add error detection in api calls (#10)

Signed-off-by: Corey Hemminger <[email protected]>
Stromweld · Mar 29, 2024 · 6c1e9f8 · 6c1e9f8
1 parent 72cad8f
commit 6c1e9f8
Show file tree

Hide file tree

Showing 5 changed files with 36 additions and 12 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,10 @@
 
 This file is used to list changes made in each version of the chef_software cookbook.
 
+## 2.2.1 (2024-03-29)
+
+- [Corey Hemminger] - fixed policy update bug, switched to ruby_block for additional output error detection
+
 ## 2.2.0 (2024-03-04)
 
 - [Corey Hemminger] - Moved iam_policy and iam_user creation to resources, fixed idempotency in resources

diff --git a/metadata.rb b/metadata.rb
@@ -3,7 +3,7 @@
 maintainer_email '[email protected]'
 license 'Apache-2.0'
 description 'Installs/Configures chef server, chef automate2, chef supermarket'
-version '2.2.0'
+version '2.2.1'
 chef_version '>= 16.4'
 
 issues_url 'https://github.com/Stromweld/chef_software/issues'

diff --git a/recipes/chef_automatev2.rb b/recipes/chef_automatev2.rb
@@ -34,15 +34,15 @@
   iam_user name do
     user_hash hash['user_json']
     api_token lazy { kitchen? ? node.run_state['automate_admin_token'] : node['chef_software']['automate_admin_token'] }
-    action :create
+    action hash['action'] if hash['action']
   end
 end
 
 node['chef_software']['automatev2_iam_policies']&.each do |name, hash|
   iam_policy name do
     policy_hash hash['policy_json']
     api_token lazy { kitchen? ? node.run_state['automate_admin_token'] : node['chef_software']['automate_admin_token'] }
-    action :create
+    action hash['action'] if hash['action']
   end
 end
 

diff --git a/resources/iam_policy.rb b/resources/iam_policy.rb
@@ -54,8 +54,13 @@
                 else
                   raise "Unable to determine status of policy ensure this policy_hash id doesn't match an existing srv_policy\npolicy_hash: #{policy_hash['id'].inspect}\nsrv_policy: #{srv_policy['id'].inspect}\nor the error message from server says \"no policy with ID \"#{policy_hash['id']}\" found\"\nError_msg: #{srv_policy['error'].inspect}\n"
                 end
-  execute "create iam policy #{name}" do
-    command "curl --insecure -s -H \"api-token: #{api_token}\" -H \"Content-Type: application/json\" -d '#{policy_json}' https://localhost/apis/iam/v2/policies"
+  ruby_block "create iam policy #{name}" do
+    block do
+      cmd = shell_out("curl --insecure -s -H \"api-token: #{api_token}\" -H \"Content-Type: application/json\" -d '#{policy_json}' https://localhost/apis/iam/v2/policies")
+      raise cmd.stderr unless cmd.stderr.empty?
+      output = Mash.new(JSON.parse(cmd.stdout))
+      raise output['error'] if output['error']
+    end
     only_if { test_result }
     sensitive true
   end
@@ -67,7 +72,7 @@
   policy_json = policy_hash.to_json
   api_token = new_resource.api_token
   # Try to fetch policy from server
-  srv_policy = get_iam_policy(policy_json['id'], api_token)
+  srv_policy = get_iam_policy(policy_hash['id'], api_token)
   Chef::Log.info("\nuserpolicy: #{policy_json.inspect}\nsrv_policy: #{srv_policy.inspect}\n")
   # Test policy from server and desired policy match key by key from desired policy
   test_result = if srv_policy['error']
@@ -92,8 +97,13 @@
                   end
                   test
                 end
-  execute "update iam policy #{name}" do
-    command "curl -X PUT --insecure -s -H \"api-token: #{api_token}\" -H \"Content-Type: application/json\" -d '#{policy_json}' https://localhost/apis/iam/v2/policies/#{policy_hash['id']}"
+  ruby_block "update iam policy #{name}" do
+    block do
+      cmd = shell_out("curl -X PUT --insecure -s -H \"api-token: #{api_token}\" -H \"Content-Type: application/json\" -d '#{policy_json}' https://localhost/apis/iam/v2/policies/#{policy_hash['id']}")
+      raise cmd.stderr unless cmd.stderr.empty?
+      output = Mash.new(JSON.parse(cmd.stdout))
+      raise output['error'] if output['error']
+    end
     not_if { test_result }
     sensitive true
   end

diff --git a/resources/iam_user.rb b/resources/iam_user.rb
@@ -55,8 +55,13 @@
                 else
                   raise "Unable to determine status of user, ensure this user_hash id doesn't match an existing srv_user\nuser_hash: #{user_hash['id'].inspect}\nsrv_user: #{srv_user['id'].inspect}\nor the error message from server says 'No user record found'\nError_msg: #{srv_user['error'].inspect}\n"
                 end
-  execute "create local user #{name}" do
-    command "curl --insecure -s -H \"api-token: #{api_token}\" -H \"Content-Type: application/json\" -d '#{user_json}' https://localhost/apis/iam/v2/users"
+  ruby_block "create local user #{name}" do
+    block do
+      cmd = shell_out("curl --insecure -s -H \"api-token: #{api_token}\" -H \"Content-Type: application/json\" -d '#{user_json}' https://localhost/apis/iam/v2/users")
+      raise cmd.stderr unless cmd.stderr.empty?
+      output = Mash.new(JSON.parse(cmd.stdout))
+      raise output['error'] if output['error']
+    end
     only_if { test_result }
     sensitive true
   end
@@ -75,8 +80,13 @@
                 else
                   user_hash['id'].eql?(srv_user['user']['id']) && user_hash['name'].eql?(srv_user['user']['name'])
                 end
-  execute "update local user #{name}" do
-    command "curl -X PUT --insecure -s -H \"api-token: #{api_token}\" -H \"Content-Type: application/json\" -d '#{user_json}' https://localhost/apis/iam/v2/users/#{user_hash['id']}"
+  ruby_block "update local user #{name}" do
+    block do
+      cmd = shell_out("curl -X PUT --insecure -s -H \"api-token: #{api_token}\" -H \"Content-Type: application/json\" -d '#{user_json}' https://localhost/apis/iam/v2/users/#{user_hash['id']}")
+      raise cmd.stderr unless cmd.stderr.empty?
+      output = Mash.new(JSON.parse(cmd.stdout))
+      raise output['error'] if output['error']
+    end
     not_if { test_result }
     sensitive true
   end