diff --git a/REFERENCE.md b/REFERENCE.md index 20529cd..d4008d3 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -294,6 +294,7 @@ It can be used when the certificate of the gitlab server is signed using a CA and when upon registering a runner the following error is shown: `certificate verify failed (self signed certificate in certificate chain)` Using the CA file solves https://github.com/voxpupuli/puppet-gitlab_ci_runner/issues/124. +The ca_file must exist, if it does not. Gitlab runner token generation will be skipped. Gitlab runner will not register until either the file exists or the ca_file parameter is not specified. Default value: ``undef`` diff --git a/lib/puppet/functions/gitlab_ci_runner/register_to_file.rb b/lib/puppet/functions/gitlab_ci_runner/register_to_file.rb index 9cf6688..3d8d3da 100644 --- a/lib/puppet/functions/gitlab_ci_runner/register_to_file.rb +++ b/lib/puppet/functions/gitlab_ci_runner/register_to_file.rb @@ -41,6 +41,11 @@ def register_to_file(url, regtoken, runner_name, additional_options = {}, proxy return 'DUMMY-NOOP-TOKEN' if Puppet.settings[:noop] begin + # Confirm the specified ca file exists + if !ca_file.nil? && !File.exist?(ca_file) + Puppet.warning('Unable to register gitlab runner at this time as the specified `ca_file` does not exist (yet). If puppet is managing this file, the next run should complete the registration process.') + return 'Specified CA file doesn\'t exist, not attempting to create authtoken' + end authtoken = PuppetX::Gitlab::Runner.register(url, additional_options.merge('token' => regtoken), proxy, ca_file)['token'] # If this function is used as a Deferred function the Gitlab Runner config dir diff --git a/lib/puppet/functions/gitlab_ci_runner/unregister_from_file.rb b/lib/puppet/functions/gitlab_ci_runner/unregister_from_file.rb index 51f596e..d0c9ebe 100644 --- a/lib/puppet/functions/gitlab_ci_runner/unregister_from_file.rb +++ b/lib/puppet/functions/gitlab_ci_runner/unregister_from_file.rb @@ -34,6 +34,10 @@ def unregister_from_file(url, runner_name, proxy = nil, ca_file = nil) message else begin + if !ca_file.nil? && !File.exist?(ca_file) + Puppet.warning('Unable to unregister gitlab runner at this time as the specified `ca_file` does not exist. The runner config will be removed from this hosts config only; please remove from gitlab manually.') + return 'Specified CA file doesn\'t exist, not attempting to create authtoken' + end PuppetX::Gitlab::Runner.unregister(url, { 'token' => authtoken }, proxy, ca_file) message = "Successfully unregistered gitlab runner #{runner_name}" Puppet.debug message diff --git a/manifests/init.pp b/manifests/init.pp index a9d8955..d84e075 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -72,6 +72,7 @@ # and when upon registering a runner the following error is shown: # `certificate verify failed (self signed certificate in certificate chain)` # Using the CA file solves https://github.com/voxpupuli/puppet-gitlab_ci_runner/issues/124. +# The ca_file must exist, if it does not. Gitlab runner token generation will be skipped. Gitlab runner will not register until either the file exists or the ca_file parameter is not specified. # class gitlab_ci_runner ( String $xz_package_name, # Defaults in module hieradata diff --git a/spec/functions/register_to_file_spec.rb b/spec/functions/register_to_file_spec.rb index bb12962..b122b56 100644 --- a/spec/functions/register_to_file_spec.rb +++ b/spec/functions/register_to_file_spec.rb @@ -44,12 +44,20 @@ it { is_expected.to run.with_params(url, regtoken, runner_name).and_return(return_hash['token']) } - context 'with ca_file option' do + context 'with existing file ca_file option' do + before do + allow(PuppetX::Gitlab::Runner).to receive(:register).with(url, { 'token' => regtoken }, nil, '/tmp').and_return(return_hash) + end + + it { is_expected.to run.with_params(url, regtoken, runner_name, {}, nil, '/tmp').and_return(return_hash['token']) } + end + + context 'with non existent ca_file option' do before do allow(PuppetX::Gitlab::Runner).to receive(:register).with(url, { 'token' => regtoken }, nil, '/path/to/ca_file').and_return(return_hash) end - it { is_expected.to run.with_params(url, regtoken, runner_name, {}, nil, '/path/to/ca_file').and_return(return_hash['token']) } + it { is_expected.to run.with_params(url, regtoken, runner_name, {}, nil, '/path/to/ca_file').and_return('Specified CA file doesn\'t exist, not attempting to create authtoken') } end end diff --git a/spec/functions/unregister_from_file_spec.rb b/spec/functions/unregister_from_file_spec.rb index b5dbbcd..676d346 100644 --- a/spec/functions/unregister_from_file_spec.rb +++ b/spec/functions/unregister_from_file_spec.rb @@ -24,12 +24,20 @@ it { is_expected.to run.with_params(url, runner_name).and_return('Successfully unregistered gitlab runner testrunner') } - context 'with ca_file option' do + context 'with existing file ca_file option' do + before do + allow(PuppetX::Gitlab::Runner).to receive(:unregister).with(url, { 'token' => 'authtoken' }, nil, '/tmp').and_return(nil) + end + + it { is_expected.to run.with_params(url, runner_name, nil, '/tmp').and_return('Successfully unregistered gitlab runner testrunner') } + end + + context 'with non existent ca_file option' do before do allow(PuppetX::Gitlab::Runner).to receive(:unregister).with(url, { 'token' => 'authtoken' }, nil, '/path/to/ca_file').and_return(nil) end - it { is_expected.to run.with_params(url, runner_name, nil, '/path/to/ca_file').and_return('Successfully unregistered gitlab runner testrunner') } + it { is_expected.to run.with_params(url, runner_name, nil, '/path/to/ca_file').and_return('Specified CA file doesn\'t exist, not attempting to create authtoken') } end end