Skip to content

Instantly share code, notes, and snippets.

@justinhennessy

justinhennessy/gist:9404571

Last active August 29, 2015 13:57
Show Gist options
  • Save justinhennessy/9404571 to your computer and use it in GitHub Desktop.
Save justinhennessy/9404571 to your computer and use it in GitHub Desktop.
Download ZIP
cdiff module
Raw
gistfile1.md

Module

# == Class: sdiff
#
# This class adds a wrapper for the diff command puppet uses.
# It introduces the ability to suppress diff output, useful for encrypted data.
#
# This module requires changes to the puppet.conf file that is on the agents,
# suggest under the [main] section.
#
# diff=/usr/local/bin/cdiff
# diff_args=-u
#
# === Parameters
#
# [*ensure*]
#   String. Controls if the managed resources shall be <tt>present</tt> or
#   <tt>absent</tt>. If set to <tt>absent</tt>:
#   * System modifications (if any) will be reverted as good as possible
#     (e.g. removal of created users, services, changed log settings, ...).
#   * This is thus destructive and should be used with care.
#   Defaults to <tt>present</tt>.
#
# [*file_pattern*]
#   String. The pattern that is used to determine which files not to show
#   diffs for. This value can be configured in hiera using the cdiff::pattern
#   key.
#   Defaults to <tt>\.eyaml</tt>.
#
# [*line_pattern*]
#   String. The pattern that is used to determine lines in a diff to not
#   show diffs for.  This value can be configured in hiera using the
#   cdiff::line_pattern key.
#
#   Example:
#   cdiff::line_pattern: 'MERCHANT_ID=.*\|PRIVATE_KEY=.*\$'
#
#   Defaults to <tt>false</tt>.

class sdiff(
  $ensure       = present,
  $file_pattern = hiera('sdiff::file_pattern',false),
  $line_pattern = hiera('sdiff::line_pattern',false),
) {

  $file_ensure = $ensure ? {
    present => file,
    default => present,
  }

  file { '/usr/local/bin/sdiff':
    ensure  => $file_ensure,
    owner   => 'root',
    group   => 'root',
    mode    => '0755',
    content => template('sdiff/sdiff.erb'),
  }
}

Script template

#!/bin/bash

red="$(tput setaf 1)$(tput bold)"
green="$(tput setaf 2)$(tput bold)"
yellow="$(tput setaf 3)$(tput bold)"
reset="$(tput sgr0)"

<% if @file_pattern %>
if [[ $* =~ <%= @file_pattern %> ]]; then
    echo "${yellow}Suppressing potentially sensitive diff of ${2} vs ${3}.${reset}"
    exit
fi
<% end %>

<% if @line_pattern %>
/usr/bin/diff $@ | \
sed 's/<%= @line_pattern %>/'$yellow'Suppressing potentially sensitive diff.'$reset'/' | \
sed 's/^\([^+-]\)/'$reset'\1/' | \
sed 's/^\(+.*\)$/'$green'\1'$reset'/' | \
sed 's/^\(-.*\)$/'$red'\1'$reset'/'
<% else %>
/usr/bin/diff $@
<% end%>

How to use in a node

include sdiff

If you wanted to override the modules pattern you just add this into Hiera

---
sdiff::file_pattern: '\.[eyaml|etxt|ejson]'
sdiff::line_pattern: 'MERCHANT_ID=.*\|PRIVATE_KEY=.*\$'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment