Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add audit module support #334

Merged
merged 1 commit into from
Jan 6, 2023
Merged

Add audit module support #334

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions examples/module_audit.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
include icingaweb2

package { 'git': }

class { 'icingaweb2::module::audit':
git_revision => 'v1.0.2',
}
113 changes: 113 additions & 0 deletions manifests/module/audit.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,113 @@
# @summary
# Installs and enables the audit module.
#
# @note If you want to use `git` as `install_method`, the CLI `git` command has to be installed.
#
# @param ensure
# Enable or disable module.
#
# @param module_dir
# Target directory of the module.
#
# @param git_repository
# Set a git repository URL.
#
# @param git_revision
# Set either a branch or a tag name, eg. `master` or `v1.0.2`.
#
# @param install_method
# Install methods are `git`, `package` and `none` is supported as installation method.
#
# @param package_name
# Package name of the module. This setting is only valid in combination with the installation method `package`.
#
# @param log_type
# Logging type to use.
#
# @param log_file
# Location of the log file. Only valid if `log_type` is set to `file`.
#
# @param log_ident
# Logging prefix ident. Only valid if `log_type` is set to `syslog`.
#
# @param log_facility
# Facility to log to. Only valid if `log_type` is set to `syslog`.
#
# @param stream_format
# Set to `json` to stream in JSON format. Disabled by setting to `none`.
#
# @param stream_file
# Path to the stream destination.
#
# @example
# class { 'icingaweb2::module::audit':
# git_revision => 'v1.0.2',
# log_type => 'syslog',
# log_facility => 'authpriv',
# }
#
class icingaweb2::module::audit (
Enum['absent', 'present'] $ensure = 'present',
Optional[Stdlib::Absolutepath] $module_dir = undef,
String $git_repository = 'https://github.com/Icinga/icingaweb2-module-audit.git',
Optional[String] $git_revision = undef,
Enum['git', 'none', 'package'] $install_method = 'git',
String $package_name = 'icingaweb2-module-audit',
Enum['file', 'syslog', 'none'] $log_type = 'none',
Optional[Stdlib::Absolutepath] $log_file = undef,
Optional[String] $log_ident = undef,
Variant[
Enum['auth', 'user', 'authpriv'],
Pattern[/^local[0-7]$/]
] $log_facility = 'auth',
Enum['json', 'none'] $stream_format = 'none',
Optional[Stdlib::Absolutepath] $stream_file = undef,
) {
$conf_dir = $icingaweb2::globals::conf_dir
$module_conf_dir = "${conf_dir}/modules/audit"

case $log_type {
'file': {
$log_settings = {
'type' => 'file',
'path' => $log_file,
}
}
'syslog': {
$log_settings = {
'type' => 'syslog',
'ident' => $log_ident,
'facility' => $log_facility,
}
}
default: {
$log_settings = { 'type' => 'none', }
}
}

$settings = {
'icingaweb2-module-audit-log' => {
'section_name' => 'log',
'target' => "${module_conf_dir}/config.ini",
'settings' => delete_undef_values($log_settings),
},
'icingaweb2-module-audit-stream' => {
'section_name' => 'stream',
'target' => "${module_conf_dir}/config.ini",
'settings' => delete_undef_values({
'format' => $stream_format,
'path' => $stream_file,
}),
},
}

icingaweb2::module { 'audit':
ensure => $ensure,
git_repository => $git_repository,
git_revision => $git_revision,
install_method => $install_method,
module_dir => $module_dir,
package_name => $package_name,
settings => $settings,
}
}
82 changes: 82 additions & 0 deletions spec/classes/audit_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
require 'spec_helper'

describe('icingaweb2::module::audit', type: :class) do
let(:pre_condition) do
[
"class { 'icingaweb2': }",
]
end

on_supported_os.each do |os, facts|
context "on #{os}" do
let :facts do
facts
end

context "#{os} with defaults" do
it {
is_expected.to contain_icingaweb2__module('audit').with(
{
'ensure' => 'present',
'install_method' => 'git',
'settings' => {
'icingaweb2-module-audit-log' => {
'section_name' => 'log',
'target' => '/etc/icingaweb2/modules/audit/config.ini',
'settings' => {
'type' => 'none',
},
},
'icingaweb2-module-audit-stream' => {
'section_name' => 'stream',
'target' => '/etc/icingaweb2/modules/audit/config.ini',
'settings' => {
'format' => 'none',
},
},
},
},
)
}
end

context "#{os} with file logging and json stream" do
let(:params) do
{
log_type: 'file',
log_file: '/foobar.log',
stream_format: 'json',
stream_file: '/foobar.json',
}
end

it {
is_expected.to contain_icingaweb2__module('audit').with(
{
'ensure' => 'present',
'install_method' => 'git',
'settings' => {
'icingaweb2-module-audit-log' => {
'section_name' => 'log',
'target' => '/etc/icingaweb2/modules/audit/config.ini',
'settings' => {
'type' => 'file',
'path' => '/foobar.log',
},
},
'icingaweb2-module-audit-stream' => {
'section_name' => 'stream',
'target' => '/etc/icingaweb2/modules/audit/config.ini',
'settings' => {
'format' => 'json',
'path' => '/foobar.json',
},
},
},
},
)
}
end
end
end
end