From 5f351b344d2ad9ee68edd5d7d0490a74738e583a Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Fri, 11 Feb 2022 14:13:16 +0100 Subject: [PATCH] Use EPP for plugin templates You can hand EPP a context and it can validate data types. This gives a higher certainty that a template is rendered correctly. It is also able to deal with Sensitive data types natively. --- manifests/module.pp | 6 ++- manifests/plugin/abrt.pp | 19 +++++++-- manifests/plugin/module.pp | 15 ++++--- manifests/settings_file.pp | 7 +--- templates/plugin/abrt.yml.epp | 40 +++++++++++++++++++ templates/plugin/abrt.yml.erb | 32 --------------- templates/plugin/{acd.yml.erb => acd.yml.epp} | 0 .../{ansible.cfg.erb => ansible.cfg.epp} | 0 .../{ansible.yml.erb => ansible.yml.epp} | 0 .../plugin/{chef.yml.erb => chef.yml.epp} | 0 ...eway.yml.erb => container_gateway.yml.epp} | 0 ...infoblox.yml.erb => dhcp_infoblox.yml.epp} | 0 ...te_isc.yml.erb => dhcp_remote_isc.yml.epp} | 0 ..._infoblox.yml.erb => dns_infoblox.yml.epp} | 0 ..._powerdns.yml.erb => dns_powerdns.yml.epp} | 0 ...ns_route53.yml.erb => dns_route53.yml.epp} | 0 .../{dynflow.yml.erb => dynflow.yml.epp} | 0 ...{monitoring.yml.erb => monitoring.yml.epp} | 0 ...ga2.yml.erb => monitoring_icinga2.yml.epp} | 0 ....erb => monitoring_icingadirector.yml.epp} | 0 .../plugin/{omaha.yml.erb => omaha.yml.epp} | 0 .../{openscap.yml.erb => openscap.yml.epp} | 0 .../{pulpcore.yml.erb => pulpcore.yml.epp} | 0 .../{realm_ad.yml.erb => realm_ad.yml.epp} | 0 ...h.yml.erb => remote_execution_ssh.yml.epp} | 0 .../{reports.yml.erb => reports.yml.epp} | 0 .../plugin/{salt.yml.erb => salt.yml.epp} | 0 ...t_master.conf.erb => salt_master.conf.epp} | 0 ...{shellhooks.yml.erb => shellhooks.yml.epp} | 0 .../plugin/{test.yml.erb => test.yml.epp} | 0 30 files changed, 73 insertions(+), 46 deletions(-) create mode 100644 templates/plugin/abrt.yml.epp delete mode 100644 templates/plugin/abrt.yml.erb rename templates/plugin/{acd.yml.erb => acd.yml.epp} (100%) rename templates/plugin/{ansible.cfg.erb => ansible.cfg.epp} (100%) rename templates/plugin/{ansible.yml.erb => ansible.yml.epp} (100%) rename templates/plugin/{chef.yml.erb => chef.yml.epp} (100%) rename templates/plugin/{container_gateway.yml.erb => container_gateway.yml.epp} (100%) rename templates/plugin/{dhcp_infoblox.yml.erb => dhcp_infoblox.yml.epp} (100%) rename templates/plugin/{dhcp_remote_isc.yml.erb => dhcp_remote_isc.yml.epp} (100%) rename templates/plugin/{dns_infoblox.yml.erb => dns_infoblox.yml.epp} (100%) rename templates/plugin/{dns_powerdns.yml.erb => dns_powerdns.yml.epp} (100%) rename templates/plugin/{dns_route53.yml.erb => dns_route53.yml.epp} (100%) rename templates/plugin/{dynflow.yml.erb => dynflow.yml.epp} (100%) rename templates/plugin/{monitoring.yml.erb => monitoring.yml.epp} (100%) rename templates/plugin/{monitoring_icinga2.yml.erb => monitoring_icinga2.yml.epp} (100%) rename templates/plugin/{monitoring_icingadirector.yml.erb => monitoring_icingadirector.yml.epp} (100%) rename templates/plugin/{omaha.yml.erb => omaha.yml.epp} (100%) rename templates/plugin/{openscap.yml.erb => openscap.yml.epp} (100%) rename templates/plugin/{pulpcore.yml.erb => pulpcore.yml.epp} (100%) rename templates/plugin/{realm_ad.yml.erb => realm_ad.yml.epp} (100%) rename templates/plugin/{remote_execution_ssh.yml.erb => remote_execution_ssh.yml.epp} (100%) rename templates/plugin/{reports.yml.erb => reports.yml.epp} (100%) rename templates/plugin/{salt.yml.erb => salt.yml.epp} (100%) rename templates/plugin/{salt_master.conf.erb => salt_master.conf.epp} (100%) rename templates/plugin/{shellhooks.yml.erb => shellhooks.yml.epp} (100%) rename templates/plugin/{test.yml.erb => test.yml.epp} (100%) diff --git a/manifests/module.pp b/manifests/module.pp index ae0de1e40..047191d5d 100644 --- a/manifests/module.pp +++ b/manifests/module.pp @@ -19,10 +19,14 @@ # @param template_path # An optional template path # +# @param config_context +# Context to pass to the template +# define foreman_proxy::module ( Boolean $enabled = false, Foreman_proxy::ListenOn $listen_on = 'https', Optional[String] $template_path = undef, + Hash[String, Any] $config_context = {}, String $feature = upcase($title), ) { if $enabled { @@ -39,7 +43,7 @@ } foreman_proxy::settings_file { $name: - module_enabled => $module_enabled, template_path => $template_path, + config_context => $config_context + {'module_enabled' => $module_enabled}, } } diff --git a/manifests/plugin/abrt.pp b/manifests/plugin/abrt.pp index 1cb72bffb..5c26afc75 100644 --- a/manifests/plugin/abrt.pp +++ b/manifests/plugin/abrt.pp @@ -43,9 +43,22 @@ Optional[Stdlib::Absolutepath] $faf_server_ssl_cert = undef, Optional[Stdlib::Absolutepath] $faf_server_ssl_key = undef, ) { + $context = { + abrt_send_log_file => $abrt_send_log_file, + abrt_send_log_file => $abrt_send_log_file, + spooldir => $spooldir, + aggregate_reports => $aggregate_reports, + send_period => $send_period, + faf_server_url => $faf_server_url, + faf_server_ssl_noverify => $faf_server_ssl_noverify, + faf_server_ssl_cert => $faf_server_ssl_cert, + faf_server_ssl_key => $faf_server_ssl_key, + } + foreman_proxy::plugin::module { 'abrt': - version => $version, - listen_on => $listen_on, - enabled => $enabled, + version => $version, + listen_on => $listen_on, + enabled => $enabled, + config_context => $context, } } diff --git a/manifests/plugin/module.pp b/manifests/plugin/module.pp index 79209c99f..436e3d7be 100644 --- a/manifests/plugin/module.pp +++ b/manifests/plugin/module.pp @@ -22,22 +22,27 @@ # @param template_path # An optional template path # +# @param config_context +# Context to pass to the template +# define foreman_proxy::plugin::module ( Optional[String] $version = undef, Optional[String] $package = undef, Boolean $enabled = false, Optional[Foreman_proxy::ListenOn] $listen_on = undef, - String $template_path = "foreman_proxy/plugin/${title}.yml.erb", + String $template_path = "foreman_proxy/plugin/${title}.yml.epp", String $feature = $title.capitalize(), + Hash[String, Any] $config_context = {}, ) { foreman_proxy::plugin { $title: version => $version, package => $package, } -> foreman_proxy::module { $name: - enabled => $enabled, - feature => $feature, - listen_on => $listen_on, - template_path => $template_path, + enabled => $enabled, + feature => $feature, + listen_on => $listen_on, + template_path => $template_path, + config_context => $config_context, } } diff --git a/manifests/settings_file.pp b/manifests/settings_file.pp index 4b16044dc..b7079f00c 100644 --- a/manifests/settings_file.pp +++ b/manifests/settings_file.pp @@ -3,9 +3,6 @@ # @param ensure # Whether the config file should be a file or absent # -# @param module_enabled -# If module is enabled or not. Only relevant when it's a module. -# # @param path # Path to module's settings file # @@ -23,18 +20,18 @@ # define foreman_proxy::settings_file ( Enum['file', 'absent'] $ensure = 'file', - String $module_enabled = 'false', Stdlib::Absolutepath $path = "${foreman_proxy::params::config_dir}/settings.d/${title}.yml", String $owner = 'root', String $group = $foreman_proxy::params::user, Stdlib::Filemode $mode = '0640', String $template_path = "foreman_proxy/${title}.yml.erb", + Hash[String, Any] $config_context = {}, ) { if $ensure == 'absent' { $content = undef } else { $content = if $template_path.match(/\.epp$/) { - epp($template_path) + epp($template_path, $config_context) } elsif $template_path.match(/\.erb$/) { template($template_path) } else { diff --git a/templates/plugin/abrt.yml.epp b/templates/plugin/abrt.yml.epp new file mode 100644 index 000000000..9a8c03f5c --- /dev/null +++ b/templates/plugin/abrt.yml.epp @@ -0,0 +1,40 @@ +<%- | + String $module_enabled, + Stdlib::Absolutepath $abrt_send_log_file, + Stdlib::Absolutepath $spooldir, + Boolean $aggregate_reports, + Integer[0] $send_period = 600, + Optional[String] $faf_server_url = undef, + Boolean $faf_server_ssl_noverify = true, + Optional[Stdlib::Absolutepath] $faf_server_ssl_cert = undef, + Optional[Stdlib::Absolutepath] $faf_server_ssl_key = undef, +| -%> +--- +:enabled: <%= $module_enabled %> +# Log file for the forwarding script. +:abrt_send_log_file: <%= $abrt_send_log_file %> +# Directory where uReports are stored before they are sent +:spooldir: <%= $spooldir %> +# Merge duplicate reports before sending (requires the satyr gem) +:aggregate_reports: <%= $aggregate_reports %> +# Period (in seconds) after which collected reports are forwarded. Meaningful +# only if smart-proxy-abrt-send is run as a daemon (not from cron). +:send_period: <%= $send_period %> +# FAF server instance the reports will be forwarded to (optional) +<% if $faf_server_url { -%> +:server_url: <%= $faf_server_url %> +# Set to true if FAF server uses self-signed certificate +:server_ssl_noverify: <%= $faf_server_ssl_noverify %> +<% } else { %> +#:server_url: +# Set to true if FAF server uses self-signed certificate +#:server_ssl_noverify: +<% } %> +# Following two options enable client authentication to FAF server +<% if $faf_server_ssl_cert and $faf_server_ssl_key { -%> +:server_ssl_cert: <%= $faf_server_ssl_cert %> +:server_ssl_key: <%= $faf_server_ssl_key %> +<% } else { %> +#:server_ssl_cert: +#:server_ssl_key: +<% } %> diff --git a/templates/plugin/abrt.yml.erb b/templates/plugin/abrt.yml.erb deleted file mode 100644 index 5471a19e4..000000000 --- a/templates/plugin/abrt.yml.erb +++ /dev/null @@ -1,32 +0,0 @@ ---- -:enabled: <%= @module_enabled %> -# Log file for the forwarding script. -:abrt_send_log_file: <%= scope.lookupvar('::foreman_proxy::plugin::abrt::abrt_send_log_file') %> -# Directory where uReports are stored before they are sent -:spooldir: <%= scope.lookupvar('::foreman_proxy::plugin::abrt::spooldir') %> -# Merge duplicate reports before sending (requires the satyr gem) -:aggregate_reports: <%= scope.lookupvar('::foreman_proxy::plugin::abrt::aggregate_reports') %> -# Period (in seconds) after which collected reports are forwarded. Meaningful -# only if smart-proxy-abrt-send is run as a daemon (not from cron). -:send_period: <%= scope.lookupvar('::foreman_proxy::plugin::abrt::send_period') %> -# FAF server instance the reports will be forwarded to (optional) -<% if [nil, :undefined, :undef].include?(scope.lookupvar('::foreman_proxy::plugin::abrt::faf_server_url')) -%> -#:server_url: -# Set to true if FAF server uses self-signed certificate -#:server_ssl_noverify: -<% else %> -:server_url: <%= scope.lookupvar('::foreman_proxy::plugin::abrt::faf_server_url') %> -# Set to true if FAF server uses self-signed certificate -:server_ssl_noverify: <%= scope.lookupvar('::foreman_proxy::plugin::abrt::faf_server_ssl_noverify') %> -<% end %> -# Following two options enable client authentication to FAF server -<% if [nil, :undefined, :undef].include?(scope.lookupvar('::foreman_proxy::plugin::abrt::faf_server_ssl_cert')) \ - || scope.lookupvar('::foreman_proxy::plugin::abrt::faf_server_ssl_cert').empty? \ - || [nil, :undefined, :undef].include?(scope.lookupvar('::foreman_proxy::plugin::abrt::faf_server_ssl_key')) \ - || scope.lookupvar('::foreman_proxy::plugin::abrt::faf_server_ssl_key').empty? -%> -#:server_ssl_cert: -#:server_ssl_key: -<% else %> -:server_ssl_cert: <%= scope.lookupvar('::foreman_proxy::plugin::abrt::faf_server_ssl_cert') %> -:server_ssl_key: <%= scope.lookupvar('::foreman_proxy::plugin::abrt::faf_server_ssl_key') %> -<% end %> diff --git a/templates/plugin/acd.yml.erb b/templates/plugin/acd.yml.epp similarity index 100% rename from templates/plugin/acd.yml.erb rename to templates/plugin/acd.yml.epp diff --git a/templates/plugin/ansible.cfg.erb b/templates/plugin/ansible.cfg.epp similarity index 100% rename from templates/plugin/ansible.cfg.erb rename to templates/plugin/ansible.cfg.epp diff --git a/templates/plugin/ansible.yml.erb b/templates/plugin/ansible.yml.epp similarity index 100% rename from templates/plugin/ansible.yml.erb rename to templates/plugin/ansible.yml.epp diff --git a/templates/plugin/chef.yml.erb b/templates/plugin/chef.yml.epp similarity index 100% rename from templates/plugin/chef.yml.erb rename to templates/plugin/chef.yml.epp diff --git a/templates/plugin/container_gateway.yml.erb b/templates/plugin/container_gateway.yml.epp similarity index 100% rename from templates/plugin/container_gateway.yml.erb rename to templates/plugin/container_gateway.yml.epp diff --git a/templates/plugin/dhcp_infoblox.yml.erb b/templates/plugin/dhcp_infoblox.yml.epp similarity index 100% rename from templates/plugin/dhcp_infoblox.yml.erb rename to templates/plugin/dhcp_infoblox.yml.epp diff --git a/templates/plugin/dhcp_remote_isc.yml.erb b/templates/plugin/dhcp_remote_isc.yml.epp similarity index 100% rename from templates/plugin/dhcp_remote_isc.yml.erb rename to templates/plugin/dhcp_remote_isc.yml.epp diff --git a/templates/plugin/dns_infoblox.yml.erb b/templates/plugin/dns_infoblox.yml.epp similarity index 100% rename from templates/plugin/dns_infoblox.yml.erb rename to templates/plugin/dns_infoblox.yml.epp diff --git a/templates/plugin/dns_powerdns.yml.erb b/templates/plugin/dns_powerdns.yml.epp similarity index 100% rename from templates/plugin/dns_powerdns.yml.erb rename to templates/plugin/dns_powerdns.yml.epp diff --git a/templates/plugin/dns_route53.yml.erb b/templates/plugin/dns_route53.yml.epp similarity index 100% rename from templates/plugin/dns_route53.yml.erb rename to templates/plugin/dns_route53.yml.epp diff --git a/templates/plugin/dynflow.yml.erb b/templates/plugin/dynflow.yml.epp similarity index 100% rename from templates/plugin/dynflow.yml.erb rename to templates/plugin/dynflow.yml.epp diff --git a/templates/plugin/monitoring.yml.erb b/templates/plugin/monitoring.yml.epp similarity index 100% rename from templates/plugin/monitoring.yml.erb rename to templates/plugin/monitoring.yml.epp diff --git a/templates/plugin/monitoring_icinga2.yml.erb b/templates/plugin/monitoring_icinga2.yml.epp similarity index 100% rename from templates/plugin/monitoring_icinga2.yml.erb rename to templates/plugin/monitoring_icinga2.yml.epp diff --git a/templates/plugin/monitoring_icingadirector.yml.erb b/templates/plugin/monitoring_icingadirector.yml.epp similarity index 100% rename from templates/plugin/monitoring_icingadirector.yml.erb rename to templates/plugin/monitoring_icingadirector.yml.epp diff --git a/templates/plugin/omaha.yml.erb b/templates/plugin/omaha.yml.epp similarity index 100% rename from templates/plugin/omaha.yml.erb rename to templates/plugin/omaha.yml.epp diff --git a/templates/plugin/openscap.yml.erb b/templates/plugin/openscap.yml.epp similarity index 100% rename from templates/plugin/openscap.yml.erb rename to templates/plugin/openscap.yml.epp diff --git a/templates/plugin/pulpcore.yml.erb b/templates/plugin/pulpcore.yml.epp similarity index 100% rename from templates/plugin/pulpcore.yml.erb rename to templates/plugin/pulpcore.yml.epp diff --git a/templates/plugin/realm_ad.yml.erb b/templates/plugin/realm_ad.yml.epp similarity index 100% rename from templates/plugin/realm_ad.yml.erb rename to templates/plugin/realm_ad.yml.epp diff --git a/templates/plugin/remote_execution_ssh.yml.erb b/templates/plugin/remote_execution_ssh.yml.epp similarity index 100% rename from templates/plugin/remote_execution_ssh.yml.erb rename to templates/plugin/remote_execution_ssh.yml.epp diff --git a/templates/plugin/reports.yml.erb b/templates/plugin/reports.yml.epp similarity index 100% rename from templates/plugin/reports.yml.erb rename to templates/plugin/reports.yml.epp diff --git a/templates/plugin/salt.yml.erb b/templates/plugin/salt.yml.epp similarity index 100% rename from templates/plugin/salt.yml.erb rename to templates/plugin/salt.yml.epp diff --git a/templates/plugin/salt_master.conf.erb b/templates/plugin/salt_master.conf.epp similarity index 100% rename from templates/plugin/salt_master.conf.erb rename to templates/plugin/salt_master.conf.epp diff --git a/templates/plugin/shellhooks.yml.erb b/templates/plugin/shellhooks.yml.epp similarity index 100% rename from templates/plugin/shellhooks.yml.erb rename to templates/plugin/shellhooks.yml.epp diff --git a/templates/plugin/test.yml.erb b/templates/plugin/test.yml.epp similarity index 100% rename from templates/plugin/test.yml.erb rename to templates/plugin/test.yml.epp