Conglomerate of PRs with tests

README.markdown

@@ -245,35 +245,35 @@ An array of addresses, on which snmptrapd will listen to receive incoming SNMP n
 Default: [ udp:127.0.0.1:162, udp6:[::1]:162 ]
 
 #####`ro_community`
-Read-only (RO) community string for snmptrap daemon.
+Read-only (RO) community string or array for snmptrap daemon.
 Default: public
 
 #####`ro_community6`
-Read-only (RO) community string for IPv6.
+Read-only (RO) community string or array for IPv6.
 Default: public
 
 #####`rw_community`
-Read-write (RW) community string.
+Read-write (RW) community string or array.
 Default: none
 
 #####`rw_community6`
-Read-write (RW) community string for IPv6.
+Read-write (RW) community string or array for IPv6.
 Default: none
 
 #####`ro_network`
-Network that is allowed to RO query the daemon.  Can be an array.
+Network that is allowed to RO query the daemon.  Can be string or array.
 Default: 127.0.0.1
 
 #####`ro_network6`
-Network that is allowed to RO query the daemon via IPv6.  Can be an array.
+Network that is allowed to RO query the daemon via IPv6.  Can be string or array.
 Default: ::1/128
 
 #####`rw_network`
-Network that is allowed to RW query the daemon.  Can be an array.
+Network that is allowed to RW query the daemon.  Can be string or array.
 Default: 127.0.0.1
 
 #####`rw_network6`
-Network that is allowed to RW query the daemon via IPv6.  Can be an array.
+Network that is allowed to RW query the daemon via IPv6.  Can be string or array.
 Default: ::1/128
 
 #####`contact`

manifests/init.pp

@@ -14,35 +14,35 @@
 #   Default: [ udp:127.0.0.1:162, udp6:[::1]:162 ]
 #
 # [*ro_community*]
-#   Read-only (RO) community string for snmptrap daemon.
+#   Read-only (RO) community string or array for snmptrap daemon.
 #   Default: public
 #
 # [*ro_community6*]
-#   Read-only (RO) community string for IPv6.
+#   Read-only (RO) community string or array for IPv6.
 #   Default: public
 #
 # [*rw_community*]
-#   Read-write (RW) community string.
+#   Read-write (RW) community string or array.
 #   Default: none
 #
 # [*rw_community6*]
-#   Read-write (RW) community string for IPv6.
+#   Read-write (RW) community string or array for IPv6.
 #   Default: none
 #
 # [*ro_network*]
-#   Network that is allowed to RO query the daemon.  Can be an array.
+#   Network that is allowed to RO query the daemon.  Can be string or array.
 #   Default: 127.0.0.1
 #
 # [*ro_network6*]
-#   Network that is allowed to RO query the daemon via IPv6.  Can be an array.
+#   Network that is allowed to RO query the daemon via IPv6.  Can be string or array.
 #   Default: ::1/128
 #
 # [*rw_network*]
-#   Network that is allowed to RW query the daemon.  Can be an array.
+#   Network that is allowed to RW query the daemon.  Can be string or array.
 #   Default: 127.0.0.1
 #
 # [*rw_network6*]
-#   Network that is allowed to RW query the daemon via IPv6.  Can be an array.
+#   Network that is allowed to RW query the daemon via IPv6.  Can be string or array.
 #   Default: ::1/128
 #
 # [*contact*]
@@ -289,6 +289,7 @@
   $autoupgrade             = $snmp::params::safe_autoupgrade,
   $package_name            = $snmp::params::package_name,
   $snmpd_options           = $snmp::params::snmpd_options,
+  $service_config_perms    = $snmp::params::service_config_perms,
   $service_ensure          = $snmp::params::service_ensure,
   $service_name            = $snmp::params::service_name,
   $service_enable          = $snmp::params::service_enable,
@@ -315,6 +316,9 @@
   validate_array($trap_handlers)
   validate_array($trap_forwards)
   validate_array($snmp_config)
+  validate_array($com2sec)
+  validate_array($com2sec6)
+  validate_array($groups)
   validate_array($views)
   validate_array($accesses)
   validate_array($dlmod)
@@ -428,7 +432,7 @@
 
   file { 'snmpd.conf':
     ensure  => $file_ensure,
-    mode    => $snmp::params::service_config_perms,
+    mode    => $service_config_perms,
     owner   => 'root',
     group   => $snmp::params::service_config_dir_group,
     path    => $snmp::params::service_config,
@@ -452,7 +456,7 @@
 
   file { 'snmptrapd.conf':
     ensure  => $file_ensure,
-    mode    => $snmp::params::service_config_perms,
+    mode    => $service_config_perms,
     owner   => 'root',
     group   => $snmp::params::service_config_dir_group,
     path    => $snmp::params::trap_service_config,

manifests/params.pp

@@ -30,7 +30,7 @@
     undef   => 'public',
     default => $::snmp_ro_community,
   }
-  
+
   $ro_community6 = $::snmp_ro_community6 ? {
     undef   => 'public',
     default => $::snmp_ro_community6,
@@ -40,7 +40,7 @@
     undef   => undef,
     default => $::snmp_rw_community,
   }
-  
+
   $rw_community6 = $::snmp_rw_community6 ? {
     undef   => undef,
     default => $::snmp_rw_community6,
@@ -60,7 +60,7 @@
     undef   => '127.0.0.1',
     default => $::snmp_rw_network,
   }
-  
+
   $rw_network6 = $::snmp_rw_network6 ? {
     undef   => '::1',
     default => $::snmp_rw_network6,

spec/classes/snmp_init_spec.rb

@@ -624,6 +624,12 @@
       end
     end
 
+    describe 'service_config_perms => "0123"' do
+      let(:params) {{ :service_config_perms => '0123' }}
+      it { should contain_file('snmpd.conf').with_mode('0123') }
+      it { should contain_file('snmptrapd.conf').with_mode('0123') }
+    end
+
     describe 'install_client => true' do
       let(:params) {{ :install_client => true }}
       it { should contain_class('snmp::client').with(
@@ -719,13 +725,33 @@
 
     describe 'groups => [ SomeString ]' do
       let(:params) {{ :groups => [ 'SomeString', ] }}
-      it 'should contain File[snmpd.conf] with contents "groups SomeString"' do
+      it 'should contain File[snmpd.conf] with contents "group SomeString"' do
         verify_contents(catalogue, 'snmpd.conf', [
           'group   SomeString',
         ])
       end
     end
 
+    describe 'views => [ "SomeArray1", "SomeArray2" ]' do
+      let(:params) {{ :views => [ 'SomeArray1', 'SomeArray2' ] }}
+      it 'should contain File[snmpd.conf] with contents from array' do
+        verify_contents(catalogue, 'snmpd.conf', [
+          'view    SomeArray1',
+          'view    SomeArray2',
+        ])
+      end
+    end
+
+    describe 'accesses => [ "SomeArray1", "SomeArray2" ]' do
+      let(:params) {{ :accesses => [ 'SomeArray1', 'SomeArray2' ] }}
+      it 'should contain File[snmpd.conf] with contents from array' do
+        verify_contents(catalogue, 'snmpd.conf', [
+          'access  SomeArray1',
+          'access  SomeArray2',
+        ])
+      end
+    end
+
     describe 'dlmod => [ SomeString ]' do
       let(:params) {{ :dlmod => [ 'SomeString', ] }}
       it 'should contain File[snmpd.conf] with contents "dlmod SomeString"' do
@@ -800,6 +826,25 @@
         ])
       end
     end
+
+    describe 'ro_network => "127.0.0.2"' do
+      let(:params) {{ :ro_network => '127.0.0.2' }}
+      it 'should contain File[snmpd.conf] with contents "127.0.0.2"' do
+        verify_contents(catalogue, 'snmpd.conf', [
+          'rocommunity public 127.0.0.2',
+        ])
+      end
+    end
+
+    describe 'ro_community => [ "a", "b", ] and ro_network => "127.0.0.2"' do
+      let(:params) {{ :ro_community => ['a', 'b'], :ro_network => '127.0.0.2' }}
+      it 'should contain File[snmpd.conf] with contents "a 127.0.0.2" and "b 127.0.0.2"' do
+        verify_contents(catalogue, 'snmpd.conf', [
+          'rocommunity a 127.0.0.2',
+          'rocommunity b 127.0.0.2',
+        ])
+      end
+    end
   end
 
   context 'on a supported osfamily (Debian), custom parameters' do

templates/snmpd.conf.erb

@@ -14,64 +14,42 @@ agentaddress <%= @agentaddress.join(',') %>
 
 # ------------------------------------------------------------------------------
 # Traditional Access Control
-<% if @ro_community and (@ro_community.size > 0) -%>
-<% if (@ro_network.is_a?(Array)) and (@ro_network.count > 0) -%>
-<% @ro_network.each do |ro_net| -%>
-rocommunity <%= @ro_community %> <%= ro_net %>
-<% end -%>
-<% else -%>
-rocommunity <%= @ro_community %> <%= @ro_network %>
-<% end -%>
-<% end -%>
-<% if @ro_community6 and (@ro_community6.size > 0) -%>
-<% if (@ro_network6.is_a?(Array)) and (@ro_network6.count > 0) -%>
-<% @ro_network6.each do |ro_net6| -%>
-rocommunity6 <%= @ro_community6 %> <%= ro_net6 %>
-<% end -%>
-<% else -%>
-rocommunity6 <%= @ro_community6 %> <%= @ro_network6 %>
-<% end -%>
-<% end -%>
-<% if @rw_community and (@rw_community.size > 0) -%>
-<% if (@rw_network.is_a?(Array)) and (@rw_network.count > 0) -%>
-<% @rw_network.each do |rw_net| -%>
-rwcommunity <%= @rw_community %> <%= rw_net %>
-<% end -%>
-<% else -%>
-rwcommunity <%= @rw_community %> <%= @rw_network %>
-<% end -%>
-<% end -%>
-<% if @rw_community6 and (@rw_community6.size > 0) -%>
-<% if (@rw_network6.is_a?(Array)) and (@rw_network6.count > 0) -%>
-<% @rw_network6.each do |rw_net6| -%>
-rwcommunity6 <%= @rw_community6 %> <%= rw_net6 %>
-<% end -%>
-<% else -%>
-rwcommunity6 <%= @rw_community6 %> <%= @rw_network6 %>
-<% end -%>
-<% end -%>
+<%- [*@ro_community].compact.each do |c| -%>
+  <%- [*@ro_network].compact.each do |n| -%>
+rocommunity <%= c %> <%= n %>
+  <%- end -%>
+<%- end -%>
+<%- [*@ro_community6].compact.each do |c| -%>
+  <%- [*@ro_network6].compact.each do |n| -%>
+rocommunity6 <%= c %> <%= n %>
+  <%- end -%>
+<%- end -%>
+<%- [*@rw_community].compact.each do |c| -%>
+  <%- [*@rw_network].compact.each do |n| -%>
+rwcommunity <%= c %> <%= n %>
+  <%- end -%>
+<%- end -%>
+<%- [*@rw_community6].compact.each do |c| -%>
+  <%- [*@rw_network6].compact.each do |n| -%>
+rocommunity6 <%= c %> <%= n %>
+  <%- end -%>
+<%- end -%>
 
 # ------------------------------------------------------------------------------
 # VACM Configuration
 #       sec.name       source        community
-<% if @com2sec.any? -%>
-<% @com2sec.each do |com2sec| -%>
-com2sec <%= com2sec %>
-<% end -%>
+<% @com2sec.each do |c| -%>
+com2sec <%= c %>
 <% end -%>
 
-<% if @com2sec6.any? -%>
-<% @com2sec6.each do |com2sec6| -%>
-com2sec6 <%= com2sec6 %>
-<% end -%>
+<% @com2sec6.each do |c| -%>
+com2sec6 <%= c %>
 <% end -%>
 
 #       groupName      securityModel securityName
-<% if @groups.any? -%>
 <% @groups.each do |group| -%>
 group   <%= group %>
 <% end -%>
-<% end -%>
 
 #       name          incl/excl  subtree             mask(optional)
 <% @views.each do |view| -%>