Preserve existing csr_attributes data

reidmv · reidmv · commit f318a8831e13 · 2020-03-25T15:56:55.000-07:00
In the event a csr_attributes.yaml file is already present, don't
overwrite it; instead, merge in the values we need to any values already
present.
diff --git a/plans/action/install.pp b/plans/action/install.pp
@@ -179,38 +179,29 @@
     upload_path => $upload_tarball_path,
   )
 
-  # Create csr_attributes.yaml files for the nodes that need them
-  # There is a problem with OID names in csr_attributes.yaml for some
-  # installs, e.g. PE 2019.0.1, PUP-9746. Use the raw OIDs for now.
-
-  run_task('peadm::mkdir_p_file', $master_target,
-    path    => '/etc/puppetlabs/puppet/csr_attributes.yaml',
-    content => @("HEREDOC"),
-      ---
-      extension_requests:
-        ${peadm::oid('peadm_role')}: "puppet/master"
-        ${peadm::oid('peadm_availability_group')}: "A"
-      | HEREDOC
+  # Create csr_attributes.yaml files for the nodes that need them. Ensure that
+  # if a csr_attributes.yaml file is already present, the values we need are
+  # merged with the existing values.
+
+  run_plan('peadm::util::insert_csr_extensions', $master_target,
+    extensions => {
+      peadm::oid('peadm_role')               => 'puppet/master',
+      peadm::oid('peadm_availability_group') => 'A',
+    },
   )
 
-  run_task('peadm::mkdir_p_file', $puppetdb_database_target,
-    path    => '/etc/puppetlabs/puppet/csr_attributes.yaml',
-    content => @("HEREDOC"),
-      ---
-      extension_requests:
-        ${peadm::oid('peadm_role')}: "puppet/puppetdb-database"
-        ${peadm::oid('peadm_availability_group')}: "A"
-      | HEREDOC
+  run_plan('peadm::util::insert_csr_extensions', $puppetdb_database_target,
+    extensions => {
+      peadm::oid('peadm_role')               => 'puppet/puppetdb-database',
+      peadm::oid('peadm_availability_group') => 'A',
+    },
   )
 
-  run_task('peadm::mkdir_p_file', $puppetdb_database_replica_target,
-    path    => '/etc/puppetlabs/puppet/csr_attributes.yaml',
-    content => @("HEREDOC"),
-      ---
-      extension_requests:
-        ${peadm::oid('peadm_role')}: "puppet/puppetdb-database"
-        ${peadm::oid('peadm_availability_group')}: "B"
-      | HEREDOC
+  run_plan('peadm::util::insert_csr_extensions', $puppetdb_database_replica_target,
+    extensions => {
+      peadm::oid('peadm_role')               => 'puppet/puppetdb-database',
+      peadm::oid('peadm_availability_group') => 'B',
+    },
   )
 
   # Get the master installation up and running. The installer will
diff --git a/plans/util/insert_csr_extensions.pp b/plans/util/insert_csr_extensions.pp
@@ -0,0 +1,18 @@
+plan peadm::util::insert_csr_extensions (
+  TargetSpec $targets,
+  Hash       $extensions,
+) {
+  get_targets($targets).each |$target| {
+    $csr_attributes_data = ($csr_file = run_task('peadm::read_file', $target,
+      path => '/etc/puppetlabs/puppet/csr_attributes.yaml',
+    ).first['content']) ? {
+      undef   => { },
+      default => $csr_file.parseyaml,
+    }
+
+    run_task('peadm::mkdir_p_file', $target,
+      path    => '/etc/puppetlabs/puppet/csr_attributes.yaml',
+      content => $csr_attributes_data.deep_merge({'extension_requests' => $extensions}).to_yaml,
+    )
+  }
+}
diff --git a/tasks/read_file.json b/tasks/read_file.json
@@ -8,6 +8,7 @@
   },
   "input_method": "stdin",
   "implementations": [
-    {"name": "read_file.rb"}
+    {"name": "read_file.rb", "requirements": ["puppet-agent"]},
+    {"name": "read_file.sh", "requirements": ["shell"]}
   ]
 }
diff --git a/tasks/read_file.rb b/tasks/read_file.rb
@@ -2,8 +2,18 @@
 
 require 'json'
 
-params  = JSON.parse(STDIN.read)
-content = File.read(params['path'])
-result  = { 'content' => content }.to_json
-
-puts result
+begin
+  params  = JSON.parse(STDIN.read)
+  content = File.read(params['path'])
+rescue StandardError => err
+  result = {
+    'content' => nil,
+    'error'   => err.message,
+  }
+else
+  result = {
+    'content' => content
+  }
+ensure
+  puts result.to_json
+end
diff --git a/tasks/read_file.sh b/tasks/read_file.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+main() {
+	if [ -r "$PT_path" ]; then
+		cat <<-EOS
+			{
+				"content": $(python_cmd -c "import json; print json.dumps(open('$PT_path','r').read())")
+			}
+		EOS
+	else
+		cat <<-EOS
+			{
+				"content": null,
+				"error": "File does not exist or is not readable"
+			}
+		EOS
+	fi
+}
+
+python_cmd() {
+	if command -v python >/dev/null 2>&1; then
+		python "$@"
+	else
+		python3 "$@"
+	fi
+}
+
+main "$@"
+exit_code=$?
+exit $exit_code

Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,7 @@`
`8`	`8`	`},`
`9`	`9`	`"input_method": "stdin",`
`10`	`10`	`"implementations": [`
`11`		`- {"name": "read_file.rb"}`
	`11`	`+ {"name": "read_file.rb", "requirements": ["puppet-agent"]},`
	`12`	`+ {"name": "read_file.sh", "requirements": ["shell"]}`
`12`	`13`	`]`
`13`	`14`	`}`