Browse Source

Merge "Enable sudo rule creation"

tags/12.1.0
Zuul Gerrit Code Review 2 weeks ago
parent
commit
d88f982ada
3 changed files with 81 additions and 3 deletions
  1. +36
    -3
      manifests/profile/base/metrics/collectd/sensubility.pp
  2. +43
    -0
      spec/classes/tripleo_profile_base_metrics_collectd_sensubility_spec.rb
  3. +2
    -0
      spec/fixtures/hieradata/default.yaml

+ 36
- 3
manifests/profile/base/metrics/collectd/sensubility.pp View File

@@ -91,6 +91,19 @@
# (Optional) String. Password part of credentials used to authenticate
# to the AMQP 1.0 intermediary.
# Defaults to undef
#
# [*exec_user*]
# (Optional) String. User under which sensubility is executed via collectd-exec.
# Defaults to 'collectd'
#
# [*exec_group*]
# (Optional) String. Group under which sensubility is executed via collectd-exec.
# Defaults to 'collectd'
#
# [*exec_sudo_rule*]
# (Optional) String. Rule which will be saved in /etc/sudoers.d for user specified
# by parameter exec_user.
# Defaults to undef
class tripleo::profile::base::metrics::collectd::sensubility (
$ensure = 'present',
$config_path = '/etc/collectd-sensubility.conf',
@@ -108,7 +121,10 @@ class tripleo::profile::base::metrics::collectd::sensubility (
$amqp_host = undef,
$amqp_port = undef,
$amqp_user = undef,
$amqp_password = undef
$amqp_password = undef,
$exec_user = 'collectd',
$exec_group = 'collectd',
$exec_sudo_rule = undef
) {
include collectd
include collectd::plugin::exec
@@ -140,8 +156,25 @@ class tripleo::profile::base::metrics::collectd::sensubility (
}

collectd::plugin::exec::cmd { 'sensubility':
user => 'collectd',
group => 'collectd',
user => $exec_user,
group => $exec_group,
exec => ['collectd-sensubility'],
}

if $exec_sudo_rule {
$sudoers_path = "/etc/sudoers.d/sensubility_${exec_user}"
file { $sudoers_path:
ensure => $ensure,
mode => '0440',
content => "${exec_user} ${exec_sudo_rule}",
notify => Exec["${exec_user}-sudo-syntax-check"]
}

exec { "${exec_user}-sudo-syntax-check":
path => ['/usr/sbin/', '/usr/bin/'],
command => "visudo -c -f '${sudoers_path}' || (rm -f '${sudoers_path}' && exit 1)",
refreshonly => true,
}
}

}

+ 43
- 0
spec/classes/tripleo_profile_base_metrics_collectd_sensubility_spec.rb View File

@@ -0,0 +1,43 @@
#
# Copyright (C) 2020 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#

require 'spec_helper'

describe 'tripleo::profile::base::metrics::collectd::sensubility' do
shared_examples_for 'tripleo::profile::base::metrics::collectd::sensubility' do
context 'with defaults and sudo rule defined' do
let(:params) do
{:exec_sudo_rule => 'ALL=(ALL) NOPASSWD:ALL'}
end
it 'has sudoers file for appropriate user with relevant rule' do
is_expected.to compile.with_all_deps
is_expected.to contain_file('/etc/sudoers.d/sensubility_collectd').with_content('collectd ALL=(ALL) NOPASSWD:ALL')
is_expected.to contain_exec('collectd-sudo-syntax-check').with(
:command => "visudo -c -f '/etc/sudoers.d/sensubility_collectd' || (rm -f '/etc/sudoers.d/sensubility_collectd' && exit 1)",
)
end
end
end

on_supported_os.each do |os, facts|
context "on #{os}" do
let (:facts) {
facts
}
it_behaves_like 'tripleo::profile::base::metrics::collectd::sensubility'
end
end
end

+ 2
- 0
spec/fixtures/hieradata/default.yaml View File

@@ -177,3 +177,5 @@ neutron::plugins::ovs::opendaylight::odl_password: 'admin'
swift_proxy_short_bootstrap_node_name: node
# required for metrics::qdr_user
ctlplane: '192.168.24.123'
# required to avoid EPEL repo management when testing collectd::sensubility
collectd::manage_repo: false

Loading…
Cancel
Save