Merge pull request 'Move allowed node attrs to config file, apply automatically' (#634) from dev/allowed_node_attrs into master

Reviewed-on: #634
This commit was merged in pull request #634.
This commit is contained in:
2026-07-05 15:11:22 +00:00
3 changed files with 37 additions and 2 deletions
+4 -2
View File
@@ -28,5 +28,7 @@ knife[:automatic_attribute_whitelist] = %w[
# Added to /etc/chef/client.rb on node bootstrap
# https://docs.chef.io/attribute_persistence/
knife[:normal_attribute_allowlist] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd', 'openresty']
knife[:allowed_normal_attributes] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd', 'openresty']
# Source of truth: site-cookbooks/kosmos-base/files/default/chef_normal_attributes.yml
normal_attrs = YAML.load_file(File.expand_path("../site-cookbooks/kosmos-base/files/default/chef_normal_attributes.yml", __dir__))
knife[:normal_attribute_allowlist] = normal_attrs
knife[:allowed_normal_attributes] = normal_attrs
@@ -0,0 +1,6 @@
---
- knife_zero
- kosmos_kvm
- kosmos-ejabberd
- openresty
- vm_host
@@ -26,6 +26,33 @@
include_recipe "apt"
cookbook_file "/etc/chef/chef_normal_attributes.yml" do
source "chef_normal_attributes.yml"
owner "root"
group "root"
mode "0644"
end
ruby_block "update allowed_normal_attributes in client.rb" do
block do
whitelist = YAML.load_file("/etc/chef/chef_normal_attributes.yml")
fe = Chef::Util::FileEdit.new("/etc/chef/client.rb")
fe.search_file_replace_line(
/^allowed_normal_attributes.*/,
"allowed_normal_attributes #{whitelist.inspect}"
)
fe.write_file
Chef::Config[:allowed_normal_attributes] = whitelist
Chef::Config[:normal_attribute_allowlist] = whitelist
end
not_if do
whitelist = YAML.load_file("/etc/chef/chef_normal_attributes.yml")
client_rb = ::File.read("/etc/chef/client.rb")
whitelist.all? { |attr| client_rb.include?(attr) }
end
end
directory "/etc/apt/keyrings" do
mode "0755"
action :create