From a00998344e7ddd23d24966c28969182c894d2459 Mon Sep 17 00:00:00 2001
From: Nacho Barrientos <nacho.barrientos@cern.ch>
Date: Tue, 21 Aug 2018 15:31:35 +0200
Subject: [PATCH] Add configuration options to filter facts out

This changeset adds two configuration options used by the facts PuppetDB
indirector:

  * fact_names_blocklist
  * fact_names_blocklist_regex

They can be used to configure a list of fact names that will never be
sent to PuppetDB, based on exact fact names or regular expressions.
---
 .../lib/puppet/indirector/facts/puppetdb.rb   | 12 +++++++++++
 puppet/lib/puppet/util/puppetdb/config.rb     | 20 +++++++++++++++++--
 2 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/puppet/lib/puppet/indirector/facts/puppetdb.rb b/puppet/lib/puppet/indirector/facts/puppetdb.rb
index 2c19aa08e6..99fbe7e691 100644
--- a/puppet/lib/puppet/indirector/facts/puppetdb.rb
+++ b/puppet/lib/puppet/indirector/facts/puppetdb.rb
@@ -31,6 +31,18 @@ def save(request)
           package_inventory = inventory['packages'] if inventory.respond_to?(:keys)
           facts.values.delete('_puppet_inventory_1')
 
+          fact_names_blocklist = Puppet::Util::Puppetdb.config.fact_names_blocklist
+
+          fact_names_blocklist.each{|blocklisted_fact_name|
+            facts.values.delete(blocklisted_fact_name)
+          }
+
+          fact_names_blocklist_regexps = Puppet::Util::Puppetdb.config.fact_names_blocklist_regex
+
+          fact_names_blocklist_regexps.each{|blocklisted_fact_name_regexp_str|
+            facts.values.reject!{|k,v| k =~ Regexp.new(blocklisted_fact_name_regexp_str)}
+          }
+
           payload_value = {
             "certname" => facts.name,
             "values" => facts.values,
diff --git a/puppet/lib/puppet/util/puppetdb/config.rb b/puppet/lib/puppet/util/puppetdb/config.rb
index 61284431c9..714aae0a73 100644
--- a/puppet/lib/puppet/util/puppetdb/config.rb
+++ b/puppet/lib/puppet/util/puppetdb/config.rb
@@ -18,7 +18,9 @@ def self.load(config_file = nil)
         :submit_only_server_urls     => "",
         :command_broadcast           => false,
         :sticky_read_failover        => false,
-        :verify_client_certificate   => true
+        :verify_client_certificate   => true,
+        :fact_names_blocklist        => "",
+        :fact_names_blocklist_regex  => ""
       }
 
       config_file ||= File.join(Puppet[:confdir], "puppetdb.conf")
@@ -71,7 +73,9 @@ def self.load(config_file = nil)
            :submit_only_server_urls,
            :command_broadcast,
            :sticky_read_failover,
-           :verify_client_certificate].include?(k))
+           :verify_client_certificate,
+           :fact_names_blocklist,
+           :fact_names_blocklist_regex].include?(k))
       end
 
       parsed_urls = config_hash[:server_urls].split(",").map {|s| s.strip}
@@ -108,6 +112,10 @@ def self.load(config_file = nil)
           "or equal to the number of server_urls (#{config_hash[:server_urls].length})"
       end
 
+      config_hash[:fact_names_blocklist] = config_hash[:fact_names_blocklist].split(",").map {|s| s.strip}
+
+      config_hash[:fact_names_blocklist_regex] = config_hash[:fact_names_blocklist_regex].split(",").map {|s| s.strip}
+
       self.new(config_hash)
     rescue => detail
       Puppet.log_exception detail, "Could not configure PuppetDB terminuses: #{detail.message}", {level: :warning}
@@ -160,6 +168,14 @@ def verify_client_certificate
       config[:verify_client_certificate]
     end
 
+    def fact_names_blocklist
+      config[:fact_names_blocklist]
+    end
+
+    def fact_names_blocklist_regex
+      config[:fact_names_blocklist_regex]
+    end
+
     # @!group Private instance methods
 
     # @!attribute [r] count