Skip to content

Instantly share code, notes, and snippets.

@ajbw

ajbw/gist:9542918

Forked from justinhennessy/gist:9404571
Last active August 29, 2015 13:57
Show Gist options
  • Save ajbw/9542918 to your computer and use it in GitHub Desktop.
Save ajbw/9542918 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.md

Module

# == Class: sdiff
#
# This class adds a wrapper for the diff command puppet uses.
# It introduces the ability to suppress diff output, useful for encrypted data.
#
# This module requires changes to the puppet.conf file that is on the agents,
# suggest under the [main] section.
#
# diff=/usr/local/bin/cdiff
# diff_args=-u
#
# === Parameters
#
# [*ensure*]
#   String. Controls if the managed resources shall be <tt>present</tt> or
#   <tt>absent</tt>. If set to <tt>absent</tt>:
#   * System modifications (if any) will be reverted as good as possible
#     (e.g. removal of created users, services, changed log settings, ...).
#   * This is thus destructive and should be used with care.
#   Defaults to <tt>present</tt>.
#
# [*color*]
#   Boolean. Optionally color line in diff output (red for deletions, green for
#   insertions).
#   Defaults to <tt>true</tt>.
#
# [*file_pattern*]
#   String. The pattern that is used to determine which files not to show
#   diffs for. This value can be configured in hiera using the cdiff::file_pattern
#   key.
#   Defaults to <tt>false</tt>.
#
# [*line_pattern*]
#   String. The pattern that is used to determine lines in a diff to not
#   show diffs for.  This value can be configured in hiera using the
#   cdiff::line_pattern key.
#
#   Example:
#   cdiff::line_pattern: 'MERCHANT_ID=.*\|PRIVATE_KEY=.*\$'
#
#   Defaults to <tt>false</tt>.

class sdiff(
  $ensure       = present,
  $color        = hiera('sdiff::color',true),
  $file_pattern = hiera('sdiff::file_pattern',false),
  $line_pattern = hiera('sdiff::line_pattern',false),
) {

  $file_ensure = $ensure ? {
    present => file,
    default => present,
  }

  file { '/usr/local/bin/sdiff':
    ensure  => $file_ensure,
    owner   => 'root',
    group   => 'root',
    mode    => '0755',
    content => template('sdiff/sdiff.erb'),
  }
}

Script template

#!/bin/bash

<%- if @color -%>
red="$(tput setaf 1)$(tput bold)"
green="$(tput setaf 2)$(tput bold)"
yellow="$(tput setaf 3)$(tput bold)"
reset="$(tput sgr0)"
<%- else -%>
red=""
green=""
yellow=""
reset=""
<%- end -%>

<%- if @file_pattern -%>
if [[ $* =~ <%= @file_pattern %> ]]; then
    echo "${yellow}Suppressing potentially sensitive diff of ${2} vs ${3}.${reset}"
    exit
fi

<%- end -%>
/usr/bin/diff $@ | \
<%- if @line_pattern -%>
sed 's/<%= @line_pattern %>/'$yellow'Suppressing potentially sensitive diff.'$reset'/' | \
<%- end -%>
<%- if @color -%>
sed 's/^\([^+-]\)/'$reset'\1/' | \
sed 's/^\(+.*\)$/'$green'\1'$reset'/' | \
sed 's/^\(-.*\)$/'$red'\1'$reset'/'
<%- end -%>
cat

How to use in a node

include sdiff

If you wanted to override the modules pattern, or disable color, add this into Hiera:

---
sdiff::file_pattern: '\.[eyaml|etxt|ejson]'
sdiff::line_pattern: 'MERCHANT_ID=.*\|PRIVATE_KEY=.*\$'
sdiff::color: false
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment