From 2ddd45d00eb3e82c8b3b757b3dc1c125f41393b1 Mon Sep 17 00:00:00 2001
From: jeannegreulich <jeanne.greulich@onyxpoint.com>
Date: Thu, 11 Apr 2019 09:06:26 -0400
Subject: [PATCH] (SIMP-6212) Add function to install simp deps repo (#96)

Added a function, install_simp_repos(), that sets up the SIMP internet
package repositories. Using this throughout acceptance tests in the
SIMP code base will allow any SIMP repo changes to be updated
in one place, should it ever change.

SIMP-6212 #comment This fix is needed for pkg-r10k tests
---
 CHANGELOG.md                                  |   6 +
 lib/simp/beaker_helpers.rb                    | 119 +++++++++++++-----
 lib/simp/beaker_helpers/version.rb            |   2 +-
 .../default/install_simp_deps_repo_spec.rb    |  43 +++++++
 4 files changed, 139 insertions(+), 31 deletions(-)
 create mode 100644 spec/acceptance/suites/default/install_simp_deps_repo_spec.rb

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 09a2094..6d54d0a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,9 @@
+### 1.14.0 / 2019-04-08
+* Added function, install_simp_repo, to install the simp online repos.
+  The repos are defined in a hash in the function. All the repos
+  will be configured and enabled.   To disable one or more of them pass
+  in an array of names of the repos to disable.
+
 ### 1.13.1 / 2019-02-02
 * Ensure that SUTs have an FQDN set and not just a short hostname
 * Work around issue where the SSG doesn't build the STIG for CentOS any longer.
diff --git a/lib/simp/beaker_helpers.rb b/lib/simp/beaker_helpers.rb
index 88a28a1..bb84a5a 100644
--- a/lib/simp/beaker_helpers.rb
+++ b/lib/simp/beaker_helpers.rb
@@ -294,7 +294,6 @@ def enable_fips_mode_on( suts = hosts )
     end
   end
 
-
   # Collect all 'yum_repos' entries from the host nodeset.
   # The acceptable format is as follows:
   # yum_repos:
@@ -304,6 +303,19 @@ def enable_fips_mode_on( suts = hosts )
   #       - <URL to GPGKEY1>
   #       - <URL to GPGKEY2>
   def enable_yum_repos_on( suts = hosts )
+    parallel = (ENV['BEAKER_SIMP_parallel'] == 'yes')
+    block_on(suts, :run_in_parallel => parallel) do |sut|
+      if sut['yum_repos']
+        sut['yum_repos'].each_pair do |repo, metadata|
+          repo_manifest = create_yum_resource( repo, metadata)
+
+          apply_manifest_on(sut, repo_manifest, :catch_failures => true)
+        end
+      end
+    end
+  end
+
+  def create_yum_resource( repo, metadata )
     repo_attrs = [
       :assumeyes,
       :bandwidth,
@@ -344,38 +356,29 @@ def enable_yum_repos_on( suts = hosts )
       :timeout
     ]
 
-    parallel = (ENV['BEAKER_SIMP_parallel'] == 'yes')
-    block_on(suts, :run_in_parallel => parallel) do |sut|
-      if sut['yum_repos']
-        sut['yum_repos'].each_pair do |repo, metadata|
-          repo_manifest = %(yumrepo { #{repo}:)
-
-          repo_manifest_opts = []
-
-          # Legacy Support
-          urls = !metadata[:url].nil? ? metadata[:url] : metadata[:baseurl]
-          if urls
-            repo_manifest_opts << 'baseurl => ' + '"' + Array(urls).flatten.join('\n        ').gsub('$','\$') + '"'
-          end
+      repo_manifest = %(yumrepo { #{repo}:)
 
-          # Legacy Support
-          gpgkeys = !metadata[:gpgkeys].nil? ? metadata[:gpgkeys] : metadata[:gpgkey]
-          if gpgkeys
-            repo_manifest_opts << 'gpgkey => ' + '"' + Array(gpgkeys).flatten.join('\n       ').gsub('$','\$') + '"'
-          end
+      repo_manifest_opts = []
 
-          repo_attrs.each do |attr|
-            if metadata[attr]
-              repo_manifest_opts << "#{attr} => '#{metadata[attr]}'"
-            end
-          end
+      # Legacy Support
+      urls = !metadata[:url].nil? ? metadata[:url] : metadata[:baseurl]
+      if urls
+        repo_manifest_opts << 'baseurl => ' + '"' + Array(urls).flatten.join('\n        ').gsub('$','\$') + '"'
+      end
 
-          repo_manifest = repo_manifest + %(\n#{repo_manifest_opts.join(",\n")}) + "\n}"
+      # Legacy Support
+      gpgkeys = !metadata[:gpgkeys].nil? ? metadata[:gpgkeys] : metadata[:gpgkey]
+      if gpgkeys
+        repo_manifest_opts << 'gpgkey => ' + '"' + Array(gpgkeys).flatten.join('\n       ').gsub('$','\$') + '"'
+      end
 
-          apply_manifest_on(sut, repo_manifest, :catch_failures => true)
+      repo_attrs.each do |attr|
+        if metadata[attr]
+          repo_manifest_opts << "#{attr} => '#{metadata[attr]}'"
         end
       end
-    end
+
+      repo_manifest = repo_manifest + %(\n#{repo_manifest_opts.join(",\n")}) + "\n}\n"
   end
 
   def linux_errata( sut )
@@ -562,7 +565,6 @@ def run_fake_pki_ca_on( ca_sut = master, suts = hosts, local_dir = '' )
     end
   end
 
-
   # Copy a single SUT's PKI certs (with cacerts) onto an SUT.
   #
   # This simulates the result of pki::copy
@@ -656,7 +658,6 @@ def activate_interfaces(hosts)
     end
   end
 
-
   ## Inline Hiera Helpers ##
   ## These will be integrated into core Beaker at some point ##
 
@@ -681,7 +682,6 @@ def activate_interfaces(hosts)
     end
   end
 
-
   # Writes a YAML file in the Hiera :datadir of a Beaker::Host.
   #
   # @note This is useless unless Hiera is configured to use the data file.
@@ -946,4 +946,63 @@ def install_puppet
 
     run_puppet_install_helper(install_info[:puppet_install_type], install_info[:puppet_install_version])
   end
+
+  # Configure all SIMP repos on a host and enable all but those listed in the disable list
+  #
+  # @param sut Host on which to configure SIMP repos
+  # @param disable List of SIMP repos to disable
+  # @raise if disable contains an invalid repo name.
+  #
+  # Examples:
+  #  install_simp_repos( myhost )           # install all the repos an enable them.
+  #  install_simp_repos( myhost, ['simp'])  # install the repos but disable the simp repo.
+  #
+  # Current set of valid SIMP repo names:
+  #  'simp'
+  #  'simp_deps'
+  #
+  def install_simp_repos(sut, disable = [] )
+ 
+    repos = {
+      'simp' => {
+        :baseurl   => 'https://packagecloud.io/simp-project/6_X/el/$releasever/$basearch',
+        :gpgkey    => ['https://raw.githubusercontent.com/NationalSecurityAgency/SIMP/master/GPGKEYS/RPM-GPG-KEY-SIMP',
+                    'https://download.simp-project.com/simp/GPGKEYS/RPM-GPG-KEY-SIMP-6'
+                     ],
+        :gpgcheck  => 1,
+        :sslverify => 1,
+        :sslcacert => '/etc/pki/tls/certs/ca-bundle.crt',
+        :metadata_expire => 300
+      },
+      'simp_deps' => {
+        :baseurl   => 'https://packagecloud.io/simp-project/6_X_Dependencies/el/$releasever/$basearch',
+        :gpgkey    => ['https://raw.githubusercontent.com/NationalSecurityAgency/SIMP/master/GPGKEYS/RPM-GPG-KEY-SIMP',
+                    'https://yum.puppet.com/RPM-GPG-KEY-puppetlabs',
+                    'https://yum.puppet.com/RPM-GPG-KEY-puppet',
+                    'https://apt.postgresql.org/pub/repos/yum/RPM-GPG-KEY-PGDG-96',
+                    'https://artifacts.elastic.co/GPG-KEY-elasticsearch',
+                    'https://grafanarel.s3.amazonaws.com/RPM-GPG-KEY-grafana',
+                    'https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-$releasever'
+                   ],
+        :gpgcheck  => 1,
+        :sslverify => 1,
+        :sslcacert => '/etc/pki/tls/certs/ca-bundle.crt',
+        :metadata_expire => 300
+      }
+    }
+    # Verify that the repos passed to disable are in the list of valid repos
+    disable.each { |d|
+      unless repos.has_key?(d)
+        raise("ERROR: install_simp_repo - disable contains invalid SIMP repo '#{d}'.")
+      end
+    }
+    repo_manifest = ''
+    repos.each { | repo, metadata|
+      metadata[:enabled] = disable.include?(repo) ? 0 : 1
+      repo_manifest << create_yum_resource(repo, metadata)
+    }
+    apply_manifest_on(sut, repo_manifest, :catch_failures => true)
+  end
 end
+
+
diff --git a/lib/simp/beaker_helpers/version.rb b/lib/simp/beaker_helpers/version.rb
index df39b47..ecbd0dd 100644
--- a/lib/simp/beaker_helpers/version.rb
+++ b/lib/simp/beaker_helpers/version.rb
@@ -1,5 +1,5 @@
 module Simp; end
 
 module Simp::BeakerHelpers
-  VERSION = '1.13.1'
+  VERSION = '1.14.0'
 end
diff --git a/spec/acceptance/suites/default/install_simp_deps_repo_spec.rb b/spec/acceptance/suites/default/install_simp_deps_repo_spec.rb
new file mode 100644
index 0000000..e5632c4
--- /dev/null
+++ b/spec/acceptance/suites/default/install_simp_deps_repo_spec.rb
@@ -0,0 +1,43 @@
+require 'spec_helper_acceptance'
+
+hosts.each do |host|
+  describe '#write_hieradata_to' do
+
+    it 'should install yum utils' do
+      host.install_package('yum-utils')
+    end
+
+    context 'defailt settings' do
+      before(:all) { install_simp_repos(host) }
+
+      it 'creates the repo' do
+        on host, 'test -f /etc/yum.repos.d/simp.repo'
+        on host, 'test -f /etc/yum.repos.d/simp_deps.repo'
+      end
+
+      it 'enables the correct repos' do
+        simp6info = on(host, '/usr/bin/yum repolist -v simp | grep ^Repo-status').stdout.strip
+        expect(simp6info).to match(/.*Repo-status.*enabled.*/)
+        simp6depsinfo = on(host, 'yum repolist -v simp_deps| grep ^Repo-status').stdout.strip
+        expect(simp6depsinfo).to match(/.*Repo-status.*enabled.*/)
+      end
+    end
+
+    context 'when passed a disabled list ' do
+      before(:all) { install_simp_repos(host, ['simp'] ) }
+
+      it 'creates the repo' do
+        on host, 'test -f /etc/yum.repos.d/simp.repo'
+        on host, 'test -f /etc/yum.repos.d/simp_deps.repo'
+      end
+
+      it 'enables the correct repos' do
+        simp6info = on(host, 'yum repolist -v simp | grep ^Repo-status').stdout.strip
+        expect(simp6info).to match(/.*Repo-status.*disabled.*/)
+        simp6depsinfo = on(host, 'yum repolist -v simp_deps| grep ^Repo-status').stdout.strip
+        expect(simp6depsinfo).to match(/.*Repo-status.*enabled.*/)
+      end
+    end
+
+  end
+end