Ruby syntax error when configuring ldap via harbor_user_settings

[entasisj]

Hi, your module is a great help! Many thanks. I succeeded to use the class 'harbor'. However, afterwards I tried to configure harbor to use LDAP user authentication using the resource 'harbor_user_settings' as documented. When applying the manifest with the resource Puppet fails because of a Ruby syntax error:

Error while evaluating a Resource Statement, Could not autoload puppet/type/harbor_user_settings: Could not autoload puppet/provider/harbor_user_settings/swagger: /etc/puppetlabs/code/environments/production/modules/harbor/lib/puppet/provider/harbor_user_settings/swagger.rb:42: syntax error, unexpected ':' "auth_mode": resource[:auth_mode],

Can you help with this?

[walkamongus]

@entasisj what Puppet version are you using?

[entasisj]

@walkamongus I am using Puppet 5.5.18 on master. It comes with ruby 2.3.1p112 (2016-04-26) [x86_64-linux-gnu].

[entasisj]

@walkamongus I can confirm now that an outdated version (2.1.0) of the 'puppet/archive' module caused above mentioned error. After upgrading to 3.2.1 the error disappeared. Afterwards I got an error that the harbor-swagger-client gem was missing. I did not realize that it has to be installed for the agent's Puppet Ruby using the provider 'puppet_gem'. Maybe you can add a note about that in the Readme.

However, now I'm stuck with another error when using the harbor_user_settings resource:

Could not evaluate: undefined method `auth_mode' for nil:NilClass

[walkamongus]

@entasisj thanks for continuing to look into this! Can you give me a sanitized version of the code that throws this error so I can try to reproduce and debug?

[entasisj]

I noticed an additional 'info' log before the error:

Exception when calling ProductsApi->configurations_get: SSL peer certificate or SSH remote key was not OK

This is logged in function 'def get_config(api_instance)' after catching a SwaggerClient::ApiError. Seems that in my setup the client settings are not configured well or the client setup is broken?

[entasisj]

O.K.. We use a self.signed certificate and when I disabled 'verify_ssl' and 'verify_ssl_host' as you mentioned in the Readme then the applying of the resource 'harbor_user_settings' succeeded.

We integrated the self-signed certificate into host's certificate store. I wonder if there is something to do to make the harbor-swagger-client become aware of it?

[entasisj]

O.K., finally I succeeded. I detected two things to resolve:

1. In order to have it working with the self-signed certificate one needs to set the value "ssl_ca_cert" for the swagger client which has to point to the certificate bundle on the host. (Note one can use the Puppet module 'pcfens/ca_cert' in order to integrate a self-signed certificate into that bundle.) So, I added the setting for 'ssl_ca_cert' in the swagger.yaml and read it within the harbor_user_settings/swagger.rb file. Afterwards I was able to set 'ssl_verify' to true in the swagger.yaml.
2. The swagger client has the default value 'localhost' for settings 'host'. That's why the SSL connection fails when using 'ssl_verify_host' with value 'true'. In order to resolve that issue I added the setting 'host' with the host's fqdn (e.g. in Puppet via $facts['fqdn']) to swagger.yaml and read it within the harbor_user_settings/swagger.rb file (as conditional assignment). Afterwards I was able to set 'ssl_verify_host' to true in the swagger.yaml.

[entasisj]

I created two new issues to address the required enhancement.