Declare sysadmins alias via the Foreman ENC's owner field

In the Foreman ENC there's a list of owners. This includes a mail field which can be used.
theforeman · Jul 9, 2024 · a864d11 · a864d11
1 parent bb01a74
commit a864d11
Show file tree

Hide file tree

Showing 4 changed files with 64 additions and 10 deletions.
diff --git a/puppet/modules/profiles/manifests/base.pp b/puppet/modules/profiles/manifests/base.pp
@@ -6,6 +6,9 @@
   include ssh
   include timezone
   include unattended
+  include users
+  include utility
+  include profiles::base::sysadmins
   if $facts['os']['family'] == 'RedHat' {
     package { 'ntp':
       ensure => absent,

diff --git a/puppet/modules/profiles/manifests/base/sysadmins.pp b/puppet/modules/profiles/manifests/base/sysadmins.pp
@@ -0,0 +1,24 @@
+# @summary Ensure root email is delivered
+#
+# If foreman_users is set via the ENC then that's used. Otherwise it ends up in
+# /dev/null.
+class profiles::base::sysadmins {
+  # Via the Foreman ENC
+  if defined('$foreman_users') {
+    # lint:ignore:variable_scope
+    $sysadmins = $foreman_users.map |$username, $user| { $user['mail'] }
+    # lint:endignore
+  } else {
+    $sysadmins = ['/dev/null']
+  }
+
+  mailalias { 'sysadmins':
+    ensure    => present,
+    recipient => $sysadmins,
+  }
+
+  mailalias { 'root':
+    ensure    => present,
+    recipient => 'sysadmins',
+  }
+}
diff --git a/puppet/modules/utility/manifests/init.pp b/puppet/modules/utility/manifests/init.pp
@@ -1,5 +1,5 @@
 # Various basic utilities
-class utility($sysadmins = ['/dev/null']) {
+class utility {
   $vim = $facts['os']['family'] ? {
     'RedHat' => 'vim-enhanced',
     default  => 'vim',
@@ -12,13 +12,4 @@
   }
 
   stdlib::ensure_packages(['rsync'])
-
-  mailalias { 'sysadmins':
-    ensure    => present,
-    recipient => $sysadmins,
-  }
-  mailalias { 'root':
-    ensure    => present,
-    recipient => 'sysadmins',
-  }
 }
diff --git a/puppet/spec/classes/profiles_base_sysadmins_spec.rb b/puppet/spec/classes/profiles_base_sysadmins_spec.rb
@@ -0,0 +1,36 @@
+require 'spec_helper'
+
+describe 'profiles::base::sysadmins' do
+  on_supported_os.each do |os, os_facts|
+    context "on #{os}" do
+      let(:facts) { os_facts }
+
+      context 'without ENC' do
+        it { is_expected.to compile.with_all_deps }
+        it { is_expected.to contain_mailalias('sysadmins').with_recipient(['/dev/null']) }
+      end
+
+      context 'with ENC' do
+        # The ENC parameters aren't really `facts`.
+        # In reality they wouldn't appear in the `$facts` hash, but with
+        # rspec-puppet `let :facts` is still needed to set them as
+        # top-scope variables.
+        let(:facts) do
+          super().merge(
+            foreman_users: {
+              my_username: {
+                mail: '[email protected]',
+              },
+              other: {
+                mail: '[email protected]',
+              },
+            }
+          )
+        end
+
+        it { is_expected.to compile.with_all_deps }
+        it { is_expected.to contain_mailalias('sysadmins').with_recipient(['[email protected]', '[email protected]']) }
+      end
+    end
+  end
+end