voxpupuli · bastelfreak · Sep 23, 2018 · Aug 9, 2018
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -257,6 +257,11 @@
 #   Defines the number of retries for an AgentX request.
 #   Default: 5
 #
+# [*snmpv2_enable*]
+#   Disable com2sec, group, and access in snmpd.conf
+#  
+#   Default: true
+#
 # === Actions:
 #
 # Installs the Net-SNMP daemon package, service, and configuration.
@@ -353,6 +358,7 @@
   $agentx_socket                = $snmp::params::agentx_socket,
   $agentx_timeout               = $snmp::params::agentx_timeout,
   $agentx_retries               = $snmp::params::agentx_retries,
+  Boolean $snmpv2_enable        = $snmp::params::snmpv2_enable,
 ) inherits snmp::params {
   # Validate our booleans
   validate_bool($master)

diff --git a/manifests/params.pp b/manifests/params.pp
@@ -404,6 +404,7 @@
     $safe_trap_service_hasrestart = $trap_service_hasrestart
   }
 
+  $snmpv2_enable =  true
   $template_snmpd_conf = 'snmp/snmpd.conf.erb'
   $template_snmpd_sysconfig = "snmp/snmpd.sysconfig-${::osfamily}.erb"
   $template_snmptrapd = 'snmp/snmptrapd.conf.erb'

diff --git a/spec/classes/snmp_init_spec.rb b/spec/classes/snmp_init_spec.rb
@@ -1282,4 +1282,37 @@
       end
     end
   end
+
+  on_supported_os.each do |os, facts|
+    context "on #{os}" do
+      let(:facts) do
+        facts
+      end
+
+      describe 'snmpv2_enable => true' do
+        let(:params) { { snmpv2_enable: true } }
+
+        it 'contains File[snmpd.conf] with expected contents' do
+          verify_contents(catalogue, 'snmpd.conf', [
+                            'com2sec notConfigUser  default       public',
+                            'com2sec6 notConfigUser  default       public',
+                            'group   notConfigGroup v1            notConfigUser',
+                            'group   notConfigGroup v2c           notConfigUser',
+                            'view    systemview    included   .1.3.6.1.2.1.1',
+                            'view    systemview    included   .1.3.6.1.2.1.25.1.1',
+                            'access  notConfigGroup ""      any       noauth    exact  systemview none  none'
+                          ])
+        end
+      end
+      describe 'snmpv2_enable => badvalue' do
+        let(:params) { { snmpv2_enable: 'badvalue' } }
+
+        it 'fails' do
+          expect do
+            is_expected.to raise_error(Puppet::Error, %r{"badvalue" is not a boolean.})
+          end
+        end
+      end
+    end
+  end
 end
diff --git a/templates/snmpd.conf.erb b/templates/snmpd.conf.erb
@@ -60,6 +60,7 @@ rocommunity6 <%= c %> <%= n %>
 # ------------------------------------------------------------------------------
 # VACM Configuration
 #       sec.name       source        community
+<% if @snmpv2_enable -%>
 <% @com2sec.each do |c| -%>
 com2sec <%= c %>
 <% end -%>
@@ -73,16 +74,15 @@ com2sec6 <%= c %>
 group   <%= group %>
 <% end -%>
 
-#       name          incl/excl  subtree             mask(optional)
-<% @views.each do |view| -%>
-view    <%= view %>
-<% end -%>
-
 #       group          context sec.model sec.level prefix read       write notif
 <% @accesses.each do |access| -%>
 access  <%= access %>
 <% end -%>
-
+<% end -%>
+#       name          incl/excl  subtree             mask(optional)
+<% @views.each do |view| -%>
+view    <%= view %>
+<% end -%>
 # ------------------------------------------------------------------------------
 # Typed-View Configuration