From cbca73838db6e984f8cb416f8a5fbf81ba870e43 Mon Sep 17 00:00:00 2001
From: Philipp Hossner <philipp.hossner@posteo.de>
Date: Fri, 2 Aug 2024 11:04:16 +0000
Subject: [PATCH] Add validate_cmd for keepalived.conf

Fixes #345
---
 REFERENCE.md                       | 10 ++++++++++
 manifests/config.pp                |  7 ++++---
 manifests/init.pp                  |  9 ++++++---
 spec/acceptance/keepalived_spec.rb | 28 ++++++++++++++++++++++++++++
 spec/classes/keepalived_spec.rb    |  7 ++++---
 5 files changed, 52 insertions(+), 9 deletions(-)

diff --git a/REFERENCE.md b/REFERENCE.md
index 5432f3359..6bbff325a 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -54,6 +54,7 @@ The following parameters are available in the `keepalived` class:
 * [`config_dir`](#-keepalived--config_dir)
 * [`config_dir_mode`](#-keepalived--config_dir_mode)
 * [`config_file_mode`](#-keepalived--config_file_mode)
+* [`config_validate_cmd`](#-keepalived--config_validate_cmd)
 * [`config_group`](#-keepalived--config_group)
 * [`config_owner`](#-keepalived--config_owner)
 * [`daemon_group`](#-keepalived--daemon_group)
@@ -113,6 +114,15 @@ Data type: `Stdlib::Filemode`
 
 Default value: `'0644'`
 
+##### <a name="-keepalived--config_validate_cmd"></a>`config_validate_cmd`
+
+Data type: `Variant[String, Undef]`
+
+Input for the `validate_cmd` param of the keepalived.conf concat fragment.
+Default is `/usr/sbin/keepalived -l -t -f %`.
+
+Default value: `'/usr/sbin/keepalived -l -t -f %'`
+
 ##### <a name="-keepalived--config_group"></a>`config_group`
 
 Data type: `String[1]`
diff --git a/manifests/config.pp b/manifests/config.pp
index 71abb4ee5..f323af194 100644
--- a/manifests/config.pp
+++ b/manifests/config.pp
@@ -31,9 +31,10 @@
   }
 
   concat { "${keepalived::config_dir}/keepalived.conf":
-    owner => $keepalived::config_owner,
-    group => $keepalived::config_group,
-    mode  => $keepalived::config_file_mode,
+    owner        => $keepalived::config_owner,
+    group        => $keepalived::config_group,
+    mode         => $keepalived::config_file_mode,
+    validate_cmd => $keepalived::config_validate_cmd,
   }
 
   concat::fragment { 'keepalived.conf_header':
diff --git a/manifests/init.pp b/manifests/init.pp
index 9e2dd236c..596a91ee6 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -11,6 +11,8 @@
 #
 # @param config_file_mode
 #
+# @param config_validate_cmd Input for the `validate_cmd` param of the keepalived.conf concat fragment.
+#
 # @param config_group
 #
 # @param config_owner
@@ -61,9 +63,10 @@
   Optional[Boolean] $service_hasrestart = undef,
   Optional[Boolean] $service_hasstatus = undef,
 
-  Stdlib::Absolutepath $config_dir       = '/etc/keepalived',
-  Stdlib::Filemode     $config_dir_mode  = '0755',
-  Stdlib::Filemode     $config_file_mode = '0644',
+  Stdlib::Absolutepath $config_dir          = '/etc/keepalived',
+  Stdlib::Filemode     $config_dir_mode     = '0755',
+  Stdlib::Filemode     $config_file_mode    = '0644',
+  Variant[String, Undef]     $config_validate_cmd = '/usr/sbin/keepalived -l -t -f %',
 
   Array[Stdlib::Absolutepath] $include_external_conf_files = [],
 
diff --git a/spec/acceptance/keepalived_spec.rb b/spec/acceptance/keepalived_spec.rb
index f00c39e62..9cf1f51f2 100644
--- a/spec/acceptance/keepalived_spec.rb
+++ b/spec/acceptance/keepalived_spec.rb
@@ -87,6 +87,7 @@ class { 'keepalived::global_defs':
           group   => 'root',
           mode    => '0644',
           content => "vrrp_instance VI_50 { interface ${facts['networking']['primary']}
+          virtual_ipaddress { 10.0.0.1/16 }
           virtual_router_id 50 }",
           notify  => Class['keepalived::service']
         }
@@ -130,4 +131,31 @@ class { 'keepalived':
       expect(service_fact.output).to match %r{.*Keepalived version was: (\d.\d.\d).*}
     end
   end
+
+  context 'with broken config' do
+    pp = <<-EOS
+    class { 'keepalived':
+      sysconf_options => '-D --vrrp',
+    }
+
+    keepalived::vrrp::instance { 'VI_50':
+      interface         => $facts['networking']['primary'],
+      state             => 'MASTER',
+      virtual_router_id => 50,
+      priority          => 101,
+      auth_type         => 'PASS',
+      auth_pass         => 'secret',
+      virtual_ipaddress => [ '10.0.0.1/16' ],
+    }
+
+    class { 'keepalived::global_defs':
+      smtp_server             => '',
+      notification_email_from => '', # this will generate an invalid config
+    }
+    EOS
+    it 'fails validate command' do
+      apply_result = apply_manifest(pp, expect_failures: true)
+      expect(apply_result.output).to match %r{.*emailfrom missing.*}
+    end
+  end
 end
diff --git a/spec/classes/keepalived_spec.rb b/spec/classes/keepalived_spec.rb
index 4860a6859..2b38b61a6 100644
--- a/spec/classes/keepalived_spec.rb
+++ b/spec/classes/keepalived_spec.rb
@@ -23,9 +23,10 @@
 
         it {
           is_expected.to contain_concat('/etc/keepalived/keepalived.conf').with(
-            'group' => 'root',
-            'mode' => '0644',
-            'owner' => 'root'
+            'group'        => 'root',
+            'mode'         => '0644',
+            'owner'        => 'root',
+            'validate_cmd' => '/usr/sbin/keepalived -l -t -f %'
           )
         }