diff --git a/manifests/init.pp b/manifests/init.pp index 29930b1..b729e99 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,280 +1,284 @@ # == Define: concat # # Sets up so that you can use fragments to build a final config file, # # === Options: # # [*ensure*] # Present/Absent # [*path*] # The path to the final file. Use this in case you want to differentiate # between the name of a resource and the file path. Note: Use the name you # provided in the target of your fragments. # [*owner*] # Who will own the file # [*group*] # Who will own the file # [*mode*] # The mode of the final file # [*force*] # Enables creating empty files if no fragments are present # [*warn*] # Adds a normal shell style comment top of the file indicating that it is # built by puppet # [*force*] # [*backup*] # Controls the filebucketing behavior of the final file and see File type # reference for its use. Defaults to 'puppet' # [*backup_fragments*] # Enables backup of fragments using the backup setting of the target # concat file. Defaults to 'false' # [*replace*] # Whether to replace a file that already exists on the local system # [*order*] # [*ensure_newline*] # [*gnu*] # Deprecated # # === Actions: # * Creates fragment directories if it didn't exist already # * Executes the concatfragments.rb script to build the final file, this # script will create directory/fragments.concat. Execution happens only # when: # * The directory changes # * fragments.concat != final destination, this means rebuilds will happen # whenever someone changes or deletes the final file. Checking is done # using /usr/bin/cmp. # * The Exec gets notified by something else - like the concat::fragment # define # * Copies the file over to the final destination using a file resource # # === Aliases: # # * The exec can notified using Exec["concat_/path/to/file"] or # Exec["concat_/path/to/directory"] # * The final file can be referenced as File["/path/to/file"] or # File["concat_/path/to/file"] # define concat( $ensure = 'present', $path = $name, $owner = undef, $group = undef, $mode = '0644', $warn = false, $force = false, $backup = 'puppet', $backup_fragments = false, $replace = true, $order = 'alpha', $ensure_newline = false, $validate_cmd = undef, $gnu = undef ) { validate_re($ensure, '^present$|^absent$') validate_absolute_path($path) - validate_string($owner) - validate_string($group) validate_string($mode) + if ! (is_string($owner) or is_integer($owner)) { + fail("\$owner must be a string or integer, got ${owner}") + } + if ! (is_string($group) or is_integer($group)) { + fail("\$group must be a string or integer, got ${group}") + } if ! (is_string($warn) or $warn == true or $warn == false) { fail('$warn is not a string or boolean') } validate_bool($force) if ! concat_is_bool($backup) and ! is_string($backup) { fail('$backup must be string or bool!') } validate_bool($backup_fragments) validate_bool($replace) validate_re($order, '^alpha$|^numeric$') validate_bool($ensure_newline) if $validate_cmd and ! is_string($validate_cmd) { fail('$validate_cmd must be a string') } if $gnu { warning('The $gnu parameter to concat is deprecated and has no effect') } include concat::setup $safe_name = regsubst($name, '[/:]', '_', 'G') $concatdir = $concat::setup::concatdir $fragdir = "${concatdir}/${safe_name}" $concat_name = 'fragments.concat.out' $script_command = $concat::setup::script_command $default_warn_message = '# This file is managed by Puppet. DO NOT EDIT.' $bool_warn_message = 'Using stringified boolean values (\'true\', \'yes\', \'on\', \'false\', \'no\', \'off\') to represent boolean true/false as the $warn parameter to concat is deprecated and will be treated as the warning message in a future release' # lint:ignore:quoted_booleans case $warn { true: { $warn_message = $default_warn_message } # lint:ignore:quoted_booleans 'true', 'yes', 'on': { # lint:endignore warning($bool_warn_message) $warn_message = $default_warn_message } false: { $warn_message = '' } # lint:ignore:quoted_booleans 'false', 'no', 'off': { # lint:endignore warning($bool_warn_message) $warn_message = '' } default: { $warn_message = $warn } } # lint:endignore $warnmsg_escaped = regsubst($warn_message, '\'', '\'\\\'\'', 'G') $warnflag = $warnmsg_escaped ? { '' => '', default => "-w '${warnmsg_escaped}'" } $forceflag = $force ? { true => '-f', false => '', } $orderflag = $order ? { 'numeric' => '-n', 'alpha' => '', } $newlineflag = $ensure_newline ? { true => '-l', false => '', } if $ensure == 'present' { file { $fragdir: ensure => directory, mode => '0750', backup => false, } file { "${fragdir}/fragments": ensure => directory, mode => '0750', force => true, ignore => ['.svn', '.git', '.gitignore'], notify => Exec["concat_${name}"], backup => false, purge => true, recurse => true, } file { "${fragdir}/fragments.concat": ensure => present, mode => '0640', backup => false, } file { "${fragdir}/${concat_name}": ensure => present, mode => '0640', backup => false, } file { $name: ensure => present, owner => $owner, group => $group, mode => $mode, replace => $replace, path => $path, alias => "concat_${name}", source => "${fragdir}/${concat_name}", backup => $backup, } # Only newer versions of puppet 3.x support the validate_cmd parameter if $validate_cmd { File[$name] { validate_cmd => $validate_cmd, } } # remove extra whitespace from string interpolation to make testing easier $command = strip(regsubst("${script_command} -o \"${fragdir}/${concat_name}\" -d \"${fragdir}\" ${warnflag} ${forceflag} ${orderflag} ${newlineflag}", '\s+', ' ', 'G')) # make sure ruby is in the path for PE if defined('$is_pe') and str2bool("${::is_pe}") { # lint:ignore:only_variable_string if $::kernel == 'windows' { $command_path = "${::env_windows_installdir}/bin:${::path}" } else { $command_path = "/opt/puppetlabs/puppet/bin:/opt/puppet/bin:${::path}" } } elsif $::kernel == 'windows' { $command_path = $::path } else { $command_path = "/opt/puppetlabs/puppet/bin:${::path}" } # if puppet is running as root, this exec should also run as root to allow # the concatfragments.rb script to potentially be installed in path that # may not be accessible by a target non-root owner. exec { "concat_${name}": alias => "concat_${fragdir}", command => $command, notify => File[$name], subscribe => File[$fragdir], unless => "${command} -t", path => $command_path, user => undef, group => undef, require => [ File[$fragdir], File["${fragdir}/fragments"], File["${fragdir}/fragments.concat"], ], } } else { file { [ $fragdir, "${fragdir}/fragments", "${fragdir}/fragments.concat", "${fragdir}/${concat_name}" ]: ensure => absent, force => true, backup => false, } file { $path: ensure => absent, backup => $backup, } # lint:ignore:quoted_booleans $absent_exec_command = $::kernel ? { 'windows' => 'cmd.exe /c exit 0', # lint:ignore:quoted_booleans default => 'true', # lint:endignore } # lint:endignore $absent_exec_path = $::kernel ? { 'windows' => $::path, default => '/bin:/usr/bin', } # Need to have an unless here for idempotency. exec { "concat_${name}": alias => "concat_${fragdir}", command => $absent_exec_command, unless => $absent_exec_command, path => $absent_exec_path, user => undef, group => undef, } } } # vim:sw=2:ts=2:expandtab:textwidth=79 diff --git a/spec/unit/defines/concat_spec.rb b/spec/unit/defines/concat_spec.rb index fc110d9..896415a 100644 --- a/spec/unit/defines/concat_spec.rb +++ b/spec/unit/defines/concat_spec.rb @@ -1,432 +1,440 @@ require 'spec_helper' describe 'concat', :type => :define do shared_examples 'concat' do |title, params, id| params = {} if params.nil? id = 'root' if id.nil? # default param values p = { :ensure => 'present', :path => title, :owner => nil, :group => nil, :mode => '0644', :warn => false, :force => false, :backup => 'puppet', :backup_fragments => false, :replace => true, :order => 'alpha', :ensure_newline => false, :validate_cmd => nil, }.merge(params) safe_name = title.gsub('/', '_') concatdir = '/var/lib/puppet/concat' fragdir = "#{concatdir}/#{safe_name}" concat_name = 'fragments.concat.out' default_warn_message = '# This file is managed by Puppet. DO NOT EDIT.' let(:title) { title } let(:params) { params } let(:facts) do { :concat_basedir => concatdir, :id => id, :osfamily => 'Debian', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :kernel => 'Linux', :is_pe => false, } end if p[:ensure] == 'present' it do should contain_file(fragdir).with({ :ensure => 'directory', :mode => '0750', }) end it do should contain_file("#{fragdir}/fragments").with({ :ensure => 'directory', :mode => '0750', :force => true, :ignore => ['.svn', '.git', '.gitignore'], :backup => false, :purge => true, :recurse => true, }) end [ "#{fragdir}/fragments.concat", "#{fragdir}/#{concat_name}", ].each do |file| it do should contain_file(file).with({ :ensure => 'present', :mode => '0640', }) end end it do should contain_file(title).with({ :ensure => 'present', :owner => p[:owner], :group => p[:group], :mode => p[:mode], :replace => p[:replace], :path => p[:path], :alias => "concat_#{title}", :source => "#{fragdir}/#{concat_name}", :validate_cmd => p[:validate_cmd], :backup => p[:backup], }) end cmd = "#{concatdir}/bin/concatfragments.rb " + "-o \"#{concatdir}/#{safe_name}/fragments.concat.out\" " + "-d \"#{concatdir}/#{safe_name}\"" # flag order: fragdir, warnflag, forceflag, orderflag, newlineflag if p.has_key?(:warn) case p[:warn] when TrueClass message = default_warn_message when 'true', 'yes', 'on' # should generate a stringified boolean warning message = default_warn_message when FalseClass message = nil when 'false', 'no', 'off' # should generate a stringified boolean warning message = nil else message = p[:warn] end unless message.nil? cmd += " -w \'#{message}\'" end end cmd += " -f" if p[:force] cmd += " -n" if p[:order] == 'numeric' cmd += " -l" if p[:ensure_newline] == true it do should contain_exec("concat_#{title}").with({ :alias => "concat_#{fragdir}", :command => cmd, :unless => "#{cmd} -t", }) end else [ fragdir, "#{fragdir}/fragments", "#{fragdir}/fragments.concat", "#{fragdir}/#{concat_name}", ].each do |file| it do should contain_file(file).with({ :ensure => 'absent', :force => true, }) end end it do should contain_file(title).with({ :ensure => 'absent', :backup => p[:backup], }) end it do should contain_exec("concat_#{title}").with({ :alias => "concat_#{fragdir}", :command => 'true', :unless => 'true', :path => '/bin:/usr/bin', }) end end end context 'title' do context 'without path param' do # title/name is the default value for the path param. therefore, the # title must be an absolute path unless path is specified ['/foo', '/foo/bar', '/foo/bar/baz'].each do |title| context title do it_behaves_like 'concat', '/etc/foo.bar' end end ['./foo', 'foo', 'foo/bar'].each do |title| context title do let(:title) { title } it 'should fail' do expect { catalogue }.to raise_error(Puppet::Error, /is not an absolute path/) end end end end context 'with path param' do ['./foo', 'foo', 'foo/bar'].each do |title| context title do it_behaves_like 'concat', title, { :path => '/etc/foo.bar' } end end end end # title => context 'as non-root user' do it_behaves_like 'concat', '/etc/foo.bar', {}, 'bob' end context 'ensure =>' do ['present', 'absent'].each do |ens| context ens do it_behaves_like 'concat', '/etc/foo.bar', { :ensure => ens } end end context 'invalid' do let(:title) { '/etc/foo.bar' } let(:params) {{ :ensure => 'invalid' }} it 'should fail' do expect { catalogue }.to raise_error(Puppet::Error, /#{Regexp.escape('does not match "^present$|^absent$"')}/) end end end # ensure => context 'path =>' do context '/foo' do it_behaves_like 'concat', '/etc/foo.bar', { :path => '/foo' } end ['./foo', 'foo', 'foo/bar', false].each do |path| context path do let(:title) { '/etc/foo.bar' } let(:params) {{ :path => path }} it 'should fail' do expect { catalogue }.to raise_error(Puppet::Error, /is not an absolute path/) end end end end # path => context 'owner =>' do context 'apenney' do it_behaves_like 'concat', '/etc/foo.bar', { :owner => 'apenny' } end + context '1000' do + it_behaves_like 'concat', '/etc/foo.bar', { :owner => 1000 } + end + context 'false' do let(:title) { '/etc/foo.bar' } let(:params) {{ :owner => false }} it 'should fail' do - expect { catalogue }.to raise_error(Puppet::Error, /is not a string/) + expect { catalogue }.to raise_error(Puppet::Error, /\$owner must be a string or integer/) end end end # owner => context 'group =>' do context 'apenney' do it_behaves_like 'concat', '/etc/foo.bar', { :group => 'apenny' } end + context '1000' do + it_behaves_like 'concat', '/etc/foo.bar', { :group => 1000 } + end + context 'false' do let(:title) { '/etc/foo.bar' } let(:params) {{ :group => false }} it 'should fail' do - expect { catalogue }.to raise_error(Puppet::Error, /is not a string/) + expect { catalogue }.to raise_error(Puppet::Error, /\$group must be a string or integer/) end end end # group => context 'mode =>' do context '1755' do it_behaves_like 'concat', '/etc/foo.bar', { :mode => '1755' } end context 'false' do let(:title) { '/etc/foo.bar' } let(:params) {{ :mode => false }} it 'should fail' do expect { catalogue }.to raise_error(Puppet::Error, /is not a string/) end end end # mode => context 'warn =>' do [true, false, '# foo'].each do |warn| context warn do it_behaves_like 'concat', '/etc/foo.bar', { :warn => warn } end end context '(stringified boolean)' do ['true', 'yes', 'on', 'false', 'no', 'off'].each do |warn| context warn do it_behaves_like 'concat', '/etc/foo.bar', { :warn => warn } it 'should create a warning' do skip('rspec-puppet support for testing warning()') end end end end context '123' do let(:title) { '/etc/foo.bar' } let(:params) {{ :warn => 123 }} it 'should fail' do expect { catalogue }.to raise_error(Puppet::Error, /is not a string or boolean/) end end end # warn => context 'force =>' do [true, false].each do |force| context force do it_behaves_like 'concat', '/etc/foo.bar', { :force => force } end end context '123' do let(:title) { '/etc/foo.bar' } let(:params) {{ :force => 123 }} it 'should fail' do expect { catalogue }.to raise_error(Puppet::Error, /is not a boolean/) end end end # force => context 'backup =>' do context 'reverse' do it_behaves_like 'concat', '/etc/foo.bar', { :backup => 'reverse' } end context 'false' do it_behaves_like 'concat', '/etc/foo.bar', { :backup => false } end context 'true' do it_behaves_like 'concat', '/etc/foo.bar', { :backup => true } end context 'true' do let(:title) { '/etc/foo.bar' } let(:params) {{ :backup => [] }} it 'should fail' do expect { catalogue }.to raise_error(Puppet::Error, /backup must be string or bool/) end end end # backup => context 'backup_fragments =>' do context 'true' do it_behaves_like 'concat', '/etc/foo.bar', { :backup_fragments => true } end context 'false' do it_behaves_like 'concat', '/etc/foo.bar', { :backup_fragments => false } end context 'invalid' do let(:title) { '/etc/foo.bar' } let(:params) {{ :backup_fragments => "invalid" }} it 'should fail' do expect { catalogue }.to raise_error(Puppet::Error, /is not a boolean/) end end end # backup_fragments => context 'replace =>' do [true, false].each do |replace| context replace do it_behaves_like 'concat', '/etc/foo.bar', { :replace => replace } end end context '123' do let(:title) { '/etc/foo.bar' } let(:params) {{ :replace => 123 }} it 'should fail' do expect { catalogue }.to raise_error(Puppet::Error, /is not a boolean/) end end end # replace => context 'order =>' do ['alpha', 'numeric'].each do |order| context order do it_behaves_like 'concat', '/etc/foo.bar', { :order => order } end end context 'invalid' do let(:title) { '/etc/foo.bar' } let(:params) {{ :order => 'invalid' }} it 'should fail' do expect { catalogue }.to raise_error(Puppet::Error, /#{Regexp.escape('does not match "^alpha$|^numeric$"')}/) end end end # order => context 'ensure_newline =>' do [true, false].each do |ensure_newline| context 'true' do it_behaves_like 'concat', '/etc/foo.bar', { :ensure_newline => ensure_newline} end end context '123' do let(:title) { '/etc/foo.bar' } let(:params) {{ :ensure_newline => 123 }} it 'should fail' do expect { catalogue }.to raise_error(Puppet::Error, /is not a boolean/) end end end # ensure_newline => context 'validate_cmd =>' do if Puppet::Util::Package::versioncmp(Puppet::version, '3.5.0') > 0 context '/usr/bin/test -e %' do it_behaves_like 'concat', '/etc/foo.bar', { :validate_cmd => '/usr/bin/test -e %' } end [ 1234, true ].each do |cmd| context cmd do let(:title) { '/etc/foo.bar' } let(:params) {{ :validate_cmd => cmd }} it 'should fail' do expect { catalogue }.to raise_error(Puppet::Error, /\$validate_cmd must be a string/) end end end end end # validate_cmd => describe 'deprecated parameter' do context 'gnu =>' do context 'foo' do it_behaves_like 'concat', '/etc/foo.bar', { :gnu => 'foo'} it 'should create a warning' do skip('rspec-puppet support for testing warning()') end end end end end # vim:sw=2:ts=2:expandtab:textwidth=79