Skip to content

Commit

Permalink
Merge pull request #947 from wolfaba/master
Browse files Browse the repository at this point in the history
Support multiple values in TLSAccept
  • Loading branch information
Valantin authored May 27, 2024
2 parents 6059a37 + 7c868c4 commit edf9e52
Show file tree
Hide file tree
Showing 7 changed files with 61 additions and 6 deletions.
4 changes: 2 additions & 2 deletions REFERENCE.md
Original file line number Diff line number Diff line change
Expand Up @@ -1860,7 +1860,7 @@ Default value: `$zabbix::params::agent_timeout`

##### <a name="-zabbix--agent--tlsaccept"></a>`tlsaccept`

Data type: `Optional[Enum['unencrypted','psk','cert']]`
Data type: `Optional[Variant[Array[Enum['unencrypted','psk','cert']],Enum['unencrypted','psk','cert']]]`

What incoming connections to accept from Zabbix server. Used for a passive proxy, ignored on an active proxy.

Expand Down Expand Up @@ -3279,7 +3279,7 @@ Default value: `$zabbix::params::proxy_timeout`

##### <a name="-zabbix--proxy--tlsaccept"></a>`tlsaccept`

Data type: `Any`
Data type: `Optional[Variant[Array[Enum['unencrypted','psk','cert']],Enum['unencrypted','psk','cert']]]`

What incoming connections to accept from Zabbix server. Used for a passive proxy, ignored on an active proxy.

Expand Down
2 changes: 1 addition & 1 deletion manifests/agent.pp
Original file line number Diff line number Diff line change
Expand Up @@ -203,7 +203,7 @@
$userparameter = $zabbix::params::agent_userparameter,
Optional[String[1]] $loadmodulepath = $zabbix::params::agent_loadmodulepath,
$loadmodule = $zabbix::params::agent_loadmodule,
Optional[Enum['unencrypted','psk','cert']] $tlsaccept = $zabbix::params::agent_tlsaccept,
Optional[Variant[Array[Enum['unencrypted','psk','cert']],Enum['unencrypted','psk','cert']]] $tlsaccept = $zabbix::params::agent_tlsaccept,
$tlscafile = $zabbix::params::agent_tlscafile,
$tlscertfile = $zabbix::params::agent_tlscertfile,
Optional[String[1]] $tlscertissuer = undef,
Expand Down
2 changes: 1 addition & 1 deletion manifests/proxy.pp
Original file line number Diff line number Diff line change
Expand Up @@ -269,7 +269,7 @@
$historyindexcachesize = $zabbix::params::proxy_historyindexcachesize,
$historytextcachesize = $zabbix::params::proxy_historytextcachesize,
$timeout = $zabbix::params::proxy_timeout,
$tlsaccept = $zabbix::params::proxy_tlsaccept,
Optional[Variant[Array[Enum['unencrypted','psk','cert']],Enum['unencrypted','psk','cert']]] $tlsaccept = $zabbix::params::proxy_tlsaccept,
$tlscafile = $zabbix::params::proxy_tlscafile,
$tlscertfile = $zabbix::params::proxy_tlscertfile,
$tlsconnect = $zabbix::params::proxy_tlsconnect,
Expand Down
24 changes: 24 additions & 0 deletions spec/classes/agent_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -352,6 +352,30 @@
end
end

context 'tlsaccept with one value array' do
if facts[:kernel] == 'Linux'
let :params do
{
tlsaccept: %w[cert]
}
end

it { is_expected.to contain_file(config_path).with_content %r{^TLSAccept=cert$} }
end
end

context 'tlsaccept with two value array' do
if facts[:kernel] == 'Linux'
let :params do
{
tlsaccept: %w[unencrypted cert]
}
end

it { is_expected.to contain_file(config_path).with_content %r{^TLSAccept=unencrypted,cert$} }
end
end

context 'without ListenIP' do
let :params do
{
Expand Down
31 changes: 31 additions & 0 deletions spec/classes/proxy_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -415,6 +415,37 @@
it { is_expected.to contain_file('/etc/zabbix/zabbix_proxy.conf').with_content %r{^LogFileSize=10$} }
end
end

context 'tlsaccept with one string value' do
let :params do
{
tlsaccept: 'cert'
}
end

it { is_expected.to contain_file('/etc/zabbix/zabbix_proxy.conf').with_content %r{^TLSAccept=cert$} }
end

context 'tlsaccept with one value array' do
let :params do
{
tlsaccept: %w[cert]
}
end

it { is_expected.to contain_file('/etc/zabbix/zabbix_proxy.conf').with_content %r{^TLSAccept=cert$} }
end

context 'tlsaccept with two value array' do
let :params do
{
tlsaccept: %w[unencrypted cert]
}
end

it { is_expected.to contain_file('/etc/zabbix/zabbix_proxy.conf').with_content %r{^TLSAccept=unencrypted,cert$} }
end

end
end
end
Expand Down
2 changes: 1 addition & 1 deletion templates/zabbix_agentd.conf.erb
Original file line number Diff line number Diff line change
Expand Up @@ -310,7 +310,7 @@ LoadModulePath=<%= @loadmodulepath %>
# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
# Default:
# TLSAccept=unencrypted
<% if @tlsaccept %>TLSAccept=<%= @tlsaccept %><% end %>
<% if @tlsaccept %>TLSAccept=<%= [@tlsaccept].flatten.join(',') %><% end %>

### Option: TLSCAFile
# Full pathname of a file containing the top-level CA(s) certificates for
Expand Down
2 changes: 1 addition & 1 deletion templates/zabbix_proxy.conf.erb
Original file line number Diff line number Diff line change
Expand Up @@ -511,7 +511,7 @@ LoadModulePath=<%= @loadmodulepath %>
# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
# Default:
# TLSAccept=unencrypted
<% if @tlsaccept %>TLSAccept=<%= @tlsaccept %><% end %>
<% if @tlsaccept %>TLSAccept=<%= [@tlsaccept].flatten.join(',') %><% end %>

### Option: TLSCAFile
# Full pathname of a file containing the top-level CA(s) certificates for
Expand Down

0 comments on commit edf9e52

Please sign in to comment.