BREAKING: Enhance data types

* Make use of stdlib data types * Create our own types for syslog facility and ssl version * Use proper booleans for `debug`, `dont_blame_nrpe` and `allow_bash_command_substitution` * Use `Enum['no', 'ask', 'require']` for `ssl_client_certs`
voxpupuli · Nov 1, 2018 · 5700fd4 · 5700fd4
1 parent e477f66
commit 5700fd4
Show file tree

Hide file tree

Showing 6 changed files with 124 additions and 79 deletions.
diff --git a/manifests/command.pp b/manifests/command.pp
@@ -1,15 +1,15 @@
 #
 define nrpe::command (
-  String $command,
-  Enum['present', 'absent'] $ensure            = present,
-  String $include_dir                          = $nrpe::include_dir,
-  Variant[String, Array[String]] $package_name = $nrpe::package_name,
-  String $service_name                         = $nrpe::service_name,
-  String $libdir                               = $nrpe::params::libdir,
-  String $file_group                           = $nrpe::params::nrpe_files_group,
-  String $file_mode                            = $nrpe::command_file_default_mode,
-  Boolean $sudo                                = false,
-  String $sudo_user                            = 'root',
+  String[1]                            $command,
+  Enum['present', 'absent']            $ensure       = present,
+  Stdlib::Absolutepath                 $include_dir  = $nrpe::include_dir,
+  Variant[String[1], Array[String[1]]] $package_name = $nrpe::package_name,
+  String[1]                            $service_name = $nrpe::service_name,
+  Stdlib::Absolutepath                 $libdir       = $nrpe::params::libdir,
+  String[1]                            $file_group   = $nrpe::params::nrpe_files_group,
+  Stdlib::Filemode                     $file_mode    = $nrpe::command_file_default_mode,
+  Boolean                              $sudo         = false,
+  String[1]                            $sudo_user    = 'root',
 ) {
   file { "${include_dir}/${title}.cfg":
     ensure  => $ensure,

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -19,41 +19,41 @@
 # Copyright 2013 Computer Action Team, unless otherwise noted.
 #
 class nrpe (
-  Array[String] $allowed_hosts                      = ['127.0.0.1'],
-  String $server_address                            = '0.0.0.0',
-  Integer $command_timeout                          = 60,
-  String $config                                    = $nrpe::params::nrpe_config,
-  String $include_dir                               = $nrpe::params::nrpe_include_dir,
-  Variant[String, Array[String]] $package_name      = $nrpe::params::nrpe_packages,
-  Optional[String] $provider                        = $nrpe::params::nrpe_provider,
-  Boolean $manage_package                           = true,
-  Optional[Boolean] $purge                          = undef,
-  Optional[Boolean] $recurse                        = undef,
-  String $service_name                              = $nrpe::params::nrpe_service,
-  Integer $dont_blame_nrpe                          = $nrpe::params::dont_blame_nrpe,
-  String $log_facility                              = $nrpe::params::log_facility,
-  Integer $server_port                              = $nrpe::params::server_port,
-  Optional[String] $command_prefix                  = $nrpe::params::command_prefix,
-  Integer $debug                                    = $nrpe::params::debug,
-  Integer $connection_timeout                       = $nrpe::params::connection_timeout,
-  Optional[Integer]$allow_bash_command_substitution = $nrpe::params::allow_bash_command_substitution,
-  String $nrpe_user                                 = $nrpe::params::nrpe_user,
-  String $nrpe_group                                = $nrpe::params::nrpe_group,
-  String $nrpe_pid_file                             = $nrpe::params::nrpe_pid_file,
-  String $nrpe_ssl_dir                              = $nrpe::params::nrpe_ssl_dir,
-  Optional[String] $ssl_cert_file_content           = undef,
-  Optional[String] $ssl_privatekey_file_content     = undef,
-  Optional[String] $ssl_cacert_file_content         = undef,
-  String $ssl_version                               = $nrpe::params::ssl_version,
-  Array[String] $ssl_ciphers                        = $nrpe::params::ssl_ciphers,
-  Integer $ssl_client_certs                         = $nrpe::params::ssl_client_certs,
-  Boolean $ssl_log_startup_params                   = false,
-  Boolean $ssl_log_remote_ip                        = false,
-  Boolean $ssl_log_protocol_version                 = false,
-  Boolean $ssl_log_cipher                           = false,
-  Boolean $ssl_log_client_cert                      = false,
-  Boolean $ssl_log_client_cert_details              = false,
-  String  $command_file_default_mode                = '0644',
+  Array[Stdlib::Host]                  $allowed_hosts                   = ['127.0.0.1'],
+  Stdlib::IP::Address                  $server_address                  = '0.0.0.0',
+  Integer[0]                           $command_timeout                 = 60,
+  Stdlib::Absolutepath                 $config                          = $nrpe::params::nrpe_config,
+  Stdlib::Absolutepath                 $include_dir                     = $nrpe::params::nrpe_include_dir,
+  Variant[String[1], Array[String[1]]] $package_name                    = $nrpe::params::nrpe_packages,
+  Optional[String[1]]                  $provider                        = $nrpe::params::nrpe_provider,
+  Boolean                              $manage_package                  = true,
+  Optional[Boolean]                    $purge                           = undef,
+  Optional[Boolean]                    $recurse                         = undef,
+  String[1]                            $service_name                    = $nrpe::params::nrpe_service,
+  Boolean                              $dont_blame_nrpe                 = $nrpe::params::dont_blame_nrpe,
+  Nrpe::Syslogfacility                 $log_facility                    = $nrpe::params::log_facility,
+  Stdlib::Port                         $server_port                     = $nrpe::params::server_port,
+  Optional[Stdlib::Absolutepath]       $command_prefix                  = $nrpe::params::command_prefix,
+  Boolean                              $debug                           = $nrpe::params::debug,
+  Integer[0]                           $connection_timeout              = $nrpe::params::connection_timeout,
+  Optional[Boolean]                    $allow_bash_command_substitution = $nrpe::params::allow_bash_command_substitution,
+  String[1]                            $nrpe_user                       = $nrpe::params::nrpe_user,
+  String[1]                            $nrpe_group                      = $nrpe::params::nrpe_group,
+  Stdlib::Absolutepath                 $nrpe_pid_file                   = $nrpe::params::nrpe_pid_file,
+  Stdlib::Absolutepath                 $nrpe_ssl_dir                    = $nrpe::params::nrpe_ssl_dir,
+  Optional[String[1]]                  $ssl_cert_file_content           = undef,
+  Optional[String[1]]                  $ssl_privatekey_file_content     = undef,
+  Optional[String[1]]                  $ssl_cacert_file_content         = undef,
+  Nrpe::Sslversion                     $ssl_version                     = $nrpe::params::ssl_version,
+  Array[String[1]]                     $ssl_ciphers                     = $nrpe::params::ssl_ciphers,
+  Enum['no','ask','require']           $ssl_client_certs                = $nrpe::params::ssl_client_certs,
+  Boolean                              $ssl_log_startup_params          = false,
+  Boolean                              $ssl_log_remote_ip               = false,
+  Boolean                              $ssl_log_protocol_version        = false,
+  Boolean                              $ssl_log_cipher                  = false,
+  Boolean                              $ssl_log_client_cert             = false,
+  Boolean                              $ssl_log_client_cert_details     = false,
+  Stdlib::Filemode                     $command_file_default_mode       = '0644',
 ) inherits nrpe::params {
 
   if $manage_package {
@@ -79,6 +79,11 @@
     ensure  => present,
   }
 
+  $_allow_bash_command_substitution = $allow_bash_command_substitution ? {
+    undef   => undef,
+    default => bool2str($allow_bash_command_substitution, '1', '0'),
+  }
+
   concat::fragment { 'nrpe main config':
     target  => $config,
     content => epp(
@@ -91,39 +96,46 @@
         'nrpe_user'                       => $nrpe_user,
         'nrpe_group'                      => $nrpe_group,
         'allowed_hosts'                   => $allowed_hosts,
-        'dont_blame_nrpe'                 => "${dont_blame_nrpe}",
-        'allow_bash_command_substitution' => $allow_bash_command_substitution,
+        'dont_blame_nrpe'                 => bool2str($dont_blame_nrpe, '1', '0'),
+        'allow_bash_command_substitution' => $_allow_bash_command_substitution,
         'libdir'                          => $nrpe::params::libdir,
         'command_prefix'                  => $command_prefix,
-        'debug'                           => "${debug}",
-        'command_timeout'                 => $command_timeout + 0,
-        'connection_timeout'              => $connection_timeout + 0,
+        'debug'                           => bool2str($debug, '1', '0'),
+        'command_timeout'                 => $command_timeout,
+        'connection_timeout'              => $connection_timeout,
       }
     ),
     order   => '01',
   }
 
   if $ssl_cert_file_content {
+
+    $_ssl_client_certs = $ssl_client_certs ? {
+      'ask'     => '1',
+      'require' => '2',
+      default   => '0', # $ssl_client_certs = 'no'
+    }
+
     concat::fragment { 'nrpe ssl fragment':
-    target  => $config,
-    content => epp(
-      'nrpe/nrpe.cfg-ssl.epp',
-      {
-        'ssl_version'      => $ssl_version,
-        'ssl_ciphers'      => $ssl_ciphers,
-        'nrpe_ssl_dir'     => $nrpe_ssl_dir,
-        'ssl_client_certs' => "${ssl_client_certs}",
-        'ssl_logging'      => nrpe::ssl_logging(
-          $ssl_log_startup_params,
-          $ssl_log_remote_ip,
-          $ssl_log_protocol_version,
-          $ssl_log_cipher,
-          $ssl_log_client_cert,
-          $ssl_log_client_cert_details
-        )
-      }
-    ),
-    order   =>  '02',
+      target  => $config,
+      content => epp(
+        'nrpe/nrpe.cfg-ssl.epp',
+        {
+          'ssl_version'      => $ssl_version,
+          'ssl_ciphers'      => $ssl_ciphers,
+          'nrpe_ssl_dir'     => $nrpe_ssl_dir,
+          'ssl_client_certs' => $_ssl_client_certs,
+          'ssl_logging'      => nrpe::ssl_logging(
+            $ssl_log_startup_params,
+            $ssl_log_remote_ip,
+            $ssl_log_protocol_version,
+            $ssl_log_cipher,
+            $ssl_log_client_cert,
+            $ssl_log_client_cert_details
+          )
+        }
+      ),
+      order   =>  '02',
     }
 
     file { $nrpe_ssl_dir:

diff --git a/manifests/params.pp b/manifests/params.pp
@@ -136,12 +136,12 @@
     }
   }
 
-  $dont_blame_nrpe                 = 0
+  $dont_blame_nrpe                 = false
   $allow_bash_command_substitution = undef # not in very old NRPE
   $log_facility                    = 'daemon'
   $server_port                     = 5666
   $command_prefix                  = undef
-  $debug                           = 0
+  $debug                           = false
   $connection_timeout              = 300
 
   $ssl_version                 = 'TLSv1.2+'
@@ -153,5 +153,5 @@
     'DHE-RSA-AES128-SHA256',
     'DHE-RSA-AES256-SHA256',
   ]
-  $ssl_client_certs            = 1
+  $ssl_client_certs            = 'ask'
 }
diff --git a/manifests/plugin.pp b/manifests/plugin.pp
@@ -1,12 +1,12 @@
 #
 define nrpe::plugin (
-  Enum['present', 'absent'] $ensure            = present,
-  Optional[String] $content                    = undef,
-  Optional[String] $source                     = undef,
-  String $mode                                 = $nrpe::params::nrpe_plugin_file_mode,
-  String $libdir                               = $nrpe::params::libdir,
-  Variant[String, Array[String]] $package_name = $nrpe::params::nrpe_packages,
-  String $file_group                           = $nrpe::params::nrpe_files_group,
+  Enum['present', 'absent']            $ensure       = present,
+  Optional[String[1]]                  $content      = undef,
+  Optional[Stdlib::Filesource]         $source       = undef,
+  Stdlib::Filemode                     $mode         = $nrpe::params::nrpe_plugin_file_mode,
+  Stdlib::Absolutepath                 $libdir       = $nrpe::params::libdir,
+  Variant[String[1], Array[String[1]]] $package_name = $nrpe::params::nrpe_packages,
+  String[1]                            $file_group   = $nrpe::params::nrpe_files_group,
 ) {
   file { "${libdir}/${title}":
     ensure  => $ensure,

diff --git a/types/sslversion.pp b/types/sslversion.pp
@@ -0,0 +1,8 @@
+# SSL VERSION
+# This can be any of: SSLv2 (only use SSLv2), SSLv2+ (use any version),
+#        SSLv3 (only use SSLv3), SSLv3+ (use SSLv3 or above), TLSv1 (only use
+#        TLSv1), TLSv1+ (use TLSv1 or above), TLSv1.1 (only use TLSv1.1),
+#        TLSv1.1+ (use TLSv1.1 or above), TLSv1.2 (only use TLSv1.2),
+#        TLSv1.2+ (use TLSv1.2 or above)
+
+type Nrpe::Sslversion = Enum['SSLv2','SSLv2+','SSLv3','SSLv3+','TLSv1','TLSv1+','TLSv1.1','TLSv1.1+','TLSv1.2','TLSv1.2+']
diff --git a/types/syslogfacility.pp b/types/syslogfacility.pp
@@ -0,0 +1,25 @@
+type Nrpe::Syslogfacility = Enum[
+  'user',
+  'mail',
+  'daemon',
+  'auth',
+  'syslog',
+  'lpr',
+  'news',
+  'uucp',
+  'cron',
+  'authpriv',
+  'ftp',
+  'ntp',
+  'security',
+  'console',
+  'solaris-cron',
+  'local0',
+  'local1',
+  'local2',
+  'local3',
+  'local4',
+  'local5',
+  'local6',
+  'local7'
+]