cookbook 'zap', '~> 2.3.0'
zap
(32) Versions
2.3.0
-
Follow6
Provides HWRPs for creating authoritative resources
cookbook 'zap', '~> 2.3.0', :supermarket
knife supermarket install zap
knife supermarket download zap
zap
Library cookbook for garbage collecting chef controlled resource sets.
One of the common pitfalls in chef land is the pattern of one deleting a
resource definition from a recipe and the user wondering why the resource still
exists on the system.
For example, on Monday a cronjob is added:
cron 'collect stats' do action :create minute 0 command '/usr/local/bin/collect-stats | mailto ops@nvwls.com' end
After a few days, the issue is figured out and that cron resource is removed
from the recipe. After uploading the new cookbook, they wonder why they are
still receiving email.
The issue that chef is great for describing actions. I mean, action is part
of the DSL.
At the 2013 Opscode Communit Summit, Matt Ray and I had a discussion regarding
this issue. The name authoritative cookbook was coined. If chef is deploying
files to a .d directory, if there are files in that directory not converged by a
resource, those files should be removed.
This pattern has been added to https://github.com/Youscribe/sysctl-cookbook
I presented the zap pattern at ChefConf 2014. You can check out the
video
http://www.youtube.com/watch?v=4-So4AJlBI4&list=PL11cZfNdwNyMmx0msapJfuGsLV43C7XsA&feature=share&index=53
and the slides
https://speakerdeck.com/nvwls/building-authoritative-resource-sets
Thanks
Users and groups support was provided by Sander Botman sbotman@schubergphilis.com.
Yum_repository support was provided by Sander van Harmelen svanharmelen@schubergphilis.com
Apt_repository support was provided by Helgi Þormar Þorbjörnsson helgi@php.net
Resource/Provider
zap_directory
Actions
- :delete - Delete files and symlinks in a directory
Attribute Parameters
-
pattern - Pattern of files to match, i.e.
*.conf
, defaults to*
-
recursive - Recurse into subdirectories, defaults to
false
Examples
zap_directory '/etc/sysctl.d' do pattern '*.conf' end
zap_crontab
Actions
- :delete - Delete jobs from a user's crontab
Attribute Parameters
-
pattern - Pattern of job names match, i.e.
test \#*
, defaults to*
Examples
zap_crontab 'root' do pattern 'test \#*' end
zap_users
Delete users from /etc/passwd
style files.
node['zap']['users']['keep']
contains an array of user names to
keep, i.e. root
.
Actions
- :remove
Example
zap_users '/etc/passwd' do # only zap users whose uid is greater than 500 filter { |u| u.uid > 500 } end
zap_groups
Delete groups from /etc/group
style files.
node['zap']['groups']['keep']
contains an array of group names to
keep, i.e. wheel
.
Actions
- :remove
Example
zap_groups '/etc/group' do # only zap groups whose gid is greater than 500 filter { |g| g.gid > 500 && g.name != 'nrpe' } end
zap
This the base HWRP.
Example
zap '/etc/sysctl.d' do register :file, :template collect { Dir.glob("#{base}/*") } end
Recipes
zap::apt_repos
Remove extraneous repos from /etc/apt/sources.list.d
* node['zap']['apt_repos']['pattern']
is a glob expression used to restrict the name space, defaults to '*'
* node['zap']['apt_repos']['immediately']
controls whether the zap is run immediately, defaults to true
zap::cron_d
Remove extraneous /etc/cron.d
entries
* node['zap']['cron_d']['pattern']
is a glob expression used to restrict the name space, defaults to '*'
zap::init_d
Disable sysv-init services on centos-6
* node['zap']['init_d']['pattern']
is a glob expression used to restrict the name space, defaults to '*'
zap::iptables_d
Remove /etc/iptables.d
entries created by the iptables cookbook
* node['zap']['iptables_d']['pattern']
is a glob expression used to restrict the name space, defaults to '*'
zap::sudoers_d
Remove extraneous /etc/sudoers.d
entries
* node['zap']['sudoers_d']['pattern']
is a glob expression used to restrict the name space, defaults to '*'
zap::yum_repos
Remove extraneous repos from /etc/yum.repos.d
* node['zap']['yum_repos']['pattern']
is a glob expression used to restrict the name space, defaults to '*'
* node['zap']['yum_repos']['immediately']
controls whether the zap is run immediately, defaults to true
Dependent cookbooks
This cookbook has no specified dependencies.
Contingent cookbooks
zap Cookbook CHANGELOG
This file is used to list changes made in each version of the zap cookbook.
v2.3.0
- Fix bug in sudoers file name
v2.2.0
- Support whyrun
v2.1.3
- Fix false-negative in cron tests
v2.1.2
Bugfix
- Fix scoping issue in Chef::Provider::Zap#purge
v2.1.1
Bugfix
- Silence foodcritic warning
v2.1.0
Minor
- Add notifies support
v2.0.1
Bugfix
- Fix bug in zap_directory.purge
v2.0.0
Major
- Complete overhaul of code
v1.2.0
Minor
- Add filter support to
zap_directory
v1.1.0
Minor
- Add immediately support to
zap::apt_repos
andzap::yum_repos
v1.0.2
Enhancement
- Add
zap::init_d
to disable sysv-init services on centos-6
v1.0.1
Enhancement
- Add
zap::sudoers_d
to prunesudo
resources from /etc/sudoers.d
v1.0.0
Breaking change
- Rewrote to support custom resources
- Remove
zap_firewall
as v2.6.2 of the firewall cookbook manages the ruleset as a whole - Remove
zap_apt_repos
in favor of thezap::apt_repos
recipe - Remove
zap_yum_repos
in favor of thezap::yum_repos
recipe
v0.15.1
Bugfix
- Fix bug with filter property lamba expression
v0.15.0
Enhancement
- Add
force
to force running ofzap
when there is an override_runlist Addresses https://github.com/nvwls/zap/issues/36
v0.14.0
Bugfix
- Fix issues with zap_crontab and non-root cron
v0.13.1
Improvement
- added unit tests for
zap_groups
v0.13.0
Bugfix
- Fix rubocop and foodcritic lint
v0.12.0
Improvement
- added unit tests for zap_users and zap_yum_repos
- adapt logic to make it compatible with versions 12.14 and higher
v0.11.4
Enhancement
Bump version for tag
v0.11.3
Enhancement
Using stove for upload
v0.11.2
Enhancement
- Display a warning if a filter is given but the provider does not support it.
v0.11.1
Bugfix
- Apply @pattern before entering
converge_by
v0.11.0
Enhancement
- Reworked to use
converge_by
v0.10.0
Enhancement
- Allow klass to be passed into zap()
- zap_directory will now remove symlinks
v0.9.1
Bugfix
- Internally @klass should be an array
v0.9.0
Improvement
- Reworked klass to convert string into class
- Added recipe [zap::cron_d] to remove /etc/cron.d entries
v0.8.7
Improvement
- Added recipe [zap::firewall_windows] adds Windows Firewall support to zap firewall recipe
v0.8.6
Enhancement
- Support using a descriptive resource name; added path var to zap_directory
v0.8.5
Bugfix
- Using the shovel operator in chef 12 results in the resource being added directly after the current resource, rather than at the end of the resource list. [joyofhex]
v0.8.4
Bugfix
- Support globbed directories, e.g.
/home/*/.ssh
v0.8.3
Improvement
- Added recipe [zap::firewall] for support for the firewall cookbook (main caller)
- Added recipe [zap::firewall_iptables] adds iptables support to zap firewall recipe
- Added recipe [zap::firewall_firewalld] adds firewalld support to zap firewall recipe
v0.8.2
Improvement
- Eliminate warnings on newer versions of ChefSpec
v0.8.1
Bugfix
- Added ZapDirectory#select to return
path
instead of the default ofname
.
The following will now be properly recognized:
file 'arbitrary name' do path '/the/real/path' end
v0.8.0
Improvement
- Added recursive option to zap_directory to remove all files under the specified directory
v0.5.2
Improvement
- Refactored recipe[zap::yum_repos_d] into the zap_yum_repos resource provider
- Added an option to call zap immediately at a certain point in your Chef run
v0.5.1
Improvement
- Added recipe[zap::yum_repos_d]
v0.5.0
Improvement
- Added collect and select to the resource
v0.4.3
Improvement
- Moved @filter.call back
v0.4.2
Improvement
- Moved @filter.call into iterate
v0.4.1
Improvement
- Fixed rubocop warning
v0.4.0
Improvement
- Added klass keyword to DSL which can take a class, i.e. Chef::Resource::File, or string, i.e. 'Chef::Resource::YumRepository', or an array of classes or strings.
v0.3.0
Improvement
- Added zap_users and zap_groups
v0.2.0
Improvement
- Added filter for more complex, codified filtering
v0.1.1
Improvement
- Log at info
v0.1.0
Minor
- Refactored into an HWRP to allow better code reuse
v0.0.6
Improvement
- Cleaned up Rubocop warnings
v0.0.5
Improvement
- Added zap_crontab to zap the specified user's crontab
v0.0.4
Improvement
- Use ::File.join instead of hardcoding slashes
v0.0.3
Improvement
- Split zap_directory into two phases, :delay to move it to the end of the resource list, and :run to do the actual work.
v0.0.2
Improvement
- Move zap_directory to the end of the resource list.
Collaborator Number Metric
2.3.0 failed this metric
Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.
Contributing File Metric
2.3.0 passed this metric
Foodcritic Metric
2.3.0 passed this metric
No Binaries Metric
2.3.0 passed this metric
Testing File Metric
2.3.0 passed this metric
Version Tag Metric
2.3.0 passed this metric
2.3.0 failed this metric
2.3.0 passed this metric
Foodcritic Metric
2.3.0 passed this metric
No Binaries Metric
2.3.0 passed this metric
Testing File Metric
2.3.0 passed this metric
Version Tag Metric
2.3.0 passed this metric
2.3.0 passed this metric
2.3.0 passed this metric
Testing File Metric
2.3.0 passed this metric
Version Tag Metric
2.3.0 passed this metric
2.3.0 passed this metric
2.3.0 passed this metric