googleauth: RHEL support

unilogicbv commented 2 years ago

PR progress checklist (to be filled in by reviewers)

[ ] Changes to documentation are appropriate (or tick if not required)
[ ] Changes to tests are appropriate (or tick if not required)
[ ] Reviews completed

What type of PR is this?

Primary type

[ ] [build] Changes related to the build system
[ ] [chore] Changes to the build process or auxiliary tools and libraries such as documentation generation
[x] [ci] Changes to the continuous integration configuration
[x] [feat] A new feature
[x] [fix] A bug fix
[ ] [perf] A code change that improves performance
[x] [refactor] A code change that neither fixes a bug nor adds a feature
[ ] [revert] A change used to revert a previous commit
[ ] [style] Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc.)

Secondary type

[ ] [docs] Documentation changes
[ ] [test] Adding missing or correcting existing tests

Does this PR introduce a `BREAKING CHANGE`?

Related issues and/or pull requests

Describe the changes you're proposing

1dcd7d5746147ae212b85efc262972da0ba504ba is a small refactor, which provides groundwork for RHEL support, without actually adding any RHEL specific changes. 52c35201705c5c8ed77f99a59e5dd3f7f655b367 adds RHEL (and derivatives) support

Pillar / config required to test the proposed changes

Debug log showing how the proposed changes work

Documentation checklist

[ ] Updated the README (e.g. Available states).
[ ] Updated pillar.example.

Testing checklist

[ ] Included in Kitchen (i.e. under state_top).
[ ] Covered by new/existing tests (e.g. InSpec, Serverspec, etc.).
[ ] Updated the relevant test pillar.

Additional context

Tested on Ubuntu 20.04, CentOS 7 and Rocky 8.

myii commented 2 years ago

@unilogicbv The jobs are failing because of duplicate state IDs being introduced. Each failing job has the debug output at the top which can help you figure out what is going on. Taking this failing run between lines 1414 and 2036, here's a simplified version, to help clarify the problem:

[DEBUG   ] Rendered data from file: /tmp/kitchen/var/cache/salt/minion/files/base/users/init.sls:

...

users_/etc/sudoers.d/auser:
  file.absent:
    - name: /etc/sudoers.d/auser

policycoreutils-package:
  pkg.installed:
    - pkgs:
      - policycoreutils
      - policycoreutils-python

users_googleauth_selinux_present:
  selinux.fcontext_policy_present:
    - name: "/etc/google_authenticator.d(/.*)?"
    - filetype: 'a'
    - sel_user: unconfined_u
    - sel_type: ssh_home_t
    - sel_level: s0
    - require:
 - pkg: policycoreutils-package

...

users_/etc/sudoers.d/buser:
  file.managed:
    - replace: True
    - name: /etc/sudoers.d/buser
    - contents: |
        ...

policycoreutils-package:
  pkg.installed:
    - pkgs:
      - policycoreutils
      - policycoreutils-python

users_googleauth_selinux_present:
  selinux.fcontext_policy_present:
    - name: "/etc/google_authenticator.d(/.*)?"
    - filetype: 'a'
    - sel_user: unconfined_u
    - sel_type: ssh_home_t
    - sel_level: s0
    - require:
 - pkg: policycoreutils-package

...

[CRITICAL] Rendering SLS 'base:users' failed: while constructing a mapping
  in "<unicode string>", line 10, column 1
found conflicting ID 'policycoreutils-package'
  in "<unicode string>", line 369, column 1

So both the policycoreutils-package and users_googleauth_selinux_present states are being duplicated per user, when that wasn't the case beforehand. So you'll need to look at the changes you've made that have introduced that.

unilogicbv commented 2 years ago

Is there anything I need to clarify in order to get this pull request reviewed?

opserve-menno commented 1 year ago

I've noticed there hasn't been any action on this pull request for a little while now, I was wondering if there is anything that needs to be done or clarified to get this request merged?

I'm able to test this as I'd like to deploy this to a few CentOS 7/8 based servers.

saltstack-formulas / users-formula