Project

puppet_auditor

0.0
No commit activity in last 3 years
No release in over 3 years
puppet_auditorinstruct-br/puppet_auditorHomepageDocumentationSource CodeBug TrackerWiki
A tool to audit puppet manifests against a set of defined rules
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
 Popularity
Downloads
31,415
Stars
1
Forks
0
Watchers
18
 Releases
Current version
0.2.0
Total releases
2
First release
2018-04-26
Latest release
2018-08-27
 Issues
Open Issues
2
Closed Issues
1
Total Issues
3
Issue Closure Rate
33%
 Pull Requests
Open Pull Requests
2
Closed Pull Requests
0
Merged Pull Requests
4
Pull Request Acceptance Rate
66%
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2018-06-16
Reverse Dependencies
0

 Dependencies

Development

bundler
~> 1.16
rake
~> 10.0
rspec
~> 3.0
rspec-collection_matchers
~> 1.0
rspec-its
~> 1.0
simplecov
~> 0.16

Runtime

puppet
~> 5.5
puppet-lint
< 3.0, >= 1.1
 Project Readme

Build Status Gem Version

PuppetAuditor

PuppetAuditor is a tool to test Puppet manifests against a set of defined rules.

Installation

Install PuppetAuditor with the gem command:

$ gem install puppet_auditor

Usage

After the gem is installed, the tool can be used by calling:

$ puppet_auditor

Use the --help to check usage options.

The tool will check your code against the defined rules and display messages if it finds any violation.

Defining rules

PuppetAuditor will attempt to load rules following this hierarchy:

  • Rules defined in the host /etc/puppet_auditor.yaml
  • Rules defined in the user home ~/.puppet_auditor.yaml
  • Rules defined in the project $(pwd)/.puppet_auditor.yaml

The yaml file with the rules should follow this format:

puppet_auditor_version: '1'
rules:
- name: Dangerous file config
  resource: file
  attributes:
    recurse:
      equals: true
    ensure:
      equals: present
  message: Dont use recurse or ambiguous ensure
- name: Cant use latest
  resource: package
  attributes:
    ensure:
      equals: latest
  message: Do not use latest

The list of rules should declare individual rules with the following keys:

  • name: a name for the defined rule
  • resource: which resource should this rule verify
  • attributes: an array of attributes that should be verified in this resource
  • message: text that will appear if the rule is violated

The attributes value should follow this structre:

attribute:
  comparison: value

Where the attribute is a valid attribute for the valuated resource like "ensure" or "command", comparison is one of the comparison function availables like "equals" or "matches" and the value is the value that will be compared using the comparison function.

The following comparison functions are available:

  • matches (regex)
  • not_matches (regex)
  • equals
  • not_equal
  • less_than
  • less_or_equal_to
  • greater_than
  • greater_or_equal_to

For some samples check out the spec/samples folder.

How it works

The tool will parse rules defined in the .puppet_auditor.yaml files and if all rules are valid it will dynamically generate puppet-lint plugins and run them to check your code.