Allow configuration of auth header for lookup urls (#246)

.rubocop.yml

@@ -7,9 +7,6 @@ AllCops:
     - 'vendor/**/*'
     - '.git/**/*'
 
-Metrics/BlockLength:
-  Enabled: false
-
 Layout/LineLength:
   Enabled: false
 
@@ -22,10 +19,19 @@ Lint/RaiseException:
 Lint/StructNewOverride:
   Enabled: true
 
+Metrics/AbcSize:
+  Enabled: false
+
+Metrics/BlockLength:
+  Enabled: false
+
 Metrics/MethodLength:
   Max: 40
 
-Metrics/AbcSize:
+Metrics/PerceivedComplexity:
+  Max: 9
+
+Naming/VariableNumber:
   Enabled: false
 
 Style/EachWithObject:
@@ -40,14 +46,11 @@ Style/HashTransformKeys:
 Style/HashTransformValues:
   Enabled: true
 
-Style/SignalException:
-  EnforcedStyle: semantic
-
 Style/NumericPredicate:
   EnforcedStyle: comparison
 
-Style/TernaryParentheses:
-  Enabled: false
+Style/SignalException:
+  EnforcedStyle: semantic
 
-Naming/VariableNumber:
+Style/TernaryParentheses:
   Enabled: false

docs/databags.md

@@ -149,7 +149,7 @@ An apps hash is a contextual (see above) Hash, part of a plaintext data bag item
 * `[app]['files'][filename][stanza][attribute]['value']['proc']` - Method name from the CernerSplunk::ConfTemplate::Value module to invoke to create the proc.
 * `[app]['files'][filename][stanza][attribute]['transform']` - Hash that is translated to a proc to manipulate the loaded value for this attribute prior to writing to the conf file. Optional when determining a value through a proc. Other keys may be required or optional here (or may come from the general context by default), these map directly to the keyword arguments of the method for generating the proc
 * `[app]['files'][filename][stanza][attribute]['transform']['proc']` - Method name from the CernerSplunk::ConfTemplate::Transform module to invoke to create the proc.
-* `[app]['lookups']` - Hash of lookup files for the app. The key in the hash will be the name of file when it lands in the Splunk app and the value will be the url to lookup file. To delete an existing lookup file, set the value of the lookup file to `false` or `null` or to an empty string. The only supported file name extensions are .csv, .csv.gz and .kmz. Please see [splunk docs](http://docs.splunk.com/Documentation/Splunk/6.3.2/Knowledge/Addfieldsfromexternaldatasources) for more information about the supported file formats. `[app]['files']` hash can be used to specify any .conf setting that is required for the lookup.
+* `[app]['lookups']` - Hash of lookup files for the app. The key in the hash will be the name of file when it lands in the Splunk app and the value will be the url to lookup file. If authentication is required, the value may also be a hash with the keys 'url' and 'authorization'. The value for 'authorization' must be a Contextual Hash of coordinate strings pointing to a key within a data bag item containing the Authorization header value.  To delete an existing lookup file, set the value of the lookup file to `false` or `null` or to an empty string. The only supported file name extensions are .csv, .csv.gz and .kmz. Please see [splunk docs](http://docs.splunk.com/Documentation/Splunk/6.3.2/Knowledge/Addfieldsfromexternaldatasources) for more information about the supported file formats. `[app]['files']` hash can be used to specify any .conf setting that is required for the lookup.
 * `[app]['permissions']` - Hash of permissions to manage for the app.
 * `[app]['permissions'][object]` - Permissions to manage for a particular knowledge object or class of knowledge objects
 * `[app]['permissions'][object]['access']['read']` - array of roles or String '*' allowed to read the object

libraries/databag.rb

@@ -53,7 +53,7 @@ def self.to_a(string, options = {})
     # Converts an array of the form [data_bag,bag_item,key] to a string of the form "(data_bag/)bag_item(:key)"
     # If provided nil, will return nil
     # Inverse of to_a
-    def self.to_value(array, _options = {}) # rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+    def self.to_value(array, _options = {}) # rubocop:disable Metrics/CyclomaticComplexity
       case array
       when nil
         nil

libraries/lwrp.rb

@@ -39,7 +39,7 @@ def self.convert_monitors(monitors, default_index = nil, base = {})
     #
     # Extension of the Resource DSL, defines an attribute that can be set upfront or can be calculated at convergence time.
     module DelayableAttribute
-      def delayable_attribute(attr_name, validation = {}) # rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+      def delayable_attribute(attr_name, validation = {}) # rubocop:disable Metrics/CyclomaticComplexity
         class_eval(<<-SHIM, __FILE__, __LINE__ + 1)
           def #{attr_name}(arg=nil,&block)
             _set_or_return_#{attr_name}(arg,block)

libraries/splunk_app.rb

@@ -229,7 +229,7 @@ def validate_downloaded(temp_app_dir)
         fail "Downloaded tarball for '#{new_resource.app}' has local entries" unless Dir[::File.join(temp_app_dir, 'local', '**', '*')].count { |file| ::File.file?(file) } == 0
       end
 
-      def should_install?(expected_version, installed_version, tar_version) # rubocop:disable Metrics/PerceivedComplexity, Metrics/CyclomaticComplexity
+      def should_install?(expected_version, installed_version, tar_version) # rubocop:disable Metrics/CyclomaticComplexity
         fail "Downloaded tarball for #{new_resource.app} does not contain a version in app.conf!" unless tar_version.version
 
         # If we specify an expected version (see warning in should download), the tar version must match exactly OR the expected version is the base version of the (prerelease) tar version
@@ -283,12 +283,18 @@ def install_from_tar(filename, expected_version, installed_version)
       end
 
       def manage_lookups
-        lookups = new_resource.lookups
-        lookups.each do |file_name, url|
-          if url && !url.empty?
+        new_resource.lookups.each do |file_name, value|
+          if value && !value.empty?
             fail "Unsupported lookup file format for #{file_name} in the app #{new_resource.app}" unless file_name =~ /\.(?:csv\.gz|csv|kmz)$/i
 
-            download_file ::File.join(new_resource.lookup_dir, file_name), url
+            if value.is_a? Hash
+              url = value['url']
+              auth = CernerSplunk::DataBag.load(value['authorization'], secret: node['splunk']['data_bag_secret']) if value['authorization']
+            else
+              url = value
+            end
+
+            download_file ::File.join(new_resource.lookup_dir, file_name), url, auth
           else
             delete_file ::File.join(new_resource.lookup_dir, file_name)
           end
@@ -305,10 +311,11 @@ def manage_metaconf
         manage_file(new_resource.perms_file, permissions)
       end
 
-      def download_file(file_path, url)
+      def download_file(file_path, url, auth = nil)
         download = Chef::Resource::RemoteFile.new(file_path, run_context)
         download.source(url)
         download.backup(false)
+        download.headers('Authorization' => auth) if auth
         download.run_action(:create)
       end
 
@@ -352,7 +359,7 @@ def insert_procs(filename, contents)
       # function for dropping either a splunk template generated from a hash
       # or a simple file if the contents are a string. If the content of the file
       # is empty, then the file will be removed
-      def manage_file(path, contents) # rubocop:disable Metrics/PerceivedComplexity
+      def manage_file(path, contents)
         if contents.is_a?(Hash) && !contents.empty?
           file = Chef::Resource::Template.new(path, run_context)
           file.cookbook('cerner_splunk')

metadata.rb

@@ -6,7 +6,7 @@
 license          'Apache-2.0'
 description      'Installs/Configures Splunk Servers and Forwarders'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version          '2.49.0'
+version          '2.50.0'
 
 source_url       'https://github.com/cerner/cerner_splunk'
 issues_url       'https://github.com/cerner/cerner_splunk/issues'

spec/unit/recipes/_configure_apps_spec.rb

@@ -4,7 +4,7 @@
 
 describe 'cerner_splunk::_configure_apps' do
   subject do
-    runner = ChefSpec::SoloRunner.new(platform: 'centos', version: '6.10') do |node|
+    runner = ChefSpec::SoloRunner.new(platform: 'centos', version: '8') do |node|
       node.override['splunk']['apps'] = apps
     end
     runner.converge('cerner_splunk::_restart_marker', described_recipe)
@@ -22,7 +22,11 @@
           }
         },
         'lookups' => {
-          'index-owners.csv' => 'http://33.33.33.33:5000/lookups/index-owners.csv'
+          'index-owners.csv' => 'http://33.33.33.33:5000/lookups/index-owners.csv',
+          'test.csv' => {
+            'url' => 'http://33.33.33.33:5000/lookups/test.csv',
+            'authorization' => 'test_bag/test_item:test_attribute'
+          }
         }
       }
     }
@@ -33,7 +37,11 @@
   it 'installs the app with the expected attributes' do
     expected_attributes = {
       lookups: {
-        'index-owners.csv' => 'http://33.33.33.33:5000/lookups/index-owners.csv'
+        'index-owners.csv' => 'http://33.33.33.33:5000/lookups/index-owners.csv',
+        'test.csv' => {
+          'url' => 'http://33.33.33.33:5000/lookups/test.csv',
+          'authorization' => 'test_bag/test_item:test_attribute'
+        }
       },
       files: {
         'app.conf' => {

vagrant_repo/data_bags/cerner_splunk/passwords_keys.json

@@ -41,4 +41,4 @@
   "s_standalone": "CXqKfcM9wKjjx2c+BgpLfjiSTRiwtzf0PE1T1U0yVnAkZZEv+q7RZmW2grXs\ntNT6yjSHomWfdTrIXOOcBVxJHblLb4IXlBfYcZFuUV+jvl97jafZw2Eb8kdX\n+1hvOln/MtQ9auo45/kffNegSA5NgXieX/RGk0CkswsxXN7QtbFm+a4+b4KL\nGIJO/DsUSz6CjMhc+vt2O8WeMKxQ8ZSLs6/s4b8O/SKESq7mo0ZO9MUNDCVs\n/mHYjZ5Teny5Ev/c2nQ69bFhxU4difMlpIC6YgKvd7pa4mnkwWaNr2FZZwfz\nXDipCe9t7RUFeIgIDmTCHhx5HgSFuEqw1X+xhLp8vw==\n",
   "knife_workstation": "PbqMWmYAGu6yKZJ5TaXiRQxMwWwruDZPLFtkma0PpeJpMNobN9EPBWJE9lgl\ntpl2p7F5iaPlNxPT+FNv057wD2/i+yGJOX8zaTtT/2bOErrkJuo+4em/tjJ6\niE8cvED9eGapbEkAwWJl6umdIsNEviQTEPkD5ppnC4GRC8CNhF5fDUnbNyem\nhOWptbJn6SgaVSa3KXPT82uWLrC4yiH3mUFinrXWdoZ2tV3Lqbn97EHtD2G8\nNFVWS0wE5Fx+Fk+u70x9OA7jbSQ9JzIuW0ZeqFVXqir6CLSHs9FdG06UpMr5\na2kDxEC7aV6V8XZVfpmmrxpdTExpb4zi/tiYH6j4fw==\n",
   "s2_search": "Mq2plvKsiJ8IOf4k0CP03HkHPASYpV5pYyDYZVXYXwwz75CnxP5RtSAUrZ6p\nHTTlnqrbhbyASBnMyK/JGqCoKuyEzEGmA1XlsfCUrQnbT4sbB9Kb84mc5Nk9\nZa8kHwnOV8PRLB4caashk1V4C5v/81CAGOobWJM2K4hBRAIOxXpyWHUm+G/c\nC8C2DOyEzx8pJJZOwyGGNF86J1kgQxAdBxaMPzUGPU8UQRUOWOPAcCzLw8U2\nNhcCInRvARf9B0GoZncYQzwwmk73jSofQanzxxo+Fo13EpdnqXxqBsfu1aJQ\n0relVD+a5q4mHT4JDzQIOXKThFGhnK0gzKSfIZfQ8g==\n"
-}
+}