opendev/system-config
Code Issues Proposed changes
9d73f5a138
system-config/modules/openstack_project/spec/acceptance/basic_spec.rb
Colleen Murphy b21cf38fab Add beaker tests for openstack_project::server 
The openstack_project::server class is the most important piece of
puppet configuration we have, so add tests for it so that we can be
confident about upgrading it.

Unlike the other puppet modules, this module is a subdirectory of the
main repository, so all the tests and Gemfile need to be there. We
symlink back to the main Gemfile in the root of the repository (which is
used by the puppet-syntax check) and update it to be Zuul-compatible
like the Gemfiles in the other modules.

The spec helper depends on having a metadata.json file so it can read
the module name, so add that.

Add in-repo zuul jobs that inherit from the main jobs defined in
openstack-zuul-jobs. We're defining them in-repo instead of just adding
system-config to the list of repositories using these jobs because we
need to override the project_src_dir variable.

Depends-On: https://review.openstack.org/581308
Depends-On: https://review.openstack.org/581004
Depends-On: https://review.openstack.org/581448

Change-Id: Ic56d258573aa2a18d7ca27ea7fe1c2f121cd268f
2018-07-10 22:04:57 +02:00

91 lines
2.9 KiB
Ruby
Executable File
Raw Blame History

require 'puppet-openstack_infra_spec_helper/spec_helper_acceptance'
describe 'openstack_project::server' do
def pp_path
base_path = File.dirname(__FILE__)
File.join(base_path, 'fixtures')
end
def puppet_manifest
manifest_path = File.join(pp_path, 'default.pp')
File.read(manifest_path)
end
def postconditions_puppet_manifest
manifest_path = File.join(pp_path, 'postconditions.pp')
File.read(manifest_path)
end
before(:all) do
# The ssh_authorized_key resource uses the key comment as a universal
# identifier, so if a user's key is already in root's authorized keys, it
# conflicts with adding the key for the user itself. Move root's key list
# aside temporarily.
shell('mv /root/.ssh/authorized_keys /root/.ssh/authorized_keys.bak')
# epel is needed to install exim
if os[:family] == 'redhat'
shell('yum-config-manager --enable epel')
end
end
it 'should work with no errors' do
apply_manifest(puppet_manifest, catch_failures: true)
end
it 'should be idempotent' do
apply_manifest(puppet_manifest, catch_changes: true)
end
it 'should turn root ssh back on' do
apply_manifest(postconditions_puppet_manifest, catch_failures: true)
shell('mv /root/.ssh/authorized_keys.bak /root/.ssh/authorized_keys')
end
['mordred',
'corvus',
'clarkb',
'fungi',
'jhesketh',
'yolanda',
'pabelanger',
'rcarrillocruz',
'ianw',
'shrews',
'dmsimard',
'frickler'].each do |user|
describe user(user) do
it { should exist }
end
end
['slukjanov', 'elizabeth', 'nibz'].each do |user|
describe user(user) do
it { should_not exist }
end
end
exim = os[:family] == 'ubuntu' ? 'exim4' : 'exim'
ntp = os[:family] == 'ubuntu' ? 'ntp' : 'ntpd'
services = ['rsyslog', 'unbound', exim, 'snmpd', ntp]
if os[:family] == 'ubuntu'
services.push('openafs-client')
end
services.each do |service|
describe service(service) do
it { should be_running }
end
end
describe command('iptables -S') do
its(:stdout) { should contain('-A openstack-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT') }
its(:stdout) { should contain('-A openstack-INPUT -s 172.99.116.215/32 -p udp -m udp --dport 161 -j ACCEPT') }
its(:stdout) { should contain('-A openstack-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT') }
its(:stdout) { should contain('-A openstack-INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT') }
its(:stdout) { should contain('-A openstack-INPUT -p tcp -m state --state NEW -m tcp --dport 29418 -j ACCEPT') }
its(:stdout) { should contain('-A openstack-INPUT -p tcp -m tcp --dport 29418 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 100 --connlimit-mask 32 --connlimit-saddr -j REJECT --reject-with icmp-port-unreachable') }
its(:stdout) { should contain('-A openstack-INPUT -j REJECT --reject-with icmp-host-prohibited') }
end
end
View Git Blame Copy Permalink