* Close#165
* Move existing `.kitchen.yml` => `kitchen.vagrant.yml`
* Semi-automated using https://github.com/myii/ssf-formula/pull/30
* Fix errors shown below:
```bash
openssh-formula$ yamllint -s .
./pillar.example
49:3 error duplication of key "AllowUsers" in mapping (key-duplicates)
57:3 error duplication of key "DenyUsers" in mapping (key-duplicates)
63:3 error duplication of key "AllowGroups" in mapping (key-duplicates)
70:3 error duplication of key "DenyGroups" in mapping (key-duplicates)
79:24 warning truthy value should be one of [false, true] (truthy)
80:29 warning truthy value should be one of [false, true] (truthy)
118:4 warning missing starting space in comment (comments)
119:4 warning missing starting space in comment (comments)
119:89 error line too long (122 > 88 characters) (line-length)
120:4 warning missing starting space in comment (comments)
120:89 error line too long (144 > 88 characters) (line-length)
147:30 warning truthy value should be one of [false, true] (truthy)
148:21 warning truthy value should be one of [false, true] (truthy)
149:19 warning truthy value should be one of [false, true] (truthy)
150:32 warning truthy value should be one of [false, true] (truthy)
151:26 warning truthy value should be one of [false, true] (truthy)
152:31 warning truthy value should be one of [false, true] (truthy)
153:32 warning truthy value should be one of [false, true] (truthy)
154:29 warning truthy value should be one of [false, true] (truthy)
155:34 warning truthy value should be one of [false, true] (truthy)
175:8 warning missing starting space in comment (comments)
175:89 error line too long (152 > 88 characters) (line-length)
176:8 warning missing starting space in comment (comments)
176:89 error line too long (126 > 88 characters) (line-length)
177:8 warning missing starting space in comment (comments)
177:89 error line too long (148 > 88 characters) (line-length)
213:18 warning truthy value should be one of [false, true] (truthy)
219:18 warning truthy value should be one of [false, true] (truthy)
225:18 warning truthy value should be one of [false, true] (truthy)
241:22 warning truthy value should be one of [false, true] (truthy)
243:22 warning truthy value should be one of [false, true] (truthy)
244:20 warning truthy value should be one of [false, true] (truthy)
245:21 warning truthy value should be one of [false, true] (truthy)
254:24 warning truthy value should be one of [false, true] (truthy)
255:22 warning truthy value should be one of [false, true] (truthy)
256:23 warning truthy value should be one of [false, true] (truthy)
265:22 warning truthy value should be one of [false, true] (truthy)
268:21 warning truthy value should be one of [false, true] (truthy)
269:20 warning truthy value should be one of [false, true] (truthy)
270:21 warning truthy value should be one of [false, true] (truthy)
279:26 warning truthy value should be one of [false, true] (truthy)
280:24 warning truthy value should be one of [false, true] (truthy)
281:25 warning truthy value should be one of [false, true] (truthy)
307:16 warning truthy value should be one of [false, true] (truthy)
308:6 warning missing starting space in comment (comments)
314:6 warning missing starting space in comment (comments)
316:24 warning truthy value should be one of [false, true] (truthy)
339:89 error line too long (546 > 88 characters) (line-length)
340:89 error line too long (546 > 88 characters) (line-length)
341:89 error line too long (546 > 88 characters) (line-length)
342:89 error line too long (546 > 88 characters) (line-length)
344:4 warning missing starting space in comment (comments)
345:4 warning missing starting space in comment (comments)
357:19 warning truthy value should be one of [false, true] (truthy)
./openssh/osfamilymap.yaml
1:1 warning missing document start "---" (document-start)
./openssh/osfingermap.yaml
1:1 warning missing document start "---" (document-start)
./openssh/osmap.yaml
1:1 warning missing document start "---" (document-start)
./openssh/defaults.yaml
1:1 warning missing document start "---" (document-start)
3:18 warning truthy value should be one of [false, true] (truthy)
6:34 warning too few spaces before comment (comments)
10:25 warning truthy value should be one of [false, true] (truthy)
12:32 warning too few spaces before comment (comments)
16:24 warning truthy value should be one of [false, true] (truthy)
18:24 warning too few spaces before comment (comments)
20:42 warning too few spaces before comment (comments)
27:6 warning missing starting space in comment (comments)
```
* Use consistent Jinja whitespace control `{%- ... -}`
* Improve debug output (comments & whitespace control)
* Use exact state names with TOFS `files_switch`
* Add `ssh_known_hosts_src` to `defaults` (for consistency)
* Restrict `pillar.example` changes to TOFS only
* Use `fire_banner` in `pillar.example` to indicate available template
* Fix#162
* Check for any number of tabs after the keyword
* If found, replace them by a single space to match the `separator` used
in the `ini_options.present` state
Change the require_ins used by the key management states in the
config.sls to be conditional based on whether the sshd_config
is managed by the formula
Fixes#130
OpenSSH's Match declarations are applied first-match-wins. However, we
can't safely define two Matches that might overlap unless we first sort
the keys, as Python (and Jinja) dicts don't guarantee the order of
dict keys,
We also won't scramble the match sequence every time the user adds,
removes or renames a match, and so we give the user clearer, more
concise diffs as when they apply changes.
Finally, we leave a comment on the Match line identifying where the
Match rule came from, to assist in troubleshooting.
Support complex compound matches in Match criteria. For example, be able
to match against multiple Users for a given Match, or be able to match
against address ranges. Or Groups. Or any combination thereof.
Support for matching users can take one of several different appearances
in pillar data:
sshd_config:
matches:
match_1:
type:
User: one_user
options:
ChrootDirectory: /ex/%u
match_2:
type:
User:
- jim
- bob
- sally
options:
ChrootDirectory: /ex/%u
match_3:
type:
User:
jim: ~
bob: ~
sally: ~
options:
ChrootDirectory: /ex/%u
Note the syntax of match_3. By using empty dicts for each user, we can
leverage Salt's pillar mergine. If we use simple lists, we cannot do
this; Salt can't merge simple lists, because it doesn't know what order
they ought to be in.
OpenSSH's Match declarations are applied first-match-wins. However, we
can't safely define two Matches that might overlap unless we first sort
the keys, as Python (and Jinja) dicts don't guarantee the order of
dict keys,
We also won't scramble the match sequence every time the user adds,
removes or renames a match, and so we give the user clearer, more
concise diffs as when they apply changes.
Finally, we leave a comment on the Match line identifying where the
Match rule came from, to assist in troubleshooting.
The fix introduced in 678cc9066c
suppresses the PrintLastLog directive for FreeBSD 10.3.
SSH on FreeBSD 11.0 also does not support PrintLastLog, so this
change suppresses it for any version >= 10.3.
Imran Iqbal
nb
Imran Iqbal
Meng Chen
Robin Elfrink
Manuel Webersen
alxwr
Alexander Weidinger
Peter Hudec
Jasper Lievisse Adriaanse
reschl
tmeneau
Florian Ermisch
Felipe Zipitría
Niels Abspoel
Raphaël Hertzog
Arthur Lutz
Mario Fritschen
Andres Montalban
Niels Abspoel
Brian Holland
Tibold Kandrai
Florian Ermisch
Michael Mol
Adam Mendlik