Merge "Add support for audit middleware options"

2021-05-12 18:19:26 +00:00 · 2021-05-12 18:19:26 +00:00 · 0d667c9391
parent dff9107e63 8120c766b4
commit 0d667c9391
3 changed files with 97 additions and 0 deletions
--- a/manifests/audit.pp
+++ b/manifests/audit.pp
@ -0,0 +1,33 @@
+# == Class: ironic::audit
+#
+# Configure audit middleware options
+#
+# == Params
+#
+# [*enabled*]
+#   (Optional) Enable auditing of API requests
+#   Defaults to $::os_service_default
+#
+# [*audit_map_file*]
+#   (Optional) Path to audit map file for ironic-api service.
+#   Defaults to $::os_service_default
+#
+# [*ignore_req_list*]
+#   (Optional) Commma separated list of Ironic REST API HTTP methoeds
+#   to be ignored during audit logging.
+#   Defaults to $::os_service_default
+#
+class ironic::audit (
+  $enabled         = $::os_service_default,
+  $audit_map_file  = $::os_service_default,
+  $ignore_req_list = $::os_service_default,
+) {
+
+  include ironic::deps
+
+  ironic_config {
+    'audit/enabled':         value => $enabled;
+    'audit/audit_map_file':  value => $audit_map_file;
+    'audit/ignore_req_list': value => join(any2array($ignore_req_list), ',');
+  }
+}
--- a/releasenotes/notes/audit-middleware-3bb36065654c3284.yaml
+++ b/releasenotes/notes/audit-middleware-3bb36065654c3284.yaml
@ -0,0 +1,4 @@
+---
+features:
+  - |
+    Support for the audit middleware options has been added.
--- a/spec/classes/ironic_audit_spec.rb
+++ b/spec/classes/ironic_audit_spec.rb
@ -0,0 +1,60 @@
+require 'spec_helper'
+
+describe 'ironic::audit' do
+
+  shared_examples_for 'ironic::audit' do
+
+    context 'with default parameters' do
+      let :params do
+        {}
+      end
+
+      it 'configures default values' do
+        is_expected.to contain_ironic_config('audit/enabled').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_ironic_config('audit/audit_map_file').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_ironic_config('audit/ignore_req_list').with_value('<SERVICE DEFAULT>')
+      end
+    end
+
+    context 'with specific parameters' do
+      let :params do
+        {
+          :enabled         => true,
+          :audit_map_file  => '/etc/ironic/api_audit_map.conf',
+          :ignore_req_list => 'GET,POST',
+        }
+      end
+
+      it 'configures specified values' do
+        is_expected.to contain_ironic_config('audit/enabled').with_value(true)
+        is_expected.to contain_ironic_config('audit/audit_map_file').with_value('/etc/ironic/api_audit_map.conf')
+        is_expected.to contain_ironic_config('audit/ignore_req_list').with_value('GET,POST')
+      end
+    end
+
+    context 'with ignore_req_list in array' do
+      let :params do
+        {
+          :ignore_req_list => ['GET', 'POST'],
+        }
+      end
+
+      it 'configures ignore_req_list with a comma separeted list' do
+        is_expected.to contain_ironic_config('audit/ignore_req_list').with_value('GET,POST')
+      end
+    end
+  end
+
+  on_supported_os({
+    :supported_os   => OSDefaults.get_supported_os
+  }).each do |os,facts|
+    context "on #{os}" do
+      let (:facts) do
+        facts.merge!(OSDefaults.get_facts())
+      end
+
+      it_configures 'ironic::audit'
+    end
+  end
+
+end