Parameterize targetfile in puppetserver::config::bootstrap

Manual workaround for puppetserver versions >= 2.5.0 that use /etc/puppetlabs/puppetserver/services.d/ca.cfg for bootstrap configuration. Check links for more info https://puppet.com/docs/puppetserver/2.7/release_notes.html#potential-breaking-issues-when-upgrading-with-a-modified-bootstrapcfg https://puppet.com/docs/puppetserver/2.7/release_notes.html#new-feature-flexible-service-bootstrappingca-configuration-file
voxpupuli · Feb 15, 2018 · 33820ee · 33820ee
1 parent c58c3a9
commit 33820ee
Show file tree

Hide file tree

Showing 3 changed files with 124 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -103,7 +103,7 @@ puppetserver::config::puppetserver { 'webserver.conf/webserver/ssl-port':
 
 ### puppetserver::config::bootstrap
 
-A Puppetserver bootstrap.cfg entry.
+A Puppetserver < 2.5.0 bootstrap.cfg entry.
 
 Example:
 
@@ -113,6 +113,17 @@ puppetserver::config::bootstrap { 'puppetlabs.services.ca.certificate-authority-
 }
 ```
 
+A Puppetserver >= 2.5.0 ca.cfg entry.
+
+Example:
+
+```puppet
+puppetserver::config::bootstrap { 'puppetlabs.services.ca.certificate-authority-disabled-service/certificate-authority-disabled-service':
+  ensure => present,
+  targetfile => '/etc/puppetlabs/puppetserver/services.d/ca.cfg',
+}
+```
+
 ## Providers
 
 ### puppetserver_gem

diff --git a/manifests/config/bootstrap.pp b/manifests/config/bootstrap.pp
@@ -1,5 +1,6 @@
 define puppetserver::config::bootstrap (
   $ensure = 'present',
+  Optional[Stdlib::Absolutepath] $targetfile = undef,
   # For compat with other config types, unused
   $value = undef,
 ) {
@@ -19,15 +20,28 @@
     }
   }
 
-  if versioncmp($::puppetversion, '4.0.0') >= 0 {
-    $targetfile = '/etc/puppetlabs/puppetserver/bootstrap.cfg'
+  # puppetserver >= 2.5 changed the path to the bootstrap configuration file [1] [2] [3].
+  # $::puppetversion is the version of the Puppet agent on the client and can
+  # not reliable distinguish the puppetserver version running on the master.
+  # For puppetserver 2.5 and above you need to set the targetfile to:
+  # '/etc/puppetlabs/puppetserver/services.d/ca.cfg'
+  #
+  # [1] https://github.com/voxpupuli/puppet-puppetserver/issues/52
+  # [2] https://puppet.com/docs/puppetserver/2.7/release_notes.html#potential-breaking-issues-when-upgrading-with-a-modified-bootstrapcfg
+  # [3] https://puppet.com/docs/puppetserver/2.7/release_notes.html#new-feature-flexible-service-bootstrappingca-configuration-file
+  if $targetfile {
+    $targetfile_real = $targetfile
   } else {
-    $targetfile = '/etc/puppetserver/bootstrap.cfg'
+    if versioncmp($::puppetversion, '4.0.0') >= 0 {
+      $targetfile_real = '/etc/puppetlabs/puppetserver/bootstrap.cfg'
+    } else {
+      $targetfile_real = '/etc/puppetserver/bootstrap.cfg'
+    }
   }
 
   augeas { "Set puppetserver bootstrap ${title}":
     lens    => 'Simplelines.lns',
-    incl    => $targetfile,
+    incl    => $targetfile_real,
     changes => $changes,
     onlyif  => $onlyif,
   }

diff --git a/spec/defines/puppetserver__config__bootstrap_spec.rb b/spec/defines/puppetserver__config__bootstrap_spec.rb
@@ -0,0 +1,94 @@
+require 'spec_helper'
+
+describe 'puppetserver::config::bootstrap' do
+  let(:title) { 'foo' }
+
+  on_supported_os.each do |os, facts|
+    context "on #{os}" do
+      context 'without param' do
+        it do
+          is_expected.to contain_augeas('Set puppetserver bootstrap foo').with(
+            lens:    'Simplelines.lns',
+            incl:    '/etc/puppetlabs/puppetserver/bootstrap.cfg',
+            changes: 'set ./01 \'foo\'',
+            onlyif:  'match ./*[label()!=\'#comment\' and .=\'foo\'] size == 0'
+          )
+        end
+      end
+
+      context 'when ensure => absent' do
+        let(:params) { { ensure: 'absent' } }
+
+        it do
+          is_expected.to contain_augeas('Set puppetserver bootstrap foo').with(
+            changes: 'rm ./*[label()!=\'#comment\' and .=\'foo\']',
+            onlyif:  'match ./*[label()!=\'#comment\' and .=\'foo\'] size != 0'
+          )
+        end
+      end
+
+      context 'when fact puppetversion => 3.9.9' do
+        let(:facts) { facts.merge(puppetversion: '3.9.9') }
+
+        it { is_expected.to contain_augeas('Set puppetserver bootstrap foo').with_incl('/etc/puppetserver/bootstrap.cfg') }
+      end
+
+      context 'when fact puppetversion => 4.0.0' do
+        let(:facts) { facts.merge(puppetversion: '4.0.0') }
+
+        it { is_expected.to contain_augeas('Set puppetserver bootstrap foo').with_incl('/etc/puppetlabs/puppetserver/bootstrap.cfg') }
+      end
+
+      context 'when targetfile => /etc/puppetlabs/puppetserver/services.d/ca.cfg' do
+        let(:params) { { targetfile: '/etc/puppetlabs/puppetserver/services.d/ca.cfg' } }
+
+        it { is_expected.to contain_augeas('Set puppetserver bootstrap foo').with_incl('/etc/puppetlabs/puppetserver/services.d/ca.cfg') }
+      end
+    end
+  end
+
+  describe 'variable data type and content validations' do
+    validations = {
+      'Optional[Stdlib::Absolutepath]' => {
+        param:   %w[targetfile],
+        valid:   %w[/absolute/filepath /absolute/directory/],
+        invalid: ['../string', %w[array], { 'ha' => 'sh' }, 3, 2.42, false, nil],
+        message: 'expects a (match for|match for Stdlib::Absolutepath =|Stdlib::Absolutepath =) Variant\[Stdlib::Windowspath.*Stdlib::Unixpath' # Puppet (4.x|5.0 & 5.1|5.x)
+      },
+      'String for ensure' => {
+        param:   %w[ensure],
+        valid:   %w[absent present],
+        invalid: ['string', %w[array], { 'ha' => 'sh' }, 3, 2.42, false],
+        message: 'Wrong value for "ensure"'
+      }
+    }
+
+    validations.sort.each do |type, var|
+      mandatory_facts = {} if mandatory_facts.nil?
+      mandatory_params = {} if mandatory_params.nil?
+      var[:param].each do |parameter|
+        var[:facts] = {} if var[:facts].nil?
+        var[:params] = {} if var[:params].nil?
+
+        var[:valid].each do |valid|
+          context "when #{parameter} (#{type}) is set to valid #{valid} (as #{valid.class})" do
+            let(:facts) { [mandatory_facts, var[:facts]].reduce(:merge) }
+            let(:params) { [mandatory_params, var[:params], { :"#{parameter}" => valid }].reduce(:merge) }
+
+            it { is_expected.to compile }
+          end
+        end
+
+        var[:invalid].each do |invalid|
+          context "when #{parameter} (#{type}) is set to invalid #{invalid} (as #{invalid.class})" do
+            let(:params) { [mandatory_params, var[:params], { :"#{parameter}" => invalid }].reduce(:merge) }
+
+            it 'fails' do
+              expect { is_expected.to contain_class(subject) }.to raise_error(Puppet::Error, %r{#{var[:message]}})
+            end
+          end
+        end
+      end
+    end
+  end
+end