openstack/puppet-tripleo
Code Issues Proposed changes

Merge "Enable sudo rule creation" into stable/train

Browse Source
This commit is contained in:
Zuul 2020-03-02 20:57:02 +00:00 committed by Gerrit Code Review
commit 65d6cb12fa
3 changed files with 81 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
manifests/profile/base/metrics/collectd/sensubility.pp
View File

@ -91,6 +91,19 @@
# (Optional) String. Password part of credentials used to authenticate
# to the AMQP 1.0 intermediary.
# Defaults to undef
#
# [*exec_user*]
# (Optional) String. User under which sensubility is executed via collectd-exec.
# Defaults to 'collectd'
#
# [*exec_group*]
# (Optional) String. Group under which sensubility is executed via collectd-exec.
# Defaults to 'collectd'
#
# [*exec_sudo_rule*]
# (Optional) String. Rule which will be saved in /etc/sudoers.d for user specified
# by parameter exec_user.
# Defaults to undef
class tripleo::profile::base::metrics::collectd::sensubility (
$ensure = 'present',
$config_path = '/etc/collectd-sensubility.conf',
@ -108,7 +121,10 @@ class tripleo::profile::base::metrics::collectd::sensubility (
$amqp_host = undef,
$amqp_port = undef,
$amqp_user = undef,
$amqp_password = undef
$amqp_password = undef,
$exec_user = 'collectd',
$exec_group = 'collectd',
$exec_sudo_rule = undef
) {
include ::collectd
include ::collectd::plugin::exec
@ -140,8 +156,25 @@ class tripleo::profile::base::metrics::collectd::sensubility (
}
collectd::plugin::exec::cmd { 'sensubility':
user => 'collectd',
group => 'collectd',
user => $exec_user,
group => $exec_group,
exec => ['collectd-sensubility'],
}
if $exec_sudo_rule {
$sudoers_path = "/etc/sudoers.d/sensubility_${exec_user}"
file { $sudoers_path:
ensure => $ensure,
mode => '0440',
content => "${exec_user} ${exec_sudo_rule}",
notify => Exec["${exec_user}-sudo-syntax-check"]
}
exec { "${exec_user}-sudo-syntax-check":
path => ['/usr/sbin/', '/usr/bin/'],
command => "visudo -c -f '${sudoers_path}' || (rm -f '${sudoers_path}' && exit 1)",
refreshonly => true,
}
}
}

43
spec/classes/tripleo_profile_base_metrics_collectd_sensubility_spec.rb Normal file
View File

@ -0,0 +1,43 @@
#
# Copyright (C) 2020 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
require 'spec_helper'
describe 'tripleo::profile::base::metrics::collectd::sensubility' do
shared_examples_for 'tripleo::profile::base::metrics::collectd::sensubility' do
context 'with defaults and sudo rule defined' do
let(:params) do
{:exec_sudo_rule => 'ALL=(ALL) NOPASSWD:ALL'}
end
it 'has sudoers file for appropriate user with relevant rule' do
is_expected.to compile.with_all_deps
is_expected.to contain_file('/etc/sudoers.d/sensubility_collectd').with_content('collectd ALL=(ALL) NOPASSWD:ALL')
is_expected.to contain_exec('collectd-sudo-syntax-check').with(
:command => "visudo -c -f '/etc/sudoers.d/sensubility_collectd' || (rm -f '/etc/sudoers.d/sensubility_collectd' && exit 1)",
)
end
end
end
on_supported_os.each do |os, facts|
context "on #{os}" do
let (:facts) {
facts
}
it_behaves_like 'tripleo::profile::base::metrics::collectd::sensubility'
end
end
end

2
spec/fixtures/hieradata/default.yaml vendored
View File

@ -172,3 +172,5 @@ neutron::plugins::ovs::opendaylight::odl_username: 'admin'
neutron::plugins::ovs::opendaylight::odl_password: 'admin'
# swift related
swift_proxy_short_bootstrap_node_name: node
# required to avoid EPEL repo management when testing collectd::sensubility
collectd::manage_repo: false