Merge pull request #224 from Dan33l/logpathmulti

jail logpath can handle several files
voxpupuli · Sep 20, 2024 · 7a33d2e · 7a33d2e
2 parents c1d8422 + 3dd5c7f
commit 7a33d2e
Show file tree

Hide file tree

Showing 6 changed files with 68 additions and 18 deletions.
diff --git a/REFERENCE.md b/REFERENCE.md
@@ -23,6 +23,7 @@
 
 ### Data types
 
+* [`Fail2ban::Logpath`](#Fail2ban--Logpath): Describes logpath format allowed
 * [`Fail2ban::Time`](#Fail2ban--Time): Describes time format allowed for bantime and findtime The time entries in fail2ban configuration (like findtime or bantime) can be provided 
 
 ### Tasks
@@ -496,6 +497,7 @@ Handles the jails.
 
 The following parameters are available in the `fail2ban::jail` defined type:
 
+* [`logpath`](#-fail2ban--jail--logpath)
 * [`filter_includes`](#-fail2ban--jail--filter_includes)
 * [`filter_failregex`](#-fail2ban--jail--filter_failregex)
 * [`filter_ignoreregex`](#-fail2ban--jail--filter_ignoreregex)
@@ -505,7 +507,6 @@ The following parameters are available in the `fail2ban::jail` defined type:
 * [`enabled`](#-fail2ban--jail--enabled)
 * [`action`](#-fail2ban--jail--action)
 * [`filter`](#-fail2ban--jail--filter)
-* [`logpath`](#-fail2ban--jail--logpath)
 * [`maxretry`](#-fail2ban--jail--maxretry)
 * [`findtime`](#-fail2ban--jail--findtime)
 * [`bantime`](#-fail2ban--jail--bantime)
@@ -521,6 +522,14 @@ The following parameters are available in the `fail2ban::jail` defined type:
 * [`config_file_notify`](#-fail2ban--jail--config_file_notify)
 * [`config_file_require`](#-fail2ban--jail--config_file_require)
 
+##### <a name="-fail2ban--jail--logpath"></a>`logpath`
+
+Data type: `Optional[Fail2ban::Logpath]`
+
+Filename(s) of the log files to be monitored
+
+Default value: `undef`
+
 ##### <a name="-fail2ban--jail--filter_includes"></a>`filter_includes`
 
 Data type: `Optional[String]`
@@ -593,14 +602,6 @@ Data type: `String`
 
 Default value: `$title`
 
-##### <a name="-fail2ban--jail--logpath"></a>`logpath`
-
-Data type: `Optional[String[1]]`
-
-
-
-Default value: `undef`
-
 ##### <a name="-fail2ban--jail--maxretry"></a>`maxretry`
 
 Data type: `Integer`
@@ -715,6 +716,12 @@ Default value: `$fail2ban::config_file_require`
 
 ## Data types
 
+### <a name="Fail2ban--Logpath"></a>`Fail2ban::Logpath`
+
+Describes logpath format allowed
+
+Alias of `Variant[String[1], Array[String[1]]]`
+
 ### <a name="Fail2ban--Time"></a>`Fail2ban::Time`
 
 Describes time format allowed for bantime and findtime

diff --git a/manifests/jail.pp b/manifests/jail.pp
@@ -1,5 +1,7 @@
 # @summary Handles the jails.
 #
+# @param logpath Filename(s) of the log files to be monitored
+#
 define fail2ban::jail (
   Optional[String] $filter_includes = undef,
   Optional[String] $filter_failregex = undef,
@@ -10,7 +12,7 @@
   Boolean $enabled = true,
   Optional[String] $action = undef,
   String $filter = $title,
-  Optional[String[1]] $logpath = undef,
+  Optional[Fail2ban::Logpath] $logpath = undef,
   Integer $maxretry = $fail2ban::maxretry,
   Optional[Fail2ban::Time] $findtime = undef,
   Fail2ban::Time $bantime = $fail2ban::bantime,

diff --git a/spec/defines/fail2ban_jail_spec.rb b/spec/defines/fail2ban_jail_spec.rb
@@ -5,21 +5,22 @@
 describe 'fail2ban::jail' do
   let(:title) { 'spec_test_jail' }
   let(:pre_condition) { 'include fail2ban' }
+  let(:common_params) do
+    {
+      'logpath' => '/var/log/syslog',
+      'filter_failregex' => 'Login failed for user .* from <HOST>',
+      'filter_maxlines' => 10,
+      'filter_datepattern' => '%%Y-%%m-%%d %%H:%%M(?::%%S)?'
+    }
+  end
 
   on_supported_os.each do |os, facts|
     context "on #{os}" do
       let(:facts) do
         facts
       end
 
-      let(:params) do
-        {
-          'logpath' => '/var/log/syslog',
-          'filter_failregex' => 'Login failed for user .* from <HOST>',
-          'filter_maxlines' => 10,
-          'filter_datepattern' => '%%Y-%%m-%%d %%H:%%M(?::%%S)?'
-        }
-      end
+      let(:params) { common_params }
 
       it do
         is_expected.to compile.with_all_deps
@@ -33,6 +34,22 @@
         )
       end
 
+      context 'with jail using several files in logpath' do
+        let(:params) do
+          common_params.merge(
+            'logpath' => ['/var/log/syslog', '/var/log/syslog.1']
+          )
+        end
+
+        it do
+          is_expected.to contain_file('custom_jail_spec_test_jail').with(
+            'ensure' => 'file',
+            'notify' => 'Service[fail2ban]',
+            'content' => %r{logpath  = /var/log/syslog\n /var/log/syslog\.1\n}
+          )
+        end
+      end
+
       it do
         is_expected.to contain_file('custom_filter_spec_test_jail').with(
           'ensure' => 'file',

diff --git a/spec/type_aliases/logpath_spec.rb b/spec/type_aliases/logpath_spec.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'Fail2ban::Logpath' do
+  [
+    '/var/log/file.log',
+    '/var/log/file.log[1-9]',
+    ['/var/log/file.log', '/var/log/file.log.1'],
+  ].each do |allowed_value|
+    it { is_expected.to allow_value(allowed_value) }
+  end
+end
diff --git a/templates/common/custom_jail.conf.epp b/templates/common/custom_jail.conf.epp
@@ -9,7 +9,13 @@ enabled  = <%= $enabled %>
 action   = <%= $action %>
 <% } -%>
 filter   = <%= $filter %>
+<% if $logpath  =~ Array[String[1]] { -%>
+logpath  = <%- $logpath.each |$l| { -%>
+ <%= $l %>
+<%- } -%>
+<% } else { -%>
 logpath  = <%= $logpath %>
+<%- } -%>
 maxretry = <%= $maxretry %>
 <% if $findtime { -%>
 findtime     = <%= $findtime %>

diff --git a/types/logpath.pp b/types/logpath.pp
@@ -0,0 +1,5 @@
+# Describes logpath format allowed
+type Fail2ban::Logpath = Variant[
+  String[1],
+  Array[String[1]],
+]