style(*): correcting to appease the lint masters

Beau Bilyeu · Beau Bilyeu · commit 72df3d875c62 · 2022-02-01T19:07:32.000-05:00
* pillar.example - corrected to match yamllint guidelines
* snmp/conf.sls - exploded into variables to stay below 160 char
* snmp/macros.jinja - corrected style issues
* config.rb - fixed to snake_cake
diff --git a/pillar.example b/pillar.example
@@ -6,7 +6,7 @@ snmp:
   lookup:
     snmpdargs: '-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a'
     trapdargs: '-Lsd -p /var/run/snmptrapd.pid'
-    trapdrun: 'no' # Single quote wrap to avoid boolean behavior
+    trapdrun: 'no'  # Single quote wrap to avoid boolean behavior
 
   conf:
     ## Config reference: http://www.net-snmp.org/docs/man/snmpd.conf.html
@@ -19,8 +19,8 @@ snmp:
     ###   Disk Usage Monitoring   ###
     #################################
     # ref: http://www.net-snmp.org/docs/man/snmpd.conf.html#lbAS
-    #disks:
-    #  (path): (min-space-in-kB)
+    # disks:
+    #   (path): (min-space-in-kB)
     disks:
       '/': 1000000
       '/nfs/apache': 250000
@@ -29,14 +29,14 @@ snmp:
     ###   VACM Configuration   ###
     ##############################
     # ref: http://www.net-snmp.org/docs/man/snmpd.conf.html#lbAL
-    # `com2sec` : map an SNMPv1 or SNMPv2c community string to a 
-    #             security name - either from a particular range of 
+    # `com2sec` : map an SNMPv1 or SNMPv2c community string to a
+    #             security name - either from a particular range of
     #             source addresses, or globally ("default")
     #             (SALT: multiple entries allowed, list syntax)
-    #com2sec:
-    #  - name: (helpful label)
-    #    source: {hostname|IP+Mask|IP+Subnet}
-    #    community: (community string)
+    # com2sec:
+    #   - name: (helpful label)
+    #     source: {hostname|IP+Mask|IP+Subnet}
+    #     community: (community string)
     com2Sec:
       - name: localSec
         source: 10.20.30.0/24
@@ -48,10 +48,10 @@ snmp:
     # `group` : maps a security name (in the specified security model)
     #           into a named group
     #           (SALT: multiple entries allowed, list syntax)
-    #groups:
-    #  - name: (helpful label)
-    #    version: {v1|v2c|usm|tsm|ksm}
-    #    secname: (any valid `com2Sec` entry defined)
+    # groups:
+    #   - name: (helpful label)
+    #     version: {v1|v2c|usm|tsm|ksm}
+    #     secname: (any valid `com2Sec` entry defined)
     groups:
       - name: ROwers1
         version: v1
@@ -64,11 +64,11 @@ snmp:
     #
     # `view` : defines a named "view" - a subset of the overall OID tree
     #          (SALT: multiple entries allowed, list syntax)
-    #views:
-    #  - name: (helpful label)
-    #    type: {included|excluded}
-    #    oid: (oid string)
-    #    mask: (list of hex octets to match against)  ## OPTIONAL
+    # views:
+    #   - name: (helpful label)
+    #     type: {included|excluded}
+    #     oid: (oid string)
+    #     mask: (list of hex octets to match against)  ## OPTIONAL
     views:
       - name: all
         type: included
@@ -80,21 +80,21 @@ snmp:
       - name: iso3
         type: included
         oid: '.iso.org.dod.mgmt'
-    #         
-    # `access` : maps from a group of users/communities (with a particular 
-    #            security model and minimum security level, and in a 
+    #
+    # `access` : maps from a group of users/communities (with a particular
+    #            security model and minimum security level, and in a
     #            specific context) to one of three views, depending on the
     #            request being processed
     #            (SALT: multiple entries allowed, list syntax)
-    #access:
-    #  - name: (any valid `group` entry defined)
-    #    context: (incoming request context) # can be leftout to assume 'blank'
-    #    match: {any|v1|v2c|usm|tsm|ksm}
-    #    level: {noauth|auth|priv} # v1 & v2c require 'noauth'
-    #    prefix: {exact|prefix}
-    #    read: {all|none} # omitting selects 'none'
-    #    write: {all|none} # omitting selects 'none'
-    #    notify: {all|none} # omitting selects 'none'
+    # access:
+    #   - name: (any valid `group` entry defined)
+    #     context: (incoming request context) # can be leftout to assume 'blank'
+    #     match: {any|v1|v2c|usm|tsm|ksm}
+    #     level: {noauth|auth|priv} # v1 & v2c require 'noauth'
+    #     prefix: {exact|prefix}
+    #     read: {all|none} # omitting selects 'none'
+    #     write: {all|none} # omitting selects 'none'
+    #     notify: {all|none} # omitting selects 'none'
     access:
       - name: ROwers1
         match: any
@@ -107,31 +107,32 @@ snmp:
         prefix: exact
         read: all
         write: all
-    
+
     ######################################
     ###   Traditional Access Control   ###
     ######################################
     # ref: http://www.net-snmp.org/docs/man/snmpd.conf.html#lbAK
     ## v1/v2c ##
-    # rXcommunity - specify an SNMPv1 or SNMPv2c community that will be 
+    # rXcommunity - specify an SNMPv1 or SNMPv2c community that will be
     #               allowed read-only (if `rocommunity`) or be allowed
     #               read-write (if `rwcommunity`) access
     #               (SALT: suffix '6' for ipv6 version of the communities,
     #                      such as 'rocommunities6' or 'rwcommunities6')
+    #               (SALT: source, if used, accepts list format or single entry)
     # SYNTAX WITH SOURCE
-    #rXcommunities:
-    #  (community string):
-    #    source: {hostname|IP+Mask|IP+Subnet} or [{hostname|IP+Mask|IP+Subnet}, ...] # list format or single entry
-    rocommunities:
-      public:
-        source: [localhost, 192.168.0.0/24, 2001:DB8::1]
-    rwcommunities:
-      private:
-        source: 192.168.1.0/24
-    # SYNTAX WITHOUT SOURCE
-    #rXcommunities:
-    #  - (community string)
-    #  - (another community string)
+    # rXcommunities:
+    #   (community string):
+    #     source: {hostname|IP+Mask|IP+Subnet} or [{hostname|IP+Mask|IP+Subnet}, ...]
+    # rocommunities:
+    #   public:
+    #     source: [localhost, 192.168.0.0/24, 2001:DB8::1]
+    # rwcommunities:
+    #   private:
+    #     source: 192.168.1.0/24
+    #  SYNTAX WITHOUT SOURCE
+    # rXcommunities:
+    #   - (community string)
+    #   - (another community string)
     rocommunities:
       - monitoring
       - dontbreakit
@@ -142,20 +143,21 @@ snmp:
     #        and the default privproto will be AES, instead of
     #        DES, for the sake of security.
     #        `securitylevel` = 'priv' enforces encryption, in
-    #        addition to auth, which *requires* privpassphrase 
+    #        addition to auth, which *requires* privpassphrase
     #        to be defined.
-    #rXusers:
-    #  - username: (snmpv3 user name)
-    #    authpassphrase: (authentication password)
-    #    privpassphrase: (encryption password) ## optional only if `securitylevel` = 'auth'
-    #    securitylevel: {auth|priv} # omitting selects 'auth'                    
-    #    authproto: {MD5|SHA} # omitting selects 'SHA'
-    #    privproto: {DES|AES} # omitting selects 'AES'
-    #    view: (any valid `view` entry defined) ## OPTIONAL
+    #        (SALT: `privpassphrase` is optional only if `securitylevel` = 'auth')
+    # rXusers:
+    #   - username: (snmpv3 user name)
+    #     authpassphrase: (authentication password)
+    #     privpassphrase: (encryption password)
+    #     securitylevel: {auth|priv}  # omitting selects 'auth'
+    #     authproto: {MD5|SHA} # omitting selects 'SHA'
+    #     privproto: {DES|AES} # omitting selects 'AES'
+    #     view: (any valid `view` entry defined)  ## OPTIONAL
     rousers:
       - username: 'someNewUser'
         authpassphrase: 'tklhgKipJF1nNY'
-        view: all        
+        view: all
     rwusers:
       - username: 'somethingCICD'
         authpassphrase: 'VPluOBhwmnFB6z'
@@ -170,7 +172,7 @@ snmp:
     #        should be acceptable here.)
     settings:
       # ref: http://www.net-snmp.org/docs/man/snmpd.conf.html#lbAD
-      #agentAddress: [<transport-specifier>:]<transport-address>
+      # agentAddress: [<transport-specifier>:]<transport-address>
       agentAddress: 'udp:161,udp6:[::1]:161'
       sysServices: 72
       master: ['agentx']
diff --git a/snmp/conf.sls b/snmp/conf.sls
@@ -22,13 +22,18 @@ snmp_conf:
 {% if 'persistentconfig' in snmp %}
 {% for groups in ['rousers', 'rwusers'] %}
 {% for user in conf.get(groups, []) %}
-{% set securitylevel = 'authPriv' if user.get('securitylevel') == 'priv' else 'authNoPriv' %}
+{% set seclevel = 'authPriv' if user.get('securitylevel') == 'priv' else 'authNoPriv' %}
+{% set uname = user.username %}
+{% set authproto = user.get('authproto', 'SHA') %}
+{% set authpass = user.authpassphrase %}
+{% set privproto = user.get('privproto', 'AES') %}
+{% set privpass = '-X ' ~ user.privpassphrase if seclevel == 'authPriv' else '' %}
 {# if test fails, stop snmpd, add user to persistent config file, restart snmpd #}
 snmpv3 creating {{ user.username }} step 1 of 3:
   service.dead:
     - name: {{ snmp.service }}
     - unless:
-      - "snmpget -v3 -l {{ securitylevel }} -u {{ user.username }} -a {{ user.get('authproto', 'SHA') }} -A {{ user.authpassphrase }} -x {{ user.get('privproto', 'AES') }} {% if securitylevel == "authPriv" %}-X {{ user.privpassphrase }}{% endif %} 127.0.0.1 1.3.6.1.2.1.1.5.0 -On"
+      - "snmpget -v3 -l {{ seclevel }} -u {{ uname }} -a {{ authproto }} -A {{ authpass }} -x {{ privproto }} {{ privpass }} 127.0.0.1 1.3.6.1.2.1.1.5.0 -On"
 
 snmpv3 creating {{ user.username }} step 2 of 3:
   file.line:
diff --git a/snmp/macros.jinja b/snmp/macros.jinja
@@ -15,12 +15,15 @@
       {%- set source = [source] %}
     {%- endif %}
     {%- for src in source -%}
-{{ mode }}community     {{ community }}       {{ src }}{{' -V ' ~ view if view else ''}}
+{{ mode~'community' }}     {{ community }}       {{ src }} {{ ' -V ' ~ view if view else '' }}
 {%      endfor %}
   {%- endfor -%}
-{% endmacro-%}
+{% endmacro -%}
 
 {%- macro v3_createUser_string(user) -%}
   {% set seclevel = user.get('securitylevel', 'auth') -%}
-createUser {{ user.username }} {{ user.get('authproto', 'SHA') }} {{ user.authpassphrase }} {{ user.get('privproto', 'AES') }} {% if seclevel == "priv" %}{{ user.privpassphrase }}{% else %}{{ user.get('privpassphrase', '') }}{% endif %}
+  {% set authproto = user.get('authproto', 'SHA') -%}
+  {% set privproto = user.get('privproto', 'AES') %}
+  {% set privpass = user.get('privpassphrase', '') %}
+createUser {{ user.username }} {{ authproto }} {{ user.authpassphrase }} {{ privproto }} {{ privpass }}
 {%- endmacro -%}
diff --git a/test/integration/default/controls/config.rb b/test/integration/default/controls/config.rb
@@ -11,9 +11,9 @@
     else
       %w[/etc/snmp/snmpd.conf root]
     end
-  
+
   # Override for persistent config file
-  createUser_str =
+  create_user_str =
     case platform[:family]
     when 'debian'
       'createUser string will be added to /var/lib/snmp/snmpd.conf'
@@ -38,7 +38,7 @@
     its('content') { should include 'rwcommunity     private       192.168.1.0/24' }
     its('content') { should include 'rouser myv3user auth -V all' }
     its('content') do
-      should include createUser_str
+      should include create_user_str
     end
   end
 end
