From 201e0d2dd8e7d58cbfff47ea3db2a3ec2b4e0e12 Mon Sep 17 00:00:00 2001 From: "Matthew J. Black" Date: Mon, 26 Sep 2016 10:47:49 -0400 Subject: [PATCH] Update barbican for Debian based systems There are barbican packages available for debian based systems but the current module is designed to work with redhat based systems only right now. Change-Id: I4ab2e6ecf6626f4c647299eeec3cd5b3d3fbdaa9 (cherry picked from commit d1764c670a10f56bb61e85d92e65e34e2c5837c0) --- manifests/api.pp | 68 +-- manifests/params.pp | 10 +- manifests/wsgi/apache.pp | 2 + .../fix_ubuntu_install-20a799586184762a.yaml | 11 + spec/acceptance/basic_barbican_spec.rb | 81 ++- spec/classes/barbican_api_logging_spec.rb | 26 +- spec/classes/barbican_api_spec.rb | 543 +++++++++--------- spec/classes/barbican_client_spec.rb | 48 +- spec/classes/barbican_db_mysql_spec.rb | 102 ++-- spec/classes/barbican_db_spec.rb | 32 +- .../barbican_keystone_notification_spec.rb | 96 ++-- spec/classes/barbican_plugins_kmip_spec.rb | 103 ++-- .../barbican_plugins_p11_crypto_spec.rb | 71 ++- .../barbican_plugins_simple_crypto_spec.rb | 55 +- spec/classes/barbican_quota_spec.rb | 91 +-- spec/classes/barbican_wsgi_apache_spec.rb | 2 +- 16 files changed, 720 insertions(+), 621 deletions(-) create mode 100644 releasenotes/notes/fix_ubuntu_install-20a799586184762a.yaml diff --git a/manifests/api.pp b/manifests/api.pp index 4231efeb..84e77f68 100644 --- a/manifests/api.pp +++ b/manifests/api.pp @@ -303,12 +303,6 @@ class barbican::api ( warning('auth_url is deprecated, use barbican::keystone::authtoken::auth_url instead.') } - file { ['/etc/barbican', '/var/log/barbican']: - ensure => directory, - require => Package['barbican-api'], - notify => Service['barbican-api'], - } - # TODO: Remove the posix users and permissions and merge this definition # with the previous one, once the barbican package has been updated # with the correct ownership for this directory. @@ -321,25 +315,17 @@ class barbican::api ( notify => Service[$service_name], } - file { ['/etc/barbican/barbican.conf', - '/etc/barbican/barbican-api-paste.ini', - '/etc/barbican/gunicorn-config.py']: - ensure => present, - require => Package['barbican-api'], - notify => Service[$service_name], - } - package { 'barbican-api': ensure => $ensure_package, name => $::barbican::params::api_package_name, tag => ['openstack', 'barbican-package'], } - File['/etc/barbican/barbican.conf'] -> Barbican_config<||> - File['/etc/barbican/barbican-api-paste.ini'] -> Barbican_api_paste_ini<||> - Package['barbican-api'] ~> Service[$service_name] - Barbican_config<||> ~> Service[$service_name] - Barbican_api_paste_ini<||> ~> Service[$service_name] + Package['barbican-api'] ~> Service[$service_name] + Barbican_config<||> ~> Service[$service_name] + Barbican_api_paste_ini<||> ~> Service[$service_name] + Package<| tag == 'barbican-package' |> -> Barbican_config<||> + Package<| tag == 'barbican-package' |> -> Barbican_api_paste_ini<||> # basic service config if $host_href == undef { @@ -354,13 +340,6 @@ class barbican::api ( 'DEFAULT/host_href': value => $host_href_real; } - File['/etc/barbican/gunicorn-config.py'] -> - file_line { 'Modify bind_port in gunicorn-config.py': - path => '/etc/barbican/gunicorn-config.py', - line => "bind = '${bind_host}:${bind_port}'", - match => '.*bind = .*', - } -> Service[$service_name] - #rabbit config if $rpc_backend in [$::os_service_default, 'rabbit'] { oslo::messaging::rabbit {'barbican_config': @@ -461,9 +440,9 @@ class barbican::api ( # SSL Options barbican_config { - 'DEFAULT/cert_file' : value => $cert_file; - 'DEFAULT/key_file' : value => $key_file; - 'DEFAULT/ca_file' : value => $ca_file; + 'DEFAULT/cert_file': value => $cert_file; + 'DEFAULT/key_file': value => $key_file; + 'DEFAULT/ca_file': value => $ca_file; } if $sync_db { @@ -471,6 +450,9 @@ class barbican::api ( } if $service_name == 'barbican-api' { + if $::osfamily == 'Debian' { + fail('On Debian family the service_name must be set to httpd as there is no eventlet init script.') + } service { 'barbican-api': ensure => $service_ensure, name => $::barbican::params::api_service_name, @@ -479,17 +461,27 @@ class barbican::api ( hasrestart => true, tag => 'barbican-service', } - } elsif $service_name == 'httpd' { - include ::apache::params - service { 'barbican-api': - ensure => 'stopped', - name => $::barbican::params::api_service_name, - enable => false, - tag => 'barbican-service', + + file_line { 'Modify bind_port in gunicorn-config.py': + path => '/etc/barbican/gunicorn-config.py', + line => "bind = '${bind_host}:${bind_port}'", + match => '.*bind = .*', } - # we need to make sure barbican-api is stopped before trying to start apache - Service['barbican-api'] -> Service[$service_name] + Package<| tag == 'barbican-package' |> -> File_line['Modify bind_port in gunicorn-config.py'] ~> Service[$service_name] + } elsif $service_name == 'httpd' { + include ::apache::params + # Debian/Ubuntu do not have a barbican-api and this will error out on them. + if $::osfamily == 'RedHat' { + service { 'barbican-api': + ensure => 'stopped', + name => $::barbican::params::api_service_name, + enable => false, + tag => 'barbican-service', + } + # we need to make sure barbican-api is stopped before trying to start apache + Service['barbican-api'] -> Service[$service_name] + } } else { fail('Invalid service_name. Use barbican-api for stand-alone or httpd') } diff --git a/manifests/params.pp b/manifests/params.pp index ded4d8c9..eb3146ad 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -5,7 +5,6 @@ class barbican::params { case $::osfamily { 'RedHat': { - $package_name = 'openstack-barbican' $api_package_name = 'openstack-barbican-api' $api_service_name = 'openstack-barbican-api' $worker_package_name = 'openstack-barbican-worker' @@ -16,11 +15,12 @@ class barbican::params { $dogtag_client_package = 'pki-base' } 'Debian': { - $package_name = 'openstack-barbican' - $service_name = 'openstack-barbican' + $api_package_name = 'barbican-api' + $worker_package_name = 'barbican-worker' + $worker_service_name = 'barbican-worker' $client_package_name = 'python-barbicanclient' - $barbican_wsgi_script_path = '/var/www/cgi-bin/barbican' - $barbican_wsgi_script_source = '/usr/lib/python2.7/site-packages/barbican/api/app.wsgi' + $barbican_wsgi_script_path = '/usr/lib/cgi-bin/barbican' + $barbican_wsgi_script_source = '/usr/lib/python2.7/dist-packages/barbican/api/app.wsgi' $dogtag_client_package = 'pki-base' } default: { diff --git a/manifests/wsgi/apache.pp b/manifests/wsgi/apache.pp index 3775e9b6..e5097301 100644 --- a/manifests/wsgi/apache.pp +++ b/manifests/wsgi/apache.pp @@ -164,6 +164,8 @@ class barbican::wsgi::apache ( require => Package['httpd'], } + Package<| tag == 'barbican-api' |> -> File[$::barbican::params::barbican_wsgi_script_path] + $wsgi_files = { 'barbican_wsgi_main' => { 'path' => "${::barbican::params::barbican_wsgi_script_path}/main", diff --git a/releasenotes/notes/fix_ubuntu_install-20a799586184762a.yaml b/releasenotes/notes/fix_ubuntu_install-20a799586184762a.yaml new file mode 100644 index 00000000..c27eeec9 --- /dev/null +++ b/releasenotes/notes/fix_ubuntu_install-20a799586184762a.yaml @@ -0,0 +1,11 @@ +--- +issues: + - Fix for wsgi app locations for Ubuntu/Debian, was previously using RedHat packaging locations. + - Add conditional to prevent puppet from trying to manage barbican-api service on Ubuntu/Debian + as the packaging contains no init script for the eventlet. + - Add api_package_name for Ubuntu/Debian. This worked because the title is the same as the + package name on Ubuntu/Debian and api_package_name was undefined. + - Add worker_package_name and worker_service_name for Ubuntu/Debian. + - Remove unused variable package_name from params for both Ubuntu/Debian and RedHat. + - Remove service_name for Ubuntu/Debian as there is no init script for Ubuntu/Debian and apache + must be used. diff --git a/spec/acceptance/basic_barbican_spec.rb b/spec/acceptance/basic_barbican_spec.rb index cce1cdde..6432187e 100644 --- a/spec/acceptance/basic_barbican_spec.rb +++ b/spec/acceptance/basic_barbican_spec.rb @@ -25,54 +25,43 @@ describe 'barbican::api basic test class' do include ::openstack_integration::repos include ::openstack_integration::mysql include ::openstack_integration::keystone + include ::barbican - case $::osfamily { - 'Debian': { - warning('Barbican is not yet packaged on Ubuntu systems.') - } - 'RedHat': { - # Barbican resources - include ::barbican - - class { '::barbican::keystone::auth': - password => 'a_big_secret', - } - - class { '::barbican::api::logging': - } - - class { '::barbican::quota': - } - - class { '::barbican::keystone::notification': - } - - class { '::barbican::db::mysql': - password => 'a_big_secret', - } - - class { '::barbican::db': - database_connection => 'mysql+pymysql://barbican:a_big_secret@127.0.0.1/barbican?charset=utf8', - } - - class { '::barbican::keystone::authtoken': - password => 'a_big_secret', - } - - class { '::barbican::api': - host_href => 'http://localhost:9311', - auth_strategy => 'keystone', - service_name => 'httpd', - enabled_certificate_plugins => ['simple_certificate'], - db_auto_create => false, - } - - include ::apache - class { '::barbican::wsgi::apache': - ssl => false, - } - } + class { '::barbican::keystone::auth': + password => 'a_big_secret', } + + class { '::barbican::api::logging': } + + class { '::barbican::quota': } + + class { '::barbican::keystone::notification': } + + class { '::barbican::db::mysql': + password => 'a_big_secret', + } + + class { '::barbican::db': + database_connection => 'mysql+pymysql://barbican:a_big_secret@127.0.0.1/barbican?charset=utf8', + } + + class { '::barbican::keystone::authtoken': + password => 'a_big_secret', + } + + class { '::barbican::api': + host_href => 'http://localhost:9311', + auth_strategy => 'keystone', + service_name => 'httpd', + enabled_certificate_plugins => ['simple_certificate'], + db_auto_create => false, + } + + include ::apache + class { '::barbican::wsgi::apache': + ssl => false, + } + EOS it 'should work with no errors' do diff --git a/spec/classes/barbican_api_logging_spec.rb b/spec/classes/barbican_api_logging_spec.rb index 267b7447..2b49b722 100644 --- a/spec/classes/barbican_api_logging_spec.rb +++ b/spec/classes/barbican_api_logging_spec.rb @@ -106,20 +106,20 @@ describe 'barbican::api::logging' do } end - context 'on Debian platforms' do - let :facts do - @default_facts.merge({ :osfamily => 'Debian' }) + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge(OSDefaults.get_facts({ + :processorcount => 8, + :fqdn => 'some.host.tld', + :concat_basedir => '/var/lib/puppet/concat', + })) + end + + it_configures 'barbican-logging' end - - it_configures 'barbican-logging' - end - - context 'on RedHat platforms' do - let :facts do - @default_facts.merge({ :osfamily => 'RedHat' }) - end - - it_configures 'barbican-logging' end end diff --git a/spec/classes/barbican_api_spec.rb b/spec/classes/barbican_api_spec.rb index 1529677a..77fda861 100644 --- a/spec/classes/barbican_api_spec.rb +++ b/spec/classes/barbican_api_spec.rb @@ -21,283 +21,306 @@ require 'spec_helper' describe 'barbican::api' do - let :facts do - @default_facts.merge( - OSDefaults.get_facts({ - :osfamily => 'RedHat', - :processorcount => '7', - }) - ) - end + shared_examples_for 'barbican api' do - let :default_params do - { - :bind_host => '0.0.0.0', - :bind_port => '9311', - :rpc_backend => 'rabbit', - :rabbit_host => '', - :rabbit_hosts => [''], - :rabbit_password => '', - :rabbit_port => '', - :rabbit_userid => '', - :rabbit_virtual_host => '', - :rabbit_use_ssl => '', - :rabbit_heartbeat_timeout_threshold => '', - :rabbit_heartbeat_rate => '', - :rabbit_ha_queues => '', - :amqp_durable_queues => '', - :max_allowed_secret_in_bytes => '', - :max_allowed_request_size_in_bytes => '', - :enable_queue => '', - :queue_namespace => '', - :queue_topic => '', - :queue_version => '', - :queue_server_name => '', - :kombu_ssl_ca_certs => '', - :kombu_ssl_certfile => '', - :kombu_ssl_keyfile => '', - :kombu_ssl_version => '', - :kombu_reconnect_delay => '', - :manage_service => true, - :enabled => true, - :enabled_secretstore_plugins => [''], - :enabled_crypto_plugins => [''], - :enabled_certificate_plugins => [''], - :enabled_certificate_event_plugins => [''], - :auth_strategy => 'keystone', - :retry_scheduler_initial_delay_seconds => '', - :retry_scheduler_periodic_interval_max_seconds => '', - } - end + let :default_params do + { + :bind_host => '0.0.0.0', + :bind_port => '9311', + :rpc_backend => 'rabbit', + :rabbit_host => '', + :rabbit_hosts => [''], + :rabbit_password => '', + :rabbit_port => '', + :rabbit_userid => '', + :rabbit_virtual_host => '', + :rabbit_use_ssl => '', + :rabbit_heartbeat_timeout_threshold => '', + :rabbit_heartbeat_rate => '', + :rabbit_ha_queues => '', + :amqp_durable_queues => '', + :max_allowed_secret_in_bytes => '', + :max_allowed_request_size_in_bytes => '', + :enable_queue => '', + :queue_namespace => '', + :queue_topic => '', + :queue_version => '', + :queue_server_name => '', + :kombu_ssl_ca_certs => '', + :kombu_ssl_certfile => '', + :kombu_ssl_keyfile => '', + :kombu_ssl_version => '', + :kombu_reconnect_delay => '', + :manage_service => true, + :enabled => true, + :enabled_secretstore_plugins => [''], + :enabled_crypto_plugins => [''], + :enabled_certificate_plugins => [''], + :enabled_certificate_event_plugins => [''], + :auth_strategy => 'keystone', + :retry_scheduler_initial_delay_seconds => '', + :retry_scheduler_periodic_interval_max_seconds => '', + :service_name => platform_params[:service_name], + } + end - [{ - :bind_host => '127.0.0.1', - :bind_port => '9312', - :rpc_backend => 'rabbit', - :rabbit_host => 'rabbithost', - :rabbit_hosts => ['rabbithost:1234'], - :rabbit_password => 'bugs_bunny', - :rabbit_port => '1234', - :rabbit_userid => 'bugs', - :rabbit_virtual_host => 'rabbithost', - :rabbit_use_ssl => true, - :rabbit_heartbeat_timeout_threshold => '10', - :rabbit_heartbeat_rate => '10', - :rabbit_ha_queues => true, - :amqp_durable_queues => true, - :enable_queue => true, - :queue_namespace => 'barbican1', - :queue_topic => 'barbican1.workers', - :queue_version => '1.2', - :queue_server_name => 'barbican1.queue', - :manage_service => true, - :enabled => false, - :kombu_ssl_ca_certs => 'path_to_certs', - :kombu_ssl_certfile => 'path_to_certfile', - :kombu_ssl_keyfile => 'path_to_keyfile', - :kombu_ssl_version => '1.2', - :kombu_reconnect_delay => '10', - :enabled_secretstore_plugins => ['dogtag_crypto', 'store_crypto', 'kmip'], - :enabled_crypto_plugins => ['simple_crypto'], - :enabled_certificate_plugins => ['simple_certificate', 'dogtag'], - :enabled_certificate_event_plugins => ['simple_certificate_event', 'foo_event'], - :retry_scheduler_initial_delay_seconds => 20.0, - :retry_scheduler_periodic_interval_max_seconds => 20.0, - :max_allowed_secret_in_bytes => 20000, - :max_allowed_request_size_in_bytes => 2000000, - } - ].each do |param_set| + [{ + :bind_host => '127.0.0.1', + :bind_port => '9312', + :rpc_backend => 'rabbit', + :rabbit_host => 'rabbithost', + :rabbit_hosts => ['rabbithost:1234'], + :rabbit_password => 'bugs_bunny', + :rabbit_port => '1234', + :rabbit_userid => 'bugs', + :rabbit_virtual_host => 'rabbithost', + :rabbit_use_ssl => true, + :rabbit_heartbeat_timeout_threshold => '10', + :rabbit_heartbeat_rate => '10', + :rabbit_ha_queues => true, + :amqp_durable_queues => true, + :enable_queue => true, + :queue_namespace => 'barbican1', + :queue_topic => 'barbican1.workers', + :queue_version => '1.2', + :queue_server_name => 'barbican1.queue', + :manage_service => true, + :enabled => false, + :kombu_ssl_ca_certs => 'path_to_certs', + :kombu_ssl_certfile => 'path_to_certfile', + :kombu_ssl_keyfile => 'path_to_keyfile', + :kombu_ssl_version => '1.2', + :kombu_reconnect_delay => '10', + :enabled_secretstore_plugins => ['dogtag_crypto', 'store_crypto', 'kmip'], + :enabled_crypto_plugins => ['simple_crypto'], + :enabled_certificate_plugins => ['simple_certificate', 'dogtag'], + :enabled_certificate_event_plugins => ['simple_certificate_event', 'foo_event'], + :retry_scheduler_initial_delay_seconds => 20.0, + :retry_scheduler_periodic_interval_max_seconds => 20.0, + :max_allowed_secret_in_bytes => 20000, + :max_allowed_request_size_in_bytes => 2000000, + } + ].each do |param_set| + describe "when #{param_set == {} ? "using default" : "specifying"} class parameters" do + let :pre_condition do + 'class { "barbican::keystone::authtoken": password => "secret", } + include ::apache' + end - describe "when #{param_set == {} ? "using default" : "specifying"} class parameters" do - let :pre_condition do - 'class { "barbican::keystone::authtoken": password => "secret", }' + let :param_hash do + default_params.merge(param_set) + end + + let :params do + default_params.merge(param_set) + end + + let :host_ref do + "http://${::fqdn}:$param_hash[:bind_port]" + end + + it { is_expected.to contain_class 'barbican::api::logging' } + it { is_expected.to contain_class 'barbican::db' } + + it { is_expected.to contain_package('barbican-api').with( + :tag => ['openstack', 'barbican-package'], + )} + + it 'is_expected.to set default parameters' do + [ + 'bind_host', + 'bind_port', + 'max_allowed_secret_in_bytes', + 'max_allowed_request_size_in_bytes', + ].each do |config| + is_expected.to contain_barbican_config("DEFAULT/#{config}").with_value(param_hash[config.intern]) + end + end + + it 'configures queue' do + is_expected.to contain_barbican_config('queue/enable').with_value(param_hash[:enable_queue]) + is_expected.to contain_barbican_config('queue/namespace').with_value(param_hash[:queue_namespace]) + is_expected.to contain_barbican_config('queue/topic').with_value(param_hash[:queue_topic]) + is_expected.to contain_barbican_config('queue/version').with_value(param_hash[:queue_version]) + is_expected.to contain_barbican_config('queue/server_name').with_value(param_hash[:queue_server_name]) + end + + it 'configures rabbit' do + is_expected.to contain_barbican_config('DEFAULT/rpc_backend').with_value(param_hash[:rpc_backend]) + is_expected.to contain_barbican_config('oslo_messaging_rabbit/rabbit_hosts').with_value(param_hash[:rabbit_hosts]) + is_expected.to contain_barbican_config('oslo_messaging_rabbit/rabbit_password').with_value(param_hash[:rabbit_password]).with_secret(true) + is_expected.to contain_barbican_config('oslo_messaging_rabbit/rabbit_userid').with_value(param_hash[:rabbit_userid]) + is_expected.to contain_barbican_config('oslo_messaging_rabbit/rabbit_virtual_host').with_value(param_hash[:rabbit_virtual_host]) + is_expected.to contain_barbican_config('oslo_messaging_rabbit/heartbeat_timeout_threshold').with_value(param_hash[:rabbit_heartbeat_timeout_threshold]) + is_expected.to contain_barbican_config('oslo_messaging_rabbit/heartbeat_rate').with_value(param_hash[:rabbit_heartbeat_rate]) + end + + it 'configures kombu certs' do + is_expected.to contain_barbican_config('oslo_messaging_rabbit/kombu_ssl_ca_certs').with_value(param_hash[:kombu_ssl_ca_certs]) + is_expected.to contain_barbican_config('oslo_messaging_rabbit/kombu_ssl_certfile').with_value(param_hash[:kombu_ssl_certfile]) + is_expected.to contain_barbican_config('oslo_messaging_rabbit/kombu_ssl_keyfile').with_value(param_hash[:kombu_ssl_keyfile]) + is_expected.to contain_barbican_config('oslo_messaging_rabbit/kombu_ssl_version').with_value(param_hash[:kombu_ssl_version]) + is_expected.to contain_barbican_config('oslo_messaging_rabbit/kombu_reconnect_delay').with_value(param_hash[:kombu_reconnect_delay]) + end + + it 'configures enabled plugins' do + is_expected.to contain_barbican_config('secretstore/enabled_secretstore_plugins') \ + .with_value(param_hash[:enabled_secretstore_plugins]) + is_expected.to contain_barbican_config('crypto/enabled_crypto_plugins') \ + .with_value(param_hash[:enabled_crypto_plugins]) + is_expected.to contain_barbican_config('certificate/enabled_certificate_plugins') \ + .with_value(param_hash[:enabled_certificate_plugins]) + is_expected.to contain_barbican_config('certificate_event/enabled_certificate_event_plugins') \ + .with_value(param_hash[:enabled_certificate_event_plugins]) + end end + end - let :param_hash do - default_params.merge(param_set) + describe 'with SSL socket options set' do + let :pre_condition do + 'class { "barbican::keystone::authtoken": password => "secret", } + include ::apache' end let :params do - param_set + default_params.merge({ + :use_ssl => true, + :cert_file => '/path/to/cert', + :ca_file => '/path/to/ca', + :key_file => '/path/to/key', + }) end - let :host_ref do - "http://${::fqdn}:$param_hash[:bind_port]" + it { is_expected.to contain_barbican_config('DEFAULT/ca_file').with_value('/path/to/ca') } + it { is_expected.to contain_barbican_config('DEFAULT/cert_file').with_value('/path/to/cert') } + it { is_expected.to contain_barbican_config('DEFAULT/key_file').with_value('/path/to/key') } + end + + describe 'with SSL socket options left by default' do + let :pre_condition do + 'class { "barbican::keystone::authtoken": password => "secret", } + include ::apache' end - it { is_expected.to contain_class 'barbican::api::logging' } - it { is_expected.to contain_class 'barbican::db' } + let :params do + default_params.merge({ + :use_ssl => false, + }) + end - it { is_expected.to contain_service('barbican-api').with( - 'ensure' => (param_hash[:manage_service] && param_hash[:enabled]) ? 'running': 'stopped', - 'enable' => param_hash[:enabled], - 'hasstatus' => true, - 'hasrestart' => true, - 'tag' => 'barbican-service', - ) } + it { is_expected.to contain_barbican_config('DEFAULT/ca_file').with_value('') } + it { is_expected.to contain_barbican_config('DEFAULT/cert_file').with_value('') } + it { is_expected.to contain_barbican_config('DEFAULT/key_file').with_value('') } + end - it 'is_expected.to set default parameters' do - [ - 'bind_host', - 'bind_port', - 'max_allowed_secret_in_bytes', - 'max_allowed_request_size_in_bytes', - ].each do |config| - is_expected.to contain_barbican_config("DEFAULT/#{config}").with_value(param_hash[config.intern]) + describe 'with SSL socket options set wrongly configured' do + let :pre_condition do + 'class { "barbican::keystone::authtoken": password => "secret", } + include ::apache' + end + + let :params do + default_params.merge({ + :use_ssl => true, + :ca_file => '/path/to/ca', + :key_file => '/path/to/key', + }) + end + + it_raises 'a Puppet::Error', /The cert_file parameter is required when use_ssl is set to true/ + end + + describe 'with keystone auth' do + let :pre_condition do + 'class { "barbican::keystone::authtoken": password => "secret", } + include ::apache' + end + + let :params do + default_params.merge({ + :auth_strategy => 'keystone', + }) + end + + it 'is_expected.to set keystone params correctly' do + is_expected.to contain_barbican_api_paste_ini('pipeline:barbican_api/pipeline')\ + .with_value('cors authtoken context apiapp') + is_expected.to contain_class('barbican::keystone::authtoken') + end + end + end + + shared_examples_for 'barbican api redhat' do + let :param_hash do + { + :manage_service => true, + :enabled => true, + :auth_strategy => 'keystone', + } + end + let :pre_condition do + 'class { "barbican::keystone::authtoken": password => "secret", }' + end + context 'redhat systems eventlet service enabled' do + describe 'should contain eventlet service' do + it { is_expected.to contain_service('barbican-api').with( + 'ensure' => (param_hash[:manage_service] && param_hash[:enabled]) ? 'running': 'stopped', + 'enable' => param_hash[:enabled], + 'hasstatus' => true, + 'hasrestart' => true, + 'tag' => 'barbican-service', + ) } + end + end + context 'on redhat systems eventlet service disabled' do + describe 'with disabled service managing' do + let :params do + { + :manage_service => false, + :enabled => false, + :auth_strategy => 'keystone', + } + end + + it { is_expected.to contain_service('barbican-api').with( + 'ensure' => nil, + 'enable' => false, + 'hasstatus' => true, + 'hasrestart' => true, + 'tag' => 'barbican-service', + )} + end + end + end + + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge(OSDefaults.get_facts({ + :processorcount => 7, + :fqdn => 'some.host.tld', + :concat_basedir => '/var/lib/puppet/concat', + })) + end + + case facts[:osfamily] + when 'RedHat' + let (:platform_params) do + { :service_name => 'barbican-api' } + end + it_behaves_like 'barbican api redhat' + when 'Debian' + let :pre_condition do + 'include ::apache' + end + let (:platform_params) do + { :service_name => 'httpd' } end end - it 'configures queue' do - is_expected.to contain_barbican_config('queue/enable').with_value(param_hash[:enable_queue]) - is_expected.to contain_barbican_config('queue/namespace').with_value(param_hash[:queue_namespace]) - is_expected.to contain_barbican_config('queue/topic').with_value(param_hash[:queue_topic]) - is_expected.to contain_barbican_config('queue/version').with_value(param_hash[:queue_version]) - is_expected.to contain_barbican_config('queue/server_name').with_value(param_hash[:queue_server_name]) - end - - it 'configures rabbit' do - is_expected.to contain_barbican_config('DEFAULT/rpc_backend').with_value(param_hash[:rpc_backend]) - is_expected.to contain_barbican_config('oslo_messaging_rabbit/rabbit_hosts').with_value(param_hash[:rabbit_hosts]) - is_expected.to contain_barbican_config('oslo_messaging_rabbit/rabbit_password').with_value(param_hash[:rabbit_password]).with_secret(true) - is_expected.to contain_barbican_config('oslo_messaging_rabbit/rabbit_userid').with_value(param_hash[:rabbit_userid]) - is_expected.to contain_barbican_config('oslo_messaging_rabbit/rabbit_virtual_host').with_value(param_hash[:rabbit_virtual_host]) - is_expected.to contain_barbican_config('oslo_messaging_rabbit/heartbeat_timeout_threshold').with_value(param_hash[:rabbit_heartbeat_timeout_threshold]) - is_expected.to contain_barbican_config('oslo_messaging_rabbit/heartbeat_rate').with_value(param_hash[:rabbit_heartbeat_rate]) - end - - it 'configures kombu certs' do - is_expected.to contain_barbican_config('oslo_messaging_rabbit/kombu_ssl_ca_certs').with_value(param_hash[:kombu_ssl_ca_certs]) - is_expected.to contain_barbican_config('oslo_messaging_rabbit/kombu_ssl_certfile').with_value(param_hash[:kombu_ssl_certfile]) - is_expected.to contain_barbican_config('oslo_messaging_rabbit/kombu_ssl_keyfile').with_value(param_hash[:kombu_ssl_keyfile]) - is_expected.to contain_barbican_config('oslo_messaging_rabbit/kombu_ssl_version').with_value(param_hash[:kombu_ssl_version]) - is_expected.to contain_barbican_config('oslo_messaging_rabbit/kombu_reconnect_delay').with_value(param_hash[:kombu_reconnect_delay]) - end - - it 'configures enabled plugins' do - is_expected.to contain_barbican_config('secretstore/enabled_secretstore_plugins') \ - .with_value(param_hash[:enabled_secretstore_plugins]) - is_expected.to contain_barbican_config('crypto/enabled_crypto_plugins') \ - .with_value(param_hash[:enabled_crypto_plugins]) - is_expected.to contain_barbican_config('certificate/enabled_certificate_plugins') \ - .with_value(param_hash[:enabled_certificate_plugins]) - is_expected.to contain_barbican_config('certificate_event/enabled_certificate_event_plugins') \ - .with_value(param_hash[:enabled_certificate_event_plugins]) - end + it_behaves_like 'barbican api' end end - - describe 'with SSL socket options set' do - let :pre_condition do - 'class { "barbican::keystone::authtoken": password => "secret", }' - end - - let :params do - { - :use_ssl => true, - :cert_file => '/path/to/cert', - :ca_file => '/path/to/ca', - :key_file => '/path/to/key', - } - end - - it { is_expected.to contain_barbican_config('DEFAULT/ca_file').with_value('/path/to/ca') } - it { is_expected.to contain_barbican_config('DEFAULT/cert_file').with_value('/path/to/cert') } - it { is_expected.to contain_barbican_config('DEFAULT/key_file').with_value('/path/to/key') } - end - - describe 'with SSL socket options left by default' do - let :pre_condition do - 'class { "barbican::keystone::authtoken": password => "secret", }' - end - - let :params do - { - :use_ssl => false, - } - end - - it { is_expected.to contain_barbican_config('DEFAULT/ca_file').with_value('') } - it { is_expected.to contain_barbican_config('DEFAULT/cert_file').with_value('') } - it { is_expected.to contain_barbican_config('DEFAULT/key_file').with_value('') } - end - - describe 'with SSL socket options set wrongly configured' do - let :pre_condition do - 'class { "barbican::keystone::authtoken": password => "secret", }' - end - - let :params do - { - :use_ssl => true, - :ca_file => '/path/to/ca', - :key_file => '/path/to/key', - } - end - - it_raises 'a Puppet::Error', /The cert_file parameter is required when use_ssl is set to true/ - end - - describe 'with keystone auth' do - let :pre_condition do - 'class { "barbican::keystone::authtoken": password => "secret", }' - end - - let :params do - { - :auth_strategy => 'keystone', - } - end - - it 'is_expected.to set keystone params correctly' do - is_expected.to contain_barbican_api_paste_ini('pipeline:barbican_api/pipeline')\ - .with_value('cors authtoken context apiapp') - is_expected.to contain_class('barbican::keystone::authtoken') - end - end - - describe 'with disabled service managing' do - let :params do - { - :manage_service => false, - :enabled => false, - :auth_strategy => 'None', - } - end - - it { is_expected.to contain_service('barbican-api').with( - 'ensure' => nil, - 'enable' => false, - 'hasstatus' => true, - 'hasrestart' => true, - 'tag' => 'barbican-service', - ) } - end - - describe 'on RedHat platforms' do - let :pre_condition do - 'class { "barbican::keystone::authtoken": password => "secret", }' - end - - let :facts do - OSDefaults.get_facts({ - :osfamily => 'RedHat', - :operatingsystemrelease => '7', - }) - end - let(:params) { default_params } - - it { is_expected.to contain_package('barbican-api').with( - :tag => ['openstack', 'barbican-package'], - )} - end - - describe 'on unknown platforms' do - let :facts do - OSDefaults.get_facts({ :osfamily => 'unknown' }) - end - let(:params) { default_params } - - it_raises 'a Puppet::Error', /Unsupported osfamily/ - end - end diff --git a/spec/classes/barbican_client_spec.rb b/spec/classes/barbican_client_spec.rb index 100e9914..ab6b7f20 100644 --- a/spec/classes/barbican_client_spec.rb +++ b/spec/classes/barbican_client_spec.rb @@ -21,33 +21,41 @@ require 'spec_helper' describe 'barbican::client' do - let :facts do - @default_facts.merge( - { - :osfamily => 'RedHat', - } - ) - end - - describe "with default parameters" do - it { is_expected.to contain_package('python-barbicanclient').with( + shared_examples_for 'barbican client' do + describe "with default parameters" do + it { is_expected.to contain_package('python-barbicanclient').with( 'ensure' => 'present', 'tag' => 'openstack' - ) } - it { is_expected.to contain_package('python-openstackclient').with( + )} + it { is_expected.to contain_package('python-openstackclient').with( 'ensure' => 'present', 'tag' => 'openstack', - ) } - end - - describe "with specified version" do - let :params do - {:ensure => '2013.1'} + )} end - it { is_expected.to contain_package('python-barbicanclient').with( + describe "with specified version" do + let :params do + { :ensure => '2013.1' } + end + + it { is_expected.to contain_package('python-barbicanclient').with( 'ensure' => '2013.1', 'tag' => 'openstack' - ) } + )} + end + end + + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge(OSDefaults.get_facts({ + :fqdn => 'some.host.tld', + })) + end + + it_configures 'barbican client' + end end end diff --git a/spec/classes/barbican_db_mysql_spec.rb b/spec/classes/barbican_db_mysql_spec.rb index 126a630a..8506a0ae 100644 --- a/spec/classes/barbican_db_mysql_spec.rb +++ b/spec/classes/barbican_db_mysql_spec.rb @@ -21,61 +21,75 @@ require 'spec_helper' describe 'barbican::db::mysql' do - let :pre_condition do - [ - 'include mysql::server', - 'include barbican::db::sync' - ] - end + shared_examples_for 'barbican db mysql' do + let :pre_condition do + [ + 'include mysql::server', + 'include barbican::db::sync' + ] + end - let :facts do - @default_facts.merge({ :osfamily => 'Debian' }) - end - - let :params do - { - 'password' => 'fooboozoo_default_password', - } - end - - describe 'with only required params' do - it { is_expected.to contain_openstacklib__db__mysql('barbican').with( - 'user' => 'barbican', - 'password_hash' => '*3DDF34A86854A312A8E2C65B506E21C91800D206', - 'dbname' => 'barbican', - 'host' => '127.0.0.1', - 'charset' => 'utf8', - :collate => 'utf8_general_ci', - )} - end - - describe "overriding allowed_hosts param to array" do let :params do { - :password => 'barbicanpass', - :allowed_hosts => ['127.0.0.1','%'] + 'password' => 'fooboozoo_default_password', } end - end - describe "overriding allowed_hosts param to string" do - let :params do - { - :password => 'barbicanpass2', - :allowed_hosts => '192.168.1.1' - } + describe 'with only required params' do + it { is_expected.to contain_openstacklib__db__mysql('barbican').with( + 'user' => 'barbican', + 'password_hash' => '*3DDF34A86854A312A8E2C65B506E21C91800D206', + 'dbname' => 'barbican', + 'host' => '127.0.0.1', + 'charset' => 'utf8', + :collate => 'utf8_general_ci', + )} end - end + describe "overriding allowed_hosts param to array" do + let :params do + { + :password => 'barbicanpass', + :allowed_hosts => ['127.0.0.1','%'] + } + end + + end + describe "overriding allowed_hosts param to string" do + let :params do + { + :password => 'barbicanpass2', + :allowed_hosts => '192.168.1.1' + } + end - describe "overriding allowed_hosts param equals to host param " do - let :params do - { - :password => 'barbicanpass2', - :allowed_hosts => '127.0.0.1' - } end + describe "overriding allowed_hosts param equals to host param " do + let :params do + { + :password => 'barbicanpass2', + :allowed_hosts => '127.0.0.1' + } + end + + end + end + + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge(OSDefaults.get_facts({ + :processorcount => 8, + :fqdn => 'some.host.tld', + :concat_basedir => '/var/lib/puppet/concat', + })) + end + + it_configures 'barbican db mysql' + end end end diff --git a/spec/classes/barbican_db_spec.rb b/spec/classes/barbican_db_spec.rb index bdd55d32..14afe795 100644 --- a/spec/classes/barbican_db_spec.rb +++ b/spec/classes/barbican_db_spec.rb @@ -141,17 +141,10 @@ describe 'barbican::db' do ) end end + end - context 'on Redhat platforms' do - let :facts do - @default_facts.merge({ :osfamily => 'RedHat', - :operatingsystemrelease => '7.1', - }) - end - - it_configures 'barbican::db' - + shared_examples_for 'barbican db on redhat' do context 'using pymysql driver' do let :params do { :database_connection => 'mysql+pymysql://barbican:barbican@localhost/barbican', } @@ -161,5 +154,26 @@ describe 'barbican::db' do end end + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge(OSDefaults.get_facts({ + :processorcount => 8, + :fqdn => 'some.host.tld', + :concat_basedir => '/var/lib/puppet/concat', + })) + end + + it_configures 'barbican::db' + + case facts[:osfamily] + when 'RedHat' + it_configures 'barbican db on redhat' + end + end + end + end diff --git a/spec/classes/barbican_keystone_notification_spec.rb b/spec/classes/barbican_keystone_notification_spec.rb index 599c37b2..5b0a7bc4 100644 --- a/spec/classes/barbican_keystone_notification_spec.rb +++ b/spec/classes/barbican_keystone_notification_spec.rb @@ -21,57 +21,67 @@ require 'spec_helper' describe 'barbican::keystone::notification' do - let :facts do - @default_facts.merge( + shared_examples_for 'barbican keystone notification' do + + let :default_params do { - :osfamily => 'RedHat', - :processorcount => '7', + :enable_keystone_notification => '', + :keystone_notification_control_exchange => '', + :keystone_notification_topic => '', + :keystone_notification_allow_requeue => '', + :keystone_notification_thread_pool_size => '', } - ) - end + end - let :default_params do - { - :enable_keystone_notification => '', - :keystone_notification_control_exchange => '', - :keystone_notification_topic => '', - :keystone_notification_allow_requeue => '', - :keystone_notification_thread_pool_size => '', - } - end + [{}, + { + :enable_keystone_notification => true, + :keystone_notification_control_exchange => 'exchange_data', + :keystone_notification_topic => 'barbican', + :keystone_notification_allow_requeue => true, + :keystone_notification_thread_pool_size => 20, + } + ].each do |param_set| - [{}, - { - :enable_keystone_notification => true, - :keystone_notification_control_exchange => 'exchange_data', - :keystone_notification_topic => 'barbican', - :keystone_notification_allow_requeue => true, - :keystone_notification_thread_pool_size => 20, - } - ].each do |param_set| + describe "when #{param_set == {} ? "using default" : "specifying"} class parameters" do - describe "when #{param_set == {} ? "using default" : "specifying"} class parameters" do + let :param_hash do + default_params.merge(param_set) + end - let :param_hash do - default_params.merge(param_set) - end + let :params do + param_set + end - let :params do - param_set - end - - it 'is_expected.to set keystone notification parameters' do - is_expected.to contain_barbican_config('keystone_notifications/enable')\ - .with_value(param_hash[:enable_keystone_notification]) - is_expected.to contain_barbican_config('keystone_notifications/allow_requeue')\ - .with_value(param_hash[:keystone_notification_allow_requeue]) - is_expected.to contain_barbican_config('keystone_notifications/thread_pool_size')\ - .with_value(param_hash[:keystone_notification_thread_pool_size]) - is_expected.to contain_barbican_config('keystone_notifications/topic')\ - .with_value(param_hash[:keystone_notification_topic]) - is_expected.to contain_barbican_config('keystone_notifications/control_exchange')\ - .with_value(param_hash[:keystone_notification_control_exchange]) + it 'is_expected.to set keystone notification parameters' do + is_expected.to contain_barbican_config('keystone_notifications/enable')\ + .with_value(param_hash[:enable_keystone_notification]) + is_expected.to contain_barbican_config('keystone_notifications/allow_requeue')\ + .with_value(param_hash[:keystone_notification_allow_requeue]) + is_expected.to contain_barbican_config('keystone_notifications/thread_pool_size')\ + .with_value(param_hash[:keystone_notification_thread_pool_size]) + is_expected.to contain_barbican_config('keystone_notifications/topic')\ + .with_value(param_hash[:keystone_notification_topic]) + is_expected.to contain_barbican_config('keystone_notifications/control_exchange')\ + .with_value(param_hash[:keystone_notification_control_exchange]) + end end end end + + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge(OSDefaults.get_facts({ + :processorcount => 8, + :fqdn => 'some.host.tld', + :concat_basedir => '/var/lib/puppet/concat', + })) + end + + it_configures 'barbican keystone notification' + end + end end diff --git a/spec/classes/barbican_plugins_kmip_spec.rb b/spec/classes/barbican_plugins_kmip_spec.rb index f72e7dc9..e440b7ca 100644 --- a/spec/classes/barbican_plugins_kmip_spec.rb +++ b/spec/classes/barbican_plugins_kmip_spec.rb @@ -21,59 +21,68 @@ require 'spec_helper' describe 'barbican::plugins::kmip' do - let :facts do - @default_facts.merge( - { - :osfamily => 'RedHat', - :processorcount => '7', - } - ) - end + shared_examples_for 'barbican plugins kmip' do - describe 'with kmip plugin with username' do - let :params do - { - :kmip_plugin_username => 'kmip_user', - :kmip_plugin_password => 'kmip_password', - :kmip_plugin_host => 'kmip_host', - :kmip_plugin_port => 9000, - } + describe 'with kmip plugin with username' do + let :params do + { + :kmip_plugin_username => 'kmip_user', + :kmip_plugin_password => 'kmip_password', + :kmip_plugin_host => 'kmip_host', + :kmip_plugin_port => 9000, + } + end + + it 'is_expected.to set kmip parameters' do + is_expected.to contain_barbican_config('kmip_plugin/host')\ + .with_value(params[:kmip_plugin_host]) + is_expected.to contain_barbican_config('kmip_plugin/port')\ + .with_value(params[:kmip_plugin_port]) + is_expected.to contain_barbican_config('kmip_plugin/username')\ + .with_value(params[:kmip_plugin_username]) + is_expected.to contain_barbican_config('kmip_plugin/password')\ + .with_value(params[:kmip_plugin_password]) + end end - it 'is_expected.to set kmip parameters' do - is_expected.to contain_barbican_config('kmip_plugin/host')\ - .with_value(params[:kmip_plugin_host]) - is_expected.to contain_barbican_config('kmip_plugin/port')\ - .with_value(params[:kmip_plugin_port]) - is_expected.to contain_barbican_config('kmip_plugin/username')\ - .with_value(params[:kmip_plugin_username]) - is_expected.to contain_barbican_config('kmip_plugin/password')\ - .with_value(params[:kmip_plugin_password]) + describe 'with kmip plugin with certificate' do + let :params do + { + :kmip_plugin_keyfile => 'key_file', + :kmip_plugin_certfile => 'cert_file', + :kmip_plugin_ca_certs => 'ca_cert_file', + :kmip_plugin_host => 'kmip_host', + :kmip_plugin_port => 9000, + } + end + + it 'is_expected.to set kmip parameters' do + is_expected.to contain_barbican_config('kmip_plugin/keyfile')\ + .with_value(params[:kmip_plugin_keyfile]) + is_expected.to contain_barbican_config('kmip_plugin/certfile')\ + .with_value(params[:kmip_plugin_certfile]) + is_expected.to contain_barbican_config('kmip_plugin/ca_certs')\ + .with_value(params[:kmip_plugin_ca_certs]) + is_expected.to contain_barbican_config('kmip_plugin/host')\ + .with_value(params[:kmip_plugin_host]) + is_expected.to contain_barbican_config('kmip_plugin/port')\ + .with_value(params[:kmip_plugin_port]) + end end end + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge(OSDefaults.get_facts({ + :processorcount => 8, + :fqdn => 'some.host.tld', + :concat_basedir => '/var/lib/puppet/concat', + })) + end - describe 'with kmip plugin with certificate' do - let :params do - { - :kmip_plugin_keyfile => 'key_file', - :kmip_plugin_certfile => 'cert_file', - :kmip_plugin_ca_certs => 'ca_cert_file', - :kmip_plugin_host => 'kmip_host', - :kmip_plugin_port => 9000, - } - end - - it 'is_expected.to set kmip parameters' do - is_expected.to contain_barbican_config('kmip_plugin/keyfile')\ - .with_value(params[:kmip_plugin_keyfile]) - is_expected.to contain_barbican_config('kmip_plugin/certfile')\ - .with_value(params[:kmip_plugin_certfile]) - is_expected.to contain_barbican_config('kmip_plugin/ca_certs')\ - .with_value(params[:kmip_plugin_ca_certs]) - is_expected.to contain_barbican_config('kmip_plugin/host')\ - .with_value(params[:kmip_plugin_host]) - is_expected.to contain_barbican_config('kmip_plugin/port')\ - .with_value(params[:kmip_plugin_port]) + it_configures 'barbican plugins kmip' end end end diff --git a/spec/classes/barbican_plugins_p11_crypto_spec.rb b/spec/classes/barbican_plugins_p11_crypto_spec.rb index 9ec891bc..9c73a0fb 100644 --- a/spec/classes/barbican_plugins_p11_crypto_spec.rb +++ b/spec/classes/barbican_plugins_p11_crypto_spec.rb @@ -21,40 +21,49 @@ require 'spec_helper' describe 'barbican::plugins::p11_crypto' do - let :facts do - @default_facts.merge( - { - :osfamily => 'RedHat', - :processorcount => '7', - } - ) + shared_examples_for 'barbican plugins p11_crypto' do + describe 'with pk11 plugin' do + let :params do + { + :p11_crypto_plugin_login => 'p11_user', + :p11_crypto_plugin_mkek_label => 'mkek_label', + :p11_crypto_plugin_mkek_length => 32, + :p11_crypto_plugin_hmac_label => 'hmac_label', + :p11_crypto_plugin_slot_id => 1, + :p11_crypto_plugin_library_path => '/usr/lib/libCryptoki2_64.so', + } + end + + it 'is_expected.to set p11 parameters' do + is_expected.to contain_barbican_config('p11_crypto_plugin/login') \ + .with_value(params[:p11_crypto_plugin_login]) + is_expected.to contain_barbican_config('p11_crypto_plugin/mkek_label') \ + .with_value(params[:p11_crypto_plugin_mkek_label]) + is_expected.to contain_barbican_config('p11_crypto_plugin/mkek_length') \ + .with_value(params[:p11_crypto_plugin_mkek_length]) + is_expected.to contain_barbican_config('p11_crypto_plugin/hmac_label') \ + .with_value(params[:p11_crypto_plugin_hmac_label]) + is_expected.to contain_barbican_config('p11_crypto_plugin/slot_id') \ + .with_value(params[:p11_crypto_plugin_slot_id]) + is_expected.to contain_barbican_config('p11_crypto_plugin/library_path') \ + .with_value(params[:p11_crypto_plugin_library_path]) + end + end end - describe 'with pk11 plugin' do - let :params do - { - :p11_crypto_plugin_login => 'p11_user', - :p11_crypto_plugin_mkek_label => 'mkek_label', - :p11_crypto_plugin_mkek_length => 32, - :p11_crypto_plugin_hmac_label => 'hmac_label', - :p11_crypto_plugin_slot_id => 1, - :p11_crypto_plugin_library_path => '/usr/lib/libCryptoki2_64.so', - } - end + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge(OSDefaults.get_facts({ + :processorcount => 8, + :fqdn => 'some.host.tld', + :concat_basedir => '/var/lib/puppet/concat', + })) + end - it 'is_expected.to set p11 parameters' do - is_expected.to contain_barbican_config('p11_crypto_plugin/login') \ - .with_value(params[:p11_crypto_plugin_login]) - is_expected.to contain_barbican_config('p11_crypto_plugin/mkek_label') \ - .with_value(params[:p11_crypto_plugin_mkek_label]) - is_expected.to contain_barbican_config('p11_crypto_plugin/mkek_length') \ - .with_value(params[:p11_crypto_plugin_mkek_length]) - is_expected.to contain_barbican_config('p11_crypto_plugin/hmac_label') \ - .with_value(params[:p11_crypto_plugin_hmac_label]) - is_expected.to contain_barbican_config('p11_crypto_plugin/slot_id') \ - .with_value(params[:p11_crypto_plugin_slot_id]) - is_expected.to contain_barbican_config('p11_crypto_plugin/library_path') \ - .with_value(params[:p11_crypto_plugin_library_path]) + it_configures 'barbican plugins p11_crypto' end end end diff --git a/spec/classes/barbican_plugins_simple_crypto_spec.rb b/spec/classes/barbican_plugins_simple_crypto_spec.rb index 6563f3b9..689ae646 100644 --- a/spec/classes/barbican_plugins_simple_crypto_spec.rb +++ b/spec/classes/barbican_plugins_simple_crypto_spec.rb @@ -21,36 +21,45 @@ require 'spec_helper' describe 'barbican::plugins::simple_crypto' do - let :facts do - @default_facts.merge( - { - :osfamily => 'RedHat', - :processorcount => '7', - } - ) - end + shared_examples_for 'barbican plugins simple_crypto' do + describe 'with parameter passed into pk11 plugin' do + let :params do + { + :simple_crypto_plugin_kek => 'XXXXXXXXXXXXX' + } + end - describe 'with parameter passed into pk11 plugin' do - let :params do - { - :simple_crypto_plugin_kek => 'XXXXXXXXXXXXX' - } + it 'is_expected.to set simple_crypto parameters' do + is_expected.to contain_barbican_config('simple_crypto_plugin/kek') \ + .with_value(params[:simple_crypto_plugin_kek]) + end end - it 'is_expected.to set simple_crypto parameters' do - is_expected.to contain_barbican_config('simple_crypto_plugin/kek') \ - .with_value(params[:simple_crypto_plugin_kek]) + describe 'with no parameter passed into pk11 plugin' do + let :params do + {} + end + + it 'is_expected.to set default simple_crypto parameters' do + is_expected.to contain_barbican_config('simple_crypto_plugin/kek') \ + .with_value('') + end end end - describe 'with no parameter passed into pk11 plugin' do - let :params do - {} - end + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge(OSDefaults.get_facts({ + :processorcount => 8, + :fqdn => 'some.host.tld', + :concat_basedir => '/var/lib/puppet/concat', + })) + end - it 'is_expected.to set default simple_crypto parameters' do - is_expected.to contain_barbican_config('simple_crypto_plugin/kek') \ - .with_value('') + it_configures 'barbican plugins simple_crypto' end end end diff --git a/spec/classes/barbican_quota_spec.rb b/spec/classes/barbican_quota_spec.rb index 6a6a3247..06dc3437 100644 --- a/spec/classes/barbican_quota_spec.rb +++ b/spec/classes/barbican_quota_spec.rb @@ -21,56 +21,65 @@ require 'spec_helper' describe 'barbican::quota' do - let :facts do - @default_facts.merge( + shared_examples_for 'barbican quota' do + let :default_params do { - :osfamily => 'RedHat', - :processorcount => '7', + :quota_secrets => '', + :quota_orders => '', + :quota_containers => '', + :quota_consumers => '', + :quota_cas => '', } - ) - end + end - let :default_params do - { - :quota_secrets => '', - :quota_orders => '', - :quota_containers => '', - :quota_consumers => '', - :quota_cas => '', - } - end + [{}, + { + :quota_secrets => 100, + :quota_orders => 100, + :quota_containers => 100, + :quota_consumers => 100, + :quota_cas => 10, + } + ].each do |param_set| - [{}, - { - :quota_secrets => 100, - :quota_orders => 100, - :quota_containers => 100, - :quota_consumers => 100, - :quota_cas => 10, - } - ].each do |param_set| + describe "when #{param_set == {} ? "using default" : "specifying"} class parameters" do - describe "when #{param_set == {} ? "using default" : "specifying"} class parameters" do + let :param_hash do + default_params.merge(param_set) + end - let :param_hash do - default_params.merge(param_set) - end + let :params do + param_set + end - let :params do - param_set - end - - it 'is_expected.to set quota parameters' do - [ - 'quota_secrets', - 'quota_orders', - 'quota_containers', - 'quota_consumers', - 'quota_cas', - ].each do |config| - is_expected.to contain_barbican_config("quotas/#{config}").with_value(param_hash[config.intern]) + it 'is_expected.to set quota parameters' do + [ + 'quota_secrets', + 'quota_orders', + 'quota_containers', + 'quota_consumers', + 'quota_cas', + ].each do |config| + is_expected.to contain_barbican_config("quotas/#{config}").with_value(param_hash[config.intern]) + end end end end end + + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge(OSDefaults.get_facts({ + :processorcount => 8, + :fqdn => 'some.host.tld', + :concat_basedir => '/var/lib/puppet/concat', + })) + end + + it_configures 'barbican quota' + end + end end diff --git a/spec/classes/barbican_wsgi_apache_spec.rb b/spec/classes/barbican_wsgi_apache_spec.rb index bef01ae1..8bb25a68 100644 --- a/spec/classes/barbican_wsgi_apache_spec.rb +++ b/spec/classes/barbican_wsgi_apache_spec.rb @@ -121,7 +121,7 @@ describe 'barbican::wsgi::apache' do { :httpd_service_name => 'apache2', :httpd_ports_file => '/etc/apache2/ports.conf', - :wsgi_script_path => '/var/www/cgi-bin/barbican', + :wsgi_script_path => '/usr/lib/cgi-bin/barbican', } when 'RedHat' {