From aa056af731ff923e2a1ed0663b8e634e023d9567 Mon Sep 17 00:00:00 2001 From: Lee Briggs Date: Fri, 16 Oct 2015 12:05:09 +0100 Subject: [PATCH] Adding options for the rpc audit provider It's currently defaulting to 1, which means it's insecure by default. I've set it to 1 by default, but at least now it can be overriden. Tests included --- manifests/init.pp | 3 +++ manifests/server/config/rpcauthprovider/action_policy.pp | 2 +- spec/classes/mcollective_spec.rb | 5 +++++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/manifests/init.pp b/manifests/init.pp index ea82199..9469e3c 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -63,6 +63,9 @@ $ssl_server_private = undef, $ssl_client_certs = 'puppet:///modules/mcollective/empty', $ssl_client_certs_dir = undef, # default dependent on $confdir + + # Action policy settings + $allowunconfigured = '1', ) inherits mcollective::defaults { # Because the correct default value for several parameters is based on another diff --git a/manifests/server/config/rpcauthprovider/action_policy.pp b/manifests/server/config/rpcauthprovider/action_policy.pp index ffe4f75..8915fb4 100644 --- a/manifests/server/config/rpcauthprovider/action_policy.pp +++ b/manifests/server/config/rpcauthprovider/action_policy.pp @@ -15,6 +15,6 @@ } mcollective::server::setting { 'plugin.actionpolicy.allow_unconfigured': - value => 1, + value => $mcollective::allowunconfigured, } } diff --git a/spec/classes/mcollective_spec.rb b/spec/classes/mcollective_spec.rb index 321f340..5b70ea1 100644 --- a/spec/classes/mcollective_spec.rb +++ b/spec/classes/mcollective_spec.rb @@ -392,6 +392,11 @@ let(:params) { { :server => true, :rpcauthprovider => 'action_policy' } } it { should contain_mcollective__server__setting('plugin.actionpolicy.allow_unconfigured').with_value('1') } end + + context 'allow_unconfigured' do + let(:params) { { :server => true, :rpcauthprovider => 'action_policy', :allowunconfigured => '0' }} + it { should contain_mcollective__server__setting('plugin.actionpolicy.allow_unconfigured').with_value('0') } + end end describe '#rpcauditprovider' do