Add configuration options to filter facts out

This changeset adds two configuration options used by the facts PuppetDB indirector: * fact_names_blacklist * fact_names_blacklist_regex They can be used to configure a list of fact names that will never be sent to PuppetDB, based on exact fact names or regular expressions.
cernops · Sep 11, 2024 · 1dc500b · 1dc500b
1 parent 3e29283
commit 1dc500b
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 2 deletions.
diff --git a/puppet/lib/puppet/indirector/facts/puppetdb.rb b/puppet/lib/puppet/indirector/facts/puppetdb.rb
@@ -31,6 +31,18 @@ def save(request)
           package_inventory = inventory['packages'] if inventory.respond_to?(:keys)
           facts.values.delete('_puppet_inventory_1')
 
+          fact_names_blacklist = Puppet::Util::Puppetdb.config.fact_names_blacklist
+
+          fact_names_blacklist.each{|blacklisted_fact_name|
+            facts.values.delete(blacklisted_fact_name)
+          }
+
+          fact_names_blacklist_regexps = Puppet::Util::Puppetdb.config.fact_names_blacklist_regex
+
+          fact_names_blacklist_regexps.each{|blacklisted_fact_name_regexp_str|
+            facts.values.reject!{|k,v| k =~ Regexp.new(blacklisted_fact_name_regexp_str)}
+          }
+
           payload_value = {
             "certname" => facts.name,
             "values" => facts.values,

diff --git a/puppet/lib/puppet/util/puppetdb/config.rb b/puppet/lib/puppet/util/puppetdb/config.rb
@@ -18,7 +18,9 @@ def self.load(config_file = nil)
         :submit_only_server_urls     => "",
         :command_broadcast           => false,
         :sticky_read_failover        => false,
-        :verify_client_certificate   => true
+        :verify_client_certificate   => true,
+        :fact_names_blacklist       => "",
+        :fact_names_blacklist_regex => ""
       }
 
       config_file ||= File.join(Puppet[:confdir], "puppetdb.conf")
@@ -71,7 +73,9 @@ def self.load(config_file = nil)
            :submit_only_server_urls,
            :command_broadcast,
            :sticky_read_failover,
-           :verify_client_certificate].include?(k))
+           :verify_client_certificate,
+           :fact_names_blacklist,
+           :fact_names_blacklist_regex].include?(k))
       end
 
       parsed_urls = config_hash[:server_urls].split(",").map {|s| s.strip}
@@ -108,6 +112,10 @@ def self.load(config_file = nil)
           "or equal to the number of server_urls (#{config_hash[:server_urls].length})"
       end
 
+      config_hash[:fact_names_blacklist] = config_hash[:fact_names_blacklist].split(",").map {|s| s.strip}
+
+      config_hash[:fact_names_blacklist_regex] = config_hash[:fact_names_blacklist_regex].split(",").map {|s| s.strip}
+
       self.new(config_hash)
     rescue => detail
       Puppet.log_exception detail, "Could not configure PuppetDB terminuses: #{detail.message}", {level: :warning}
@@ -160,6 +168,14 @@ def verify_client_certificate
       config[:verify_client_certificate]
     end
 
+    def fact_names_blacklist
+      config[:fact_names_blacklist]
+    end
+
+    def fact_names_blacklist_regex
+      config[:fact_names_blacklist_regex]
+    end
+
     # @!group Private instance methods
 
     # @!attribute [r] count