add support for newer distro versions (#48)

* get rid of my local path in there basura! * support newer versions of distros - updated readme - added optional param to enable/disable yum repo * updated changelog * updated spec tests includes stuff for newer distro versions * set enabled to undef for debian not using it there * ensure pkg spec test has enabled defined * add new param to config spec * param was in the wrong place * did i miss this, too? * an errant osfamily error * 8 vs. 7 * update module metadata Co-authored-by: nate st. germain <[email protected]>
threatstack · Jul 15, 2020 · 69dcc04 · 69dcc04
1 parent ad9f463
commit 69dcc04
Show file tree

Hide file tree

Showing 12 changed files with 203 additions and 32 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,15 @@
 
 We'll track changes here starting with details about the 2.0 release and reference to earlier releases.
 
+## 2.0.10
+### Added
+- updated README with support for
+  - Debian 10
+  - Ubuntu 20.04
+  - CentOS/RedHat 8
+- updated tests for newer distros
+- added optional parameter to enable/disable yum repo on rhel
+
 ## 2.0.9
 ### Fixed
 - merged PR simplifying ruleset args

diff --git a/README.md b/README.md
@@ -54,6 +54,7 @@ Parameters
 * `threatstack::package_version` [optional string] - version of the `threatstack-agent` package to install (Default: `installed`)
 * `threatstack::repo_class` [optional string] - name of puppet class that configures the threatstack package repo (Default: either `threatstack::apt` or `threatstack::yum`, set in `threatstack::params` based on operating system)
 * `threatstack::repo_url` [optional string] - url used by threatstack package repo (Default: defined in `threatstack::params` for Debian and RedHat operating system families.)
+* `threatstack::repo_enabled` [optional string] - enable/disable the threatstack repo (Default: defined in `threatstack::params` for RedHat operating system families.)
 * `threatstack::windows_download_url` [optional string] - url used to download Threatstack Agent MSI on Windows 
 * `threatstack::windows_install_options` [optional array] - Windows MSI install options
 * `threatstack::windows_ts_package` [optional string] - Windows MSI package name

diff --git a/data/os/CentOS.yaml b/data/os/CentOS.yaml
@@ -1,4 +1,5 @@
 ---
 threatstack::params:
     repo_class: '::threatstack::yum'
+    repo_enabled: '1'
     gpg_key: 'https://app.threatstack.com/RPM-GPG-KEY-THREATSTACK'
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -49,6 +49,10 @@
 #   Manage agent package version.
 #   type: string
 #
+# [*repo_enabled*]
+#   Enable/disable yum repo
+#   type: string
+#
 # [*repo_url*]
 #   URL of installation repo.  Useful to change if managing own repository.  See
 #   also `gpg_key`.
@@ -119,6 +123,7 @@
   $extra_args              = $::threatstack::params::extra_args,
   $agent_config_args       = undef,
   $repo_class              = $::threatstack::params::repo_class,
+  $repo_enabled            = $::threatstack::params::repo_enabled,
   $repo_url                = $::threatstack::params::repo_url,
   $gpg_key                 = $::threatstack::params::gpg_key,
   $rulesets                = $::threatstack::params::rulesets,

diff --git a/manifests/params.pp b/manifests/params.pp
@@ -49,6 +49,7 @@
     }
     'RedHat': {
       $repo_class       = '::threatstack::yum'
+      $repo_enabled     = '1'
       $gpg_key          = 'https://app.threatstack.com/RPM-GPG-KEY-THREATSTACK'
       $gpg_key_file     = '/etc/pki/rpm-gpg/RPM-GPG-KEY-THREATSTACK'
       $gpg_key_file_uri = "file://${gpg_key_file}"
@@ -85,6 +86,7 @@
     'Debian': {
       $repo_class         = '::threatstack::apt'
       $repo_url           = 'https://pkg.threatstack.com/v2/Ubuntu'
+      $repo_enabled       = undef
       $repo_gpg_id        = 'ACCC2B02EA3A2409557B0AB991BB3B3C6EE04BD4'
       $release            = $facts['os']['distro']['codename']
       $repos              = 'main'

diff --git a/manifests/yum.pp b/manifests/yum.pp
@@ -39,7 +39,7 @@
 
   yumrepo { 'threatstack':
     descr    => 'Threat Stack Package Repository',
-    enabled  => 1,
+    enabled  => $::threatstack::repo_enabled,
     baseurl  => $::threatstack::repo_url,
     gpgcheck => 1,
     gpgkey   => $::threatstack::gpg_key_file_uri,

diff --git a/metadata.json b/metadata.json
@@ -1,12 +1,19 @@
 {
   "name": "threatstack-threatstack",
-  "version": "2.0.9",
+  "version": "2.0.10",
   "author": "Threat Stack",
   "license": "Apache-2.0",
   "summary": "Installs the Threat Stack agent",
   "source": "https://github.com/threatstack/threatstack-puppet",
   "issues_url": "https://github.com/threatstack/threatstack-puppet/issues",
   "tags": ["threatstack"],
+  "data_provider": "hiera",
+  "requirements": [
+    {
+      "name": "puppet",
+      "version_requirement": ">= 4.5.0 < 7.0.0"
+    }
+  ],
   "dependencies": [
     { "name": "puppetlabs/stdlib", "version_requirement": ">= 4.2.2" },
     {"name": "puppetlabs/apt", "version_requirement": ">= 6.2.1"},
@@ -17,22 +24,22 @@
   "operatingsystem_support": [
     {
     "operatingsystem":"RedHat",
-    "operatingsystemrelease":[ "7.0", "7.5" ]
+    "operatingsystemrelease":[ "7.0", "7.5", "8.0" ]
     },
     {
     "operatingsystem":"CentOS",
-    "operatingsystemrelease":[ "7.0", "7.5" ]
+    "operatingsystemrelease":[ "7.0", "7.5", "8.0" ]
     },
     {
     "operatingsystem":"Amazon"
     },
     {
     "operatingsystem": "Ubuntu",
-    "operatingsystemrelease": [ "18.04", "16.04" ]
+    "operatingsystemrelease": [ "20.04", "18.04", "16.04" ]
     },
     {
     "operatingsystem": "Debian",
-    "operatingsystemrelease": [ "9", "8" ]
+    "operatingsystemrelease": [ "10", "9", "8" ]
     },
     {
     "operatingsystem": "Windows",

diff --git a/spec/classes/apt_spec.rb b/spec/classes/apt_spec.rb
@@ -22,6 +22,22 @@
       }
   end
 
+  context 'on Debian 10' do
+    let(:facts) { {'operatingsystem' => 'Debian', 'osfamily' => 'Debian', 'os' => { 'name' => 'Debian', 'release' => {'full' => '10.4', 'major' => '10', 'minor' => '4'}, 'distro' => {'codename' => 'buster'}, 'family' => 'Debian'} } }
+    let(:params) { { 'location' => REPO_URL, 'release' => 'buster', 'repos' => REPO_TYPE, 'key' => GPG_KEY_ID} }
+    it {
+        is_expected.to contain_apt__source('threatstack').with(ensure: 'present', location: REPO_URL, release: 'buster', repos: REPO_TYPE)
+      }
+  end
+
+  context 'on Ubuntu 20.04' do
+    let(:facts) { {'osfamily' => 'Debian', 'os' => { 'name' => 'Ubuntu', 'release' => {'full' => '20.04', 'major' => '20.04'}, 'distro' => {'codename' => 'focal'}, 'family' => 'Debian'} }}
+    let(:params) { { 'location' => REPO_URL, 'release' => 'focal', 'repos' => REPO_TYPE, 'key' => GPG_KEY_ID} }
+    it {
+        is_expected.to contain_apt__source('threatstack').with(ensure: 'present', location: REPO_URL, release: 'focal', repos: REPO_TYPE)
+      }
+  end
+
   context 'on Ubuntu 18.04' do
     let(:facts) { {'osfamily' => 'Debian', 'os' => { 'name' => 'Ubuntu', 'release' => {'full' => '18.04', 'major' => '18.04'}, 'distro' => {'codename' => 'bionic'}, 'family' => 'Debian'} }}
     let(:params) { { 'location' => REPO_URL, 'release' => 'bionic', 'repos' => REPO_TYPE, 'key' => GPG_KEY_ID} }

diff --git a/spec/classes/configure_spec.rb b/spec/classes/configure_spec.rb
@@ -7,7 +7,7 @@
 
   context 'on Debian 8' do
     let(:facts) { {:operatingsystem => 'Debian', :osfamily => 'Debian', 'os' => { 'name' => 'Debian', 'release' => {'full' => '8.11', 'major' => '8', 'minor' => '11'}, 'distro' => {'codename' => 'jessie'}, 'family' => 'Debian'} } }
-    let(:pre_condition) { "class { 'threatstack': deploy_key => '#{deploy_key}', ts_hostname => '#{ts_hostname}', rulesets => ['Default Ruleset', 'Service Ruleset'], agent_config_args => [{'log.level' => 'debug'}]}" }
+    let(:pre_condition) { "class { 'threatstack': deploy_key => '#{deploy_key}', ts_hostname => '#{ts_hostname}', rulesets => ['Default Ruleset', 'Service Ruleset'], agent_config_args => [{'log.level' => 'debug'}], repo_enabled => true}" }
 
     it { should contain_exec('threatstack-agent-setup').with(
       :command => "/usr/bin/tsagent setup --deploy-key='#{deploy_key}' --hostname='#{ts_hostname}' --ruleset='Default Ruleset,Service Ruleset'"
@@ -16,7 +16,25 @@
 
   context 'on Debian 9' do
     let(:facts) { {:operatingsystem => 'Debian', :osfamily => 'Debian', 'os' => { 'name' => 'Debian', 'release' => {'full' => '9.1', 'major' => '9', 'minor' => '1'}, 'distro' => {'codename' => 'stretch'}, 'family' => 'Debian'} } }
-    let(:pre_condition) { "class { 'threatstack': deploy_key => '#{deploy_key}', ts_hostname => '#{ts_hostname}', rulesets => ['Default Ruleset', 'Service Ruleset'], agent_config_args => [{'log.level' => 'debug'}]}" }
+    let(:pre_condition) { "class { 'threatstack': deploy_key => '#{deploy_key}', ts_hostname => '#{ts_hostname}', rulesets => ['Default Ruleset', 'Service Ruleset'], agent_config_args => [{'log.level' => 'debug'}], repo_enabled => true}" }
+
+    it { should contain_exec('threatstack-agent-setup').with(
+      :command => "/usr/bin/tsagent setup --deploy-key='#{deploy_key}' --hostname='#{ts_hostname}' --ruleset='Default Ruleset,Service Ruleset'"
+    )}
+  end
+
+  context 'on Debian 10' do
+    let(:facts) { {:operatingsystem => 'Debian', :osfamily => 'Debian', 'os' => { 'name' => 'Debian', 'release' => {'full' => '10.4', 'major' => '10', 'minor' => '4'}, 'distro' => {'codename' => 'buster'}, 'family' => 'Debian'} } }
+    let(:pre_condition) { "class { 'threatstack': deploy_key => '#{deploy_key}', ts_hostname => '#{ts_hostname}', rulesets => ['Default Ruleset', 'Service Ruleset'], agent_config_args => [{'log.level' => 'debug'}], repo_enabled => true}" }
+
+    it { should contain_exec('threatstack-agent-setup').with(
+      :command => "/usr/bin/tsagent setup --deploy-key='#{deploy_key}' --hostname='#{ts_hostname}' --ruleset='Default Ruleset,Service Ruleset'"
+    )}
+  end
+
+  context 'on Ubuntu 20.04' do
+    let(:facts) { {:osfamily => 'Debian', 'os' => { 'name' => 'Ubuntu', 'release' => {'full' => '20.04', 'major' => '20'}, 'distro' => {'codename' => 'focal'}, 'family' => 'Debian'} }}
+    let(:pre_condition) { "class { 'threatstack': deploy_key => '#{deploy_key}', ts_hostname => '#{ts_hostname}', rulesets => ['Default Ruleset', 'Service Ruleset'], agent_config_args => [{'log.level' => 'debug'}], repo_enabled => true}" }
 
     it { should contain_exec('threatstack-agent-setup').with(
       :command => "/usr/bin/tsagent setup --deploy-key='#{deploy_key}' --hostname='#{ts_hostname}' --ruleset='Default Ruleset,Service Ruleset'"
@@ -25,7 +43,7 @@
 
   context 'on Ubuntu 18.04' do
     let(:facts) { {:osfamily => 'Debian', 'os' => { 'name' => 'Ubuntu', 'release' => {'full' => '18.04', 'major' => '18.04'}, 'distro' => {'codename' => 'bionic'}, 'family' => 'Debian'} }}
-    let(:pre_condition) { "class { 'threatstack': deploy_key => '#{deploy_key}', ts_hostname => '#{ts_hostname}', rulesets => ['Default Ruleset', 'Service Ruleset'], agent_config_args => [{'log.level' => 'debug'}]}" }
+    let(:pre_condition) { "class { 'threatstack': deploy_key => '#{deploy_key}', ts_hostname => '#{ts_hostname}', rulesets => ['Default Ruleset', 'Service Ruleset'], agent_config_args => [{'log.level' => 'debug'}], repo_enabled => true}" }
 
     it { should contain_exec('threatstack-agent-setup').with(
       :command => "/usr/bin/tsagent setup --deploy-key='#{deploy_key}' --hostname='#{ts_hostname}' --ruleset='Default Ruleset,Service Ruleset'"
@@ -34,16 +52,34 @@
 
   context 'on Ubuntu 16.04' do
     let(:facts) { {:osfamily => 'Debian', 'os' => { 'name' => 'Ubuntu', 'release' => {'full' => '16.04', 'major' => '16.04'}, 'distro' => {'codename' => 'xenial'}, 'family' => 'Debian'} }}
-    let(:pre_condition) { "class { 'threatstack': deploy_key => '#{deploy_key}', ts_hostname => '#{ts_hostname}', rulesets => ['Default Ruleset', 'Service Ruleset'], agent_config_args => [{'log.level' => 'debug'}]}" }
+    let(:pre_condition) { "class { 'threatstack': deploy_key => '#{deploy_key}', ts_hostname => '#{ts_hostname}', rulesets => ['Default Ruleset', 'Service Ruleset'], agent_config_args => [{'log.level' => 'debug'}], repo_enabled => true}" }
 
     it { should contain_exec('threatstack-agent-setup').with(
       :command => "/usr/bin/tsagent setup --deploy-key='#{deploy_key}' --hostname='#{ts_hostname}' --ruleset='Default Ruleset,Service Ruleset'"
     )}
   end
 
-  context 'on Redhat' do
+  context 'on Redhat 8' do
+      let(:facts) {  { :operatingsystem => 'RedHat', :osfamily => 'RedHat', :operatingsystemrelease => '8.0', 'operatingsystemmajrelease' => '8', 'os' => { 'release' => { 'major' => '8'}, 'name' => 'RedHat', 'family' => 'RedHat'} } }
+    let(:pre_condition) { "class { 'threatstack': deploy_key => '#{deploy_key}', ts_hostname => '#{ts_hostname}', rulesets => ['Default Ruleset', 'Service Ruleset'], agent_config_args => [{'log.level' => 'debug'}], repo_enabled => '1'}" }
+
+    it { should contain_exec('threatstack-agent-setup').with(
+      :command => "/usr/bin/tsagent setup --deploy-key='#{deploy_key}' --hostname='#{ts_hostname}' --ruleset='Default Ruleset,Service Ruleset'"
+    )}
+  end
+
+  context 'on Redhat 7' do
       let(:facts) {  { :operatingsystem => 'RedHat', :osfamily => 'RedHat', :operatingsystemrelease => '7.0', 'operatingsystemmajrelease' => '7', 'os' => { 'release' => { 'major' => '7'}, 'name' => 'RedHat', 'family' => 'RedHat'} } }
-    let(:pre_condition) { "class { 'threatstack': deploy_key => '#{deploy_key}', ts_hostname => '#{ts_hostname}', rulesets => ['Default Ruleset', 'Service Ruleset'], agent_config_args => [{'log.level' => 'debug'}]}" }
+    let(:pre_condition) { "class { 'threatstack': deploy_key => '#{deploy_key}', ts_hostname => '#{ts_hostname}', rulesets => ['Default Ruleset', 'Service Ruleset'], agent_config_args => [{'log.level' => 'debug'}], repo_enabled => '1'}" }
+
+    it { should contain_exec('threatstack-agent-setup').with(
+      :command => "/usr/bin/tsagent setup --deploy-key='#{deploy_key}' --hostname='#{ts_hostname}' --ruleset='Default Ruleset,Service Ruleset'"
+    )}
+  end
+
+  context 'on CentOS 8' do
+    let(:facts) { { :operatingsystem => 'CentOS', :osfamily => 'RedHat',:operatingsystemrelease => '8.2.2004', 'operatingsystemmajrelease' => '8', 'os' => { 'release' => { 'major' => '8'}, 'name' => 'CentOS', 'family' => 'RedHat'} } }
+    let(:pre_condition) { "class { 'threatstack': deploy_key => '#{deploy_key}', ts_hostname => '#{ts_hostname}', rulesets => ['Default Ruleset', 'Service Ruleset'], agent_config_args => [{'log.level' => 'debug'}], repo_enabled => '1'}" }
 
     it { should contain_exec('threatstack-agent-setup').with(
       :command => "/usr/bin/tsagent setup --deploy-key='#{deploy_key}' --hostname='#{ts_hostname}' --ruleset='Default Ruleset,Service Ruleset'"
@@ -52,7 +88,7 @@
 
   context 'on CentOS 7' do
     let(:facts) { { :operatingsystem => 'CentOS', :osfamily => 'RedHat',:operatingsystemrelease => '7.6.1810', 'operatingsystemmajrelease' => '7', 'os' => { 'release' => { 'major' => '7'}, 'name' => 'CentOS', 'family' => 'RedHat'} } }
-    let(:pre_condition) { "class { 'threatstack': deploy_key => '#{deploy_key}', ts_hostname => '#{ts_hostname}', rulesets => ['Default Ruleset', 'Service Ruleset'], agent_config_args => [{'log.level' => 'debug'}]}" }
+    let(:pre_condition) { "class { 'threatstack': deploy_key => '#{deploy_key}', ts_hostname => '#{ts_hostname}', rulesets => ['Default Ruleset', 'Service Ruleset'], agent_config_args => [{'log.level' => 'debug'}], repo_enabled => '1'}" }
 
     it { should contain_exec('threatstack-agent-setup').with(
       :command => "/usr/bin/tsagent setup --deploy-key='#{deploy_key}' --hostname='#{ts_hostname}' --ruleset='Default Ruleset,Service Ruleset'"
@@ -61,7 +97,7 @@
 
   context 'on Amazon Linux 2' do
     let(:facts) {  { :operatingsystem => 'Amazon', :osfamily => 'RedHat', :operatingsystemrelease => '2', 'operatingsystemmajrelease' => '2', 'os' => {  'release' => { 'major' => '2'}, 'name' => 'Amazon', 'family' => 'RedHat'} } }
-    let(:pre_condition) { "class { 'threatstack': deploy_key => '#{deploy_key}', ts_hostname => '#{ts_hostname}', rulesets => ['Default Ruleset', 'Service Ruleset'], agent_config_args => [{'log.level' => 'debug'}]}" }
+    let(:pre_condition) { "class { 'threatstack': deploy_key => '#{deploy_key}', ts_hostname => '#{ts_hostname}', rulesets => ['Default Ruleset', 'Service Ruleset'], agent_config_args => [{'log.level' => 'debug'}], repo_enabled => '1'}" }
 
     it { should contain_exec('threatstack-agent-setup').with(
       :command => "/usr/bin/tsagent setup --deploy-key='#{deploy_key}' --hostname='#{ts_hostname}' --ruleset='Default Ruleset,Service Ruleset'"
@@ -70,11 +106,10 @@
 
   context 'on Amazon Linux 1' do
     let(:facts) {  {:operatingsystem => 'Amazon', :osfamily => 'RedHat', :operatingsystemrelease => '2018', 'operatingsystemmajrelease' => '2018', 'os' => {  'release' => { 'major' => '2018'}, 'name' => 'Amazon', 'family' => 'RedHat'} } }
-    let(:pre_condition) { "class { 'threatstack': deploy_key => '#{deploy_key}', ts_hostname => '#{ts_hostname}', rulesets => ['Default Ruleset', 'Service Ruleset'], agent_config_args => [{'log.level' => 'debug'}]}" }
+    let(:pre_condition) { "class { 'threatstack': deploy_key => '#{deploy_key}', ts_hostname => '#{ts_hostname}', rulesets => ['Default Ruleset', 'Service Ruleset'], agent_config_args => [{'log.level' => 'debug'}], repo_enabled => '1'}" }
 
     it { should contain_exec('threatstack-agent-setup').with(
       :command => "/usr/bin/tsagent setup --deploy-key='#{deploy_key}' --hostname='#{ts_hostname}' --ruleset='Default Ruleset,Service Ruleset'"
     )}
   end
-
 end