From e773a9a02d2a8d0cdecee658ba9b58d346f0b3bb Mon Sep 17 00:00:00 2001 From: Trevor Vaughan Date: Wed, 9 May 2018 15:56:30 -0400 Subject: [PATCH] Grub2 grub_user fix (#32) The user generation script was incorrectly outputting additional erronous information --- CHANGELOG.md | 4 + Gemfile | 2 + lib/puppet/provider/grub_user/grub2.rb | 65 ++++---- lib/puppet/type/grub_user.rb | 6 +- lib/puppetx/augeasproviders_grub/menuentry.rb | 36 ++++- metadata.json | 9 +- ...er_spec.rb => 00_kernel_parameter_spec.rb} | 0 spec/acceptance/05_grub2_users_spec.rb | 153 ++++++++++++++++++ spec/acceptance/06_grub2_superuser_spec.rb | 46 ++++++ spec/acceptance/10_grub_config_spec.rb | 126 +++++++++++++++ spec/acceptance/10_grub_menuentry_spec.rb | 82 ++++++++++ spec/acceptance/grub2_users_spec.rb | 146 ----------------- spec/acceptance/grub_config_spec.rb | 128 --------------- spec/acceptance/grub_menuentry_spec.rb | 84 ---------- spec/acceptance/nodesets/default.yml | 6 +- 15 files changed, 493 insertions(+), 400 deletions(-) rename spec/acceptance/{kernel_parameter_spec.rb => 00_kernel_parameter_spec.rb} (100%) create mode 100644 spec/acceptance/05_grub2_users_spec.rb create mode 100644 spec/acceptance/06_grub2_superuser_spec.rb create mode 100644 spec/acceptance/10_grub_config_spec.rb create mode 100644 spec/acceptance/10_grub_menuentry_spec.rb delete mode 100644 spec/acceptance/grub2_users_spec.rb delete mode 100644 spec/acceptance/grub_config_spec.rb delete mode 100644 spec/acceptance/grub_menuentry_spec.rb diff --git a/CHANGELOG.md b/CHANGELOG.md index 6c265cc..cad004e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 3.0.1 +- Fix generation of grub2 user entries +- Add support for OEL + ## 3.0.0 - Added code to fix the EFI stack on Linux hosts diff --git a/Gemfile b/Gemfile index d649956..eb7a51b 100644 --- a/Gemfile +++ b/Gemfile @@ -39,6 +39,8 @@ group :development, :unit_tests do gem 'puppet-lint-file_ensure-check', :require => false gem 'puppet-lint-version_comparison-check', :require => false gem 'rspec-puppet-facts', :require => false + gem 'beaker-rspec', :require => false + gem 'simp-beaker-helpers', :require => false gem 'coveralls', :require => false unless RUBY_VERSION =~ /^1\.8/ gem 'simplecov', '~> 0.7.0', :require => false diff --git a/lib/puppet/provider/grub_user/grub2.rb b/lib/puppet/provider/grub_user/grub2.rb index 03a5270..000da66 100644 --- a/lib/puppet/provider/grub_user/grub2.rb +++ b/lib/puppet/provider/grub_user/grub2.rb @@ -20,6 +20,26 @@ def self.mkconfig_path mk_resource_methods + def self.grub2_cfg + require 'puppetx/augeasproviders_grub/menuentry' + + PuppetX::AugeasprovidersGrub::Util.grub2_cfg + end + + def grub2_cfg + self.class.grub2_cfg + end + + def self.grub2_cfg_path + require 'puppetx/augeasproviders_grub/menuentry' + + PuppetX::AugeasprovidersGrub::Util.grub2_cfg_path + end + + def grub2_cfg_path + self.class.grub2_cfg_path + end + def self.extract_users(content) superusers = nil users = {} @@ -56,11 +76,7 @@ def self.instances # Short circuit if we've already gathered this information return @instance_array if @instance_array - require 'puppetx/augeasproviders_grub/menuentry' - - grub2_config = PuppetX::AugeasprovidersGrub::Util.grub2_cfg - - all_users = extract_users(grub2_config) + all_users = extract_users(grub2_cfg) @instance_array = all_users.collect{|x| x = new(x)} @@ -98,6 +114,10 @@ def self.post_resource_eval @already_reported = nil end + def initialize(args) + super + end + def exists? # Make sure that we don't have any issues with the file. if File.exist?(resource[:target]) @@ -203,6 +223,13 @@ def purge end def flush + # This is to clean up the legacy file that was put in place incorrectly + # prior to the standard 01_users configuration file + legacy_file = '/etc/grub.d/01_puppet_managed_users' + unless resource[:target] == legacy_file + File.unlink(legacy_file) if File.exist?(legacy_file) + end + output = [] output << <<-EOM @@ -211,7 +238,7 @@ def flush # This file managed by Puppet # Manual changes will be erased! ######## -exec tail -n +3 $0 +cat << USER_LIST EOM # Build the password file @@ -241,6 +268,7 @@ def flush end output += users + output << 'USER_LIST' output = output.join("\n") @@ -256,30 +284,7 @@ def flush FileUtils.chmod(0755, resource[:target]) end - os_info = Facter.value(:os) - if os_info - os_name = Facter.value(:os)['name'] - else - # Support for old versions of Facter - unless os_name - os_name = Facter.value(:operatingsystem) - end - end - - cfg = nil - [ - "/etc/grub2-efi.cfg", - # Handle the standard EFI naming convention - "/boot/efi/EFI/#{os_name.downcase}/grub.cfg", - "/etc/grub2.cfg", - "/boot/grub/grub.cfg", - "/boot/grub2/grub.cfg" - ].each {|c| - cfg = c if FileTest.file? c - } - fail("Cannot find grub.cfg location to use with #{command(:mkconfig)}") unless cfg - - mkconfig "-o", cfg + mkconfig "-o", grub2_cfg_path end private diff --git a/lib/puppet/type/grub_user.rb b/lib/puppet/type/grub_user.rb index 049d8c7..4acdeb6 100644 --- a/lib/puppet/type/grub_user.rb +++ b/lib/puppet/type/grub_user.rb @@ -43,19 +43,17 @@ EOM newvalues(:true, :false) - defaultto(:false) end - newparam(:target) do + newparam(:target, :parent => Puppet::Parameter::Path) do desc <<-EOM The file to which to write the user information. Must be an absolute path. EOM - newvalues(/^\/.+/) - defaultto('/etc/grub.d/01_puppet_managed_users') + defaultto('/etc/grub.d/02_puppet_managed_users') end newparam(:report_unmanaged, :boolean => true) do diff --git a/lib/puppetx/augeasproviders_grub/menuentry.rb b/lib/puppetx/augeasproviders_grub/menuentry.rb index 62e8715..9e2d662 100644 --- a/lib/puppetx/augeasproviders_grub/menuentry.rb +++ b/lib/puppetx/augeasproviders_grub/menuentry.rb @@ -125,21 +125,45 @@ def self.munge_grubby_value(value, flavor, grubby_info) # Raise an error if not found. # # @return (String) The full path to the GRUB2 configuration file. - def self.grub2_cfg + def self.grub2_cfg_path paths = [ - '/boot/grub2/grub.cfg', - '/boot/grub/grub.cfg', - '/etc/grub2-efi.cfg', - '/etc/grub2.cfg' + '/etc/grub2.cfg', + '/boot/grub2/grub.cfg' ] + if File.exist?('/sys/firmware/efi') + os_info = Facter.value(:os) + if os_info + os_name = Facter.value(:os)['name'] + else + # Support for old versions of Facter + unless os_name + os_name = Facter.value(:operatingsystem) + end + end + + paths = [ + '/etc/grub2-efi.cfg', + # Handle the standard EFI naming convention + "/boot/efi/EFI/#{os_name.downcase}/grub.cfg" + ] + paths + end + paths.each do |path| - return File.read(path) if (File.readable?(path) && !File.directory?(path)) + return path if (File.readable?(path) && !File.directory?(path)) end raise Puppet::Error, 'Could not find a GRUB2 configuration on the system' end + # Return the contents of the GRUB2 configuration on the system. + # Raise an error if not found. + # + # @return (String) The contents of the GRUB2 configuration on the system. + def self.grub2_cfg + return File.read(grub2_cfg_path) + end + # Return a list of options that have the kernel path prepended and are # formatted with all processing arguments handled. # diff --git a/metadata.json b/metadata.json index f09c3ec..7f772e3 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "herculesteam-augeasproviders_grub", - "version": "3.0.0", + "version": "3.0.1", "author": "Dominic Cleal, Raphael Pinson, Trevor Vaughan", "summary": "Augeas-based grub types and providers for Puppet", "license": "Apache-2.0", @@ -48,6 +48,13 @@ "6", "7" ] + }, + { + "operatingsystem": "OracleLinux", + "operatingsystemrelease": [ + "6", + "7" + ] } ], "requirements": [ diff --git a/spec/acceptance/kernel_parameter_spec.rb b/spec/acceptance/00_kernel_parameter_spec.rb similarity index 100% rename from spec/acceptance/kernel_parameter_spec.rb rename to spec/acceptance/00_kernel_parameter_spec.rb diff --git a/spec/acceptance/05_grub2_users_spec.rb b/spec/acceptance/05_grub2_users_spec.rb new file mode 100644 index 0000000..dca3538 --- /dev/null +++ b/spec/acceptance/05_grub2_users_spec.rb @@ -0,0 +1,153 @@ +require 'spec_helper_acceptance' + +test_name 'Augeasproviders Grub' + +describe 'GRUB2 User Tests' do + hosts_with_role(hosts, 'grub2').each do |host| + let(:target_files) { + [ + '/etc/grub.d/02_puppet_managed_users', + '/etc/grub2.cfg' + ] + } + + let(:password_info) {{ + :plain_password => 'really bad password', + :hashed_password => 'grub.pbkdf2.sha512.10000.3ED7C861BA4107282E3A55FC80B549995D105324F2CB494BBF34DE86517DFCB8DCFCA3E0C3550C64F9A259B516BFDD928C0FAC4E66CFDA351A957D702EE32C3D.C589ED8757DB23957A5F946470A58CF216A7507634647E532BC68085AAA52622AB4E6E151CF60CD8409166F6581FC166CE4D4845D61353A4C439C2170CC25747', + :hashed_password_20k => 'grub.pbkdf2.sha512.20000.4CD886B13634E03CF533C3F4C27E59E8F67D9C62915C04E03B019651FFB1DE8BE9EBB09B0D5759CF94A502566D748C28E9AF2150E81BFF1202E66D3C417A28A1.62E1AE32B4746DCBF222EB22FA670D35E7FAAD438677D67A0A1275E79430CF4E0F31EBF2186E645E922109B973CFF9A71BD53DCA77D9E749BDEC302022FD00BE' + }} + + context 'set a user on the system with a plain text password' do + let(:manifest) { %( + grub_user { 'test_user1': + password => '#{password_info[:plain_password]}' + } + )} + + let(:legacy_file) { '/etc/grub.d/01_puppet_managed_users' } + + # With a legacy file to be removed + it 'should have a legacy file' do + create_remote_file(host, legacy_file , '# Legacy File') + end + + # Using puppet_apply as a helper + it 'should work with no errors' do + apply_manifest_on(host, manifest, :catch_failures => true) + end + + it 'should have removed the legacy file' do + expect(host.file_exist?(legacy_file)).to be false + end + + it 'should be idempotent' do + apply_manifest_on(host, manifest, {:catch_changes => true}) + end + + it 'should set an encrypted password' do + target_files.each do |target_file| + result = on(host, %(grep 'password_pbkdf2 test_user1' #{target_file})).stdout + + password_identifier, user, password_hash = result.split(/\s+/) + expect(user).to eql('test_user1') + expect(password_hash).to match(/grub\.pbkdf2\.sha512\.10000\..*/) + end + end + end + + context 'set a user on the system with a hashed password' do + let(:manifest) { %( + grub_user { 'test_user1': + password => '#{password_info[:hashed_password]}' + } + )} + + # Using puppet_apply as a helper + it 'should work with no errors' do + apply_manifest_on(host, manifest, :catch_failures => true) + end + + it 'should be idempotent' do + apply_manifest_on(host, manifest, :catch_changes => true) + end + + it 'should set an encrypted password' do + target_files.each do |target_file| + result = on(host, %(grep 'password_pbkdf2 test_user1' #{target_file})).stdout + + password_identifier, user, password_hash = result.split(/\s+/) + expect(user).to eql('test_user1') + expect(password_hash).to eql(password_info[:hashed_password]) + end + end + end + + context 'set a user on the system with a hashed password with 20000 rounds' do + let(:manifest) { %( + grub_user { 'test_user1': + password => '#{password_info[:hashed_password_20k]}', + rounds => '20000' + } + )} + + # Using puppet_apply as a helper + it 'should work with no errors' do + apply_manifest_on(host, manifest, :catch_failures => true) + end + + it 'should be idempotent' do + apply_manifest_on(host, manifest, {:catch_changes => true}) + end + + it 'should set an encrypted password' do + target_files.each do |target_file| + result = on(host, %(grep 'password_pbkdf2 test_user1' #{target_file})).stdout + + password_identifier, user, password_hash = result.split(/\s+/) + expect(user).to eql('test_user1') + expect(password_hash).to eql(password_info[:hashed_password_20k]) + end + end + end + + context 'should purge any users when purge is set' do + let(:manifest) { %( + grub_user { 'test_user1': + password => '#{password_info[:hashed_password]}', + purge => true + } + )} + + # Using puppet_apply as a helper + it 'should work with no errors' do + apply_manifest_on(host, manifest, :catch_failures => true) + end + + it 'should be idempotent' do + apply_manifest_on(host, manifest, {:catch_changes => true}) + end + + it 'should purge unmanaged users' do + on(host, %(puppet resource grub_user bad_user password='some password')) + + result = apply_manifest_on(host, manifest, :catch_failures => true).stdout + expect(result).to match(/Purged.*bad_user/) + + target_files.each do |target_file| + result = on(host, %(grep 'password_pbkdf2 test_user1' #{target_file})).stdout + + password_identifier, user, password_hash = result.split(/\s+/) + expect(user).to eql('test_user1') + expect(password_hash).to eql(password_info[:hashed_password]) + + result = on( + host, + %(grep 'password_pbkdf2 bad_user' #{target_file}), + :acceptable_exit_codes => [1] + ).stdout + expect(result).to be_empty + end + end + end + end +end diff --git a/spec/acceptance/06_grub2_superuser_spec.rb b/spec/acceptance/06_grub2_superuser_spec.rb new file mode 100644 index 0000000..3e6b23b --- /dev/null +++ b/spec/acceptance/06_grub2_superuser_spec.rb @@ -0,0 +1,46 @@ +require 'spec_helper_acceptance' + +test_name 'Augeasproviders Grub' + +describe 'GRUB2 User Tests' do + hosts_with_role(hosts, 'grub2').each do |host| + context 'set a root superuser password' do + let(:manifest) { %( + grub_user { 'root': + superuser => true, + password => 'P@ssw0rdP@ssw0rd' + } + )} + + it 'should work with no errors' do + apply_manifest_on(host, manifest, :catch_failures => true) + end + + it 'should be idempotent' do + apply_manifest_on(host, manifest, {:catch_changes => true}) + end + end + + context 'with multiple superusers' do + let(:manifest) { %( + grub_user { 'root': + superuser => true, + password => 'P@ssw0rdP@ssw0rd' + } + + grub_user { 'other_root': + superuser => true, + password => 'P@ssw0rdP@ssw0rd' + } + )} + + it 'should work with no errors' do + apply_manifest_on(host, manifest, :catch_failures => true) + end + + it 'should be idempotent' do + apply_manifest_on(host, manifest, {:catch_changes => true}) + end + end + end +end diff --git a/spec/acceptance/10_grub_config_spec.rb b/spec/acceptance/10_grub_config_spec.rb new file mode 100644 index 0000000..aaf4c2f --- /dev/null +++ b/spec/acceptance/10_grub_config_spec.rb @@ -0,0 +1,126 @@ +require 'spec_helper_acceptance' + +test_name 'Augeasproviders Grub' + +describe 'Global Config Tests' do + hosts_with_role(hosts, 'grub').each do |host| + context 'set timeout in grub' do + let(:manifest) { %( + grub_config { 'timeout': + value => '1' + } + )} + + # Using puppet_apply as a helper + it 'should work with no errors' do + apply_manifest_on(host, manifest, :catch_failures => true) + end + + it 'should be idempotent' do + apply_manifest_on(host, manifest, {:catch_changes => true}) + end + + it 'should have a timeout of 1' do + on(host, %(grep "timeout=1" /etc/grub.conf)) + end + end + + context 'set invalid variable in grub' do + let(:manifest) { %( + grub_config { 'foobar': } + )} + + # Using puppet_apply as a helper + it 'should fail to apply' do + result = apply_manifest_on(host, manifest, :expect_failures => true) + expect(result.output).to match(/Grub_config\[foobar\].*Failed to save Augeas tree/) + end + end + + context 'set fallback in grub' do + let(:manifest) { %( + grub_config { 'fallback': + value => '0' + } + )} + + it 'should work with no errors' do + apply_manifest_on(host, manifest, :catch_failures => true) + end + + it 'should be idempotent' do + apply_manifest_on(host, manifest, {:catch_changes => true}) + end + + it 'should have a fallback of 0' do + on(host, %(grep "fallback 0" /etc/grub.conf)) + end + end + end + + hosts_with_role(hosts, 'grub2').each do |host| + context 'set timeout in grub2' do + let(:manifest) { %( + grub_config { 'GRUB_TIMEOUT': + value => '1' + } + )} + + # Using puppet_apply as a helper + it 'should work with no errors' do + apply_manifest_on(host, manifest, :catch_failures => true) + end + + it 'should be idempotent' do + apply_manifest_on(host, manifest, {:catch_changes => true}) + end + + it 'should have a timeout of 1' do + on(host, %(grep "GRUB_TIMEOUT=1" /etc/default/grub)) + on(host, %(grep "timeout=1" /boot/grub2/grub.cfg)) + end + end + + context 'set arbitrary value in grub2' do + let(:manifest) { %( + grub_config { 'GRUB_FOOBAR': + value => 'BAZ' + } + )} + + # Using puppet_apply as a helper + it 'should work with no errors' do + apply_manifest_on(host, manifest, :catch_failures => true) + end + + it 'should be idempotent' do + apply_manifest_on(host, manifest, {:catch_changes => true}) + end + + it 'should have a GRUB_FOOBAR of BAZ' do + on(host, %(grep "GRUB_FOOBAR=BAZ" /etc/default/grub)) + end + end + + context 'remove value in grub2' do + let(:manifest) { %( + grub_config { 'GRUB_FOOBAR': + ensure => 'absent' + } + )} + + # Using puppet_apply as a helper + it 'should work with no errors' do + apply_manifest_on(host, manifest, :catch_failures => true) + end + + it 'should be idempotent' do + apply_manifest_on(host, manifest, {:catch_changes => true}) + end + + it 'should not have a GRUB_FOOBAR' do + on(host, %(grep "GRUB_FOOBAR" /etc/default/grub), :acceptable_exit_codes => [1]) + end + end + end +end diff --git a/spec/acceptance/10_grub_menuentry_spec.rb b/spec/acceptance/10_grub_menuentry_spec.rb new file mode 100644 index 0000000..2e12bf1 --- /dev/null +++ b/spec/acceptance/10_grub_menuentry_spec.rb @@ -0,0 +1,82 @@ +require 'spec_helper_acceptance' + +test_name 'Augeasproviders Grub' + +describe 'GRUB Menuentry Tests' do + hosts_with_role(hosts, 'grub').each do |host| + context 'set new default kernel in GRUB Legacy' do + let(:manifest) { %( + grub_menuentry { 'Standard': + default_entry => true, + root => '(hd0,0)', + kernel => ':preserve:', + initrd => ':preserve:', + kernel_options => [':preserve:', 'iam=GROOT'] + } + )} + + # Using puppet_apply as a helper + it 'should work with no errors' do + apply_manifest_on(host, manifest, :catch_failures => true) + end + + it 'should be idempotent' do + apply_manifest_on(host, manifest, {:catch_changes => true}) + end + + it 'should have set the default to the new entry' do + result = on(host, %(grubby --info=DEFAULT | grep 'args=')).stdout + expect(result).to match(/iam=GROOT/) + end + + it 'should activate on reboot' do + host.reboot + + result = on(host, %(cat /proc/cmdline)).stdout + expect(result.split(/\s+/)).to include('iam=GROOT') + end + end + end + + hosts_with_role(hosts, 'grub2').each do |host| + context 'set new default kernel in GRUB2' do + let(:manifest) { %( + grub_menuentry { 'Standard': + default_entry => true, + root => '(hd0,msdos1)', + kernel => ':preserve:', + initrd => ':preserve:', + kernel_options => [':preserve:', 'trogdor=BURNINATE'] + } + )} + + # Using puppet_apply as a helper + it 'should work with no errors' do + apply_manifest_on(host, manifest, :catch_failures => true) + end + + it 'should be idempotent' do + apply_manifest_on(host, manifest, {:catch_changes => true}) + end + + it 'should have set the default to the new entry' do + result = on(host, %(grubby --info=DEFAULT)).stdout + result_hash = {} + result.each_line do |line| + line =~ /^\s*(.*?)=(.*)\s*$/ + result_hash[$1.strip] = $2.strip + end + + expect(result_hash['title']).to eq('Standard') + expect(result_hash['args']).to match(/trogdor=BURNINATE/) + end + + it 'should activate on reboot' do + host.reboot + + result = on(host, %(cat /proc/cmdline)).stdout + expect(result.split(/\s+/)).to include('trogdor=BURNINATE') + end + end + end +end diff --git a/spec/acceptance/grub2_users_spec.rb b/spec/acceptance/grub2_users_spec.rb deleted file mode 100644 index c6a4504..0000000 --- a/spec/acceptance/grub2_users_spec.rb +++ /dev/null @@ -1,146 +0,0 @@ -require 'spec_helper_acceptance' - -test_name 'Augeasproviders Grub' - -describe 'GRUB2 User Tests' do - hosts.each do |host| - if fact_on(host,'osfamily') == 'RedHat' - if fact_on(host,'operatingsystemmajrelease').to_s >= '7' - let(:target_files) { - [ - '/etc/grub.d/01_puppet_managed_users', - '/etc/grub2.cfg' - ] - } - - let(:password_info) {{ - :plain_password => 'really bad password', - :hashed_password => 'grub.pbkdf2.sha512.10000.3ED7C861BA4107282E3A55FC80B549995D105324F2CB494BBF34DE86517DFCB8DCFCA3E0C3550C64F9A259B516BFDD928C0FAC4E66CFDA351A957D702EE32C3D.C589ED8757DB23957A5F946470A58CF216A7507634647E532BC68085AAA52622AB4E6E151CF60CD8409166F6581FC166CE4D4845D61353A4C439C2170CC25747', - :hashed_password_20k => 'grub.pbkdf2.sha512.20000.4CD886B13634E03CF533C3F4C27E59E8F67D9C62915C04E03B019651FFB1DE8BE9EBB09B0D5759CF94A502566D748C28E9AF2150E81BFF1202E66D3C417A28A1.62E1AE32B4746DCBF222EB22FA670D35E7FAAD438677D67A0A1275E79430CF4E0F31EBF2186E645E922109B973CFF9A71BD53DCA77D9E749BDEC302022FD00BE' - }} - - context 'set a user on the system with a plain text password' do - let(:manifest) { %( - grub_user { 'test_user1': - password => '#{password_info[:plain_password]}' - } - )} - - # Using puppet_apply as a helper - it 'should work with no errors' do - apply_manifest_on(host, manifest, :catch_failures => true) - end - - it 'should be idempotent' do - apply_manifest_on(host, manifest, {:catch_changes => true}) - end - - it 'should set an encrypted password' do - target_files.each do |target_file| - result = on(host, %(grep 'password_pbkdf2 test_user1' #{target_file})).stdout - - password_identifier, user, password_hash = result.split(/\s+/) - expect(user).to eql('test_user1') - expect(password_hash).to match(/grub\.pbkdf2\.sha512\.10000\..*/) - end - end - end - - context 'set a user on the system with a hashed password' do - let(:manifest) { %( - grub_user { 'test_user1': - password => '#{password_info[:hashed_password]}' - } - )} - - # Using puppet_apply as a helper - it 'should work with no errors' do - apply_manifest_on(host, manifest, :catch_failures => true) - end - - it 'should be idempotent' do - apply_manifest_on(host, manifest, :catch_changes => true) - end - - it 'should set an encrypted password' do - target_files.each do |target_file| - result = on(host, %(grep 'password_pbkdf2 test_user1' #{target_file})).stdout - - password_identifier, user, password_hash = result.split(/\s+/) - expect(user).to eql('test_user1') - expect(password_hash).to eql(password_info[:hashed_password]) - end - end - end - - context 'set a user on the system with a hashed password with 20000 rounds' do - let(:manifest) { %( - grub_user { 'test_user1': - password => '#{password_info[:hashed_password_20k]}', - rounds => '20000' - } - )} - - # Using puppet_apply as a helper - it 'should work with no errors' do - apply_manifest_on(host, manifest, :catch_failures => true) - end - - it 'should be idempotent' do - apply_manifest_on(host, manifest, {:catch_changes => true}) - end - - it 'should set an encrypted password' do - target_files.each do |target_file| - result = on(host, %(grep 'password_pbkdf2 test_user1' #{target_file})).stdout - - password_identifier, user, password_hash = result.split(/\s+/) - expect(user).to eql('test_user1') - expect(password_hash).to eql(password_info[:hashed_password_20k]) - end - end - end - - context 'should purge any users when purge is set' do - let(:manifest) { %( - grub_user { 'test_user1': - password => '#{password_info[:hashed_password]}', - purge => true - } - )} - - # Using puppet_apply as a helper - it 'should work with no errors' do - apply_manifest_on(host, manifest, :catch_failures => true) - end - - it 'should be idempotent' do - apply_manifest_on(host, manifest, {:catch_changes => true}) - end - - it 'should purge unmanaged users' do - on(host, %(puppet resource grub_user bad_user password='some password')) - - result = apply_manifest_on(host, manifest, :catch_failures => true).stdout - expect(result).to match(/Purged.*bad_user/) - - target_files.each do |target_file| - result = on(host, %(grep 'password_pbkdf2 test_user1' #{target_file})).stdout - - password_identifier, user, password_hash = result.split(/\s+/) - expect(user).to eql('test_user1') - expect(password_hash).to eql(password_info[:hashed_password]) - - result = on( - host, - %(grep 'password_pbkdf2 bad_user' #{target_file}), - :acceptable_exit_codes => [1] - ).stdout - expect(result).to be_empty - end - end - end - end - end - end -end diff --git a/spec/acceptance/grub_config_spec.rb b/spec/acceptance/grub_config_spec.rb deleted file mode 100644 index f3b81d6..0000000 --- a/spec/acceptance/grub_config_spec.rb +++ /dev/null @@ -1,128 +0,0 @@ -require 'spec_helper_acceptance' - -test_name 'Augeasproviders Grub' - -describe 'Global Config Tests' do - hosts.each do |host| - if fact_on(host,'osfamily') == 'RedHat' - if fact_on(host,'operatingsystemmajrelease').to_s <= '6' - context 'set timeout in grub' do - let(:manifest) { %( - grub_config { 'timeout': - value => '1' - } - )} - - # Using puppet_apply as a helper - it 'should work with no errors' do - apply_manifest_on(host, manifest, :catch_failures => true) - end - - it 'should be idempotent' do - apply_manifest_on(host, manifest, {:catch_changes => true}) - end - - it 'should have a timeout of 1' do - on(host, %(grep "timeout=1" /etc/grub.conf)) - end - end - - context 'set invalid variable in grub' do - let(:manifest) { %( - grub_config { 'foobar': } - )} - - # Using puppet_apply as a helper - it 'should fail to apply' do - result = apply_manifest_on(host, manifest, :expect_failures => true) - expect(result.output).to match(/Grub_config\[foobar\].*Failed to save Augeas tree/) - end - end - - context 'set fallback in grub' do - let(:manifest) { %( - grub_config { 'fallback': - value => '0' - } - )} - - it 'should work with no errors' do - apply_manifest_on(host, manifest, :catch_failures => true) - end - - it 'should be idempotent' do - apply_manifest_on(host, manifest, {:catch_changes => true}) - end - - it 'should have a fallback of 0' do - on(host, %(grep "fallback 0" /etc/grub.conf)) - end - end - else - context 'set timeout in grub2' do - let(:manifest) { %( - grub_config { 'GRUB_TIMEOUT': - value => '1' - } - )} - - # Using puppet_apply as a helper - it 'should work with no errors' do - apply_manifest_on(host, manifest, :catch_failures => true) - end - - it 'should be idempotent' do - apply_manifest_on(host, manifest, {:catch_changes => true}) - end - - it 'should have a timeout of 1' do - on(host, %(grep "GRUB_TIMEOUT=1" /etc/default/grub)) - on(host, %(grep "timeout=1" /boot/grub2/grub.cfg)) - end - end - - context 'set arbitrary value in grub2' do - let(:manifest) { %( - grub_config { 'GRUB_FOOBAR': - value => 'BAZ' - } - )} - - # Using puppet_apply as a helper - it 'should work with no errors' do - apply_manifest_on(host, manifest, :catch_failures => true) - end - - it 'should be idempotent' do - apply_manifest_on(host, manifest, {:catch_changes => true}) - end - - it 'should have a GRUB_FOOBAR of BAZ' do - on(host, %(grep "GRUB_FOOBAR=BAZ" /etc/default/grub)) - end - end - - context 'remove value in grub2' do - let(:manifest) { %( - grub_config { 'GRUB_FOOBAR': - ensure => 'absent' - } - )} - - # Using puppet_apply as a helper - it 'should work with no errors' do - apply_manifest_on(host, manifest, :catch_failures => true) - end - - it 'should be idempotent' do - apply_manifest_on(host, manifest, {:catch_changes => true}) - end - - it 'should not have a GRUB_FOOBAR' do - on(host, %(grep "GRUB_FOOBAR" /etc/default/grub), :acceptable_exit_codes => [1]) - end - end - end - end - end -end diff --git a/spec/acceptance/grub_menuentry_spec.rb b/spec/acceptance/grub_menuentry_spec.rb deleted file mode 100644 index 63fba17..0000000 --- a/spec/acceptance/grub_menuentry_spec.rb +++ /dev/null @@ -1,84 +0,0 @@ -require 'spec_helper_acceptance' - -test_name 'Augeasproviders Grub' - -describe 'GRUB Menuentry Tests' do - hosts.each do |host| - if fact_on(host,'osfamily') == 'RedHat' - if fact_on(host,'operatingsystemmajrelease').to_s <= '6' - context 'set new default kernel in GRUB Legacy' do - let(:manifest) { %( - grub_menuentry { 'Standard': - default_entry => true, - root => '(hd0,0)', - kernel => ':preserve:', - initrd => ':preserve:', - kernel_options => [':preserve:', 'iam=GROOT'] - } - )} - - # Using puppet_apply as a helper - it 'should work with no errors' do - apply_manifest_on(host, manifest, :catch_failures => true) - end - - it 'should be idempotent' do - apply_manifest_on(host, manifest, {:catch_changes => true}) - end - - it 'should have set the default to the new entry' do - result = on(host, %(grubby --info=DEFAULT | grep 'args=')).stdout - expect(result).to match(/iam=GROOT/) - end - - it 'should activate on reboot' do - host.reboot - - result = on(host, %(cat /proc/cmdline)).stdout - expect(result.split(/\s+/)).to include('iam=GROOT') - end - end - else - context 'set new default kernel in GRUB2' do - let(:manifest) { %( - grub_menuentry { 'Standard': - default_entry => true, - root => '(hd0,msdos1)', - kernel => ':preserve:', - initrd => ':preserve:', - kernel_options => [':preserve:', 'trogdor=BURNINATE'] - } - )} - - # Using puppet_apply as a helper - it 'should work with no errors' do - apply_manifest_on(host, manifest, :catch_failures => true) - end - - it 'should be idempotent' do - apply_manifest_on(host, manifest, {:catch_changes => true}) - end - - it 'should have set the default to the new entry' do - result = on(host, %(grubby --info=DEFAULT)).stdout - result_hash = {} - result.each_line do |line| - line =~ /^\s*(.*?)=(.*)\s*$/ - result_hash[$1.strip] = $2.strip - end - - expect(result_hash['title']).to eq('Standard') - expect(result_hash['args']).to match(/trogdor=BURNINATE/) - end - - it 'should activate on reboot' do - host.reboot - - result = on(host, %(cat /proc/cmdline)).stdout - expect(result.split(/\s+/)).to include('trogdor=BURNINATE') - end - end - end - end - end -end diff --git a/spec/acceptance/nodesets/default.yml b/spec/acceptance/nodesets/default.yml index 924f295..e2b2b86 100644 --- a/spec/acceptance/nodesets/default.yml +++ b/spec/acceptance/nodesets/default.yml @@ -4,20 +4,24 @@ HOSTS: - server - default - master + - grub2 platform: el-7-x86_64 box: puppetlabs/centos-7.0-64-nocm box_url: https://vagrantcloud.com/puppetlabs/boxes/centos-7.0-64-nocm hypervisor: vagrant + client: roles: - agent - client + - grub platform: el-6-x86_64 box: puppetlabs/centos-6.6-64-nocm box_url: https://vagrantcloud.com/puppetlabs/boxes/centos-6.6-64-nocm hypervisor: vagrant + CONFIG: log_level: verbose - type: foss + type: aio vagrant_memsize: 256 ## vb_gui: true