Clean up legacy fact usage

simp · Jul 8, 2024 · 82bc3ae · 82bc3ae
1 parent afc9e11
commit 82bc3ae
Show file tree

Hide file tree

Showing 11 changed files with 69 additions and 66 deletions.
diff --git a/CHANGELOG b/CHANGELOG
@@ -1,3 +1,6 @@
+* Wed Jul 03 2024 Steven Pritchard <[email protected]> - 8.14.1
+- Clean up legacy fact usage for Puppet 8 compatibility
+
 * Wed Nov 22 2023 ben <[email protected]> - 8.14.0
 - (SIMP-10744) Add purge behaviour for auditd rules
 

diff --git a/metadata.json b/metadata.json
@@ -1,6 +1,6 @@
 {
   "name": "simp-auditd",
-  "version": "8.14.0",
+  "version": "8.14.1",
   "author": "SIMP Team",
   "summary": "A SIMP puppet module for managing auditd and audispd",
   "license": "Apache-2.0",

diff --git a/spec/acceptance/suites/default/00_base_spec.rb b/spec/acceptance/suites/default/00_base_spec.rb
@@ -9,8 +9,8 @@
     {
       'simp_options::syslog'    => true,
       'pki::cacerts_sources'    => ['file:///etc/pki/simp-testing/pki/cacerts'] ,
-      'pki::private_key_source' => "file:///etc/pki/simp-testing/pki/private/%{fqdn}.pem",
-      'pki::public_key_source'  => "file:///etc/pki/simp-testing/pki/public/%{fqdn}.pub",
+      'pki::private_key_source' => "file:///etc/pki/simp-testing/pki/private/%{facts.networking.fqdn}.pem",
+      'pki::public_key_source'  => "file:///etc/pki/simp-testing/pki/public/%{facts.networking.fqdn}.pub",
       'rsyslog::config::main_msg_queue_size' => 4321,
     }
   }

diff --git a/spec/acceptance/suites/default/10_alt_audit_profiles_spec.rb b/spec/acceptance/suites/default/10_alt_audit_profiles_spec.rb
@@ -12,8 +12,8 @@
   let(:hieradata) {
     {
       'pki::cacerts_sources'    => ['file:///etc/pki/simp-testing/pki/cacerts'] ,
-      'pki::private_key_source' => "file:///etc/pki/simp-testing/pki/private/%{fqdn}.pem",
-      'pki::public_key_source'  => "file:///etc/pki/simp-testing/pki/public/%{fqdn}.pub",
+      'pki::private_key_source' => "file:///etc/pki/simp-testing/pki/private/%{facts.networking.fqdn}.pem",
+      'pki::public_key_source'  => "file:///etc/pki/simp-testing/pki/public/%{facts.networking.fqdn}.pub",
     }
   }
 

diff --git a/spec/acceptance/suites/default/20_built_in_audit_profile_spec.rb b/spec/acceptance/suites/default/20_built_in_audit_profile_spec.rb
@@ -12,8 +12,8 @@
   let(:hieradata) {
     {
       'pki::cacerts_sources'    => ['file:///etc/pki/simp-testing/pki/cacerts'] ,
-      'pki::private_key_source' => "file:///etc/pki/simp-testing/pki/private/%{fqdn}.pem",
-      'pki::public_key_source'  => "file:///etc/pki/simp-testing/pki/public/%{fqdn}.pub",
+      'pki::private_key_source' => "file:///etc/pki/simp-testing/pki/private/%{facts.networking.fqdn}.pem",
+      'pki::public_key_source'  => "file:///etc/pki/simp-testing/pki/public/%{facts.networking.fqdn}.pub",
     }
   }
 

diff --git a/spec/acceptance/suites/default/90_disable_audit_spec.rb b/spec/acceptance/suites/default/90_disable_audit_spec.rb
@@ -9,8 +9,8 @@
     ---
     pki::cacerts_sources:
     - 'file:///etc/pki/simp-testing/pki/cacerts'
-    pki::private_key_source: 'file:///etc/pki/simp-testing/pki/private/%{fqdn}.pem'
-    pki::public_key_source:  'file:///etc/pki/simp-testing/pki/public/%{fqdn}.pub'
+    pki::private_key_source: 'file:///etc/pki/simp-testing/pki/private/%{facts.networking.fqdn}.pem'
+    pki::public_key_source:  'file:///etc/pki/simp-testing/pki/public/%{facts.networking.fqdn}.pub'
     HIERA
   }
 
@@ -19,8 +19,8 @@
     ---
     pki::cacerts_sources:
     - 'file:///etc/pki/simp-testing/pki/cacerts'
-    pki::private_key_source: 'file:///etc/pki/simp-testing/pki/private/%{fqdn}.pem'
-    pki::public_key_source:  'file:///etc/pki/simp-testing/pki/public/%{fqdn}.pub'
+    pki::private_key_source: 'file:///etc/pki/simp-testing/pki/private/%{facts.networking.fqdn}.pem'
+    pki::public_key_source:  'file:///etc/pki/simp-testing/pki/public/%{facts.networking.fqdn}.pub'
     auditd::enable: false
     HIERA
   }

diff --git a/spec/acceptance/suites/default/99_disable_audit_kernel_spec.rb b/spec/acceptance/suites/default/99_disable_audit_kernel_spec.rb
@@ -10,16 +10,16 @@
   let(:enable_hieradata) {
     {
       'pki::cacerts_sources'    => ['file:///etc/pki/simp-testing/pki/cacerts'] ,
-      'pki::private_key_source' => "file:///etc/pki/simp-testing/pki/private/%{fqdn}.pem",
-      'pki::public_key_source'  => "file:///etc/pki/simp-testing/pki/public/%{fqdn}.pub",
+      'pki::private_key_source' => "file:///etc/pki/simp-testing/pki/private/%{facts.networking.fqdn}.pem",
+      'pki::public_key_source'  => "file:///etc/pki/simp-testing/pki/public/%{facts.networking.fqdn}.pub",
     }
   }
 
   let(:disable_hieradata) {
     {
       'pki::cacerts_sources'    => ['file:///etc/pki/simp-testing/pki/cacerts'] ,
-      'pki::private_key_source' => "file:///etc/pki/simp-testing/pki/private/%{fqdn}.pem",
-      'pki::public_key_source'  => "file:///etc/pki/simp-testing/pki/public/%{fqdn}.pub",
+      'pki::private_key_source' => "file:///etc/pki/simp-testing/pki/private/%{facts.networking.fqdn}.pem",
+      'pki::public_key_source'  => "file:///etc/pki/simp-testing/pki/public/%{facts.networking.fqdn}.pub",
       'auditd::at_boot' => false
     }
   }

diff --git a/spec/classes/config/grub_spec.rb b/spec/classes/config/grub_spec.rb
@@ -5,7 +5,7 @@
     on_supported_os.each do |os, facts|
       context "on #{os}" do
         let(:facts) do
-          if ['RedHat','CentOS'].include?(facts[:operatingsystem]) && facts[:operatingsystemmajrelease].to_s < '7'
+          if ['RedHat','CentOS'].include?(facts[:os][:name]) && facts[:os][:release][:major].to_s < '7'
             facts[:apache_version] = '2.2'
             facts[:grub_version] = '0.9'
           else

diff --git a/templates/rule_profiles/common/default_drop.epp b/templates/rule_profiles/common/default_drop.epp
@@ -17,7 +17,7 @@
 <% } -%>
 <% if $::auditd::ignore_time_daemons { -%>
 # Time daemons can be quite noisy
-<%   if $facts['hardwaremodel'] == 'x86_64' { -%>
+<%   if $facts['os']['hardware'] == 'x86_64' { -%>
 <%     if ($facts['os']['release']['major'] > '6') or (($facts['os']['name'] == 'Amazon') and ($facts['os']['release']['major'] < '3')) { -%>
 -a never,exit -F arch=b64 -S adjtimex -F auid=-1 -F uid=chrony -F subj_type=chronyd_t
 <%     } -%>

diff --git a/templates/rule_profiles/simp/base.epp b/templates/rule_profiles/simp/base.epp
@@ -6,31 +6,31 @@
 <% } -%>
 
 <% if $auditd::config::audit_profiles::simp::audit_network_ipv4_accept { -%>
-<%   if $facts['hardwaremodel'] == "x86_64"  { -%>
+<%   if $facts['os']['hardware'] == "x86_64"  { -%>
 -a always,exit -F arch=b64 -S accept -F a0=2 -F key=<%= $auditd::config::audit_profiles::simp::audit_network_ipv4_accept_tag %>
 <%   } -%>
 <% } -%>
 <% if $auditd::config::audit_profiles::simp::audit_network_ipv6_accept { -%>
-<%   if $facts['hardwaremodel'] == "x86_64"  { -%>
+<%   if $facts['os']['hardware'] == "x86_64"  { -%>
 -a always,exit -F arch=b64 -S accept -F a0=10 -F key=<%= $auditd::config::audit_profiles::simp::audit_network_ipv6_accept_tag %>
 <%   } -%>
 <% } -%>
 <% if $auditd::config::audit_profiles::simp::audit_network_ipv4_connect { -%>
-<%   if $facts['hardwaremodel'] == "x86_64"  { -%>
+<%   if $facts['os']['hardware'] == "x86_64"  { -%>
 -a always,exit -F arch=b64 -S connect -F a0=2 -F key=<%= $auditd::config::audit_profiles::simp::audit_network_ipv4_connect_tag %>
 <%   } -%>
 -a always,exit -F arch=b32 -S connect -F a0=2 -F key=<%= $auditd::config::audit_profiles::simp::audit_network_ipv4_connect_tag %>
 <% } -%>
 <% if $auditd::config::audit_profiles::simp::audit_network_ipv6_connect { -%>
-<%   if $facts['hardwaremodel'] == "x86_64"  { -%>
+<%   if $facts['os']['hardware'] == "x86_64"  { -%>
 -a always,exit -F arch=b64 -S connect -F a0=10 -F key=<%= $auditd::config::audit_profiles::simp::audit_network_ipv6_connect_tag %>
 <%   } -%>
 -a always,exit -F arch=b32 -S connect -F a0=10 -F key=<%= $auditd::config::audit_profiles::simp::audit_network_ipv6_connect_tag %>
 <% } -%>
 
 <% if $auditd::config::audit_profiles::simp::audit_unsuccessful_file_operations  { -%>
 ## Audit unsuccessful file operations
-<%   if $facts['hardwaremodel'] == "x86_64"  { -%>
+<%   if $facts['os']['hardware'] == "x86_64"  { -%>
 -a always,exit -F arch=b64 -S creat,mkdir,mknod,link,symlink,mkdirat,mknodat,linkat,symlinkat,openat,open_by_handle_at,open,close,rename,renameat,truncate,ftruncate,rmdir,unlink,unlinkat -F exit=-EACCES -k <%= $auditd::config::audit_profiles::simp::audit_unsuccessful_file_operations_tag %>
 -a always,exit -F arch=b64 -S creat,mkdir,mknod,link,symlink,mkdirat,mknodat,linkat,symlinkat,openat,open_by_handle_at,open,close,rename,renameat,truncate,ftruncate,rmdir,unlink,unlinkat -F exit=-EPERM -k <%= $auditd::config::audit_profiles::simp::audit_unsuccessful_file_operations_tag %>
 <%   } -%>
@@ -160,29 +160,29 @@
 ## Permissions auditing separated by chown, chmod, and attr
 <% if $auditd::config::audit_profiles::simp::audit_chown  { -%>
 
-<%   if $facts['hardwaremodel'] == "x86_64"  { -%>
+<%   if $facts['os']['hardware'] == "x86_64"  { -%>
 -a always,exit -F arch=b64 -S chown,fchown,fchownat,lchown -k <%= $auditd::config::audit_profiles::simp::audit_chown_tag %>
 <%   } -%>
 -a always,exit -F arch=b32 -S chown,fchown,fchownat,lchown -k <%= $auditd::config::audit_profiles::simp::audit_chown_tag %>
 <% } -%>
 <% if $auditd::config::audit_profiles::simp::audit_chmod  { -%>
 
-<%   if $facts['hardwaremodel'] == "x86_64"  { -%>
+<%   if $facts['os']['hardware'] == "x86_64"  { -%>
 -a always,exit -F arch=b64 -S chmod,fchmod,fchmodat -k <%= $auditd::config::audit_profiles::simp::audit_chmod_tag %>
 <%   } -%>
 -a always,exit -F arch=b32 -S chmod,fchmod,fchmodat -k <%= $auditd::config::audit_profiles::simp::audit_chmod_tag %>
 <% } -%>
 <% if $auditd::config::audit_profiles::simp::audit_attr  { -%>
 
-<%   if $facts['hardwaremodel'] == "x86_64"  { -%>
+<%   if $facts['os']['hardware'] == "x86_64"  { -%>
 -a always,exit -F arch=b64 -S setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -k <%= $auditd::config::audit_profiles::simp::audit_attr_tag %>
 <%   } -%>
 -a always,exit -F arch=b32 -S setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -k <%= $auditd::config::audit_profiles::simp::audit_attr_tag %>
 <% } -%>
 <% if $auditd::config::audit_profiles::simp::audit_rename_remove  { -%>
 
 ## Audit rename/removal operations
-<%   if $facts['hardwaremodel'] == "x86_64"  { -%>
+<%   if $facts['os']['hardware'] == "x86_64"  { -%>
 -a always,exit -F arch=b64 -S rename,renameat,rmdir,unlink,unlinkat -F perm=x -k <%= $auditd::config::audit_profiles::simp::audit_rename_remove_tag %>
 <%   } -%>
 -a always,exit -F arch=b32 -S rename,renameat,rmdir,unlink,unlinkat -F perm=x -k <%= $auditd::config::audit_profiles::simp::audit_rename_remove_tag %>
@@ -201,15 +201,15 @@
     }
 -%>
 ## Audit useful items that someone does when su'ing to root.
-<%   if $facts['hardwaremodel'] == "x86_64"  { -%>
+<%   if $facts['os']['hardware'] == "x86_64"  { -%>
 -a always,exit -F arch=b64 -F auid!=0 -F uid=0 -S <%= $_su_rules %> -k <%= $auditd::config::audit_profiles::simp::audit_su_root_activity_tag %>
 <%   } -%>
 -a always,exit -F arch=b32 -F auid!=0 -F uid=0 -S <%= $_su_rules %> -k <%= $auditd::config::audit_profiles::simp::audit_su_root_activity_tag %>
 <% } -%>
 <% if $auditd::config::audit_profiles::simp::audit_suid_sgid  { -%>
 
 ## Audit the execution of suid and sgid binaries.
-<%   if $facts['hardwaremodel'] == "x86_64"  { -%>
+<%   if $facts['os']['hardware'] == "x86_64"  { -%>
 -a always,exit -F arch=b64 -S execve -C uid!=euid -F euid=0 -k <%= $auditd::config::audit_profiles::simp::audit_suid_sgid_tag %>
 -a always,exit -F arch=b64 -S execve -C gid!=egid -F egid=0 -k <%= $auditd::config::audit_profiles::simp::audit_suid_sgid_tag %>
 <%   } -%>
@@ -236,15 +236,15 @@
 <%   } -%>
 -w /sbin/modprobe -p x -k <%= $auditd::config::audit_profiles::simp::audit_kernel_modules_tag %>
 
-<%   if $facts['hardwaremodel'] == "x86_64"  { -%>
+<%   if $facts['os']['hardware'] == "x86_64"  { -%>
 -a always,exit -F arch=b64 -S create_module,init_module,finit_module,delete_module -k <%= $auditd::config::audit_profiles::simp::audit_kernel_modules_tag %>
 <%   } -%>
 -a always,exit -F arch=b32 -S create_module,init_module,finit_module,delete_module -k <%= $auditd::config::audit_profiles::simp::audit_kernel_modules_tag %>
 <% } -%>
 <% if $auditd::config::audit_profiles::simp::audit_time  { -%>
 
 ## Audit things that could affect time
-<%   if $facts['hardwaremodel'] == "x86_64"  { -%>
+<%   if $facts['os']['hardware'] == "x86_64"  { -%>
 -a always,exit -F arch=b64 -S adjtimex,settimeofday -k <%= $auditd::config::audit_profiles::simp::audit_time_tag %>
 -a always,exit -F arch=b64 -S clock_settime -F a0=0x0 -k <%= $auditd::config::audit_profiles::simp::audit_time_tag %>
 <%   } -%>
@@ -256,7 +256,7 @@
 <% if $auditd::config::audit_profiles::simp::audit_locale  { -%>
 
 ## Audit things that could affect system locale
-<%   if $facts['hardwaremodel'] == "x86_64"  { -%>
+<%   if $facts['os']['hardware'] == "x86_64"  { -%>
 -a always,exit -F arch=b64 -S sethostname,setdomainname -k <%= $auditd::config::audit_profiles::simp::audit_locale_tag %>
 <%   } -%>
 -a always,exit -F arch=b32 -S sethostname,setdomainname -k <%= $auditd::config::audit_profiles::simp::audit_locale_tag %>
@@ -273,12 +273,12 @@
 <% if $auditd::config::audit_profiles::simp::audit_mount  { -%>
 
 ## Audit mount operations
-<%   if $facts['hardwaremodel'] == "x86_64"  { -%>
+<%   if $facts['os']['hardware'] == "x86_64"  { -%>
 -a always,exit -F arch=b64 -S mount,umount2 -k <%= $auditd::config::audit_profiles::simp::audit_mount_tag %>
 <%   } -%>
 -a always,exit -F arch=b32 -S mount,umount,umount2 -k <%= $auditd::config::audit_profiles::simp::audit_mount_tag %>
 
-<%   if $facts['hardwaremodel'] == "x86_64"  { -%>
+<%   if $facts['os']['hardware'] == "x86_64"  { -%>
 <%     if ($facts['os']['release']['major'] > '6') or (($facts['os']['name'] == 'Amazon') and ($facts['os']['release']['major'] < '3')) { -%>
 -a always,exit -F arch=b64 -F path=/usr/bin/mount -k <%= $auditd::config::audit_profiles::simp::audit_mount_tag %>
 <%     } -%>
@@ -297,7 +297,7 @@
 
 ## Audit umask changes.
 # This is uselessly noisy in most cases
-<%   if $facts['hardwaremodel'] == "x86_64"  { -%>
+<%   if $facts['os']['hardware'] == "x86_64"  { -%>
 -a always,exit -F arch=b64 -S umask -k <%= $auditd::config::audit_profiles::simp::audit_umask_tag %>
 <%   } -%>
 -a always,exit -F arch=b32 -S umask -k <%= $auditd::config::audit_profiles::simp::audit_umask_tag %>
@@ -452,7 +452,7 @@
 -w /bin/rpm -p x -k <%= $auditd::config::audit_profiles::simp::audit_rpm_cmd_tag %>
 <% } -%>
 <% if $auditd::config::audit_profiles::simp::audit_ptrace  { -%>
-<%   if $facts['hardwaremodel'] == "x86_64"  { -%>
+<%   if $facts['os']['hardware'] == "x86_64"  { -%>
 -a always,exit -F arch=b64 -S ptrace -F a0=0x4 -k <%= $auditd::config::audit_profiles::simp::audit_ptrace_tag %>_code_injection
 -a always,exit -F arch=b64 -S ptrace -F a0=0x5 -k <%= $auditd::config::audit_profiles::simp::audit_ptrace_tag %>_data_injection
 -a always,exit -F arch=b64 -S ptrace -F a0=0x6 -k <%= $auditd::config::audit_profiles::simp::audit_ptrace_tag %>_register_injection
@@ -464,7 +464,7 @@
 -a always,exit -F arch=b32 -S ptrace -k <%= $auditd::config::audit_profiles::simp::audit_ptrace_tag %>
 <% } -%>
 <% if $auditd::config::audit_profiles::simp::audit_personality  { -%>
-<%   if $facts['hardwaremodel'] == "x86_64"  { -%>
+<%   if $facts['os']['hardware'] == "x86_64"  { -%>
 -a always,exit -F arch=b64 -S personality -k <%= $auditd::config::audit_profiles::simp::audit_personality_tag %>
 <%   } -%>
 -a always,exit -F arch=b32 -S personality -k <%= $auditd::config::audit_profiles::simp::audit_personality_tag %>