Skip to content

Commit 7aa7839

Browse files
(SIMP-10745) Fix simplib__crypto_policy_state fact (#293)
* (SIMP-10745) Fix simplib__crypto_policy_state fact Include user defined crypto policies SIMP-10745 #close * Provide correct path * Update unit tests * Update unit tests * Update logic, check global only. * Simplify fact logic * Combine system and custom policies into one call to `Dir.glob()` * Add CHANGELOG entry and bump version * Cleanup for puppet-lint and rubocop --------- Co-authored-by: Steven Pritchard <steve@sicura.us>
1 parent 4f99e10 commit 7aa7839

4 files changed

Lines changed: 21 additions & 17 deletions

File tree

CHANGELOG

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,6 @@
1+
* Fri Jan 19 2024 ben <benrobertson9876@gmail.com> - 4.12.2
2+
- Fix simplib__crypto_policy_state fact to include custom policies
3+
14
* Thu Oct 12 2023 Steven Pritchard <steve@sicura.us> - 4.12.1
25
- Update Gemfile
36
- Fix GHA release workflow

lib/facter/simplib__crypto_policy_state.rb

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# frozen_string_literal: true
22

3-
# Provides the state of the configured crypto policies
3+
# @summary Provides the state of the configured crypto policies
44
#
55
# @see update-crypto-policy(8)
66
#
@@ -36,14 +36,14 @@
3636
system_state['global_policy_applied'] = !Array(output).grep(%r{is applied}).empty? if output
3737

3838
# This is everything past EL8.0
39-
global_policies = Dir.glob('/usr/share/crypto-policies/policies/*.pol')
39+
global_policies = Dir.glob(['/usr/share/crypto-policies/policies/*.pol', '/etc/crypto-policies/policies/*.pol'])
4040

4141
# Fallback for 8.0
4242
if global_policies.empty?
43-
global_policies = Dir.glob('/usr/share/crypto-policies/*').select{|x| File.directory?(x)}
43+
global_policies = Dir.glob('/usr/share/crypto-policies/*').select { |x| File.directory?(x) }
4444
end
4545

46-
system_state['global_policies_available'] = global_policies.map{|x| File.basename(x, '.pol')}
46+
system_state['global_policies_available'] = global_policies.map { |x| File.basename(x, '.pol') }.uniq
4747
end
4848

4949
system_state

metadata.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "simp-simplib",
3-
"version": "4.12.1",
3+
"version": "4.12.2",
44
"author": "SIMP Team",
55
"summary": "A collection of common SIMP functions, facts, and types",
66
"license": "Apache-2.0",

spec/unit/facter/simplib__crypto_policy_state_spec.rb

Lines changed: 13 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -8,52 +8,53 @@
88

99
# Mock out Facter method called when evaluating confine for :kernel
1010
allow(Facter::Core::Execution).to receive(:exec).with('uname -s').and_return('Linux')
11-
expect(Facter.fact(:kernel)).to receive(:value).and_return('Linux')
11+
allow(Facter.fact(:kernel)).to receive(:value).and_return('Linux')
1212

1313
# Ensure that something sane is returned when finding the command
14-
expect(Facter::Util::Resolution).to receive(:which).with('update-crypto-policies').and_return('update-crypto-policies')
14+
allow(Facter::Util::Resolution).to receive(:which).with('update-crypto-policies').and_return('update-crypto-policies')
1515
end
1616

1717
context 'with a functional update-crypto-policies command' do
1818
before :each do
19-
expect(Facter::Core::Execution).to receive(:execute).with('update-crypto-policies --no-reload --show', on_fail: false).and_return("DEFAULT\n")
19+
allow(Facter::Core::Execution).to receive(:execute).with('update-crypto-policies --no-reload --show', on_fail: false).and_return("DEFAULT\n")
2020

21-
22-
expect(Dir).to receive(:glob).with('/usr/share/crypto-policies/policies/*.pol').and_return(
21+
allow(Dir).to receive(:glob).with(['/usr/share/crypto-policies/policies/*.pol', '/etc/crypto-policies/policies/*.pol']).and_return(
2322
[
2423
'/usr/share/crypto-policies/policies/DEFAULT.pol',
25-
'/usr/share/crypto-policies/policies/LEGACY.pol'
26-
]
24+
'/usr/share/crypto-policies/policies/LEGACY.pol',
25+
'/etc/crypto-policies/policies/DEFAULT.pol',
26+
'/etc/crypto-policies/policies/CUSTOM.pol',
27+
],
2728
)
2829
end
2930

3031
context 'when applied' do
3132
before :each do
32-
expect(Facter::Core::Execution).to receive(:execute).with('update-crypto-policies --no-reload --is-applied', on_fail: false).and_return("The configured policy is applied\n")
33+
allow(Facter::Core::Execution).to receive(:execute).with('update-crypto-policies --no-reload --is-applied', on_fail: false).and_return("The configured policy is applied\n")
3334
end
3435

3536
it do
3637
expect(Facter.fact('simplib__crypto_policy_state').value).to include(
3738
{
3839
'global_policy' => 'DEFAULT',
3940
'global_policy_applied' => true,
40-
'global_policies_available' => ['DEFAULT', 'LEGACY']
41+
'global_policies_available' => ['DEFAULT', 'LEGACY', 'CUSTOM']
4142
},
4243
)
4344
end
4445
end
4546

4647
context 'when not applied' do
4748
before :each do
48-
expect(Facter::Core::Execution).to receive(:execute).with('update-crypto-policies --no-reload --is-applied', on_fail: false).and_return("The configured policy is NOT applied\n")
49+
allow(Facter::Core::Execution).to receive(:execute).with('update-crypto-policies --no-reload --is-applied', on_fail: false).and_return("The configured policy is NOT applied\n")
4950
end
5051

5152
it do
5253
expect(Facter.fact('simplib__crypto_policy_state').value).to include(
5354
{
5455
'global_policy' => 'DEFAULT',
5556
'global_policy_applied' => false,
56-
'global_policies_available' => ['DEFAULT', 'LEGACY']
57+
'global_policies_available' => ['DEFAULT', 'LEGACY', 'CUSTOM']
5758
},
5859
)
5960
end
@@ -62,7 +63,7 @@
6263

6364
context 'with a non-functional update-crypto-policies command' do
6465
it 'returns a nil value' do
65-
expect(Facter::Core::Execution).to receive(:execute).with('update-crypto-policies --no-reload --show', on_fail: false).and_return(false)
66+
allow(Facter::Core::Execution).to receive(:execute).with('update-crypto-policies --no-reload --show', on_fail: false).and_return(false)
6667

6768
expect(Facter.fact('simplib__crypto_policy_state').value).to be_nil
6869
end

0 commit comments

Comments
 (0)