(FACT-2718) Block custom facts

puppetlabs · Jul 28, 2020 · 245bfa4 · 245bfa4
1 parent d587bdf
commit 245bfa4
Show file tree

Hide file tree

Showing 4 changed files with 82 additions and 24 deletions.
diff --git a/.github/actions/presuite.rb b/.github/actions/presuite.rb
@@ -1,4 +1,7 @@
+# frozen_string_literal: true
+
 require 'open3'
+require 'fileutils'
 
 def install_bundler
   message('INSTALL BUNDLER')
@@ -22,24 +25,25 @@ def initialize_beaker
 
 def beaker_platform
   {
-      'ubuntu-18.04' => 'ubuntu1804-64a',
-      'ubuntu-16.04' => 'ubuntu1604-64a',
-      'ubuntu-20.04' => 'ubuntu2004-64a',
-      'macos-10.15' => 'osx1015-64a',
-      'windows-2016' => 'windows2016-64a',
-      'windows-2019' => 'windows2019-64a'
+    'ubuntu-18.04' => 'ubuntu1804-64a',
+    'ubuntu-16.04' => 'ubuntu1604-64a',
+    'ubuntu-20.04' => 'ubuntu2004-64a',
+    'macos-10.15' => 'osx1015-64a',
+    'windows-2016' => 'windows2016-64a',
+    'windows-2019' => 'windows2019-64a'
   }[HOST_PLATFORM]
 end
 
 def platform_with_options(platform)
   return "\"#{platform}{hypervisor=none,hostname=localhost,is_cygwin=false}\"" if platform.include? 'windows'
+
   "#{platform}{hypervisor=none\\,hostname=localhost}"
 end
 
 def install_puppet_agent
   message('INSTALL PUPPET AGENT')
 
-  beaker_puppet_root, _ = run('bundle info beaker-puppet --path')
+  beaker_puppet_root, = run('bundle info beaker-puppet --path')
   presuite_file_path = File.join(beaker_puppet_root.chomp, 'setup', 'aio', '010_Install_Puppet_Agent.rb')
 
   run("beaker exec pre-suite --pre-suite #{presuite_file_path} --preserve-state", './', env_path_var)
@@ -49,33 +53,34 @@ def puppet_bin_dir
   linux_puppet_bin_dir = '/opt/puppetlabs/puppet/bin'
   windows_puppet_bin_dir = 'C:\\Program Files\\Puppet Labs\\Puppet\\bin'
 
-  (HOST_PLATFORM.include? 'windows') ? windows_puppet_bin_dir : linux_puppet_bin_dir
+  HOST_PLATFORM.include?('windows') ? windows_puppet_bin_dir : linux_puppet_bin_dir
 end
 
 def puppet_command
   return '/opt/puppetlabs/puppet/bin/puppet' unless HOST_PLATFORM.include? 'windows'
-  "\"C:\\Program Files\\Puppet Labs\\Puppet\\bin\\puppet\""
+
+  '"C:\\Program Files\\Puppet Labs\\Puppet\\bin\\puppet"'
 end
 
 def gem_command
   return '/opt/puppetlabs/puppet/bin/gem' unless HOST_PLATFORM.include? 'windows'
-  "\"C:\\Program Files\\Puppet Labs\\Puppet\\puppet\\bin\\gem\""
+
+  '"C:\\Program Files\\Puppet Labs\\Puppet\\puppet\\bin\\gem"'
 end
 
 def env_path_var
-  (HOST_PLATFORM.include? 'windows') ? { 'PATH' => "#{puppet_bin_dir};#{ENV['PATH']}" } : {}
+  HOST_PLATFORM.include?('windows') ? { 'PATH' => "#{puppet_bin_dir};#{ENV['PATH']}" } : {}
 end
 
 def update_facter_lib
-  pr_facter_lib_path = [ '..', 'lib', '*']
-  facter_lib_windows_path = 'C:\\Program Files\\Puppet Labs\\Puppet\\puppet\\lib\\ruby\\vendor_ruby\\facter'
+  facter_lib_windows_path = 'C:/Program Files/Puppet Labs/Puppet/puppet/lib/ruby/vendor_ruby/facter'
   facter_lib_linux_path = '/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/facter'
 
-  facter_lib_path = (HOST_PLATFORM.include? 'windows') ? facter_lib_windows_path : facter_lib_linux_path
+  facter_lib_path = HOST_PLATFORM.include?('windows') ? facter_lib_windows_path : facter_lib_linux_path
 
   message('OVERWRITE FACTER FILES')
-  run("rm -rf #{facter_lib_path} #{facter_lib_path + '.rb'}")
-  run("mv #{File.join(pr_facter_lib_path)} #{facter_lib_path.sub('facter', '')}")
+  FileUtils.rm_r([facter_lib_path, facter_lib_path + '.rb'], force: true)
+  run("#{'powershell' if HOST_PLATFORM.include? 'windows'} mv ../lib/* \'#{facter_lib_path.sub('facter', '')}\'")
 end
 
 def run_acceptance_tests

diff --git a/acceptance/tests/custom_facts/block_custom_fact.rb b/acceptance/tests/custom_facts/block_custom_fact.rb
@@ -0,0 +1,47 @@
+test_name 'custom facts included in blocklist will not be displayed' do
+  tag 'risk:high'
+
+  require 'facter/acceptance/user_fact_utils'
+  extend Facter::Acceptance::UserFactUtils
+
+  custom_fact_file = 'custom_facts.rb'
+  custom_fact_name = "my_custom_fact"
+  custom_fact_value = "custom_fact_value"
+
+  fact_content = <<-CUSTOM_FACT
+  Facter.add(:#{custom_fact_name}) do
+    setcode do
+      "#{custom_fact_value}"
+    end
+  end
+  CUSTOM_FACT
+
+  config_data = <<~FACTER_CONF
+    facts : {
+      blocklist : [ "#{custom_fact_name}" ],
+    }
+  FACTER_CONF
+
+  agents.each do |agent|
+    fact_dir = agent.tmpdir('custom_facts')
+    fact_file = File.join(fact_dir, custom_fact_file)
+
+    config_dir = get_default_fact_dir(agent['platform'], on(agent, facter('kernelmajversion')).stdout.chomp.to_f)
+    config_file = File.join(config_dir, 'facter.conf')
+
+    agent.mkdir_p(config_dir)
+    create_remote_file(agent, fact_file, fact_content)
+    create_remote_file(agent, config_file, config_data)
+
+    teardown do
+      agent.rm_rf(fact_dir)
+      agent.rm_rf(config_dir)
+    end
+
+    step "Facter: Verify that the blocked custom fact is not displayed" do
+      on(agent, facter("--custom-dir=#{fact_dir} my_custom_fact")) do |facter_output|
+        assert_equal("", facter_output.stdout.chomp)
+      end
+    end
+  end
+end
diff --git a/lib/facter/framework/core/fact_loaders/fact_loader.rb b/lib/facter/framework/core/fact_loaders/fact_loader.rb
@@ -51,6 +51,8 @@ def load_external_facts(options)
         @external_facts.concat(@external_fact_loader.custom_facts)
       end
 
+      @external_facts = block_facts(@external_facts, options)
+
       if options[:external_facts]
         @log.debug('Loading external facts')
         @external_facts.concat(@external_fact_loader.external_facts)

diff --git a/spec/framework/core/fact_loaders/fact_loader_spec.rb b/spec/framework/core/fact_loaders/fact_loader_spec.rb
@@ -60,17 +60,21 @@
       expect(loaded_facts.size).to eq(0)
     end
 
-    it 'does not blocks external facts' do
-      options = { custom_facts: true, blocked_facts: ['custom_fact'] }
+    context 'when blocking custom facts' do
+      before do
+        facts_to_load = [loaded_fact_custom_fact]
 
-      facts_to_load = [loaded_fact_custom_fact]
+        allow(internal_fact_loader_double).to receive(:core_facts).and_return([])
+        allow(external_fact_loader_double).to receive(:custom_facts).and_return(facts_to_load)
+        allow(external_fact_loader_double).to receive(:external_facts).and_return([])
+      end
 
-      allow(internal_fact_loader_double).to receive(:core_facts).and_return([])
-      allow(external_fact_loader_double).to receive(:custom_facts).and_return(facts_to_load)
-      allow(external_fact_loader_double).to receive(:external_facts).and_return([])
+      it 'blocks one custom fact' do
+        options = { custom_facts: true, blocked_facts: ['custom_fact'] }
+        loaded_facts = Facter::FactLoader.instance.load(options)
 
-      loaded_facts = Facter::FactLoader.instance.load(options)
-      expect(loaded_facts).to eq(facts_to_load)
+        expect(loaded_facts.size).to eq(0)
+      end
     end
 
     it 'loads the same amount of core facts everytime' do