search

domcleal / rspec-puppet-augeas

RSpec tests for Augeas resources inside Puppet manifests
MIT License
14 stars 9 forks source link

testing augeas resources gives a permission denied error on linux and osx #21

Open sirinek opened 6 years ago

sirinek commented 6 years ago

On both OSX 10.12.6 and RHEL 7.3, testing my augeas resource throws an error trying to create temporary directories. The below was from using PDK on my OSX 10.12.6 system. I get the same issue when doing this on a RHEL7 host.

I am using PDK 1.3, and extra gems being used are rspec-puppet-augeas-0.4.0 and ruby-augeas-0.5.0.

failed: rspec: ./spec/defines/etc_system_solaris_kernel_parameter_spec.rb:18: Got 2 failure(s) while initializing: File[/tmp/d20180222-87909-1u4tmpk]: change from 'absent' to 'directory' failed: Failed to set owner to '0': Operation not permitted @ chown_internal - /tmp/d20180222-87909-1u4tmpk; File[/tmp/d20180222-87909-f2djiw/ssl]: change from 'absent' to 'directory' failed: Failed to set owner to '0': Operation not permitted @ chown_internal - /tmp/d20180222-87909-f2djiw/ssl
  etc_system::solaris_kernel_parameter Augeas[ip_squeue_enter] should change ip_squeue_enter
  Failure/Error:

    describe_augeas 'ip_squeue_enter', :target => 'dest/etc/system', :fixture => 'src/etc/system', :lens => 'Solaris_System' do
      it 'should change ip_squeue_enter' do
        is_expected.to execute.with_change
        aug_get('set[./variable="ip_squeue_enter"]/value').should == '4'

Here's the code for ./spec/defines/etc_system_solaris_kernel_parameter_spec.rb:

require 'spec_helper'

describe 'etc_system::solaris_kernel_parameter' do
  let(:title) { 'ip_squeue_enter' }
  let(:params) {
    {
      :value => '4',
      :module => 'ip'
    }
  }
  it 'has an augeas resource' do
      is_expected.to compile
      is_expected.to contain_augeas('ip_squeue_enter')
      is_expected.to contain_etc_system__solaris_kernel_parameter('ip_squeue_enter').with('variable' => 'ip_squeue_enter', 'value' => '4', 'operator' => '=', 'module' => 'ip')
  end

  describe_augeas 'ip_squeue_enter', :target => 'dest/etc/system', :fixture => 'src/etc/system', :lens => 'Solaris_System' do
    it 'should change ip_squeue_enter' do
      is_expected.to execute.with_change
      aug_get('set[./variable="ip_squeue_enter"]/value').should == '4'
      is_expected.to execute.idempotently
    end
  end
end

The failure goes away when commenting out the it 'should change ip_squeue_enter' block.

In case it is necessary here is the code for the defined type I have in puppet:

define etc_system::solaris_kernel_parameter(
  $variable = $title,
  $module = false,
  $operator = '=',
  $value = 0
) {

  if $module {
    augeas { $variable:
      incl    => '/etc/system',
      lens    => 'Solaris_System.lns',
      changes => [
        "rm set[./variable='${variable}']",
        "set set[./variable='${variable}']/variable \'${variable}\'",
        "ins module before set[./variable='${variable}']/variable",
        "set set[./variable='${variable}']/module \'${module}\'",
        "set set[./variable='${variable}']/operator \'${operator}\'",
        "set set[./variable='${variable}']/value \'${value}\'"
      ],
      onlyif  => "get set[./variable='${variable}']/value != \"${value}\"",
    }
  }
  else {
    augeas { $variable:
      incl    => '/etc/system',
      lens    => 'Solaris_System.lns',
      changes => [
        "rm set[./variable='${variable}']",
        "set set[./variable='${variable}']/variable \'${variable}\'",
        "set set[./variable='${variable}']/operator \'${operator}\'",
        "set set[./variable='${variable}']/value \'${value}\'"
      ],
      onlyif  => "get set[./variable='${variable}']/value != \"${value}\"",
    }
  }

}
sirinek commented 6 years ago

Here's better output of the error I get:

etc_system::solaris_kernel_parameter
  has an augeas resource
  Augeas[ip_squeue_enter]
    should change ip_squeue_enter (FAILED - 1)

Failures:

  1) etc_system::solaris_kernel_parameter Augeas[ip_squeue_enter] should change ip_squeue_enter
     Failure/Error: is_expected.to execute.with_change

     RuntimeError:
       Got 2 failure(s) while initializing: File[/var/folders/vh/58bqgt717s1_xvljwqs5cz8jf0n1fx/T/d20180227-14184-10ihbcg]: change from 'absent' to 'directory' failed: Failed to set owner to '0': Operation not permitted @ chown_internal - /var/folders/vh/58bqgt717s1_xvljwqs5cz8jf0n1fx/T/d20180227-14184-10ihbcg; File[/var/folders/vh/58bqgt717s1_xvljwqs5cz8jf0n1fx/T/d20180227-14184-lknwrc/ssl]: change from 'absent' to 'directory' failed: Failed to set owner to '0': Operation not permitted @ chown_internal - /var/folders/vh/58bqgt717s1_xvljwqs5cz8jf0n1fx/T/d20180227-14184-lknwrc/ssl
     # /opt/puppetlabs/pdk/share/cache/ruby/2.1.0/gems/puppet-5.3.3/lib/puppet/settings.rb:1015:in `block in use'
     # /opt/puppetlabs/pdk/share/cache/ruby/2.1.0/gems/puppet-5.3.3/lib/puppet/resource/catalog.rb:233:in `apply'
     # /opt/puppetlabs/pdk/share/cache/ruby/2.1.0/gems/puppet-5.3.3/lib/puppet/settings.rb:1005:in `use'
     # /opt/puppetlabs/pdk/share/cache/ruby/2.1.0/gems/puppet-5.3.3/lib/puppet/util/storage.rb:45:in `load'
     # /opt/puppetlabs/pdk/share/cache/ruby/2.1.0/gems/puppet-5.3.3/lib/puppet/resource/catalog.rb:219:in `apply'
     # /Users/bsirinek/.pdk/cache/ruby/2.1.0/gems/rspec-puppet-augeas-0.4.0/lib/rspec-puppet-augeas/fixtures.rb:51:in `apply'
     # /Users/bsirinek/.pdk/cache/ruby/2.1.0/gems/rspec-puppet-augeas-0.4.0/lib/rspec-puppet-augeas/resource.rb:17:in `initialize'
     # /Users/bsirinek/.pdk/cache/ruby/2.1.0/gems/rspec-puppet-augeas-0.4.0/lib/rspec-puppet-augeas/example/run_augeas_example_group.rb:69:in `new'
     # /Users/bsirinek/.pdk/cache/ruby/2.1.0/gems/rspec-puppet-augeas-0.4.0/lib/rspec-puppet-augeas/example/run_augeas_example_group.rb:69:in `subject'
     # ./spec/defines/etc_system_solaris_kernel_parameter_spec.rb:19:in `block (3 levels) in <top (required)>'

Finished in 1.48 seconds (files took 2.17 seconds to load)
2 examples, 1 failure

Failed examples:

rspec ./spec/defines/etc_system_solaris_kernel_parameter_spec.rb:18 # etc_system::solaris_kernel_parameter Augeas[ip_squeue_enter] should change ip_squeue_enter
sirinek commented 6 years ago

Someone responded with some good information at https://groups.google.com/forum/#!topic/puppet-users/BVeNnpnh8OM

Among other things the response says "the issue is with rspec-puppet-augeas trying to set up a fixture. Note that uid 119 is "puppet" on my system. So somewhere in there the rspec-puppet-augeas gem and puppet get confused about the context they're running in. I can't help you with that."

nward commented 6 years ago

Hi! Were you able to resolve this, @sirinek ? I've just started defining the specs my Augeas-using modules and am hitting this issue :(

nward commented 6 years ago

OK, this looks like it's come up a bunch before - root cause is because this tries to execute a puppet manifest, puppet will try make sure all the dirs it needs are in place (ssl, etc.).

This looks like a duplicate of: https://github.com/domcleal/rspec-puppet-augeas/issues/14 https://github.com/domcleal/rspec-puppet-augeas/issues/15

This should have been fixed by https://github.com/domcleal/rspec-puppet-augeas/commit/30fc5f0b7db49645e1000afa3477f84edb621efd

I see a suggestion around for running fakeroot, but that doesn't seem to work for me (OS X).. will keep poking at this one..

sirinek commented 6 years ago

Hey @nward, just now seeing this, sorry. I have not been able to work around the issue. I am doing my tests on RHEL7 like most of my puppet agents now instead of using my macbook, we don't run puppet on any Mac hosts, and when I move these tests to our CI setup they will be on RHEL anyway.