testing augeas resources gives a permission denied error on linux and osx

[sirinek]

On both OSX 10.12.6 and RHEL 7.3, testing my augeas resource throws an error trying to create temporary directories. The below was from using PDK on my OSX 10.12.6 system. I get the same issue when doing this on a RHEL7 host.

I am using PDK 1.3, and extra gems being used are rspec-puppet-augeas-0.4.0 and ruby-augeas-0.5.0.

failed: rspec: ./spec/defines/etc_system_solaris_kernel_parameter_spec.rb:18: Got 2 failure(s) while initializing: File[/tmp/d20180222-87909-1u4tmpk]: change from 'absent' to 'directory' failed: Failed to set owner to '0': Operation not permitted @ chown_internal - /tmp/d20180222-87909-1u4tmpk; File[/tmp/d20180222-87909-f2djiw/ssl]: change from 'absent' to 'directory' failed: Failed to set owner to '0': Operation not permitted @ chown_internal - /tmp/d20180222-87909-f2djiw/ssl
  etc_system::solaris_kernel_parameter Augeas[ip_squeue_enter] should change ip_squeue_enter
  Failure/Error:

    describe_augeas 'ip_squeue_enter', :target => 'dest/etc/system', :fixture => 'src/etc/system', :lens => 'Solaris_System' do
      it 'should change ip_squeue_enter' do
        is_expected.to execute.with_change
        aug_get('set[./variable="ip_squeue_enter"]/value').should == '4'

Here's the code for ./spec/defines/etc_system_solaris_kernel_parameter_spec.rb:

require 'spec_helper'

describe 'etc_system::solaris_kernel_parameter' do
  let(:title) { 'ip_squeue_enter' }
  let(:params) {
    {
      :value => '4',
      :module => 'ip'
    }
  }
  it 'has an augeas resource' do
      is_expected.to compile
      is_expected.to contain_augeas('ip_squeue_enter')
      is_expected.to contain_etc_system__solaris_kernel_parameter('ip_squeue_enter').with('variable' => 'ip_squeue_enter', 'value' => '4', 'operator' => '=', 'module' => 'ip')
  end

  describe_augeas 'ip_squeue_enter', :target => 'dest/etc/system', :fixture => 'src/etc/system', :lens => 'Solaris_System' do
    it 'should change ip_squeue_enter' do
      is_expected.to execute.with_change
      aug_get('set[./variable="ip_squeue_enter"]/value').should == '4'
      is_expected.to execute.idempotently
    end
  end
end

The failure goes away when commenting out the it 'should change ip_squeue_enter' block.

In case it is necessary here is the code for the defined type I have in puppet:

define etc_system::solaris_kernel_parameter(
  $variable = $title,
  $module = false,
  $operator = '=',
  $value = 0
) {

  if $module {
    augeas { $variable:
      incl    => '/etc/system',
      lens    => 'Solaris_System.lns',
      changes => [
        "rm set[./variable='${variable}']",
        "set set[./variable='${variable}']/variable \'${variable}\'",
        "ins module before set[./variable='${variable}']/variable",
        "set set[./variable='${variable}']/module \'${module}\'",
        "set set[./variable='${variable}']/operator \'${operator}\'",
        "set set[./variable='${variable}']/value \'${value}\'"
      ],
      onlyif  => "get set[./variable='${variable}']/value != \"${value}\"",
    }
  }
  else {
    augeas { $variable:
      incl    => '/etc/system',
      lens    => 'Solaris_System.lns',
      changes => [
        "rm set[./variable='${variable}']",
        "set set[./variable='${variable}']/variable \'${variable}\'",
        "set set[./variable='${variable}']/operator \'${operator}\'",
        "set set[./variable='${variable}']/value \'${value}\'"
      ],
      onlyif  => "get set[./variable='${variable}']/value != \"${value}\"",
    }
  }

}

[sirinek]

Here's better output of the error I get:

etc_system::solaris_kernel_parameter
  has an augeas resource
  Augeas[ip_squeue_enter]
    should change ip_squeue_enter (FAILED - 1)

Failures:

  1) etc_system::solaris_kernel_parameter Augeas[ip_squeue_enter] should change ip_squeue_enter
     Failure/Error: is_expected.to execute.with_change

     RuntimeError:
       Got 2 failure(s) while initializing: File[/var/folders/vh/58bqgt717s1_xvljwqs5cz8jf0n1fx/T/d20180227-14184-10ihbcg]: change from 'absent' to 'directory' failed: Failed to set owner to '0': Operation not permitted @ chown_internal - /var/folders/vh/58bqgt717s1_xvljwqs5cz8jf0n1fx/T/d20180227-14184-10ihbcg; File[/var/folders/vh/58bqgt717s1_xvljwqs5cz8jf0n1fx/T/d20180227-14184-lknwrc/ssl]: change from 'absent' to 'directory' failed: Failed to set owner to '0': Operation not permitted @ chown_internal - /var/folders/vh/58bqgt717s1_xvljwqs5cz8jf0n1fx/T/d20180227-14184-lknwrc/ssl
     # /opt/puppetlabs/pdk/share/cache/ruby/2.1.0/gems/puppet-5.3.3/lib/puppet/settings.rb:1015:in `block in use'
     # /opt/puppetlabs/pdk/share/cache/ruby/2.1.0/gems/puppet-5.3.3/lib/puppet/resource/catalog.rb:233:in `apply'
     # /opt/puppetlabs/pdk/share/cache/ruby/2.1.0/gems/puppet-5.3.3/lib/puppet/settings.rb:1005:in `use'
     # /opt/puppetlabs/pdk/share/cache/ruby/2.1.0/gems/puppet-5.3.3/lib/puppet/util/storage.rb:45:in `load'
     # /opt/puppetlabs/pdk/share/cache/ruby/2.1.0/gems/puppet-5.3.3/lib/puppet/resource/catalog.rb:219:in `apply'
     # /Users/bsirinek/.pdk/cache/ruby/2.1.0/gems/rspec-puppet-augeas-0.4.0/lib/rspec-puppet-augeas/fixtures.rb:51:in `apply'
     # /Users/bsirinek/.pdk/cache/ruby/2.1.0/gems/rspec-puppet-augeas-0.4.0/lib/rspec-puppet-augeas/resource.rb:17:in `initialize'
     # /Users/bsirinek/.pdk/cache/ruby/2.1.0/gems/rspec-puppet-augeas-0.4.0/lib/rspec-puppet-augeas/example/run_augeas_example_group.rb:69:in `new'
     # /Users/bsirinek/.pdk/cache/ruby/2.1.0/gems/rspec-puppet-augeas-0.4.0/lib/rspec-puppet-augeas/example/run_augeas_example_group.rb:69:in `subject'
     # ./spec/defines/etc_system_solaris_kernel_parameter_spec.rb:19:in `block (3 levels) in <top (required)>'

Finished in 1.48 seconds (files took 2.17 seconds to load)
2 examples, 1 failure

Failed examples:

rspec ./spec/defines/etc_system_solaris_kernel_parameter_spec.rb:18 # etc_system::solaris_kernel_parameter Augeas[ip_squeue_enter] should change ip_squeue_enter

[sirinek]

Someone responded with some good information at https://groups.google.com/forum/#!topic/puppet-users/BVeNnpnh8OM

Among other things the response says "the issue is with rspec-puppet-augeas trying to set up a fixture. Note that uid 119 is "puppet" on my system. So somewhere in there the rspec-puppet-augeas gem and puppet get confused about the context they're running in. I can't help you with that."

[nward]

Hi! Were you able to resolve this, @sirinek ?
I've just started defining the specs my Augeas-using modules and am hitting this issue :(

[nward]

OK, this looks like it's come up a bunch before - root cause is because this tries to execute a puppet manifest, puppet will try make sure all the dirs it needs are in place (ssl, etc.).

This looks like a duplicate of:
#14
#15

This should have been fixed by 30fc5f0

I see a suggestion around for running fakeroot, but that doesn't seem to work for me (OS X).. will keep poking at this one..

[sirinek]

Hey @nward, just now seeing this, sorry. I have not been able to work around the issue. I am doing my tests on RHEL7 like most of my puppet agents now instead of using my macbook, we don't run puppet on any Mac hosts, and when I move these tests to our CI setup they will be on RHEL anyway.