diff --git a/spec/acceptance/basic_spec.rb b/spec/acceptance/basic_spec.rb index 9350968..8c4419e 100644 --- a/spec/acceptance/basic_spec.rb +++ b/spec/acceptance/basic_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper_acceptance' -describe 'puppet-cgit module' do +describe 'puppet-cgit module', :if => ['fedora', 'redhat'].include?(os[:family]) do def pp_path base_path = File.dirname(__FILE__) File.join(base_path, 'fixtures') @@ -25,7 +25,169 @@ describe 'puppet-cgit module' do end it 'should be idempotent' do - apply_manifest(default_puppet_module, catch_failures: true) apply_manifest(default_puppet_module, catch_changes: true) end + + describe 'cgit server' do + describe 'running web server' do + describe command('curl http://localhost/cgit') do + its(:stdout) { should include 'OpenStack git repository browser' } + end + + describe command('curl --insecure https://localhost/cgit') do + its(:stdout) { should include 'OpenStack git repository browser' } + end + + describe port(80) do + it { should be_listening } + end + + describe port(443) do + it { should be_listening } + end + + describe port(9418) do + it { should be_listening } + end + + describe service('httpd') do + it { should be_enabled } + it { should be_running } + end + end + + describe service('git-daemon.socket'), :if => ['fedora', 'redhat'].include?(os[:family]) && os[:release] >= '7' do + it { should be_enabled } + it { should be_running } + end + + describe service('git-daemon'), :if => ['fedora', 'redhat'].include?(os[:family]) && os[:release] < '7' do + it { should be_enabled } + it { should be_running } + end + end + + describe 'required users and groups' do + describe user('cgit') do + it { should exist } + it { should belong_to_group 'cgit' } + end + + describe group('cgit') do + it { should exist } + end + + describe user('git') do + it { should exist } + it { should belong_to_group 'git' } + end + + describe group('git') do + it { should exist } + end + end + describe 'required os packages' do + required_packages = [ + package('mod_ldap'), + package('cgit'), + package('git-daemon'), + package('highlight'), + ] + + required_packages.each do |package| + describe package do + it { should be_installed } + end + end + end + + describe 'required files' do + required_directories = [ + file('/home/cgit'), + file('/var/lib/git'), + ] + + required_directories.each do |directory| + describe directory do + it { should be_directory } + it { should be_owned_by 'cgit' } + it { should be_grouped_into 'cgit' } + end + end + + required_directories = [ + file('/var/www/cgit'), + file('/var/www/cgit/static'), + ] + + required_directories.each do |directory| + describe directory do + it { should be_directory } + it { should be_owned_by 'root' } + it { should be_grouped_into 'root' } + end + end + + describe file('/usr/lib/systemd/system/git-daemon.socket'), :if => ['fedora', 'redhat'].include?(os[:family]) && os[:release] >= '7' do + it { should be_file } + it { should be_owned_by 'root' } + it { should be_grouped_into 'root' } + its(:content) { should include 'ListenStream=9418' } + end + + describe file('/usr/lib/systemd/system/git-daemon@.service'), :if => ['fedora', 'redhat'].include?(os[:family]) && os[:release] >= '7' do + it { should be_file } + it { should be_owned_by 'root' } + it { should be_grouped_into 'root' } + its(:content) { should include 'Wants=git-daemon.socket' } + end + + describe file('/etc/init.d/git-daemon'), :if => ['fedora', 'redhat'].include?(os[:family]) && os[:release] < '7' do + it { should be_file } + it { should be_owned_by 'root' } + it { should be_grouped_into 'root' } + its(:content) { should include 'DAEMON=/usr/libexec/git-core/git-daemon' } + its(:content) { should include 'PORT=9418' } + end + + describe file('/etc/pki/tls/certs/localhost.pem') do + it { should be_file } + it { should be_owned_by 'root' } + it { should be_grouped_into 'root' } + end + + describe file('/etc/pki/tls/private/localhost.key') do + it { should be_file } + it { should be_owned_by 'root' } + it { should be_grouped_into 'root' } + end + + describe file('/etc/cgitrc') do + it { should be_file } + it { should be_owned_by 'root' } + it { should be_grouped_into 'root' } + its(:content) { should include 'clone-prefix=git://git.openstack.org https://git.openstack.org' } + end + + describe file('/var/lib/git/.ssh/authorized_keys') do + it { should be_file } + it { should be_owned_by 'git' } + it { should be_mode '640' } # Authorized keys file should have a restrict permission + its(:content) { should include 'ssh-key 1a2b3c4d5e' } + end + + describe file('/etc/httpd/conf/httpd.conf') do + it { should be_file } + it { should be_owned_by 'root' } + it { should be_grouped_into 'root' } + its(:content) { should include 'Listen 80' } + end + + describe file('/etc/httpd/conf.d/ssl.conf') do + it { should be_file } + it { should be_owned_by 'root' } + it { should be_grouped_into 'root' } + its(:content) { should include 'Listen 443' } + end + end end diff --git a/spec/acceptance/behind_proxy_spec.rb b/spec/acceptance/behind_proxy_spec.rb new file mode 100644 index 0000000..e34443e --- /dev/null +++ b/spec/acceptance/behind_proxy_spec.rb @@ -0,0 +1,194 @@ +require 'spec_helper_acceptance' + +describe 'puppet-cgit module begind proxy', :if => ['fedora', 'redhat'].include?(os[:family]) do + def pp_path + base_path = File.dirname(__FILE__) + File.join(base_path, 'fixtures') + end + + def preconditions_puppet_module + module_path = File.join(pp_path, 'preconditions.pp') + File.read(module_path) + end + + def behindproxy_puppet_module + module_path = File.join(pp_path, 'behindproxy.pp') + File.read(module_path) + end + + before(:all) do + apply_manifest(preconditions_puppet_module, catch_failures: true) + end + + it 'should work with no errors' do + apply_manifest(behindproxy_puppet_module, catch_failures: true) + end + + it 'should be idempotent' do + apply_manifest(behindproxy_puppet_module, catch_changes: true) + end + + describe 'required services' do + describe 'running web server' do + describe command('curl http://localhost:8080/cgit') do + its(:stdout) { should include 'OpenStack git repository browser' } + end + + describe command('curl --insecure https://localhost:4443/cgit') do + its(:stdout) { should include 'OpenStack git repository browser' } + end + + describe port(8080) do + it { should be_listening } + end + + describe port(4443) do + it { should be_listening } + end + + describe port(29418) do + it { should be_listening } + end + + describe service('httpd') do + it { should be_enabled } + it { should be_running } + end + end + + describe service('git-daemon.socket'), :if => ['fedora', 'redhat'].include?(os[:family]) && os[:release] >= '7' do + it { should be_enabled } + it { should be_running } + end + + describe service('git-daemon'), :if => ['fedora', 'redhat'].include?(os[:family]) && os[:release] < '7' do + it { should be_enabled } + it { should be_running } + end + end + + describe 'required users and groups' do + describe user('cgit') do + it { should exist } + it { should belong_to_group 'cgit' } + end + + describe group('cgit') do + it { should exist } + end + + describe user('git') do + it { should exist } + it { should belong_to_group 'git' } + end + + describe group('git') do + it { should exist } + end + end + + describe 'required os packages' do + required_packages = [ + package('mod_ldap'), + package('cgit'), + package('git-daemon'), + package('highlight'), + ] + + required_packages.each do |package| + describe package do + it { should be_installed } + end + end + end + + describe 'required files' do + required_directories = [ + file('/home/cgit'), + file('/var/lib/git'), + ] + + required_directories.each do |directory| + describe directory do + it { should be_directory } + it { should be_owned_by 'cgit' } + it { should be_grouped_into 'cgit' } + end + end + + required_directories = [ + file('/var/www/cgit'), + file('/var/www/cgit/static'), + ] + + required_directories.each do |directory| + describe directory do + it { should be_directory } + it { should be_owned_by 'root' } + it { should be_grouped_into 'root' } + end + end + + describe file('/usr/lib/systemd/system/git-daemon.socket'), :if => ['fedora', 'redhat'].include?(os[:family]) && os[:release] >= '7' do + it { should be_file } + it { should be_owned_by 'root' } + it { should be_grouped_into 'root' } + its(:content) { should include 'ListenStream=29418' } + end + + describe file('/usr/lib/systemd/system/git-daemon@.service'), :if => ['fedora', 'redhat'].include?(os[:family]) && os[:release] >= '7' do + it { should be_file } + it { should be_owned_by 'root' } + it { should be_grouped_into 'root' } + its(:content) { should include 'Wants=git-daemon.socket' } + end + + describe file('/etc/init.d/git-daemon'), :if => ['fedora', 'redhat'].include?(os[:family]) && os[:release] < '7' do + it { should be_file } + it { should be_owned_by 'root' } + it { should be_grouped_into 'root' } + its(:content) { should include 'DAEMON=/usr/libexec/git-core/git-daemon' } + its(:content) { should include 'PORT=29418' } + end + + describe file('/etc/pki/tls/certs/localhost.pem') do + it { should be_file } + it { should be_owned_by 'root' } + it { should be_grouped_into 'root' } + end + + describe file('/etc/pki/tls/private/localhost.key') do + it { should be_file } + it { should be_owned_by 'root' } + it { should be_grouped_into 'root' } + end + + describe file('/etc/cgitrc') do + it { should be_file } + it { should be_owned_by 'root' } + it { should be_grouped_into 'root' } + its(:content) { should include 'clone-prefix=git://git.openstack.org https://git.openstack.org' } + end + + describe file('/var/lib/git/.ssh/authorized_keys') do + it { should be_file } + it { should be_owned_by 'git' } + it { should be_mode '640' } # Authorized keys file should have a restrict permission + its(:content) { should include 'ssh-key 1a2b3c4d5e' } + end + + describe file('/etc/httpd/conf/httpd.conf') do + it { should be_file } + it { should be_owned_by 'root' } + it { should be_grouped_into 'root' } + its(:content) { should include 'Listen 8080' } + end + + describe file('/etc/httpd/conf.d/ssl.conf') do + it { should be_file } + it { should be_owned_by 'root' } + it { should be_grouped_into 'root' } + its(:content) { should include 'Listen 4443' } + end + end +end diff --git a/spec/acceptance/files_spec.rb b/spec/acceptance/files_spec.rb deleted file mode 100644 index 39e1f51..0000000 --- a/spec/acceptance/files_spec.rb +++ /dev/null @@ -1,100 +0,0 @@ -require 'spec_helper_acceptance' - -describe 'required files', :if => ['fedora', 'redhat'].include?(os[:family]) do - required_directories = [ - file('/home/cgit'), - file('/var/lib/git'), - ] - - required_directories.each do |directory| - describe directory do - it { should be_directory } - it { should be_owned_by 'cgit' } - it { should be_grouped_into 'cgit' } - end - end - - required_directories = [ - file('/var/www/cgit'), - file('/var/www/cgit/static'), - ] - - required_directories.each do |directory| - describe directory do - it { should be_directory } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } - end - end - - describe file('/usr/lib/systemd/system/git-daemon.socket'), :if => ['fedora', 'redhat'].include?(os[:family]) && os[:release] >= '7' do - it { should be_file } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } - its(:content) { should match 'ListenStream=9418' } - end - - describe file('/usr/lib/systemd/system/git-daemon@.service'), :if => ['fedora', 'redhat'].include?(os[:family]) && os[:release] >= '7' do - it { should be_file } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } - its(:content) { should match 'Wants=git-daemon.socket' } - end - - describe file('/etc/init.d/git-daemon'), :if => ['fedora', 'redhat'].include?(os[:family]) && os[:release] < '7' do - it { should be_file } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } - its(:content) { should match 'DAEMON=/usr/libexec/git-core/git-daemon' } - its(:content) { should match 'PORT=9418' } - end - - describe file('/etc/pki/tls/certs/localhost.pem') do - it { should be_file } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } - end - - describe file('/etc/pki/tls/private/localhost.key') do - it { should be_file } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } - end - - describe file('/etc/cgitrc') do - it { should be_file } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } - its(:content) { should match 'clone-prefix=git://git.openstack.org https://git.openstack.org' } - end - - describe file('/var/lib/git/.ssh/authorized_keys') do - it { should be_file } - it { should be_owned_by 'git' } - it { should be_mode '640' } # Authorized keys file should have a restrict permission - its(:content) { should match 'ssh-key 1a2b3c4d5e' } - end - - describe file('/etc/httpd/conf/httpd.conf') do - it { should be_file } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } - its(:content) { should match 'Listen 80' } - end - - describe file('/etc/httpd/conf.d/ssl.conf') do - it { should be_file } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } - its(:content) { should match 'Listen 443' } - end -end - -describe 'required files', :if => ['debian', 'ubuntu'].include?(os[:family]) do - describe file('/etc/rsyslog.d/haproxy.conf') do - it { should be_file } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } - its(:content) { should match 'local0.* /var/log/haproxy.log' } - end -end diff --git a/spec/acceptance/fixtures/behindproxy.pp b/spec/acceptance/fixtures/behindproxy.pp index 79c399c..91ed7a5 100644 --- a/spec/acceptance/fixtures/behindproxy.pp +++ b/spec/acceptance/fixtures/behindproxy.pp @@ -1,4 +1,10 @@ if ($::osfamily == 'RedHat') { + exec { 'reload systemd to have ports updated': + command => '/bin/systemctl daemon-reload', + refreshonly => true, + subscribe => File['/usr/lib/systemd/system/git-daemon.socket'], + } + class { '::cgit': vhost_name => 'localhost', serveradmin => 'webmaster@localhost', @@ -12,13 +18,13 @@ if ($::osfamily == 'RedHat') { 'clone-prefix' => 'git://git.openstack.org https://git.openstack.org', 'root-title' => 'OpenStack git repository browser', }, - } -> class { '::cgit::ssh': + } + + class { '::cgit::ssh': manage_home => false, + require => Class['::cgit'], authorized_keys => [ 'ssh-key 1a2b3c4d5e', ], - } -> exec { 'reload systemd to have ports updated': - command => '/bin/systemctl daemon-reload', } } - diff --git a/spec/acceptance/fixtures/default.pp b/spec/acceptance/fixtures/default.pp index eec914b..63c03e3 100644 --- a/spec/acceptance/fixtures/default.pp +++ b/spec/acceptance/fixtures/default.pp @@ -1,4 +1,10 @@ if ($::osfamily == 'RedHat') { + exec { 'reload systemd to have ports updated': + command => '/bin/systemctl daemon-reload', + refreshonly => true, + subscribe => File['/usr/lib/systemd/system/git-daemon.socket'], + } + class { '::cgit': vhost_name => 'localhost', serveradmin => 'webmaster@localhost', @@ -11,16 +17,13 @@ if ($::osfamily == 'RedHat') { 'clone-prefix' => 'git://git.openstack.org https://git.openstack.org', 'root-title' => 'OpenStack git repository browser', }, - } -> class { '::cgit::ssh': + } + + class { '::cgit::ssh': manage_home => false, + require => Class['::cgit'], authorized_keys => [ 'ssh-key 1a2b3c4d5e', ], } -} elsif ($::osfamily == 'Debian') { - class { '::cgit::lb': - balancer_member_names => [ 'local' ], - balancer_member_ips => [ '127.0.0.1' ], - } } - diff --git a/spec/acceptance/fixtures/loadbalancer.pp b/spec/acceptance/fixtures/loadbalancer.pp new file mode 100644 index 0000000..9f0ca73 --- /dev/null +++ b/spec/acceptance/fixtures/loadbalancer.pp @@ -0,0 +1,6 @@ +if ($::osfamily == 'Debian') { + class { '::cgit::lb': + balancer_member_names => [ 'local' ], + balancer_member_ips => [ '127.0.0.1' ], + } +} diff --git a/spec/acceptance/fixtures/preconditions.pp b/spec/acceptance/fixtures/preconditions.pp index e91ea2e..834ceb3 100644 --- a/spec/acceptance/fixtures/preconditions.pp +++ b/spec/acceptance/fixtures/preconditions.pp @@ -4,11 +4,15 @@ if ($::osfamily == 'RedHat' and $::operatingsystemmajrelease == '7') { path => '/usr/bin', command => 'mkdir -p /etc/ssl/certs', creates => '/etc/ssl/certs', - } -> exec { 'creates self-signed certificate key directory': + } + + exec { 'creates self-signed certificate key directory': path => '/usr/bin', command => 'mkdir -p /etc/ssl/private', creates => '/etc/ssl/private', - } -> exec { 'creates self-signed certificate': + } + + exec { 'creates self-signed certificate': path => '/usr/bin', command => 'openssl req \ -new \ @@ -19,7 +23,11 @@ if ($::osfamily == 'RedHat' and $::operatingsystemmajrelease == '7') { -subj "/C=US/ST=California/L=San Francisco/O=Dis/CN=localhost" \ -keyout /etc/ssl/private/ssl-cert-snakeoil.key \ -out /etc/ssl/certs/ssl-cert-snakeoil.pem', - creates => ['/etc/ssl/certs/cgit.key', '/etc/cgit/ssl/cgit.crt'], + creates => ['/etc/ssl/private/ssl-cert-snakeoil.key', '/etc/ssl/certs/ssl-cert-snakeoil.pem'], + require => [ + Exec['creates self-signed certificate directory'], + Exec['creates self-signed certificate key directory'], + ], } package { 'policycoreutils-python': diff --git a/spec/acceptance/loadbalancer_spec.rb b/spec/acceptance/loadbalancer_spec.rb new file mode 100644 index 0000000..d077fe2 --- /dev/null +++ b/spec/acceptance/loadbalancer_spec.rb @@ -0,0 +1,71 @@ +require 'spec_helper_acceptance' + +describe 'puppet-cgit loadbalancer module', :if => ['debian', 'ubuntu'].include?(os[:family]) do + def pp_path + base_path = File.dirname(__FILE__) + File.join(base_path, 'fixtures') + end + + def preconditions_puppet_module + module_path = File.join(pp_path, 'preconditions.pp') + File.read(module_path) + end + + def loadbalancer_puppet_module + module_path = File.join(pp_path, 'loadbalancer.pp') + File.read(module_path) + end + + before(:all) do + apply_manifest(preconditions_puppet_module, catch_failures: true) + end + + it 'should work with no errors' do + apply_manifest(loadbalancer_puppet_module, catch_failures: true) + end + + it 'should be idempotent' do + apply_manifest(loadbalancer_puppet_module, catch_changes: true) + end + + describe 'required services' do + describe port(80) do + it { should be_listening } + end + + describe port(443) do + it { should be_listening } + end + + describe port(9418) do + it { should be_listening } + end + + describe service('haproxy') do + it { should be_enabled } + it { should be_running } + end + end + + describe 'required os packages' do + required_packages = [ + package('socat'), + package('lsof'), + ] + + required_packages.each do |package| + describe package do + it { should be_installed } + end + end + end + + describe 'required files' do + describe file('/etc/rsyslog.d/haproxy.conf') do + it { should be_file } + it { should be_owned_by 'root' } + it { should be_grouped_into 'root' } + its(:content) { should include 'local0.* /var/log/haproxy.log' } + end + end +end diff --git a/spec/acceptance/packages_spec.rb b/spec/acceptance/packages_spec.rb deleted file mode 100644 index 2f21134..0000000 --- a/spec/acceptance/packages_spec.rb +++ /dev/null @@ -1,29 +0,0 @@ -require 'spec_helper_acceptance' - -describe 'required os packages', :if => ['fedora', 'redhat'].include?(os[:family]) do - required_packages = [ - package('mod_ldap'), - package('cgit'), - package('git-daemon'), - package('highlight'), - ] - - required_packages.each do |package| - describe package do - it { should be_installed } - end - end -end - -describe 'required os packages', :if => ['debian', 'ubuntu'].include?(os[:family]) do - required_packages = [ - package('socat'), - package('lsof'), - ] - - required_packages.each do |package| - describe package do - it { should be_installed } - end - end -end diff --git a/spec/acceptance/selinux_spec.rb b/spec/acceptance/selinux_spec.rb deleted file mode 100644 index 900fd83..0000000 --- a/spec/acceptance/selinux_spec.rb +++ /dev/null @@ -1,16 +0,0 @@ -require 'spec_helper_acceptance' - -describe 'selinux', :if => ['fedora', 'redhat'].include?(os[:family]) do - describe selinux do - it { should be_permissive } - end - - describe command('getsebool httpd_enable_cgi') do - its(:stdout) { should match 'httpd_enable_cgi --> on' } - end - - describe command('semanage port --list') do - its(:stdout) { should match 'http_port_t' } - its(:stdout) { should match 'git_port_t' } - end -end diff --git a/spec/acceptance/services_spec.rb b/spec/acceptance/services_spec.rb deleted file mode 100644 index 55fc449..0000000 --- a/spec/acceptance/services_spec.rb +++ /dev/null @@ -1,103 +0,0 @@ -require 'spec_helper_acceptance' - -describe 'cgit server', :if => ['fedora', 'redhat'].include?(os[:family]) do - describe 'running web server' do - describe command('curl http://localhost/cgit') do - its(:stdout) { should match 'OpenStack git repository browser' } - end - - describe command('curl --insecure https://localhost/cgit') do - its(:stdout) { should match 'OpenStack git repository browser' } - end - - describe port(80) do - it { should be_listening } - end - - describe port(443) do - it { should be_listening } - end - - describe port(9418) do - it { should be_listening } - end - - describe service('httpd') do - it { should be_enabled } - it { should be_running } - end - end - - describe service('git-daemon.socket'), :if => ['fedora', 'redhat'].include?(os[:family]) && os[:release] >= '7' do - it { should be_enabled } - it { should be_running } - end - - describe service('git-daemon'), :if => ['fedora', 'redhat'].include?(os[:family]) && os[:release] < '7' do - it { should be_enabled } - it { should be_running } - end -end - -describe 'cgit server behind proxy', :if => ['fedora', 'redhat'].include?(os[:family]) do - before(:all) do - behind_proxy_manifest = File.join(File.dirname(__FILE__), 'fixtures', 'behindproxy.pp') - apply_manifest(File.read(behind_proxy_manifest), catch_failures: true) - end - - describe 'running web server' do - describe command('curl http://localhost:8080/cgit') do - its(:stdout) { should match 'OpenStack git repository browser' } - end - - describe command('curl --insecure https://localhost:4443/cgit') do - its(:stdout) { should match 'OpenStack git repository browser' } - end - - describe port(8080) do - it { should be_listening } - end - - describe port(4443) do - it { should be_listening } - end - - describe port(29418) do - it { should be_listening } - end - - describe service('httpd') do - it { should be_enabled } - it { should be_running } - end - end - - describe service('git-daemon.socket'), :if => ['fedora', 'redhat'].include?(os[:family]) && os[:release] >= '7' do - it { should be_enabled } - it { should be_running } - end - - describe service('git-daemon'), :if => ['fedora', 'redhat'].include?(os[:family]) && os[:release] < '7' do - it { should be_enabled } - it { should be_running } - end -end - -describe 'cgit loadbalancer', :if => ['debian', 'ubuntu'].include?(os[:family]) do - describe port(80) do - it { should be_listening } - end - - describe port(443) do - it { should be_listening } - end - - describe port(9418) do - it { should be_listening } - end - - describe service('haproxy') do - it { should be_enabled } - it { should be_running } - end -end diff --git a/spec/acceptance/users_spec.rb b/spec/acceptance/users_spec.rb deleted file mode 100644 index 724a7ca..0000000 --- a/spec/acceptance/users_spec.rb +++ /dev/null @@ -1,21 +0,0 @@ -require 'spec_helper_acceptance' - -describe 'required users and groups', :if => ['fedora', 'redhat'].include?(os[:family]) do - describe user('cgit') do - it { should exist } - it { should belong_to_group 'cgit' } - end - - describe group('cgit') do - it { should exist } - end - - describe user('git') do - it { should exist } - it { should belong_to_group 'git' } - end - - describe group('git') do - it { should exist } - end -end