3 changes: 3 additions & 0 deletions .github/SECURITY.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# Vox Pupuli Security Policy

Our vulnerabilities reporting process is at https://voxpupuli.org/security/
5 changes: 3 additions & 2 deletions .travis.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
---
os: linux
dist: bionic
language: ruby
cache: bundler
Expand All @@ -7,7 +8,7 @@ before_install:
- bundle --version
script:
- 'bundle exec rake $CHECK'
matrix:
jobs:
fast_finish: true
include:
- rvm: 2.4.4
Expand Down Expand Up @@ -84,7 +85,7 @@ notifications:
- "chat.freenode.org#voxpupuli-notifications"
deploy:
provider: puppetforge
user: puppet
username: puppet
password:
secure: "Ojc0h2mbt9Y+eCyiKD+x1iYNONOP27Me63hjo9jo2v1bSs3aiM7djlcpz/sG+jRJ7JQoUyaGzHSn+gvxwWqdagFfFgDmipMKD0OXQinq7upRaG2hR+akKo0jllq9zLjJGBDoxurioKfOzPGlt2bX3UYY5KyeJ3AIM4dwCGVtSh4="
on:
Expand Down
23 changes: 23 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,29 @@ All notable changes to this project will be documented in this file.
Each new release typically also includes the latest modulesync defaults.
These should not affect the functionality of the module.

## [v10.1.0](https://github.com/voxpupuli/puppet-rabbitmq/tree/v10.1.0) (2020-07-10)

[Full Changelog](https://github.com/voxpupuli/puppet-rabbitmq/compare/v10.0.1...v10.1.0)

**Implemented enhancements:**

- Don't use RABBITMQ\_SERVER\_ERL\_ARGS [\#841](https://github.com/voxpupuli/puppet-rabbitmq/pull/841) ([jeckersb](https://github.com/jeckersb))

**Fixed bugs:**

- Cannot set delivery-limit policy [\#846](https://github.com/voxpupuli/puppet-rabbitmq/issues/846)
- rabbitmq\_user resource displays password when needed changed in noop [\#839](https://github.com/voxpupuli/puppet-rabbitmq/issues/839)
- erlang\_cookie echo'ed to agent output [\#837](https://github.com/voxpupuli/puppet-rabbitmq/issues/837)
- breaks /etc/rabbitmq ownership under ubuntu [\#813](https://github.com/voxpupuli/puppet-rabbitmq/issues/813)
- Owner of /etc/rabbitmq [\#703](https://github.com/voxpupuli/puppet-rabbitmq/issues/703)

**Merged pull requests:**

- Allow delivery-limit policy to be set [\#847](https://github.com/voxpupuli/puppet-rabbitmq/pull/847) ([philomory](https://github.com/philomory))
- Hide user password [\#840](https://github.com/voxpupuli/puppet-rabbitmq/pull/840) ([tobias-urdin](https://github.com/tobias-urdin))
- Hide erlang cookie content [\#838](https://github.com/voxpupuli/puppet-rabbitmq/pull/838) ([tobias-urdin](https://github.com/tobias-urdin))
- \[fix\] ownership and permissions on conf files [\#835](https://github.com/voxpupuli/puppet-rabbitmq/pull/835) ([wyardley](https://github.com/wyardley))

## [v10.0.1](https://github.com/voxpupuli/puppet-rabbitmq/tree/v10.0.1) (2020-04-25)

[Full Changelog](https://github.com/voxpupuli/puppet-rabbitmq/compare/v10.0.0...v10.0.1)
Expand Down
2 changes: 1 addition & 1 deletion Gemfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ def location_for(place, fake_version = nil)
end

group :test do
gem 'voxpupuli-test', '>= 1.0.0', :require => false
gem 'voxpupuli-test', '>= 1.4.0', :require => false
gem 'coveralls', :require => false
gem 'simplecov-console', :require => false
end
Expand Down
11 changes: 11 additions & 0 deletions lib/puppet/type/rabbitmq_erlang_cookie.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,20 @@
newproperty(:content) do
desc 'Content of cookie'
newvalues(%r{^\S+$})

def change_to_s(_current, _desired)
'The rabbitmq erlang cookie was changed'
end

# rubocop:disable Style/PredicateName
def is_to_s(_value)
'[old content redacted]'
end
# rubocop:enable Style/PredicateName

def should_to_s(_value)
'[new content redacted]'
end
end

newparam(:force) do
Expand Down
11 changes: 10 additions & 1 deletion lib/puppet/type/rabbitmq_policy.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,12 +128,18 @@ def validate_definition(definition)
raise ArgumentError, "Invalid shards-per-node value '#{shards_per_node_val}'"
end
end
if definition.key? 'ha-sync-batch-size' # rubocop:disable Style/GuardClause
if definition.key? 'ha-sync-batch-size'
ha_sync_batch_size_val = definition['ha-sync-batch-size']
unless ha_sync_batch_size_val.to_i.to_s == ha_sync_batch_size_val
raise ArgumentError, "Invalid ha-sync-batch-size value '#{ha_sync_batch_size_val}'"
end
end
if definition.key? 'delivery-limit' # rubocop:disable Style/GuardClause
delivery_limit_val = definition['delivery-limit']
unless delivery_limit_val.to_i.to_s == delivery_limit_val
raise ArgumentError, "Invalid delivery-limit value '#{delivery_limit_val}'"
end
end
end

def munge_definition(definition)
Expand All @@ -158,6 +164,9 @@ def munge_definition(definition)
if definition.key? 'ha-sync-batch-size'
definition['ha-sync-batch-size'] = definition['ha-sync-batch-size'].to_i
end
if definition.key? 'delivery-limit'
definition['delivery-limit'] = definition['delivery-limit'].to_i
end
definition
end
end
10 changes: 10 additions & 0 deletions lib/puppet/type/rabbitmq_user.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,16 @@ def insync?(_is)
def change_to_s(_current, _desired)
'password has been changed'
end

# rubocop:disable Style/PredicateName
def is_to_s(_value)
'[old password redacted]'
end
# rubocop:enable Style/PredicateName

def should_to_s(_value)
'[new password redacted]'
end
end

newproperty(:admin) do
Expand Down
24 changes: 12 additions & 12 deletions manifests/config.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,7 @@
$proto_dist = 'inet6_tcp'
$ssl_path = ''
}
$ipv6_or_tls_env = ['SERVER', 'CTL'].reduce({}) |$memo, $item| {
$ipv6_or_tls_env = ['SERVER_ADDITIONAL', 'CTL'].reduce({}) |$memo, $item| {
$orig = $_environment_variables["RABBITMQ_${item}_ERL_ARGS"]
$munged = $orig ? {
# already quoted, keep quoting
Expand All @@ -146,23 +146,23 @@
file { '/etc/rabbitmq':
ensure => directory,
owner => '0',
group => '0',
mode => '0755',
owner => $rabbitmq_user,
group => $rabbitmq_group,
mode => '2755',
}
file { '/etc/rabbitmq/ssl':
ensure => directory,
owner => '0',
group => '0',
mode => '0755',
owner => $rabbitmq_user,
group => $rabbitmq_group,
mode => '2750',
}
file { 'rabbitmq.config':
ensure => file,
path => $config_path,
content => template($config),
owner => '0',
owner => $rabbitmq_user,
group => $rabbitmq_group,
mode => '0640',
}
Expand All @@ -171,7 +171,7 @@
ensure => file,
path => $env_config_path,
content => template($env_config),
owner => '0',
owner => $rabbitmq_user,
group => $rabbitmq_group,
mode => '0640',
}
Expand All @@ -180,7 +180,7 @@
ensure => file,
path => $inetrc_config_path,
content => template($inetrc_config),
owner => '0',
owner => $rabbitmq_user,
group => $rabbitmq_group,
mode => '0640',
}
Expand All @@ -190,7 +190,7 @@
ensure => file,
path => '/etc/rabbitmq/enabled_plugins',
content => template('rabbitmq/enabled_plugins.erb'),
owner => '0',
owner => $rabbitmq_user,
group => $rabbitmq_group,
mode => '0640',
require => File['/etc/rabbitmq'],
Expand All @@ -202,7 +202,7 @@
ensure => file,
path => '/etc/rabbitmq/rabbitmqadmin.conf',
content => template('rabbitmq/rabbitmqadmin.conf.erb'),
owner => '0',
owner => $rabbitmq_user,
group => $rabbitmq_group,
mode => '0640',
require => File['/etc/rabbitmq'],
Expand Down
2 changes: 1 addition & 1 deletion metadata.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "puppet-rabbitmq",
"version": "10.0.1",
"version": "10.1.0",
"author": "voxpupuli",
"summary": "Installs, configures, and manages RabbitMQ.",
"license": "Apache-2.0",
Expand Down
13 changes: 13 additions & 0 deletions spec/acceptance/class_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,19 @@ class { 'erlang': epel_enable => true}
it { is_expected.to be_enabled }
it { is_expected.to be_running }
end

describe file('/etc/rabbitmq') do
it { is_expected.to be_directory }
it { is_expected.to be_owned_by 'rabbitmq' }
it { is_expected.to be_grouped_into 'rabbitmq' }
end

describe file('/etc/rabbitmq/ssl') do
it { is_expected.to be_directory }
it { is_expected.to be_owned_by 'rabbitmq' }
it { is_expected.to be_grouped_into 'rabbitmq' }
it { is_expected.not_to be_readable.by('others') }
end
end

context 'disable and stop service' do
Expand Down
37 changes: 25 additions & 12 deletions spec/classes/rabbitmq_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -310,21 +310,34 @@
it {
is_expected.to contain_file('/etc/rabbitmq').with(
'ensure' => 'directory',
'mode' => '0755'
'owner' => 'rabbitmq',
'group' => 'rabbitmq',
'mode' => '2755'
)
}
end

describe 'manages configuration file correctly' do
it {
is_expected.to contain_file('rabbitmq.config').with(
'owner' => '0',
'owner' => 'rabbitmq',
'group' => 'rabbitmq',
'mode' => '0640'
)
}
end

describe 'manages SSL directory correctly' do
it {
is_expected.to contain_file('/etc/rabbitmq/ssl').with(
'ensure' => 'directory',
'owner' => 'rabbitmq',
'group' => 'rabbitmq',
'mode' => '2750'
)
}
end

describe 'does not contain pre-ranch settings with default config' do
it do
is_expected.to contain_file('rabbitmq.config'). \
Expand Down Expand Up @@ -1313,35 +1326,35 @@
context 'without other erl args' do
it 'enables inet6 distribution' do
is_expected.to contain_file('rabbitmq-env.config'). \
with_content(%r{^RABBITMQ_SERVER_ERL_ARGS="-proto_dist inet6_tcp"$}). \
with_content(%r{^RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS="-proto_dist inet6_tcp"$}). \
with_content(%r{^RABBITMQ_CTL_ERL_ARGS="-proto_dist inet6_tcp"$})
end
end

context 'with other quoted erl args' do
let(:params) do
{ ipv6: true,
environment_variables: { 'RABBITMQ_SERVER_ERL_ARGS' => '"some quoted args"',
environment_variables: { 'RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS' => '"some quoted args"',
'RABBITMQ_CTL_ERL_ARGS' => '"other quoted args"' } }
end

it 'enables inet6 distribution and quote properly' do
is_expected.to contain_file('rabbitmq-env.config'). \
with_content(%r{^RABBITMQ_SERVER_ERL_ARGS="some quoted args -proto_dist inet6_tcp"$}). \
with_content(%r{^RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS="some quoted args -proto_dist inet6_tcp"$}). \
with_content(%r{^RABBITMQ_CTL_ERL_ARGS="other quoted args -proto_dist inet6_tcp"$})
end
end

context 'with other unquoted erl args' do
let(:params) do
{ ipv6: true,
environment_variables: { 'RABBITMQ_SERVER_ERL_ARGS' => 'foo',
environment_variables: { 'RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS' => 'foo',
'RABBITMQ_CTL_ERL_ARGS' => 'bar' } }
end

it 'enables inet6 distribution and quote properly' do
is_expected.to contain_file('rabbitmq-env.config'). \
with_content(%r{^RABBITMQ_SERVER_ERL_ARGS="foo -proto_dist inet6_tcp"$}). \
with_content(%r{^RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS="foo -proto_dist inet6_tcp"$}). \
with_content(%r{^RABBITMQ_CTL_ERL_ARGS="bar -proto_dist inet6_tcp"$})
end
end
Expand All @@ -1354,7 +1367,7 @@

it 'enables inet6 distribution' do
is_expected.to contain_file('rabbitmq-env.config'). \
with_content(%r{^RABBITMQ_SERVER_ERL_ARGS=" -pa /usr/lib64/erlang/lib/ssl-7.3.3.1/ebin -proto_dist inet6_tls"$}). \
with_content(%r{^RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS=" -pa /usr/lib64/erlang/lib/ssl-7.3.3.1/ebin -proto_dist inet6_tls"$}). \
with_content(%r{^RABBITMQ_CTL_ERL_ARGS=" -pa /usr/lib64/erlang/lib/ssl-7.3.3.1/ebin -proto_dist inet6_tls"$})
end
end
Expand All @@ -1363,13 +1376,13 @@
let(:params) do
{ ipv6: true,
ssl_erl_dist: true,
environment_variables: { 'RABBITMQ_SERVER_ERL_ARGS' => '"some quoted args"',
environment_variables: { 'RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS' => '"some quoted args"',
'RABBITMQ_CTL_ERL_ARGS' => '"other quoted args"' } }
end

it 'enables inet6 distribution and quote properly' do
is_expected.to contain_file('rabbitmq-env.config'). \
with_content(%r{^RABBITMQ_SERVER_ERL_ARGS="some quoted args -pa /usr/lib64/erlang/lib/ssl-7.3.3.1/ebin -proto_dist inet6_tls"$}). \
with_content(%r{^RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS="some quoted args -pa /usr/lib64/erlang/lib/ssl-7.3.3.1/ebin -proto_dist inet6_tls"$}). \
with_content(%r{^RABBITMQ_CTL_ERL_ARGS="other quoted args -pa /usr/lib64/erlang/lib/ssl-7.3.3.1/ebin -proto_dist inet6_tls"$})
end
end
Expand All @@ -1378,13 +1391,13 @@
let(:params) do
{ ipv6: true,
ssl_erl_dist: true,
environment_variables: { 'RABBITMQ_SERVER_ERL_ARGS' => 'foo',
environment_variables: { 'RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS' => 'foo',
'RABBITMQ_CTL_ERL_ARGS' => 'bar' } }
end

it 'enables inet6 distribution and quote properly' do
is_expected.to contain_file('rabbitmq-env.config'). \
with_content(%r{^RABBITMQ_SERVER_ERL_ARGS="foo -pa /usr/lib64/erlang/lib/ssl-7.3.3.1/ebin -proto_dist inet6_tls"$}). \
with_content(%r{^RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS="foo -pa /usr/lib64/erlang/lib/ssl-7.3.3.1/ebin -proto_dist inet6_tls"$}). \
with_content(%r{^RABBITMQ_CTL_ERL_ARGS="bar -pa /usr/lib64/erlang/lib/ssl-7.3.3.1/ebin -proto_dist inet6_tls"$})
end
end
Expand Down
13 changes: 13 additions & 0 deletions spec/unit/puppet/type/rabbitmq_policy_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -180,6 +180,19 @@
end.to raise_error(Puppet::Error, %r{Invalid ha-sync-batch-size value.*future})
end

it 'accepts and converts the delivery-limit value' do
definition = { 'delivery-limit' => '3' }
policy[:definition] = definition
expect(policy[:definition]['delivery-limit']).to eq(3)
end

it 'does not accept non-numeric delivery-limit value' do
definition = { 'delivery-limit' => 'future' }
expect do
policy[:definition] = definition
end.to raise_error(Puppet::Error, %r{Invalid delivery-limit value.*future})
end

context 'accepts list value in ha-params when ha-mode = nodes' do
before do
policy[:definition] = definition
Expand Down