Skip to content

Commit

Permalink
Merge pull request #3299 from donoghuc/prefer-token
Browse files Browse the repository at this point in the history
(GH-3296) Prefer cert auth to token auth for puppetdb client
  • Loading branch information
donoghuc authored Apr 12, 2024
2 parents 8266293 + 6f0c8f8 commit 0dc8195
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 1 deletion.
8 changes: 7 additions & 1 deletion lib/bolt/puppetdb/config.rb
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ def self.default_config
end

def token
return @token if @token
return @token if @token_computed
# Allow nil in config to skip loading a token
if @settings.include?('token')
if @settings['token']
Expand All @@ -69,6 +69,12 @@ def token
elsif File.exist?(DEFAULT_TOKEN)
@token = File.read(DEFAULT_TOKEN)
end
# Only use cert based auth in the case token and cert are both configured
if @token && cert
Bolt::Logger.logger(self).debug("Both cert and token based auth configured, using cert only")
@token = nil
end
@token_computed = true
@token = @token.strip if @token
end

Expand Down
12 changes: 12 additions & 0 deletions spec/unit/puppetdb/config_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,8 @@
context "token" do
context "token is valid" do
before :each do
options.delete('cert')
options.delete('key')
allow(File).to receive(:read).with(token).and_return 'footoken'
allow(File).to receive(:read).with(Bolt::PuppetDB::Config::DEFAULT_TOKEN).and_return 'bartoken'
end
Expand All @@ -97,6 +99,8 @@

context "token is invalid" do
before :each do
options.delete('cert')
options.delete('key')
allow(File).to receive(:read).with(token).and_return "footoken\n"
allow(File).to receive(:read).with(Bolt::PuppetDB::Config::DEFAULT_TOKEN).and_return "bartoken\n"
end
Expand All @@ -112,6 +116,14 @@
expect(config.token).to eq('bartoken')
end
end

context "both token and cert" do
it "returns nil for token when cert is configured" do
allow(config).to receive(:validate_file_exists).with('cert').and_return true
allow(File).to receive(:read).with(token).and_return 'footoken'
expect(config.token).to be_nil
end
end
end

context "cacert" do
Expand Down

0 comments on commit 0dc8195

Please sign in to comment.