Skip to content

Commit

Permalink
check for presence of specifed ca_file
Browse files Browse the repository at this point in the history
* Added ca file check

* Updated message

* Fixed broken end line

* with puts

* Added spec test

* Updated messages

* Fixes for rubocop

* Fixes for rspec

* Remove white space

* Updated documentation
  • Loading branch information
benjamin-robertson authored and bastelfreak committed Dec 13, 2022
1 parent 0a1bb8d commit 83bcc23
Show file tree
Hide file tree
Showing 6 changed files with 31 additions and 4 deletions.
1 change: 1 addition & 0 deletions REFERENCE.md
Original file line number Diff line number Diff line change
Expand Up @@ -294,6 +294,7 @@ It can be used when the certificate of the gitlab server is signed using a CA
and when upon registering a runner the following error is shown:
`certificate verify failed (self signed certificate in certificate chain)`
Using the CA file solves https://github.com/voxpupuli/puppet-gitlab_ci_runner/issues/124.
The ca_file must exist, if it does not. Gitlab runner token generation will be skipped. Gitlab runner will not register until either the file exists or the ca_file parameter is not specified.

Default value: ``undef``

Expand Down
5 changes: 5 additions & 0 deletions lib/puppet/functions/gitlab_ci_runner/register_to_file.rb
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,11 @@ def register_to_file(url, regtoken, runner_name, additional_options = {}, proxy
return 'DUMMY-NOOP-TOKEN' if Puppet.settings[:noop]

begin
# Confirm the specified ca file exists
if !ca_file.nil? && !File.exist?(ca_file)
Puppet.warning('Unable to register gitlab runner at this time as the specified `ca_file` does not exist (yet). If puppet is managing this file, the next run should complete the registration process.')
return 'Specified CA file doesn\'t exist, not attempting to create authtoken'
end
authtoken = PuppetX::Gitlab::Runner.register(url, additional_options.merge('token' => regtoken), proxy, ca_file)['token']

# If this function is used as a Deferred function the Gitlab Runner config dir
Expand Down
4 changes: 4 additions & 0 deletions lib/puppet/functions/gitlab_ci_runner/unregister_from_file.rb
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,10 @@ def unregister_from_file(url, runner_name, proxy = nil, ca_file = nil)
message
else
begin
if !ca_file.nil? && !File.exist?(ca_file)
Puppet.warning('Unable to unregister gitlab runner at this time as the specified `ca_file` does not exist. The runner config will be removed from this hosts config only; please remove from gitlab manually.')
return 'Specified CA file doesn\'t exist, not attempting to create authtoken'
end
PuppetX::Gitlab::Runner.unregister(url, { 'token' => authtoken }, proxy, ca_file)
message = "Successfully unregistered gitlab runner #{runner_name}"
Puppet.debug message
Expand Down
1 change: 1 addition & 0 deletions manifests/init.pp
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@
# and when upon registering a runner the following error is shown:
# `certificate verify failed (self signed certificate in certificate chain)`
# Using the CA file solves https://github.com/voxpupuli/puppet-gitlab_ci_runner/issues/124.
# The ca_file must exist, if it does not. Gitlab runner token generation will be skipped. Gitlab runner will not register until either the file exists or the ca_file parameter is not specified.
#
class gitlab_ci_runner (
String $xz_package_name, # Defaults in module hieradata
Expand Down
12 changes: 10 additions & 2 deletions spec/functions/register_to_file_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -44,12 +44,20 @@

it { is_expected.to run.with_params(url, regtoken, runner_name).and_return(return_hash['token']) }

context 'with ca_file option' do
context 'with existing file ca_file option' do
before do
allow(PuppetX::Gitlab::Runner).to receive(:register).with(url, { 'token' => regtoken }, nil, '/tmp').and_return(return_hash)
end

it { is_expected.to run.with_params(url, regtoken, runner_name, {}, nil, '/tmp').and_return(return_hash['token']) }
end

context 'with non existent ca_file option' do
before do
allow(PuppetX::Gitlab::Runner).to receive(:register).with(url, { 'token' => regtoken }, nil, '/path/to/ca_file').and_return(return_hash)
end

it { is_expected.to run.with_params(url, regtoken, runner_name, {}, nil, '/path/to/ca_file').and_return(return_hash['token']) }
it { is_expected.to run.with_params(url, regtoken, runner_name, {}, nil, '/path/to/ca_file').and_return('Specified CA file doesn\'t exist, not attempting to create authtoken') }
end
end

Expand Down
12 changes: 10 additions & 2 deletions spec/functions/unregister_from_file_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -24,12 +24,20 @@

it { is_expected.to run.with_params(url, runner_name).and_return('Successfully unregistered gitlab runner testrunner') }

context 'with ca_file option' do
context 'with existing file ca_file option' do
before do
allow(PuppetX::Gitlab::Runner).to receive(:unregister).with(url, { 'token' => 'authtoken' }, nil, '/tmp').and_return(nil)
end

it { is_expected.to run.with_params(url, runner_name, nil, '/tmp').and_return('Successfully unregistered gitlab runner testrunner') }
end

context 'with non existent ca_file option' do
before do
allow(PuppetX::Gitlab::Runner).to receive(:unregister).with(url, { 'token' => 'authtoken' }, nil, '/path/to/ca_file').and_return(nil)
end

it { is_expected.to run.with_params(url, runner_name, nil, '/path/to/ca_file').and_return('Successfully unregistered gitlab runner testrunner') }
it { is_expected.to run.with_params(url, runner_name, nil, '/path/to/ca_file').and_return('Specified CA file doesn\'t exist, not attempting to create authtoken') }
end
end

Expand Down

0 comments on commit 83bcc23

Please sign in to comment.