(SIMP-10745) Fix simplib__crypto_policy_state fact (#293)

* (SIMP-10745) Fix simplib__crypto_policy_state fact

Include user defined crypto policies

SIMP-10745 #close

* Provide correct path

* Update unit tests

* Update unit tests

* Update logic, check global only.

* Simplify fact logic

* Combine system and custom policies into one call to `Dir.glob()`
* Add CHANGELOG entry and bump version
* Cleanup for puppet-lint and rubocop

---------

Co-authored-by: Steven Pritchard <[email protected]>

CHANGELOG

@@ -1,3 +1,6 @@
+* Fri Jan 19 2024 ben <[email protected]> - 4.12.2
+- Fix simplib__crypto_policy_state fact to include custom policies
+
 * Thu Oct 12 2023 Steven Pritchard <[email protected]> - 4.12.1
 - Update Gemfile
 - Fix GHA release workflow

lib/facter/simplib__crypto_policy_state.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-# Provides the state of the configured crypto policies
+# @summary Provides the state of the configured crypto policies
 #
 # @see update-crypto-policy(8)
 #
@@ -36,14 +36,14 @@
       system_state['global_policy_applied'] = !Array(output).grep(%r{is applied}).empty? if output
 
       # This is everything past EL8.0
-      global_policies = Dir.glob('/usr/share/crypto-policies/policies/*.pol')
+      global_policies = Dir.glob(['/usr/share/crypto-policies/policies/*.pol', '/etc/crypto-policies/policies/*.pol'])
 
       # Fallback for 8.0
       if global_policies.empty?
-        global_policies = Dir.glob('/usr/share/crypto-policies/*').select{|x| File.directory?(x)}
+        global_policies = Dir.glob('/usr/share/crypto-policies/*').select { |x| File.directory?(x) }
       end
 
-      system_state['global_policies_available'] = global_policies.map{|x| File.basename(x, '.pol')}
+      system_state['global_policies_available'] = global_policies.map { |x| File.basename(x, '.pol') }.uniq
     end
 
     system_state

metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "simp-simplib",
-  "version": "4.12.1",
+  "version": "4.12.2",
   "author": "SIMP Team",
   "summary": "A collection of common SIMP functions, facts, and types",
   "license": "Apache-2.0",

spec/unit/facter/simplib__crypto_policy_state_spec.rb

@@ -8,52 +8,53 @@
 
     # Mock out Facter method called when evaluating confine for :kernel
     allow(Facter::Core::Execution).to receive(:exec).with('uname -s').and_return('Linux')
-    expect(Facter.fact(:kernel)).to receive(:value).and_return('Linux')
+    allow(Facter.fact(:kernel)).to receive(:value).and_return('Linux')
 
     # Ensure that something sane is returned when finding the command
-    expect(Facter::Util::Resolution).to receive(:which).with('update-crypto-policies').and_return('update-crypto-policies')
+    allow(Facter::Util::Resolution).to receive(:which).with('update-crypto-policies').and_return('update-crypto-policies')
   end
 
   context 'with a functional update-crypto-policies command' do
     before :each do
-      expect(Facter::Core::Execution).to receive(:execute).with('update-crypto-policies --no-reload --show', on_fail: false).and_return("DEFAULT\n")
+      allow(Facter::Core::Execution).to receive(:execute).with('update-crypto-policies --no-reload --show', on_fail: false).and_return("DEFAULT\n")
 
-
-      expect(Dir).to receive(:glob).with('/usr/share/crypto-policies/policies/*.pol').and_return(
+      allow(Dir).to receive(:glob).with(['/usr/share/crypto-policies/policies/*.pol', '/etc/crypto-policies/policies/*.pol']).and_return(
         [
           '/usr/share/crypto-policies/policies/DEFAULT.pol',
-          '/usr/share/crypto-policies/policies/LEGACY.pol'
-        ]
+          '/usr/share/crypto-policies/policies/LEGACY.pol',
+          '/etc/crypto-policies/policies/DEFAULT.pol',
+          '/etc/crypto-policies/policies/CUSTOM.pol',
+        ],
       )
     end
 
     context 'when applied' do
       before :each do
-        expect(Facter::Core::Execution).to receive(:execute).with('update-crypto-policies --no-reload --is-applied', on_fail: false).and_return("The configured policy is applied\n")
+        allow(Facter::Core::Execution).to receive(:execute).with('update-crypto-policies --no-reload --is-applied', on_fail: false).and_return("The configured policy is applied\n")
       end
 
       it do
         expect(Facter.fact('simplib__crypto_policy_state').value).to include(
           {
             'global_policy' => 'DEFAULT',
             'global_policy_applied' => true,
-            'global_policies_available' => ['DEFAULT', 'LEGACY']
+            'global_policies_available' => ['DEFAULT', 'LEGACY', 'CUSTOM']
           },
         )
       end
     end
 
     context 'when not applied' do
       before :each do
-        expect(Facter::Core::Execution).to receive(:execute).with('update-crypto-policies --no-reload --is-applied', on_fail: false).and_return("The configured policy is NOT applied\n")
+        allow(Facter::Core::Execution).to receive(:execute).with('update-crypto-policies --no-reload --is-applied', on_fail: false).and_return("The configured policy is NOT applied\n")
       end
 
       it do
         expect(Facter.fact('simplib__crypto_policy_state').value).to include(
           {
             'global_policy' => 'DEFAULT',
             'global_policy_applied' => false,
-            'global_policies_available' => ['DEFAULT', 'LEGACY']
+            'global_policies_available' => ['DEFAULT', 'LEGACY', 'CUSTOM']
           },
         )
       end
@@ -62,7 +63,7 @@
 
   context 'with a non-functional update-crypto-policies command' do
     it 'returns a nil value' do
-      expect(Facter::Core::Execution).to receive(:execute).with('update-crypto-policies --no-reload --show', on_fail: false).and_return(false)
+      allow(Facter::Core::Execution).to receive(:execute).with('update-crypto-policies --no-reload --show', on_fail: false).and_return(false)
 
       expect(Facter.fact('simplib__crypto_policy_state').value).to be_nil
     end