(PE-36789) Fix target mismatch for updating pe.conf

Noticed that the get_pe_conf/update_pe_conf functions were expecting a target but $primary_target is actually an array. So I went ahead added specs covering the basic cases for upgrade and r10k_known_hosts. They aren't the best specs due to difficulties testing write_file, upload_file and out_message, but they at least validate that the plan completes with r10k_known_hosts set.
puppetlabs · Sep 15, 2023 · 6bdd32c · 6bdd32c
1 parent 8ca2a0d
commit 6bdd32c
Show file tree

Hide file tree

Showing 2 changed files with 78 additions and 2 deletions.
diff --git a/plans/upgrade.pp b/plans/upgrade.pp
@@ -218,14 +218,14 @@
     }
 
     if $r10k_known_hosts != undef {
-      $current_pe_conf = peadm::get_pe_conf($primary_target)
+      $current_pe_conf = peadm::get_pe_conf($primary_target[0])
 
       # Append the r10k_known_hosts entry
       $updated_pe_conf = $current_pe_conf + {
         'puppet_enterprise::profile::master::r10k_known_hosts' => $r10k_known_hosts,
       }
 
-      peadm::update_pe_conf($primary_target, $updated_pe_conf)
+      peadm::update_pe_conf($primary_target[0], $updated_pe_conf)
     }
   }
 

diff --git a/spec/plans/upgrade_spec.rb b/spec/plans/upgrade_spec.rb
@@ -61,4 +61,80 @@ def allow_standard_non_returning_calls
     expect(result.value.kind).to eq('unexpected-transport')
     expect(result.value.msg).to match(%r{The "pcp" transport is not available for use with the Primary})
   end
+
+  context 'r10k_known_hosts' do
+    let(:installed_version) { '2021.7.3' }
+    let(:r10k_known_hosts) do
+      [
+        {
+          'name'          => 'primary.rspec',
+          'type'          => 'rsa',
+          'key'           => 'pubkey',
+        },
+      ]
+    end
+    # NOTE: dupliating this error message is unfortunate, but
+    # expect_out_message() doesn't take a regex.
+    let(:r10k_warning) do
+      <<~EOS
+        \nWARNING: Starting in PE 2023.3, SSH host key verification is required for Code Manager and r10k.\n
+        To enable host key verification, you must define the puppet_enterprise::profile::master::r10k_known_hosts parameter with an array of hashes containing "name", "type", and "key" to specify your hostname, key type, and public key for your remote host(s).\n
+        If you currently use SSH protocol to allow r10k to access your remote Git repository, your Code Manager or r10k code management tool cannot function until you define the r10k_known_hosts parameter.\n
+        Please refer to the Puppet Enterprise 2023.3 Upgrade cautions for more details.\n
+      EOS
+    end
+
+    before(:each) do
+      allow_standard_non_returning_calls
+
+      expect_task('peadm::read_file')
+        .with_params('path' => '/opt/puppetlabs/server/pe_build')
+        .always_return({ 'content' => installed_version })
+
+      expect_task('peadm::cert_data').return_for_targets('primary' => trusted_primary)
+    end
+
+    it 'updates pe.conf if r10k_known_hosts is set' do
+      expect_task('peadm::read_file')
+        .with_params('path' => '/etc/puppetlabs/enterprise/conf.d/pe.conf')
+        .always_return({ 'content' => <<~PECONF })
+          # spec pe.conf
+          "puppet_enterprise::puppet_master_host": "%{::trusted.certname}"
+        PECONF
+      # TODO: this doesn't verify what we are writing; we would need to mock
+      # write_file for that. Being more specific about exactly what file we are
+      # uploading runs afoul of the fact that write_file creates a source tempfile,
+      # and we can't expect_upload() because we don't have the tempfile name.
+      allow_any_upload
+
+      expect(run_plan('peadm::upgrade',
+                       'primary_host'     => 'primary',
+                       'version'          => '2023.3.0',
+                       'r10k_known_hosts' => r10k_known_hosts,
+                       'permit_unsafe_versions' => true)).to be_ok
+    end
+
+    it 'warns if upgrading to 2023.3+ from 2023.0- without r10k_known_hosts set' do
+      # This is fairly horrible, but expect_out_message doesn't take a regex.
+      expect_out_message.with_params(r10k_warning)
+
+      expect(run_plan('peadm::upgrade',
+                       'primary_host'     => 'primary',
+                       'version'          => '2023.3.0',
+                       'permit_unsafe_versions' => true)).to be_ok
+    end
+
+    context 'upgrading from 2023.3+' do
+      let(:installed_version) { '2023.3.0' }
+
+      it 'does not warn if r10k_known_hosts is not set' do
+        expect_out_message.with_params(r10k_warning).not_be_called
+
+        expect(run_plan('peadm::upgrade',
+                         'primary_host'     => 'primary',
+                         'version'          => '2023.4.0',
+                         'permit_unsafe_versions' => true)).to be_ok
+      end
+    end
+  end
 end