-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(PUP-6241) Acceptance unreadable environment #5247
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
test_name "C97899 - Agent run should fail if environment is unreadable" do | ||
skip_test 'requires a puppetserver master for managing the environment' if hosts_with_role(hosts, 'master').length == 0 or not @options[:is_puppetserver] | ||
|
||
testdir = '' | ||
env_path = '' | ||
test_env = '' | ||
|
||
step 'setup environments' do | ||
testdir = create_tmpdir_for_user master, 'c97899_unreadable_envdir' | ||
env_path = "#{testdir}/environments" | ||
test_env = "#{env_path}/testing" | ||
|
||
apply_manifest_on(master, <<-MANIFEST, :catch_failures => true) | ||
File { | ||
ensure => directory, | ||
mode => "0770", | ||
owner => #{master.puppet['user']}, | ||
group => #{master.puppet['group']}, | ||
} | ||
file { | ||
'#{env_path}':; | ||
'#{env_path}/production':; | ||
'#{test_env}':; | ||
'#{test_env}/manifests':; | ||
'#{test_env}/modules':; | ||
} | ||
file { '#{test_env}/manifests/site.pp': | ||
ensure => file, | ||
mode => "0640", | ||
content => 'node default { notify { "Hello agent": } }', | ||
} | ||
MANIFEST | ||
end | ||
|
||
step 'change permissions of envdir to 644' do | ||
on(master, "chmod 644 #{test_env}") | ||
end | ||
|
||
step 'verify environment fails with puppet agent run' do | ||
master_opts = { | ||
'main' => { | ||
'environmentpath' => env_path, | ||
} | ||
} | ||
with_puppet_running_on master, master_opts, testdir do | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It seems like this starts a 'puppet master' and not a puppet server. The problem is only reproduced using a puppet server. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. If run with the There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. i agree with @johnduarte here There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. there are better ways to inject an environment into the codedir without a requirement to HUP the server. we might want to do this with more tests so that we can remove with_puppet_running_on once we can assume the server is running. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The Also, There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @johnduarte can you confirm if the test still passes with There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @joshcooper it looks like one of the pre-suite tasks for
Filed PUP-7376 There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. |
||
agents.each do |agent| | ||
on(agent, puppet("agent --test --server #{master} --environment testing"), :accept_all_exit_codes => true) do |result| | ||
refute_equal(2, result.exit_code, 'agent run should not apply changes') | ||
expect_failure('expected to fail until PUP-6241 is resolved') do | ||
refute_equal(0, result.exit_code, 'agent run should not succeed') | ||
refute_empty(result.stderr, 'an appropriate error is expected') | ||
end | ||
end | ||
end | ||
end | ||
end | ||
|
||
end |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
test_name "C98160 - Agent run should fail if an environment's site.pp is unreadable" do | ||
skip_test 'requires a master for managing the environment' if hosts_with_role(hosts, 'master').length == 0 | ||
|
||
testdir = '' | ||
env_path = '' | ||
test_env = '' | ||
|
||
step 'setup environments' do | ||
testdir = create_tmpdir_for_user master, 'c97899_unreadable_envdir' | ||
env_path = "#{testdir}/environments" | ||
test_env = "#{env_path}/testing" | ||
|
||
apply_manifest_on(master, <<-MANIFEST, :catch_failures => true) | ||
File { | ||
ensure => directory, | ||
mode => "0770", | ||
owner => #{master.puppet['user']}, | ||
group => #{master.puppet['group']}, | ||
} | ||
file { | ||
'#{env_path}':; | ||
'#{env_path}/production':; | ||
'#{test_env}':; | ||
'#{test_env}/manifests':; | ||
'#{test_env}/modules':; | ||
} | ||
file { '#{test_env}/manifests/site.pp': | ||
ensure => file, | ||
mode => "0000", # <- NOTE: this is unreadable | ||
content => 'node default { notify { "Hello agent": } }', | ||
} | ||
MANIFEST | ||
end | ||
|
||
step 'verify environment fails with puppet agent run' do | ||
master_opts = { | ||
'main' => { | ||
'environmentpath' => env_path, | ||
} | ||
} | ||
with_puppet_running_on master, master_opts, testdir do | ||
agents.each do |agent| | ||
on(agent, puppet("agent --test --server #{master} --environment testing"), :accept_all_exit_codes => true) do |result| | ||
refute_equal(2, result.exit_code, 'agent run should not apply changes') | ||
refute_equal(0, result.exit_code, 'agent run should not succeed') | ||
refute_empty(result.stderr, 'an appropriate error is expected') | ||
end | ||
end | ||
end | ||
end | ||
|
||
end |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There's two possible cases here: the environment folder has overly restrictive permissions; and the environment folder manifest has correct permissions but site.pp has overly restrictive permissions.
This code seems to restrict both permissions but will only really be testing the folder permissions. Perhaps this test file (or a separate test file) should test the case of the folder having correct permissions and site.pp having restrictive permissions?
(I imagine we could also have cases where both the folder and site.pp have correct permissions but then other manifest files/folders are restricted - I think that should be a separate ticket though)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@james-stocks , I am unable to reproduce the case where the
site.pp
file is too restrictive. I have added another test case to this PR for that scenario. It currently, fails theexpect_failure
condition when I run it against a recent master puppet-agent (SHA=e15c8b567fee6846f06aa8f0e74a07dd8fe90441).