v1.1.3: support linux updates for multiple architectures (#59)

* remove arch if there is a multi-arch update * always set reboot variable * update changelog for 1.1.3 * bump version to 1.1.3 * linting
puppetlabs · Jun 20, 2022 · fb758b9 · fb758b9
1 parent a4a1d96
commit fb758b9
Show file tree

Hide file tree

Showing 5 changed files with 35 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,14 @@
 
 All notable changes to this project will be documented in this file.
 
+## Release 1.1.3
+
+**Bugfixes**
+- No longer logs `Puppet Unknown variable: 'reboot'` on runs outside of the patch day.
+
+**Improvements**
+- Correctly handles multi-architecture package updates, e.g. when there is an update for both the `i686` and `x86_64` version of a package.
+
 ## Release 1.1.2
 
 **Bugfixes**

diff --git a/functions/process_patch_groups.pp b/functions/process_patch_groups.pp
@@ -39,6 +39,8 @@ function patching_as_code::process_patch_groups(
         repeat => $patching_as_code::patch_schedule[$active_pg]['max_runs']
       }
       $reboot = $patching_as_code::patch_schedule[$active_pg]['reboot']
+    } else {
+      $reboot = 'never'
     }
   }
 
@@ -67,6 +69,8 @@ function patching_as_code::process_patch_groups(
         repeat => $patching_as_code::patch_schedule[$patching_as_code::high_priority_patch_group]['max_runs']
       }
       $high_prio_reboot = $patching_as_code::patch_schedule[$patching_as_code::high_priority_patch_group]['reboot']
+    } else {
+      $high_prio_reboot = 'never'
     }
   }
 

diff --git a/lib/puppet/functions/patching_as_code/dedupe_arch.rb b/lib/puppet/functions/patching_as_code/dedupe_arch.rb
@@ -0,0 +1,19 @@
+Puppet::Functions.create_function(:'patching_as_code::dedupe_arch') do
+  dispatch :dedupe_arch do
+    param 'Array', :patches
+  end
+
+  def dedupe_arch(patches)
+    no_arch = patches.map { |patch| patch.sub(%r{(.noarch|.x86_64|.i386|.i686)$}, '') }
+    multi_arch = no_arch.group_by { |x| x }.select { |_k, v| v.size > 1 }.map(&:first)
+    result = patches.map do |patch|
+      no_arch_patch = patch.sub(%r{(.noarch|.x86_64|.i386|.i686)$}, '')
+      if multi_arch.include? no_arch_patch
+        no_arch_patch
+      else
+        patch
+      end
+    end
+    result.uniq
+  end
+end
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -269,9 +269,9 @@
                         []
                       },
         'Linux'   =>  if $bool_patch_day and $security_only and !$high_priority_only{
-                        $facts[$patch_fact]['security_package_updates']
+                        patching_as_code::dedupe_arch($facts[$patch_fact]['security_package_updates'])
                       } elsif $bool_patch_day and !$high_priority_only{
-                        $facts[$patch_fact]['package_updates']
+                        patching_as_code::dedupe_arch($facts[$patch_fact]['package_updates'])
                       } else {
                         []
                       },
@@ -296,7 +296,7 @@
                         []
                       },
         'Linux'   =>  if $bool_high_prio_patch_day {
-                        $facts[$patch_fact]['package_updates'].filter |$item| { $item in $high_priority_list }
+                        patching_as_code::dedupe_arch($facts[$patch_fact]['package_updates'].filter |$item| { $item in $high_priority_list })
                       } else {
                         []
                       },

diff --git a/metadata.json b/metadata.json
@@ -1,6 +1,6 @@
 {
   "name": "puppetlabs-patching_as_code",
-  "version": "1.1.2",
+  "version": "1.1.3",
   "author": "puppetlabs",
   "summary": "Automated patching through desired state code",
   "license": "Apache-2.0",