diff --git a/README.md b/README.md
index 534648cf..b3fe4eaf 100644
--- a/README.md
+++ b/README.md
@@ -586,7 +586,8 @@ class { 'r10k::webhook':
### Ignore deploying some environments
Since [2.10.0](https://github.com/voxpupuli/webhook-go/releases/tag/v2.10.0) the webhook has support for ignoring certain branches.
-This is not yet configureable via the puppet module.
+When a deployment is triggered for that branch, it will return am HTTP 403 error code.
+You can configure an array of branches via `r10k::webhook::blocked_branches`.
### configuring the webservice/deploy user
diff --git a/REFERENCE.md b/REFERENCE.md
index ab9b971f..a2319e7b 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -533,6 +533,7 @@ The following parameters are available in the `r10k::webhook` class:
* [`service_enabled`](#-r10k--webhook--service_enabled)
* [`config_ensure`](#-r10k--webhook--config_ensure)
* [`config_path`](#-r10k--webhook--config_path)
+* [`blocked_branches`](#-r10k--webhook--blocked_branches)
* [`chatops`](#-r10k--webhook--chatops)
* [`tls`](#-r10k--webhook--tls)
* [`queue`](#-r10k--webhook--queue)
@@ -611,6 +612,14 @@ Data type: `String`
Default value: `'/etc/voxpupuli/webhook.yml'`
+##### `blocked_branches`
+
+Data type: `Array[String[1]]`
+
+array of branches that the webhook will not deploy
+
+Default value: `[]`
+
##### `chatops`
Data type: `R10k::Webhook::Config::ChatOps`
@@ -691,14 +700,15 @@ Default value:
```puppet
{
- command_path => '/opt/puppetlabs/puppet/bin/r10k',
- config_path => '/etc/puppetlabs/r10k/r10k.yaml',
- default_branch => 'production',
- prefix => undef,
- allow_uppercase => false,
- verbose => true,
- deploy_modules => true,
- generate_types => true,
+ command_path => '/opt/puppetlabs/puppet/bin/r10k',
+ config_path => '/etc/puppetlabs/r10k/r10k.yaml',
+ default_branch => 'production',
+ prefix => undef,
+ allow_uppercase => false,
+ verbose => true,
+ deploy_modules => true,
+ generate_types => true,
+ blocked_branches => $blocked_branches,
}
```
@@ -771,14 +781,15 @@ Alias of
```puppet
Struct[{
- command_path => Optional[Stdlib::Absolutepath],
- config_path => Optional[Stdlib::Absolutepath],
- default_branch => Optional[String[1]],
- prefix => Optional[String[1]],
- allow_uppercase => Optional[Boolean],
- verbose => Optional[Boolean],
- deploy_modules => Optional[Boolean],
- generate_types => Optional[Boolean],
+ command_path => Optional[Stdlib::Absolutepath],
+ config_path => Optional[Stdlib::Absolutepath],
+ default_branch => Optional[String[1]],
+ prefix => Optional[String[1]],
+ allow_uppercase => Optional[Boolean],
+ verbose => Optional[Boolean],
+ deploy_modules => Optional[Boolean],
+ generate_types => Optional[Boolean],
+ blocked_branches => Optional[Array[String[1]]],
}]
```
diff --git a/manifests/webhook.pp b/manifests/webhook.pp
index a3c9788a..9ce5adba 100644
--- a/manifests/webhook.pp
+++ b/manifests/webhook.pp
@@ -9,6 +9,7 @@
# @param service_enabled
# @param config_ensure
# @param config_path
+# @param blocked_branches array of branches that the webhook will not deploy
# @param chatops
# @param tls
# @param queue
@@ -28,6 +29,7 @@
Boolean $service_enabled = true,
String $config_ensure = 'file',
String $config_path = '/etc/voxpupuli/webhook.yml',
+ Array[String[1]] $blocked_branches = [],
R10k::Webhook::Config::ChatOps $chatops = {
enabled => false,
service => undef,
@@ -55,14 +57,15 @@
queue => $queue,
},
R10k::Webhook::Config::R10k $r10k = {
- command_path => '/opt/puppetlabs/puppet/bin/r10k',
- config_path => '/etc/puppetlabs/r10k/r10k.yaml',
- default_branch => 'production',
- prefix => undef,
- allow_uppercase => false,
- verbose => true,
- deploy_modules => true,
- generate_types => true,
+ command_path => '/opt/puppetlabs/puppet/bin/r10k',
+ config_path => '/etc/puppetlabs/r10k/r10k.yaml',
+ default_branch => 'production',
+ prefix => undef,
+ allow_uppercase => false,
+ verbose => true,
+ deploy_modules => true,
+ generate_types => true,
+ blocked_branches => $blocked_branches,
},
R10k::Webhook::Config $config = {
server => $server,
diff --git a/manifests/webhook/service.pp b/manifests/webhook/service.pp
index ef8fc58e..1c089dad 100644
--- a/manifests/webhook/service.pp
+++ b/manifests/webhook/service.pp
@@ -6,10 +6,14 @@
ensure => $r10k::webhook::service_ensure,
enable => $r10k::webhook::service_enabled,
}
- if $r10k::webhook::service_user {
- systemd::dropin_file { 'user.conf':
- unit => 'webhook-go.service',
- content => "[Service]\nUser=${r10k::webhook::service_user}\n",
- }
+ $dropin_ensure = if $r10k::webhook::service_user {
+ 'present'
+ } else {
+ 'absent'
+ }
+ systemd::dropin_file { 'user.conf':
+ ensure => $dropin_ensure,
+ unit => 'webhook-go.service',
+ content => "[Service]\nUser=${r10k::webhook::service_user}\n",
}
}
diff --git a/spec/acceptance/r10k_webhook_spec.rb b/spec/acceptance/r10k_webhook_spec.rb
index 8ca1ba94..dd216037 100644
--- a/spec/acceptance/r10k_webhook_spec.rb
+++ b/spec/acceptance/r10k_webhook_spec.rb
@@ -54,8 +54,8 @@ class { 'r10k': }
end
end
- describe package('webhook-go') do
- it { is_expected.to be_installed }
+ describe command('systemctl cat webhook-go') do
+ its(:stdout) { is_expected.to match(%r{User=puppet}) }
end
describe file('/etc/voxpupuli/webhook.yml') do
@@ -65,6 +65,19 @@ class { 'r10k': }
expect(subject).to be_grouped_into 'root'
end
end
+ end
+
+ context 'with blocked_branches' do
+ it_behaves_like 'an idempotent resource' do
+ let(:manifest) do
+ <<-PUPPET
+ class { 'r10k': }
+ -> class { 'r10k::webhook':
+ blocked_branches => ['production'],
+ }
+ PUPPET
+ end
+ end
describe service('webhook-go') do
it { is_expected.to be_enabled }
@@ -72,7 +85,16 @@ class { 'r10k': }
end
describe command('systemctl cat webhook-go') do
- its(:stdout) { is_expected.to match(%r{User=puppet}) }
+ its(:stdout) { is_expected.not_to match(%r{User=puppet}) }
+ end
+
+ describe file('/etc/voxpupuli/webhook.yml') do
+ it 'exists and has content' do
+ expect(subject).to exist
+ expect(subject).to be_owned_by 'root'
+ expect(subject).to be_grouped_into 'root'
+ expect(subject).to contain "---\nserver:\n protected: true\n user: puppet\n password: puppet\n blocked_branches: ['production']\n"
+ end
end
end
end
diff --git a/spec/classes/webhook_spec.rb b/spec/classes/webhook_spec.rb
index a15d62ad..22bc1a23 100644
--- a/spec/classes/webhook_spec.rb
+++ b/spec/classes/webhook_spec.rb
@@ -107,7 +107,7 @@
it { is_expected.to contain_class('r10k::webhook::config') }
it { is_expected.to contain_package('webhook-go').with_ensure('present') }
it { is_expected.to contain_service('webhook-go.service').with_ensure('running') }
- it { is_expected.not_to contain_systemd__dropin_file('user.conf') }
+ it { is_expected.to contain_systemd__dropin_file('user.conf').with_ensure('absent') }
it { is_expected.to contain_file('webhook.yml').with_content(content) }
if os_facts[:os]['family'] == 'RedHat'
diff --git a/types/webhook/config/r10k.pp b/types/webhook/config/r10k.pp
index 7102ae83..a68b3c16 100644
--- a/types/webhook/config/r10k.pp
+++ b/types/webhook/config/r10k.pp
@@ -1,11 +1,12 @@
# @summary webhook config r10k type
type R10k::Webhook::Config::R10k = Struct[{
- command_path => Optional[Stdlib::Absolutepath],
- config_path => Optional[Stdlib::Absolutepath],
- default_branch => Optional[String[1]],
- prefix => Optional[String[1]],
- allow_uppercase => Optional[Boolean],
- verbose => Optional[Boolean],
- deploy_modules => Optional[Boolean],
- generate_types => Optional[Boolean],
+ command_path => Optional[Stdlib::Absolutepath],
+ config_path => Optional[Stdlib::Absolutepath],
+ default_branch => Optional[String[1]],
+ prefix => Optional[String[1]],
+ allow_uppercase => Optional[Boolean],
+ verbose => Optional[Boolean],
+ deploy_modules => Optional[Boolean],
+ generate_types => Optional[Boolean],
+ blocked_branches => Optional[Array[String[1]]],
}]