Revision 293427a7
Added by Marek Hulán over 9 years ago
| manifests/plugin/openscap.pp | ||
|---|---|---|
|
# = Foreman Proxy OpenSCAP plugin
|
||
|
#
|
||
|
# This class installs OpenSCAP plugin
|
||
|
#
|
||
|
# === Parameters:
|
||
|
#
|
||
|
# $enabled:: enables/disables the plugin
|
||
|
# type:boolean
|
||
|
#
|
||
|
# $listen_on:: Proxy feature listens on http, https, or both
|
||
|
#
|
||
|
# $openscap_send_log_file:: Log file for the forwarding script
|
||
|
#
|
||
|
# $spooldir:: Directory where OpenSCAP audits are stored
|
||
|
# before they are forwarded to Foreman
|
||
|
class foreman_proxy::plugin::openscap (
|
||
|
$enabled = $::foreman_proxy::plugin::openscap::params::enabled,
|
||
|
$listen_on = $::foreman_proxy::plugin::openscap::params::listen_on,
|
||
|
$openscap_send_log_file = $::foreman_proxy::plugin::openscap::params::openscap_send_log_file,
|
||
|
$spooldir = $::foreman_proxy::plugin::openscap::params::spooldir,
|
||
|
) inherits foreman_proxy::plugin::openscap::params {
|
||
|
validate_bool($enabled)
|
||
|
validate_listen_on($listen_on)
|
||
|
validate_absolute_path($spooldir)
|
||
|
validate_absolute_path($openscap_send_log_file)
|
||
|
|
||
|
foreman_proxy::plugin { 'openscap': } ->
|
||
|
foreman_proxy::settings_file { 'openscap':
|
||
|
template_path => 'foreman_proxy/plugin/openscap.yml.erb',
|
||
|
listen_on => $listen_on,
|
||
|
enabled => $enabled,
|
||
|
}
|
||
|
}
|
||
| manifests/plugin/openscap/params.pp | ||
|---|---|---|
|
# Default parameters for the OpenSCAP smart proxy plugin
|
||
|
class foreman_proxy::plugin::openscap::params {
|
||
|
$enabled = true
|
||
|
$configure_openscap_repo = false
|
||
|
$listen_on = 'https'
|
||
|
$openscap_send_log_file = '/var/log/foreman-proxy/openscap-send.log'
|
||
|
$spooldir = '/var/spool/foreman-proxy/openscap'
|
||
|
}
|
||
| spec/classes/foreman_proxy__plugin__openscap_spec.rb | ||
|---|---|---|
|
require 'spec_helper'
|
||
|
|
||
|
describe 'foreman_proxy::plugin::openscap' do
|
||
|
on_supported_os.each do |os, facts|
|
||
|
context "on #{os}" do
|
||
|
context 'openscap plugin is enabled' do
|
||
|
let :params do
|
||
|
{
|
||
|
:enabled => true
|
||
|
}
|
||
|
end
|
||
|
|
||
|
it 'should call the plugin' do
|
||
|
should contain_foreman_proxy__plugin('openscap')
|
||
|
end
|
||
|
|
||
|
it 'should install configuration file' do
|
||
|
should contain_foreman_proxy__settings_file('openscap')
|
||
|
content = subject.resource('file', '/etc/foreman-proxy/settings.d/openscap.yml').send(:parameters)[:content]
|
||
|
content.split("\n").reject { |c| c =~ /(^#|^$)/ }.should == [
|
||
|
'---',
|
||
|
':enabled: https',
|
||
|
':openscap_send_log_file: /var/log/foreman-proxy/openscap-send.log',
|
||
|
":spooldir: /var/spool/foreman-proxy/openscap",
|
||
|
]
|
||
|
end
|
||
|
end
|
||
|
|
||
|
context 'openscap plugin is disabled' do
|
||
|
let :params do
|
||
|
{
|
||
|
:enabled => false
|
||
|
}
|
||
|
end
|
||
|
|
||
|
it 'should call the plugin' do
|
||
|
should contain_foreman_proxy__plugin('openscap')
|
||
|
end
|
||
|
|
||
|
it 'should install configuration file' do
|
||
|
should contain_foreman_proxy__settings_file('openscap')
|
||
|
content = subject.resource('file', '/etc/foreman-proxy/settings.d/openscap.yml').send(:parameters)[:content]
|
||
|
content.split("\n").reject { |c| c =~ /(^#|^$)/ }.should == [
|
||
|
'---',
|
||
|
':enabled: false',
|
||
|
':openscap_send_log_file: /var/log/foreman-proxy/openscap-send.log',
|
||
|
":spooldir: /var/spool/foreman-proxy/openscap",
|
||
|
]
|
||
|
end
|
||
|
end
|
||
|
end
|
||
|
end
|
||
|
end
|
||
| templates/plugin/openscap.yml.erb | ||
|---|---|---|
|
---
|
||
|
:enabled: <%= @module_enabled %>
|
||
|
|
||
|
# Log file for the forwarding script.
|
||
|
:openscap_send_log_file: <%= @openscap_send_log_file %>
|
||
|
|
||
|
# Directory where OpenSCAP audits are stored
|
||
|
# before they are forwarded to Foreman
|
||
|
:spooldir: <%= @spooldir %>
|
||
Also available in: Unified diff
Add support for openscap plugin
Closes GH-141