PE-38801 Task added to fetch rules for PE Infrastructure Agent group and warn user that they will be replaced

REFERENCE.md

@@ -64,6 +64,7 @@
 * [`download`](#download): Download a file using curl
 * [`enable_replica`](#enable_replica): Execute the enable replica puppet command
 * [`filesize`](#filesize): Return the size of a file in bytes
+* [`get_group_rules`](#get_group_rules): Run on a PE primary node to return the rules currently applied to the PE Infrastructure Agent group, along with a warning that they will be o
 * [`get_peadm_config`](#get_peadm_config): Run on a PE primary node to return the currently configured PEAdm parameters
 * [`get_psql_version`](#get_psql_version): Run on a PE PSQL node to return the major version of the PSQL server currently installed
 * [`infrastatus`](#infrastatus): Runs puppet infra status and returns the output
@@ -1185,6 +1186,12 @@ Data type: `String`
 
 Path to the file to return the size of
 
+### <a name="get_group_rules"></a>`get_group_rules`
+
+Run on a PE primary node to return the rules currently applied to the PE Infrastructure Agent group, along with a warning that they will be overwritten
+
+**Supports noop?** false
+
 ### <a name="get_peadm_config"></a>`get_peadm_config`
 
 Run on a PE primary node to return the currently configured PEAdm parameters

plans/convert.pp

@@ -261,6 +261,8 @@
     # the existing groups are correct enough to function until the upgrade is
     # performed.
     if (versioncmp($pe_version, '2019.7.0') >= 0) {
+      run_task('peadm::get_group_rules', $primary_target)
+
       apply($primary_target) {
         class { 'peadm::setup::node_manager_yaml':
           primary_host => $primary_target.peadm::certname(),

plans/upgrade.pp

@@ -326,6 +326,8 @@
       default                                      => $primary_postgresql_target.peadm::certname(),
     }
 
+    run_task('peadm::get_group_rules', $primary_target)
+
     apply($primary_target) {
       class { 'peadm::setup::node_manager_yaml':
         primary_host => $primary_target.peadm::certname(),

tasks/get_group_rules.json

@@ -0,0 +1,5 @@
+{
+  "description": "Run on a PE primary node to return the rules currently applied to the PE Infrastructure Agent group, along with a warning that they will be overwritten",
+  "parameters": { },
+  "input_method": "stdin"
+}

tasks/get_group_rules.rb

@@ -0,0 +1,43 @@
+#!/opt/puppetlabs/puppet/bin/ruby
+# frozen_string_literal: true
+
+require 'json'
+require 'net/http'
+require 'puppet'
+
+# GetInfrastructureAgentGroupRules task class
+class GetInfrastructureAgentGroupRules
+  def execute!
+    infrastructure_agent_group = groups.find { |obj| obj['name'] == 'PE Infrastructure Agent' }
+    if infrastructure_agent_group
+      puts 'WARNING: The following existing rules on the PE Infrastructure Agent group will be overwritten with default values:'
+      puts JSON.pretty_generate(infrastructure_agent_group['rule'])
+    else
+      puts JSON.pretty_generate({ 'error' => 'PE Infrastructure Agent group does not exist' })
+    end
+  end
+
+  def groups
+    net = https(4433)
+    res = net.get('/classifier-api/v1/groups')
+    JSON.parse(res.body)
+  end
+
+  def https(port)
+    https = Net::HTTP.new(Puppet.settings[:certname], port)
+    https.use_ssl = true
+    https.cert = OpenSSL::X509::Certificate.new(File.read(Puppet.settings[:hostcert]))
+    https.key = OpenSSL::PKey::RSA.new(File.read(Puppet.settings[:hostprivkey]))
+    https.verify_mode = OpenSSL::SSL::VERIFY_PEER
+    https.ca_file = Puppet.settings[:localcacert]
+    https
+  end
+end
+
+# Run the task unless an environment flag has been set, signaling not to. The
+# environment flag is used to disable auto-execution and enable Ruby unit
+# testing of this task.
+unless ENV['RSPEC_UNIT_TEST_MODE']
+  Puppet.initialize_settings
+  GetInfrastructureAgentGroupRules.new.execute!
+end