diff --git a/manifests/fragment.pp b/manifests/fragment.pp index 7084d9e..ca48331 100644 --- a/manifests/fragment.pp +++ b/manifests/fragment.pp @@ -1,56 +1,56 @@ # == Define: concat::fragment # # Creates a concat_fragment in the catalogue # # === Options: # # [*target*] # The file that these fragments belong to # [*content*] # If present puts the content into the file # [*source*] # If content was not specified, use the source # [*order*] # By default all files gets a 10_ prefix in the directory you can set it to # anything else using this to influence the order of the content in the file # define concat::fragment( $target, $ensure = undef, $content = undef, $source = undef, $order = '10', ) { validate_string($target) if $ensure != undef { warning('The $ensure parameter to concat::fragment is deprecated and has no effect.') } validate_string($content) if !(is_string($source) or is_array($source)) { fail('$source is not a string or an Array.') } if !(is_string($order) or is_integer($order)) { fail('$order is not a string or integer.') } elsif (is_string($order) and $order =~ /[:\n\/]/) { fail("Order cannot contain '/', ':', or '\n'.") } if ! ($content or $source) { crit('No content, source or symlink specified') } elsif ($content and $source) { fail("Can't use 'source' and 'content' at the same time") } - $safe_target_name = regsubst($target, '[/:\n\s\(\)]', '_', 'GM') + $safe_target_name = regsubst($target, '[/:\n\s\*\(\)]', '_', 'GM') concat_fragment { $name: target => $target, tag => $safe_target_name, order => $order, content => $content, source => $source, } } diff --git a/manifests/init.pp b/manifests/init.pp index 8d7d95a..0ed1315 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,159 +1,159 @@ # == Define: concat # # Sets up so that you can use fragments to build a final config file, # # === Options: # # [*ensure*] # Present/Absent # [*path*] # The path to the final file. Use this in case you want to differentiate # between the name of a resource and the file path. Note: Use the name you # provided in the target of your fragments. # [*owner*] # Who will own the file # [*group*] # Who will own the file # [*mode*] # The mode of the final file # [*show_diff*] # Use metaparam for files to show/hide diffs for reporting when using eyaml # secrets. Defaults to true # [*warn*] # Adds a normal shell style comment top of the file indicating that it is # built by puppet. # Before 2.0.0, this parameter would add a newline at the end of the warn # message. To improve flexibilty, this was removed. Please add it explicitely # if you need it. # [*backup*] # Controls the filebucketing behavior of the final file and see File type # reference for its use. Defaults to 'puppet' # [*replace*] # Whether to replace a file that already exists on the local system # [*order*] # Select whether to order associated fragments by 'alpha' or 'numeric'. # Defaults to 'alpha'. # [*ensure_newline*] # Specifies whether to ensure there's a new line at the end of each fragment. # Valid options: 'true' and 'false'. Default value: 'false'. # [*selinux_ignore_defaults*] # [*selrange*] # [*selrole*] # [*seltype*] # [*validate_cmd*] # Specifies a validation command to apply to the destination file. # Requires Puppet version 3.5 or newer. Valid options: a string to be passed # to a file resource. Default value: undefined. # define concat( $ensure = 'present', $path = $name, $owner = undef, $group = undef, $mode = '0644', $warn = false, $force = undef, $show_diff = true, $backup = 'puppet', $replace = true, $order = 'alpha', $ensure_newline = false, $validate_cmd = undef, $selinux_ignore_defaults = undef, $selrange = undef, $selrole = undef, $seltype = undef, $seluser = undef ) { validate_re($ensure, '^present$|^absent$') validate_absolute_path($path) validate_string($mode) if ! (is_string($owner) or is_integer($owner)) { fail("\$owner must be a string or integer, got ${owner}") } if ! (is_string($group) or is_integer($group)) { fail("\$group must be a string or integer, got ${group}") } if ! (is_string($warn) or $warn == true or $warn == false) { fail('$warn is not a string or boolean') } validate_bool($show_diff) if ! is_bool($backup) and ! is_string($backup) { fail('$backup must be string or bool!') } validate_bool($replace) validate_re($order, '^alpha$|^numeric$') validate_bool($ensure_newline) if $validate_cmd and ! is_string($validate_cmd) { fail('$validate_cmd must be a string') } if $force != undef { warning('The $force parameter to concat is deprecated and has no effect.') } if $selinux_ignore_defaults { validate_bool($selinux_ignore_defaults) } validate_string($selrange) validate_string($selrole) validate_string($seltype) validate_string($seluser) - $safe_name = regsubst($name, '[/:\n\s\(\)]', '_', 'G') + $safe_name = regsubst($name, '[/:\n\s\*\(\)]', '_', 'G') $default_warn_message = "# This file is managed by Puppet. DO NOT EDIT.\n" case $warn { true: { $warn_message = $default_warn_message $_append_header = true } false: { $warn_message = '' $_append_header = false } default: { $warn_message = $warn $_append_header = true } } if $ensure == 'present' { concat_file { $name: tag => $safe_name, path => $path, owner => $owner, group => $group, mode => $mode, selinux_ignore_defaults => $selinux_ignore_defaults, selrange => $selrange, selrole => $selrole, seltype => $seltype, seluser => $seluser, replace => $replace, backup => $backup, show_diff => $show_diff, order => $order, ensure_newline => $ensure_newline, validate_cmd => $validate_cmd, } if $_append_header { concat_fragment { "${name}_header": target => $name, tag => $safe_name, content => $warn_message, order => '0', } } } else { concat_file { $name: ensure => $ensure, tag => $safe_name, path => $path, backup => $backup, } } } diff --git a/spec/unit/defines/concat_spec.rb b/spec/unit/defines/concat_spec.rb index 2870980..b0840d0 100644 --- a/spec/unit/defines/concat_spec.rb +++ b/spec/unit/defines/concat_spec.rb @@ -1,355 +1,362 @@ require 'spec_helper' describe 'concat', :type => :define do shared_examples 'concat' do |title, params, id| params = {} if params.nil? id = 'root' if id.nil? # default param values p = { :ensure => 'present', :path => title, :owner => nil, :group => nil, :mode => '0644', :warn => false, :backup => 'puppet', :replace => true, }.merge(params) - safe_name = title.gsub('/', '_') concat_name = 'fragments.concat.out' default_warn_message = "# This file is managed by Puppet. DO NOT EDIT.\n" file_defaults = { :backup => p[:backup], } let(:title) { title } let(:params) { params } let(:facts) do { :id => id, :osfamily => 'Debian', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :kernel => 'Linux', :is_pe => false, } end if p[:ensure] == 'present' it do should contain_concat(title).with(file_defaults.merge({ :ensure => 'present', :owner => p[:owner], :group => p[:group], :mode => p[:mode], :path => p[:path], :backup => p[:backup], :replace => p[:replace], :selinux_ignore_defaults => p[:selinux_ignore_defaults], :selrange => p[:selrange], :selrole => p[:selrole], :seltype => p[:seltype], :seluser => p[:seluser], })) end else it do should contain_concat(title).with(file_defaults.merge({ :ensure => 'absent', :backup => p[:backup], })) end end end context 'title' do context 'without path param' do # title/name is the default value for the path param. therefore, the # title must be an absolute path unless path is specified ['/foo', '/foo/bar', '/foo/bar/baz'].each do |title| context title do it_behaves_like 'concat', '/etc/foo.bar' end end ['./foo', 'foo', 'foo/bar'].each do |title| context title do let(:title) { title } it 'should fail' do expect { catalogue }.to raise_error(Puppet::Error, /is not an absolute path/) end end end end context 'with path param' do ['/foo', 'foo', 'foo/bar'].each do |title| context title do it_behaves_like 'concat', title, { :path => '/etc/foo.bar' } end end end + + context 'with special characters in title' do + ['foo:bar', 'foo*bar', 'foo(bar)'].each do |title| + context title do + it_behaves_like 'concat', title, { :path => '/etc/foo.bar' } + end + end + end end # title => context 'as non-root user' do it_behaves_like 'concat', '/etc/foo.bar', {}, 'bob' end context 'ensure =>' do ['present', 'absent'].each do |ens| context ens do it_behaves_like 'concat', '/etc/foo.bar', { :ensure => ens } end end context 'invalid' do let(:title) { '/etc/foo.bar' } let(:params) {{ :ensure => 'invalid' }} it 'should fail' do expect { catalogue }.to raise_error(Puppet::Error, /#{Regexp.escape('does not match "^present$|^absent$"')}/) end end end # ensure => context 'path =>' do context '/foo' do it_behaves_like 'concat', '/etc/foo.bar', { :path => '/foo' } end ['./foo', 'foo', 'foo/bar', false].each do |path| context path do let(:title) { '/etc/foo.bar' } let(:params) {{ :path => path }} it 'should fail' do expect { catalogue }.to raise_error(Puppet::Error, /is not an absolute path/) end end end end # path => context 'owner =>' do context 'apenney' do it_behaves_like 'concat', '/etc/foo.bar', { :owner => 'apenny' } end context '1000' do it_behaves_like 'concat', '/etc/foo.bar', { :owner => 1000 } end context 'false' do let(:title) { '/etc/foo.bar' } let(:params) {{ :owner => false }} it 'should fail' do expect { catalogue }.to raise_error(Puppet::Error, /\$owner must be a string or integer/) end end end # owner => context 'group =>' do context 'apenney' do it_behaves_like 'concat', '/etc/foo.bar', { :group => 'apenny' } end context '1000' do it_behaves_like 'concat', '/etc/foo.bar', { :group => 1000 } end context 'false' do let(:title) { '/etc/foo.bar' } let(:params) {{ :group => false }} it 'should fail' do expect { catalogue }.to raise_error(Puppet::Error, /\$group must be a string or integer/) end end end # group => context 'mode =>' do context '1755' do it_behaves_like 'concat', '/etc/foo.bar', { :mode => '1755' } end context 'false' do let(:title) { '/etc/foo.bar' } let(:params) {{ :mode => false }} it 'should fail' do expect { catalogue }.to raise_error(Puppet::Error, /is not a string/) end end end # mode => context 'warn =>' do [true, false, '# foo'].each do |warn| context warn do it_behaves_like 'concat', '/etc/foo.bar', { :warn => warn } end end context '(stringified boolean)' do ['true', 'yes', 'on', 'false', 'no', 'off'].each do |warn| context warn do it_behaves_like 'concat', '/etc/foo.bar', { :warn => warn } it 'should create a warning' do skip('rspec-puppet support for testing warning()') end end end end context '123' do let(:title) { '/etc/foo.bar' } let(:params) {{ :warn => 123 }} it 'should fail' do expect { catalogue }.to raise_error(Puppet::Error, /is not a string or boolean/) end end end # warn => context 'show_diff =>' do [true, false].each do |show_diff| context show_diff do it_behaves_like 'concat', '/etc/foo.bar', { :show_diff => show_diff } end end context '123' do let(:title) { '/etc/foo.bar' } let(:params) {{ :show_diff => 123 }} it 'should fail' do expect { catalogue }.to raise_error(Puppet::Error, /is not a boolean/) end end end # show_diff => context 'backup =>' do context 'reverse' do it_behaves_like 'concat', '/etc/foo.bar', { :backup => 'reverse' } end context 'false' do it_behaves_like 'concat', '/etc/foo.bar', { :backup => false } end context 'true' do it_behaves_like 'concat', '/etc/foo.bar', { :backup => true } end context 'true' do let(:title) { '/etc/foo.bar' } let(:params) {{ :backup => [] }} it 'should fail' do expect { catalogue }.to raise_error(Puppet::Error, /backup must be string or bool/) end end end # backup => context 'replace =>' do [true, false].each do |replace| context replace do it_behaves_like 'concat', '/etc/foo.bar', { :replace => replace } end end context '123' do let(:title) { '/etc/foo.bar' } let(:params) {{ :replace => 123 }} it 'should fail' do expect { catalogue }.to raise_error(Puppet::Error, /is not a boolean/) end end end # replace => context 'order =>' do ['alpha', 'numeric'].each do |order| context order do it_behaves_like 'concat', '/etc/foo.bar', { :order => order } end end context 'invalid' do let(:title) { '/etc/foo.bar' } let(:params) {{ :order => 'invalid' }} it 'should fail' do expect { catalogue }.to raise_error(Puppet::Error, /#{Regexp.escape('does not match "^alpha$|^numeric$"')}/) end end end # order => context 'ensure_newline =>' do [true, false].each do |ensure_newline| context 'true' do it_behaves_like 'concat', '/etc/foo.bar', { :ensure_newline => ensure_newline} end end context '123' do let(:title) { '/etc/foo.bar' } let(:params) {{ :ensure_newline => 123 }} it 'should fail' do expect { catalogue }.to raise_error(Puppet::Error, /is not a boolean/) end end end # ensure_newline => context 'validate_cmd =>' do if Puppet::Util::Package::versioncmp(Puppet::version, '3.5.0') > 0 context '/usr/bin/test -e %' do it_behaves_like 'concat', '/etc/foo.bar', { :validate_cmd => '/usr/bin/test -e %' } end [ 1234, true ].each do |cmd| context cmd do let(:title) { '/etc/foo.bar' } let(:params) {{ :validate_cmd => cmd }} it 'should fail' do expect { catalogue }.to raise_error(Puppet::Error, /\$validate_cmd must be a string/) end end end end end # validate_cmd => context 'selinux_ignore_defaults =>' do let(:title) { '/etc/foo.bar' } [true, false].each do |v| context v do it_behaves_like 'concat', '/etc/foo.bar', { :selinux_ignore_defaults => v } end end context '123' do let(:title) { '/etc/foo.bar' } let(:params) {{ :selinux_ignore_defaults => 123 }} it 'should fail' do expect { catalogue }.to raise_error(Puppet::Error, /is not a boolean/) end end end # selinux_ignore_defaults => [ :selrange, :selrole, :seltype, :seluser, ].each do |p| context " #{p} =>" do let(:title) { '/etc/foo.bar' } context 'foo' do it_behaves_like 'concat', '/etc/foo.bar', { p => 'foo' } end context 'false' do let(:title) { '/etc/foo.bar' } let(:params) {{ p => false }} it 'should fail' do expect { catalogue }.to raise_error(Puppet::Error, /is not a string/) end end end # #{p} => end end