Skip to content

Commit

Permalink
Fix ipa fact (#299)
Browse files Browse the repository at this point in the history
Also fix beaker tests for ipa fact.

Closes #296
  • Loading branch information
silug authored Dec 23, 2024
1 parent d10bc45 commit 08ec2d4
Show file tree
Hide file tree
Showing 7 changed files with 37 additions and 16 deletions.
2 changes: 2 additions & 0 deletions .fixtures.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ fixtures:
simpkv: https://github.com/simp/pupmod-simp-simpkv.git
stdlib: https://github.com/simp/puppetlabs-stdlib.git
systemd: https://github.com/simp/puppet-systemd.git
augeasproviders_sysctl: https://github.com/simp/augeasproviders_sysctl.git
augeasproviders_core: https://github.com/simp/augeasproviders_core.git

# This needs to be in place for the rspec-puppet Hiera 5 hook to work
# No idea why, it may be because Puppet sees a custom backend and loads all
Expand Down
3 changes: 3 additions & 0 deletions CHANGELOG
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
* Fri Dec 13 2024 Steven Pritchard <[email protected]> - 4.12.3
- Fix `ipa` fact (#296)

* Fri Jan 19 2024 ben <[email protected]> - 4.12.2
- Fix simplib__crypto_policy_state fact to include custom policies

Expand Down
2 changes: 1 addition & 1 deletion Gemfile
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ group :system_tests do
gem 'bcrypt_pbkdf'
gem 'beaker'
gem 'beaker-rspec'
gem 'simp-beaker-helpers', ENV.fetch('SIMP_BEAKER_HELPERS_VERSION', ['>= 1.32.1', '< 2'])
gem 'simp-beaker-helpers', ENV.fetch('SIMP_BEAKER_HELPERS_VERSION', ['>= 1.34.3', '< 2'])
end

# Evaluate extra gemfiles if they exist
Expand Down
2 changes: 1 addition & 1 deletion lib/facter/ipa.rb
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@
# We won't know if we are connected to a server until later
defaults['connected'] = false

klist_retval = Puppet::Util::Execution.execute("#{klist} -s")
klist_retval = Puppet::Util::Execution.execute("#{klist} -s", fail_on_fail: false)
unless klist_retval.exitstatus.zero?
# Obtain host Kerberos token so we can use IPA API
kinit_msg = Facter::Core::Execution.execute("#{kinit} -k 2>&1", options = {:timeout => kinit_timeout})
Expand Down
2 changes: 1 addition & 1 deletion metadata.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "simp-simplib",
"version": "4.12.2",
"version": "4.12.3",
"author": "SIMP Team",
"summary": "A collection of common SIMP functions, facts, and types",
"license": "Apache-2.0",
Expand Down
36 changes: 26 additions & 10 deletions spec/acceptance/suites/ipa_fact/ipa_fact_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,17 @@ def skip_fips(host)
on(host, 'puppet resource package ipa-client ensure=present')
end

it 'enables ipv6' do
on(host, 'puppet resource sysctl net.ipv6.conf.all.disable_ipv6 ensure=present value=0 target=/etc/sysctl.conf')
on(host, 'puppet resource sysctl net.ipv6.conf.lo.disable_ipv6 ensure=present value=0 target=/etc/sysctl.conf')
end

it 'configures the firewall' do
on(host, 'systemctl is-active firewalld.service && firewall-cmd --add-port={{80,443,389,636,88,464,53}/tcp,{88,464,53,123}/udp} --permanent')
end

it 'should ensure hostname is set to the FQDN' do
hostname = pfact_on(host, 'fqdn')
hostname = pfact_on(host, 'networking.fqdn')
on(host, "hostnamectl set-hostname #{hostname}")

# DBus may need to be restarted after updating, and a reboot is the only way
Expand All @@ -52,7 +61,7 @@ def skip_fips(host)
results = apply_manifest_on(server, manifest)
expect(results.output).to match(/Notice: Type => NilClass Content => null/)

expect(pfact_on(server, 'ipa')).to be_empty
expect(pfact_on(server, 'ipa')).to be_nil.or be_empty
end
end

Expand All @@ -65,7 +74,7 @@ def skip_fips(host)
results = apply_manifest_on(server, manifest)
expect(results.output).to match(/Notice: Type => NilClass Content => null/)

expect(pfact_on(server, 'ipa')).to be_empty
expect(pfact_on(server, 'ipa')).to be_nil.or be_empty
end
end

Expand All @@ -74,7 +83,7 @@ def skip_fips(host)
it 'ipa fact should contain domain and IPA server' do
# ipa-server-install installs both the IPA server and client.
# The fact uses the client env.
fqdn = pfact_on(server, 'fqdn')
fqdn = pfact_on(server, 'networking.fqdn')

cmd = [
'umask 0022 &&',
Expand All @@ -96,7 +105,8 @@ def skip_fips(host)

results = pfact_on(server, 'ipa')

expect(results).to_not be_empty
expect(results).to be_a(Hash)
expect(results).not_to be_empty
expect(results['connected']).to eq true
expect(results['server']).to eq fqdn
expect(results['domain']).to eq ipa_domain
Expand All @@ -109,7 +119,8 @@ def skip_fips(host)

results = pfact_on(server, 'ipa')

expect(results).to_not be_empty
expect(results).to be_a(Hash)
expect(results).not_to be_empty
expect(results['connected']).to eq false
end

Expand All @@ -126,16 +137,17 @@ def skip_fips(host)

context 'prior to registration' do
it 'should not have an IPA fact' do
expect(pfact_on(client, 'ipa')).to be_empty
expect(pfact_on(client, 'ipa')).to be_nil.or be_empty
end
end

context 'after registration' do
let(:ipa_server) {
pfact_on(hosts_with_role(hosts, 'server').first, 'fqdn')
pfact_on(hosts_with_role(hosts, 'server').first, 'networking.fqdn')
}

it 'should register with the IPA server' do
os = fact_on(client, 'os')
ipa_command = [
# Unattended installation
'ipa-client-install -U',
Expand All @@ -152,14 +164,17 @@ def skip_fips(host)
# Admin password
"--password='#{admin_password}'",
].join(' ')
# Force ntpd support on EL7
ipa_command += ' --force-ntpd' if os.dig('release', 'major') == '7'

on(client, ipa_command)
end

it 'should have the IPA fact populated' do
results = pfact_on(client, 'ipa')

expect(results).to_not be_empty
expect(results).to be_a(Hash)
expect(results).not_to be_empty
expect(results['connected']).to eq true
expect(results['server']).to eq ipa_server
expect(results['domain']).to eq ipa_domain
Expand All @@ -174,7 +189,8 @@ def skip_fips(host)

results = pfact_on(client, 'ipa')

expect(results).to_not be_empty
expect(results).to be_a(Hash)
expect(results).not_to be_empty
expect(results['connected']).to eq false
end

Expand Down
6 changes: 3 additions & 3 deletions spec/unit/facter/ipa_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@
before(:each) do
allow(File).to receive(:exist?).with('/etc/ipa/default.conf').and_return(true)
allow(File).to receive(:read).with('/etc/ipa/default.conf').and_return(default_conf.dup)
allow(Puppet::Util::Execution).to receive(:execute).with('/usr/bin/klist -s').and_return(Puppet::Util::Execution::ProcessOutput.new('', 0))
allow(Puppet::Util::Execution).to receive(:execute).with('/usr/bin/klist -s', fail_on_fail: false).and_return(Puppet::Util::Execution::ProcessOutput.new('', 0))
allow(Facter::Core::Execution).to receive(:execute).with(ipa_env_query, ipa_query_options).and_return(ipa_env)
allow(Facter::Core::Execution).to receive(:execute).with(ipa_env_server_query, ipa_query_options).and_return(ipa_server_env)
end
Expand All @@ -103,7 +103,7 @@
before(:each) do
allow(File).to receive(:exist?).with('/etc/ipa/default.conf').and_return(true)
allow(File).to receive(:read).with('/etc/ipa/default.conf').and_return(default_conf)
allow(Puppet::Util::Execution).to receive(:execute).with('/usr/bin/klist -s').and_return(Puppet::Util::Execution::ProcessOutput.new('', 1))
allow(Puppet::Util::Execution).to receive(:execute).with('/usr/bin/klist -s', fail_on_fail: false).and_return(Puppet::Util::Execution::ProcessOutput.new('', 1))
allow(Facter::Core::Execution).to receive(:execute).with('/usr/bin/kinit -k 2>&1', kinit_query_options).and_return('')
allow(Facter::Core::Execution).to receive(:execute).with(ipa_env_query, ipa_query_options).and_return(ipa_env)
allow(Facter::Core::Execution).to receive(:execute).with(ipa_env_server_query, ipa_query_options).and_return(ipa_server_env)
Expand All @@ -125,7 +125,7 @@
before(:each) do
allow(File).to receive(:exist?).with('/etc/ipa/default.conf').and_return(true)
allow(File).to receive(:read).with('/etc/ipa/default.conf').and_return(default_conf)
allow(Puppet::Util::Execution).to receive(:execute).with('/usr/bin/klist -s').and_return(Puppet::Util::Execution::ProcessOutput.new('', 1))
allow(Puppet::Util::Execution).to receive(:execute).with('/usr/bin/klist -s', fail_on_fail: false).and_return(Puppet::Util::Execution::ProcessOutput.new('', 1))
allow(Facter::Core::Execution).to receive(:execute).with('/usr/bin/kinit -k 2>&1', kinit_query_options).and_return('some error message')
allow(Facter::Core::Execution).to receive(:execute).with(ipa_env_query, ipa_query_options).and_return('')
end
Expand Down

0 comments on commit 08ec2d4

Please sign in to comment.