) .with_content(%r{^\s+use_referral_credentials = no}) .without_content(%r{^\s+session_tracking = .*}) @@ -79,7 +82,7 @@ end it do - is_expected.to contain_file('/etc/raddb/mods-available/test') + is_expected.to contain_file('freeradius mods-available/test') .with_content(%r{^\s+connect_timeout = 5.0}) .with_content(%r{^\s+use_referral_credentials = yes}) .with_content(%r{^\s+session_tracking = yes}) @@ -146,4 +149,20 @@ is_expected.to compile.and_raise_error(%r{parameter 'password' expects a match for Freeradius::Password}) end end + + context 'with update passed' do + let(:params) do + super().merge( + update: [ + "reply:Framed-IP-Address := 'radiusFramedIPAddress'", + "control:Password-With-Header += 'userPassword'", + ], + ) + end + + it do + is_expected.to contain_file('freeradius mods-available/test') + .with_content(%r{^\s+update \{\n\s+control:Password-With-Header \+= 'userPassword'\n\s+reply:Framed-IP-Address := 'radiusFramedIPAddress'\n\s+\}\n}) + end + end end diff --git a/spec/defines/module_spec.rb b/spec/defines/module_spec.rb index 693cec53..4cb03485 100644 --- a/spec/defines/module_spec.rb +++ b/spec/defines/module_spec.rb @@ -12,7 +12,8 @@ end it do - is_expected.to contain_file('/etc/raddb/mods-available/test') + is_expected.to contain_file('freeradius mods-available/test') + .with_path('/etc/raddb/mods-available/test') .with_content(nil) .with_ensure('present') .with_group('radiusd') @@ -25,7 +26,8 @@ end it do - is_expected.to contain_file('/etc/raddb/mods-enabled/test') + is_expected.to contain_file('freeradius mods-enabled/test') + .with_path('/etc/raddb/mods-enabled/test') .with_ensure('link') .with_target('../mods-available/test') end diff --git a/spec/defines/policy_spec.rb b/spec/defines/policy_spec.rb index 74f177f2..3c328075 100644 --- a/spec/defines/policy_spec.rb +++ b/spec/defines/policy_spec.rb @@ -12,7 +12,8 @@ end it do - is_expected.to contain_file('/etc/raddb/policy.d/test') + is_expected.to contain_file('freeradius policy.d/test') + .with_path('/etc/raddb/policy.d/test') .with_ensure('present') .with_group('radiusd') .with_mode('0644') @@ -24,10 +25,10 @@ end it do - is_expected.to contain_concat__fragment('policy-test') + is_expected.to contain_concat__fragment('freeradius policy-test') .with_content(%r{\s+\$INCLUDE /etc/raddb/policy.d/test$}) .with_order('50') - .with_target('/etc/raddb/policy.conf') - .that_requires('File[/etc/raddb/policy.d/test]') + .with_target('freeradius policy.conf') + .that_requires('File[freeradius policy.d/test]') end end diff --git a/spec/defines/realm_spec.rb b/spec/defines/realm_spec.rb index 5b98b295..750466f5 100644 --- a/spec/defines/realm_spec.rb +++ b/spec/defines/realm_spec.rb @@ -13,9 +13,9 @@ end it do - is_expected.to contain_concat__fragment('realm-test') + is_expected.to contain_concat__fragment('freeradius realm-test') .with_content(%r{^realm test {\n\s+virtual_server = test_virtual_server\n\s+pool = test_pool\n}}) .with_order('30') - .with_target('/etc/raddb/proxy.conf') + .with_target('freeradius proxy.conf') end end diff --git a/spec/defines/script_spec.rb b/spec/defines/script_spec.rb index 231ee046..160e8986 100644 --- a/spec/defines/script_spec.rb +++ b/spec/defines/script_spec.rb @@ -12,7 +12,8 @@ end it do - is_expected.to contain_file('/etc/raddb/scripts/test') + is_expected.to contain_file('freeradius scripts/test') + .with_path('/etc/raddb/scripts/test') .with_ensure('present') .with_group('radiusd') .with_mode('0750') @@ -21,6 +22,6 @@ .that_notifies('Service[radiusd]') .that_requires('Package[freeradius]') .that_requires('Group[radiusd]') - .that_requires('File[/etc/raddb/scripts]') + .that_requires('File[freeradius scripts]') end end diff --git a/spec/defines/site_spec.rb b/spec/defines/site_spec.rb index 7a1e9dc4..0f08c415 100644 --- a/spec/defines/site_spec.rb +++ b/spec/defines/site_spec.rb @@ -12,7 +12,8 @@ end it do - is_expected.to contain_file('/etc/raddb/sites-available/test') + is_expected.to contain_file('freeradius sites-available/test') + .with_path('/etc/raddb/sites-available/test') .with_content(nil) .with_ensure('present') .with_group('radiusd') @@ -25,7 +26,8 @@ end it do - is_expected.to contain_file('/etc/raddb/sites-enabled/test') + is_expected.to contain_file('freeradius sites-enabled/test') + .with_path('/etc/raddb/sites-enabled/test') .with_ensure('link') .with_target('/etc/raddb/sites-available/test') end diff --git a/spec/defines/sql_spec.rb b/spec/defines/sql_spec.rb index e35ad5d0..85c3ae05 100644 --- a/spec/defines/sql_spec.rb +++ b/spec/defines/sql_spec.rb @@ -22,7 +22,8 @@ end it do - is_expected.to contain_file('/etc/raddb/mods-available/test') + is_expected.to contain_file('freeradius mods-available/test') + .with_path('/etc/raddb/mods-available/test') .with_content(%r{^sql test \{\n}) .with_content(%r{^\s+dialect = "postgresql"$}) .with_content(%r{^\s+server = "localhost"$}) @@ -42,7 +43,8 @@ end it do - is_expected.to contain_file('/etc/raddb/mods-enabled/test') + is_expected.to contain_file('freeradius mods-enabled/test') + .with_path('/etc/raddb/mods-enabled/test') .with_ensure('link') .with_target('../mods-available/test') end @@ -55,7 +57,7 @@ end it do - is_expected.to contain_file('/etc/raddb/mods-available/test') + is_expected.to contain_file('freeradius mods-available/test') .with_content(%r{^\s+logfile = \${logdir}/sqllog.sql$}) end @@ -98,7 +100,7 @@ end it do - is_expected.to contain_file('/etc/raddb/mods-available/test') + is_expected.to contain_file('freeradius mods-available/test') .with_content(%r{^\s+connect_timeout = 3.0}) end @@ -110,7 +112,7 @@ end it do - is_expected.to contain_file('/etc/raddb/mods-available/test') + is_expected.to contain_file('freeradius mods-available/test') .with_content(%r{^\s+connect_timeout = 5.0}) end diff --git a/spec/defines/statusclient_spec.rb b/spec/defines/statusclient_spec.rb index 315a260d..687b7339 100644 --- a/spec/defines/statusclient_spec.rb +++ b/spec/defines/statusclient_spec.rb @@ -13,7 +13,8 @@ end it do - is_expected.to contain_file('/etc/raddb/statusclients.d/test.conf') + is_expected.to contain_file('freeradius statusclients.d/test.conf') + .with_path('/etc/raddb/statusclients.d/test.conf') .with_content(%r{^client test {\n\s+ipaddr = 1.2.3.4\n\s+shortname = test\n\s+secret = "test_secret"\n}\n}) .with_ensure('present') .with_group('radiusd') @@ -22,7 +23,7 @@ .that_notifies('Service[radiusd]') .that_requires('Package[freeradius]') .that_requires('Group[radiusd]') - .that_requires('File[/etc/raddb/clients.d]') + .that_requires('File[freeradius clients.d]') end context 'with secret containing a newline' do diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 9b1fa6f2..6820cebe 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -25,8 +25,8 @@ next unless File.exist?(f) && File.readable?(f) && File.size?(f) begin - default_facts.merge!(YAML.safe_load(File.read(f), [], [], true)) - rescue => e + default_facts.merge!(YAML.safe_load(File.read(f), permitted_classes: [], permitted_symbols: [], aliases: true)) + rescue StandardError => e RSpec.configuration.reporter.message "WARNING: Unable to load #{f}: #{e}" end end @@ -46,6 +46,7 @@ end c.filter_run_excluding(bolt: true) unless ENV['GEM_BOLT'] c.after(:suite) do + RSpec::Puppet::Coverage.report!(0) end # Filter backtrace noise diff --git a/spec/spec_helper_local.rb b/spec/spec_helper_local.rb index f66ce653..5cc4516d 100644 --- a/spec/spec_helper_local.rb +++ b/spec/spec_helper_local.rb @@ -75,12 +75,12 @@ "package { 'freeradius': }", "group { 'radiusd': }", "service { 'radiusd': }", - "file { '/etc/raddb': ensure => directory }", - "file { '/etc/raddb/certs': ensure => directory }", - "file { '/etc/raddb/clients.d': ensure => directory }", - "file { '/etc/raddb/dictionary.d': ensure => directory }", - "file { '/etc/raddb/mods-config': ensure => directory }", - "file { '/etc/raddb/scripts': ensure => directory }", + "file { 'freeradius raddb': ensure => directory, path => '/etc/raddb/raddb' }", + "file { 'freeradius certs': ensure => directory, path => '/etc/raddb/certs' }", + "file { 'freeradius clients.d': ensure => directory, path => '/etc/raddb/clients.d' }", + "file { 'freeradius dictionary.d': ensure => directory, path => '/etc/raddb/dictionary.d' }", + "file { 'freeradius mods-config': ensure => directory, path => '/etc/raddb/mods-config' }", + "file { 'freeradius scripts': ensure => directory, path => '/etc/raddb/scripts' }", ] end end diff --git a/templates/detail.erb b/templates/detail.erb index 8e250682..2769dc76 100644 --- a/templates/detail.erb +++ b/templates/detail.erb @@ -87,7 +87,7 @@ detail <%= @name %> { # # locking = yes <%- if @locking -%> - locking = <%= @locking == true %> + locking = <%= @locking %> <%- end -%> # diff --git a/templates/ldap.erb b/templates/ldap.erb index daa26334..c04d3b39 100644 --- a/templates/ldap.erb +++ b/templates/ldap.erb @@ -162,16 +162,16 @@ ldap <%= @name %> { # request: += 'radiusRequestAttribute' # reply: += 'radiusReplyAttribute' # } + update { <%- if @update -%> - <%= @update.join("\n ") %> + <%= @update.sort.join("\n ") %> <%- else -%> - update { control:Password-With-Header += 'userPassword' control: += 'radiusControlAttribute' request: += 'radiusRequestAttribute' reply: += 'radiusReplyAttribute' - } <%- end -%> + } # Set to yes if you have eDirectory and want to use the universal diff --git a/templates/systemd_dropin_rhel8.erb b/templates/systemd_dropin_rhel8.erb new file mode 100644 index 00000000..cd27a3c6 --- /dev/null +++ b/templates/systemd_dropin_rhel8.erb @@ -0,0 +1,4 @@ +[Service] +ExecStartPre= +ExecStartPre=-/bin/chown -R radiusd.radiusd /var/run/radiusd +ExecStartPre=/usr/sbin/radiusd -C