Puppet Plan: complyadm::configure
- Defined in:
- plans/configure.pp
Summary
Configure the application settings.Overview
Use this plan to change the configuration settings you specified during the installation of Security Compliance Management. After running this plan you are prompted for the configuration settings to change and only the affected services are restarted.
6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 |
# File 'plans/configure.pp', line 6
plan complyadm::configure() {
out::message("\n==================== Application Configuration =======================\n\n")
# Map Config Items to the containers that need reconfigured on change
$config_items = [
{ 'name' => 'data_retention_period', 'options' => ['Unlimited', '1 week', '4 weeks', '14 weeks', '28 weeks', '1 year', '2 years'], 'containers' => [scarpy], 'plan' => false },
{ 'name' => 'fact_update_check_interval', 'options' => ['15 minutes', '30 minutes', '1 hour', '12 hours', '24 hours'], 'containers' => [scarpy], 'plan' => false },
{ 'name' => 'assessor_update_check_interval', 'options' => ['15 minutes', '30 minutes', '1 hour', '12 hours', '24 hours'], 'containers' => [scarpy], 'plan' => false },
{ 'name' => 'user_assessor_version', 'options' => [latest, '4.39.0', '4.38.0', '4.36.0'], 'containers' => [
ui_assessor_init,
ui,
scarpy_assessor_init,
scarpy_init,
assessor_upgrade,
scarpy,
],
'plan' => false
},
{ 'name' => 'log_level', 'options' => [info, warn, debug], 'containers' => [
ui,
graphql,
graphql_init,
scarpy_init,
assessor_upgrade,
scarpy,
identity,
gatekeeper,
frontdoor,
mtls_proxy,
postgres,
],
'plan' => false
},
{ 'name' => 'configure_mtls_certs', 'options' => [], 'containers' => [
scarpy,
identity,
mtls_proxy,
],
'plan' => 'complyadm::configure_pe_certs'
},
{ 'name' => 'configure_comply_certs', 'options' => [], 'containers' => [frontdoor], 'plan' => 'complyadm::configure_comply_certs' },
]
# Create a list of user friendly data input options
$user_input_items = {
'15 minutes' => '15m',
'30 minutes' => '30m',
'1 hour' => '1h',
'12 hours' => '12h',
'24 hours' => '24h',
'1 week' => '168h',
'4 weeks' => '672h',
'14 weeks' => '2352h',
'28 weeks' => '4704h',
'1 year' => '8760h',
'2 years' => '17520h',
'Unlimited' => '0',
}
# need to find a way in puppet language to generate below hash from above hash
$hiera_input_items = {
'15m' => '15 minutes',
'30m' => '30 minutes',
'1h' => '1 hour',
'12h' => '12 hours',
'24h' => '24 hours',
'168h' => '1 week',
'672h' => '4 weeks',
'2352h' => '14 weeks',
'4704h' => '28 weeks',
'8760h' => '1 year',
'17520h' => '2 years',
'0' => 'Unlimited',
}
$config_items_update = $config_items.map |$index, $value| {
complyadm::display()
# check if standalone configure plan specified
if $value['plan'] {
# advanced config item, execute its plan
{ 'name' => $value['name'], 'containers' => $value['containers'], 'updated' => run_plan($value['plan']) }
} else {
# simple config item, prompt and store value
$config_item_name = $value['name']
$config_item_name_formatted = String(regsubst($config_item_name, '_', ' ', 'G'), '%C')
$config_item_existing = complyadm::get_yaml_key_value($config_item_name, 'data/common.yaml')
$default_value = if $config_item_existing in $hiera_input_items { $hiera_input_items[$config_item_existing] } else { $config_item_existing }
if $value['options'].size > 0 {
$config_item_new = prompt::menu("${config_item_name_formatted}:", $value['options'], 'default' => $default_value)
} else {
$config_item_new = prompt("${config_item_name_formatted}:", 'default' => $default_value)
}
# convert from user string to hiera format
$config_item_new_hiera = if $config_item_new in $user_input_items { $user_input_items[$config_item_new] } else { $config_item_new }
if $config_item_existing != $config_item_new_hiera {
{ 'name' => $config_item_name, 'containers' => $value['containers'], 'updated' => complyadm::save_yaml_key_value($config_item_name, $config_item_new_hiera, 'data/common.yaml') }
} else {
{ 'name' => $config_item_name, 'containers' => $value['containers'], 'updated' => false }
}
}
}
out::message("\n======================================================================\n")
# determine a list of containers that need reconfigured due to changes
$containers = unique( flatten( $config_items_update.map |$index, $value| {
if $value['updated'] {
$value['containers']
} else {
[]
}
}))
if $containers.size > 0 {
$restart_services = Boolean(prompt('Application Updated, Restart Services?', 'default' => 'y'))
if $restart_services == true {
# Get the latest config including any Hiera modifications
$config = complyadm::config()
$apply_options = {
'_run_as' => 'root',
'_description' => 'install and configure application components',
}
apply_prep($config['all_targets'], { '_run_as' => 'root' })
apply($config['roles']['backend']['targets'], $apply_options) {
class { 'complyadm':
runtime => $config['runtime'],
ca_crt => $config['ca_crt'],
}
}
$containers.each |$container| {
$class_name = "complyadm::component::${container}"
# Determine Role
case $container {
/^ui/: { $container_role='ui' }
/^postgres/: { $container_role='database' }
default: { $container_role='backend' }
}
apply($config['roles'][$container_role]['targets'], $apply_options) {
class { "complyadm::component::${container}":
config => $config['roles'][$container_role]['services']["comply_${container}"],
}
}
}
} else {
out::message('WARNING: Any modifications will not take place until complyadm::install plan is run')
}
}
}
|