diff --git a/.fixtures.yml b/.fixtures.yml new file mode 100644 index 00000000..b9eba658 --- /dev/null +++ b/.fixtures.yml @@ -0,0 +1,13 @@ +fixtures: + repositories: + 'concat': + 'repo': 'git://github.com/puppetlabs/puppetlabs-concat.git' + 'ref': '1.2.2' + 'inifile': 'git://github.com/puppetlabs/puppetlabs-inifile' + 'keystone': 'git://github.com/openstack/puppet-keystone.git' + 'mysql': 'git://github.com/puppetlabs/puppetlabs-mysql.git' + 'openstacklib': 'git://github.com/openstack/puppet-openstacklib.git' + 'postgresql': 'git://github.com/puppetlabs/puppetlabs-postgresql.git' + 'stdlib': 'git://github.com/puppetlabs/puppetlabs-stdlib.git' + symlinks: + barbican: "#{source_dir}" diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..4dd84f06 --- /dev/null +++ b/.gitignore @@ -0,0 +1,10 @@ +pkg/ +Gemfile.lock +vendor/ +spec/fixtures/ +.vagrant/ +.bundle/ +coverage/ +.idea/ +*.swp +*.iml diff --git a/Gemfile b/Gemfile new file mode 100644 index 00000000..6d4ce9a0 --- /dev/null +++ b/Gemfile @@ -0,0 +1,36 @@ +source ENV['GEM_SOURCE'] || "https://rubygems.org" + +group :development, :test do + gem 'puppetlabs_spec_helper', :require => 'false' + gem 'rspec-puppet', '~> 2.2.0', :require => 'false' + gem 'metadata-json-lint', :require => 'false' + gem 'puppet-lint-param-docs', :require => 'false' + gem 'puppet-lint-absolute_classname-check', :require => 'false' + gem 'puppet-lint-absolute_template_path', :require => 'false' + gem 'puppet-lint-trailing_newline-check', :require => 'false' + gem 'puppet-lint-unquoted_string-check', :require => 'false' + gem 'puppet-lint-leading_zero-check', :require => 'false' + gem 'puppet-lint-variable_contains_upcase', :require => 'false' + gem 'puppet-lint-numericvariable', :require => 'false' + gem 'json', :require => 'false' + gem 'webmock', :require => 'false' +end + +group :system_tests do + gem 'beaker-rspec', :require => 'false' + gem 'beaker-puppet_install_helper', :require => 'false' +end + +if facterversion = ENV['FACTER_GEM_VERSION'] + gem 'facter', facterversion, :require => false +else + gem 'facter', :require => false +end + +if puppetversion = ENV['PUPPET_GEM_VERSION'] + gem 'puppet', puppetversion, :require => false +else + gem 'puppet', :require => false +end + +# vim:ft=ruby diff --git a/LICENSE b/LICENSE new file mode 100644 index 00000000..8c06f5ea --- /dev/null +++ b/LICENSE @@ -0,0 +1,13 @@ +Copyright 2015 OpenStack Foundation + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/README.md b/README.md new file mode 100644 index 00000000..0ecafff9 --- /dev/null +++ b/README.md @@ -0,0 +1,78 @@ +barbican +======= + +#### Table of Contents + +1. [Overview - What is the barbican module?](#overview) +2. [Module Description - What does the module do?](#module-description) +3. [Setup - The basics of getting started with barbican](#setup) +4. [Implementation - An under-the-hood peek at what the module is doing](#implementation) +5. [Limitations - OS compatibility, etc.](#limitations) +6. [Development - Guide for contributing to the module](#development) +7. [Contributors - Those with commits](#contributors) + +Overview +-------- + +The barbican module is a part of [OpenStack](https://github.com/openstack), an effort by the Openstack infrastructure team to provide continuous integration testing and code review for Openstack and Openstack community projects not part of the core software. The module its self is used to flexibly configure and manage the Key management service for Openstack. + +Module Description +------------------ + +The barbican module is a thorough attempt to make Puppet capable of managing the entirety of barbican. This includes manifests to provision region specific endpoint and database connections. Types are shipped as part of the barbican module to assist in manipulation of configuration files. + +Setup +----- + +**What the barbican module affects** + +* [Barbican](https://wiki.openstack.org/wiki/Barbican), the Key management service for Openstack. + +### Installing barbican + + barbican is not currently in Puppet Forge, but is anticipated to be added soon. Once that happens, you'll be able to install barbican with: + puppet module install openstack/barbican + +### Beginning with barbican + +To utilize the barbican module's functionality you will need to declare multiple resources. The following is a modified excerpt from the [openstack module](https://github.com/stackfoge/puppet-openstack). This is not an exhaustive list of all the components needed, we recommend you consult and understand the [openstack module](https://github.com/stackforge/puppet-openstack) and the [core openstack](http://docs.openstack.org) documentation. + +Implementation +-------------- + +### barbican + +barbican is a combination of Puppet manifest and ruby code to delivery configuration and extra functionality through types and providers. + +Limitations +------------ + +* All the barbican types use the CLI tools and so need to be ran on the barbican node. + +Beaker-Rspec +------------ + +This module has beaker-rspec tests + +To run the tests on the default vagrant node: + +```shell +bundle install +bundle exec rake acceptance +``` + +For more information on writing and running beaker-rspec tests visit the documentation: + +* https://github.com/puppetlabs/beaker/wiki/How-to-Write-a-Beaker-Test-for-a-Module + +Development +----------- + +Developer documentation for the entire puppet-openstack project. + +* https://wiki.openstack.org/wiki/Puppet + +Contributors +------------ + +* https://github.com/openstack/puppet-barbican/graphs/contributors diff --git a/Rakefile b/Rakefile new file mode 100644 index 00000000..bc08f437 --- /dev/null +++ b/Rakefile @@ -0,0 +1,21 @@ +require 'puppetlabs_spec_helper/rake_tasks' +require 'puppet-lint/tasks/puppet-lint' +require 'puppet-syntax/tasks/puppet-syntax' + +PuppetSyntax.exclude_paths ||= [] +PuppetSyntax.exclude_paths << "spec/fixtures/**/*" +PuppetSyntax.exclude_paths << "pkg/**/*" +PuppetSyntax.exclude_paths << "vendor/**/*" + +Rake::Task[:lint].clear +PuppetLint::RakeTask.new :lint do |config| + config.ignore_paths = ["spec/**/*.pp", "vendor/**/*.pp"] + config.fail_on_warnings = true + config.log_format = '%{path}:%{linenumber}:%{KIND}: %{message}' + config.disable_checks = ["80chars", "class_inherits_from_params_class", "class_parameter_defaults", "only_variable_string"] +end + +desc "Run acceptance tests" +RSpec::Core::RakeTask.new(:acceptance) do |t| + t.pattern = 'spec/acceptance' +end diff --git a/lib/puppet/provider/barbican_config/ini_setting.rb b/lib/puppet/provider/barbican_config/ini_setting.rb new file mode 100644 index 00000000..54fd452e --- /dev/null +++ b/lib/puppet/provider/barbican_config/ini_setting.rb @@ -0,0 +1,10 @@ +Puppet::Type.type(:barbican_config).provide( + :ini_setting, + :parent => Puppet::Type.type(:openstack_config).provider(:ini_setting) +) do + + def self.file_path + '/etc/barbican/barbican.conf' + end + +end diff --git a/lib/puppet/type/barbican_config.rb b/lib/puppet/type/barbican_config.rb new file mode 100644 index 00000000..09c4c246 --- /dev/null +++ b/lib/puppet/type/barbican_config.rb @@ -0,0 +1,51 @@ +Puppet::Type.newtype(:barbican_config) do + + ensurable + + newparam(:name, :namevar => true) do + desc 'Section/setting name to manage from barbican.conf' + newvalues(/\S+\/\S+/) + end + + newproperty(:value) do + desc 'The value of the setting to be defined.' + munge do |value| + value = value.to_s.strip + value.capitalize! if value =~ /^(true|false)$/i + value + end + newvalues(/^[\S ]*$/) + + def is_to_s( currentvalue ) + if resource.secret? + return '[old secret redacted]' + else + return currentvalue + end + end + + def should_to_s( newvalue ) + if resource.secret? + return '[new secret redacted]' + else + return newvalue + end + end + end + + newparam(:secret, :boolean => true) do + desc 'Whether to hide the value from Puppet logs. Defaults to `false`.' + newvalues(:true, :false) + defaultto false + end + + newparam(:ensure_absent_val) do + desc 'A value that is specified as the value property will behave as if ensure => absent was specified' + defaultto('') + end + + autorequire(:package) do + 'barbican' + end + +end diff --git a/manifests/config.pp b/manifests/config.pp new file mode 100644 index 00000000..c10fe8da --- /dev/null +++ b/manifests/config.pp @@ -0,0 +1,30 @@ +# == Class: barbican::config +# +# This class is used to manage arbitrary barbican configurations. +# +# === Parameters +# +# [*barbican_config*] +# (optional) Allow configuration of arbitrary barbican configurations. +# The value is an hash of barbican_config resources. Example: +# { 'DEFAULT/foo' => { value => 'fooValue'}, +# 'DEFAULT/bar' => { value => 'barValue'} +# } +# In yaml format, Example: +# barbican_config: +# DEFAULT/foo: +# value: fooValue +# DEFAULT/bar: +# value: barValue +# +# NOTE: The configuration MUST NOT be already handled by this module +# or Puppet catalog compilation will fail with duplicate resources. +# +class barbican::config ( + $barbican_config = {}, +) { + + validate_hash($barbican_config) + + create_resources('barbican_config', $barbican_config) +} diff --git a/manifests/db.pp b/manifests/db.pp new file mode 100644 index 00000000..b718cc50 --- /dev/null +++ b/manifests/db.pp @@ -0,0 +1,94 @@ +# == Class: barbican::db +# +# Configure the barbican database +# +# === Parameters +# +# [*database_connection*] +# Url used to connect to database. +# (Optional) Defaults to "sqlite:////var/lib/barbican/barbican.sqlite". +# +# [*database_idle_timeout*] +# Timeout when db connections should be reaped. +# (Optional) Defaults to 3600. +# +# [*database_max_retries*] +# Maximum number of database connection retries during startup. +# Setting -1 implies an infinite retry count. +# (Optional) Defaults to 10. +# +# [*database_retry_interval*] +# Interval between retries of opening a database connection. +# (Optional) Defaults to 10. +# +# [*database_min_pool_size*] +# Minimum number of SQL connections to keep open in a pool. +# (Optional) Defaults to 1. +# +# [*database_max_pool_size*] +# Maximum number of SQL connections to keep open in a pool. +# (Optional) Defaults to 10. +# +# [*database_max_overflow*] +# If set, use this value for max_overflow with sqlalchemy. +# (Optional) Defaults to 20. +# +class barbican::db ( + $database_connection = 'sqlite:////var/lib/barbican/barbican.sqlite', + $database_idle_timeout = 3600, + $database_min_pool_size = 1, + $database_max_pool_size = 10, + $database_max_retries = 10, + $database_retry_interval = 10, + $database_max_overflow = 20, +) { + + $database_connection_real = pick($::barbican::database_connection, $database_connection) + $database_idle_timeout_real = pick($::barbican::database_idle_timeout, $database_idle_timeout) + $database_min_pool_size_real = pick($::barbican::database_min_pool_size, $database_min_pool_size) + $database_max_pool_size_real = pick($::barbican::database_max_pool_size, $database_max_pool_size) + $database_max_retries_real = pick($::barbican::database_max_retries, $database_max_retries) + $database_retry_interval_real = pick($::barbican::database_retry_interval, $database_retry_interval) + $database_max_overflow_real = pick($::barbican::database_max_overflow, $database_max_overflow) + + validate_re($database_connection_real, + '(sqlite|mysql|postgresql):\/\/(\S+:\S+@\S+\/\S+)?') + + if $database_connection_real { + case $database_connection_real { + /^mysql:\/\//: { + $backend_package = false + require 'mysql::bindings' + require 'mysql::bindings::python' + } + /^postgresql:\/\//: { + $backend_package = $::barbican::params::psycopg_package_name + } + /^sqlite:\/\//: { + $backend_package = $::barbican::params::sqlite_package_name + } + default: { + fail('Unsupported backend configured') + } + } + + if $backend_package and !defined(Package[$backend_package]) { + package {'barbican-backend-package': + ensure => present, + name => $backend_package, + tag => 'openstack', + } + } + + barbican_config { + 'database/connection': value => $database_connection_real, secret => true; + 'database/idle_timeout': value => $database_idle_timeout_real; + 'database/min_pool_size': value => $database_min_pool_size_real; + 'database/max_retries': value => $database_max_retries_real; + 'database/retry_interval': value => $database_retry_interval_real; + 'database/max_pool_size': value => $database_max_pool_size_real; + 'database/max_overflow': value => $database_max_overflow_real; + } + } + +} diff --git a/manifests/db/mysql.pp b/manifests/db/mysql.pp new file mode 100644 index 00000000..affcd841 --- /dev/null +++ b/manifests/db/mysql.pp @@ -0,0 +1,69 @@ +# The barbican::db::mysql class implements mysql backend for barbican +# +# This class can be used to create tables, users and grant +# privelege for a mysql barbican database. +# +# == parameters +# +# [*password*] +# (Mandatory) Password to connect to the database. +# Defaults to 'false'. +# +# [*dbname*] +# (Optional) Name of the database. +# Defaults to 'barbican'. +# +# [*user*] +# (Optional) User to connect to the database. +# Defaults to 'barbican'. +# +# [*host*] +# (Optional) The default source host user is allowed to connect from. +# Defaults to '127.0.0.1' +# +# [*allowed_hosts*] +# (Optional) Other hosts the user is allowed to connect from. +# Defaults to 'undef'. +# +# [*charset*] +# (Optional) The database charset. +# Defaults to 'utf8' +# +# [*collate*] +# (Optional) The database collate. +# Only used with mysql modules >= 2.2. +# Defaults to 'utf8_general_ci' +# +# == Dependencies +# Class['mysql::server'] +# +# == Examples +# +# == Authors +# +# == Copyright +# +class barbican::db::mysql( + $password, + $dbname = 'barbican', + $user = 'barbican', + $host = '127.0.0.1', + $charset = 'utf8', + $collate = 'utf8_general_ci', + $allowed_hosts = undef +) { + + validate_string($password) + + ::openstacklib::db::mysql { 'barbican': + user => $user, + password_hash => mysql_password($password), + dbname => $dbname, + host => $host, + charset => $charset, + collate => $collate, + allowed_hosts => $allowed_hosts, + } + + ::Openstacklib::Db::Mysql['barbican'] ~> Exec<| title == 'barbican-manage db_sync' |> +} diff --git a/manifests/db/postgresql.pp b/manifests/db/postgresql.pp new file mode 100644 index 00000000..f86907c4 --- /dev/null +++ b/manifests/db/postgresql.pp @@ -0,0 +1,55 @@ +# == Class: barbican::db::postgresql +# +# Class that configures postgresql for barbican +# Requires the Puppetlabs postgresql module. +# +# === Parameters +# +# [*password*] +# (Required) Password to connect to the database. +# +# [*dbname*] +# (Optional) Name of the database. +# Defaults to 'barbican'. +# +# [*user*] +# (Optional) User to connect to the database. +# Defaults to 'barbican'. +# +# [*encoding*] +# (Optional) The charset to use for the database. +# Default to undef. +# +# [*privileges*] +# (Optional) Privileges given to the database user. +# Default to 'ALL' +# +# == Dependencies +# +# == Examples +# +# == Authors +# +# == Copyright +# +class barbican::db::postgresql( + $password, + $dbname = 'barbican', + $user = 'barbican', + $encoding = undef, + $privileges = 'ALL', +) { + + Class['barbican::db::postgresql'] -> Service<| title == 'barbican' |> + + ::openstacklib::db::postgresql { 'barbican': + password_hash => postgresql_password($user, $password), + dbname => $dbname, + user => $user, + encoding => $encoding, + privileges => $privileges, + } + + ::Openstacklib::Db::Postgresql['barbican'] ~> Exec<| title == 'barbican-manage db_sync' |> + +} diff --git a/manifests/db/sync.pp b/manifests/db/sync.pp new file mode 100644 index 00000000..bc2c562e --- /dev/null +++ b/manifests/db/sync.pp @@ -0,0 +1,23 @@ +# +# Class to execute barbican-db-manage upgrade +# +# == Parameters +# +# [*extra_params*] +# (optional) String of extra command line parameters to append +# to the barbican-db-manage command. +# Defaults to undef +# +class barbican::db::sync( + $extra_params = undef, +) { + exec { 'barbican-db-manage': + command => "barbican-db-manage upgrade ${extra_params}", + path => '/usr/bin', + user => 'barbican', + refreshonly => true, + subscribe => [Package['barbican'], Barbican_config['database/connection']], + } + + Exec['barbican-db-manage'] ~> Service<| title == 'barbican' |> +} diff --git a/manifests/init.pp b/manifests/init.pp new file mode 100644 index 00000000..a8731221 --- /dev/null +++ b/manifests/init.pp @@ -0,0 +1,14 @@ +# == Class: barbican +# +# Full description of class barbican here. +# +# === Parameters +# +# [*sample_parameter*] +# Explanation of what this parameter affects and what it defaults to. +# +class barbican { + + include ::barbican::params + +} diff --git a/manifests/keystone/auth.pp b/manifests/keystone/auth.pp new file mode 100644 index 00000000..f5609c89 --- /dev/null +++ b/manifests/keystone/auth.pp @@ -0,0 +1,92 @@ +# == Class: barbican::keystone::auth +# +# Configures barbican user, service and endpoint in Keystone. +# +# === Parameters +# +# [*password*] +# (required) Password for barbican user. +# +# [*auth_name*] +# Username for barbican service. Defaults to 'barbican'. +# +# [*email*] +# Email for barbican user. Defaults to 'barbican@localhost'. +# +# [*tenant*] +# Tenant for barbican user. Defaults to 'services'. +# +# [*configure_endpoint*] +# Should barbican endpoint be configured? Defaults to 'true'. +# +# [*configure_user*] +# (Optional) Should the service user be configured? +# Defaults to 'true'. +# +# [*configure_user_role*] +# (Optional) Should the admin role be configured for the service user? +# Defaults to 'true'. +# +# [*service_type*] +# Type of service. Defaults to 'key-manager'. +# +# [*region*] +# Region for endpoint. Defaults to 'RegionOne'. +# +# [*service_name*] +# (optional) Name of the service. +# Defaults to the value of auth_name. +# +# [*public_url*] +# (optional) The endpoint's public url. (Defaults to 'http://127.0.0.1:9311') +# This url should *not* contain any trailing '/'. +# +# [*admin_url*] +# (optional) The endpoint's admin url. (Defaults to 'http://127.0.0.1:9311') +# This url should *not* contain any trailing '/'. +# +# [*internal_url*] +# (optional) The endpoint's internal url. (Defaults to 'http://127.0.0.1:9311') +# This url should *not* contain any trailing '/'. +# +class barbican::keystone::auth ( + $password, + $auth_name = 'barbican', + $email = 'barbican@localhost', + $tenant = 'services', + $configure_endpoint = true, + $configure_user = true, + $configure_user_role = true, + $service_name = undef, + $service_type = 'key-manager', + $region = 'RegionOne', + $public_url = 'http://127.0.0.1:9311', + $internal_url = 'http://127.0.0.1:9311', + $admin_url = 'http://127.0.0.1:9311', +) { + + $real_service_name = pick($service_name, $auth_name) + + if $configure_user_role { + Keystone_user_role["${auth_name}@${tenant}"] ~> Service <| name == 'barbican-server' |> + } + Keystone_endpoint["${region}/${real_service_name}"] ~> Service <| name == 'barbican-server' |> + + keystone::resource::service_identity { 'barbican': + configure_user => $configure_user, + configure_user_role => $configure_user_role, + configure_endpoint => $configure_endpoint, + service_name => $real_service_name, + service_type => $service_type, + service_description => 'Key management Service', + region => $region, + auth_name => $auth_name, + password => $password, + email => $email, + tenant => $tenant, + public_url => $public_url, + internal_url => $internal_url, + admin_url => $admin_url, + } + +} diff --git a/manifests/logging.pp b/manifests/logging.pp new file mode 100644 index 00000000..efbb701a --- /dev/null +++ b/manifests/logging.pp @@ -0,0 +1,211 @@ +# Class barbican::logging +# +# barbican extended logging configuration +# +# == parameters +# +# [*logging_context_format_string*] +# (optional) Format string to use for log messages with context. +# Defaults to undef. +# Example: '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s\ +# [%(request_id)s %(user_identity)s] %(instance)s%(message)s' +# +# [*logging_default_format_string*] +# (optional) Format string to use for log messages without context. +# Defaults to undef. +# Example: '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s\ +# [-] %(instance)s%(message)s' +# +# [*logging_debug_format_suffix*] +# (optional) Formatted data to append to log format when level is DEBUG. +# Defaults to undef. +# Example: '%(funcName)s %(pathname)s:%(lineno)d' +# +# [*logging_exception_prefix*] +# (optional) Prefix each line of exception output with this format. +# Defaults to undef. +# Example: '%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s' +# +# [*log_config_append*] +# The name of an additional logging configuration file. +# Defaults to undef. +# See https://docs.python.org/2/howto/logging.html +# +# [*default_log_levels*] +# (optional) Hash of logger (keys) and level (values) pairs. +# Defaults to undef. +# Example: +# { 'amqp' => 'WARN', 'amqplib' => 'WARN', 'boto' => 'WARN', +# 'qpid' => 'WARN', 'sqlalchemy' => 'WARN', 'suds' => 'INFO', +# 'oslo.messaging' => 'INFO', 'iso8601' => 'WARN', +# 'requests.packages.urllib3.connectionpool' => 'WARN', +# 'urllib3.connectionpool' => 'WARN', +# 'websocket' => 'WARN', 'barbicanmiddleware' => 'WARN', +# 'routes.middleware' => 'WARN', stevedore => 'WARN' } +# +# [*publish_errors*] +# (optional) Publish error events (boolean value). +# Defaults to undef (false if unconfigured). +# +# [*fatal_deprecations*] +# (optional) Make deprecations fatal (boolean value) +# Defaults to undef (false if unconfigured). +# +# [*instance_format*] +# (optional) If an instance is passed with the log message, format it +# like this (string value). +# Defaults to undef. +# Example: '[instance: %(uuid)s] ' +# +# [*instance_uuid_format*] +# (optional) If an instance UUID is passed with the log message, format +# it like this (string value). +# Defaults to undef. +# Example: instance_uuid_format='[instance: %(uuid)s] ' + +# [*log_date_format*] +# (optional) Format string for %%(asctime)s in log records. +# Defaults to undef. +# Example: 'Y-%m-%d %H:%M:%S' + +class barbican::logging( + $logging_context_format_string = undef, + $logging_default_format_string = undef, + $logging_debug_format_suffix = undef, + $logging_exception_prefix = undef, + $log_config_append = undef, + $default_log_levels = undef, + $publish_errors = undef, + $fatal_deprecations = undef, + $instance_format = undef, + $instance_uuid_format = undef, + $log_date_format = undef, +) { + + if $logging_context_format_string { + barbican_config { + 'DEFAULT/logging_context_format_string' : + value => $logging_context_format_string; + } + } + else { + barbican_config { + 'DEFAULT/logging_context_format_string' : ensure => absent; + } + } + + if $logging_default_format_string { + barbican_config { + 'DEFAULT/logging_default_format_string' : + value => $logging_default_format_string; + } + } + else { + barbican_config { + 'DEFAULT/logging_default_format_string' : ensure => absent; + } + } + + if $logging_debug_format_suffix { + barbican_config { + 'DEFAULT/logging_debug_format_suffix' : + value => $logging_debug_format_suffix; + } + } + else { + barbican_config { + 'DEFAULT/logging_debug_format_suffix' : ensure => absent; + } + } + + if $logging_exception_prefix { + barbican_config { + 'DEFAULT/logging_exception_prefix' : value => $logging_exception_prefix; + } + } + else { + barbican_config { + 'DEFAULT/logging_exception_prefix' : ensure => absent; + } + } + + if $log_config_append { + barbican_config { + 'DEFAULT/log_config_append' : value => $log_config_append; + } + } + else { + barbican_config { + 'DEFAULT/log_config_append' : ensure => absent; + } + } + + if $default_log_levels { + barbican_config { + 'DEFAULT/default_log_levels' : + value => join(sort(join_keys_to_values($default_log_levels, '=')), ','); + } + } + else { + barbican_config { + 'DEFAULT/default_log_levels' : ensure => absent; + } + } + + if $publish_errors { + barbican_config { + 'DEFAULT/publish_errors' : value => $publish_errors; + } + } + else { + barbican_config { + 'DEFAULT/publish_errors' : ensure => absent; + } + } + + if $fatal_deprecations { + barbican_config { + 'DEFAULT/fatal_deprecations' : value => $fatal_deprecations; + } + } + else { + barbican_config { + 'DEFAULT/fatal_deprecations' : ensure => absent; + } + } + + if $instance_format { + barbican_config { + 'DEFAULT/instance_format' : value => $instance_format; + } + } + else { + barbican_config { + 'DEFAULT/instance_format' : ensure => absent; + } + } + + if $instance_uuid_format { + barbican_config { + 'DEFAULT/instance_uuid_format' : value => $instance_uuid_format; + } + } + else { + barbican_config { + 'DEFAULT/instance_uuid_format' : ensure => absent; + } + } + + if $log_date_format { + barbican_config { + 'DEFAULT/log_date_format' : value => $log_date_format; + } + } + else { + barbican_config { + 'DEFAULT/log_date_format' : ensure => absent; + } + } + + +} diff --git a/manifests/params.pp b/manifests/params.pp new file mode 100644 index 00000000..9ece7ce1 --- /dev/null +++ b/manifests/params.pp @@ -0,0 +1,19 @@ +# Parameters for puppet-barbican +# +class barbican::params { + + case $::osfamily { + 'RedHat': { + $psycopg_package_name = 'python-psycopg2' + $sqlite_package_name = undef + } + 'Debian': { + $psycopg_package_name = 'python-psycopg2' + $sqlite_package_name = 'python-pysqlite2' + } + default: { + fail("Unsupported osfamily: ${::osfamily} operatingsystem") + } + + } # Case $::osfamily +} diff --git a/manifests/policy.pp b/manifests/policy.pp new file mode 100644 index 00000000..e41a2e9f --- /dev/null +++ b/manifests/policy.pp @@ -0,0 +1,39 @@ +# == Class: barbican::policy +# +# Configure the barbican policies +# +# === Parameters +# +# [*policies*] +# (optional) Set of policies to configure for barbican +# Example : +# { +# 'barbican-context_is_admin' => { +# 'key' => 'context_is_admin', +# 'value' => 'true' +# }, +# 'barbican-default' => { +# 'key' => 'default', +# 'value' => 'rule:admin_or_owner' +# } +# } +# Defaults to empty hash. +# +# [*policy_path*] +# (optional) Path to the nova policy.json file +# Defaults to /etc/barbican/policy.json +# +class barbican::policy ( + $policies = {}, + $policy_path = '/etc/barbican/policy.json', +) { + + validate_hash($policies) + + Openstacklib::Policy::Base { + file_path => $policy_path, + } + + create_resources('openstacklib::policy::base', $policies) + +} diff --git a/metadata.json b/metadata.json new file mode 100644 index 00000000..ef360d97 --- /dev/null +++ b/metadata.json @@ -0,0 +1,34 @@ +{ + "name": "puppet-barbican", + "version": "0.0.1", + "author": "OpenStack Contributors", + "summary": "Puppet module for OpenStack Barbican", + "license": "Apache-2.0", + "source": "git://github.com/openstack/puppet-barbican.git", + "project_page": "https://launchpad.net/puppet-barbican", + "issues_url": "https://bugs.launchpad.net/puppet-barbican", + "description": "Installs and configures OpenStack Barbican.", + "operatingsystem_support": [ + { + "operatingsystem": "Debian", + "operatingsystemrelease": ["8"] + }, + { + "operatingsystem": "Fedora", + "operatingsystemrelease": ["21","22"] + }, + { + "operatingsystem": "RedHat", + "operatingsystemrelease": ["7"] + }, + { + "operatingsystem": "Ubuntu", + "operatingsystemrelease": ["14.04"] + } + ], + "dependencies": [ + { "name": "puppetlabs/inifile", "version_requirement": ">=1.0.0 <2.0.0" }, + { "name": "puppetlabs/stdlib", "version_requirement": ">= 4.2.0 <5.0.0" }, + { "name": "stackforge/openstacklib", "version_requirement": ">=5.0.0 <6.0.0" } + ] +} diff --git a/spec/acceptance/nodesets/centos-70-x64.yml b/spec/acceptance/nodesets/centos-70-x64.yml new file mode 100644 index 00000000..5f097e9f --- /dev/null +++ b/spec/acceptance/nodesets/centos-70-x64.yml @@ -0,0 +1,11 @@ +HOSTS: + centos-server-70-x64: + roles: + - master + platform: el-7-x86_64 + box: puppetlabs/centos-7.0-64-nocm + box_url: https://vagrantcloud.com/puppetlabs/centos-7.0-64-nocm + hypervisor: vagrant +CONFIG: + log_level: debug + type: foss diff --git a/spec/acceptance/nodesets/default.yml b/spec/acceptance/nodesets/default.yml new file mode 100644 index 00000000..486b6a34 --- /dev/null +++ b/spec/acceptance/nodesets/default.yml @@ -0,0 +1,10 @@ +HOSTS: + ubuntu-server-14.04-amd64: + roles: + - master + platform: ubuntu-14.04-amd64 + box: puppetlabs/ubuntu-14.04-64-nocm + box_url: https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm + hypervisor: vagrant +CONFIG: + type: foss diff --git a/spec/acceptance/nodesets/nodepool-centos7.yml b/spec/acceptance/nodesets/nodepool-centos7.yml new file mode 100644 index 00000000..c5528742 --- /dev/null +++ b/spec/acceptance/nodesets/nodepool-centos7.yml @@ -0,0 +1,10 @@ +HOSTS: + centos-70-x64: + roles: + - master + platform: el-7-x86_64 + hypervisor: none + ip: 127.0.0.1 +CONFIG: + type: foss + set_env: false diff --git a/spec/acceptance/nodesets/nodepool-trusty.yml b/spec/acceptance/nodesets/nodepool-trusty.yml new file mode 100644 index 00000000..9fc624e2 --- /dev/null +++ b/spec/acceptance/nodesets/nodepool-trusty.yml @@ -0,0 +1,10 @@ +HOSTS: + ubuntu-14.04-amd64: + roles: + - master + platform: ubuntu-14.04-amd64 + hypervisor: none + ip: 127.0.0.1 +CONFIG: + type: foss + set_env: false diff --git a/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml b/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml new file mode 100644 index 00000000..8001929b --- /dev/null +++ b/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml @@ -0,0 +1,11 @@ +HOSTS: + ubuntu-server-14.04-amd64: + roles: + - master + platform: ubuntu-14.04-amd64 + box: puppetlabs/ubuntu-14.04-64-nocm + box_url: https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm + hypervisor: vagrant +CONFIG: + log_level: debug + type: foss diff --git a/spec/classes/barbican_db_mysql_spec.rb b/spec/classes/barbican_db_mysql_spec.rb new file mode 100644 index 00000000..95d3ca09 --- /dev/null +++ b/spec/classes/barbican_db_mysql_spec.rb @@ -0,0 +1,62 @@ +require 'spec_helper' + +describe 'barbican::db::mysql' do + + let :pre_condition do + [ + 'include mysql::server', + 'include barbican::db::sync' + ] + end + + let :facts do + { :osfamily => 'Debian' } + end + + let :params do + { + 'password' => 'fooboozoo_default_password', + } + end + + describe 'with only required params' do + it { is_expected.to contain_openstacklib__db__mysql('barbican').with( + 'user' => 'barbican', + 'password_hash' => '*3DDF34A86854A312A8E2C65B506E21C91800D206', + 'dbname' => 'barbican', + 'host' => '127.0.0.1', + 'charset' => 'utf8', + :collate => 'utf8_general_ci', + )} + end + + describe "overriding allowed_hosts param to array" do + let :params do + { + :password => 'barbicanpass', + :allowed_hosts => ['127.0.0.1','%'] + } + end + + end + describe "overriding allowed_hosts param to string" do + let :params do + { + :password => 'barbicanpass2', + :allowed_hosts => '192.168.1.1' + } + end + + end + + describe "overriding allowed_hosts param equals to host param " do + let :params do + { + :password => 'barbicanpass2', + :allowed_hosts => '127.0.0.1' + } + end + + end + +end diff --git a/spec/classes/barbican_db_postgresql_spec.rb b/spec/classes/barbican_db_postgresql_spec.rb new file mode 100644 index 00000000..724e546f --- /dev/null +++ b/spec/classes/barbican_db_postgresql_spec.rb @@ -0,0 +1,58 @@ +require 'spec_helper' + +describe 'barbican::db::postgresql' do + + let :req_params do + { :password => 'pw' } + end + + let :pre_condition do + 'include postgresql::server' + end + + context 'on a RedHat osfamily' do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '7.0', + :concat_basedir => '/var/lib/puppet/concat' + } + end + + context 'with only required parameters' do + let :params do + req_params + end + + it { is_expected.to contain_postgresql__server__db('barbican').with( + :user => 'barbican', + :password => 'md5699e09b3c7579f59869b882716fd7299' + )} + end + + end + + context 'on a Debian osfamily' do + let :facts do + { + :operatingsystemrelease => '7.8', + :operatingsystem => 'Debian', + :osfamily => 'Debian', + :concat_basedir => '/var/lib/puppet/concat' + } + end + + context 'with only required parameters' do + let :params do + req_params + end + + it { is_expected.to contain_postgresql__server__db('barbican').with( + :user => 'barbican', + :password => 'md5699e09b3c7579f59869b882716fd7299' + )} + end + + end + +end diff --git a/spec/classes/barbican_keystone_auth_spec.rb b/spec/classes/barbican_keystone_auth_spec.rb new file mode 100644 index 00000000..416f5f0a --- /dev/null +++ b/spec/classes/barbican_keystone_auth_spec.rb @@ -0,0 +1,124 @@ +# +# Unit tests for barbican::keystone::auth +# + +require 'spec_helper' + +describe 'barbican::keystone::auth' do + + let :facts do + { :osfamily => 'Debian' } + end + + describe 'with default class parameters' do + let :params do + { :password => 'barbican_password', + :tenant => 'foobar' } + end + + it { is_expected.to contain_keystone_user('barbican').with( + :ensure => 'present', + :password => 'barbican_password', + :tenant => 'foobar' + ) } + + it { is_expected.to contain_keystone_user_role('barbican@foobar').with( + :ensure => 'present', + :roles => ['admin'] + )} + + it { is_expected.to contain_keystone_service('barbican').with( + :ensure => 'present', + :type => 'key-manager', + :description => 'Key management Service' + ) } + + it { is_expected.to contain_keystone_endpoint('RegionOne/barbican').with( + :ensure => 'present', + :public_url => 'http://127.0.0.1:9311', + :admin_url => 'http://127.0.0.1:9311', + :internal_url => 'http://127.0.0.1:9311', + ) } + end + + describe 'when overriding URL parameters' do + let :params do + { :password => 'barbican_password', + :public_url => 'https://10.10.10.10:80', + :internal_url => 'http://10.10.10.11:81', + :admin_url => 'http://10.10.10.12:81' } + end + + it { is_expected.to contain_keystone_endpoint('RegionOne/barbican').with( + :ensure => 'present', + :public_url => 'https://10.10.10.10:80', + :internal_url => 'http://10.10.10.11:81', + :admin_url => 'http://10.10.10.12:81' + ) } + end + + describe 'when overriding auth name' do + let :params do + { :password => 'foo', + :auth_name => 'barbicany' } + end + + it { is_expected.to contain_keystone_user('barbicany') } + it { is_expected.to contain_keystone_user_role('barbicany@services') } + it { is_expected.to contain_keystone_service('barbicany') } + it { is_expected.to contain_keystone_endpoint('RegionOne/barbicany') } + end + + describe 'when overriding service name' do + let :params do + { :service_name => 'barbican_service', + :auth_name => 'barbican', + :password => 'barbican_password' } + end + + it { is_expected.to contain_keystone_user('barbican') } + it { is_expected.to contain_keystone_user_role('barbican@services') } + it { is_expected.to contain_keystone_service('barbican_service') } + it { is_expected.to contain_keystone_endpoint('RegionOne/barbican_service') } + end + + describe 'when disabling user configuration' do + + let :params do + { + :password => 'barbican_password', + :configure_user => false + } + end + + it { is_expected.not_to contain_keystone_user('barbican') } + it { is_expected.to contain_keystone_user_role('barbican@services') } + it { is_expected.to contain_keystone_service('barbican').with( + :ensure => 'present', + :type => 'key-manager', + :description => 'Key management Service' + ) } + + end + + describe 'when disabling user and user role configuration' do + + let :params do + { + :password => 'barbican_password', + :configure_user => false, + :configure_user_role => false + } + end + + it { is_expected.not_to contain_keystone_user('barbican') } + it { is_expected.not_to contain_keystone_user_role('barbican@services') } + it { is_expected.to contain_keystone_service('barbican').with( + :ensure => 'present', + :type => 'key-manager', + :description => 'Key management Service' + ) } + + end + +end diff --git a/spec/classes/barbican_logging_spec.rb b/spec/classes/barbican_logging_spec.rb new file mode 100644 index 00000000..d1e278a2 --- /dev/null +++ b/spec/classes/barbican_logging_spec.rb @@ -0,0 +1,107 @@ +require 'spec_helper' + +describe 'barbican::logging' do + + let :params do + { + } + end + + let :log_params do + { + :logging_context_format_string => '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s', + :logging_default_format_string => '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s', + :logging_debug_format_suffix => '%(funcName)s %(pathname)s:%(lineno)d', + :logging_exception_prefix => '%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s', + :log_config_append => '/etc/barbican/logging.conf', + :publish_errors => true, + :default_log_levels => { + 'amqp' => 'WARN', 'amqplib' => 'WARN', 'boto' => 'WARN', + 'qpid' => 'WARN', 'sqlalchemy' => 'WARN', 'suds' => 'INFO', + 'iso8601' => 'WARN', + 'requests.packages.urllib3.connectionpool' => 'WARN' }, + :fatal_deprecations => true, + :instance_format => '[instance: %(uuid)s] ', + :instance_uuid_format => '[instance: %(uuid)s] ', + :log_date_format => '%Y-%m-%d %H:%M:%S', + } + end + + shared_examples_for 'barbican-logging' do + + context 'with extended logging options' do + before { params.merge!( log_params ) } + it_configures 'logging params set' + end + + context 'without extended logging options' do + it_configures 'logging params unset' + end + + end + + shared_examples_for 'logging params set' do + it 'enables logging params' do + is_expected.to contain_barbican_config('DEFAULT/logging_context_format_string').with_value( + '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s') + + is_expected.to contain_barbican_config('DEFAULT/logging_default_format_string').with_value( + '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s') + + is_expected.to contain_barbican_config('DEFAULT/logging_debug_format_suffix').with_value( + '%(funcName)s %(pathname)s:%(lineno)d') + + is_expected.to contain_barbican_config('DEFAULT/logging_exception_prefix').with_value( + '%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s') + + is_expected.to contain_barbican_config('DEFAULT/log_config_append').with_value( + '/etc/barbican/logging.conf') + is_expected.to contain_barbican_config('DEFAULT/publish_errors').with_value( + true) + + is_expected.to contain_barbican_config('DEFAULT/default_log_levels').with_value( + 'amqp=WARN,amqplib=WARN,boto=WARN,iso8601=WARN,qpid=WARN,requests.packages.urllib3.connectionpool=WARN,sqlalchemy=WARN,suds=INFO') + + is_expected.to contain_barbican_config('DEFAULT/fatal_deprecations').with_value( + true) + + is_expected.to contain_barbican_config('DEFAULT/instance_format').with_value( + '[instance: %(uuid)s] ') + + is_expected.to contain_barbican_config('DEFAULT/instance_uuid_format').with_value( + '[instance: %(uuid)s] ') + + is_expected.to contain_barbican_config('DEFAULT/log_date_format').with_value( + '%Y-%m-%d %H:%M:%S') + end + end + + + shared_examples_for 'logging params unset' do + [ :logging_context_format_string, :logging_default_format_string, + :logging_debug_format_suffix, :logging_exception_prefix, + :log_config_append, :publish_errors, + :default_log_levels, :fatal_deprecations, + :instance_format, :instance_uuid_format, + :log_date_format, ].each { |param| + it { is_expected.to contain_barbican_config("DEFAULT/#{param}").with_ensure('absent') } + } + end + + context 'on Debian platforms' do + let :facts do + { :osfamily => 'Debian' } + end + + it_configures 'barbican-logging' + end + + context 'on RedHat platforms' do + let :facts do + { :osfamily => 'RedHat' } + end + + it_configures 'barbican-logging' + end + +end diff --git a/spec/classes/barbican_policy_spec.rb b/spec/classes/barbican_policy_spec.rb new file mode 100644 index 00000000..2112d4c1 --- /dev/null +++ b/spec/classes/barbican_policy_spec.rb @@ -0,0 +1,41 @@ +require 'spec_helper' + +describe 'barbican::policy' do + + shared_examples_for 'barbican policies' do + let :params do + { + :policy_path => '/etc/barbican/policy.json', + :policies => { + 'context_is_admin' => { + 'key' => 'context_is_admin', + 'value' => 'foo:bar' + } + } + } + end + + it 'set up the policies' do + is_expected.to contain_openstacklib__policy__base('context_is_admin').with({ + :key => 'context_is_admin', + :value => 'foo:bar' + }) + end + end + + context 'on Debian platforms' do + let :facts do + { :osfamily => 'Debian' } + end + + it_configures 'barbican policies' + end + + context 'on RedHat platforms' do + let :facts do + { :osfamily => 'RedHat' } + end + + it_configures 'barbican policies' + end +end diff --git a/spec/shared_examples.rb b/spec/shared_examples.rb new file mode 100644 index 00000000..fec0eacc --- /dev/null +++ b/spec/shared_examples.rb @@ -0,0 +1,5 @@ +shared_examples_for "a Puppet::Error" do |description| + it "with message matching #{description.inspect}" do + expect { is_expected.to have_class_count(1) }.to raise_error(Puppet::Error, description) + end +end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb new file mode 100644 index 00000000..3df4cede --- /dev/null +++ b/spec/spec_helper.rb @@ -0,0 +1,10 @@ +require 'puppetlabs_spec_helper/module_spec_helper' +require 'shared_examples' +require 'webmock/rspec' + +RSpec.configure do |c| + c.alias_it_should_behave_like_to :it_configures, 'configures' + c.alias_it_should_behave_like_to :it_raises, 'raises' +end + +at_exit { RSpec::Puppet::Coverage.report! } diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb new file mode 100644 index 00000000..429e807c --- /dev/null +++ b/spec/spec_helper_acceptance.rb @@ -0,0 +1,56 @@ +require 'beaker-rspec' +require 'beaker/puppet_install_helper' + +run_puppet_install_helper + +RSpec.configure do |c| + # Project root + proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..')) + modname = JSON.parse(open('metadata.json').read)['name'].split('-')[1] + + # Readable test descriptions + c.formatter = :documentation + + # Configure all nodes in nodeset + c.before :suite do + # Install module and dependencies + hosts.each do |host| + + # install git + install_package host, 'git' + + zuul_ref = ENV['ZUUL_REF'] + zuul_branch = ENV['ZUUL_BRANCH'] + zuul_url = ENV['ZUUL_URL'] + + repo = 'openstack/puppet-openstack-integration' + + # Start out with clean moduledir, don't trust r10k to purge it + on host, "rm -rf /etc/puppet/modules/*" + # Install dependent modules via git or zuul + r = on host, "test -e /usr/zuul-env/bin/zuul-cloner", { :acceptable_exit_codes => [0,1] } + if r.exit_code == 0 + zuul_clone_cmd = '/usr/zuul-env/bin/zuul-cloner ' + zuul_clone_cmd += '--cache-dir /opt/git ' + zuul_clone_cmd += "--zuul-ref #{zuul_ref} " + zuul_clone_cmd += "--zuul-branch #{zuul_branch} " + zuul_clone_cmd += "--zuul-url #{zuul_url} " + zuul_clone_cmd += "git://git.openstack.org #{repo}" + on host, zuul_clone_cmd + else + on host, "git clone https://git.openstack.org/#{repo} #{repo}" + end + + on host, "ZUUL_REF=#{zuul_ref} ZUUL_BRANCH=#{zuul_branch} ZUUL_URL=#{zuul_url} bash #{repo}/install_modules.sh" + + # Install the module being tested + on host, "rm -fr /etc/puppet/modules/#{modname}" + puppet_module_install(:source => proj_root, :module_name => modname) + + on host, "rm -fr #{repo}" + + # List modules installed to help with debugging + on host, puppet('module','list'), { :acceptable_exit_codes => 0 } + end + end +end diff --git a/spec/unit/provider/barbican_config/ini_setting_spec.rb b/spec/unit/provider/barbican_config/ini_setting_spec.rb new file mode 100644 index 00000000..177e4090 --- /dev/null +++ b/spec/unit/provider/barbican_config/ini_setting_spec.rb @@ -0,0 +1,68 @@ +# +# these tests are a little concerning b/c they are hacking around the +# modulepath, so these tests will not catch issues that may eventually arise +# related to loading these plugins. +# I could not, for the life of me, figure out how to programatcally set the modulepath +$LOAD_PATH.push( + File.join( + File.dirname(__FILE__), + '..', + '..', + '..', + 'fixtures', + 'modules', + 'inifile', + 'lib') +) +$LOAD_PATH.push( + File.join( + File.dirname(__FILE__), + '..', + '..', + '..', + 'fixtures', + 'modules', + 'openstacklib', + 'lib') +) +require 'spec_helper' +provider_class = Puppet::Type.type(:barbican_config).provider(:ini_setting) +describe provider_class do + + it 'should default to the default setting when no other one is specified' do + resource = Puppet::Type::Barbican_config.new( + {:name => 'DEFAULT/foo', :value => 'bar'} + ) + provider = provider_class.new(resource) + expect(provider.section).to eq('DEFAULT') + expect(provider.setting).to eq('foo') + end + + it 'should allow setting to be set explicitly' do + resource = Puppet::Type::Barbican_config.new( + {:name => 'dude/foo', :value => 'bar'} + ) + provider = provider_class.new(resource) + expect(provider.section).to eq('dude') + expect(provider.setting).to eq('foo') + end + + it 'should ensure absent when is specified as a value' do + resource = Puppet::Type::Barbican_config.new( + {:name => 'dude/foo', :value => ''} + ) + provider = provider_class.new(resource) + provider.exists? + expect(resource[:ensure]).to eq :absent + end + + it 'should ensure absent when value matches ensure_absent_val' do + resource = Puppet::Type::Barbican_config.new( + {:name => 'dude/foo', :value => 'foo', :ensure_absent_val => 'foo' } + ) + provider = provider_class.new(resource) + provider.exists? + expect(resource[:ensure]).to eq :absent + end + +end diff --git a/spec/unit/type/barbican_config_spec.rb b/spec/unit/type/barbican_config_spec.rb new file mode 100644 index 00000000..b70573bf --- /dev/null +++ b/spec/unit/type/barbican_config_spec.rb @@ -0,0 +1,63 @@ +require 'puppet' +require 'puppet/type/barbican_config' +describe 'Puppet::Type.type(:barbican_config)' do + before :each do + @barbican_config = Puppet::Type.type(:barbican_config).new(:name => 'DEFAULT/foo', :value => 'bar') + end + + it 'should require a name' do + expect { + Puppet::Type.type(:barbican_config).new({}) + }.to raise_error(Puppet::Error, 'Title or name must be provided') + end + + it 'should not expect a name with whitespace' do + expect { + Puppet::Type.type(:barbican_config).new(:name => 'f oo') + }.to raise_error(Puppet::Error, /Parameter name failed/) + end + + it 'should fail when there is no section' do + expect { + Puppet::Type.type(:barbican_config).new(:name => 'foo') + }.to raise_error(Puppet::Error, /Parameter name failed/) + end + + it 'should not require a value when ensure is absent' do + Puppet::Type.type(:barbican_config).new(:name => 'DEFAULT/foo', :ensure => :absent) + end + + it 'should accept a valid value' do + @barbican_config[:value] = 'bar' + expect(@barbican_config[:value]).to eq('bar') + end + + it 'should not accept a value with whitespace' do + @barbican_config[:value] = 'b ar' + expect(@barbican_config[:value]).to eq('b ar') + end + + it 'should accept valid ensure values' do + @barbican_config[:ensure] = :present + expect(@barbican_config[:ensure]).to eq(:present) + @barbican_config[:ensure] = :absent + expect(@barbican_config[:ensure]).to eq(:absent) + end + + it 'should not accept invalid ensure values' do + expect { + @barbican_config[:ensure] = :latest + }.to raise_error(Puppet::Error, /Invalid value/) + end + + it 'should autorequire the package that install the file' do + catalog = Puppet::Resource::Catalog.new + package = Puppet::Type.type(:package).new(:name => 'barbican') + catalog.add_resource package, @barbican_config + dependency = @barbican_config.autorequire + expect(dependency.size).to eq(1) + expect(dependency[0].target).to eq(@barbican_config) + expect(dependency[0].source).to eq(package) + end + +end diff --git a/tests/init.pp b/tests/init.pp new file mode 100644 index 00000000..e45c966d --- /dev/null +++ b/tests/init.pp @@ -0,0 +1,12 @@ +# The baseline for module testing used by Puppet Labs is that each manifest +# should have a corresponding test manifest that declares that class or defined +# type. +# +# Tests are then run by using puppet apply --noop (to check for compilation +# errors and view a log of events) or by fully applying the test in a virtual +# environment (to compare the resulting system state to the desired state). +# +# Learn more about module testing here: +# http://docs.puppetlabs.com/guides/tests_smoke.html +# +include ::barbican