New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(PUP-9562) User resource should respect forcelocal for the comment parameter #7768
(PUP-9562) User resource should respect forcelocal for the comment parameter #7768
Conversation
CLA signed by all contributors. |
3bc941d
to
8d4634c
Compare
A user resource configured with forcelocal will still try to sync the comment with the external directory services. It does use `lusermod` to modify the local `/etc/passwd` to the comment specified in the user resource, but it compares the `in_sync` with the external directory services, meaning that it always updates the comment on catalog compilation. This commit queries the comment from the local `/etc/passwd` if the `forcelocal` parameter is set. It also modifies the `finduser` method to return a hash of parameter/value type, since returning numbered elements is more error-prone.
986f3c2
to
83da627
Compare
user = line.split(":") | ||
if user[index] == value | ||
return Hash[passwd_keys.zip(user)] | ||
end |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The old and new code read /etc/passwd
once per user resource per managed parameter (until it finds a match). Can we not do that (in a future ticket/PR)? Seems like we could read /etc/passwd
once per user
resource without too much difficulty. Reading it once per transaction is also a possibility but users could be created mid-transaction...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good catch. Filed PUP-10117 for this issue.
allow(provider).to receive(:finduser).with('account', 'myuser').and_return(passwd_line) | ||
expect(provider).to receive(:localcomment).and_return('local comment') | ||
provider.comment | ||
allow(provider).to receive(:finduser).with(:account, 'myuser').and_return(user_object) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
stubbing the finduser
method is a code smell since it's part of the code that we're trying to test. It would be better to stub what File.open
returns (like you do on line 339)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I thought it'd be cleaner to stub finduser
here since I'm already testing it separately below, and its "usage" is not really in the scope of the comment
method which I'm testing here. Is this the way to go?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are lots of tests in puppet that do what you're describing, but I've been bitten by overmocking/stubbing so much that I avoid it as much as possible. For example, finduser
is effectively a private method, so if you have tests like this, then refactoring in the future is harder.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Makes sense, I changed it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I had some minor comments due to the way the old code & tests were written, but it's not blocking. Feel free to file a separate ticket and fix later.
83da627
to
7808d91
Compare
This commit changes the `passwd_keys` array elements to be symbols instead of strings (since we do not manipulate them in the code), and updates the tests accordingly. Also, we do not explictly close the file since Ruby should do it for us when leaving the block's context. This commit also adds tests for `useradd#finduser` and fixes up some wrong expectations.
A user resource configured with
forcelocal
will still try to sync the comment with the external directory services. It does uselusermod
to modify the local/etc/passwd
to the comment specified in the user resource, but it compares thein_sync
with the external directoryservices, meaning that it always updates the comment on catalog compilation.
This commit queries the comment from the local
/etc/passwd
if theforcelocal
parameter is set. It also modifies thefinduser
method to return a hash of parameter/value type, since returning numbered elements is more error-prone.