(FACT-2718) Block custom facts

puppetlabs · Jul 27, 2020 · 6f2fbbc · 6f2fbbc
1 parent d587bdf
commit 6f2fbbc
Show file tree

Hide file tree

Showing 3 changed files with 61 additions and 8 deletions.
diff --git a/acceptance/tests/custom_facts/block_custom_fact.rb b/acceptance/tests/custom_facts/block_custom_fact.rb
@@ -0,0 +1,47 @@
+test_name 'custom facts included in blocklist will not be displayed' do
+  tag 'risk:high'
+
+  require 'facter/acceptance/user_fact_utils'
+  extend Facter::Acceptance::UserFactUtils
+
+  custom_fact_file = 'custom_facts.rb'
+  custom_fact_name = "my_custom_fact"
+  custom_fact_value = "custom_fact_value"
+
+  fact_content = <<-CUSTOM_FACT
+  Facter.add(:#{custom_fact_name}) do
+    setcode do
+      "#{custom_fact_value}"
+    end
+  end
+  CUSTOM_FACT
+
+  config_data = <<~FACTER_CONF
+    facts : {
+      blocklist : [ "#{custom_fact_name}" ],
+    }
+  FACTER_CONF
+
+  agents.each do |agent|
+    fact_dir = agent.tmpdir('custom_facts')
+    fact_file = File.join(fact_dir, custom_fact_file)
+
+    config_dir = get_default_fact_dir(agent['platform'], on(agent, facter('kernelmajversion')).stdout.chomp.to_f)
+    config_file = File.join(config_dir, 'facter.conf')
+
+    agent.mkdir_p(config_dir)
+    create_remote_file(agent, fact_file, fact_content)
+    create_remote_file(agent, config_file, config_data)
+
+    teardown do
+      agent.rm_rf(fact_dir)
+      agent.rm_rf(config_dir)
+    end
+
+    step "Facter: Verify that the blocked custom fact is not displayed" do
+      on(agent, facter("--custom-dir=#{fact_dir} my_custom_fact")) do |facter_output|
+        assert_equal("", facter_output.stdout.chomp)
+      end
+    end
+  end
+end
diff --git a/lib/facter/framework/core/fact_loaders/fact_loader.rb b/lib/facter/framework/core/fact_loaders/fact_loader.rb
@@ -51,6 +51,8 @@ def load_external_facts(options)
         @external_facts.concat(@external_fact_loader.custom_facts)
       end
 
+      @external_facts = block_facts(@external_facts, options)
+
       if options[:external_facts]
         @log.debug('Loading external facts')
         @external_facts.concat(@external_fact_loader.external_facts)

diff --git a/spec/framework/core/fact_loaders/fact_loader_spec.rb b/spec/framework/core/fact_loaders/fact_loader_spec.rb
@@ -60,17 +60,21 @@
       expect(loaded_facts.size).to eq(0)
     end
 
-    it 'does not blocks external facts' do
-      options = { custom_facts: true, blocked_facts: ['custom_fact'] }
+    context 'when blocking custom facts' do
+      before do
+        facts_to_load = [loaded_fact_custom_fact]
 
-      facts_to_load = [loaded_fact_custom_fact]
+        allow(internal_fact_loader_double).to receive(:core_facts).and_return([])
+        allow(external_fact_loader_double).to receive(:custom_facts).and_return(facts_to_load)
+        allow(external_fact_loader_double).to receive(:external_facts).and_return([])
+      end
 
-      allow(internal_fact_loader_double).to receive(:core_facts).and_return([])
-      allow(external_fact_loader_double).to receive(:custom_facts).and_return(facts_to_load)
-      allow(external_fact_loader_double).to receive(:external_facts).and_return([])
+      it 'blocks one custom fact' do
+        options = { custom_facts: true, blocked_facts: ['custom_fact'] }
+        loaded_facts = Facter::FactLoader.instance.load(options)
 
-      loaded_facts = Facter::FactLoader.instance.load(options)
-      expect(loaded_facts).to eq(facts_to_load)
+        expect(loaded_facts.size).to eq(0)
+      end
     end
 
     it 'loads the same amount of core facts everytime' do