Only return roles that actually exist

c4a9d9a5 · drebs · 98c23ed0 · c4a9d9a5 · c4a9d9a5
Commit c4a9d9a5 authored Apr 12, 2021 by drebs
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -33,5 +33,8 @@ compile-profiles:
 enc-test:
  image: debian:stable
  stage: tests
+  variables:
+    ENV_DIR: '/etc/puppet/code/environments'
  script:
+    - 'for env in production development staging; do mkdir -p ${ENV_DIR}/${env}; ln -sf ${CI_PROJECT_DIR} ${ENV_DIR}/${env}/modules; done'
    - '${CI_PROJECT_DIR}/profile/files/puppet/puppet_node_classifier --run-tests'
--- a/profile/files/puppet/puppet_node_classifier
+++ b/profile/files/puppet/puppet_node_classifier
@@ -9,8 +9,8 @@
 #
 # And returns the proper classes and environment accordingly:
 #
-#     - Class role::ROLE
-#
+#     - Class role::ROLE, if that role actually exists in the manifests tree
+#       for the respective environment.
 #
 #     - ENV is optional: if it is a prefix of one of "production", "staging" or
 #       "development", then one of these is returned. If not, "production" is
@@ -32,6 +32,7 @@ fi

 DEFAULT_ENV='production'
 ENVIRONMENTS='production staging development'
+ENVIRONMENTS_DIR=/etc/puppet/code/environments

 get_environment() {

@@ -61,15 +62,21 @@ enc() {
 	regex="([[:alnum:]_]+)-([[:alnum:]_]+)(-([[:alnum:]_]+))?((\.[[:alnum:]_-]+)?)+$"
 	fqdn=${1}

-	# we're only interested in matching FQDNs
+	# we're only interested in matching FQDNs that match the regular expression
 	if [[ ! ${fqdn} =~ ${regex} ]]; then
 		echo "classes:"
 		exit 0
 	fi

+	environment=$( get_environment ${BASH_REMATCH[4]} )
+	role_candidate=${BASH_REMATCH[1]}
+	role=$( ls -1 ${ENVIRONMENTS_DIR}/${environment}/modules/role/manifests | sed -e s/\\.pp\$// | grep "^${role_candidate}\$" )
+
 	echo "classes:"
-	echo "  - role::${BASH_REMATCH[1]}"
-	echo "environment: $( get_environment ${BASH_REMATCH[4]} )"
+	if [ -n "${role}" ]; then
+		echo "  - role::${role}"
+	fi
+	echo "environment: ${environment}"
 }

 run_tests() {
@@ -96,35 +103,40 @@ run_tests() {

 	# Test uses of environment prefixes.

-	output=$( enc otherrole-some_tag-prod.example.com )
-        [ "${output}" == $'classes:\n  - role::otherrole\nenvironment: production' ] || exit 1
+	output=$( enc server-some_tag-prod.example.com )
+        [ "${output}" == $'classes:\n  - role::server\nenvironment: production' ] || exit 1

-	output=$( enc thirdrole-some_tag-stag.example.com )
-        [ "${output}" == $'classes:\n  - role::thirdrole\nenvironment: staging' ] || exit 1
+	output=$( enc puppetserver-some_tag-stag.example.com )
+        [ "${output}" == $'classes:\n  - role::puppetserver\nenvironment: staging' ] || exit 1

-	output=$( enc yetanotherrole-some_tag-dev.example.com )
-        [ "${output}" == $'classes:\n  - role::yetanotherrole\nenvironment: development' ] || exit 1
+	output=$( enc webserver-some_tag-dev.example.com )
+        [ "${output}" == $'classes:\n  - role::webserver\nenvironment: development' ] || exit 1

 	# Test uses of full environment names.

-	output=$( enc otherrole-some_tag-production.example.com )
-        [ "${output}" == $'classes:\n  - role::otherrole\nenvironment: production' ] || exit 1
+	output=$( enc server-some_tag-production.example.com )
+        [ "${output}" == $'classes:\n  - role::server\nenvironment: production' ] || exit 1

-	output=$( enc thirdrole-some_tag-staging.example.com )
-        [ "${output}" == $'classes:\n  - role::thirdrole\nenvironment: staging' ] || exit 1
+	output=$( enc puppetserver-some_tag-staging.example.com )
+        [ "${output}" == $'classes:\n  - role::puppetserver\nenvironment: staging' ] || exit 1

-	output=$( enc yetanotherrole-some_tag-development.example.com )
-        [ "${output}" == $'classes:\n  - role::yetanotherrole\nenvironment: development' ] || exit 1
+	output=$( enc webserver-some_tag-development.example.com )
+        [ "${output}" == $'classes:\n  - role::webserver\nenvironment: development' ] || exit 1

 	# Test using an arbitrary environment

-	output=$( enc somerole-some_tag-someenv.example.com )
-        [ "${output}" == $'classes:\n  - role::somerole\nenvironment: production' ] || exit 1
+	output=$( enc server-some_tag-someenv.example.com )
+        [ "${output}" == $'classes:\n  - role::server\nenvironment: production' ] || exit 1

 	# Test default production environment when not present in hostname

-	output=$( enc somerole-some_tag.example.com )
-        [ "${output}" == $'classes:\n  - role::somerole\nenvironment: production' ] || exit 1
+	output=$( enc server-some_tag.example.com )
+        [ "${output}" == $'classes:\n  - role::server\nenvironment: production' ] || exit 1
+
+	# Test using a role that doesn't exist
+
+	output=$( enc idontexist-some_tag-prod.arbitraryfqdn.example.com )
+        [ "${output}" == $'classes:\nenvironment: production' ] || exit 1

 	# Test using something that doesn't match ROLE-TAG[-ENV].DOMAIN