Hotfix/test build

CHANGELOG.md

@@ -2,6 +2,10 @@
 
 ## Development
 
+## 2.6.0 (April 12, 2023)
+
+- Fixing tests. Contributed by @bishopbm1
+
 ## 2.5.0 (June 29, 2022)
 
 - Move CentOS -> RockyLinux and Python 3.6 -> 3.8. Contributed by @rush-skills

manifests/init.pp

@@ -262,6 +262,9 @@
   $version                    = 'present',
   String  $python_version     = 'system',
   St2::Repository $repository = $st2::params::repository,
+  $manage_epel_repo           = $st2::params::manage_epel_repo,
+  $python_use_epel_repo       = $st2::params::python_use_epel_repo,
+  $redis_manage_repo          = $st2::params::redis_manage_repo,
   $conf_dir                   = $st2::params::conf_dir,
   $conf_file                  = "${st2::params::conf_dir}/st2.conf",
   $use_ssl                    = $st2::params::use_ssl,
@@ -307,6 +310,12 @@
   $ng_init                    = true,
   $datastore_keys_dir         = $st2::params::datstore_keys_dir,
   $datastore_key_path         = "${st2::params::datstore_keys_dir}/datastore_key.json",
+  $manage_datastore_key       = $st2::params::manage_datastore_key,
+  $datastore_hmac_size        = $st2::params::datastore_hmac_size,
+  $datastore_hmac_key         = $st2::params::datastore_hmac_key,
+  $datastore_aes_key          = $st2::params::datastore_aes_key,
+  $datastore_aes_mode         = $st2::params::datastore_aes_mode,
+  $datastore_aes_size         = $st2::params::datastore_aes_size,
   $nginx_basicstatus_enabled  = $st2::params::basicstatus_enabled,
   $nginx_basicstatus_port     = $st2::params::basicstatus_port,
   $nginx_manage_repo          = true,

manifests/params.pp

@@ -55,6 +55,18 @@
   $conf_dir = '/etc/st2'
   $datstore_keys_dir = "${conf_dir}/keys"
 
+  # Datastore
+  $manage_datastore_key = false
+  $datastore_aes_key = ''
+  $datastore_hmac_key = ''
+  $datastore_hmac_size = 256
+  $datastore_aes_mode = 'CBC'
+  $datastore_aes_size = 256
+
+  $manage_epel_repo = true
+  $python_use_epel_repo = true
+  $redis_manage_repo = false
+
   $st2_server_packages = [
     'st2',
   ]

manifests/profile/python.pp

@@ -20,7 +20,8 @@
 #  include st2::profile::python
 #
 class st2::profile::python (
-  String  $version            = $st2::python_version,
+  String  $version              = $st2::python_version,
+  Boolean $python_use_epel_repo = $st2::python_use_epel_repo,
 ) inherits st2 {
   notice("Python version: ${version}")
   if !defined(Class['python']) {
@@ -29,6 +30,7 @@
       version            => $version,
       dev                => present,
       manage_pip_package => false,
+      use_epel           => $python_use_epel_repo,
     }
   }
 }

manifests/profile/rabbitmq.pp

@@ -36,6 +36,7 @@
   $erlang_rhel_sslverify          = $st2::erlang_rhel_sslverify,
   $erlang_rhel_gpgcheck           = $st2::erlang_rhel_gpgcheck,
   $erlang_rhel_repo_gpgcheck      = $st2::erlang_rhel_repo_gpgcheck,
+  $manage_epel_repo               = $st2::manage_epel_repo,
 ) inherits st2 {
 
   # RHEL 8 Requires another repo in addition to epel to be installed
@@ -127,7 +128,7 @@
   }
 
   # RHEL needs EPEL installed prior to rabbitmq
-  if $facts['os']['family'] == 'RedHat' {
+  if (($facts['os']['family'] == 'RedHat') and ($manage_epel_repo == true)) {
     Class['epel']
     -> Class['rabbitmq']
 

manifests/profile/redis.pp

@@ -12,11 +12,13 @@
 #    }
 #
 class st2::profile::redis (
-  String  $bind_ip = $st2::redis_bind_ip,
+  String  $bind_ip           = $st2::redis_bind_ip,
+  Boolean $redis_manage_repo = $st2::redis_manage_repo,
 ) inherits st2 {
 
   class { 'redis':
-      bind => $bind_ip,
+    bind        => $bind_ip,
+    manage_repo => $redis_manage_repo,
   }
 
   contain redis

manifests/repo.pp

@@ -17,7 +17,7 @@
 class st2::repo (
   Enum['present', 'absent'] $ensure = 'present',
   St2::Repository $repository = $st2::repository,
-  Boolean $manage_epel_repo = true,
+  Boolean $manage_epel_repo = $st2::manage_epel_repo,
 ) inherits st2 {
   case $facts['os']['family'] {
     'RedHat': {

manifests/server/datastore_keys.pp

@@ -17,9 +17,15 @@
 #   }
 #
 class st2::server::datastore_keys (
-  $conf_file = $st2::conf_file,
-  $keys_dir  = $st2::datastore_keys_dir,
-  $key_path  = $st2::datastore_key_path,
+  $conf_file            = $st2::conf_file,
+  $keys_dir             = $st2::datastore_keys_dir,
+  $key_path             = $st2::datastore_key_path,
+  $manage_datastore_key = $st2::manage_datastore_key,
+  $datastore_hmac_size  = $st2::datastore_hmac_size,
+  $datastore_hmac_key   = $st2::datastore_hmac_key,
+  $datastore_aes_key    = $st2::datastore_aes_key,
+  $datastore_aes_mode   = $st2::datastore_aes_mode,
+  $datastore_aes_size   = $st2::datastore_aes_size,
 ) inherits st2 {
   ## Directory
   file { $keys_dir:
@@ -30,21 +36,40 @@
     require => Package['st2'],
   }
 
-  ## Generate
-  exec { "generate datastore key ${key_path}":
-    command => "st2-generate-symmetric-crypto-key --key-path ${key_path}",
-    creates => $key_path,
-    path    => ['/opt/stackstorm/st2/bin'],
-    notify  => Service['st2api'],
-  }
+  if $manage_datastore_key {
+    file { $key_path:
+      ensure  => file,
+      path    => $key_path,
+      content => epp('st2/server/datastore_key.json.epp', {
+        datastore_hmac_key  => $datastore_hmac_key,
+        datastore_hmac_size => $datastore_hmac_size,
+        datastore_aes_mode  => $datastore_aes_mode,
+        datastore_aes_key   => $datastore_aes_key,
+        datastore_aes_size  => $datastore_aes_size,
+      }),
+      owner   => 'st2',
+      group   => 'st2',
+      mode    => '0600',
+      notify  => Service['st2api'],
+      require => Package['st2'],
+    }
+  } else {
+    ## Generate
+    exec { "generate datastore key ${key_path}":
+      command => "st2-generate-symmetric-crypto-key --key-path ${key_path}",
+      creates => $key_path,
+      path    => ['/opt/stackstorm/st2/bin'],
+      notify  => Service['st2api'],
+    }
 
-  ## Permissions
-  file { $key_path:
-    ensure  => file,
-    owner   => 'st2',
-    group   => 'st2',
-    mode    => '0600',
-    require => Package['st2'],
+    ## Permissions
+    file { $key_path:
+      ensure  => file,
+      owner   => 'st2',
+      group   => 'st2',
+      mode    => '0600',
+      require => Package['st2'],
+    }
   }
 
   ## Config
@@ -57,8 +82,15 @@
     tag     => 'st2::config',
   }
 
-  Package['st2']
-  -> File[$keys_dir]
-  -> Exec["generate datastore key ${key_path}"]
-  -> File[$key_path]
+
+  if $manage_datastore_key {
+    Package['st2']
+    -> File[$keys_dir]
+    -> File[$key_path]
+  } else {
+    Package['st2']
+    -> File[$keys_dir]
+    -> Exec["generate datastore key ${key_path}"]
+    -> File[$key_path]
+  }
 }

templates/server/datastore_key.json.epp

@@ -0,0 +1,7 @@
+<%- | String $datastore_hmac_key,
+      Integer $datastore_hmac_size,
+      String $datastore_aes_key,
+      String $datastore_aes_mode,
+      Integer $datastore_aes_size,
+| -%>
+{"hmacKey":{"hmacKeyString":"<%= $datastore_hmac_key %>","size":<%= $datastore_hmac_size %>},"aesKeyString":"<%= $datastore_aes_key %>","mode":"<%= $datastore_aes_mode %>","size":<%= $datastore_aes_size %>}

test/unit/test_tasks_key_decrypt.py

@@ -0,0 +1,15 @@
+from test.unit.st2_test_case import St2TestCase
+# import mock
+import os
+import sys
+from key_decrypt import AESKey
+
+sys.path.append(os.path.join(os.path.dirname(__file__), '..', '..', 'tasks'))
+
+
+class AESKeyTestCase(St2TestCase):
+    __test__ = True
+
+    def test_init(self):
+        task = AESKey('test', 'test', 256)
+        self.assertIsInstance(task, object)