From 74d2ba8867450a9ed903a10617c88af02f294cae Mon Sep 17 00:00:00 2001 From: Nikita Akhnin Date: Sun, 9 Apr 2017 11:14:36 +0700 Subject: [PATCH 1/7] Extra mco arguments handling --- manifests/params.pp | 1 + manifests/webhook/config.pp | 2 ++ templates/webhook.bin.erb | 4 ++-- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/manifests/params.pp b/manifests/params.pp index 872f9c7b..9f907c95 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -147,6 +147,7 @@ $webhook_configfile_group = $root_group $webhook_configfile_mode = '0644' $webhook_ignore_environments = [] + $webhook_mco_arguments = undef # Service Settings for SystemD in EL7 if $::osfamily == 'RedHat' and $::operatingsystemmajrelease == '7' { diff --git a/manifests/webhook/config.pp b/manifests/webhook/config.pp index 64a2e522..167ff4f3 100644 --- a/manifests/webhook/config.pp +++ b/manifests/webhook/config.pp @@ -44,6 +44,7 @@ $configfile_symlink = '/etc/webhook.yaml', $enable_mutex_lock = $r10k::params::webhook_enable_mutex_lock, Array $ignore_environments = $r10k::params::webhook_ignore_environments, + $mco_arguments = $r10k::params::webhook_mco_arguments, ) inherits r10k::params { if $hash == 'UNSET' { @@ -77,6 +78,7 @@ 'slack_channel' => $slack_channel, 'slack_username' => $slack_username, 'ignore_environments' => $ignore_environments, + 'mco_arguments' => $mco_arguments, } } else { $webhook_hash = $hash diff --git a/templates/webhook.bin.erb b/templates/webhook.bin.erb index 5948ec78..2a176a22 100755 --- a/templates/webhook.bin.erb +++ b/templates/webhook.bin.erb @@ -290,7 +290,7 @@ end def deploy_module(module_name) begin if $config['use_mcollective'] - command = "#{$command_prefix} mco r10k deploy_module #{module_name}" + command = "#{$command_prefix} mco r10k deploy_module #{module_name} #{$config['mco_arguments']}" else # If you don't use mcollective then this hook needs to be running as r10k's user i.e. root command = "#{$command_prefix} r10k deploy module #{module_name}" @@ -320,7 +320,7 @@ end end else if $config['use_mcollective'] - command = "#{$command_prefix} mco r10k deploy #{branch}" + command = "#{$command_prefix} mco r10k deploy #{branch} #{$config['mco_arguments']}" else # If you don't use mcollective then this hook needs to be running as r10k's user i.e. root command = "#{$command_prefix} r10k deploy environment #{branch} #{$config['r10k_deploy_arguments']}" From b9646b0c12c0a8b841b491f8d35f8699a6305a85 Mon Sep 17 00:00:00 2001 From: Nikita Akhnin Date: Sun, 9 Apr 2017 11:18:18 +0700 Subject: [PATCH 2/7] Comment and indentations corrected --- templates/webhook.bin.erb | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/templates/webhook.bin.erb b/templates/webhook.bin.erb index 2a176a22..dfd45c40 100755 --- a/templates/webhook.bin.erb +++ b/templates/webhook.bin.erb @@ -73,10 +73,9 @@ $command_prefix = $config['command_prefix'] || '' class Server < Sinatra::Base set :static, false -if $config['enable_mutex_lock'] then - set :lock, true -end - + if $config['enable_mutex_lock'] then + set :lock, true + end get '/' do raise Sinatra::NotFound @@ -347,7 +346,7 @@ end client.discovery_timeout = $config['discovery_timeout'] client.timeout = $config['client_timeout'] result = client.send('deploy',{:environment => branch}) - end # end deploy() + end # end mco() def protected! unless authorized? From e2d744558efba340112905fe96e86c6f17f594d8 Mon Sep 17 00:00:00 2001 From: Nikita Akhnin Date: Sun, 9 Apr 2017 11:19:58 +0700 Subject: [PATCH 3/7] Don't log authentication events if webhook is not protected --- templates/webhook.bin.erb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/templates/webhook.bin.erb b/templates/webhook.bin.erb index dfd45c40..114f95f4 100755 --- a/templates/webhook.bin.erb +++ b/templates/webhook.bin.erb @@ -91,7 +91,6 @@ class Server < Sinatra::Base # is used in the repository URL and is most useful for this webhook handler. post '/module' do protected! if $config['protected'] - $logger.info("authenticated: #{$config['user']}") request.body.rewind # in case someone already read it # Short circuit if we're ignoring this event @@ -127,7 +126,6 @@ class Server < Sinatra::Base post '/payload' do protected! if $config['protected'] - $logger.info("authenticated: #{$config['user']}") request.body.rewind # in case someone already read it # Short circuit if we're ignoring this event @@ -351,7 +349,10 @@ class Server < Sinatra::Base def protected! unless authorized? response['WWW-Authenticate'] = %(Basic realm="Restricted Area") + $logger.error("Authentication failure from IP #{request.ip}") throw(:halt, [401, "Not authorized\n"]) + else + $logger.info("Authenticated as user #{$config['user']} from IP #{request.ip}") end end #end protected! From 80e0c16fe3a9c8d443dfb5e2b7e4784477894b97 Mon Sep 17 00:00:00 2001 From: Nikita Akhnin Date: Wed, 12 Apr 2017 22:21:28 +0700 Subject: [PATCH 4/7] Add rspec test for FOSS with extra mco arguments --- spec/classes/webhook/config_spec.rb | 43 +++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/spec/classes/webhook/config_spec.rb b/spec/classes/webhook/config_spec.rb index ac761b30..ea96b0d9 100644 --- a/spec/classes/webhook/config_spec.rb +++ b/spec/classes/webhook/config_spec.rb @@ -331,6 +331,49 @@ ) end end + + context 'FOSS with extra mco argument' do + let :params do + { + mco_arguments: '--no-progress' + } + end + + it do + is_expected.to contain_file('webhook.yaml').with( + path: '/etc/webhook.yaml', + ensure: 'file', + owner: 'root', + group: 'root', + mode: '0644', + notify: 'Service[webhook]' + ) + end + content = '--- +access_logfile: "/var/log/webhook/access.log" +allow_uppercase: true +bind_address: "0.0.0.0" +client_cfg: "/var/lib/peadmin/.mcollective" +client_timeout: "120" +command_prefix: "umask 0022;" +discovery_timeout: "10" +enable_mutex_lock: false +enable_ssl: true +ignore_environments: [] +mco_arguments: "--no-progress" +pass: "puppet" +port: "8088" +prefix: false +prefix_command: "/bin/echo example" +protected: true +r10k_deploy_arguments: "-pv" +server_software: "WebHook" +use_mco_ruby: false +use_mcollective: true +user: "puppet" +' + it { is_expected.to contain_file('webhook.yaml').with_content(content) } + end end end end From f961389945973c2d467594d6f20877b4311eb5d5 Mon Sep 17 00:00:00 2001 From: Nikita Akhnin Date: Wed, 12 Apr 2017 23:02:24 +0700 Subject: [PATCH 5/7] README: Describe mco_arguments webhook feature --- README.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/README.md b/README.md index 3de0b322..c8e92c1e 100644 --- a/README.md +++ b/README.md @@ -550,6 +550,18 @@ class { '::r10k::webhook::config': } ``` +### Passing extra arguments to mco command + +You can pass some additional arguments to mco command like `--no-progress` or `--timeout 60` or any others by specifying them +in the `r10k::webhook::config::mco_arguments` parameter as string: + +```puppet +class { '::r10k::webhook::config': + . . . + mco_arguments => '--no-progress' +} +``` + ## Reference ####Class: `r10k` From 6be41e9758f67bf99018fd9f7537b8b4d6a3d6d4 Mon Sep 17 00:00:00 2001 From: Nikita Akhnin Date: Wed, 12 Apr 2017 23:05:22 +0700 Subject: [PATCH 6/7] Remove trailing whitespaces in webhook config spec --- spec/classes/webhook/config_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/classes/webhook/config_spec.rb b/spec/classes/webhook/config_spec.rb index ea96b0d9..dbeca3f5 100644 --- a/spec/classes/webhook/config_spec.rb +++ b/spec/classes/webhook/config_spec.rb @@ -331,7 +331,7 @@ ) end end - + context 'FOSS with extra mco argument' do let :params do { From 5cba5e20e5d2b62b68dfb458650abecb2feb3caf Mon Sep 17 00:00:00 2001 From: Nikita Akhnin Date: Wed, 19 Apr 2017 22:28:29 +0700 Subject: [PATCH 7/7] Define data type for webhook::config::mco_arguments --- manifests/webhook/config.pp | 78 ++++++++++++++++++------------------- 1 file changed, 39 insertions(+), 39 deletions(-) diff --git a/manifests/webhook/config.pp b/manifests/webhook/config.pp index 167ff4f3..3f6872aa 100644 --- a/manifests/webhook/config.pp +++ b/manifests/webhook/config.pp @@ -6,45 +6,45 @@ # # Zack Smith class r10k::webhook::config ( - $ensure = true, - Variant[String, Hash] $hash = 'UNSET', - $certname = $r10k::params::webhook_certname, - $certpath = $r10k::params::webhook_certpath, - $user = $r10k::params::webhook_user, - $pass = $r10k::params::webhook_pass, - $bind_address = $r10k::params::webhook_bind_address, - $port = $r10k::params::webhook_port, - $access_logfile = $r10k::params::webhook_access_logfile, - $client_cfg = $r10k::params::webhook_client_cfg, - $use_mco_ruby = $r10k::params::webhook_use_mco_ruby, - $protected = $r10k::params::webhook_protected, - $github_secret = $r10k::params::webhook_github_secret, - $discovery_timeout = $r10k::params::webhook_discovery_timeout, - $client_timeout = $r10k::params::webhook_client_timeout, - $prefix = $r10k::params::webhook_prefix, - $prefix_command = $r10k::params::webhook_prefix_command, - $server_software = $r10k::params::webhook_server_software, - $enable_ssl = $r10k::params::webhook_enable_ssl, - $use_mcollective = $r10k::params::webhook_use_mcollective, - $r10k_deploy_arguments = $r10k::params::webhook_r10k_deploy_arguments, - $public_key_path = $r10k::params::webhook_public_key_path, - $private_key_path = $r10k::params::webhook_private_key_path, - $yaml_template = $r10k::params::webhook_yaml_template, - $command_prefix = $r10k::params::webhook_r10k_command_prefix, - $repository_events = $r10k::params::webhook_repository_events, - $allow_uppercase = $r10k::params::webhook_allow_uppercase, - $slack_webhook = $r10k::params::webhook_slack_webhook, - $slack_channel = $r10k::params::webhook_slack_channel, - $slack_username = $r10k::params::webhook_slack_username, - $configfile_owner = $r10k::params::webhook_configfile_owner, - $configfile_group = $r10k::params::webhook_configfile_group, - $configfile_mode = $r10k::params::webhook_configfile_mode, - $configfile = '/etc/webhook.yaml', - $manage_symlink = false, - $configfile_symlink = '/etc/webhook.yaml', - $enable_mutex_lock = $r10k::params::webhook_enable_mutex_lock, - Array $ignore_environments = $r10k::params::webhook_ignore_environments, - $mco_arguments = $r10k::params::webhook_mco_arguments, + $ensure = true, + Variant[String, Hash] $hash = 'UNSET', + $certname = $r10k::params::webhook_certname, + $certpath = $r10k::params::webhook_certpath, + $user = $r10k::params::webhook_user, + $pass = $r10k::params::webhook_pass, + $bind_address = $r10k::params::webhook_bind_address, + $port = $r10k::params::webhook_port, + $access_logfile = $r10k::params::webhook_access_logfile, + $client_cfg = $r10k::params::webhook_client_cfg, + $use_mco_ruby = $r10k::params::webhook_use_mco_ruby, + $protected = $r10k::params::webhook_protected, + $github_secret = $r10k::params::webhook_github_secret, + $discovery_timeout = $r10k::params::webhook_discovery_timeout, + $client_timeout = $r10k::params::webhook_client_timeout, + $prefix = $r10k::params::webhook_prefix, + $prefix_command = $r10k::params::webhook_prefix_command, + $server_software = $r10k::params::webhook_server_software, + $enable_ssl = $r10k::params::webhook_enable_ssl, + $use_mcollective = $r10k::params::webhook_use_mcollective, + $r10k_deploy_arguments = $r10k::params::webhook_r10k_deploy_arguments, + $public_key_path = $r10k::params::webhook_public_key_path, + $private_key_path = $r10k::params::webhook_private_key_path, + $yaml_template = $r10k::params::webhook_yaml_template, + $command_prefix = $r10k::params::webhook_r10k_command_prefix, + $repository_events = $r10k::params::webhook_repository_events, + $allow_uppercase = $r10k::params::webhook_allow_uppercase, + $slack_webhook = $r10k::params::webhook_slack_webhook, + $slack_channel = $r10k::params::webhook_slack_channel, + $slack_username = $r10k::params::webhook_slack_username, + $configfile_owner = $r10k::params::webhook_configfile_owner, + $configfile_group = $r10k::params::webhook_configfile_group, + $configfile_mode = $r10k::params::webhook_configfile_mode, + $configfile = '/etc/webhook.yaml', + $manage_symlink = false, + $configfile_symlink = '/etc/webhook.yaml', + $enable_mutex_lock = $r10k::params::webhook_enable_mutex_lock, + Array $ignore_environments = $r10k::params::webhook_ignore_environments, + Optional[String] $mco_arguments = $r10k::params::webhook_mco_arguments, ) inherits r10k::params { if $hash == 'UNSET' {