From 9aebdb5dca76811dfd77f4453c6a017cfa2553a7 Mon Sep 17 00:00:00 2001 From: Victor Cabezas Date: Mon, 11 Sep 2023 21:06:25 +0200 Subject: [PATCH 1/7] Use concat to compose netrc for several machines --- Modulefile | 2 +- manifests/init.pp | 46 ++++++++++++++++++++++++++++----------------- templates/netrc.epp | 4 +--- 3 files changed, 31 insertions(+), 21 deletions(-) diff --git a/Modulefile b/Modulefile index afbf02f..9493716 100644 --- a/Modulefile +++ b/Modulefile @@ -8,4 +8,4 @@ description 'Module to manage .netrc files' project_page 'https://github.com/saheba/puppet-netrc.git' ## Add dependencies, if any: -# dependency 'username/name', '>= 1.2.0' +dependency 'puppetlabs-concat', '>= 7.0.0' diff --git a/manifests/init.pp b/manifests/init.pp index 69a69be..39eda51 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -12,25 +12,37 @@ # # Sample Usage: netrc::foruser("netrc_myuser": user => 'myuser', machine_user_password_triples => [['myserver.localdomain','myuser','pw'],['mysecondserver.localdomain','myuser','pw2']]) # you can also override the full path by using the `file_path` parameter. -# [Remember: No empty lines between comments and class definition] class netrc { - } -define netrc::foruser( - Enum["present", "absent"] $ensure = "present", - Stdlib::Absolutepath $home_base_directory = "/home", - String $user, - String $filename = ".netrc", - Stdlib::Absolutepath $file_path = "$home_base_directory/$user/$filename", - Hash[String, Hash] $machine_login_password) { - - file { $file_path: - ensure => $ensure, - content => epp('netrc/netrc.epp', { - machine_login_password => $machine_login_password - }), - mode => '0600', - owner => "$user" +define netrc::usermachine ( + String $user, + String $machine, + String $login, + String $password, + Optional[String] $group = $user, + Optional[String] $filename = '.netrc', +) { + $file_path = $user ? { + 'root' => "/root/${filename}", + default => "/home/${user}/${filename}", + } + if !defined(Concat[$file_path]) { + concat { $file_path: + ensure => present, + mode => '0600', + owner => $user, + group => $group, + } + } + concat::fragment { "${user}-${machine}-${login}": + target => $file_path, + content => epp('netrc/netrc.epp', + { + machine => $machine, + login => $login, + password => $password, + } + ), } } diff --git a/templates/netrc.epp b/templates/netrc.epp index d5142ec..a00aa5a 100644 --- a/templates/netrc.epp +++ b/templates/netrc.epp @@ -1,3 +1 @@ -<% $machine_login_password.each |$machine, $value| { -%> -machine <%= $machine %> login <%= $value['login'] %> password <%= $value['password'] %> -<%- } -%> +machine <%= $machine %> login <%= $login %> password <%= $password %> From 32777c17f08fe02418b0d7c98f09cb39e5d9ff14 Mon Sep 17 00:00:00 2001 From: Victor Cabezas Date: Mon, 11 Sep 2023 21:10:12 +0200 Subject: [PATCH 2/7] Add header fragment --- manifests/init.pp | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 39eda51..f2cc3fb 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -29,10 +29,15 @@ } if !defined(Concat[$file_path]) { concat { $file_path: - ensure => present, - mode => '0600', - owner => $user, - group => $group, + ensure => present, + mode => '0600', + owner => $user, + group => $group, + ensure_newline => true, + } + concat::fragment { "${file_path}-header": + target => $file_path, + content => '# File content managed by Puppet', } } concat::fragment { "${user}-${machine}-${login}": From e2961ed3faaf8b092d69efe3fbbf094ed3f49d1c Mon Sep 17 00:00:00 2001 From: Victor Cabezas Date: Mon, 11 Sep 2023 22:57:52 +0200 Subject: [PATCH 3/7] Set password as sensitive value. Use node_encrypt module to encrypt concat content --- manifests/init.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index f2cc3fb..7de5a94 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -19,7 +19,7 @@ String $user, String $machine, String $login, - String $password, + Sensitive[String] $password, Optional[String] $group = $user, Optional[String] $filename = '.netrc', ) { @@ -48,6 +48,6 @@ login => $login, password => $password, } - ), + ).node_encrypt::secret, } } From 5620af6557b8aa6c9940e21493441290c14002f0 Mon Sep 17 00:00:00 2001 From: Victor Cabezas Date: Mon, 11 Sep 2023 23:35:09 +0200 Subject: [PATCH 4/7] Sensitive full content --- manifests/init.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 7de5a94..acbb3e4 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -42,12 +42,12 @@ } concat::fragment { "${user}-${machine}-${login}": target => $file_path, - content => epp('netrc/netrc.epp', + content => Sensitive(epp('netrc/netrc.epp', { machine => $machine, login => $login, password => $password, } - ).node_encrypt::secret, + )), } } From 2cdc38c46376c6c9afd3998eb1f3a170559c117d Mon Sep 17 00:00:00 2001 From: Victor Cabezas Date: Mon, 11 Sep 2023 23:57:19 +0200 Subject: [PATCH 5/7] Back to use node_encrypt --- manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/init.pp b/manifests/init.pp index acbb3e4..b800510 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -48,6 +48,6 @@ login => $login, password => $password, } - )), + )).node_encrypt::secret, } } From 6d210df305c084027a411efcd8839e3f4d7d1054 Mon Sep 17 00:00:00 2001 From: Victor Cabezas Date: Tue, 12 Sep 2023 00:13:03 +0200 Subject: [PATCH 6/7] Disable node_encrypt --- manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/init.pp b/manifests/init.pp index b800510..acbb3e4 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -48,6 +48,6 @@ login => $login, password => $password, } - )).node_encrypt::secret, + )), } } From 7076a2fed2f7b6f5f03524321f8398976643abe9 Mon Sep 17 00:00:00 2001 From: Victor Cabezas Date: Tue, 12 Sep 2023 00:25:39 +0200 Subject: [PATCH 7/7] Override autogenerated file path with variable --- manifests/init.pp | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index acbb3e4..138591c 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -22,26 +22,31 @@ Sensitive[String] $password, Optional[String] $group = $user, Optional[String] $filename = '.netrc', + Optional[Stdlib::Absolutepath] $file_path = undef, ) { - $file_path = $user ? { + $user_file = $user ? { 'root' => "/root/${filename}", default => "/home/${user}/${filename}", } - if !defined(Concat[$file_path]) { - concat { $file_path: + $real_file_path = $file_path ? { + undef => $user_file, + default => $file_path, + } + if !defined(Concat[$real_file_path]) { + concat { $real_file_path: ensure => present, mode => '0600', owner => $user, group => $group, ensure_newline => true, } - concat::fragment { "${file_path}-header": - target => $file_path, + concat::fragment { "${real_file_path}-header": + target => $real_file_path, content => '# File content managed by Puppet', } } concat::fragment { "${user}-${machine}-${login}": - target => $file_path, + target => $real_file_path, content => Sensitive(epp('netrc/netrc.epp', { machine => $machine,