From a06d27ed2a7d9ca31279833386dae253d06458d4 Mon Sep 17 00:00:00 2001 From: Aaron Shannon Date: Tue, 1 Oct 2024 16:21:37 +0100 Subject: [PATCH 1/5] PE-38801 Task added to fetch rules for PE Infrastructure Agent group and warn user that they will be replaced --- REFERENCE.md | 7 +++++++ plans/convert.pp | 2 ++ plans/upgrade.pp | 2 ++ tasks/get_group_rules.json | 5 +++++ tasks/get_group_rules.rb | 42 ++++++++++++++++++++++++++++++++++++++ 5 files changed, 58 insertions(+) create mode 100644 tasks/get_group_rules.json create mode 100755 tasks/get_group_rules.rb diff --git a/REFERENCE.md b/REFERENCE.md index df2287ba..52683121 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -64,6 +64,7 @@ * [`download`](#download): Download a file using curl * [`enable_replica`](#enable_replica): Execute the enable replica puppet command * [`filesize`](#filesize): Return the size of a file in bytes +* [`get_group_rules`](#get_group_rules): Run on a PE primary node to return the rules currently applied to the PE Infrastructure Agent group, along with a warning that they will be o * [`get_peadm_config`](#get_peadm_config): Run on a PE primary node to return the currently configured PEAdm parameters * [`get_psql_version`](#get_psql_version): Run on a PE PSQL node to return the major version of the PSQL server currently installed * [`infrastatus`](#infrastatus): Runs puppet infra status and returns the output @@ -1185,6 +1186,12 @@ Data type: `String` Path to the file to return the size of +### `get_group_rules` + +Run on a PE primary node to return the rules currently applied to the PE Infrastructure Agent group, along with a warning that they will be overwritten + +**Supports noop?** false + ### `get_peadm_config` Run on a PE primary node to return the currently configured PEAdm parameters diff --git a/plans/convert.pp b/plans/convert.pp index e697e87d..3c5a15a7 100644 --- a/plans/convert.pp +++ b/plans/convert.pp @@ -261,6 +261,8 @@ # the existing groups are correct enough to function until the upgrade is # performed. if (versioncmp($pe_version, '2019.7.0') >= 0) { + run_task('peadm::get_group_rules', $primary_target) + apply($primary_target) { class { 'peadm::setup::node_manager_yaml': primary_host => $primary_target.peadm::certname(), diff --git a/plans/upgrade.pp b/plans/upgrade.pp index 63375829..c201dbb5 100644 --- a/plans/upgrade.pp +++ b/plans/upgrade.pp @@ -326,6 +326,8 @@ default => $primary_postgresql_target.peadm::certname(), } + run_task('peadm::get_group_rules', $primary_target) + apply($primary_target) { class { 'peadm::setup::node_manager_yaml': primary_host => $primary_target.peadm::certname(), diff --git a/tasks/get_group_rules.json b/tasks/get_group_rules.json new file mode 100644 index 00000000..b9034bc4 --- /dev/null +++ b/tasks/get_group_rules.json @@ -0,0 +1,5 @@ +{ + "description": "Run on a PE primary node to return the rules currently applied to the PE Infrastructure Agent group, along with a warning that they will be overwritten", + "parameters": { }, + "input_method": "stdin" +} diff --git a/tasks/get_group_rules.rb b/tasks/get_group_rules.rb new file mode 100755 index 00000000..5c8f12dc --- /dev/null +++ b/tasks/get_group_rules.rb @@ -0,0 +1,42 @@ +#!/opt/puppetlabs/puppet/bin/ruby +# frozen_string_literal: true + +require 'json' +require 'net/http' +require 'puppet' + +class GetInfrastructureAgentGroupRules + def execute! + infrastructure_agent_group = groups.find { |obj| obj['name'] == 'PE Infrastructure Agent' } + if infrastructure_agent_group + puts "WARNING: The following existing rules on the PE Infrastructure Agent group will be overwritten with default values:" + puts JSON.pretty_generate(infrastructure_agent_group['rule']) + else + puts JSON.pretty_generate({ 'error' => 'PE Infrastructure Agent group does not exist' }) + end + end + + def groups + net = https(4433) + res = net.get('/classifier-api/v1/groups') + JSON.parse(res.body) + end + + def https(port) + https = Net::HTTP.new(Puppet.settings[:certname], port) + https.use_ssl = true + https.cert = OpenSSL::X509::Certificate.new(File.read(Puppet.settings[:hostcert])) + https.key = OpenSSL::PKey::RSA.new(File.read(Puppet.settings[:hostprivkey])) + https.verify_mode = OpenSSL::SSL::VERIFY_PEER + https.ca_file = Puppet.settings[:localcacert] + https + end +end + +# Run the task unless an environment flag has been set, signaling not to. The +# environment flag is used to disable auto-execution and enable Ruby unit +# testing of this task. +unless ENV['RSPEC_UNIT_TEST_MODE'] + Puppet.initialize_settings + GetInfrastructureAgentGroupRules.new.execute! +end \ No newline at end of file From b4574c713f3d70c5839e7b98e3d6d0f3781f56ef Mon Sep 17 00:00:00 2001 From: Aaron Shannon Date: Wed, 2 Oct 2024 13:04:21 +0100 Subject: [PATCH 2/5] PE-38801 Linting errors fixed --- tasks/get_group_rules.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tasks/get_group_rules.rb b/tasks/get_group_rules.rb index 5c8f12dc..9aa9eec4 100755 --- a/tasks/get_group_rules.rb +++ b/tasks/get_group_rules.rb @@ -5,11 +5,12 @@ require 'net/http' require 'puppet' +# GetInfrastructureAgentGroupRules task class class GetInfrastructureAgentGroupRules def execute! infrastructure_agent_group = groups.find { |obj| obj['name'] == 'PE Infrastructure Agent' } if infrastructure_agent_group - puts "WARNING: The following existing rules on the PE Infrastructure Agent group will be overwritten with default values:" + puts 'WARNING: The following existing rules on the PE Infrastructure Agent group will be overwritten with default values:' puts JSON.pretty_generate(infrastructure_agent_group['rule']) else puts JSON.pretty_generate({ 'error' => 'PE Infrastructure Agent group does not exist' }) @@ -39,4 +40,4 @@ def https(port) unless ENV['RSPEC_UNIT_TEST_MODE'] Puppet.initialize_settings GetInfrastructureAgentGroupRules.new.execute! -end \ No newline at end of file +end From e83c741e9baa552e29a83d5ebd93f7aa4ac54ac2 Mon Sep 17 00:00:00 2001 From: Aaron Shannon Date: Wed, 2 Oct 2024 15:46:30 +0100 Subject: [PATCH 3/5] PE-38801 Warning text moved to applicable plans --- REFERENCE.md | 4 ++-- plans/convert.pp | 1 + plans/upgrade.pp | 1 + tasks/get_group_rules.json | 2 +- tasks/get_group_rules.rb | 1 - 5 files changed, 5 insertions(+), 4 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index 52683121..7aef694b 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -64,7 +64,7 @@ * [`download`](#download): Download a file using curl * [`enable_replica`](#enable_replica): Execute the enable replica puppet command * [`filesize`](#filesize): Return the size of a file in bytes -* [`get_group_rules`](#get_group_rules): Run on a PE primary node to return the rules currently applied to the PE Infrastructure Agent group, along with a warning that they will be o +* [`get_group_rules`](#get_group_rules): Run on a PE primary node to return the rules currently applied to the PE Infrastructure Agent group * [`get_peadm_config`](#get_peadm_config): Run on a PE primary node to return the currently configured PEAdm parameters * [`get_psql_version`](#get_psql_version): Run on a PE PSQL node to return the major version of the PSQL server currently installed * [`infrastatus`](#infrastatus): Runs puppet infra status and returns the output @@ -1188,7 +1188,7 @@ Path to the file to return the size of ### `get_group_rules` -Run on a PE primary node to return the rules currently applied to the PE Infrastructure Agent group, along with a warning that they will be overwritten +Run on a PE primary node to return the rules currently applied to the PE Infrastructure Agent group **Supports noop?** false diff --git a/plans/convert.pp b/plans/convert.pp index 3c5a15a7..724e87d3 100644 --- a/plans/convert.pp +++ b/plans/convert.pp @@ -261,6 +261,7 @@ # the existing groups are correct enough to function until the upgrade is # performed. if (versioncmp($pe_version, '2019.7.0') >= 0) { + out::message('WARNING: The following existing rules on the PE Infrastructure Agent group will be overwritten with default values:') run_task('peadm::get_group_rules', $primary_target) apply($primary_target) { diff --git a/plans/upgrade.pp b/plans/upgrade.pp index c201dbb5..f254aafd 100644 --- a/plans/upgrade.pp +++ b/plans/upgrade.pp @@ -326,6 +326,7 @@ default => $primary_postgresql_target.peadm::certname(), } + out::message('WARNING: The following existing rules on the PE Infrastructure Agent group will be overwritten with default values:') run_task('peadm::get_group_rules', $primary_target) apply($primary_target) { diff --git a/tasks/get_group_rules.json b/tasks/get_group_rules.json index b9034bc4..994d8683 100644 --- a/tasks/get_group_rules.json +++ b/tasks/get_group_rules.json @@ -1,5 +1,5 @@ { - "description": "Run on a PE primary node to return the rules currently applied to the PE Infrastructure Agent group, along with a warning that they will be overwritten", + "description": "Run on a PE primary node to return the rules currently applied to the PE Infrastructure Agent group", "parameters": { }, "input_method": "stdin" } diff --git a/tasks/get_group_rules.rb b/tasks/get_group_rules.rb index 9aa9eec4..a4f675fa 100755 --- a/tasks/get_group_rules.rb +++ b/tasks/get_group_rules.rb @@ -10,7 +10,6 @@ class GetInfrastructureAgentGroupRules def execute! infrastructure_agent_group = groups.find { |obj| obj['name'] == 'PE Infrastructure Agent' } if infrastructure_agent_group - puts 'WARNING: The following existing rules on the PE Infrastructure Agent group will be overwritten with default values:' puts JSON.pretty_generate(infrastructure_agent_group['rule']) else puts JSON.pretty_generate({ 'error' => 'PE Infrastructure Agent group does not exist' }) From 962c7b35b2045539e529aeaae343ddc29534f8c7 Mon Sep 17 00:00:00 2001 From: Aaron Shannon Date: Thu, 3 Oct 2024 14:16:36 +0100 Subject: [PATCH 4/5] PE-38801 Fixed formatting of rules in warning message --- plans/convert.pp | 5 +++-- plans/upgrade.pp | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/plans/convert.pp b/plans/convert.pp index 724e87d3..2642ccd7 100644 --- a/plans/convert.pp +++ b/plans/convert.pp @@ -261,8 +261,9 @@ # the existing groups are correct enough to function until the upgrade is # performed. if (versioncmp($pe_version, '2019.7.0') >= 0) { - out::message('WARNING: The following existing rules on the PE Infrastructure Agent group will be overwritten with default values:') - run_task('peadm::get_group_rules', $primary_target) + $rules = run_task('peadm::get_group_rules', $primary_target).first.value['_output'] + $rules_formatted = stdlib::to_json_pretty(parsejson($rules)) + out::message("WARNING: The following existing rules on the PE Infrastructure Agent group will be overwritten with default values:\n ${rules_formatted}") apply($primary_target) { class { 'peadm::setup::node_manager_yaml': diff --git a/plans/upgrade.pp b/plans/upgrade.pp index f254aafd..5d061e0d 100644 --- a/plans/upgrade.pp +++ b/plans/upgrade.pp @@ -326,8 +326,9 @@ default => $primary_postgresql_target.peadm::certname(), } - out::message('WARNING: The following existing rules on the PE Infrastructure Agent group will be overwritten with default values:') - run_task('peadm::get_group_rules', $primary_target) + $rules = run_task('peadm::get_group_rules', $primary_target).first.value['_output'] + $rules_formatted = stdlib::to_json_pretty(parsejson($rules)) + out::message("WARNING: The following existing rules on the PE Infrastructure Agent group will be overwritten with default values:\n ${rules_formatted}") apply($primary_target) { class { 'peadm::setup::node_manager_yaml': From feca2fd5280cb49412d822148ec9de53afb9fa8c Mon Sep 17 00:00:00 2001 From: Aaron Shannon Date: Thu, 3 Oct 2024 16:01:46 +0100 Subject: [PATCH 5/5] PE-38801 Specs updated --- spec/plans/convert_spec.rb | 1 + spec/plans/upgrade_spec.rb | 3 +++ 2 files changed, 4 insertions(+) diff --git a/spec/plans/convert_spec.rb b/spec/plans/convert_spec.rb index ae738f2f..39ec7367 100644 --- a/spec/plans/convert_spec.rb +++ b/spec/plans/convert_spec.rb @@ -20,6 +20,7 @@ expect_task('peadm::cert_data').return_for_targets('primary' => trustedjson) expect_task('peadm::read_file').always_return({ 'content' => '2021.7.9' }) + expect_task('peadm::get_group_rules').return_for_targets('primary' => { '_output' => '{"rules": []}' }) # For some reason, expect_plan() was not working?? allow_plan('peadm::modify_certificate').always_return({}) diff --git a/spec/plans/upgrade_spec.rb b/spec/plans/upgrade_spec.rb index b3536a9e..640e7c04 100644 --- a/spec/plans/upgrade_spec.rb +++ b/spec/plans/upgrade_spec.rb @@ -22,6 +22,7 @@ def allow_standard_non_returning_calls it 'minimum variables to run' do allow_standard_non_returning_calls + expect_task('peadm::get_group_rules').return_for_targets('primary' => { '_output' => '{"rules": []}' }) expect_task('peadm::read_file') .with_params('path' => '/opt/puppetlabs/server/pe_build') @@ -36,6 +37,7 @@ def allow_standard_non_returning_calls it 'runs with a primary, compilers, but no replica' do allow_standard_non_returning_calls + expect_task('peadm::get_group_rules').return_for_targets('primary' => { '_output' => '{"rules": []}' }) expect_task('peadm::read_file') .with_params('path' => '/opt/puppetlabs/server/pe_build') @@ -92,6 +94,7 @@ def allow_standard_non_returning_calls .always_return({ 'content' => installed_version }) expect_task('peadm::cert_data').return_for_targets('primary' => trusted_primary) + expect_task('peadm::get_group_rules').return_for_targets('primary' => { '_output' => '{"rules": []}' }) end it 'updates pe.conf if r10k_known_hosts is set' do