diff --git a/CHANGELOG.md b/CHANGELOG.md index 6e3c4ec..79e184a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # CHANGELOG +## 0.2.5 + +* flag to ignore not prexistent users in autoACL mode + ## 0.2.4 * add backup flag to **snmpd.conf** diff --git a/examples/fail_autoacl.pp b/examples/fail_autoacl.pp new file mode 100644 index 0000000..f2e533b --- /dev/null +++ b/examples/fail_autoacl.pp @@ -0,0 +1,12 @@ +class { 'snmpd': + add_default_acls => false, +} + +class { 'snmpd::loadavg': } + +# snmpwalk -v3 -l authPriv -u v3testuser -a SHA -A "1234567890" -x AES -X "1234567890" 127.0.0.1 system + +snmpd::acl { 'notfound': + auto_acl => true, + fail_on_absent_autoacl => true, +} diff --git a/examples/ignore_inexistent_autoacl_user.pp b/examples/ignore_inexistent_autoacl_user.pp new file mode 100644 index 0000000..8e1efac --- /dev/null +++ b/examples/ignore_inexistent_autoacl_user.pp @@ -0,0 +1,12 @@ +class { 'snmpd': + add_default_acls => false, +} + +class { 'snmpd::loadavg': } + +# snmpwalk -v3 -l authPriv -u v3testuser -a SHA -A "1234567890" -x AES -X "1234567890" 127.0.0.1 system + +snmpd::acl { 'notfound': + auto_acl => true, + fail_on_absent_autoacl => false, +} diff --git a/manifests/acl.pp b/manifests/acl.pp index 307a941..f67b81f 100644 --- a/manifests/acl.pp +++ b/manifests/acl.pp @@ -1,24 +1,40 @@ define snmpd::acl ( - $community = undef, - $description = undef, - $order = '42', - $security_name = $name, - $group_name = $name, - $view_name = "view_${name}", - $allowed_hosts = [ '127.0.0.1/32' ], - $security_model = [ 'v1', 'v2c' ], - $included_subtrees = [ '.1' ], - $read = true, - $write = false, - $context = 'prefix', - $auto_acl = false, + $community = undef, + $description = undef, + $order = '42', + $security_name = $name, + $group_name = $name, + $view_name = "view_${name}", + $allowed_hosts = [ '127.0.0.1/32' ], + $security_model = [ 'v1', 'v2c' ], + $included_subtrees = [ '.1' ], + $read = true, + $write = false, + $context = 'prefix', + $auto_acl = false, + $fail_on_absent_autoacl = false, ) { include ::snmpd if($auto_acl) { - $community_parsed = $::eyp_snmpd_acls[$security_name]['community'] - $allowed_hosts_parsed = $::eyp_snmpd_acls[$security_name]['hosts'] + if($::eyp_snmpd_acls[$security_name]==undef) + { + $community_parsed = undef + } + else + { + $community_parsed = $::eyp_snmpd_acls[$security_name]['community'] + } + + if($::eyp_snmpd_acls[$security_name]==undef) + { + $allowed_hosts_parsed = undef + } + else + { + $allowed_hosts_parsed = $::eyp_snmpd_acls[$security_name]['hosts'] + } } else { @@ -33,6 +49,14 @@ } } + if($fail_on_absent_autoacl) + { + if(($community_parsed==undef) or ($allowed_hosts_parsed==undef)) + { + fail("security_name ${security_name} not found on snmpd.conf") + } + } + concat::fragment { "snmpd ACL ${security_name} ${community} ${group_name}": target => '/etc/snmp/snmpd.conf', order => "10-${order}", diff --git a/metadata.json b/metadata.json index 9185cea..99debfd 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "eyp-snmpd", - "version": "0.2.4", + "version": "0.2.5", "author": "eyp", "summary": "SNMP agent management", "license": "Apache-2.0", diff --git a/templates/acl.erb b/templates/acl.erb index 946de5e..2a3cff7 100644 --- a/templates/acl.erb +++ b/templates/acl.erb @@ -1,3 +1,4 @@ +<% if defined?(@community_parsed) and defined?(@allowed_hosts_parsed) -%> <% if defined?(@description) -%> # # <%= @description %> @@ -32,4 +33,4 @@ view <%= @view_name %> included <%= val %> # group context sec.model sec.level prefix read write notif access <%= @group_name %> "" any noauth <%= @context %> <% if @read %><%= @view_name %><% else %>none<% end %> <% if @write %><%= @view_name %><% else %>none<% end %> none -<% %> +<% end %>