mig5/enroll
1
0
Fork 0
Code Issues Pull requests Projects Releases 21 Packages Activity Actions

Don't enforce /etc/enroll if no firewall rules to set in subdir
All checks were successful
CI / test (push) Successful in 19m38s
Details
Lint / test (push) Successful in 43s
Details

Browse source
This commit is contained in:
Miguel Jacq 2026-06-19 20:29:12 +10:00
parent d6371ccccd
commit 7379587a28
Signed by: mig5
GPG key ID: 03906B4110AAD3B8
5 changed files with 15 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

5
enroll/puppet.py
View file

@ -828,10 +828,7 @@ def _collect_puppet_roles(
or fw.get("iptables_v4_save") or fw.get("iptables_v4_save")
or fw.get("iptables_v6_save") or fw.get("iptables_v6_save")
) )
packages = [ if has_fw:
str(p).strip() for p in (fw.get("packages") or []) if str(p).strip()
]
if has_fw or packages or fw.get("notes"):
runtime_role = ensure_role("enroll_runtime") runtime_role = ensure_role("enroll_runtime")
runtime_role.add_managed_dir( runtime_role.add_managed_dir(
"/etc/enroll", "/etc/enroll",

5
enroll/salt.py
View file

@ -884,10 +884,7 @@ def _collect_salt_roles(
or fw.get("iptables_v4_save") or fw.get("iptables_v4_save")
or fw.get("iptables_v6_save") or fw.get("iptables_v6_save")
) )
packages = [ if has_fw:
str(p).strip() for p in (fw.get("packages") or []) if str(p).strip()
]
if has_fw or packages or fw.get("notes"):
runtime_role = ensure_role("enroll_runtime") runtime_role = ensure_role("enroll_runtime")
runtime_role.add_managed_dir( runtime_role.add_managed_dir(
"/etc/enroll", "/etc/enroll",

2
pyproject.toml
View file

@ -1,6 +1,6 @@
[tool.poetry] [tool.poetry]
name = "enroll" name = "enroll"
version = "0.7.0b2" version = "0.7.0b3"
description = "Enroll a server's running state retrospectively into Ansible" description = "Enroll a server's running state retrospectively into Ansible"
authors = ["Miguel Jacq <mig@mig5.net>"] authors = ["Miguel Jacq <mig@mig5.net>"]
license = "GPL-3.0-or-later" license = "GPL-3.0-or-later"

19
tests/test_manifest_puppet.py
View file

@ -800,7 +800,7 @@ def test_manifest_puppet_renders_firewall_runtime_resources(tmp_path: Path):
assert "$firewall_runtime['ipset_restore_cmd']" in fqdn_pp assert "$firewall_runtime['ipset_restore_cmd']" in fqdn_pp
def test_manifest_puppet_includes_enroll_runtime_for_firewall_notes_only( def test_manifest_puppet_omits_firewall_runtime_when_no_rules_were_sampled(
tmp_path: Path, tmp_path: Path,
): ):
bundle = tmp_path / "bundle" bundle = tmp_path / "bundle"
@ -828,16 +828,7 @@ def test_manifest_puppet_includes_enroll_runtime_for_firewall_notes_only(
manifest.manifest(str(bundle), str(out), target="puppet") manifest.manifest(str(bundle), str(out), target="puppet")
site_pp = (out / "manifests" / "site.pp").read_text(encoding="utf-8") site_pp = (out / "manifests" / "site.pp").read_text(encoding="utf-8")
assert "include enroll_runtime" in site_pp assert "include enroll_runtime" not in site_pp
assert "include firewall_runtime" in site_pp assert "include firewall_runtime" not in site_pp
assert site_pp.index("include enroll_runtime") < site_pp.index( assert not (out / "modules" / "enroll_runtime").exists()
"include firewall_runtime" assert not (out / "modules" / "firewall_runtime").exists()
)
runtime_pp = (
out / "modules" / "enroll_runtime" / "manifests" / "init.pp"
).read_text(encoding="utf-8")
firewall_pp = (
out / "modules" / "firewall_runtime" / "manifests" / "init.pp"
).read_text(encoding="utf-8")
assert "file { '/etc/enroll':" in runtime_pp
assert "require => File['/etc/enroll']," in firewall_pp

21
tests/test_manifest_salt.py
View file

@ -626,7 +626,9 @@ def test_manifest_salt_renders_firewall_runtime_states(tmp_path: Path):
assert "firewall_runtime.get('ipset_restore_cmd')" in fqdn_sls assert "firewall_runtime.get('ipset_restore_cmd')" in fqdn_sls
def test_manifest_salt_includes_enroll_runtime_for_firewall_notes_only(tmp_path: Path): def test_manifest_salt_omits_firewall_runtime_when_no_rules_were_sampled(
tmp_path: Path,
):
bundle = tmp_path / "bundle" bundle = tmp_path / "bundle"
out = tmp_path / "salt" out = tmp_path / "salt"
state = { state = {
@ -652,16 +654,7 @@ def test_manifest_salt_includes_enroll_runtime_for_firewall_notes_only(tmp_path:
manifest.manifest(str(bundle), str(out), target="salt") manifest.manifest(str(bundle), str(out), target="salt")
top = yaml.safe_load((out / "states" / "top.sls").read_text(encoding="utf-8")) top = yaml.safe_load((out / "states" / "top.sls").read_text(encoding="utf-8"))
assert "roles.enroll_runtime" in top["base"]["*"] assert "roles.enroll_runtime" not in top["base"]["*"]
assert "roles.firewall_runtime" in top["base"]["*"] assert "roles.firewall_runtime" not in top["base"]["*"]
assert top["base"]["*"].index("roles.enroll_runtime") < top["base"]["*"].index( assert not (out / "states" / "roles" / "enroll_runtime").exists()
"roles.firewall_runtime" assert not (out / "states" / "roles" / "firewall_runtime").exists()
)
runtime_sls = (out / "states" / "roles" / "enroll_runtime" / "init.sls").read_text(
encoding="utf-8"
)
firewall_sls = (
out / "states" / "roles" / "firewall_runtime" / "init.sls"
).read_text(encoding="utf-8")
assert '"/etc/enroll":' in runtime_sls
assert '- file: "/etc/enroll"' in firewall_sls