(#297) Stopped managing nsswitch if authselect is used (#298)

* (#297) Stopped managing nsswitch if authselect is used Fixes #297 * Re-added tests that test the functionality of the class with authselect turned on
simp · May 18, 2023 · 2e00d25 · 2e00d25
1 parent 34cf500
commit 2e00d25
Show file tree

Hide file tree

Showing 5 changed files with 48 additions and 9 deletions.
diff --git a/CHANGELOG b/CHANGELOG
@@ -1,3 +1,6 @@
+* Thu May 18 2023 Mike Riddle <[email protected]> - 4.16.7
+- Stopped managing nsswitch when authselect is being used
+
 * Thu Apr 20 2023 Mike Riddle <[email protected]> - 4.16.6
 - Removed missing gpgkeys from the list of simp gpgkeys
 

diff --git a/Gemfile b/Gemfile
@@ -21,6 +21,7 @@ group :test do
   gem 'puppetlabs_spec_helper'
   gem 'metadata-json-lint'
   gem 'puppet-strings'
+  gem 'scanf'
   gem 'puppet-lint-empty_string-check',   :require => false
   gem 'puppet-lint-trailing_comma-check', :require => false
   gem 'simp-rspec-puppet-facts', ENV['SIMP_RSPEC_PUPPET_FACTS_VERSION'] || '~> 3.1'

diff --git a/manifests/server.pp b/manifests/server.pp
@@ -42,25 +42,31 @@
   String              $scenario        = simplib::lookup('simp::scenario', { 'default_value' => 'simp' }),
   Array[String]       $classes         = []
 ) {
-
   simplib::module_metadata::assert($module_name, { 'blacklist' => ['Windows'] })
 
   if $scenario_map.has_key($scenario) {
-    include simp::knockout(
-      union(
+    $_included_classes = $simp_options::authselect ? {
+      # In environments using authselect, we want to manage nsswitch.conf
+      # with the authselect class instead of the nsswitch class 
+      true => union(
+        ($scenario_map[$scenario] - ['nsswitch', 'simp::nsswitch']),
+        ($classes - ['nsswitch', 'simp::nsswitch']),
+      ),
+      false => union(
         $scenario_map[$scenario],
         $classes,
       )
-    )
+    }
+    include simp::knockout($_included_classes)
   } else {
     fail("ERROR - Invalid scenario '${scenario}' for the given scenario map.")
   }
 
   # This setting will be removed from future releases of simp.
   # See the simp-clamav module for information on how manage ClamAV
-  if $clamav  { include 'clamav' }
+  if $clamav { include 'clamav' }
 
-  if $auditd  { include 'auditd' }
+  if $auditd { include 'auditd' }
 
   if $allow_simp_user {
     if $pam {
@@ -69,14 +75,14 @@
       pam::access::rule { 'allow_simp':
         users   => ['simp'],
         origins => ['ALL'],
-        comment => 'The SIMP user, used to remotely login to the system in the case of a lockout.'
+        comment => 'The SIMP user, used to remotely login to the system in the case of a lockout.',
       }
     }
 
     sudo::user_specification { 'default_simp':
       user_list => ['simp'],
       runas     => 'root',
-      cmnd      => ['/bin/su root', '/bin/su - root']
+      cmnd      => ['/bin/su root', '/bin/su - root'],
     }
   }
 }
diff --git a/metadata.json b/metadata.json
@@ -1,6 +1,6 @@
 {
   "name": "simp-simp",
-  "version": "4.16.6",
+  "version": "4.16.7",
   "author": "SIMP Team",
   "summary": "default profiles for core SIMP installations",
   "license": "Apache-2.0",
@@ -135,6 +135,10 @@
       "name": "simp/simp_openldap",
       "version_requirement": ">= 6.0.0 < 7.0.0"
     },
+    {
+      "name": "simp/simp_options",
+      "version_requirement": ">= 1.6.1 < 2.0.0"
+    },
     {
       "name": "simp/simp_rsyslog",
       "version_requirement": ">= 0.3.0 < 1.0.0"

diff --git a/spec/classes/10_classes/server_spec.rb b/spec/classes/10_classes/server_spec.rb
@@ -4,6 +4,14 @@
   context 'supported operating systems' do
     on_supported_os.each do |os, os_facts|
       context "on #{os}" do
+
+        let(:pre_condition) { 
+          "class {
+            'simp_options':
+              authselect => false,
+          }"
+        }
+
         if os_facts[:kernel] == 'windows'
           let(:facts){ os_facts }
           it { expect{ is_expected.to compile.with_all_deps }.to raise_error(/'windows .+' is not supported/) }
@@ -131,7 +139,24 @@
                 end
               end
             end
+
+            scenarios.each do |scenario, data|
+              context "'#{scenario}' with authselect" do
+                let(:params) {{
+                  :scenario => scenario
+                }}
+
+                let(:pre_condition) { 
+                  "class {
+                    'simp_options':
+                      authselect => true,
+                  }"
+                }
 
+                it { is_expected.to compile.with_all_deps }
+                it { is_expected.to_not contain_class('nsswitch') }
+              end
+            end
           end
         end
       end