From b345c19ba26a2dbb8cee54ca226766cb0793e61d Mon Sep 17 00:00:00 2001 From: Dan Webb Date: Wed, 15 Oct 2025 22:21:42 +0100 Subject: [PATCH] fix(ci): Update workflows to use release pipeline Signed-off-by: Dan Webb --- .github/workflows/conventional-commits.yml | 14 + .github/workflows/copilot-setup-steps.yml | 24 ++ .github/workflows/prevent-file-change.yml | 16 + .github/workflows/release.yml | 23 ++ .markdownlint-cli2.yaml | 2 + .release-please-manifest.json | 3 + CHANGELOG.md | 273 ++++++++---------- libraries/helpers.rb | 2 +- release-please-config.json | 12 + spec/manage_spec.rb | 86 +++--- .../users_test/attributes/default.rb | 136 ++++----- 11 files changed, 330 insertions(+), 261 deletions(-) create mode 100644 .github/workflows/conventional-commits.yml create mode 100644 .github/workflows/copilot-setup-steps.yml create mode 100644 .github/workflows/prevent-file-change.yml create mode 100644 .github/workflows/release.yml create mode 100644 .release-please-manifest.json create mode 100644 release-please-config.json diff --git a/.github/workflows/conventional-commits.yml b/.github/workflows/conventional-commits.yml new file mode 100644 index 00000000..524876fc --- /dev/null +++ b/.github/workflows/conventional-commits.yml @@ -0,0 +1,14 @@ +--- +name: conventional-commits + +"on": + pull_request: + types: + - opened + - reopened + - edited + - synchronize + +jobs: + conventional-commits: + uses: sous-chefs/.github/.github/workflows/conventional-commits.yml@5.0.3 diff --git a/.github/workflows/copilot-setup-steps.yml b/.github/workflows/copilot-setup-steps.yml new file mode 100644 index 00000000..3fa3ae32 --- /dev/null +++ b/.github/workflows/copilot-setup-steps.yml @@ -0,0 +1,24 @@ +--- +name: 'Copilot Setup Steps' + +"on": + workflow_dispatch: + push: + paths: + - .github/workflows/copilot-setup-steps.yml + pull_request: + paths: + - .github/workflows/copilot-setup-steps.yml + +jobs: + copilot-setup-steps: + runs-on: ubuntu-latest + permissions: + contents: read + steps: + - name: Check out code + uses: actions/checkout@v5 + - name: Install Chef + uses: actionshub/chef-install@main + - name: Install cookbooks + run: berks install diff --git a/.github/workflows/prevent-file-change.yml b/.github/workflows/prevent-file-change.yml new file mode 100644 index 00000000..0cfd6392 --- /dev/null +++ b/.github/workflows/prevent-file-change.yml @@ -0,0 +1,16 @@ +--- +name: prevent-file-change + +"on": + pull_request: + types: + - opened + - reopened + - edited + - synchronize + +jobs: + prevent-file-change: + uses: sous-chefs/.github/.github/workflows/prevent-file-change.yml@5.0.3 + secrets: + token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000..f76a36aa --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,23 @@ +--- +name: release + +"on": + push: + branches: + - main + +permissions: + contents: write + issues: write + pull-requests: write + packages: write + attestations: write + id-token: write + +jobs: + release: + uses: sous-chefs/.github/.github/workflows/release-cookbook.yml@5.0.3 + secrets: + token: ${{ secrets.PORTER_GITHUB_TOKEN }} + supermarket_user: ${{ secrets.CHEF_SUPERMARKET_USER }} + supermarket_key: ${{ secrets.CHEF_SUPERMARKET_KEY }} diff --git a/.markdownlint-cli2.yaml b/.markdownlint-cli2.yaml index 0196ac7b..ac5076b0 100644 --- a/.markdownlint-cli2.yaml +++ b/.markdownlint-cli2.yaml @@ -3,5 +3,7 @@ config: line-length: false # MD013 no-duplicate-heading: false # MD024 reference-links-images: false # MD052 + no-multiple-blanks: + maximum: 2 ignores: - .github/copilot-instructions.md diff --git a/.release-please-manifest.json b/.release-please-manifest.json new file mode 100644 index 00000000..d13ddb3a --- /dev/null +++ b/.release-please-manifest.json @@ -0,0 +1,3 @@ +{ + ".": "8.1.23" +} diff --git a/CHANGELOG.md b/CHANGELOG.md index 5985a99e..34e07959 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,14 +2,9 @@ This file is used to list changes made in each version of the users cookbook. -## Unreleased - Standardise files with files in sous-chefs/repo-management - Standardise files with files in sous-chefs/repo-management -## 8.1.23 - *2025-09-04* - ## 8.1.22 - *2025-06-08* Standardise files with files in sous-chefs/repo-management @@ -26,26 +21,10 @@ Standardise files with files in sous-chefs/repo-management Standardise files with files in sous-chefs/repo-management -## 8.1.20 - *2024-05-03* - -## 8.1.19 - *2024-05-03* - -## 8.1.18 - *2023-09-29* - -## 8.1.17 - *2023-09-28* - -## 8.1.16 - *2023-05-17* - -## 8.1.15 - *2023-04-17* - ## 8.1.14 - *2023-04-07* Standardise files with files in sous-chefs/repo-management -## 8.1.13 - *2023-04-01* - -## 8.1.12 - *2023-04-01* - ## 8.1.11 - *2023-04-01* Standardise files with files in sous-chefs/repo-management @@ -60,16 +39,12 @@ Standardise files with files in sous-chefs/repo-management Standardise files with files in sous-chefs/repo-management -## 8.1.8 - *2023-02-27* - ## 8.1.7 - *2023-02-27* Standardise files with files in sous-chefs/repo-management Standardise files with files in sous-chefs/repo-management -## 8.1.6 - *2023-02-14* - ## 8.1.5 - *2023-02-14* Standardise files with files in sous-chefs/repo-management @@ -80,8 +55,8 @@ Standardise files with files in sous-chefs/repo-management ## 8.1.3 - *2022-12-03* -- Updated readme, Make it obvious that user creation will be skipped if the user's groups do not include the user_manage module's group name -- Fix CI pipelines +* Updated readme, Make it obvious that user creation will be skipped if the user's groups do not include the user_manage module's group name +* Fix CI pipelines ## 8.1.2 - *2022-02-10* @@ -89,274 +64,274 @@ Standardise files with files in sous-chefs/repo-management ## 8.1.1 - *2021-08-30* -- Standardise files with files in sous-chefs/repo-management +* Standardise files with files in sous-chefs/repo-management ## 8.1.0 - *2021-08-26* -- Add `system` property to `users_manage` resource -- Add `system` property to user json test data -- Add corresponding integration tests +* Add `system` property to `users_manage` resource +* Add `system` property to user json test data +* Add corresponding integration tests ## 8.0.0 - *2021-08-05* -- Patch bug causing the cookbook to fail on suse and macos. -- Update README to lessen confusion. -- This may still be a breaking change for some users, but is hopefully no longer a bug. +* Patch bug causing the cookbook to fail on suse and macos. +* Update README to lessen confusion. +* This may still be a breaking change for some users, but is hopefully no longer a bug. ## 7.1.1 - *2021-08-02* -- CI: Use the chef-infra provisioner instead of chef-zero +* CI: Use the chef-infra provisioner instead of chef-zero ## 7.1.0 - *2021-07-28* -- Give group ownership of each users .ssh/* files to that users primary group -- Allow user to set file permissions for their home directory -- Add a `primary_group` and `homedir_mode` key to the user hash options +* Give group ownership of each users .ssh/* files to that users primary group +* Allow user to set file permissions for their home directory +* Add a `primary_group` and `homedir_mode` key to the user hash options ## 7.0.1 - *2021-07-02* -- Allows a given user to be in a group of the same name, that is already created or explicitly defined in its `groups` key +* Allows a given user to be in a group of the same name, that is already created or explicitly defined in its `groups` key ## 7.0.0 - *2021-06-21* -- Set unified_mode to `true` for the `users_manage` resource -- Set minium Chef version to 15.3 for unified_mode -- Inspec fix from nil to '' +* Set unified_mode to `true` for the `users_manage` resource +* Set minium Chef version to 15.3 for unified_mode +* Inspec fix from nil to '' ## 6.0.3 - *2021-06-01* -- Standardise files with files in sous-chefs/repo-management +* Standardise files with files in sous-chefs/repo-management ## 6.0.2 - *2021-03-29* -- Allow `users` attribute to be unset, allowing to create a group without any users. +* Allow `users` attribute to be unset, allowing to create a group without any users. ## 6.0.1 - *2021-03-16* -- Fix invalid checking of user[:uid] which could lead to root owning the users folders and files. Thanks @evandam +* Fix invalid checking of user[:uid] which could lead to root owning the users folders and files. Thanks @evandam ## 6.0.0 - *2021-03-12* -- Removed hard dependency on data bags. See upgrading.md for details -- Added per user no_user_group option to skip creating user group with the same name. -- Cleaned up the manage resource -- Added pubkey_type helper -- Added more integration tests and updated unit tests to chefspec. +* Removed hard dependency on data bags. See upgrading.md for details +* Added per user no_user_group option to skip creating user group with the same name. +* Cleaned up the manage resource +* Added pubkey_type helper +* Added more integration tests and updated unit tests to chefspec. ## 5.7.0 - *2021-03-08* -- Add manage_home to the remove action of the manage resource +* Add manage_home to the remove action of the manage resource ## 5.6.0 - *2021-01-31* -- Sous Chefs Adoption -- Standardise files with files in sous-chefs/repo-management -- Add integration testing for MacOS -- Remove testing for Amazon Linux 201x, CentOS 6 and Ubuntu 16.04 -- Exclude `uid` and `home` properties from `user` resource on MacOS +* Sous Chefs Adoption +* Standardise files with files in sous-chefs/repo-management +* Add integration testing for MacOS +* Remove testing for Amazon Linux 201x, CentOS 6 and Ubuntu 16.04 +* Exclude `uid` and `home` properties from `user` resource on MacOS ## 5.5.0 (2020-09-01) ### Added -- Add code owners file -- Use the org wide GitHub templates -- Replace TravisCI with Github Actions for testing -- Add Ubuntu 20.04 and include other platforms on dokken for tests -- Enable enforce_idempotency +* Add code owners file +* Use the org wide GitHub templates +* Replace TravisCI with Github Actions for testing +* Add Ubuntu 20.04 and include other platforms on dokken for tests +* Enable enforce_idempotency ### Changed -- Update README - formatting fixes -- Simplify platform specific logic and remove foodcritic comments -- Require Chef Infra Client 12.15+ +* Update README - formatting fixes +* Simplify platform specific logic and remove foodcritic comments +* Require Chef Infra Client 12.15+ ### Fixed -- Cookstyle fixes -- MDL fixes -- yamllint fixes -- Standardise files with files in chef-cookbooks/repo-management -- Update keys so test passes +* Cookstyle fixes +* MDL fixes +* yamllint fixes +* Standardise files with files in chef-cookbooks/repo-management +* Update keys so test passes ### Removed -- Remove Ubuntu 14.04 testing -- Remove one-off ubuntu-16.04-chef-12.7 suite -- Remove .rubocop.yml as it's no longer needed +* Remove Ubuntu 14.04 testing +* Remove one-off ubuntu-16.04-chef-12.7 suite +* Remove .rubocop.yml as it's no longer needed ## 5.4.0 (2018-07-18) -- Remove ChefSpec matchers which are now auto-generatedb y ChefSpec -- Add a new databag entry for the keyfile location +* Remove ChefSpec matchers which are now auto-generatedb y ChefSpec +* Add a new databag entry for the keyfile location ## 5.3.1 (2017-12-15) -- Remove special case for freebsd in favor of later shell validity check +* Remove special case for freebsd in favor of later shell validity check ## 5.3.0 (2017-12-07) -- Add check if user shell exists -- Verify the shell is allowed on AIX -- Add AIX as a supported platform +* Add check if user shell exists +* Verify the shell is allowed on AIX +* Add AIX as a supported platform ## 5.2.2 (2017-11-29) -- Add home directory base for solaris +* Add home directory base for solaris ## 5.2.1 (2017-10-31) -- Make sure ssh_keys can be an array or a string by converting strings to an array if they're passed +* Make sure ssh_keys can be an array or a string by converting strings to an array if they're passed ## 5.2.0 (2017-10-31) -- Require Chef 12.7+ as 12.5 and 12.6 had bugs in their custom resource implementation -- Allow fetching one or more ssh_keys from a url +* Require Chef 12.7+ as 12.5 and 12.6 had bugs in their custom resource implementation +* Allow fetching one or more ssh_keys from a url ## 5.1.0 (2017-05-30) -- Keep ssh keys out of the chef logs -- Improve docs and examples -- Remove class_eval and require Chef 12.7+ as class_eval causes issues with later Chef 12 releases +* Keep ssh keys out of the chef logs +* Improve docs and examples +* Remove class_eval and require Chef 12.7+ as class_eval causes issues with later Chef 12 releases ## 5.0.0 (2017-04-17) ### Breaking changes -- The users_manage LWRP has been converted to a custom resource, which requires Chef 12.5 or later -- The sysadmins recipe contains no resources now and will do nothing +* The users_manage LWRP has been converted to a custom resource, which requires Chef 12.5 or later +* The sysadmins recipe contains no resources now and will do nothing ### Other changes -- Added integration tests with Inspec -- Fixed all deprecation warnings -- Fixed group creation on macOS when the group already exists -- Added suse platforms as supported in the metadata -- Switched to a SPDX apache-2.0 license string -- Moved all templates out of the default directory as we don't support Chef 11 anymore +* Added integration tests with Inspec +* Fixed all deprecation warnings +* Fixed group creation on macOS when the group already exists +* Added suse platforms as supported in the metadata +* Switched to a SPDX apache-2.0 license string +* Moved all templates out of the default directory as we don't support Chef 11 anymore ## 4.0.3 (2016-11-23) -- Update manage provider to return true/false in guard block which avoids warnings during run on Chef 12.14+ +* Update manage provider to return true/false in guard block which avoids warnings during run on Chef 12.14+ ## 4.0.2 (2016-11-18) -- Deprecate the sysadmins recipe +* Deprecate the sysadmins recipe ## 4.0.1 (2016-09-15) -- Fix creation of user home directory +* Fix creation of user home directory ## 4.0.0 (2016-09-15) -- Add chef_version to the metadata -- Require Chef 12.1+ -- Testing updates -- Fixed compatibility with Chef 12.14 -- Properly define the Chefspec matcher -- Add a warning if someone includes users::default since that does nothing +* Add chef_version to the metadata +* Require Chef 12.1+ +* Testing updates +* Fixed compatibility with Chef 12.14 +* Properly define the Chefspec matcher +* Add a warning if someone includes users::default since that does nothing ## v3.0.0 -- @onlyhavecans - Fix FreeBSD support -- @stem - Fix user creation on Mac OS X on 10.7 and 10.8 -- Remove old style chef solo code to clean up rubocop issues, move to using cookstyle -- Adding zlinux support +* @onlyhavecans - Fix FreeBSD support +* @stem - Fix user creation on Mac OS X on 10.7 and 10.8 +* Remove old style chef solo code to clean up rubocop issues, move to using cookstyle +* Adding zlinux support ## v2.0.3 -- @nkadel-skyhook - create .ssh directory only if keys are configured. -- @signe - allow force parameter to be specified for users configured to be removed. -- @FlorentFlament - adding the ability to manage groups for existing users. +* @nkadel-skyhook - create .ssh directory only if keys are configured. +* @signe - allow force parameter to be specified for users configured to be removed. +* @FlorentFlament - adding the ability to manage groups for existing users. ## v2.0.2 (2016-1-25) -- @375gnu- validate uid/gid for strings versus numeric -- fix rubocop errors based on -- fix kitchen configurations for testing +* @375gnu- validate uid/gid for strings versus numeric +* fix rubocop errors based on +* fix kitchen configurations for testing ## v2.0.1 (2016-1-8) -- Fixed provider to work on Mac OS X -- funzoneq - add correct default shell for FreeBSD if not provided -- Added kitchen.dokken to speed up platform testing +* Fixed provider to work on Mac OS X +* funzoneq - add correct default shell for FreeBSD if not provided +* Added kitchen.dokken to speed up platform testing ## v2.0.0 (2015-12-11) -- Removed Chef 10 compatibility code -- Removed the nodes fqdn from the authorized_keys file -- Removed a trailing comma in a readme example -- Added chef standard .gitignore and chefignore files -- Added chef standard .rubocop.yml file and resolved warnings -- Resolved foodcritic warnings +* Removed Chef 10 compatibility code +* Removed the nodes fqdn from the authorized_keys file +* Removed a trailing comma in a readme example +* Added chef standard .gitignore and chefignore files +* Added chef standard .rubocop.yml file and resolved warnings +* Resolved foodcritic warnings ## v1.8.2 (2015-03-18) -- No changes, just republishing 1.8.1 +* No changes, just republishing 1.8.1 ## v1.8.1 (2015-03-12) -- Add `source_url` and `issues_url` to the metadata.rb so Supermarket can display appropriate links +* Add `source_url` and `issues_url` to the metadata.rb so Supermarket can display appropriate links ## v1.8.0 (2015-03-09) -- Expose LWRP state attributes -- [COOK-4401] - Add unit tests with ChefSpec -- [COOK-4404] - Determine file system and add manage_nfs_home_dirs attribute to disable managing NFS mounted home directories -- Remove `converge_by` when creating home directory, the directory resource already handles this -- Do not manage home directory if the path does not exist -- Add integration with TravisCI -- "Opscode" to "Chef" replacements -- Retire unsupported Ruby 1.9.3 and add Ruby 2.2 to the Travis integration tests -- Updates for RSpec 3 +* Expose LWRP state attributes +* [COOK-4401] - Add unit tests with ChefSpec +* [COOK-4404] - Determine file system and add manage_nfs_home_dirs attribute to disable managing NFS mounted home directories +* Remove `converge_by` when creating home directory, the directory resource already handles this +* Do not manage home directory if the path does not exist +* Add integration with TravisCI +* "Opscode" to "Chef" replacements +* Retire unsupported Ruby 1.9.3 and add Ruby 2.2 to the Travis integration tests +* Updates for RSpec 3 ## v1.7.0 (2014-02-14) -- [COOK-4139] - users_manage resource always notifies -- [COOK-4078] - users cookbook fails in why-run mode for .ssh directory -- [COOK-3959] - Add support for Mac OS X to users cookbook +* [COOK-4139] - users_manage resource always notifies +* [COOK-4078] - users cookbook fails in why-run mode for .ssh directory +* [COOK-3959] - Add support for Mac OS X to users cookbook ## v1.6.0 ### Bug -- **[COOK-3744](https://tickets.opscode.com/browse/COOK-3744)** - Allow passing an action option via the `data_bag` to the user resource +* Allow passing an action option via the `data_bag` to the user resource ## v1.5.2 ### Bug -- **[COOK-3215](https://tickets.opscode.com/browse/COOK-3215)** - Make `group_id` optional +* Make `group_id` optional ## v1.5.0 -- [COOK-2427] - Mistakenly released instead of sudo :-). +* [COOK-2427] - Mistakenly released instead of sudo :-). ## v1.4.0 -- [COOK-2479] - Permit users cookbook to work with chef-solo if edelight/chef-solo-search is installed -- [COOK-2486] - specify precedence when setting node attribute +* [COOK-2479] - Permit users cookbook to work with chef-solo if edelight/chef-solo-search is installed +* [COOK-2486] - specify precedence when setting node attribute ## v1.3.0 -- [COOK-1842] - allow specifying private SSH keys -- [COOK-2021] - Empty default recipe for including users LWRPs +* [COOK-1842] - allow specifying private SSH keys +* [COOK-2021] - Empty default recipe for including users LWRPs ## v1.2.0 -- [COOK-1398] - Provider manage.rb ignores username attribute -- [COOK-1582] - ssh_keys should take an array in addition to a string separated by new lines +* [COOK-1398] - Provider manage.rb ignores username attribute +* [COOK-1582] - ssh_keys should take an array in addition to a string separated by new lines ## v1.1.4 -- [COOK-1396] - removed users get recreated -- [COOK-1433] - resolve foodcritic warnings -- [COOK-1583] - set passwords for users +* [COOK-1396] - removed users get recreated +* [COOK-1433] - resolve foodcritic warnings +* [COOK-1583] - set passwords for users ## v1.1.2 -- [COOK-1076] - authorized_keys template not found in another cookbook +* [COOK-1076] - authorized_keys template not found in another cookbook ## v1.1.0 -- [COOK-623] - LWRP conversion +* [COOK-623] - LWRP conversion diff --git a/libraries/helpers.rb b/libraries/helpers.rb index 614b51c7..bf45e0f7 100644 --- a/libraries/helpers.rb +++ b/libraries/helpers.rb @@ -25,7 +25,7 @@ def keys_from_url(url) begin response = Chef::HTTP.new(host).get(path) response.split("\n") - rescue Net::HTTPServerException => e + rescue Net::HTTPClientException => e p "request: #{host}#{path}, error: #{e}" end end diff --git a/release-please-config.json b/release-please-config.json new file mode 100644 index 00000000..3a7a3229 --- /dev/null +++ b/release-please-config.json @@ -0,0 +1,12 @@ +{ + "packages": { + ".": { + "package-name": "users", + "changelog-path": "CHANGELOG.md", + "release-type": "ruby", + "include-component-in-tag": false, + "version-file": "metadata.rb" + } + }, + "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json" +} diff --git a/spec/manage_spec.rb b/spec/manage_spec.rb index 118fbe69..2ce3bde5 100644 --- a/spec/manage_spec.rb +++ b/spec/manage_spec.rb @@ -10,49 +10,49 @@ 'groups': %w(testgroup nfsgroup), 'manage_home': true, }, -{ - 'id': 'test_user_keys_from_url', - 'password': '$1$5cE1rI/9$4p0fomh9U4kAI23qUlZVv/', # Do not do this in a production environment. - 'uid': 9002, - 'comment': 'Test User who grabs ssh keys from a url', - 'shell': '/bin/bash', - 'ssh_keys': [ - 'https://github.com/majormoses.keys', - 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU\nGPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3\nPbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XA\nt3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/En\nmZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbx\nNQCPO0ZZEa1== chefuser@mylaptop.local', - ], - 'groups': %w(testgroup nfsgroup), -}, -{ - 'id': 'usertoremove', - 'action': 'remove', - 'groups': %w(testgroup), - 'force': true, - 'manage_home': true, -}, -{ - 'id': 'bogus_user', - 'action': 'remove', - 'groups': %w(nfsgroup), -}, -{ - 'id': 'user_with_dev_null_home', - 'groups': ['testgroup'], - 'shell': '/usr/bin/bash', - 'home': '/dev/null', -}, -{ - 'id': 'user_with_nfs_home_first', - 'groups': ['testgroup'], -}, -{ - 'id': 'user_with_nfs_home_second', - 'groups': ['nfsgroup'], -}, -{ - 'id': 'user_with_local_home', - 'ssh_keys': ["ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU\nGPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3\nPbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XA\nt3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/En\nmZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbx\nNrRFi9wrf+M7Q== chefuser@mylaptop.local"], - 'groups': ['testgroup'], -}] + { + 'id': 'test_user_keys_from_url', + 'password': '$1$5cE1rI/9$4p0fomh9U4kAI23qUlZVv/', # Do not do this in a production environment. + 'uid': 9002, + 'comment': 'Test User who grabs ssh keys from a url', + 'shell': '/bin/bash', + 'ssh_keys': [ + 'https://github.com/majormoses.keys', + 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU\nGPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3\nPbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XA\nt3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/En\nmZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbx\nNQCPO0ZZEa1== chefuser@mylaptop.local', + ], + 'groups': %w(testgroup nfsgroup), + }, + { + 'id': 'usertoremove', + 'action': 'remove', + 'groups': %w(testgroup), + 'force': true, + 'manage_home': true, + }, + { + 'id': 'bogus_user', + 'action': 'remove', + 'groups': %w(nfsgroup), + }, + { + 'id': 'user_with_dev_null_home', + 'groups': ['testgroup'], + 'shell': '/usr/bin/bash', + 'home': '/dev/null', + }, + { + 'id': 'user_with_nfs_home_first', + 'groups': ['testgroup'], + }, + { + 'id': 'user_with_nfs_home_second', + 'groups': ['nfsgroup'], + }, + { + 'id': 'user_with_local_home', + 'ssh_keys': ["ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU\nGPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3\nPbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XA\nt3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/En\nmZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbx\nNrRFi9wrf+M7Q== chefuser@mylaptop.local"], + 'groups': ['testgroup'], + }] describe 'users_manage' do step_into :users_manage diff --git a/test/fixtures/cookbooks/users_test/attributes/default.rb b/test/fixtures/cookbooks/users_test/attributes/default.rb index 988c9fb5..02b014fd 100644 --- a/test/fixtures/cookbooks/users_test/attributes/default.rb +++ b/test/fixtures/cookbooks/users_test/attributes/default.rb @@ -5,71 +5,71 @@ 'force': true, 'manage_home': true, }, -{ - 'id': 'databag_mwaddams', - 'action': 'remove', - 'groups': %w(testgroup nfsgroup), - 'manage_home': true, -}, -{ - 'id': 'user_with_dev_null_home', - 'uid': 5000, - 'gid': 4000, - 'groups': ['nfsgroup'], - 'primary_group': 'nfsgroup', - 'shell': '/bin/bash', - 'home': '/dev/null', - 'no_user_group': true, -}, -{ - 'id': 'user_with_nfs_home_first', - 'groups': ['nfsgroup'], - 'shell': '/bin/sh', - 'ssh_public_key': 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC6aZDF+x28xIlZSgyfyh3IAkencLp1VCU7JXBhJcXNy cheftestuser@laptop', -}, -{ - 'id': 'user_with_nfs_home_second', - 'groups': ['nfsgroup'], - 'ssh_public_key': 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCezwRzemhAGbqvvO/9RmiO9eOtRlUHn1HgvM4HDxxL/bFJCtUfyqbZfyQHXLqe7LJ0rRttAXWmcRLU/668bp70=', - 'ssh_private_key': "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS\n1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQQns8Ec3poQBm6r7zv/UZojvXjrUZVB\n59R4LzOBw8cS/2xSQrVH8qm2X8kB1y6nuyydK0bbQF1pnES1P+uvG6e9AAAAsD2Nf449jX\n+OAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCezwRzemhAGbqvv\nO/9RmiO9eOtRlUHn1HgvM4HDxxL/bFJCtUfyqbZfyQHXLqe7LJ0rRttAXWmcRLU/668bp7\n0AAAAgJp/B6o2OADM0+NlkgH1dFcOLK64jhr3ScbWK4iyRdOcAAAAVZm11bGxlckBzYnBs\ndGMxbWxsdmRsAQID\n-----END OPENSSH PRIVATE KEY-----\n", -}, -{ - 'id': 'user_with_local_home', - 'groups': ['nfsgroup'], - 'ssh_private_key': "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACAummQxfsdvMSJWUoMn8odyAJHp3C6dVQlOyVwYSXFzcgAAAJjzcJxA83Cc\nQAAAAAtzc2gtZWQyNTUxOQAAACAummQxfsdvMSJWUoMn8odyAJHp3C6dVQlOyVwYSXFzcg\nAAAEC7TGfA0MU0mh0V39qw5RSThUo0idTtU2vCe9bJrHmyFS6aZDF+x28xIlZSgyfyh3IA\nkencLp1VCU7JXBhJcXNyAAAAFWZtdWxsZXJAc2JwbHRjMW1sbHZkbA==\n-----END OPENSSH PRIVATE KEY-----\n", -}, -{ - 'username': 'user_with_username_instead_of_id', - 'groups': ['nfsgroup'], - 'shell': '/bin/bash', - 'ssh_keys': ['ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC6aZDF+x28xIlZSgyfyh3IAkencLp1VCU7JXBhJcXNy cheftestuser@laptop'], - 'ssh_private_key': "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACAummQxfsdvMSJWUoMn8odyAJHp3C6dVQlOyVwYSXFzcgAAAJjzcJxA83Cc\nQAAAAAtzc2gtZWQyNTUxOQAAACAummQxfsdvMSJWUoMn8odyAJHp3C6dVQlOyVwYSXFzcg\nAAAEC7TGfA0MU0mh0V39qw5RSThUo0idTtU2vCe9bJrHmyFS6aZDF+x28xIlZSgyfyh3IA\nkencLp1VCU7JXBhJcXNyAAAAFWZtdWxsZXJAc2JwbHRjMW1sbHZkbA==\n-----END OPENSSH PRIVATE KEY-----\n", - 'ssh_public_key': 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCezwRzemhAGbqvvO/9RmiO9eOtRlUHn1HgvM4HDxxL/bFJCtUfyqbZfyQHXLqe7LJ0rRttAXWmcRLU/668bp70=', -}, -{ - 'username': 'explicituser', - 'groups': ['explicituser'], -}, -{ - 'username': 'joins_spawned_group', - 'gid': 'string_gid', - 'no_user_group': true, - 'groups': ['user_before_group'], -}, -{ - 'username': 'primary_integer_gid', - 'groups': %w(spawns_next_group user_before_group), - 'primary_group': 'user_before_group', - 'gid': 6000, -}, -{ - 'username': 'nonstandard_homedir_perms', - 'homedir_mode': '02755', - 'ssh_keys': ['ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC6aZDF+x28xIlZSgyfyh3IAkencLp1VCU7JXBhJcXNy cheftestuser@laptop'], - 'groups': ['nonstandard_homedir_perms'], -}, -{ - 'id': 'system_user', - 'groups': ['system_group'], - 'system': true, -}] + { + 'id': 'databag_mwaddams', + 'action': 'remove', + 'groups': %w(testgroup nfsgroup), + 'manage_home': true, + }, + { + 'id': 'user_with_dev_null_home', + 'uid': 5000, + 'gid': 4000, + 'groups': ['nfsgroup'], + 'primary_group': 'nfsgroup', + 'shell': '/bin/bash', + 'home': '/dev/null', + 'no_user_group': true, + }, + { + 'id': 'user_with_nfs_home_first', + 'groups': ['nfsgroup'], + 'shell': '/bin/sh', + 'ssh_public_key': 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC6aZDF+x28xIlZSgyfyh3IAkencLp1VCU7JXBhJcXNy cheftestuser@laptop', + }, + { + 'id': 'user_with_nfs_home_second', + 'groups': ['nfsgroup'], + 'ssh_public_key': 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCezwRzemhAGbqvvO/9RmiO9eOtRlUHn1HgvM4HDxxL/bFJCtUfyqbZfyQHXLqe7LJ0rRttAXWmcRLU/668bp70=', + 'ssh_private_key': "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS\n1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQQns8Ec3poQBm6r7zv/UZojvXjrUZVB\n59R4LzOBw8cS/2xSQrVH8qm2X8kB1y6nuyydK0bbQF1pnES1P+uvG6e9AAAAsD2Nf449jX\n+OAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCezwRzemhAGbqvv\nO/9RmiO9eOtRlUHn1HgvM4HDxxL/bFJCtUfyqbZfyQHXLqe7LJ0rRttAXWmcRLU/668bp7\n0AAAAgJp/B6o2OADM0+NlkgH1dFcOLK64jhr3ScbWK4iyRdOcAAAAVZm11bGxlckBzYnBs\ndGMxbWxsdmRsAQID\n-----END OPENSSH PRIVATE KEY-----\n", + }, + { + 'id': 'user_with_local_home', + 'groups': ['nfsgroup'], + 'ssh_private_key': "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACAummQxfsdvMSJWUoMn8odyAJHp3C6dVQlOyVwYSXFzcgAAAJjzcJxA83Cc\nQAAAAAtzc2gtZWQyNTUxOQAAACAummQxfsdvMSJWUoMn8odyAJHp3C6dVQlOyVwYSXFzcg\nAAAEC7TGfA0MU0mh0V39qw5RSThUo0idTtU2vCe9bJrHmyFS6aZDF+x28xIlZSgyfyh3IA\nkencLp1VCU7JXBhJcXNyAAAAFWZtdWxsZXJAc2JwbHRjMW1sbHZkbA==\n-----END OPENSSH PRIVATE KEY-----\n", + }, + { + 'username': 'user_with_username_instead_of_id', + 'groups': ['nfsgroup'], + 'shell': '/bin/bash', + 'ssh_keys': ['ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC6aZDF+x28xIlZSgyfyh3IAkencLp1VCU7JXBhJcXNy cheftestuser@laptop'], + 'ssh_private_key': "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACAummQxfsdvMSJWUoMn8odyAJHp3C6dVQlOyVwYSXFzcgAAAJjzcJxA83Cc\nQAAAAAtzc2gtZWQyNTUxOQAAACAummQxfsdvMSJWUoMn8odyAJHp3C6dVQlOyVwYSXFzcg\nAAAEC7TGfA0MU0mh0V39qw5RSThUo0idTtU2vCe9bJrHmyFS6aZDF+x28xIlZSgyfyh3IA\nkencLp1VCU7JXBhJcXNyAAAAFWZtdWxsZXJAc2JwbHRjMW1sbHZkbA==\n-----END OPENSSH PRIVATE KEY-----\n", + 'ssh_public_key': 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCezwRzemhAGbqvvO/9RmiO9eOtRlUHn1HgvM4HDxxL/bFJCtUfyqbZfyQHXLqe7LJ0rRttAXWmcRLU/668bp70=', + }, + { + 'username': 'explicituser', + 'groups': ['explicituser'], + }, + { + 'username': 'joins_spawned_group', + 'gid': 'string_gid', + 'no_user_group': true, + 'groups': ['user_before_group'], + }, + { + 'username': 'primary_integer_gid', + 'groups': %w(spawns_next_group user_before_group), + 'primary_group': 'user_before_group', + 'gid': 6000, + }, + { + 'username': 'nonstandard_homedir_perms', + 'homedir_mode': '02755', + 'ssh_keys': ['ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC6aZDF+x28xIlZSgyfyh3IAkencLp1VCU7JXBhJcXNy cheftestuser@laptop'], + 'groups': ['nonstandard_homedir_perms'], + }, + { + 'id': 'system_user', + 'groups': ['system_group'], + 'system': true, + }]