diff --git a/CHANGELOG.md b/CHANGELOG.md index a1137aeb..a86a856e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ ## Development +## 2.6.0 (April 12, 2023) + +- Fixing tests. Contributed by @bishopbm1 + ## 2.5.0 (June 29, 2022) - Move CentOS -> RockyLinux and Python 3.6 -> 3.8. Contributed by @rush-skills diff --git a/manifests/init.pp b/manifests/init.pp index 19fce3e4..4c06f8ec 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -262,6 +262,9 @@ $version = 'present', String $python_version = 'system', St2::Repository $repository = $st2::params::repository, + $manage_epel_repo = $st2::params::manage_epel_repo, + $python_use_epel_repo = $st2::params::python_use_epel_repo, + $redis_manage_repo = $st2::params::redis_manage_repo, $conf_dir = $st2::params::conf_dir, $conf_file = "${st2::params::conf_dir}/st2.conf", $use_ssl = $st2::params::use_ssl, @@ -307,6 +310,12 @@ $ng_init = true, $datastore_keys_dir = $st2::params::datstore_keys_dir, $datastore_key_path = "${st2::params::datstore_keys_dir}/datastore_key.json", + $manage_datastore_key = $st2::params::manage_datastore_key, + $datastore_hmac_size = $st2::params::datastore_hmac_size, + $datastore_hmac_key = $st2::params::datastore_hmac_key, + $datastore_aes_key = $st2::params::datastore_aes_key, + $datastore_aes_mode = $st2::params::datastore_aes_mode, + $datastore_aes_size = $st2::params::datastore_aes_size, $nginx_basicstatus_enabled = $st2::params::basicstatus_enabled, $nginx_basicstatus_port = $st2::params::basicstatus_port, $nginx_manage_repo = true, diff --git a/manifests/params.pp b/manifests/params.pp index 0b36fd76..e50b5714 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -55,6 +55,18 @@ $conf_dir = '/etc/st2' $datstore_keys_dir = "${conf_dir}/keys" + # Datastore + $manage_datastore_key = false + $datastore_aes_key = '' + $datastore_hmac_key = '' + $datastore_hmac_size = 256 + $datastore_aes_mode = 'CBC' + $datastore_aes_size = 256 + + $manage_epel_repo = true + $python_use_epel_repo = true + $redis_manage_repo = false + $st2_server_packages = [ 'st2', ] diff --git a/manifests/profile/python.pp b/manifests/profile/python.pp index c3457a69..3bab45ba 100644 --- a/manifests/profile/python.pp +++ b/manifests/profile/python.pp @@ -20,7 +20,8 @@ # include st2::profile::python # class st2::profile::python ( - String $version = $st2::python_version, + String $version = $st2::python_version, + Boolean $python_use_epel_repo = $st2::python_use_epel_repo, ) inherits st2 { notice("Python version: ${version}") if !defined(Class['python']) { @@ -29,6 +30,7 @@ version => $version, dev => present, manage_pip_package => false, + use_epel => $python_use_epel_repo, } } } diff --git a/manifests/profile/rabbitmq.pp b/manifests/profile/rabbitmq.pp index e5c6eeab..dd69f12a 100644 --- a/manifests/profile/rabbitmq.pp +++ b/manifests/profile/rabbitmq.pp @@ -36,6 +36,7 @@ $erlang_rhel_sslverify = $st2::erlang_rhel_sslverify, $erlang_rhel_gpgcheck = $st2::erlang_rhel_gpgcheck, $erlang_rhel_repo_gpgcheck = $st2::erlang_rhel_repo_gpgcheck, + $manage_epel_repo = $st2::manage_epel_repo, ) inherits st2 { # RHEL 8 Requires another repo in addition to epel to be installed @@ -127,7 +128,7 @@ } # RHEL needs EPEL installed prior to rabbitmq - if $facts['os']['family'] == 'RedHat' { + if (($facts['os']['family'] == 'RedHat') and ($manage_epel_repo == true)) { Class['epel'] -> Class['rabbitmq'] diff --git a/manifests/profile/redis.pp b/manifests/profile/redis.pp index dc81e6e0..ade37729 100644 --- a/manifests/profile/redis.pp +++ b/manifests/profile/redis.pp @@ -12,11 +12,13 @@ # } # class st2::profile::redis ( - String $bind_ip = $st2::redis_bind_ip, + String $bind_ip = $st2::redis_bind_ip, + Boolean $redis_manage_repo = $st2::redis_manage_repo, ) inherits st2 { class { 'redis': - bind => $bind_ip, + bind => $bind_ip, + manage_repo => $redis_manage_repo, } contain redis diff --git a/manifests/repo.pp b/manifests/repo.pp index 4ef6af3f..e684d74b 100644 --- a/manifests/repo.pp +++ b/manifests/repo.pp @@ -17,7 +17,7 @@ class st2::repo ( Enum['present', 'absent'] $ensure = 'present', St2::Repository $repository = $st2::repository, - Boolean $manage_epel_repo = true, + Boolean $manage_epel_repo = $st2::manage_epel_repo, ) inherits st2 { case $facts['os']['family'] { 'RedHat': { diff --git a/manifests/server/datastore_keys.pp b/manifests/server/datastore_keys.pp index 269ee225..eaa511ea 100644 --- a/manifests/server/datastore_keys.pp +++ b/manifests/server/datastore_keys.pp @@ -17,9 +17,15 @@ # } # class st2::server::datastore_keys ( - $conf_file = $st2::conf_file, - $keys_dir = $st2::datastore_keys_dir, - $key_path = $st2::datastore_key_path, + $conf_file = $st2::conf_file, + $keys_dir = $st2::datastore_keys_dir, + $key_path = $st2::datastore_key_path, + $manage_datastore_key = $st2::manage_datastore_key, + $datastore_hmac_size = $st2::datastore_hmac_size, + $datastore_hmac_key = $st2::datastore_hmac_key, + $datastore_aes_key = $st2::datastore_aes_key, + $datastore_aes_mode = $st2::datastore_aes_mode, + $datastore_aes_size = $st2::datastore_aes_size, ) inherits st2 { ## Directory file { $keys_dir: @@ -30,21 +36,40 @@ require => Package['st2'], } - ## Generate - exec { "generate datastore key ${key_path}": - command => "st2-generate-symmetric-crypto-key --key-path ${key_path}", - creates => $key_path, - path => ['/opt/stackstorm/st2/bin'], - notify => Service['st2api'], - } + if $manage_datastore_key { + file { $key_path: + ensure => file, + path => $key_path, + content => epp('st2/server/datastore_key.json.epp', { + datastore_hmac_key => $datastore_hmac_key, + datastore_hmac_size => $datastore_hmac_size, + datastore_aes_mode => $datastore_aes_mode, + datastore_aes_key => $datastore_aes_key, + datastore_aes_size => $datastore_aes_size, + }), + owner => 'st2', + group => 'st2', + mode => '0600', + notify => Service['st2api'], + require => Package['st2'], + } + } else { + ## Generate + exec { "generate datastore key ${key_path}": + command => "st2-generate-symmetric-crypto-key --key-path ${key_path}", + creates => $key_path, + path => ['/opt/stackstorm/st2/bin'], + notify => Service['st2api'], + } - ## Permissions - file { $key_path: - ensure => file, - owner => 'st2', - group => 'st2', - mode => '0600', - require => Package['st2'], + ## Permissions + file { $key_path: + ensure => file, + owner => 'st2', + group => 'st2', + mode => '0600', + require => Package['st2'], + } } ## Config @@ -57,8 +82,15 @@ tag => 'st2::config', } - Package['st2'] - -> File[$keys_dir] - -> Exec["generate datastore key ${key_path}"] - -> File[$key_path] + + if $manage_datastore_key { + Package['st2'] + -> File[$keys_dir] + -> File[$key_path] + } else { + Package['st2'] + -> File[$keys_dir] + -> Exec["generate datastore key ${key_path}"] + -> File[$key_path] + } } diff --git a/templates/server/datastore_key.json.epp b/templates/server/datastore_key.json.epp new file mode 100644 index 00000000..2cfaabc5 --- /dev/null +++ b/templates/server/datastore_key.json.epp @@ -0,0 +1,7 @@ +<%- | String $datastore_hmac_key, + Integer $datastore_hmac_size, + String $datastore_aes_key, + String $datastore_aes_mode, + Integer $datastore_aes_size, +| -%> +{"hmacKey":{"hmacKeyString":"<%= $datastore_hmac_key %>","size":<%= $datastore_hmac_size %>},"aesKeyString":"<%= $datastore_aes_key %>","mode":"<%= $datastore_aes_mode %>","size":<%= $datastore_aes_size %>} \ No newline at end of file diff --git a/test/unit/test_tasks_key_decrypt.py b/test/unit/test_tasks_key_decrypt.py new file mode 100644 index 00000000..51959333 --- /dev/null +++ b/test/unit/test_tasks_key_decrypt.py @@ -0,0 +1,15 @@ +from test.unit.st2_test_case import St2TestCase +# import mock +import os +import sys +from key_decrypt import AESKey + +sys.path.append(os.path.join(os.path.dirname(__file__), '..', '..', 'tasks')) + + +class AESKeyTestCase(St2TestCase): + __test__ = True + + def test_init(self): + task = AESKey('test', 'test', 256) + self.assertIsInstance(task, object)