Update snmp to 42b4334410d979d6b42de491c4c627202e8902b6

42b4334410d979d6b42de491c4c627202e8902b6 Merge branch 'release/3.5.0' 0a41aadf9f2500a3db10f00a7bb1bd42fb7d2d4d Update versions for 3.5.0 release. d62471c30dea9cbd9c8cea7571ef02b64294f1a4 Merge branch 'Seegras-develop' into develop 3f2c2b8819ba0da5704ad90cc0e5b38fe010de71 Updated unit tests to pass for changes in redhat-openstackGH-42. 5b5537c27886959fad27dafadd903caf3f8935aa Merge branch 'develop' of https://github.com/Seegras/puppet-snmp into Seegras-develop fa33c7ab33b12ef099e9430ffd3b4b7f978a0dc1 Update docs for redhat-openstackGH-55. f50f1fb1d9d22bcd36d613b707bb81c779c443b2 Merge branch 'brdude-multipleNetworksPerCommunityString' into develop a056f132026db2b24b325f1d5c88e5c60b18fdee Merge branch 'multipleNetworksPerCommunityString' of https://github.com/brdude/puppet-snmp into brdude-multipleNetworksPerCommunityString 9b0927cc7103c17aaccfa3ab17b07e4ad0b6d5cf Merge branch 'release/3.4.0' into develop ea05a30447537a249fc455c8f8af5819cd0ca3ca Add the ability pass multiple networks for the community string 01b5f8503de4e8c3310ee9414b69cd63b11da130 Somehow a backslash got lost. fixed ab7eef222489f198d3ba25bd0577fafc5d16637b quote snmpv3 passphrases to cope with weird characters and spaces Change-Id: Id7eeaef864a034ae14222a2823821084ea725d3c
xbezdick · Dec 15, 2015 · f75d05f · f75d05f
1 parent 6ddbdb0
commit f75d05f
Show file tree

Hide file tree

Showing 8 changed files with 70 additions and 21 deletions.
diff --git a/Puppetfile b/Puppetfile
@@ -223,7 +223,7 @@ mod 'sensu',
   :git => 'https://github.com/sensu/sensu-puppet.git'
 
 mod 'snmp',
-  :commit => '90254293f6bf097eca7096562ac63f31a0bc75f4',
+  :commit => '42b4334410d979d6b42de491c4c627202e8902b6',
   :git => 'https://github.com/razorsedge/puppet-snmp.git'
 
 mod 'ssh',

diff --git a/snmp/README.markdown b/snmp/README.markdown
@@ -204,6 +204,21 @@ This also says that any host on network 10.0.0.0/8 can read any SNMP value via S
 
 Reference: [Manpage of snmpd.conf - Access Control](http://www.net-snmp.org/docs/man/snmpd.conf.html#lbAJ)
 
+####Multiple Network Restrictions
+
+In traditional access control, you can also pass multiple networks for the community string.
+```puppet
+class { 'snmp':
+  ro_community => 'shibboleth',
+  ro_network   => [ '192.168.0.0/16', '1.2.3.4/32', ],
+}
+```
+and it becomes this in snmpd.conf:
+```
+rocommunity shibboleth 192.168.0.0/16
+rocommunity shibboleth 1.2.3.4/32
+```
+
 ##Reference
 
 ###Classes
@@ -246,19 +261,19 @@ Read-write (RW) community string for IPv6.
 Default: none
 
 #####`ro_network`
-Network that is allowed to RO query the daemon.
+Network that is allowed to RO query the daemon.  Can be an array.
 Default: 127.0.0.1
 
 #####`ro_network6`
-Network that is allowed to RO query the daemon via IPv6.
+Network that is allowed to RO query the daemon via IPv6.  Can be an array.
 Default: ::1/128
 
 #####`rw_network`
-Network that is allowed to RW query the daemon.
+Network that is allowed to RW query the daemon.  Can be an array.
 Default: 127.0.0.1
 
 #####`rw_network6`
-Network that is allowed to RW query the daemon via IPv6.
+Network that is allowed to RW query the daemon via IPv6.  Can be an array.
 Default: ::1/128
 
 #####`contact`

diff --git a/snmp/manifests/init.pp b/snmp/manifests/init.pp
@@ -30,19 +30,19 @@
 #   Default: none
 #
 # [*ro_network*]
-#   Network that is allowed to RO query the daemon.
+#   Network that is allowed to RO query the daemon.  Can be an array.
 #   Default: 127.0.0.1
 #
 # [*ro_network6*]
-#   Network that is allowed to RO query the daemon via IPv6.
+#   Network that is allowed to RO query the daemon via IPv6.  Can be an array.
 #   Default: ::1/128
 #
 # [*rw_network*]
-#   Network that is allowed to RW query the daemon.
+#   Network that is allowed to RW query the daemon.  Can be an array.
 #   Default: 127.0.0.1
 #
 # [*rw_network6*]
-#   Network that is allowed to RW query the daemon via IPv6.
+#   Network that is allowed to RW query the daemon via IPv6.  Can be an array.
 #   Default: ::1/128
 #
 # [*contact*]

diff --git a/snmp/manifests/snmpv3_user.pp b/snmp/manifests/snmpv3_user.pp
@@ -78,9 +78,9 @@
   }
 
   if $privpass {
-    $cmd = "createUser ${title} ${authtype} ${authpass} ${privtype} ${privpass}"
+    $cmd = "createUser ${title} ${authtype} \\\"${authpass}\\\" ${privtype} \\\"${privpass}\\\""
   } else {
-    $cmd = "createUser ${title} ${authtype} ${authpass}"
+    $cmd = "createUser ${title} ${authtype} \\\"${authpass}\\\""
   }
   exec { "create-snmpv3-user-${title}":
     path    => '/bin:/sbin:/usr/bin:/usr/sbin',

diff --git a/snmp/metadata.json b/snmp/metadata.json
@@ -1,6 +1,6 @@
 {
   "name": "razorsedge-snmp",
-  "version": "3.4.0",
+  "version": "3.5.0",
   "author": "razorsedge",
   "summary": "Simple Network Management Protocol is for monitoring network and computer equipment. Net-SNMP implements v1, v2c, and v3 on both IPv4 and IPv6.",
   "license": "Apache-2.0",

diff --git a/snmp/spec/classes/snmp_init_spec.rb b/snmp/spec/classes/snmp_init_spec.rb
@@ -790,6 +790,16 @@
         ])
       end
     end
+
+    describe 'ro_network => [ "127.0.0.1", "192.168.1.1/24", ]' do
+      let(:params) {{ :ro_network => [ '127.0.0.1', '192.168.1.1/24', ] }}
+      it 'should contain File[snmpd.conf] with contents "127.0.0.1" and "192.168.1.1/24"' do
+        verify_contents(catalogue, 'snmpd.conf', [
+          'rocommunity public 127.0.0.1',
+          'rocommunity public 192.168.1.1/24',
+        ])
+      end
+    end
   end
 
   context 'on a supported osfamily (Debian), custom parameters' do

diff --git a/snmp/spec/defines/snmp_snmpv3_user_spec.rb b/snmp/spec/defines/snmp_snmpv3_user_spec.rb
@@ -78,7 +78,7 @@
       end
 
       it { should contain_exec('create-snmpv3-user-myDEFAULTuser').with(
-        :command => 'service snmpd stop ; sleep 5 ; echo "createUser myDEFAULTuser SHA myauthpass" >>/var/lib/net-snmp/snmpd.conf && touch /var/lib/net-snmp/myDEFAULTuser-snmpd',
+        :command => 'service snmpd stop ; sleep 5 ; echo "createUser myDEFAULTuser SHA \"myauthpass\"" >>/var/lib/net-snmp/snmpd.conf && touch /var/lib/net-snmp/myDEFAULTuser-snmpd',
         :creates => '/var/lib/net-snmp/myDEFAULTuser-snmpd',
         :require => [ 'Package[snmpd]', 'File[var-net-snmp]' ],
         :before  => 'Service[snmpd]'
@@ -97,7 +97,7 @@
       end
 
       it { should contain_exec('create-snmpv3-user-myALLuser').with(
-        :command => 'service snmpd stop ; sleep 5 ; echo "createUser myALLuser MD5 myauthpass DES myprivpass" >>/var/lib/net-snmp/snmpd.conf && touch /var/lib/net-snmp/myALLuser-snmpd',
+        :command => 'service snmpd stop ; sleep 5 ; echo "createUser myALLuser MD5 \"myauthpass\" DES \"myprivpass\"" >>/var/lib/net-snmp/snmpd.conf && touch /var/lib/net-snmp/myALLuser-snmpd',
         :creates => '/var/lib/net-snmp/myALLuser-snmpd',
         :require => [ 'Package[snmpd]', 'File[var-net-snmp]' ],
         :before  => 'Service[snmpd]'
@@ -114,7 +114,7 @@
       end
 
       it { should contain_exec('create-snmpv3-user-myTRAPuser').with(
-        :command => 'service snmptrapd stop ; sleep 5 ; echo "createUser myTRAPuser SHA myauthpass" >>/var/lib/net-snmp/snmptrapd.conf && touch /var/lib/net-snmp/myTRAPuser-snmptrapd',
+        :command => 'service snmptrapd stop ; sleep 5 ; echo "createUser myTRAPuser SHA \"myauthpass\"" >>/var/lib/net-snmp/snmptrapd.conf && touch /var/lib/net-snmp/myTRAPuser-snmptrapd',
         :creates => '/var/lib/net-snmp/myTRAPuser-snmptrapd',
         :require => [ 'Package[snmpd]', 'File[var-net-snmp]' ],
         :before  => 'Service[snmptrapd]'
@@ -139,7 +139,7 @@
       end
 
       it { should contain_exec('create-snmpv3-user-myDEFAULTuser').with(
-        :command => 'service snmpd stop ; sleep 5 ; echo "createUser myDEFAULTuser SHA myauthpass" >>/var/lib/snmp/snmpd.conf && touch /var/lib/snmp/myDEFAULTuser-snmpd',
+        :command => 'service snmpd stop ; sleep 5 ; echo "createUser myDEFAULTuser SHA \"myauthpass\"" >>/var/lib/snmp/snmpd.conf && touch /var/lib/snmp/myDEFAULTuser-snmpd',
         :creates => '/var/lib/snmp/myDEFAULTuser-snmpd',
         :require => [ 'Package[snmpd]', 'File[var-net-snmp]' ],
         :before  => 'Service[snmpd]'
@@ -158,7 +158,7 @@
       end
 
       it { should contain_exec('create-snmpv3-user-myALLuser').with(
-        :command => 'service snmpd stop ; sleep 5 ; echo "createUser myALLuser MD5 myauthpass DES myprivpass" >>/var/lib/snmp/snmpd.conf && touch /var/lib/snmp/myALLuser-snmpd',
+        :command => 'service snmpd stop ; sleep 5 ; echo "createUser myALLuser MD5 \"myauthpass\" DES \"myprivpass\"" >>/var/lib/snmp/snmpd.conf && touch /var/lib/snmp/myALLuser-snmpd',
         :creates => '/var/lib/snmp/myALLuser-snmpd',
         :require => [ 'Package[snmpd]', 'File[var-net-snmp]' ],
         :before  => 'Service[snmpd]'
@@ -175,7 +175,7 @@
       end
 
       it { should contain_exec('create-snmpv3-user-myTRAPuser').with(
-        :command => 'service snmpd stop ; sleep 5 ; echo "createUser myTRAPuser SHA myauthpass" >>/var/lib/snmp/snmptrapd.conf && touch /var/lib/snmp/myTRAPuser-snmptrapd',
+        :command => 'service snmpd stop ; sleep 5 ; echo "createUser myTRAPuser SHA \"myauthpass\"" >>/var/lib/snmp/snmptrapd.conf && touch /var/lib/snmp/myTRAPuser-snmptrapd',
         :creates => '/var/lib/snmp/myTRAPuser-snmptrapd',
         :require => [ 'Package[snmpd]', 'File[var-net-snmp]' ],
         :before  => 'Service[snmpd]'
@@ -200,7 +200,7 @@
       end
 
       it { should contain_exec('create-snmpv3-user-myDEFAULTuser').with(
-        :command => 'service snmpd stop ; sleep 5 ; echo "createUser myDEFAULTuser SHA myauthpass" >>/var/lib/net-snmp/snmpd.conf && touch /var/lib/net-snmp/myDEFAULTuser-snmpd',
+        :command => 'service snmpd stop ; sleep 5 ; echo "createUser myDEFAULTuser SHA \"myauthpass\"" >>/var/lib/net-snmp/snmpd.conf && touch /var/lib/net-snmp/myDEFAULTuser-snmpd',
         :creates => '/var/lib/net-snmp/myDEFAULTuser-snmpd',
         :require => [ 'Package[snmpd]', 'File[var-net-snmp]' ],
         :before  => 'Service[snmpd]'
@@ -219,7 +219,7 @@
       end
 
       it { should contain_exec('create-snmpv3-user-myALLuser').with(
-        :command => 'service snmpd stop ; sleep 5 ; echo "createUser myALLuser MD5 myauthpass DES myprivpass" >>/var/lib/net-snmp/snmpd.conf && touch /var/lib/net-snmp/myALLuser-snmpd',
+        :command => 'service snmpd stop ; sleep 5 ; echo "createUser myALLuser MD5 \"myauthpass\" DES \"myprivpass\"" >>/var/lib/net-snmp/snmpd.conf && touch /var/lib/net-snmp/myALLuser-snmpd',
         :creates => '/var/lib/net-snmp/myALLuser-snmpd',
         :require => [ 'Package[snmpd]', 'File[var-net-snmp]' ],
         :before  => 'Service[snmpd]'
@@ -236,7 +236,7 @@
       end
 
       it { should contain_exec('create-snmpv3-user-myTRAPuser').with(
-        :command => 'service snmptrapd stop ; sleep 5 ; echo "createUser myTRAPuser SHA myauthpass" >>/var/lib/net-snmp/snmptrapd.conf && touch /var/lib/net-snmp/myTRAPuser-snmptrapd',
+        :command => 'service snmptrapd stop ; sleep 5 ; echo "createUser myTRAPuser SHA \"myauthpass\"" >>/var/lib/net-snmp/snmptrapd.conf && touch /var/lib/net-snmp/myTRAPuser-snmptrapd',
         :creates => '/var/lib/net-snmp/myTRAPuser-snmptrapd',
         :require => [ 'Package[snmpd]', 'File[var-net-snmp]' ],
         :before  => 'Service[snmptrapd]'

diff --git a/snmp/templates/snmpd.conf.erb b/snmp/templates/snmpd.conf.erb
@@ -15,17 +15,41 @@ agentaddress <%= @agentaddress.join(',') %>
 # ------------------------------------------------------------------------------
 # Traditional Access Control
 <% if @ro_community and (@ro_community.size > 0) -%>
+<% if (@ro_network.is_a?(Array)) and (@ro_network.count > 0) -%>
+<% @ro_network.each do |ro_net| -%>
+rocommunity <%= @ro_community %> <%= ro_net %>
+<% end -%>
+<% else -%>
 rocommunity <%= @ro_community %> <%= @ro_network %>
 <% end -%>
+<% end -%>
 <% if @ro_community6 and (@ro_community6.size > 0) -%>
+<% if (@ro_network6.is_a?(Array)) and (@ro_network6.count > 0) -%>
+<% @ro_network6.each do |ro_net6| -%>
+rocommunity6 <%= @ro_community6 %> <%= ro_net6 %>
+<% end -%>
+<% else -%>
 rocommunity6 <%= @ro_community6 %> <%= @ro_network6 %>
 <% end -%>
+<% end -%>
 <% if @rw_community and (@rw_community.size > 0) -%>
+<% if (@rw_network.is_a?(Array)) and (@rw_network.count > 0) -%>
+<% @rw_network.each do |rw_net| -%>
+rwcommunity <%= @rw_community %> <%= rw_net %>
+<% end -%>
+<% else -%>
 rwcommunity <%= @rw_community %> <%= @rw_network %>
 <% end -%>
+<% end -%>
 <% if @rw_community6 and (@rw_community6.size > 0) -%>
+<% if (@rw_network6.is_a?(Array)) and (@rw_network6.count > 0) -%>
+<% @rw_network6.each do |rw_net6| -%>
+rwcommunity6 <%= @rw_community6 %> <%= rw_net6 %>
+<% end -%>
+<% else -%>
 rwcommunity6 <%= @rw_community6 %> <%= @rw_network6 %>
 <% end -%>
+<% end -%>
 
 # ------------------------------------------------------------------------------
 # VACM Configuration