[COOK-2073] Add support for Match block

Signed-off-by: Sean OMeara <[email protected]>

.kitchen.yml

@@ -1,12 +1,77 @@
+---
 driver_plugin: vagrant
+driver_plugin: digitalocean
 driver_config:
-  require_chef_omnibus: true
+  digitalocean_client_id: <%= ENV['DIGITAL_OCEAN_CLIENT_ID'] %>
+  digitalocean_api_key: <%= ENV['DIGITAL_OCEAN_API_KEY'] %>
+  aws_access_key_id: <%= ENV['AWS_ACCESS_KEY_ID'] %> 
+  aws_secret_access_key: <%= ENV['AWS_SECRET_ACCESS_KEY'] %>
+  aws_ssh_key_id: <%= ENV['AWS_KEYPAIR_NAME'] %>
+  ssh_key: <%= ENV['AWS_PRIVATE_KEY_PATH'] %>
+  rackspace_username: <%= ENV['RACKSPACE_USERNAME'] %>
+  rackspace_api_key: <%= ENV['RACKSPACE_API_KEY'] %>
+  require_chef_omnibus: latest
 
 platforms:
-  - name: ubuntu-12.04
-    run_list:
-      - recipe[apt::default]
-  - name: centos-6.4
+- name: centos-5.8
+  driver_plugin: digitalocean
+  driver_config:
+    image_id: 1601
+    flavor_id: 63
+    region_id: 1
+    ssh_key_ids: <%= ENV['DIGITAL_OCEAN_SSH_KEY_IDS'] %>
+
+- name: centos-6.4
+  driver_plugin: digitalocean
+  driver_config:
+    image_id: 562354
+    flavor_id: 63
+    region_id: 1
+    ssh_key_ids: <%= ENV['DIGITAL_OCEAN_SSH_KEY_IDS'] %>
+
+- name: amazon-2013.09
+  driver_plugin: ec2
+  driver_config:
+    image_id: ami-3be4bc52
+    username: ec2-user
+
+- name: fedora-19
+  driver_plugin: digitalocean
+  driver_config:
+    image_id: 696598
+    flavor_id: 63
+    region_id: 1
+    ssh_key_ids: <%= ENV['DIGITAL_OCEAN_SSH_KEY_IDS'] %>
+
+- name: ubuntu-1004
+  driver_plugin: digitalocean
+  driver_config:
+    image_id: 14097
+    flavor_id: 63
+    region_id: 1
+    ssh_key_ids: <%= ENV['DIGITAL_OCEAN_SSH_KEY_IDS'] %>
+  run_list:
+  - recipe[apt]
+
+- name: ubuntu-1204
+  driver_plugin: digitalocean
+  driver_config:
+    image_id: 1505447
+    flavor_id: 63
+    region_id: 1
+    ssh_key_ids: <%= ENV['DIGITAL_OCEAN_SSH_KEY_IDS'] %>
+  run_list:
+  - recipe[apt]
+
+- name: ubuntu-1310
+  driver_plugin: digitalocean
+  driver_config:
+    image_id: 961965
+    flavor_id: 63
+    region_id: 1
+    ssh_key_ids: <%= ENV['DIGITAL_OCEAN_SSH_KEY_IDS'] %>
+  run_list:
+  - recipe[apt]
 
 suites:
   - name: default

Gemfile

@@ -1,11 +1,13 @@
 source 'https://rubygems.org'
 
 gem 'berkshelf',  '~> 2.0'
-gem 'chefspec',   '~> 2.0'
+gem 'chefspec',   '~> 3.0'
 gem 'foodcritic', '~> 3.0'
-gem 'rubocop',    '~> 0.12'
+gem 'rubocop'
 
 group :integration do
-  gem 'test-kitchen',    '~> 1.0.0.beta'
+  gem 'test-kitchen', '~> 1.0'
   gem 'kitchen-vagrant', '~> 0.11'
+  gem 'kitchen-digitalocean'
+  gem 'kitchen-ec2'
 end

README.md

@@ -44,6 +44,7 @@ This means anything located in [sshd_config](http://www.openbsd.org/cgi-bin/man.
 * If it is an `Array`, each item in the array will get it's own line in the config file.
 * `Hash` attributes are meant to used with `ssh_config` namespace to create host-specific configurations. The keys of the `Hash` will be used as the `Host` entries and their associated entries as the configuration values.
 * All the values in openssh are commented out in the `attributes/default.rb` file for a base starting point.
+* There is one special attribute name, which is `match`. This is not included in the default template like the others. `node['openssh']['server']['match']` must be a Hash, where the key is the match pattern criteria and the value should be a Hash of normal keywords and values. The same transformations listed above apply to these keywords. See examples below.
 
 
 Dynamic ListenAddress
@@ -67,6 +68,24 @@ This requires use of identity files to connect
 }
 ```
 
+#### Match
+
+```json
+"openssh": {
+  "server": {
+    "match": {
+      "Address 192.168.1.0/24": {
+        "password_authentication": "yes"
+      },
+      "Group admins": {
+        "permit_tunnel": "yes",
+        "max_sessions": "20"
+      }
+    }
+  }
+}
+```
+
 #### Enable X Forwarding
 
 ```json

attributes/default.rb

@@ -139,3 +139,4 @@
 # default['openssh']['server']['chroot_directory'] = 'none'
 # default['openssh']['server']['banner'] = 'none'
 # default['openssh']['server']['subsystem'] =	'sftp	/usr/libexec/sftp-server'
+default['openssh']['server']['match'] = {}

spec/unit/recipes/default_spec.rb

@@ -21,11 +21,21 @@
     expect(template.group).to eq('root')
   end
 
-  it 'writes the sshd_config' do
-    template = chef_run.template('/etc/ssh/sshd_config')
-    expect(template).to be
-    expect(template.mode).to eq('0644')
-    expect(template.owner).to eq('root')
-    expect(template.group).to eq('root')
+  describe 'sshd_config' do
+
+    it 'writes the sshd_config' do
+      template = chef_run.template('/etc/ssh/sshd_config')
+      expect(template).to be
+      expect(template.mode).to eq('0644')
+      expect(template.owner).to eq('root')
+      expect(template.group).to eq('root')
+    end
+
+    it 'writes a match group block' do
+      chef_run.node.set['openssh']['server']['match'] = { 'Group admins' => { 'permit_tunnel' => 'yes' } }
+      chef_run.converge(described_recipe)
+      expect(chef_run).to create_file_with_content '/etc/ssh/sshd_config', /Match Group admins\n\s\sPermitTunnel yes/
+    end
+
   end
 end

templates/default/sshd_config.erb

@@ -1,7 +1,7 @@
 # This file was generated by Chef for <%= node['fqdn'] %>
 # Do NOT modify this file by hand!
 
-<% node['openssh']['server'].map do |key, value| -%>
+<% node['openssh']['server'].dup.reject{|k,v| k=='match'}.map do |key, value| -%>
 <%  if value.kind_of? Array -%>
 <%    value.each do |item| -%>
 <%=     "#{key.split("_").map { |w| w.capitalize}.join} #{item}" %>
@@ -10,3 +10,17 @@
 <%=   "#{key.split("_").map { |w| w.capitalize}.join} #{value}"%>
 <%  end -%>
 <% end -%>
+
+<% node['openssh']['server']['match'].sort.map do |match_key, match_items| -%>
+Match <%= match_key %>
+<%   match_items.sort.map do |key, value| -%>
+<%     if value.kind_of? Array -%>
+<%       value.each do |item| -%>
+<%=        "  #{key.split("_").map { |w| w.capitalize}.join} #{item}" %>
+<%       end -%>
+<%     else -%>
+<%=      "  #{key.split("_").map { |w| w.capitalize}.join} #{value}"%>
+<%     end -%>
+<%   end -%>
+
+<% end -%>