Add acceptance tests for puppet-cgit

Add acceptance tests for puppet-cgit module so that once the module is
applied we check if files were created, packages were installed and
services were started.

Co-Authored-By: Bruno Tavares <btavare@thoughtworks.com>
Co-Authored-By: Danilo Ramalho <dramalho@thoughtworks.com>

Change-Id: I8d12999b6d91f1ab67fa16d6bbd8bc1d2efa3a05
This commit is contained in:
Glauco Oliveira 2015-09-11 11:13:41 -03:00 committed by Bruno Tavares
parent 507f36a98c
commit 6c36488c23
10 changed files with 386 additions and 0 deletions

3
.gitignore vendored
View File

@ -1,2 +1,5 @@
Gemfile.lock
.bundled_gems/
log/
junit/
.vagrant/

View File

@ -0,0 +1,31 @@
require 'spec_helper_acceptance'
describe 'puppet-cgit module' do
def pp_path
base_path = File.dirname(__FILE__)
File.join(base_path, 'fixtures')
end
def preconditions_puppet_module
module_path = File.join(pp_path, 'preconditions.pp')
File.read(module_path)
end
def default_puppet_module
module_path = File.join(pp_path, 'default.pp')
File.read(module_path)
end
before(:all) do
apply_manifest(preconditions_puppet_module, catch_failures: true)
end
it 'should work with no errors' do
apply_manifest(default_puppet_module, catch_failures: true)
end
it 'should be idempotent' do
apply_manifest(default_puppet_module, catch_failures: true)
apply_manifest(default_puppet_module, catch_changes: true)
end
end

View File

@ -0,0 +1,100 @@
require 'spec_helper_acceptance'
describe 'required files', :if => ['fedora', 'redhat'].include?(os[:family]) do
required_directories = [
file('/home/cgit'),
file('/var/lib/git'),
]
required_directories.each do |directory|
describe directory do
it { should be_directory }
it { should be_owned_by 'cgit' }
it { should be_grouped_into 'cgit' }
end
end
required_directories = [
file('/var/www/cgit'),
file('/var/www/cgit/static'),
]
required_directories.each do |directory|
describe directory do
it { should be_directory }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
end
end
describe file('/usr/lib/systemd/system/git-daemon.socket'), :if => ['fedora', 'redhat'].include?(os[:family]) && os[:release] >= '7' do
it { should be_file }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
its(:content) { should match 'ListenStream=9418' }
end
describe file('/usr/lib/systemd/system/git-daemon@.service'), :if => ['fedora', 'redhat'].include?(os[:family]) && os[:release] >= '7' do
it { should be_file }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
its(:content) { should match 'Wants=git-daemon.socket' }
end
describe file('/etc/init.d/git-daemon'), :if => ['fedora', 'redhat'].include?(os[:family]) && os[:release] < '7' do
it { should be_file }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
its(:content) { should match 'DAEMON=/usr/libexec/git-core/git-daemon' }
its(:content) { should match 'PORT=9418' }
end
describe file('/etc/pki/tls/certs/localhost.pem') do
it { should be_file }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
end
describe file('/etc/pki/tls/private/localhost.key') do
it { should be_file }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
end
describe file('/etc/cgitrc') do
it { should be_file }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
its(:content) { should match 'clone-prefix=git://git.openstack.org https://git.openstack.org' }
end
describe file('/var/lib/git/.ssh/authorized_keys') do
it { should be_file }
it { should be_owned_by 'git' }
it { should be_mode '640' } # Authorized keys file should have a restrict permission
its(:content) { should match 'ssh-key 1a2b3c4d5e' }
end
describe file('/etc/httpd/conf/httpd.conf') do
it { should be_file }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
its(:content) { should match 'Listen 80' }
end
describe file('/etc/httpd/conf.d/ssl.conf') do
it { should be_file }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
its(:content) { should match 'Listen 443' }
end
end
describe 'required files', :if => ['debian', 'ubuntu'].include?(os[:family]) do
describe file('/etc/rsyslog.d/haproxy.conf') do
it { should be_file }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
its(:content) { should match 'local0.* /var/log/haproxy.log' }
end
end

View File

@ -0,0 +1,24 @@
if ($::osfamily == 'RedHat') {
class { '::cgit':
vhost_name => 'localhost',
serveradmin => 'webmaster@localhost',
ssl_cert_file_contents => file('/etc/ssl/certs/ssl-cert-snakeoil.pem'),
ssl_cert_file => '/etc/pki/tls/certs/localhost.pem',
ssl_key_file_contents => file('/etc/ssl/private/ssl-cert-snakeoil.key'),
ssl_key_file => '/etc/pki/tls/private/localhost.key',
manage_cgitrc => true,
behind_proxy => true,
cgitrc_settings => {
'clone-prefix' => 'git://git.openstack.org https://git.openstack.org',
'root-title' => 'OpenStack git repository browser',
},
} -> class { '::cgit::ssh':
manage_home => false,
authorized_keys => [
'ssh-key 1a2b3c4d5e',
],
} -> exec { 'reload systemd to have ports updated':
command => '/bin/systemctl daemon-reload',
}
}

View File

@ -0,0 +1,26 @@
if ($::osfamily == 'RedHat') {
class { '::cgit':
vhost_name => 'localhost',
serveradmin => 'webmaster@localhost',
ssl_cert_file_contents => file('/etc/ssl/certs/ssl-cert-snakeoil.pem'),
ssl_cert_file => '/etc/pki/tls/certs/localhost.pem',
ssl_key_file_contents => file('/etc/ssl/private/ssl-cert-snakeoil.key'),
ssl_key_file => '/etc/pki/tls/private/localhost.key',
manage_cgitrc => true,
cgitrc_settings => {
'clone-prefix' => 'git://git.openstack.org https://git.openstack.org',
'root-title' => 'OpenStack git repository browser',
},
} -> class { '::cgit::ssh':
manage_home => false,
authorized_keys => [
'ssh-key 1a2b3c4d5e',
],
}
} elsif ($::osfamily == 'Debian') {
class { '::cgit::lb':
balancer_member_names => [ 'local' ],
balancer_member_ips => [ '127.0.0.1' ],
}
}

View File

@ -0,0 +1,33 @@
# Installing ssl-cert in order to get snakeoil certs
if ($::osfamily == 'RedHat' and $::operatingsystemmajrelease == '7') {
exec { 'creates self-signed certificate directory':
path => '/usr/bin',
command => 'mkdir -p /etc/ssl/certs',
creates => '/etc/ssl/certs',
} -> exec { 'creates self-signed certificate key directory':
path => '/usr/bin',
command => 'mkdir -p /etc/ssl/private',
creates => '/etc/ssl/private',
} -> exec { 'creates self-signed certificate':
path => '/usr/bin',
command => 'openssl req \
-new \
-newkey rsa:2048 \
-days 365 \
-nodes \
-x509 \
-subj "/C=US/ST=California/L=San Francisco/O=Dis/CN=localhost" \
-keyout /etc/ssl/private/ssl-cert-snakeoil.key \
-out /etc/ssl/certs/ssl-cert-snakeoil.pem',
creates => ['/etc/ssl/certs/cgit.key', '/etc/cgit/ssl/cgit.crt'],
}
package { 'policycoreutils-python':
ensure => present,
}
}
elsif ($::osfamily == 'Debian') {
package { 'ssl-cert':
ensure => present,
}
}

View File

@ -0,0 +1,29 @@
require 'spec_helper_acceptance'
describe 'required os packages', :if => ['fedora', 'redhat'].include?(os[:family]) do
required_packages = [
package('mod_ldap'),
package('cgit'),
package('git-daemon'),
package('highlight'),
]
required_packages.each do |package|
describe package do
it { should be_installed }
end
end
end
describe 'required os packages', :if => ['debian', 'ubuntu'].include?(os[:family]) do
required_packages = [
package('socat'),
package('lsof'),
]
required_packages.each do |package|
describe package do
it { should be_installed }
end
end
end

View File

@ -0,0 +1,16 @@
require 'spec_helper_acceptance'
describe 'selinux', :if => ['fedora', 'redhat'].include?(os[:family]) do
describe selinux do
it { should be_permissive }
end
describe command('getsebool httpd_enable_cgi') do
its(:stdout) { should match 'httpd_enable_cgi --> on' }
end
describe command('semanage port --list') do
its(:stdout) { should match 'http_port_t' }
its(:stdout) { should match 'git_port_t' }
end
end

View File

@ -0,0 +1,103 @@
require 'spec_helper_acceptance'
describe 'cgit server', :if => ['fedora', 'redhat'].include?(os[:family]) do
describe 'running web server' do
describe command('curl http://localhost/cgit') do
its(:stdout) { should match 'OpenStack git repository browser' }
end
describe command('curl --insecure https://localhost/cgit') do
its(:stdout) { should match 'OpenStack git repository browser' }
end
describe port(80) do
it { should be_listening }
end
describe port(443) do
it { should be_listening }
end
describe port(9418) do
it { should be_listening }
end
describe service('httpd') do
it { should be_enabled }
it { should be_running }
end
end
describe service('git-daemon.socket'), :if => ['fedora', 'redhat'].include?(os[:family]) && os[:release] >= '7' do
it { should be_enabled }
it { should be_running }
end
describe service('git-daemon'), :if => ['fedora', 'redhat'].include?(os[:family]) && os[:release] < '7' do
it { should be_enabled }
it { should be_running }
end
end
describe 'cgit server behind proxy', :if => ['fedora', 'redhat'].include?(os[:family]) do
before(:all) do
behind_proxy_manifest = File.join(File.dirname(__FILE__), 'fixtures', 'behindproxy.pp')
apply_manifest(File.read(behind_proxy_manifest), catch_failures: true)
end
describe 'running web server' do
describe command('curl http://localhost:8080/cgit') do
its(:stdout) { should match 'OpenStack git repository browser' }
end
describe command('curl --insecure https://localhost:4443/cgit') do
its(:stdout) { should match 'OpenStack git repository browser' }
end
describe port(8080) do
it { should be_listening }
end
describe port(4443) do
it { should be_listening }
end
describe port(29418) do
it { should be_listening }
end
describe service('httpd') do
it { should be_enabled }
it { should be_running }
end
end
describe service('git-daemon.socket'), :if => ['fedora', 'redhat'].include?(os[:family]) && os[:release] >= '7' do
it { should be_enabled }
it { should be_running }
end
describe service('git-daemon'), :if => ['fedora', 'redhat'].include?(os[:family]) && os[:release] < '7' do
it { should be_enabled }
it { should be_running }
end
end
describe 'cgit loadbalancer', :if => ['debian', 'ubuntu'].include?(os[:family]) do
describe port(80) do
it { should be_listening }
end
describe port(443) do
it { should be_listening }
end
describe port(9418) do
it { should be_listening }
end
describe service('haproxy') do
it { should be_enabled }
it { should be_running }
end
end

View File

@ -0,0 +1,21 @@
require 'spec_helper_acceptance'
describe 'required users and groups', :if => ['fedora', 'redhat'].include?(os[:family]) do
describe user('cgit') do
it { should exist }
it { should belong_to_group 'cgit' }
end
describe group('cgit') do
it { should exist }
end
describe user('git') do
it { should exist }
it { should belong_to_group 'git' }
end
describe group('git') do
it { should exist }
end
end