From c476756cd63c140279c7e5e7466d4d873b2396a7 Mon Sep 17 00:00:00 2001
From: Colleen Murphy <colleen@gazlene.net>
Date: Sun, 11 Jun 2017 16:14:30 +0200
Subject: [PATCH] Fix SSL in beaker tests

The snakeoil package uses the host's fqdn for the cert's CN, which means
trying to use '127.0.0.1' as the JJB URL will fail with an SSL error,
and the curl tests will also fail. JJB also doesn't have --insecure or
--cafle options, so it gets a SSL_CERTIFICATE_VERIFY_FAILED when trying
to run. Use the fqdn everywhere instead of the localhost address, and
add the snakeoil certs to the system's trusted bundle.

Change-Id: Iac97910b0d04eada62dd161341ee246a9cf3ebf8
---
 spec/acceptance/fixtures/master.pp        |  1 -
 spec/acceptance/fixtures/preconditions.pp |  7 +++++++
 spec/acceptance/fixtures/slave.pp         |  2 +-
 spec/acceptance/master_spec.rb            | 15 +--------------
 4 files changed, 9 insertions(+), 16 deletions(-)

diff --git a/spec/acceptance/fixtures/master.pp b/spec/acceptance/fixtures/master.pp
index b2d3b63..eabda67 100644
--- a/spec/acceptance/fixtures/master.pp
+++ b/spec/acceptance/fixtures/master.pp
@@ -1,7 +1,6 @@
 class { '::jenkins::jenkinsuser': }
 
 class { '::jenkins::master':
-  vhost_name              => '127.0.0.1',
   jenkins_ssh_private_key => file('/tmp/jenkins-ssh-keys/ssh_rsa_key'),
   jenkins_ssh_public_key  => file('/tmp/jenkins-ssh-keys/ssh_rsa_key.pub'),
   require                 => Class['::jenkins::jenkinsuser'],
diff --git a/spec/acceptance/fixtures/preconditions.pp b/spec/acceptance/fixtures/preconditions.pp
index 00cb514..1080670 100644
--- a/spec/acceptance/fixtures/preconditions.pp
+++ b/spec/acceptance/fixtures/preconditions.pp
@@ -37,3 +37,10 @@ ssh_keygen { 'ssh_rsa_key':
   ssh_directory => $ssh_key_directory,
   require       => File[$ssh_key_directory],
 }
+
+# JJB doesn't have a --insecure or --capath, so add the snakeoil certs to the system trust store
+exec { 'trust snake oil':
+  command => '/bin/cp /etc/ssl/certs/ssl-cert-snakeoil.pem /usr/local/share/ca-certificates/ubuntu.crt && /usr/sbin/update-ca-certificates',
+  require => Package['ssl-cert'],
+}
+
diff --git a/spec/acceptance/fixtures/slave.pp b/spec/acceptance/fixtures/slave.pp
index a6e2ef3..c997da6 100644
--- a/spec/acceptance/fixtures/slave.pp
+++ b/spec/acceptance/fixtures/slave.pp
@@ -3,7 +3,7 @@ class { '::jenkins::slave':
 }
 
 class { '::jenkins::job_builder':
-  url                         => 'https://127.0.0.1',
+  url                         => "https://${::fqdn}",
   username                    => 'jenkins',
   password                    => 'secret',
   jenkins_jobs_update_timeout => 1200,
diff --git a/spec/acceptance/master_spec.rb b/spec/acceptance/master_spec.rb
index 369ebd1..084e861 100644
--- a/spec/acceptance/master_spec.rb
+++ b/spec/acceptance/master_spec.rb
@@ -29,20 +29,7 @@ describe 'puppet-jenkins master module', :if => ['debian', 'ubuntu'].include?(os
   end
 
   describe 'required services' do
-    describe command('curl http://127.0.0.1 --verbose') do
-      its(:stdout) { should contain('302 Found') }
-      its(:stdout) { should contain('The document has moved') }
-    end
-
-    describe command('curl http://127.0.0.1 --insecure --location --verbose') do
-      its(:stdout) { should contain('Jenkins') }
-    end
-
-    describe command('curl https://127.0.0.1 --insecure') do
-      its(:stdout) { should contain('Jenkins') }
-    end
-
-    describe command('curl 127.0.0.1:8080') do
+    describe command('curl https://`hostname -f`/login --insecure --location --verbose') do
       its(:stdout) { should contain('Jenkins') }
     end
   end