Merge "Added Dogtag settings for barbican-api"

2016-04-01 18:51:35 +00:00 · 2016-04-01 18:51:35 +00:00 · c7a8f2be78
parent cc34a64caf 88c421500b
commit c7a8f2be78
2 changed files with 144 additions and 0 deletions
--- a/manifests/plugins/dogtag.pp
+++ b/manifests/plugins/dogtag.pp
@ -0,0 +1,72 @@
+# == Class: barbican::plugins::dogtag
+#
+# Sets up Barbican API dogtag secret_store and certificate plugin
+#
+# === Parameters
+#
+# [*dogtag_plugin_pem_path*]
+#   (optional) Path to KRA agent PEM file
+#   Defaults to $::os_service_default
+#
+# [*dogtag_plugin_dogtag_host*]
+#   (optional) Host for the Dogtag server
+#   Defaults to $::os_service_default
+#
+# [*dogtag_plugin_dogtag_port*]
+#   (optional) Host for the Dogtag server
+#   Defaults to $::os_service_default
+#
+# [*dogtag_plugin_nss_db_path*]
+#   (optional) Path to plugin NSS DB
+#   Defaults to $::os_service_default
+#
+# [*dogtag_plugin_nss_password*]
+#   Password for plugin NSS DB
+#   Defaults to undef
+#
+# [*dogtag_plugin_simple_cmc_profile*]
+#   (optional) Profile for simple CMC enrollment.
+#   Defaults to $::os_service_default
+#
+# [*dogtag_plugin_ca_expiration_time*]
+#   (optional) Expiration time for the Dogtag CA entry in days
+#   Defaults to $::os_service_default
+#
+# [*dogtag_plugin_plugin_working_dir*]
+#   (optional) Working directory for Dogtag plugin
+#   Defaults to $::os_service_default
+#
+class barbican::plugins::dogtag (
+  $dogtag_plugin_pem_path           = $::os_service_default,
+  $dogtag_plugin_dogtag_host        = $::os_service_default,
+  $dogtag_plugin_dogtag_port        = $::os_service_default,
+  $dogtag_plugin_nss_db_path        = $::os_service_default,
+  $dogtag_plugin_nss_password       = undef,
+  $dogtag_plugin_simple_cmc_profile = $::os_service_default,
+  $dogtag_plugin_ca_expiration_time = $::os_service_default,
+  $dogtag_plugin_plugin_working_dir = $::os_service_default,
+) {
+
+  include ::barbican::api
+
+  if $dogtag_plugin_nss_password == undef {
+    fail('dogtag_plugin_nss_password must be defined')
+  }
+
+  package {'dogtag-client':
+    ensure => $::barbican::api::ensure_package,
+    name   => $::barbican::params::dogtag_client_package,
+    tag    => ['openstack', 'dogtag-client-package']
+  } -> Service['barbican-api']
+
+  barbican_config {
+    'dogtag_plugin/pem_path':           value => $dogtag_plugin_pem_path;
+    'dogtag_plugin/dogtag_host':        value => $dogtag_plugin_dogtag_host;
+    'dogtag_plugin/dogtag_port':        value => $dogtag_plugin_dogtag_port;
+    'dogtag_plugin/nss_db_path':        value => $dogtag_plugin_nss_db_path;
+    'dogtag_plugin/nss_password':       value => $dogtag_plugin_nss_password;
+    'dogtag_plugin/simple_cmc_profile': value => $dogtag_plugin_simple_cmc_profile;
+    'dogtag_plugin/ca_expiration_time': value => $dogtag_plugin_ca_expiration_time;
+    'dogtag_plugin/plugin_working_dir': value => $dogtag_plugin_plugin_working_dir;
+  }
+}
--- a/spec/classes/barbican_plugins_dogtag_spec.rb
+++ b/spec/classes/barbican_plugins_dogtag_spec.rb
@ -0,0 +1,72 @@
+require 'spec_helper'
+
+describe 'barbican::plugins::dogtag' do
+
+  let :facts do
+    @default_facts.merge(
+      {
+        :osfamily       => 'RedHat',
+        :processorcount => '7',
+      }
+    )
+  end
+
+  let :default_params do
+    {
+      :dogtag_plugin_pem_path             => '<SERVICE DEFAULT>',
+      :dogtag_plugin_dogtag_host          => '<SERVICE DEFAULT>',
+      :dogtag_plugin_dogtag_port          => '<SERVICE DEFAULT>',
+      :dogtag_plugin_nss_db_path          => '<SERVICE DEFAULT>',
+      :dogtag_plugin_simple_cmc_profile   => '<SERVICE DEFAULT>',
+      :dogtag_plugin_ca_expiration_time   => '<SERVICE DEFAULT>',
+      :dogtag_plugin_plugin_working_dir   => '<SERVICE DEFAULT>',
+    }
+  end
+
+  [{
+      :dogtag_plugin_nss_password         => 'password',
+   },
+   {
+      :dogtag_plugin_pem_path             => 'path_to_pem_file',
+      :dogtag_plugin_dogtag_host          => 'dogtag_host',
+      :dogtag_plugin_dogtag_port          => '1234',
+      :dogtag_plugin_nss_db_path          => 'path_to_nss_db',
+      :dogtag_plugin_nss_password         => 'password',
+      :dogtag_plugin_simple_cmc_profile   => 'caServerCert',
+      :dogtag_plugin_ca_expiration_time   => '100',
+      :dogtag_plugin_plugin_working_dir   => 'path_to_working_dir',
+    }
+  ].each do |param_set|
+
+    describe "when #{param_set == {} ? "using default" : "specifying"} class parameters" do
+
+      let :param_hash do
+        default_params.merge(param_set)
+      end
+
+      let :params do
+        param_set
+      end
+
+      it 'is_expected.to set dogtag parameters' do
+        is_expected.to contain_barbican_config('dogtag_plugin/pem_path')\
+          .with_value(param_hash[:dogtag_plugin_pem_path])
+        is_expected.to contain_barbican_config('dogtag_plugin/dogtag_host')\
+          .with_value(param_hash[:dogtag_plugin_dogtag_host])
+        is_expected.to contain_barbican_config('dogtag_plugin/dogtag_port')\
+          .with_value(param_hash[:dogtag_plugin_dogtag_port])
+        is_expected.to contain_barbican_config('dogtag_plugin/nss_db_path')\
+          .with_value(param_hash[:dogtag_plugin_nss_db_path])
+        is_expected.to contain_barbican_config('dogtag_plugin/nss_password')\
+          .with_value(param_hash[:dogtag_plugin_nss_password])
+        is_expected.to contain_barbican_config('dogtag_plugin/simple_cmc_profile')\
+          .with_value(param_hash[:dogtag_plugin_simple_cmc_profile])
+        is_expected.to contain_barbican_config('dogtag_plugin/ca_expiration_time')\
+          .with_value(param_hash[:dogtag_plugin_ca_expiration_time])
+        is_expected.to contain_barbican_config('dogtag_plugin/plugin_working_dir')\
+          .with_value(param_hash[:dogtag_plugin_plugin_working_dir])
+      end
+    end
+  end
+end
+