Fixes #29649 - Drop default_server argument in IPA

ipa-getkeytab can figure out the default server on its own[1]. There is no
need to specify it and can even break things. For example, DNS can be
used to detect servers. Then the fact is empty and it fails while the
command would actually pass.

The foreman_ipa fact is removed since it's a major version bump anyway
and nothing else should use our foreman_ipa fact.

[1] #880 (comment)

Author: ekohl

lib/facter/sssd.rb

@@ -1,19 +1,6 @@
 require 'facter/util/sssd'
 
 if defined? Facter::Util::Sssd
-  # == Fact: foreman_ipa
-  Facter.add(:foreman_ipa, :type => :aggregate) do
-    {
-      :default_realm => 'global/realm',
-      :default_server => 'global/server',
-    }.each do |key, path|
-      chunk(key) do
-        val = Facter::Util::Sssd.ipa_value(path)
-        {key => val} if val
-      end
-    end
-  end
-
   # == Fact: foreman_sssd
   Facter.add(:foreman_sssd, :type => :aggregate) do
     {

lib/facter/util/sssd.rb

@@ -11,10 +11,6 @@ def self.aug_value(lens, file, path)
       end
     end
 
-    def self.ipa_value(path)
-      aug_value('Puppet.lns', '/etc/ipa/default.conf', path)
-    end
-
     def self.sssd_value(path)
       val = aug_value('Sssd.lns', '/etc/sssd/sssd.conf', path)
       val.split(',').map(&:strip) if val

manifests/config.pp

@@ -126,10 +126,6 @@
     $foreman_socket_override = template('foreman/foreman.socket-overrides.erb')
 
     if $foreman::ipa_authentication {
-      unless fact('foreman_ipa.default_server') {
-        fail("${facts['networking']['hostname']}: The system does not seem to be IPA-enrolled")
-      }
-
       if $facts['os']['selinux']['enabled'] {
         selboolean { ['allow_httpd_mod_auth_pam', 'httpd_dbus_sssd']:
           persistent => true,
@@ -158,7 +154,7 @@
       exec { 'ipa-getkeytab':
         command => "/bin/echo Get keytab \
           && KRB5CCNAME=KEYRING:session:get-http-service-keytab kinit -k \
-          && KRB5CCNAME=KEYRING:session:get-http-service-keytab /usr/sbin/ipa-getkeytab -s ${facts['foreman_ipa']['default_server']} -k ${http_keytab} -p HTTP/${facts['networking']['fqdn']} \
+          && KRB5CCNAME=KEYRING:session:get-http-service-keytab /usr/sbin/ipa-getkeytab -k ${http_keytab} -p HTTP/${facts['networking']['fqdn']} \
           && kdestroy -c KEYRING:session:get-http-service-keytab",
         creates => $http_keytab,
       }
@@ -182,7 +178,7 @@
 
 
       if $foreman::ipa_manage_sssd {
-        $sssd = $facts['foreman_sssd']
+        $sssd = pick(fact('foreman_sssd'), {})
         $sssd_services = join(unique(pick($sssd['services'], []) + ['ifp']), ', ')
         $sssd_ldap_user_extra_attrs = join(unique(pick($sssd['ldap_user_extra_attrs'], []) + ['email:mail', 'lastname:sn', 'firstname:givenname']), ', ')
         $sssd_allowed_uids = join(unique(pick($sssd['allowed_uids'], []) + [$apache::user, 'root']), ', ')

spec/classes/foreman_config_ipa_spec.rb

@@ -16,23 +16,9 @@
       context 'with apache' do
         let(:params) { super().merge(apache: true) }
 
-        describe 'not IPA-enrolled system' do
-          describe 'ipa_server fact missing' do
-            it { should raise_error(Puppet::Error, /The system does not seem to be IPA-enrolled/) }
-          end
-
-          describe 'default_ipa_realm fact missing' do
-            it { should raise_error(Puppet::Error, /The system does not seem to be IPA-enrolled/) }
-          end
-        end
-
         describe 'enrolled system' do
           let(:facts) do
             super().merge(
-              foreman_ipa: {
-                default_server: 'ipa.example.com',
-                default_realm: 'REALM'
-              },
               foreman_sssd: {
                 services: ['ifp']
               }