Skip to content

Commit

Permalink
Support rich datatypes and deferred password values
Browse files Browse the repository at this point in the history
Process the configuration file `redis.conf` template twice if
some of the templates values are deferred.

Currently with deferred values the resulting deferred
template cannot be processed since it contains
complex datatypes from stdlib in particular.

This is a redis specific solution that may arrive genraly one
day in puppetlabs/puppetlabs-stdlib#1425
  • Loading branch information
traylenator committed Apr 23, 2024
1 parent b2a3050 commit ad8e019
Show file tree
Hide file tree
Showing 2 changed files with 150 additions and 107 deletions.
235 changes: 128 additions & 107 deletions manifests/instance.pp
Original file line number Diff line number Diff line change
Expand Up @@ -501,118 +501,139 @@

$bind_arr = [$bind].flatten

$_template_params = {
daemonize => $daemonize,
pid_file => $pid_file,
protected_mode => $protected_mode,
port => $port,
tcp_backlog => $tcp_backlog,
bind_arr => $bind_arr,
unixsocket => $unixsocket,
unixsocketperm => $unixsocketperm,
timeout => $timeout,
tcp_keepalive => $tcp_keepalive,
log_level => $log_level,
log_file => $_real_log_file,
syslog_enabled => $syslog_enabled,
syslog_facility => $syslog_facility,
databases => $databases,
save_db_to_disk => $save_db_to_disk,
save_db_to_disk_interval => $save_db_to_disk_interval,
stop_writes_on_bgsave_error => $stop_writes_on_bgsave_error,
rdbcompression => $rdbcompression,
dbfilename => $dbfilename,
workdir => $workdir,
slaveof => $slaveof,
replicaof => $replicaof,
masterauth => $masterauth,
slave_serve_stale_data => $slave_serve_stale_data,
slave_read_only => $slave_read_only,
repl_announce_ip => $repl_announce_ip,
repl_announce_port => $repl_announce_port,
repl_ping_slave_period => $repl_ping_slave_period,
repl_timeout => $repl_timeout,
repl_disable_tcp_nodelay => $repl_disable_tcp_nodelay,
repl_backlog_size => $repl_backlog_size,
repl_backlog_ttl => $repl_backlog_ttl,
slave_priority => $slave_priority,
min_slaves_to_write => $min_slaves_to_write,
min_slaves_max_lag => $min_slaves_max_lag,
requirepass => $requirepass,
rename_commands => $rename_commands,
maxclients => $maxclients,
maxmemory => $maxmemory,
maxmemory_policy => $maxmemory_policy,
maxmemory_samples => $maxmemory_samples,
appendonly => $appendonly,
appendfilename => $appendfilename,
appendfsync => $appendfsync,
no_appendfsync_on_rewrite => $no_appendfsync_on_rewrite,
auto_aof_rewrite_percentage => $auto_aof_rewrite_percentage,
auto_aof_rewrite_min_size => $auto_aof_rewrite_min_size,
aof_load_truncated => $aof_load_truncated,
slowlog_log_slower_than => $slowlog_log_slower_than,
slowlog_max_len => $slowlog_max_len,
latency_monitor_threshold => $latency_monitor_threshold,
notify_keyspace_events => $notify_keyspace_events,
hash_max_ziplist_entries => $hash_max_ziplist_entries,
hash_max_ziplist_value => $hash_max_ziplist_value,
list_max_ziplist_entries => $list_max_ziplist_entries,
list_max_ziplist_value => $list_max_ziplist_value,
set_max_intset_entries => $set_max_intset_entries,
zset_max_ziplist_entries => $zset_max_ziplist_entries,
zset_max_ziplist_value => $zset_max_ziplist_value,
hll_sparse_max_bytes => $hll_sparse_max_bytes,
activerehashing => $activerehashing,
output_buffer_limit_slave => $output_buffer_limit_slave,
output_buffer_limit_pubsub => $output_buffer_limit_pubsub,
hz => $hz,
aof_rewrite_incremental_fsync => $aof_rewrite_incremental_fsync,
cluster_enabled => $cluster_enabled,
cluster_config_file => $cluster_config_file,
cluster_node_timeout => $cluster_node_timeout,
cluster_slave_validity_factor => $cluster_slave_validity_factor,
cluster_require_full_coverage => $cluster_require_full_coverage,
cluster_migration_barrier => $cluster_migration_barrier,
extra_config_file => $extra_config_file,
tls_port => $tls_port,
tls_cert_file => $tls_cert_file,
tls_key_file => $tls_key_file,
tls_ca_cert_file => $tls_ca_cert_file,
tls_ca_cert_dir => $tls_ca_cert_dir,
tls_ciphers => $tls_ciphers,
tls_ciphersuites => $tls_ciphersuites,
tls_protocols => $tls_protocols,
tls_auth_clients => $tls_auth_clients,
tls_replication => $tls_replication,
tls_cluster => $tls_cluster,
tls_prefer_server_ciphers => $tls_prefer_server_ciphers,
modules => $modules,
io_threads => $io_threads,
io_threads_do_reads => $io_threads_do_reads,
cluster_allow_reads_when_down => $cluster_allow_reads_when_down,
cluster_replica_no_failover => $cluster_replica_no_failover,
dynamic_hz => $dynamic_hz,
activedefrag => $activedefrag,
active_defrag_ignore_bytes => $active_defrag_ignore_bytes,
active_defrag_threshold_lower => $active_defrag_threshold_lower,
active_defrag_threshold_upper => $active_defrag_threshold_upper,
active_defrag_cycle_min => $active_defrag_cycle_min,
active_defrag_cycle_max => $active_defrag_cycle_max,
active_defrag_max_scan_fields => $active_defrag_max_scan_fields,
jemalloc_bg_thread => $jemalloc_bg_thread,
rdb_save_incremental_fsync => $rdb_save_incremental_fsync,
acls => $acls,
custom_options => $custom_options,
}

# TODO: Rely on https://github.com/puppetlabs/puppetlabs-stdlib/pull/1425
# once available.
if $_template_params.any |$_key, $_value| { $_value.is_a(Deferred) } {
$_template_params_escaped = $_template_params.map | $_var , $_value | {
if $_value.is_a(Deferred) {
{ $_var => "<%= \$${_var} %>" }
} else {
{ $_var => $_value }
}
}.reduce | $_memo, $_kv | { $_memo + $_kv }

$_content = Deferred(
'inline_epp',
[
epp($conf_template,$_template_params_escaped),
$_template_params,
]
)
} else {
$_content = epp($conf_template, $_template_params)
}

file { $redis_file_name_orig:
ensure => file,
owner => $config_owner,
group => $config_group,
mode => $config_file_mode,
content => stdlib::deferrable_epp(
$conf_template,
{
daemonize => $daemonize,
pid_file => $pid_file,
protected_mode => $protected_mode,
port => $port,
tcp_backlog => $tcp_backlog,
bind_arr => $bind_arr,
unixsocket => $unixsocket,
unixsocketperm => $unixsocketperm,
timeout => $timeout,
tcp_keepalive => $tcp_keepalive,
log_level => $log_level,
log_file => $_real_log_file,
syslog_enabled => $syslog_enabled,
syslog_facility => $syslog_facility,
databases => $databases,
save_db_to_disk => $save_db_to_disk,
save_db_to_disk_interval => $save_db_to_disk_interval,
stop_writes_on_bgsave_error => $stop_writes_on_bgsave_error,
rdbcompression => $rdbcompression,
dbfilename => $dbfilename,
workdir => $workdir,
slaveof => $slaveof,
replicaof => $replicaof,
masterauth => $masterauth,
slave_serve_stale_data => $slave_serve_stale_data,
slave_read_only => $slave_read_only,
repl_announce_ip => $repl_announce_ip,
repl_announce_port => $repl_announce_port,
repl_ping_slave_period => $repl_ping_slave_period,
repl_timeout => $repl_timeout,
repl_disable_tcp_nodelay => $repl_disable_tcp_nodelay,
repl_backlog_size => $repl_backlog_size,
repl_backlog_ttl => $repl_backlog_ttl,
slave_priority => $slave_priority,
min_slaves_to_write => $min_slaves_to_write,
min_slaves_max_lag => $min_slaves_max_lag,
requirepass => $requirepass,
rename_commands => $rename_commands,
maxclients => $maxclients,
maxmemory => $maxmemory,
maxmemory_policy => $maxmemory_policy,
maxmemory_samples => $maxmemory_samples,
appendonly => $appendonly,
appendfilename => $appendfilename,
appendfsync => $appendfsync,
no_appendfsync_on_rewrite => $no_appendfsync_on_rewrite,
auto_aof_rewrite_percentage => $auto_aof_rewrite_percentage,
auto_aof_rewrite_min_size => $auto_aof_rewrite_min_size,
aof_load_truncated => $aof_load_truncated,
slowlog_log_slower_than => $slowlog_log_slower_than,
slowlog_max_len => $slowlog_max_len,
latency_monitor_threshold => $latency_monitor_threshold,
notify_keyspace_events => $notify_keyspace_events,
hash_max_ziplist_entries => $hash_max_ziplist_entries,
hash_max_ziplist_value => $hash_max_ziplist_value,
list_max_ziplist_entries => $list_max_ziplist_entries,
list_max_ziplist_value => $list_max_ziplist_value,
set_max_intset_entries => $set_max_intset_entries,
zset_max_ziplist_entries => $zset_max_ziplist_entries,
zset_max_ziplist_value => $zset_max_ziplist_value,
hll_sparse_max_bytes => $hll_sparse_max_bytes,
activerehashing => $activerehashing,
output_buffer_limit_slave => $output_buffer_limit_slave,
output_buffer_limit_pubsub => $output_buffer_limit_pubsub,
hz => $hz,
aof_rewrite_incremental_fsync => $aof_rewrite_incremental_fsync,
cluster_enabled => $cluster_enabled,
cluster_config_file => $cluster_config_file,
cluster_node_timeout => $cluster_node_timeout,
cluster_slave_validity_factor => $cluster_slave_validity_factor,
cluster_require_full_coverage => $cluster_require_full_coverage,
cluster_migration_barrier => $cluster_migration_barrier,
extra_config_file => $extra_config_file,
tls_port => $tls_port,
tls_cert_file => $tls_cert_file,
tls_key_file => $tls_key_file,
tls_ca_cert_file => $tls_ca_cert_file,
tls_ca_cert_dir => $tls_ca_cert_dir,
tls_ciphers => $tls_ciphers,
tls_ciphersuites => $tls_ciphersuites,
tls_protocols => $tls_protocols,
tls_auth_clients => $tls_auth_clients,
tls_replication => $tls_replication,
tls_cluster => $tls_cluster,
tls_prefer_server_ciphers => $tls_prefer_server_ciphers,
modules => $modules,
io_threads => $io_threads,
io_threads_do_reads => $io_threads_do_reads,
cluster_allow_reads_when_down => $cluster_allow_reads_when_down,
cluster_replica_no_failover => $cluster_replica_no_failover,
dynamic_hz => $dynamic_hz,
activedefrag => $activedefrag,
active_defrag_ignore_bytes => $active_defrag_ignore_bytes,
active_defrag_threshold_lower => $active_defrag_threshold_lower,
active_defrag_threshold_upper => $active_defrag_threshold_upper,
active_defrag_cycle_min => $active_defrag_cycle_min,
active_defrag_cycle_max => $active_defrag_cycle_max,
active_defrag_max_scan_fields => $active_defrag_max_scan_fields,
jemalloc_bg_thread => $jemalloc_bg_thread,
rdb_save_incremental_fsync => $rdb_save_incremental_fsync,
acls => $acls,
custom_options => $custom_options,
}
),
content => $_content,
}

exec { "copy ${redis_file_name_orig} to ${redis_file_name}":
Expand Down
22 changes: 22 additions & 0 deletions spec/acceptance/suites/default/redis_deferred_spec.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# frozen_string_literal: true

require 'spec_helper_acceptance'

describe 'redis with deferred password' do
include_examples 'an idempotent resource' do
let(:manifest) do
<<-PUPPET
class { 'redis':
manage_repo => true,
redis_apt_repo => true,
port => 10001,
masterauth => Deferred('inline_epp',['<%= $pass %>\n',{'pass' => 'topsecret'}]),
}
PUPPET
end
end

describe command('redis-cli -p 10001 -a topsecret ping') do
its(:stdout) { is_expected.to match %r{PONG} }

Check failure on line 20 in spec/acceptance/suites/default/redis_deferred_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 8 - CentOS 9

redis with deferred password Command "redis-cli -p 10001 -a topsecret ping" stdout is expected to match /PONG/ Failure/Error: its(:stdout) { is_expected.to match %r{PONG} } expected "" to match /PONG/ Diff: @@ -1 +1 @@ -/PONG/ +""

Check failure on line 20 in spec/acceptance/suites/default/redis_deferred_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 7 - CentOS 9

redis with deferred password Command "redis-cli -p 10001 -a topsecret ping" stdout is expected to match /PONG/ Failure/Error: its(:stdout) { is_expected.to match %r{PONG} } expected "" to match /PONG/ Diff: @@ -1 +1 @@ -/PONG/ +""

Check failure on line 20 in spec/acceptance/suites/default/redis_deferred_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 8 - AlmaLinux 9

redis with deferred password Command "redis-cli -p 10001 -a topsecret ping" stdout is expected to match /PONG/ Failure/Error: its(:stdout) { is_expected.to match %r{PONG} } expected "" to match /PONG/ Diff: @@ -1 +1 @@ -/PONG/ +""

Check failure on line 20 in spec/acceptance/suites/default/redis_deferred_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 7 - AlmaLinux 9

redis with deferred password Command "redis-cli -p 10001 -a topsecret ping" stdout is expected to match /PONG/ Failure/Error: its(:stdout) { is_expected.to match %r{PONG} } expected "" to match /PONG/ Diff: @@ -1 +1 @@ -/PONG/ +""

Check failure on line 20 in spec/acceptance/suites/default/redis_deferred_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 8 - Rocky 9

redis with deferred password Command "redis-cli -p 10001 -a topsecret ping" stdout is expected to match /PONG/ Failure/Error: its(:stdout) { is_expected.to match %r{PONG} } expected "" to match /PONG/ Diff: @@ -1 +1 @@ -/PONG/ +""

Check failure on line 20 in spec/acceptance/suites/default/redis_deferred_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / Puppet 7 - Rocky 9

redis with deferred password Command "redis-cli -p 10001 -a topsecret ping" stdout is expected to match /PONG/ Failure/Error: its(:stdout) { is_expected.to match %r{PONG} } expected "" to match /PONG/ Diff: @@ -1 +1 @@ -/PONG/ +""
end
end

0 comments on commit ad8e019

Please sign in to comment.