Fix ipa fact (#299)

silug · web-flow · commit 08ec2d405c84 · 2024-12-23T12:16:08.000-05:00
Also fix beaker tests for ipa fact. Closes #296
diff --git a/.fixtures.yml b/.fixtures.yml
@@ -5,6 +5,8 @@ fixtures:
     simpkv: https://github.com/simp/pupmod-simp-simpkv.git
     stdlib: https://github.com/simp/puppetlabs-stdlib.git
     systemd: https://github.com/simp/puppet-systemd.git
+    augeasproviders_sysctl: https://github.com/simp/augeasproviders_sysctl.git
+    augeasproviders_core: https://github.com/simp/augeasproviders_core.git
 
     # This needs to be in place for the rspec-puppet Hiera 5 hook to work
     # No idea why, it may be because Puppet sees a custom backend and loads all
diff --git a/CHANGELOG b/CHANGELOG
@@ -1,3 +1,6 @@
+* Fri Dec 13 2024 Steven Pritchard <steve@sicura.us> - 4.12.3
+- Fix `ipa` fact (#296)
+
 * Fri Jan 19 2024 ben <benrobertson9876@gmail.com> - 4.12.2
 - Fix simplib__crypto_policy_state fact to include custom policies
 
diff --git a/Gemfile b/Gemfile
@@ -38,7 +38,7 @@ group :system_tests do
   gem 'bcrypt_pbkdf'
   gem 'beaker'
   gem 'beaker-rspec'
-  gem 'simp-beaker-helpers', ENV.fetch('SIMP_BEAKER_HELPERS_VERSION', ['>= 1.32.1', '< 2'])
+  gem 'simp-beaker-helpers', ENV.fetch('SIMP_BEAKER_HELPERS_VERSION', ['>= 1.34.3', '< 2'])
 end
 
 # Evaluate extra gemfiles if they exist
diff --git a/lib/facter/ipa.rb b/lib/facter/ipa.rb
@@ -69,7 +69,7 @@
     # We won't know if we are connected to a server until later
     defaults['connected'] = false
 
-    klist_retval = Puppet::Util::Execution.execute("#{klist} -s")
+    klist_retval = Puppet::Util::Execution.execute("#{klist} -s", fail_on_fail: false)
     unless klist_retval.exitstatus.zero?
       # Obtain host Kerberos token so we can use IPA API
       kinit_msg = Facter::Core::Execution.execute("#{kinit} -k 2>&1", options = {:timeout => kinit_timeout})
diff --git a/metadata.json b/metadata.json
@@ -1,6 +1,6 @@
 {
   "name": "simp-simplib",
-  "version": "4.12.2",
+  "version": "4.12.3",
   "author": "SIMP Team",
   "summary": "A collection of common SIMP functions, facts, and types",
   "license": "Apache-2.0",
diff --git a/spec/acceptance/suites/ipa_fact/ipa_fact_spec.rb b/spec/acceptance/suites/ipa_fact/ipa_fact_spec.rb
@@ -35,8 +35,17 @@ def skip_fips(host)
       on(host, 'puppet resource package ipa-client ensure=present')
     end
 
+    it 'enables ipv6' do
+      on(host, 'puppet resource sysctl net.ipv6.conf.all.disable_ipv6 ensure=present value=0 target=/etc/sysctl.conf')
+      on(host, 'puppet resource sysctl net.ipv6.conf.lo.disable_ipv6 ensure=present value=0 target=/etc/sysctl.conf')
+    end
+
+    it 'configures the firewall' do
+      on(host, 'systemctl is-active firewalld.service && firewall-cmd --add-port={{80,443,389,636,88,464,53}/tcp,{88,464,53,123}/udp} --permanent')
+    end
+
     it 'should ensure hostname is set to the FQDN' do
-      hostname = pfact_on(host, 'fqdn')
+      hostname = pfact_on(host, 'networking.fqdn')
       on(host, "hostnamectl set-hostname #{hostname}")
 
       # DBus may need to be restarted after updating, and a reboot is the only way
@@ -52,7 +61,7 @@ def skip_fips(host)
         results = apply_manifest_on(server, manifest)
         expect(results.output).to match(/Notice: Type => NilClass Content => null/)
 
-        expect(pfact_on(server, 'ipa')).to be_empty
+        expect(pfact_on(server, 'ipa')).to be_nil.or be_empty
       end
     end
 
@@ -65,7 +74,7 @@ def skip_fips(host)
         results = apply_manifest_on(server, manifest)
         expect(results.output).to match(/Notice: Type => NilClass Content => null/)
 
-        expect(pfact_on(server, 'ipa')).to be_empty
+        expect(pfact_on(server, 'ipa')).to be_nil.or be_empty
       end
     end
 
@@ -74,7 +83,7 @@ def skip_fips(host)
       it 'ipa fact should contain domain and IPA server' do
         # ipa-server-install installs both the IPA server and client.
         # The fact uses the client env.
-        fqdn = pfact_on(server, 'fqdn')
+        fqdn = pfact_on(server, 'networking.fqdn')
 
         cmd = [
           'umask 0022 &&',
@@ -96,7 +105,8 @@ def skip_fips(host)
 
         results = pfact_on(server, 'ipa')
 
-        expect(results).to_not be_empty
+        expect(results).to be_a(Hash)
+        expect(results).not_to be_empty
         expect(results['connected']).to eq true
         expect(results['server']).to eq fqdn
         expect(results['domain']).to eq ipa_domain
@@ -109,7 +119,8 @@ def skip_fips(host)
 
         results = pfact_on(server, 'ipa')
 
-        expect(results).to_not be_empty
+        expect(results).to be_a(Hash)
+        expect(results).not_to be_empty
         expect(results['connected']).to eq false
       end
 
@@ -126,16 +137,17 @@ def skip_fips(host)
 
       context 'prior to registration' do
         it 'should not have an IPA fact' do
-          expect(pfact_on(client, 'ipa')).to be_empty
+          expect(pfact_on(client, 'ipa')).to be_nil.or be_empty
         end
       end
 
       context 'after registration' do
         let(:ipa_server) {
-          pfact_on(hosts_with_role(hosts, 'server').first, 'fqdn')
+          pfact_on(hosts_with_role(hosts, 'server').first, 'networking.fqdn')
         }
 
         it 'should register with the IPA server' do
+          os = fact_on(client, 'os')
           ipa_command = [
             # Unattended installation
             'ipa-client-install -U',
@@ -152,14 +164,17 @@ def skip_fips(host)
             # Admin password
             "--password='#{admin_password}'",
           ].join(' ')
+          # Force ntpd support on EL7
+          ipa_command += ' --force-ntpd' if os.dig('release', 'major') == '7'
 
           on(client, ipa_command)
         end
 
         it 'should have the IPA fact populated' do
           results = pfact_on(client, 'ipa')
 
-          expect(results).to_not be_empty
+          expect(results).to be_a(Hash)
+          expect(results).not_to be_empty
           expect(results['connected']).to eq true
           expect(results['server']).to eq ipa_server
           expect(results['domain']).to eq ipa_domain
@@ -174,7 +189,8 @@ def skip_fips(host)
 
           results = pfact_on(client, 'ipa')
 
-          expect(results).to_not be_empty
+          expect(results).to be_a(Hash)
+          expect(results).not_to be_empty
           expect(results['connected']).to eq false
         end
 
diff --git a/spec/unit/facter/ipa_spec.rb b/spec/unit/facter/ipa_spec.rb
@@ -81,7 +81,7 @@
         before(:each) do
           allow(File).to receive(:exist?).with('/etc/ipa/default.conf').and_return(true)
           allow(File).to receive(:read).with('/etc/ipa/default.conf').and_return(default_conf.dup)
-          allow(Puppet::Util::Execution).to receive(:execute).with('/usr/bin/klist -s').and_return(Puppet::Util::Execution::ProcessOutput.new('', 0))
+          allow(Puppet::Util::Execution).to receive(:execute).with('/usr/bin/klist -s', fail_on_fail: false).and_return(Puppet::Util::Execution::ProcessOutput.new('', 0))
           allow(Facter::Core::Execution).to receive(:execute).with(ipa_env_query, ipa_query_options).and_return(ipa_env)
           allow(Facter::Core::Execution).to receive(:execute).with(ipa_env_server_query, ipa_query_options).and_return(ipa_server_env)
         end
@@ -103,7 +103,7 @@
         before(:each) do
           allow(File).to receive(:exist?).with('/etc/ipa/default.conf').and_return(true)
           allow(File).to receive(:read).with('/etc/ipa/default.conf').and_return(default_conf)
-          allow(Puppet::Util::Execution).to receive(:execute).with('/usr/bin/klist -s').and_return(Puppet::Util::Execution::ProcessOutput.new('', 1))
+          allow(Puppet::Util::Execution).to receive(:execute).with('/usr/bin/klist -s', fail_on_fail: false).and_return(Puppet::Util::Execution::ProcessOutput.new('', 1))
           allow(Facter::Core::Execution).to receive(:execute).with('/usr/bin/kinit -k 2>&1', kinit_query_options).and_return('')
           allow(Facter::Core::Execution).to receive(:execute).with(ipa_env_query, ipa_query_options).and_return(ipa_env)
           allow(Facter::Core::Execution).to receive(:execute).with(ipa_env_server_query, ipa_query_options).and_return(ipa_server_env)
@@ -125,7 +125,7 @@
       before(:each) do
         allow(File).to receive(:exist?).with('/etc/ipa/default.conf').and_return(true)
         allow(File).to receive(:read).with('/etc/ipa/default.conf').and_return(default_conf)
-        allow(Puppet::Util::Execution).to receive(:execute).with('/usr/bin/klist -s').and_return(Puppet::Util::Execution::ProcessOutput.new('', 1))
+        allow(Puppet::Util::Execution).to receive(:execute).with('/usr/bin/klist -s', fail_on_fail: false).and_return(Puppet::Util::Execution::ProcessOutput.new('', 1))
         allow(Facter::Core::Execution).to receive(:execute).with('/usr/bin/kinit -k 2>&1', kinit_query_options).and_return('some error message')
         allow(Facter::Core::Execution).to receive(:execute).with(ipa_env_query, ipa_query_options).and_return('')
       end

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "simp-simplib",`
`3`		`- "version": "4.12.2",`
	`3`	`+ "version": "4.12.3",`
`4`	`4`	`"author": "SIMP Team",`
`5`	`5`	`"summary": "A collection of common SIMP functions, facts, and types",`
`6`	`6`	`"license": "Apache-2.0",`