puppet module: prevent running match call if a preassignment failed (#…

…17175) for #16954 # Checklist for submitter If some of the following don't apply, delete the relevant line.  - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
fleetdm · Feb 28, 2024 · 456bc3c · 456bc3c
1 parent 4751e66
commit 456bc3c
Show file tree

Hide file tree

Showing 4 changed files with 77 additions and 7 deletions.
diff --git a/.github/workflows/test-puppet.yml b/.github/workflows/test-puppet.yml
@@ -7,7 +7,7 @@ on:
       - patch-*
   pull_request:
     paths:
-      - 'ee/tools/puppet/fleetdm/*.*'
+      - 'ee/tools/puppet/fleetdm/**'
       - '.github/workflows/test-puppet.yml'
   workflow_dispatch: # Manual
 

diff --git a/ee/tools/puppet/fleetdm/lib/puppet/reports/fleetdm.rb b/ee/tools/puppet/fleetdm/lib/puppet/reports/fleetdm.rb
@@ -8,15 +8,21 @@
 
   def process
     return if noop
-    client = Puppet::Util::FleetClient.instance
+
     node_name = Puppet[:node_name_value]
+    if resource_statuses.any? { |r| r.include?('error pre-setting fleetdm::profile') }
+      Puppet.err("Some resources failed to be assigned, not matching profiles for #{node_name}")
+      return
+    end
+
+    client = Puppet::Util::FleetClient.instance
     run_identifier = "#{catalog_uuid}-#{node_name}"
     response = client.match_profiles(run_identifier, environment)
-
     if response['error'].empty?
       Puppet.info("Successfully matched #{node_name} with a team containing configuration profiles")
-    else
-      Puppet.err("Error matching node #{node_name} with a team containing configuration profiles: #{response['error']}")
+      return
     end
+
+    Puppet.err("Error matching node #{node_name} with a team containing configuration profiles: #{response['error']}")
   end
 end
diff --git a/ee/tools/puppet/fleetdm/manifests/profile.pp b/ee/tools/puppet/fleetdm/manifests/profile.pp
@@ -47,13 +47,13 @@
     $changed = $response['resource_changed']
 
     if $err != '' {
-      notify { "error pre-setting profile ${name} as ${ensure}: ${err}":
+      notify { "error pre-setting fleetdm::profile ${name} as ${ensure}: ${err}":
         loglevel => 'err',
       }
     } elsif $changed {
       # NOTE: sending a notification also marks the
       # 'fleetdm::profile' as changed in the reports.
-      notify { "successfully pre-set profile ${name} as ${ensure}": }
+      notify { "successfully pre-set fleetdm::profile ${name} as ${ensure}": }
     }
   }
 }
diff --git a/ee/tools/puppet/fleetdm/spec/unit/reports/fleetdm_spec.rb b/ee/tools/puppet/fleetdm/spec/unit/reports/fleetdm_spec.rb
@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require 'puppet/reports'
+require_relative '../../../lib/puppet/reports/fleetdm.rb'
+
+describe 'Puppet::Reports::Fleetdm' do
+  let(:fleet_client_mock) { instance_double('Puppet::Util::FleetClient') }
+  let(:catalog_uuid) { '827a74c8-cf98-44da-9ff7-18c5e4bee41e' }
+  let(:node_name) { Puppet[:node_name_value] }
+  let(:report) do
+    report = Puppet::Transaction::Report.new('apply')
+    report.extend(Puppet::Reports.report(:fleetdm))
+    report
+  end
+
+  before(:each) do
+    Puppet[:reports] = 'fleetdm'
+    Puppet::Util::Log.level = :warning
+    Puppet::Util::Log.newdestination(:console)
+
+    fleet_client_class = class_spy('Puppet::Util::FleetClient')
+    stub_const('Puppet::Util::FleetClient', fleet_client_class)
+    allow(fleet_client_class).to receive(:instance) { fleet_client_mock }
+    allow(SecureRandom).to receive(:uuid).and_return(catalog_uuid)
+  end
+
+  it 'does not process in noop mode' do
+    allow(report).to receive(:noop).and_return(true)
+    expect(fleet_client_mock).not_to receive(:match_profiles)
+    report.process
+  end
+
+  it 'logs an error if resources failed to be assigned' do
+    allow(report).to receive(:resource_statuses).and_return({ 'myresource' => 'error pre-setting fleetdm::profile' })
+    expect(Puppet).to receive(:err).with(%r{Some resources failed to be assigned})
+    expect(fleet_client_mock).not_to receive(:match_profiles)
+    report.process
+  end
+
+  it 'successfully matches profiles when there are no errors' do
+    allow(report).to receive(:noop).and_return(false)
+    allow(report).to receive(:resource_statuses).and_return({})
+    allow(fleet_client_mock).to receive(:match_profiles).and_return({ 'error' => '' })
+    allow(report).to receive(:catalog_uuid).and_return(catalog_uuid)
+
+    expect(fleet_client_mock).to receive(:match_profiles).with("#{catalog_uuid}-#{node_name}", anything)
+    expect(Puppet).to receive(:info).with("Successfully matched #{node_name} with a team containing configuration profiles")
+
+    report.process
+  end
+
+  it 'logs an error when matching profiles fails' do
+    allow(report).to receive(:noop).and_return(false)
+    allow(report).to receive(:resource_statuses).and_return({})
+    allow(fleet_client_mock).to receive(:match_profiles).and_return({ 'error' => 'Some error' })
+    allow(report).to receive(:catalog_uuid).and_return(catalog_uuid)
+
+    expect(fleet_client_mock).to receive(:match_profiles).with("#{catalog_uuid}-#{node_name}", anything)
+    expect(Puppet).to receive(:err).with("Error matching node #{node_name} with a team containing configuration profiles: Some error")
+
+    report.process
+  end
+end