Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Option to disable display of diff in the puppet log #276

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Option to disable display of diff in the puppet log #276

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
1b5cb9e
feat: add show_diff option
teluq-pbrideau Jul 4, 2024
9d9f4d6
test: run config and versionlock on every supported OS
teluq-pbrideau Jul 4, 2024
48f92fe
test: add show_diff parameter test
teluq-pbrideau Jul 4, 2024
d345c46
docs: add yum::config sensitive warning
teluq-pbrideau Jul 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 33 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,39 @@ yum::config { 'debuglevel':
}
```

NOTE: The parameter `ensure` can be set as sensitive, but is not censored when
another config nearby is changed. For example:

```puppet
yum::config { 'proxy_username':
ensure => 'user',
}
yum::config { 'proxy_password':
ensure => Sensitive('mysecretpassword'),
}
```

```bash
--- /etc/yum.conf 2022-09-28 10:53:13.958280359 -0400
+++ /etc/yum.conf.augnew 2022-09-28 11:44:01.581689900 -0400
@@ -10,5 +10,5 @@
metadata_expire=0
mirrorlist_expire=0
proxy=http://host.example.com:3128
-proxy_username=user
+proxy_username=anotheruser
proxy_password=mysecretpassword

Notice: /Stage[main]/Yum/Yum::Config[proxy_username]/Augeas[yum.conf_proxy_username]/returns: executed successfully (corrective)
```

The parameter `show_diff => false` should be use in this case:
```puppet
class { 'yum':
show_diff => false,
}
```

### Manage COPR repositories

This module also supports managing
Expand Down
10 changes: 10 additions & 0 deletions REFERENCE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,7 @@ The following parameters are available in the `yum` class:
* [`gpgkeys`](#-yum--gpgkeys)
* [`utils_package_name`](#-yum--utils_package_name)
* [`groups`](#-yum--groups)
* [`show_diff`](#-yum--show_diff)

##### <a name="-yum--clean_old_kernels"></a>`clean_old_kernels`

Expand Down Expand Up @@ -245,6 +246,15 @@ A hash of yum::group instances to manage.

Default value: `{}`

##### <a name="-yum--show_diff"></a>`show_diff`

Data type: `Boolean`

Wether to display diff when a config is changed. It is useful when there is confidental
information that you do not want displayed in the puppet logs.

Default value: `true`

### <a name="yum--clean"></a>`yum::clean`

A $(yum clean all) Exec to be notified if desired.
Expand Down
3 changes: 2 additions & 1 deletion manifests/config.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
Variant[Boolean, Integer, Enum['absent'], String, Sensitive[String]] $ensure,
String $key = $title,
) {
include yum
include yum::settings
$_mainconf = $yum::settings::mainconf

Expand All @@ -34,7 +35,7 @@

$_show_diff = $ensure ? {
Sensitive => false,
default => true,
default => $yum::show_diff,
}

augeas { "${facts['package_provider']}.conf_${key}":
Expand Down
7 changes: 6 additions & 1 deletion manifests/init.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,10 @@
# @param groups
# A hash of yum::group instances to manage.
#
# @param show_diff
# Wether to display diff when a config is changed. It is useful when there is confidental
# information that you do not want displayed in the puppet logs.
#
# @example Enable management of the default repos for a supported OS:
# ---
# yum::manage_os_default_repos: true
Expand Down Expand Up @@ -116,7 +120,8 @@
Array[String] $repo_exclusions = [],
Hash[String, Hash[String, String]] $gpgkeys = {},
String $utils_package_name = 'yum-utils',
Stdlib::CreateResources $groups = {}
Stdlib::CreateResources $groups = {},
Boolean $show_diff = true,
) {
$module_metadata = load_module_metadata($module_name)
$supported_operatingsystems = $module_metadata['operatingsystem_support']
Expand Down
197 changes: 114 additions & 83 deletions spec/defines/config_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,98 +3,129 @@
require 'spec_helper'

describe 'yum::config' do
context 'with no parameters' do
let(:title) { 'assumeyes' }
on_supported_os.each do |os, os_facts|
context "on #{os}" do
let(:facts) { os_facts }

it { is_expected.to compile.and_raise_error(%r{expects a value for parameter 'ensure'}) }
end
context 'with no parameters' do
let(:title) { 'assumeyes' }

%w[dnf yum].each do |pkgmgr|
context "when package_provider fact is #{pkgmgr}" do
let(:facts) { { package_provider: pkgmgr } }
it { is_expected.to compile.and_raise_error(%r{expects a value for parameter 'ensure'}) }
end

context 'when ensure is a Boolean' do
let(:title) { 'assumeyes' }
let(:params) { { ensure: true } }

it { is_expected.to compile.with_all_deps }

it 'contains an Augeas resource with the correct changes' do
case pkgmgr
when 'yum'
is_expected.to contain_augeas("yum.conf_#{title}").with(
incl: '/etc/yum.conf',
context: '/files/etc/yum.conf/main/',
changes: "set assumeyes '1'"
)
else
is_expected.to contain_augeas("dnf.conf_#{title}").with(
incl: '/etc/dnf/dnf.conf',
context: '/files/etc/dnf/dnf.conf/main/',
changes: "set assumeyes '1'"
)
%w[dnf yum].each do |pkgmgr|
context "when package_provider fact is #{pkgmgr}" do
let(:facts) do
super().merge({ package_provider: pkgmgr })
end
end
end

context 'ensure is an Integer' do
let(:title) { 'assumeyes' }
let(:params) { { ensure: 0 } }

it { is_expected.to compile.with_all_deps }

it 'contains an Augeas resource with the correct changes' do
case pkgmgr
when 'yum'
is_expected.to contain_augeas("yum.conf_#{title}").with(
changes: "set assumeyes '0'"
)
else
is_expected.to contain_augeas("dnf.conf_#{title}").with(
changes: "set assumeyes '0'"
)
context 'when ensure is a Boolean' do
let(:title) { 'assumeyes' }
let(:params) { { ensure: true } }

it { is_expected.to compile.with_all_deps }

it 'contains an Augeas resource with the correct changes' do
case pkgmgr
when 'yum'
is_expected.to contain_augeas("yum.conf_#{title}").with(
incl: '/etc/yum.conf',
context: '/files/etc/yum.conf/main/',
changes: "set assumeyes '1'"
)
else
is_expected.to contain_augeas("dnf.conf_#{title}").with(
incl: '/etc/dnf/dnf.conf',
context: '/files/etc/dnf/dnf.conf/main/',
changes: "set assumeyes '1'"
)
end
end
end
end
end

context 'ensure is a comma separated String' do
let(:title) { 'assumeyes' }
let(:params) { { ensure: '1, 2' } }

it { is_expected.to compile.with_all_deps }

it 'contains an Augeas resource with the correct changes' do
case pkgmgr
when 'yum'
is_expected.to contain_augeas("yum.conf_#{title}").with(
changes: "set assumeyes '1, 2'"
)
else
is_expected.to contain_augeas("dnf.conf_#{title}").with(
changes: "set assumeyes '1, 2'"
)
context 'ensure is an Integer' do
let(:title) { 'assumeyes' }
let(:params) { { ensure: 0 } }

it { is_expected.to compile.with_all_deps }

it 'contains an Augeas resource with the correct changes' do
case pkgmgr
when 'yum'
is_expected.to contain_augeas("yum.conf_#{title}").with(
changes: "set assumeyes '0'"
)
else
is_expected.to contain_augeas("dnf.conf_#{title}").with(
changes: "set assumeyes '0'"
)
end
end
end
end
end

context 'when ensure is a Sensitive[String]' do
let(:title) { 'assumeyes' }
let(:params) { { ensure: sensitive('secret') } }

it { is_expected.to compile.with_all_deps }

it 'contains an Augeas resource with the correct changes' do
case pkgmgr
when 'yum'
is_expected.to contain_augeas("yum.conf_#{title}").with(
changes: "set assumeyes 'secret'",
show_diff: false
)
else
is_expected.to contain_augeas("dnf.conf_#{title}").with(
changes: "set assumeyes 'secret'",
show_diff: false
)
context 'ensure is a comma separated String' do
let(:title) { 'assumeyes' }
let(:params) { { ensure: '1, 2' } }

it { is_expected.to compile.with_all_deps }

it 'contains an Augeas resource with the correct changes' do
case pkgmgr
when 'yum'
is_expected.to contain_augeas("yum.conf_#{title}").with(
changes: "set assumeyes '1, 2'"
)
else
is_expected.to contain_augeas("dnf.conf_#{title}").with(
changes: "set assumeyes '1, 2'"
)
end
end
end

context 'when ensure is a Sensitive[String]' do
let(:title) { 'assumeyes' }
let(:params) { { ensure: sensitive('secret') } }

it { is_expected.to compile.with_all_deps }

it 'contains an Augeas resource with the correct changes' do
case pkgmgr
when 'yum'
is_expected.to contain_augeas("yum.conf_#{title}").with(
changes: "set assumeyes 'secret'",
show_diff: false
)
else
is_expected.to contain_augeas("dnf.conf_#{title}").with(
changes: "set assumeyes 'secret'",
show_diff: false
)
end
end
end

context 'when show_diff is disabled in yum::show_diff' do
let(:title) { 'assumeyes' }
let(:params) { { ensure: '1, 2' } }
let(:pre_condition) { 'class { yum : show_diff => false }' }

it { is_expected.to compile.with_all_deps }

it 'contains an Augeas resource with the correct changes' do
case pkgmgr
when 'yum'
is_expected.to contain_augeas("yum.conf_#{title}").with(
changes: "set assumeyes '1, 2'",
show_diff: false
)
else
is_expected.to contain_augeas("dnf.conf_#{title}").with(
changes: "set assumeyes '1, 2'",
show_diff: false
)
end
end
end
end
end
Expand Down
Loading
Loading