1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
test_name 'C99977 corrupted clientbucket' do
tag 'audit:medium',
'audit:integration'
agents.each do |agent|
tmpfile = agent.tmpfile('c99977file')
unmanaged_content = "unmanaged\n"
if on(agent, facter("fips_enabled")).stdout =~ /true/
unmanaged_sha = Digest::SHA256.hexdigest(unmanaged_content)
else
unmanaged_sha = Digest::MD5.hexdigest(unmanaged_content)
end
managed_content = "managed\n"
manifest = "file { '#{tmpfile}': content => '#{managed_content}', }"
step 'create unmanaged file' do
create_remote_file(agent, tmpfile, unmanaged_content)
end
step 'manage file' do
apply_manifest_on(agent, manifest)
end
step 'corrupt clientbucket of file' do
if agent['platform'] =~ /windows/
vardir = 'C:/ProgramData/PuppetLabs/puppet/cache'
else
vardir = '/var/lib/puppet/cache'
end
clientbucket_base = "#{vardir}/clientbucket"
sha_array = unmanaged_sha.scan(/\w/)
clientbucket_path = clientbucket_base
(0..7).each do |i|
clientbucket_path = "#{clientbucket_path}/#{sha_array[i]}"
end
clientbucket_path = "#{clientbucket_path}/#{unmanaged_sha}"
contents_path = "#{clientbucket_path}/contents"
paths_path = "#{clientbucket_path}/paths"
create_remote_file(agent, contents_path, "corrupted\n")
create_remote_file(agent, paths_path, "corrupted\n")
end
step 'reset file to pre-managed state' do
create_remote_file(agent, tmpfile, unmanaged_content)
end
step 'manage file again' do
apply_manifest_on(agent, manifest) do |result|
assert_match(/Warning: Existing backup does not match its expected sum, .*Overwriting corrupted backup/, result.stderr) unless agent['locale'] == 'ja'
on(agent, "cat #{tmpfile}") do |r2|
assert_equal(managed_content, r2.stdout)
end
end
end
end
end
|
