Merge branch 'master' into selinux_ignore_defaults

.github/SECURITY.md

@@ -0,0 +1,3 @@
+# Vox Pupuli Security Policy
+
+Our vulnerabilities reporting process is at https://voxpupuli.org/security/

.msync.yml

@@ -1 +1 @@
-modulesync_config_version: '2.12.0'
+modulesync_config_version: '3.0.0'

.rubocop.yml

@@ -528,6 +528,9 @@ RSpec/RepeatedDescription:
 RSpec/NestedGroups:
   Enabled: False
 
+RSpec/MultipleExpectations:
+  Enabled: false
+
 # this is broken on ruby1.9
 Layout/IndentHeredoc:
   Enabled: False

.travis.yml

@@ -1,4 +1,5 @@
 ---
+os: linux
 dist: bionic
 language: ruby
 cache: bundler
@@ -7,7 +8,7 @@ before_install:
   - bundle --version
 script:
   - 'bundle exec rake $CHECK'
-matrix:
+jobs:
   fast_finish: true
   include:
   - rvm: 2.4.4
@@ -84,7 +85,7 @@ notifications:
       - "chat.freenode.org#voxpupuli-notifications"
 deploy:
   provider: puppetforge
-  user: puppet
+  username: puppet
   password:
     secure: "Ojc0h2mbt9Y+eCyiKD+x1iYNONOP27Me63hjo9jo2v1bSs3aiM7djlcpz/sG+jRJ7JQoUyaGzHSn+gvxwWqdagFfFgDmipMKD0OXQinq7upRaG2hR+akKo0jllq9zLjJGBDoxurioKfOzPGlt2bX3UYY5KyeJ3AIM4dwCGVtSh4="
   on:

CHANGELOG.md

@@ -4,6 +4,42 @@ All notable changes to this project will be documented in this file.
 Each new release typically also includes the latest modulesync defaults.
 These should not affect the functionality of the module.
 
+## [v10.1.1](https://github.com/voxpupuli/puppet-rabbitmq/tree/v10.1.1) (2020-07-13)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-rabbitmq/compare/v10.1.0...v10.1.1)
+
+**Fixed bugs:**
+
+- Password comparison error in Rabbitmq\_user when password contains double quotes [\#850](https://github.com/voxpupuli/puppet-rabbitmq/issues/850)
+
+**Merged pull requests:**
+
+- Escape double quotes in password during comparison [\#851](https://github.com/voxpupuli/puppet-rabbitmq/pull/851) ([jplindquist](https://github.com/jplindquist))
+- Remove facter rabbitmq\_nodename error message [\#849](https://github.com/voxpupuli/puppet-rabbitmq/pull/849) ([mbaldessari](https://github.com/mbaldessari))
+
+## [v10.1.0](https://github.com/voxpupuli/puppet-rabbitmq/tree/v10.1.0) (2020-07-10)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-rabbitmq/compare/v10.0.1...v10.1.0)
+
+**Implemented enhancements:**
+
+- Don't use RABBITMQ\_SERVER\_ERL\_ARGS [\#841](https://github.com/voxpupuli/puppet-rabbitmq/pull/841) ([jeckersb](https://github.com/jeckersb))
+
+**Fixed bugs:**
+
+- Cannot set delivery-limit policy [\#846](https://github.com/voxpupuli/puppet-rabbitmq/issues/846)
+- rabbitmq\_user resource displays password when needed changed in noop [\#839](https://github.com/voxpupuli/puppet-rabbitmq/issues/839)
+- erlang\_cookie echo'ed to agent output [\#837](https://github.com/voxpupuli/puppet-rabbitmq/issues/837)
+- breaks /etc/rabbitmq ownership under ubuntu [\#813](https://github.com/voxpupuli/puppet-rabbitmq/issues/813)
+- Owner of /etc/rabbitmq [\#703](https://github.com/voxpupuli/puppet-rabbitmq/issues/703)
+
+**Merged pull requests:**
+
+- Allow delivery-limit policy to be set [\#847](https://github.com/voxpupuli/puppet-rabbitmq/pull/847) ([philomory](https://github.com/philomory))
+- Hide user password [\#840](https://github.com/voxpupuli/puppet-rabbitmq/pull/840) ([tobias-urdin](https://github.com/tobias-urdin))
+- Hide erlang cookie content [\#838](https://github.com/voxpupuli/puppet-rabbitmq/pull/838) ([tobias-urdin](https://github.com/tobias-urdin))
+- \[fix\] ownership and permissions on conf files [\#835](https://github.com/voxpupuli/puppet-rabbitmq/pull/835) ([wyardley](https://github.com/wyardley))
+
 ## [v10.0.1](https://github.com/voxpupuli/puppet-rabbitmq/tree/v10.0.1) (2020-04-25)
 
 [Full Changelog](https://github.com/voxpupuli/puppet-rabbitmq/compare/v10.0.0...v10.0.1)

Gemfile

@@ -11,9 +11,9 @@ def location_for(place, fake_version = nil)
 end
 
 group :test do
-  gem 'voxpupuli-test', '>= 1.0.0',  :require => false
-  gem 'coveralls',                   :require => false
-  gem 'simplecov-console',           :require => false
+  gem 'voxpupuli-test', '~> 2.0',  :require => false
+  gem 'coveralls',                 :require => false
+  gem 'simplecov-console',         :require => false
 end
 
 group :development do

examples/erlang_deps.pp

@@ -1,5 +1,5 @@
 # install first the garethr-erlang module. See README.md
 include erlang
 
-class { 'erlang': epel_enable => true}
+class { 'erlang': epel_enable => true }
 Class['erlang'] -> Class['rabbitmq']

examples/plugin.pp

@@ -1,4 +1,4 @@
-$rabbitmq_plugins = [ 'amqp_client', 'rabbitmq_stomp' ]
+$rabbitmq_plugins = ['amqp_client', 'rabbitmq_stomp']
 
 class { 'rabbitmq':
   config_stomp => true,

examples/site.pp

@@ -1,6 +1,5 @@
 node default {
-
-  $rabbitmq_plugins = [ 'amqp_client', 'rabbitmq_stomp' ]
+  $rabbitmq_plugins = ['amqp_client', 'rabbitmq_stomp']
 
   class { 'rabbitmq':
     config => '[ {rabbit_stomp, [{tcp_listeners, [1234]} ]} ].',
@@ -13,4 +12,3 @@
     provider => 'rabbitmqplugins',
   }
 }
-

lib/facter/rabbitmq_nodename.rb

@@ -2,7 +2,11 @@
   setcode do
     if Facter::Util::Resolution.which('rabbitmqctl')
       rabbitmq_nodename = Facter::Core::Execution.execute('rabbitmqctl status 2>&1')
-      %r{^Status of node '?([\w\.\-]+@[\w\.\-]+)'?}.match(rabbitmq_nodename)[1]
+      begin
+        %r{^Status of node '?([\w\.\-]+@[\w\.\-]+)'?}.match(rabbitmq_nodename)[1]
+      rescue
+        Facter.debug("Error: rabbitmq_nodename facter failed. Output was #{rabbitmq_nodename}")
+      end
     end
   end
 end

lib/puppet/provider/rabbitmq_user/rabbitmqctl.rb

@@ -69,7 +69,7 @@ def check_password(password)
     check_access_control = [
       'rabbit_access_control:check_user_pass_login(',
       %[list_to_binary("#{@resource[:name]}"), ],
-      %[list_to_binary("#{password}")).]
+      %[list_to_binary("#{password.to_s.gsub('"', '\\"')}")).]
     ]
 
     response = rabbitmqctl('eval', check_access_control.join)

lib/puppet/type/rabbitmq_erlang_cookie.rb

@@ -16,9 +16,20 @@
   newproperty(:content) do
     desc 'Content of cookie'
     newvalues(%r{^\S+$})
+
     def change_to_s(_current, _desired)
       'The rabbitmq erlang cookie was changed'
     end
+
+    # rubocop:disable Style/PredicateName
+    def is_to_s(_value)
+      '[old content redacted]'
+    end
+    # rubocop:enable Style/PredicateName
+
+    def should_to_s(_value)
+      '[new content redacted]'
+    end
   end
 
   newparam(:force) do

lib/puppet/type/rabbitmq_policy.rb

@@ -128,12 +128,18 @@ def validate_definition(definition)
         raise ArgumentError, "Invalid shards-per-node value '#{shards_per_node_val}'"
       end
     end
-    if definition.key? 'ha-sync-batch-size' # rubocop:disable Style/GuardClause
+    if definition.key? 'ha-sync-batch-size'
       ha_sync_batch_size_val = definition['ha-sync-batch-size']
       unless ha_sync_batch_size_val.to_i.to_s == ha_sync_batch_size_val
         raise ArgumentError, "Invalid ha-sync-batch-size value '#{ha_sync_batch_size_val}'"
       end
     end
+    if definition.key? 'delivery-limit' # rubocop:disable Style/GuardClause
+      delivery_limit_val = definition['delivery-limit']
+      unless delivery_limit_val.to_i.to_s == delivery_limit_val
+        raise ArgumentError, "Invalid delivery-limit value '#{delivery_limit_val}'"
+      end
+    end
   end
 
   def munge_definition(definition)
@@ -158,6 +164,9 @@ def munge_definition(definition)
     if definition.key? 'ha-sync-batch-size'
       definition['ha-sync-batch-size'] = definition['ha-sync-batch-size'].to_i
     end
+    if definition.key? 'delivery-limit'
+      definition['delivery-limit'] = definition['delivery-limit'].to_i
+    end
     definition
   end
 end

lib/puppet/type/rabbitmq_user.rb

@@ -46,6 +46,16 @@ def insync?(_is)
     def change_to_s(_current, _desired)
       'password has been changed'
     end
+
+    # rubocop:disable Style/PredicateName
+    def is_to_s(_value)
+      '[old password redacted]'
+    end
+    # rubocop:enable Style/PredicateName
+
+    def should_to_s(_value)
+      '[new password redacted]'
+    end
   end
 
   newproperty(:admin) do

manifests/config.pp

@@ -3,7 +3,6 @@
 #
 # @api private
 class rabbitmq::config {
-
   $admin_enable                        = $rabbitmq::admin_enable
   $management_enable                   = $rabbitmq::management_enable
   $use_config_file_for_plugins         = $rabbitmq::use_config_file_for_plugins
@@ -104,7 +103,7 @@
     $management_ip_address = $rabbitmq::node_ip_address
   }
 
-  $inetrc_env = {'export ERL_INETRC' => $inetrc_config_path}
+  $inetrc_env = { 'export ERL_INETRC' => $inetrc_config_path }
 
   # Handle env variables.
   $_environment_variables = $default_ssl_env_variables + $inetrc_env + $rabbitmq::environment_variables
@@ -125,7 +124,7 @@
       $proto_dist = 'inet6_tcp'
       $ssl_path = ''
     }
-    $ipv6_or_tls_env = ['SERVER', 'CTL'].reduce({}) |$memo, $item| {
+    $ipv6_or_tls_env = ['SERVER_ADDITIONAL', 'CTL'].reduce( {}) |$memo, $item| {
       $orig = $_environment_variables["RABBITMQ_${item}_ERL_ARGS"]
       $munged = $orig ? {
         # already quoted, keep quoting
@@ -136,7 +135,7 @@
         default           => "\"${orig}${ssl_path} -proto_dist ${proto_dist}\"",
       }
 
-      merge($memo, {"RABBITMQ_${item}_ERL_ARGS" => $munged})
+      merge($memo, { "RABBITMQ_${item}_ERL_ARGS" => $munged })
     }
 
     $environment_variables = $_environment_variables + $ipv6_or_tls_env
@@ -227,7 +226,7 @@
         mode    => '0644',
       }
     }
-    default: { }
+    default: {}
   }
 
   if $facts['systemd'] { # systemd fact provided by systemd module
@@ -238,7 +237,7 @@
 
     systemd::service_limits { "${service_name}.service":
       selinux_ignore_defaults => $selinux_ignore_defaults_real,
-      limits                  => {'LimitNOFILE' => $file_limit},
+      limits                  => { 'LimitNOFILE' => $file_limit },
       # The service will be notified when config changes
       restart_service         => false,
     }

manifests/init.pp

@@ -298,7 +298,7 @@
 # @param loopback_users
 #   This option configures a list of users to allow access via the loopback interfaces
 #
-class rabbitmq(
+class rabbitmq (
   Boolean $admin_enable                                                                            = true,
   Boolean $management_enable                                                                       = false,
   Boolean $use_config_file_for_plugins                                                             = false,
@@ -399,12 +399,11 @@
   Array $loopback_users                                                                            = ['guest'],
   Boolean $service_restart                                                                         = true,
 ) {
-
   if $ssl_only and ! $ssl {
     fail('$ssl_only => true requires that $ssl => true')
   }
 
-  if $config_stomp and $stomp_ssl_only and ! $ssl_stomp_port  {
+  if $config_stomp and $stomp_ssl_only and ! $ssl_stomp_port {
     fail('$stomp_ssl_only requires that $ssl_stomp_port be set')
   }
 
@@ -498,5 +497,4 @@
 
   # Make sure the various providers have their requirements in place.
   Class['rabbitmq::install'] -> Rabbitmq_plugin<| |>
-
 }

manifests/install.pp

@@ -2,7 +2,6 @@
 #
 # @api private
 class rabbitmq::install {
-
   $package_ensure   = $rabbitmq::package_ensure
   $package_name     = $rabbitmq::package_name
   $rabbitmq_group   = $rabbitmq::rabbitmq_group

manifests/install/rabbitmqadmin.pp

@@ -2,14 +2,12 @@
 #
 # @api private
 class rabbitmq::install::rabbitmqadmin {
-
   if $rabbitmq::rabbitmqadmin_package {
-    package{'rabbitmqadmin':
+    package { 'rabbitmqadmin':
       ensure => 'present',
       name   => $rabbitmq::rabbitmqadmin_package,
     }
   } else {
-
     $python_package = $rabbitmq::python_package
     # Some systems (e.g., Ubuntu 16.04) don't ship Python 2 by default
     if $rabbitmq::manage_python {

manifests/management.pp

@@ -2,14 +2,12 @@
 #
 # @api private
 class rabbitmq::management {
-
   $delete_guest_user = $rabbitmq::delete_guest_user
 
   if $delete_guest_user {
-    rabbitmq_user{ 'guest':
+    rabbitmq_user { 'guest':
       ensure   => absent,
       provider => 'rabbitmqctl',
     }
   }
-
 }

manifests/repo/apt.pp

@@ -3,16 +3,15 @@
 #   puppetlabs-stdlib
 #
 # @api private
-class rabbitmq::repo::apt(
+class rabbitmq::repo::apt (
   String $location               = 'https://packagecloud.io/rabbitmq/rabbitmq-server',
   String $repos                  = 'main',
   Boolean $include_src           = false,
   String $key                    = '8C695B0219AFDEB04A058ED8F4E789204D206F89',
   String $key_source             = $rabbitmq::package_gpg_key,
   Optional[String] $key_content  = $rabbitmq::key_content,
   Optional[String] $architecture = undef,
-  ) {
-
+) {
   $osname = downcase($facts['os']['name'])
   $pin    = $rabbitmq::package_apt_pin
 

manifests/repo/rhel.pp

@@ -1,11 +1,10 @@
 # Makes sure that the Packagecloud repo is installed
 #
 # @api private
-class rabbitmq::repo::rhel(
-    $location          = "https://packagecloud.io/rabbitmq/rabbitmq-server/el/${facts['os'][release][major]}/\$basearch",
-    String $key_source = $rabbitmq::package_gpg_key,
-  ) {
-
+class rabbitmq::repo::rhel (
+  $location          = "https://packagecloud.io/rabbitmq/rabbitmq-server/el/${facts['os'][release][major]}/\$basearch",
+  String $key_source = $rabbitmq::package_gpg_key,
+) {
   yumrepo { 'rabbitmq':
     ensure   => present,
     name     => 'rabbitmq_rabbitmq-server',

manifests/service.pp

@@ -1,12 +1,11 @@
 # This class manages the rabbitmq server service itself.
 #
 # @api private
-class rabbitmq::service(
+class rabbitmq::service (
   Enum['running', 'stopped'] $service_ensure  = $rabbitmq::service_ensure,
   Boolean $service_manage                     = $rabbitmq::service_manage,
   $service_name                               = $rabbitmq::service_name,
 ) inherits rabbitmq {
-
   if ($service_manage) {
     if $service_ensure == 'running' {
       $ensure_real = 'running'
@@ -28,5 +27,4 @@
       Class['systemd::systemctl::daemon_reload'] -> Service['rabbitmq-server']
     }
   }
-
 }

metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "puppet-rabbitmq",
-  "version": "10.0.2-rc0",
+  "version": "10.1.2-rc0",
   "author": "voxpupuli",
   "summary": "Installs, configures, and manages RabbitMQ.",
   "license": "Apache-2.0",