test

Stromweld · Mar 3, 2024 · 6550aae · 6550aae
1 parent f86f33c
commit 6550aae
Show file tree

Hide file tree

Showing 5 changed files with 52 additions and 28 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -38,6 +38,8 @@ jobs:
             suite: server
           - os: rockylinux-8
             suite: supermarket
+          - os: rockylinux-9
+            suite: server
           - os: rockylinux-9
             suite: supermarket
           - os: ubuntu-2204

diff --git a/libraries/helpers.rb b/libraries/helpers.rb
@@ -1,15 +1,15 @@
 module ChefSoftware
   module Helpers
-    def get_iam_user(user)
-      Mash.new(JSON.parse(shell_out("curl --insecure -s -H \"api-token: #{node['chef_software']['automate_admin_token']}\" https://localhost/apis/iam/v2/users/#{user}").stdout))
+    def get_iam_user(user, token)
+      Mash.new(JSON.parse(shell_out("curl --insecure -s -H \"api-token: #{token}\" https://localhost/apis/iam/v2/users/#{user}").stdout))
     end
 
-    def get_iam_policy(policy_name)
-      Mash.new(JSON.parse(shell_out("curl --insecure -s -H \"api-token: #{node['chef_software']['automate_admin_token']}\" https://localhost/apis/iam/v2/policies/#{policy_name}").stdout))
+    def get_iam_policy(policy_name, token)
+      Mash.new(JSON.parse(shell_out("curl --insecure -s -H \"api-token: #{token}\" https://localhost/apis/iam/v2/policies/#{policy_name}").stdout))
     end
 
-    def kitchen_api_token
-      shell_out('chef-automate iam token create admin --admin').stdout.strip
+    def kitchen_api_token(name)
+      shell_out("chef-automate iam token create #{name} --admin").stdout.strip
     end
   end
 end

diff --git a/recipes/chef_automatev2.rb b/recipes/chef_automatev2.rb
@@ -25,15 +25,15 @@
 node['chef_software']['automatev2_local_users']&.each do |name, hash|
   iam_user name do
     user_hash hash['user_json']
-    api_token kitchen? ? lazy { kitchen_api_token } : node['chef_software']['automate_admin_token']
+    api_token kitchen? ? lazy { kitchen_api_token('test_user') } : node['chef_software']['automate_admin_token']
     action :create
   end
 end
 
 node['chef_software']['automatev2_iam_policies']&.each do |name, hash|
   iam_policy name do
     policy_hash hash['policy_json']
-    api_token kitchen? ? lazy { kitchen_api_token } : node['chef_software']['automate_admin_token']
+    api_token kitchen? ? lazy { kitchen_api_token('test_policy') } : node['chef_software']['automate_admin_token']
     action :create
   end
 end

diff --git a/resources/iam_policy.rb b/resources/iam_policy.rb
@@ -42,29 +42,41 @@
   name = new_resource.name
   policy_hash = new_resource.policy_hash
   policy_json = policy_hash.to_json
-  srv_policy = get_iam_policy(policy_json['id'])
+  api_token = new_resource.api_token
+  # Try to fetch policy from server
+  srv_policy = get_iam_policy(policy_json['id'], api_token)
+  # Test if policy on server exists and any errors contacting server
+  test_result = if srv_policy['error'].eql?("no policy with ID \"#{policy_hash['id']}\" found")
+                  true
+                elsif srv_policy['error']
+                  Chef::Log.error(srv_policy['error'].inspect)
+                  false
+                elsif srv_policy['policy']['id'].eql?(policy_hash['id'])
+                  false
+                else
+                  false
+                end
   http_request "create iam policy #{name}" do
-    headers({ 'api-token' => new_resource.api_token, 'Content-Type' => 'application/json' })
+    headers({ 'api-token' => api_token, 'Content-Type' => 'application/json' })
     message policy_json
     url 'https://localhost/apis/iam/v2/policies'
     action :post
     sensitive true
-    only_if {
-      Chef::Log.warn(srv_policy['error'].inspect)
-      srv_policy['error'].eql?("no policy with ID \"#{policy_hash['id']}\" found")
-    }
+    only_if { test_result }
   end
 end
 
 action :update do
   name = new_resource.name
   policy_hash = new_resource.policy_hash
   policy_json = policy_hash.to_json
-  srv_policy = get_iam_policy(policy_json['id'])
+  api_token = new_resource.api_token
+  # Try to fetch policy from server
+  srv_policy = get_iam_policy(policy_json['id'], api_token)
   Chef::Log.info("\nuserpolicy: #{policy_json.inspect}\nsrv_policy: #{srv_policy.inspect}\n")
   # Test policy from server and desired policy match key by key from desired policy
   test_result = if srv_policy['error']
-                  Chef::Log.warn(srv_policy['error'].inspect)
+                  Chef::Log.error(srv_policy['error'].inspect)
                   true
                 else
                   test = true
@@ -94,7 +106,7 @@
                   end
                 end
   http_request "update iam policy #{name}" do
-    headers({ 'api-token' => new_resource.api_token, 'Content-Type' => 'application/json' })
+    headers({ 'api-token' => api_token, 'Content-Type' => 'application/json' })
     message policy_json
     url "https://localhost/apis/iam/v2/policies/#{policy_hash['id']}"
     action :put

diff --git a/resources/iam_user.rb b/resources/iam_user.rb
@@ -42,34 +42,44 @@
   name = new_resource.name
   user_hash = new_resource.user_hash
   user_json = user_hash.to_json
-  srv_user = get_iam_user(user_hash['id'])
+  # Try to fetch user from server
+  srv_user = get_iam_user(user_hash['id'], api_token)
+  # Test if user on server exists and any errors contacting server
+  test_result = if srv_user['error'].eql?('No user record found')
+                  true
+                elsif srv_user['error']
+                  Chef::Log.error(srv_user['error'].inspect)
+                  false
+                elsif srv_user['user']['id'].eql?(user_hash['id'])
+                  false
+                else
+                  false
+                end
   http_request "create iam user #{name}" do
-    headers({ 'api-token' => new_resource.api_token, 'Content-Type' => 'application/json' })
+    headers({ 'api-token' => api_token, 'Content-Type' => 'application/json' })
     message user_json
     url 'https://localhost/apis/iam/v2/users'
     action :post
     sensitive true
-    only_if {
-      Chef::Log.warn(srv_user['error'].inspect)
-      srv_user['error'].eql?('No user record found')
-    }
+    only_if { test_result }
   end
 end
 
 action :update do
   name = new_resource.name
   user_hash = new_resource.user_hash
   user_json = user_hash.to_json
-  test_user = get_iam_user(user_hash['id'])
+  # Try to fetch user from server
+  srv_user = get_iam_user(user_hash['id'], api_token)
   # Test user from server and desired user match key by key from desired policy
-  test_result = if user_policy['error']
-                  Chef::Log.warn(user_policy['error'].inspect)
+  test_result = if srv_user['error']
+                  Chef::Log.error(srv_user['error'].inspect)
                   true
                 else
-                  user_hash['id'].eql?(test_user['user']['id']) && user_hash['name'].eql?(test_user['user']['name'])
+                  user_hash['id'].eql?(srv_user['user']['id']) && user_hash['name'].eql?(srv_user['user']['name'])
                 end
   http_request "update iam user #{name}" do
-    headers({ 'api-token' => new_resource.api_token, 'Content-Type' => 'application/json' })
+    headers({ 'api-token' =>api_token, 'Content-Type' => 'application/json' })
     message user_json
     url "https://localhost/apis/iam/v2/users/#{user_hash['id']}"
     action :put