Merge pull request #13 from jordiprats/master

0.2.5
NTTCom-MS · Feb 27, 2020 · 4b88102 · 4b88102
2 parents 2593244 + 75da36e
commit 4b88102
Show file tree

Hide file tree

Showing 6 changed files with 70 additions and 17 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # CHANGELOG
 
+## 0.2.5
+
+* flag to ignore not prexistent users in autoACL mode
+
 ## 0.2.4
 
 * add backup flag to **snmpd.conf**

diff --git a/examples/fail_autoacl.pp b/examples/fail_autoacl.pp
@@ -0,0 +1,12 @@
+class { 'snmpd':
+  add_default_acls => false,
+}
+
+class { 'snmpd::loadavg': }
+
+# snmpwalk -v3  -l authPriv -u v3testuser -a SHA -A "1234567890"  -x AES -X "1234567890" 127.0.0.1 system
+
+snmpd::acl { 'notfound':
+  auto_acl               => true,
+  fail_on_absent_autoacl => true,
+}
diff --git a/examples/ignore_inexistent_autoacl_user.pp b/examples/ignore_inexistent_autoacl_user.pp
@@ -0,0 +1,12 @@
+class { 'snmpd':
+  add_default_acls => false,
+}
+
+class { 'snmpd::loadavg': }
+
+# snmpwalk -v3  -l authPriv -u v3testuser -a SHA -A "1234567890"  -x AES -X "1234567890" 127.0.0.1 system
+
+snmpd::acl { 'notfound':
+  auto_acl               => true,
+  fail_on_absent_autoacl => false,
+}
diff --git a/manifests/acl.pp b/manifests/acl.pp
@@ -1,24 +1,40 @@
 define snmpd::acl (
-                    $community         = undef,
-                    $description       = undef,
-                    $order             = '42',
-                    $security_name     = $name,
-                    $group_name        = $name,
-                    $view_name         = "view_${name}",
-                    $allowed_hosts     = [ '127.0.0.1/32' ],
-                    $security_model    = [ 'v1', 'v2c' ],
-                    $included_subtrees = [ '.1' ],
-                    $read              = true,
-                    $write             = false,
-                    $context           = 'prefix',
-                    $auto_acl          = false,
+                    $community              = undef,
+                    $description            = undef,
+                    $order                  = '42',
+                    $security_name          = $name,
+                    $group_name             = $name,
+                    $view_name              = "view_${name}",
+                    $allowed_hosts          = [ '127.0.0.1/32' ],
+                    $security_model         = [ 'v1', 'v2c' ],
+                    $included_subtrees      = [ '.1' ],
+                    $read                   = true,
+                    $write                  = false,
+                    $context                = 'prefix',
+                    $auto_acl               = false,
+                    $fail_on_absent_autoacl = false,
   ) {
   include ::snmpd
 
   if($auto_acl)
   {
-    $community_parsed = $::eyp_snmpd_acls[$security_name]['community']
-    $allowed_hosts_parsed = $::eyp_snmpd_acls[$security_name]['hosts']
+    if($::eyp_snmpd_acls[$security_name]==undef)
+    {
+      $community_parsed = undef
+    }
+    else
+    {
+      $community_parsed = $::eyp_snmpd_acls[$security_name]['community']
+    }
+
+    if($::eyp_snmpd_acls[$security_name]==undef)
+    {
+      $allowed_hosts_parsed = undef
+    }
+    else
+    {
+      $allowed_hosts_parsed = $::eyp_snmpd_acls[$security_name]['hosts']
+    }
   }
   else
   {
@@ -33,6 +49,14 @@
     }
   }
 
+  if($fail_on_absent_autoacl)
+  {
+    if(($community_parsed==undef) or ($allowed_hosts_parsed==undef))
+    {
+      fail("security_name ${security_name} not found on snmpd.conf")
+    }
+  }
+
   concat::fragment { "snmpd ACL ${security_name} ${community} ${group_name}":
     target  => '/etc/snmp/snmpd.conf',
     order   => "10-${order}",

diff --git a/metadata.json b/metadata.json
@@ -1,6 +1,6 @@
 {
   "name": "eyp-snmpd",
-  "version": "0.2.4",
+  "version": "0.2.5",
   "author": "eyp",
   "summary": "SNMP agent management",
   "license": "Apache-2.0",

diff --git a/templates/acl.erb b/templates/acl.erb
@@ -1,3 +1,4 @@
+<% if defined?(@community_parsed) and defined?(@allowed_hosts_parsed) -%>
 <% if defined?(@description) -%>
 #
 # <%= @description %>
@@ -32,4 +33,4 @@ view    <%= @view_name %>    included   <%= val %>
 #       group          context sec.model sec.level prefix read   write  notif
 access  <%= @group_name %> "" any noauth <%= @context %> <% if @read %><%= @view_name %><% else %>none<% end %> <% if @write %><%= @view_name %><% else %>none<% end %> none
 
-<% %>
+<% end %>