From e931f876c1745406b6471ca69b4e63f3779112cf Mon Sep 17 00:00:00 2001 From: Jordi Prats Date: Thu, 27 Feb 2020 14:24:39 +0100 Subject: [PATCH 1/5] demo fails --- CHANGELOG.md | 4 ++++ examples/fail_autoacl.pp | 12 ++++++++++++ examples/notfail_autoacl0.pp | 12 ++++++++++++ manifests/acl.pp | 35 ++++++++++++++++++++++------------- metadata.json | 2 +- 5 files changed, 51 insertions(+), 14 deletions(-) create mode 100644 examples/fail_autoacl.pp create mode 100644 examples/notfail_autoacl0.pp diff --git a/CHANGELOG.md b/CHANGELOG.md index 6e3c4ec..79e184a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # CHANGELOG +## 0.2.5 + +* flag to ignore not prexistent users in autoACL mode + ## 0.2.4 * add backup flag to **snmpd.conf** diff --git a/examples/fail_autoacl.pp b/examples/fail_autoacl.pp new file mode 100644 index 0000000..f2e533b --- /dev/null +++ b/examples/fail_autoacl.pp @@ -0,0 +1,12 @@ +class { 'snmpd': + add_default_acls => false, +} + +class { 'snmpd::loadavg': } + +# snmpwalk -v3 -l authPriv -u v3testuser -a SHA -A "1234567890" -x AES -X "1234567890" 127.0.0.1 system + +snmpd::acl { 'notfound': + auto_acl => true, + fail_on_absent_autoacl => true, +} diff --git a/examples/notfail_autoacl0.pp b/examples/notfail_autoacl0.pp new file mode 100644 index 0000000..8e1efac --- /dev/null +++ b/examples/notfail_autoacl0.pp @@ -0,0 +1,12 @@ +class { 'snmpd': + add_default_acls => false, +} + +class { 'snmpd::loadavg': } + +# snmpwalk -v3 -l authPriv -u v3testuser -a SHA -A "1234567890" -x AES -X "1234567890" 127.0.0.1 system + +snmpd::acl { 'notfound': + auto_acl => true, + fail_on_absent_autoacl => false, +} diff --git a/manifests/acl.pp b/manifests/acl.pp index 307a941..dc6029f 100644 --- a/manifests/acl.pp +++ b/manifests/acl.pp @@ -1,17 +1,18 @@ define snmpd::acl ( - $community = undef, - $description = undef, - $order = '42', - $security_name = $name, - $group_name = $name, - $view_name = "view_${name}", - $allowed_hosts = [ '127.0.0.1/32' ], - $security_model = [ 'v1', 'v2c' ], - $included_subtrees = [ '.1' ], - $read = true, - $write = false, - $context = 'prefix', - $auto_acl = false, + $community = undef, + $description = undef, + $order = '42', + $security_name = $name, + $group_name = $name, + $view_name = "view_${name}", + $allowed_hosts = [ '127.0.0.1/32' ], + $security_model = [ 'v1', 'v2c' ], + $included_subtrees = [ '.1' ], + $read = true, + $write = false, + $context = 'prefix', + $auto_acl = false, + $fail_on_absent_autoacl = false, ) { include ::snmpd @@ -33,6 +34,14 @@ } } + if($fail_on_absent_autoacl) + { + if($community_parsed==undef) || ($allowed_hosts_parsed==undef) + { + fail("security_name ${security_name} not found on snmpd.conf") + } + } + concat::fragment { "snmpd ACL ${security_name} ${community} ${group_name}": target => '/etc/snmp/snmpd.conf', order => "10-${order}", diff --git a/metadata.json b/metadata.json index 9185cea..99debfd 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "eyp-snmpd", - "version": "0.2.4", + "version": "0.2.5", "author": "eyp", "summary": "SNMP agent management", "license": "Apache-2.0", From 7f48b2da14a706aaf7400c4d59d1bc25a95af5bc Mon Sep 17 00:00:00 2001 From: Jordi Prats Date: Thu, 27 Feb 2020 14:25:27 +0100 Subject: [PATCH 2/5] rename files --- .../{notfail_autoacl0.pp => ignore_inexistent_autoacl_user.pp} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename examples/{notfail_autoacl0.pp => ignore_inexistent_autoacl_user.pp} (100%) diff --git a/examples/notfail_autoacl0.pp b/examples/ignore_inexistent_autoacl_user.pp similarity index 100% rename from examples/notfail_autoacl0.pp rename to examples/ignore_inexistent_autoacl_user.pp From 89a5d27c2b7192b5e161f17b7bbee1aa2138a594 Mon Sep 17 00:00:00 2001 From: Jordi Prats Date: Thu, 27 Feb 2020 14:27:34 +0100 Subject: [PATCH 3/5] or condition --- manifests/acl.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/acl.pp b/manifests/acl.pp index dc6029f..c68bf69 100644 --- a/manifests/acl.pp +++ b/manifests/acl.pp @@ -36,7 +36,7 @@ if($fail_on_absent_autoacl) { - if($community_parsed==undef) || ($allowed_hosts_parsed==undef) + if(($community_parsed==undef) or ($allowed_hosts_parsed==undef)) { fail("security_name ${security_name} not found on snmpd.conf") } From 21bf89d4a4f0ad52b2a9b593c87bda67c1afd8d1 Mon Sep 17 00:00:00 2001 From: Jordi Prats Date: Thu, 27 Feb 2020 14:31:02 +0100 Subject: [PATCH 4/5] detail undef[] --- manifests/acl.pp | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/manifests/acl.pp b/manifests/acl.pp index c68bf69..f67b81f 100644 --- a/manifests/acl.pp +++ b/manifests/acl.pp @@ -18,8 +18,23 @@ if($auto_acl) { - $community_parsed = $::eyp_snmpd_acls[$security_name]['community'] - $allowed_hosts_parsed = $::eyp_snmpd_acls[$security_name]['hosts'] + if($::eyp_snmpd_acls[$security_name]==undef) + { + $community_parsed = undef + } + else + { + $community_parsed = $::eyp_snmpd_acls[$security_name]['community'] + } + + if($::eyp_snmpd_acls[$security_name]==undef) + { + $allowed_hosts_parsed = undef + } + else + { + $allowed_hosts_parsed = $::eyp_snmpd_acls[$security_name]['hosts'] + } } else { From 75da36ec532bba708bfb0cb96efc3e6b2db8346f Mon Sep 17 00:00:00 2001 From: Jordi Prats Date: Thu, 27 Feb 2020 14:35:26 +0100 Subject: [PATCH 5/5] prova --- templates/acl.erb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/templates/acl.erb b/templates/acl.erb index 946de5e..2a3cff7 100644 --- a/templates/acl.erb +++ b/templates/acl.erb @@ -1,3 +1,4 @@ +<% if defined?(@community_parsed) and defined?(@allowed_hosts_parsed) -%> <% if defined?(@description) -%> # # <%= @description %> @@ -32,4 +33,4 @@ view <%= @view_name %> included <%= val %> # group context sec.model sec.level prefix read write notif access <%= @group_name %> "" any noauth <%= @context %> <% if @read %><%= @view_name %><% else %>none<% end %> <% if @write %><%= @view_name %><% else %>none<% end %> none -<% %> +<% end %>