check for presence of specifed ca_file

* Added ca file check * Updated message * Fixed broken end line * with puts * Added spec test * Updated messages * Fixes for rubocop * Fixes for rspec * Remove white space * Updated documentation
voxpupuli · Dec 13, 2022 · dbd4bbb · dbd4bbb
1 parent 16bee63
commit dbd4bbb
Show file tree

Hide file tree

Showing 6 changed files with 31 additions and 4 deletions.
diff --git a/REFERENCE.md b/REFERENCE.md
@@ -294,6 +294,7 @@ It can be used when the certificate of the gitlab server is signed using a CA
 and when upon registering a runner the following error is shown:
 `certificate verify failed (self signed certificate in certificate chain)`
 Using the CA file solves https://github.com/voxpupuli/puppet-gitlab_ci_runner/issues/124.
+The ca_file must exist, if it does not. Gitlab runner token generation will be skipped. Gitlab runner will not register until either the file exists or the ca_file parameter is not specified.
 
 Default value: ``undef``
 

diff --git a/lib/puppet/functions/gitlab_ci_runner/register_to_file.rb b/lib/puppet/functions/gitlab_ci_runner/register_to_file.rb
@@ -41,6 +41,11 @@ def register_to_file(url, regtoken, runner_name, additional_options = {}, proxy
       return 'DUMMY-NOOP-TOKEN' if Puppet.settings[:noop]
 
       begin
+        # Confirm the specified ca file exists
+        if !ca_file.nil? && !File.exist?(ca_file)
+          Puppet.warning('Unable to register gitlab runner at this time as the specified `ca_file` does not exist (yet).  If puppet is managing this file, the next run should complete the registration process.')
+          return 'Specified CA file doesn\'t exist, not attempting to create authtoken'
+        end
         authtoken = PuppetX::Gitlab::Runner.register(url, additional_options.merge('token' => regtoken), proxy, ca_file)['token']
 
         # If this function is used as a Deferred function the Gitlab Runner config dir

diff --git a/lib/puppet/functions/gitlab_ci_runner/unregister_from_file.rb b/lib/puppet/functions/gitlab_ci_runner/unregister_from_file.rb
@@ -34,6 +34,10 @@ def unregister_from_file(url, runner_name, proxy = nil, ca_file = nil)
       message
     else
       begin
+        if !ca_file.nil? && !File.exist?(ca_file)
+          Puppet.warning('Unable to unregister gitlab runner at this time as the specified `ca_file` does not exist. The runner config will be removed from this hosts config only; please remove from gitlab manually.')
+          return 'Specified CA file doesn\'t exist, not attempting to create authtoken'
+        end
         PuppetX::Gitlab::Runner.unregister(url, { 'token' => authtoken }, proxy, ca_file)
         message = "Successfully unregistered gitlab runner #{runner_name}"
         Puppet.debug message

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -72,6 +72,7 @@
 #   and when upon registering a runner the following error is shown:
 #   `certificate verify failed (self signed certificate in certificate chain)`
 #   Using the CA file solves https://github.com/voxpupuli/puppet-gitlab_ci_runner/issues/124.
+#   The ca_file must exist, if it does not. Gitlab runner token generation will be skipped. Gitlab runner will not register until either the file exists or the ca_file parameter is not specified.
 #
 class gitlab_ci_runner (
   String                                     $xz_package_name, # Defaults in module hieradata

diff --git a/spec/functions/register_to_file_spec.rb b/spec/functions/register_to_file_spec.rb
@@ -44,12 +44,20 @@
 
     it { is_expected.to run.with_params(url, regtoken, runner_name).and_return(return_hash['token']) }
 
-    context 'with ca_file option' do
+    context 'with existing file ca_file option' do
+      before do
+        allow(PuppetX::Gitlab::Runner).to receive(:register).with(url, { 'token' => regtoken }, nil, '/tmp').and_return(return_hash)
+      end
+
+      it { is_expected.to run.with_params(url, regtoken, runner_name, {}, nil, '/tmp').and_return(return_hash['token']) }
+    end
+
+    context 'with non existent ca_file option' do
       before do
         allow(PuppetX::Gitlab::Runner).to receive(:register).with(url, { 'token' => regtoken }, nil, '/path/to/ca_file').and_return(return_hash)
       end
 
-      it { is_expected.to run.with_params(url, regtoken, runner_name, {}, nil, '/path/to/ca_file').and_return(return_hash['token']) }
+      it { is_expected.to run.with_params(url, regtoken, runner_name, {}, nil, '/path/to/ca_file').and_return('Specified CA file doesn\'t exist, not attempting to create authtoken') }
     end
   end
 

diff --git a/spec/functions/unregister_from_file_spec.rb b/spec/functions/unregister_from_file_spec.rb
@@ -24,12 +24,20 @@
 
     it { is_expected.to run.with_params(url, runner_name).and_return('Successfully unregistered gitlab runner testrunner') }
 
-    context 'with ca_file option' do
+    context 'with existing file ca_file option' do
+      before do
+        allow(PuppetX::Gitlab::Runner).to receive(:unregister).with(url, { 'token' => 'authtoken' }, nil, '/tmp').and_return(nil)
+      end
+
+      it { is_expected.to run.with_params(url, runner_name, nil, '/tmp').and_return('Successfully unregistered gitlab runner testrunner') }
+    end
+
+    context 'with non existent ca_file option' do
       before do
         allow(PuppetX::Gitlab::Runner).to receive(:unregister).with(url, { 'token' => 'authtoken' }, nil, '/path/to/ca_file').and_return(nil)
       end
 
-      it { is_expected.to run.with_params(url, runner_name, nil, '/path/to/ca_file').and_return('Successfully unregistered gitlab runner testrunner') }
+      it { is_expected.to run.with_params(url, runner_name, nil, '/path/to/ca_file').and_return('Specified CA file doesn\'t exist, not attempting to create authtoken') }
     end
   end