openstack/puppet-barbican
Code Issues Proposed changes

Update barbican for Debian based systems

Browse Source 
There are barbican packages available for debian based systems
but the current module is designed to work with redhat based
systems only right now.

Change-Id: I4ab2e6ecf6626f4c647299eeec3cd5b3d3fbdaa9
This commit is contained in:
Matthew J. Black 2016-09-26 10:47:49 -04:00
parent 866aabb8bd
commit d1764c670a
16 changed files with 720 additions and 621 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
manifests/api.pp
View File

@ -303,12 +303,6 @@ class barbican::api (
warning('auth_url is deprecated, use barbican::keystone::authtoken::auth_url instead.')
}
file { ['/etc/barbican', '/var/log/barbican']:
ensure => directory,
require => Package['barbican-api'],
notify => Service['barbican-api'],
}
# TODO: Remove the posix users and permissions and merge this definition
# with the previous one, once the barbican package has been updated
# with the correct ownership for this directory.
@ -321,25 +315,17 @@ class barbican::api (
notify => Service[$service_name],
}
file { ['/etc/barbican/barbican.conf',
'/etc/barbican/barbican-api-paste.ini',
'/etc/barbican/gunicorn-config.py']:
ensure => present,
require => Package['barbican-api'],
notify => Service[$service_name],
}
package { 'barbican-api':
ensure => $ensure_package,
name => $::barbican::params::api_package_name,
tag => ['openstack', 'barbican-package'],
}
File['/etc/barbican/barbican.conf'] -> Barbican_config<||>
File['/etc/barbican/barbican-api-paste.ini'] -> Barbican_api_paste_ini<||>
Package['barbican-api'] ~> Service[$service_name]
Barbican_config<||> ~> Service[$service_name]
Barbican_api_paste_ini<||> ~> Service[$service_name]
Package['barbican-api'] ~> Service[$service_name]
Barbican_config<||> ~> Service[$service_name]
Barbican_api_paste_ini<||> ~> Service[$service_name]
Package<| tag == 'barbican-package' |> -> Barbican_config<||>
Package<| tag == 'barbican-package' |> -> Barbican_api_paste_ini<||>
# basic service config
if $host_href == undef {
@ -354,13 +340,6 @@ class barbican::api (
'DEFAULT/host_href': value => $host_href_real;
}
File['/etc/barbican/gunicorn-config.py'] ->
file_line { 'Modify bind_port in gunicorn-config.py':
path => '/etc/barbican/gunicorn-config.py',
line => "bind = '${bind_host}:${bind_port}'",
match => '.*bind = .*',
} -> Service[$service_name]
#rabbit config
if $rpc_backend in [$::os_service_default, 'rabbit'] {
oslo::messaging::rabbit {'barbican_config':
@ -461,9 +440,9 @@ class barbican::api (
# SSL Options
barbican_config {
'DEFAULT/cert_file' : value => $cert_file;
'DEFAULT/key_file' : value => $key_file;
'DEFAULT/ca_file' : value => $ca_file;
'DEFAULT/cert_file': value => $cert_file;
'DEFAULT/key_file': value => $key_file;
'DEFAULT/ca_file': value => $ca_file;
}
if $sync_db {
@ -471,6 +450,9 @@ class barbican::api (
}
if $service_name == 'barbican-api' {
if $::osfamily == 'Debian' {
fail('On Debian family the service_name must be set to httpd as there is no eventlet init script.')
}
service { 'barbican-api':
ensure => $service_ensure,
name => $::barbican::params::api_service_name,
@ -479,17 +461,27 @@ class barbican::api (
hasrestart => true,
tag => 'barbican-service',
}
} elsif $service_name == 'httpd' {
include ::apache::params
service { 'barbican-api':
ensure => 'stopped',
name => $::barbican::params::api_service_name,
enable => false,
tag => 'barbican-service',
file_line { 'Modify bind_port in gunicorn-config.py':
path => '/etc/barbican/gunicorn-config.py',
line => "bind = '${bind_host}:${bind_port}'",
match => '.*bind = .*',
}
# we need to make sure barbican-api is stopped before trying to start apache
Service['barbican-api'] -> Service[$service_name]
Package<| tag == 'barbican-package' |> -> File_line['Modify bind_port in gunicorn-config.py'] ~> Service[$service_name]
} elsif $service_name == 'httpd' {
include ::apache::params
# Debian/Ubuntu do not have a barbican-api and this will error out on them.
if $::osfamily == 'RedHat' {
service { 'barbican-api':
ensure => 'stopped',
name => $::barbican::params::api_service_name,
enable => false,
tag => 'barbican-service',
}
# we need to make sure barbican-api is stopped before trying to start apache
Service['barbican-api'] -> Service[$service_name]
}
} else {
fail('Invalid service_name. Use barbican-api for stand-alone or httpd')
}

10
manifests/params.pp
View File

@ -5,7 +5,6 @@ class barbican::params {
case $::osfamily {
'RedHat': {
$package_name = 'openstack-barbican'
$api_package_name = 'openstack-barbican-api'
$api_service_name = 'openstack-barbican-api'
$worker_package_name = 'openstack-barbican-worker'
@ -16,11 +15,12 @@ class barbican::params {
$dogtag_client_package = 'pki-base'
}
'Debian': {
$package_name = 'openstack-barbican'
$service_name = 'openstack-barbican'
$api_package_name = 'barbican-api'
$worker_package_name = 'barbican-worker'
$worker_service_name = 'barbican-worker'
$client_package_name = 'python-barbicanclient'
$barbican_wsgi_script_path = '/var/www/cgi-bin/barbican'
$barbican_wsgi_script_source = '/usr/lib/python2.7/site-packages/barbican/api/app.wsgi'
$barbican_wsgi_script_path = '/usr/lib/cgi-bin/barbican'
$barbican_wsgi_script_source = '/usr/lib/python2.7/dist-packages/barbican/api/app.wsgi'
$dogtag_client_package = 'pki-base'
}
default: {

2
manifests/wsgi/apache.pp
View File

@ -164,6 +164,8 @@ class barbican::wsgi::apache (
require => Package['httpd'],
}
Package<| tag == 'barbican-api' |> -> File[$::barbican::params::barbican_wsgi_script_path]
$wsgi_files = {
'barbican_wsgi_main' => {
'path' => "${::barbican::params::barbican_wsgi_script_path}/main",

11
releasenotes/notes/fix_ubuntu_install-20a799586184762a.yaml Normal file
View File

@ -0,0 +1,11 @@
---
issues:
- Fix for wsgi app locations for Ubuntu/Debian, was previously using RedHat packaging locations.
- Add conditional to prevent puppet from trying to manage barbican-api service on Ubuntu/Debian
as the packaging contains no init script for the eventlet.
- Add api_package_name for Ubuntu/Debian. This worked because the title is the same as the
package name on Ubuntu/Debian and api_package_name was undefined.
- Add worker_package_name and worker_service_name for Ubuntu/Debian.
- Remove unused variable package_name from params for both Ubuntu/Debian and RedHat.
- Remove service_name for Ubuntu/Debian as there is no init script for Ubuntu/Debian and apache
must be used.

81
spec/acceptance/basic_barbican_spec.rb
View File

@ -25,54 +25,43 @@ describe 'barbican::api basic test class' do
include ::openstack_integration::repos
include ::openstack_integration::mysql
include ::openstack_integration::keystone
include ::barbican
case $::osfamily {
'Debian': {
warning('Barbican is not yet packaged on Ubuntu systems.')
}
'RedHat': {
# Barbican resources
include ::barbican
class { '::barbican::keystone::auth':
password => 'a_big_secret',
}
class { '::barbican::api::logging':
}
class { '::barbican::quota':
}
class { '::barbican::keystone::notification':
}
class { '::barbican::db::mysql':
password => 'a_big_secret',
}
class { '::barbican::db':
database_connection => 'mysql+pymysql://barbican:a_big_secret@127.0.0.1/barbican?charset=utf8',
}
class { '::barbican::keystone::authtoken':
password => 'a_big_secret',
}
class { '::barbican::api':
host_href => 'http://localhost:9311',
auth_strategy => 'keystone',
service_name => 'httpd',
enabled_certificate_plugins => ['simple_certificate'],
db_auto_create => false,
}
include ::apache
class { '::barbican::wsgi::apache':
ssl => false,
}
}
class { '::barbican::keystone::auth':
password => 'a_big_secret',
}
class { '::barbican::api::logging': }
class { '::barbican::quota': }
class { '::barbican::keystone::notification': }
class { '::barbican::db::mysql':
password => 'a_big_secret',
}
class { '::barbican::db':
database_connection => 'mysql+pymysql://barbican:a_big_secret@127.0.0.1/barbican?charset=utf8',
}
class { '::barbican::keystone::authtoken':
password => 'a_big_secret',
}
class { '::barbican::api':
host_href => 'http://localhost:9311',
auth_strategy => 'keystone',
service_name => 'httpd',
enabled_certificate_plugins => ['simple_certificate'],
db_auto_create => false,
}
include ::apache
class { '::barbican::wsgi::apache':
ssl => false,
}
EOS
it 'should work with no errors' do

26
spec/classes/barbican_api_logging_spec.rb
View File

@ -106,20 +106,20 @@ describe 'barbican::api::logging' do
}
end
context 'on Debian platforms' do
let :facts do
@default_facts.merge({ :osfamily => 'Debian' })
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge(OSDefaults.get_facts({
:processorcount => 8,
:fqdn => 'some.host.tld',
:concat_basedir => '/var/lib/puppet/concat',
}))
end
it_configures 'barbican-logging'
end
it_configures 'barbican-logging'
end
context 'on RedHat platforms' do
let :facts do
@default_facts.merge({ :osfamily => 'RedHat' })
end
it_configures 'barbican-logging'
end
end

543
spec/classes/barbican_api_spec.rb
View File

@ -21,283 +21,306 @@ require 'spec_helper'
describe 'barbican::api' do
let :facts do
@default_facts.merge(
OSDefaults.get_facts({
:osfamily => 'RedHat',
:os_workers => '7',
})
)
end
shared_examples_for 'barbican api' do
let :default_params do
{
:bind_host => '0.0.0.0',
:bind_port => '9311',
:rpc_backend => 'rabbit',
:rabbit_host => '<SERVICE_DEFAULT>',
:rabbit_hosts => ['<SERVICE DEFAULT>'],
:rabbit_password => '<SERVICE DEFAULT>',
:rabbit_port => '<SERVICE DEFAULT>',
:rabbit_userid => '<SERVICE DEFAULT>',
:rabbit_virtual_host => '<SERVICE DEFAULT>',
:rabbit_use_ssl => '<SERVICE DEFAULT>',
:rabbit_heartbeat_timeout_threshold => '<SERVICE DEFAULT>',
:rabbit_heartbeat_rate => '<SERVICE DEFAULT>',
:rabbit_ha_queues => '<SERVICE DEFAULT>',
:amqp_durable_queues => '<SERVICE DEFAULT>',
:max_allowed_secret_in_bytes => '<SERVICE DEFAULT>',
:max_allowed_request_size_in_bytes => '<SERVICE DEFAULT>',
:enable_queue => '<SERVICE DEFAULT>',
:queue_namespace => '<SERVICE DEFAULT>',
:queue_topic => '<SERVICE DEFAULT>',
:queue_version => '<SERVICE DEFAULT>',
:queue_server_name => '<SERVICE DEFAULT>',
:kombu_ssl_ca_certs => '<SERVICE DEFAULT>',
:kombu_ssl_certfile => '<SERVICE DEFAULT>',
:kombu_ssl_keyfile => '<SERVICE DEFAULT>',
:kombu_ssl_version => '<SERVICE DEFAULT>',
:kombu_reconnect_delay => '<SERVICE DEFAULT>',
:manage_service => true,
:enabled => true,
:enabled_secretstore_plugins => ['<SERVICE DEFAULT>'],
:enabled_crypto_plugins => ['<SERVICE DEFAULT>'],
:enabled_certificate_plugins => ['<SERVICE DEFAULT>'],
:enabled_certificate_event_plugins => ['<SERVICE DEFAULT>'],
:auth_strategy => 'keystone',
:retry_scheduler_initial_delay_seconds => '<SERVICE DEFAULT>',
:retry_scheduler_periodic_interval_max_seconds => '<SERVICE DEFAULT>',
}
end
let :default_params do
{
:bind_host => '0.0.0.0',
:bind_port => '9311',
:rpc_backend => 'rabbit',
:rabbit_host => '<SERVICE_DEFAULT>',
:rabbit_hosts => ['<SERVICE DEFAULT>'],
:rabbit_password => '<SERVICE DEFAULT>',
:rabbit_port => '<SERVICE DEFAULT>',
:rabbit_userid => '<SERVICE DEFAULT>',
:rabbit_virtual_host => '<SERVICE DEFAULT>',
:rabbit_use_ssl => '<SERVICE DEFAULT>',
:rabbit_heartbeat_timeout_threshold => '<SERVICE DEFAULT>',
:rabbit_heartbeat_rate => '<SERVICE DEFAULT>',
:rabbit_ha_queues => '<SERVICE DEFAULT>',
:amqp_durable_queues => '<SERVICE DEFAULT>',
:max_allowed_secret_in_bytes => '<SERVICE DEFAULT>',
:max_allowed_request_size_in_bytes => '<SERVICE DEFAULT>',
:enable_queue => '<SERVICE DEFAULT>',
:queue_namespace => '<SERVICE DEFAULT>',
:queue_topic => '<SERVICE DEFAULT>',
:queue_version => '<SERVICE DEFAULT>',
:queue_server_name => '<SERVICE DEFAULT>',
:kombu_ssl_ca_certs => '<SERVICE DEFAULT>',
:kombu_ssl_certfile => '<SERVICE DEFAULT>',
:kombu_ssl_keyfile => '<SERVICE DEFAULT>',
:kombu_ssl_version => '<SERVICE DEFAULT>',
:kombu_reconnect_delay => '<SERVICE DEFAULT>',
:manage_service => true,
:enabled => true,
:enabled_secretstore_plugins => ['<SERVICE DEFAULT>'],
:enabled_crypto_plugins => ['<SERVICE DEFAULT>'],
:enabled_certificate_plugins => ['<SERVICE DEFAULT>'],
:enabled_certificate_event_plugins => ['<SERVICE DEFAULT>'],
:auth_strategy => 'keystone',
:retry_scheduler_initial_delay_seconds => '<SERVICE DEFAULT>',
:retry_scheduler_periodic_interval_max_seconds => '<SERVICE DEFAULT>',
:service_name => platform_params[:service_name],
}
end
[{
:bind_host => '127.0.0.1',
:bind_port => '9312',
:rpc_backend => 'rabbit',
:rabbit_host => 'rabbithost',
:rabbit_hosts => ['rabbithost:1234'],
:rabbit_password => 'bugs_bunny',
:rabbit_port => '1234',
:rabbit_userid => 'bugs',
:rabbit_virtual_host => 'rabbithost',
:rabbit_use_ssl => true,
:rabbit_heartbeat_timeout_threshold => '10',
:rabbit_heartbeat_rate => '10',
:rabbit_ha_queues => true,
:amqp_durable_queues => true,
:enable_queue => true,
:queue_namespace => 'barbican1',
:queue_topic => 'barbican1.workers',
:queue_version => '1.2',
:queue_server_name => 'barbican1.queue',
:manage_service => true,
:enabled => false,
:kombu_ssl_ca_certs => 'path_to_certs',
:kombu_ssl_certfile => 'path_to_certfile',
:kombu_ssl_keyfile => 'path_to_keyfile',
:kombu_ssl_version => '1.2',
:kombu_reconnect_delay => '10',
:enabled_secretstore_plugins => ['dogtag_crypto', 'store_crypto', 'kmip'],
:enabled_crypto_plugins => ['simple_crypto'],
:enabled_certificate_plugins => ['simple_certificate', 'dogtag'],
:enabled_certificate_event_plugins => ['simple_certificate_event', 'foo_event'],
:retry_scheduler_initial_delay_seconds => 20.0,
:retry_scheduler_periodic_interval_max_seconds => 20.0,
:max_allowed_secret_in_bytes => 20000,
:max_allowed_request_size_in_bytes => 2000000,
}
].each do |param_set|
[{
:bind_host => '127.0.0.1',
:bind_port => '9312',
:rpc_backend => 'rabbit',
:rabbit_host => 'rabbithost',
:rabbit_hosts => ['rabbithost:1234'],
:rabbit_password => 'bugs_bunny',
:rabbit_port => '1234',
:rabbit_userid => 'bugs',
:rabbit_virtual_host => 'rabbithost',
:rabbit_use_ssl => true,
:rabbit_heartbeat_timeout_threshold => '10',
:rabbit_heartbeat_rate => '10',
:rabbit_ha_queues => true,
:amqp_durable_queues => true,
:enable_queue => true,
:queue_namespace => 'barbican1',
:queue_topic => 'barbican1.workers',
:queue_version => '1.2',
:queue_server_name => 'barbican1.queue',
:manage_service => true,
:enabled => false,
:kombu_ssl_ca_certs => 'path_to_certs',
:kombu_ssl_certfile => 'path_to_certfile',
:kombu_ssl_keyfile => 'path_to_keyfile',
:kombu_ssl_version => '1.2',
:kombu_reconnect_delay => '10',
:enabled_secretstore_plugins => ['dogtag_crypto', 'store_crypto', 'kmip'],
:enabled_crypto_plugins => ['simple_crypto'],
:enabled_certificate_plugins => ['simple_certificate', 'dogtag'],
:enabled_certificate_event_plugins => ['simple_certificate_event', 'foo_event'],
:retry_scheduler_initial_delay_seconds => 20.0,
:retry_scheduler_periodic_interval_max_seconds => 20.0,
:max_allowed_secret_in_bytes => 20000,
:max_allowed_request_size_in_bytes => 2000000,
}
].each do |param_set|
describe "when #{param_set == {} ? "using default" : "specifying"} class parameters" do
let :pre_condition do
'class { "barbican::keystone::authtoken": password => "secret", }
include ::apache'
end
describe "when #{param_set == {} ? "using default" : "specifying"} class parameters" do
let :pre_condition do
'class { "barbican::keystone::authtoken": password => "secret", }'
let :param_hash do
default_params.merge(param_set)
end
let :params do
default_params.merge(param_set)
end
let :host_ref do
"http://${::fqdn}:$param_hash[:bind_port]"
end
it { is_expected.to contain_class 'barbican::api::logging' }
it { is_expected.to contain_class 'barbican::db' }
it { is_expected.to contain_package('barbican-api').with(
:tag => ['openstack', 'barbican-package'],
)}
it 'is_expected.to set default parameters' do
[
'bind_host',
'bind_port',
'max_allowed_secret_in_bytes',
'max_allowed_request_size_in_bytes',
].each do |config|
is_expected.to contain_barbican_config("DEFAULT/#{config}").with_value(param_hash[config.intern])
end
end
it 'configures queue' do
is_expected.to contain_barbican_config('queue/enable').with_value(param_hash[:enable_queue])
is_expected.to contain_barbican_config('queue/namespace').with_value(param_hash[:queue_namespace])
is_expected.to contain_barbican_config('queue/topic').with_value(param_hash[:queue_topic])
is_expected.to contain_barbican_config('queue/version').with_value(param_hash[:queue_version])
is_expected.to contain_barbican_config('queue/server_name').with_value(param_hash[:queue_server_name])
end
it 'configures rabbit' do
is_expected.to contain_barbican_config('DEFAULT/rpc_backend').with_value(param_hash[:rpc_backend])
is_expected.to contain_barbican_config('oslo_messaging_rabbit/rabbit_hosts').with_value(param_hash[:rabbit_hosts])
is_expected.to contain_barbican_config('oslo_messaging_rabbit/rabbit_password').with_value(param_hash[:rabbit_password]).with_secret(true)
is_expected.to contain_barbican_config('oslo_messaging_rabbit/rabbit_userid').with_value(param_hash[:rabbit_userid])
is_expected.to contain_barbican_config('oslo_messaging_rabbit/rabbit_virtual_host').with_value(param_hash[:rabbit_virtual_host])
is_expected.to contain_barbican_config('oslo_messaging_rabbit/heartbeat_timeout_threshold').with_value(param_hash[:rabbit_heartbeat_timeout_threshold])
is_expected.to contain_barbican_config('oslo_messaging_rabbit/heartbeat_rate').with_value(param_hash[:rabbit_heartbeat_rate])
end
it 'configures kombu certs' do
is_expected.to contain_barbican_config('oslo_messaging_rabbit/kombu_ssl_ca_certs').with_value(param_hash[:kombu_ssl_ca_certs])
is_expected.to contain_barbican_config('oslo_messaging_rabbit/kombu_ssl_certfile').with_value(param_hash[:kombu_ssl_certfile])
is_expected.to contain_barbican_config('oslo_messaging_rabbit/kombu_ssl_keyfile').with_value(param_hash[:kombu_ssl_keyfile])
is_expected.to contain_barbican_config('oslo_messaging_rabbit/kombu_ssl_version').with_value(param_hash[:kombu_ssl_version])
is_expected.to contain_barbican_config('oslo_messaging_rabbit/kombu_reconnect_delay').with_value(param_hash[:kombu_reconnect_delay])
end
it 'configures enabled plugins' do
is_expected.to contain_barbican_config('secretstore/enabled_secretstore_plugins') \
.with_value(param_hash[:enabled_secretstore_plugins])
is_expected.to contain_barbican_config('crypto/enabled_crypto_plugins') \
.with_value(param_hash[:enabled_crypto_plugins])
is_expected.to contain_barbican_config('certificate/enabled_certificate_plugins') \
.with_value(param_hash[:enabled_certificate_plugins])
is_expected.to contain_barbican_config('certificate_event/enabled_certificate_event_plugins') \
.with_value(param_hash[:enabled_certificate_event_plugins])
end
end
end
let :param_hash do
default_params.merge(param_set)
describe 'with SSL socket options set' do
let :pre_condition do
'class { "barbican::keystone::authtoken": password => "secret", }
include ::apache'
end
let :params do
param_set
default_params.merge({
:use_ssl => true,
:cert_file => '/path/to/cert',
:ca_file => '/path/to/ca',
:key_file => '/path/to/key',
})
end
let :host_ref do
"http://${::fqdn}:$param_hash[:bind_port]"
it { is_expected.to contain_barbican_config('DEFAULT/ca_file').with_value('/path/to/ca') }
it { is_expected.to contain_barbican_config('DEFAULT/cert_file').with_value('/path/to/cert') }
it { is_expected.to contain_barbican_config('DEFAULT/key_file').with_value('/path/to/key') }
end
describe 'with SSL socket options left by default' do
let :pre_condition do
'class { "barbican::keystone::authtoken": password => "secret", }
include ::apache'
end
it { is_expected.to contain_class 'barbican::api::logging' }
it { is_expected.to contain_class 'barbican::db' }
let :params do
default_params.merge({
:use_ssl => false,
})
end
it { is_expected.to contain_service('barbican-api').with(
'ensure' => (param_hash[:manage_service] && param_hash[:enabled]) ? 'running': 'stopped',
'enable' => param_hash[:enabled],
'hasstatus' => true,
'hasrestart' => true,
'tag' => 'barbican-service',
) }
it { is_expected.to contain_barbican_config('DEFAULT/ca_file').with_value('<SERVICE DEFAULT>') }
it { is_expected.to contain_barbican_config('DEFAULT/cert_file').with_value('<SERVICE DEFAULT>') }
it { is_expected.to contain_barbican_config('DEFAULT/key_file').with_value('<SERVICE DEFAULT>') }
end
it 'is_expected.to set default parameters' do
[
'bind_host',
'bind_port',
'max_allowed_secret_in_bytes',
'max_allowed_request_size_in_bytes',
].each do |config|
is_expected.to contain_barbican_config("DEFAULT/#{config}").with_value(param_hash[config.intern])
describe 'with SSL socket options set wrongly configured' do
let :pre_condition do
'class { "barbican::keystone::authtoken": password => "secret", }
include ::apache'
end
let :params do
default_params.merge({
:use_ssl => true,
:ca_file => '/path/to/ca',
:key_file => '/path/to/key',
})
end
it_raises 'a Puppet::Error', /The cert_file parameter is required when use_ssl is set to true/
end
describe 'with keystone auth' do
let :pre_condition do
'class { "barbican::keystone::authtoken": password => "secret", }
include ::apache'
end
let :params do
default_params.merge({
:auth_strategy => 'keystone',
})
end
it 'is_expected.to set keystone params correctly' do
is_expected.to contain_barbican_api_paste_ini('pipeline:barbican_api/pipeline')\
.with_value('cors authtoken context apiapp')
is_expected.to contain_class('barbican::keystone::authtoken')
end
end
end
shared_examples_for 'barbican api redhat' do
let :param_hash do
{
:manage_service => true,
:enabled => true,
:auth_strategy => 'keystone',
}
end
let :pre_condition do
'class { "barbican::keystone::authtoken": password => "secret", }'
end
context 'redhat systems eventlet service enabled' do
describe 'should contain eventlet service' do
it { is_expected.to contain_service('barbican-api').with(
'ensure' => (param_hash[:manage_service] && param_hash[:enabled]) ? 'running': 'stopped',
'enable' => param_hash[:enabled],
'hasstatus' => true,
'hasrestart' => true,
'tag' => 'barbican-service',
) }
end
end
context 'on redhat systems eventlet service disabled' do
describe 'with disabled service managing' do
let :params do
{
:manage_service => false,
:enabled => false,
:auth_strategy => 'keystone',
}
end
it { is_expected.to contain_service('barbican-api').with(
'ensure' => nil,
'enable' => false,
'hasstatus' => true,
'hasrestart' => true,
'tag' => 'barbican-service',
)}
end
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge(OSDefaults.get_facts({
:processorcount => 7,
:fqdn => 'some.host.tld',
:concat_basedir => '/var/lib/puppet/concat',
}))
end
case facts[:osfamily]
when 'RedHat'
let (:platform_params) do
{ :service_name => 'barbican-api' }
end
it_behaves_like 'barbican api redhat'
when 'Debian'
let :pre_condition do
'include ::apache'
end
let (:platform_params) do
{ :service_name => 'httpd' }
end
end
it 'configures queue' do
is_expected.to contain_barbican_config('queue/enable').with_value(param_hash[:enable_queue])
is_expected.to contain_barbican_config('queue/namespace').with_value(param_hash[:queue_namespace])
is_expected.to contain_barbican_config('queue/topic').with_value(param_hash[:queue_topic])
is_expected.to contain_barbican_config('queue/version').with_value(param_hash[:queue_version])
is_expected.to contain_barbican_config('queue/server_name').with_value(param_hash[:queue_server_name])
end
it 'configures rabbit' do
is_expected.to contain_barbican_config('DEFAULT/rpc_backend').with_value(param_hash[:rpc_backend])
is_expected.to contain_barbican_config('oslo_messaging_rabbit/rabbit_hosts').with_value(param_hash[:rabbit_hosts])
is_expected.to contain_barbican_config('oslo_messaging_rabbit/rabbit_password').with_value(param_hash[:rabbit_password]).with_secret(true)
is_expected.to contain_barbican_config('oslo_messaging_rabbit/rabbit_userid').with_value(param_hash[:rabbit_userid])
is_expected.to contain_barbican_config('oslo_messaging_rabbit/rabbit_virtual_host').with_value(param_hash[:rabbit_virtual_host])
is_expected.to contain_barbican_config('oslo_messaging_rabbit/heartbeat_timeout_threshold').with_value(param_hash[:rabbit_heartbeat_timeout_threshold])
is_expected.to contain_barbican_config('oslo_messaging_rabbit/heartbeat_rate').with_value(param_hash[:rabbit_heartbeat_rate])
end
it 'configures kombu certs' do
is_expected.to contain_barbican_config('oslo_messaging_rabbit/kombu_ssl_ca_certs').with_value(param_hash[:kombu_ssl_ca_certs])
is_expected.to contain_barbican_config('oslo_messaging_rabbit/kombu_ssl_certfile').with_value(param_hash[:kombu_ssl_certfile])
is_expected.to contain_barbican_config('oslo_messaging_rabbit/kombu_ssl_keyfile').with_value(param_hash[:kombu_ssl_keyfile])
is_expected.to contain_barbican_config('oslo_messaging_rabbit/kombu_ssl_version').with_value(param_hash[:kombu_ssl_version])
is_expected.to contain_barbican_config('oslo_messaging_rabbit/kombu_reconnect_delay').with_value(param_hash[:kombu_reconnect_delay])
end
it 'configures enabled plugins' do
is_expected.to contain_barbican_config('secretstore/enabled_secretstore_plugins') \
.with_value(param_hash[:enabled_secretstore_plugins])
is_expected.to contain_barbican_config('crypto/enabled_crypto_plugins') \
.with_value(param_hash[:enabled_crypto_plugins])
is_expected.to contain_barbican_config('certificate/enabled_certificate_plugins') \
.with_value(param_hash[:enabled_certificate_plugins])
is_expected.to contain_barbican_config('certificate_event/enabled_certificate_event_plugins') \
.with_value(param_hash[:enabled_certificate_event_plugins])
end
it_behaves_like 'barbican api'
end
end
describe 'with SSL socket options set' do
let :pre_condition do
'class { "barbican::keystone::authtoken": password => "secret", }'
end
let :params do
{
:use_ssl => true,
:cert_file => '/path/to/cert',
:ca_file => '/path/to/ca',
:key_file => '/path/to/key',
}
end
it { is_expected.to contain_barbican_config('DEFAULT/ca_file').with_value('/path/to/ca') }
it { is_expected.to contain_barbican_config('DEFAULT/cert_file').with_value('/path/to/cert') }
it { is_expected.to contain_barbican_config('DEFAULT/key_file').with_value('/path/to/key') }
end
describe 'with SSL socket options left by default' do
let :pre_condition do
'class { "barbican::keystone::authtoken": password => "secret", }'
end
let :params do
{
:use_ssl => false,
}
end
it { is_expected.to contain_barbican_config('DEFAULT/ca_file').with_value('<SERVICE DEFAULT>') }
it { is_expected.to contain_barbican_config('DEFAULT/cert_file').with_value('<SERVICE DEFAULT>') }
it { is_expected.to contain_barbican_config('DEFAULT/key_file').with_value('<SERVICE DEFAULT>') }
end
describe 'with SSL socket options set wrongly configured' do
let :pre_condition do
'class { "barbican::keystone::authtoken": password => "secret", }'
end
let :params do
{
:use_ssl => true,
:ca_file => '/path/to/ca',
:key_file => '/path/to/key',
}
end
it_raises 'a Puppet::Error', /The cert_file parameter is required when use_ssl is set to true/
end
describe 'with keystone auth' do
let :pre_condition do
'class { "barbican::keystone::authtoken": password => "secret", }'
end
let :params do
{
:auth_strategy => 'keystone',
}
end
it 'is_expected.to set keystone params correctly' do
is_expected.to contain_barbican_api_paste_ini('pipeline:barbican_api/pipeline')\
.with_value('cors authtoken context apiapp')
is_expected.to contain_class('barbican::keystone::authtoken')
end
end
describe 'with disabled service managing' do
let :params do
{
:manage_service => false,
:enabled => false,
:auth_strategy => 'None',
}
end
it { is_expected.to contain_service('barbican-api').with(
'ensure' => nil,
'enable' => false,
'hasstatus' => true,
'hasrestart' => true,
'tag' => 'barbican-service',
) }
end
describe 'on RedHat platforms' do
let :pre_condition do
'class { "barbican::keystone::authtoken": password => "secret", }'
end
let :facts do
OSDefaults.get_facts({
:osfamily => 'RedHat',
:operatingsystemrelease => '7',
})
end
let(:params) { default_params }
it { is_expected.to contain_package('barbican-api').with(
:tag => ['openstack', 'barbican-package'],
)}
end
describe 'on unknown platforms' do
let :facts do
OSDefaults.get_facts({ :osfamily => 'unknown' })
end
let(:params) { default_params }
it_raises 'a Puppet::Error', /Unsupported osfamily/
end
end

48
spec/classes/barbican_client_spec.rb
View File

@ -21,33 +21,41 @@ require 'spec_helper'
describe 'barbican::client' do
let :facts do
@default_facts.merge(
{
:osfamily => 'RedHat',
}
)
end
describe "with default parameters" do
it { is_expected.to contain_package('python-barbicanclient').with(
shared_examples_for 'barbican client' do
describe "with default parameters" do
it { is_expected.to contain_package('python-barbicanclient').with(
'ensure' => 'present',
'tag' => 'openstack'
) }
it { is_expected.to contain_package('python-openstackclient').with(
)}
it { is_expected.to contain_package('python-openstackclient').with(
'ensure' => 'present',
'tag' => 'openstack',
) }
end
describe "with specified version" do
let :params do
{:ensure => '2013.1'}
)}
end
it { is_expected.to contain_package('python-barbicanclient').with(
describe "with specified version" do
let :params do
{ :ensure => '2013.1' }
end
it { is_expected.to contain_package('python-barbicanclient').with(
'ensure' => '2013.1',
'tag' => 'openstack'
) }
)}
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge(OSDefaults.get_facts({
:fqdn => 'some.host.tld',
}))
end
it_configures 'barbican client'
end
end
end

102
spec/classes/barbican_db_mysql_spec.rb
View File

@ -21,61 +21,75 @@ require 'spec_helper'
describe 'barbican::db::mysql' do
let :pre_condition do
[
'include mysql::server',
'include barbican::db::sync'
]
end
shared_examples_for 'barbican db mysql' do
let :pre_condition do
[
'include mysql::server',
'include barbican::db::sync'
]
end
let :facts do
@default_facts.merge({ :osfamily => 'Debian' })
end
let :params do
{
'password' => 'fooboozoo_default_password',
}
end
describe 'with only required params' do
it { is_expected.to contain_openstacklib__db__mysql('barbican').with(
'user' => 'barbican',
'password_hash' => '*3DDF34A86854A312A8E2C65B506E21C91800D206',
'dbname' => 'barbican',
'host' => '127.0.0.1',
'charset' => 'utf8',
:collate => 'utf8_general_ci',
)}
end
describe "overriding allowed_hosts param to array" do
let :params do
{
:password => 'barbicanpass',
:allowed_hosts => ['127.0.0.1','%']
'password' => 'fooboozoo_default_password',
}
end
end
describe "overriding allowed_hosts param to string" do
let :params do
{
:password => 'barbicanpass2',
:allowed_hosts => '192.168.1.1'
}
describe 'with only required params' do
it { is_expected.to contain_openstacklib__db__mysql('barbican').with(
'user' => 'barbican',
'password_hash' => '*3DDF34A86854A312A8E2C65B506E21C91800D206',
'dbname' => 'barbican',
'host' => '127.0.0.1',
'charset' => 'utf8',
:collate => 'utf8_general_ci',
)}
end
end
describe "overriding allowed_hosts param to array" do
let :params do
{
:password => 'barbicanpass',
:allowed_hosts => ['127.0.0.1','%']
}
end
end
describe "overriding allowed_hosts param to string" do
let :params do
{
:password => 'barbicanpass2',
:allowed_hosts => '192.168.1.1'
}
end
describe "overriding allowed_hosts param equals to host param " do
let :params do
{
:password => 'barbicanpass2',
:allowed_hosts => '127.0.0.1'
}
end
describe "overriding allowed_hosts param equals to host param " do
let :params do
{
:password => 'barbicanpass2',
:allowed_hosts => '127.0.0.1'
}
end
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge(OSDefaults.get_facts({
:processorcount => 8,
:fqdn => 'some.host.tld',
:concat_basedir => '/var/lib/puppet/concat',
}))
end
it_configures 'barbican db mysql'
end
end
end

32
spec/classes/barbican_db_spec.rb
View File

@ -141,17 +141,10 @@ describe 'barbican::db' do
)
end
end
end
context 'on Redhat platforms' do
let :facts do
@default_facts.merge({ :osfamily => 'RedHat',
:operatingsystemrelease => '7.1',
})
end
it_configures 'barbican::db'
shared_examples_for 'barbican db on redhat' do
context 'using pymysql driver' do
let :params do
{ :database_connection => 'mysql+pymysql://barbican:barbican@localhost/barbican', }
@ -161,5 +154,26 @@ describe 'barbican::db' do
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge(OSDefaults.get_facts({
:processorcount => 8,
:fqdn => 'some.host.tld',
:concat_basedir => '/var/lib/puppet/concat',
}))
end
it_configures 'barbican::db'
case facts[:osfamily]
when 'RedHat'
it_configures 'barbican db on redhat'
end
end
end
end

96
spec/classes/barbican_keystone_notification_spec.rb
View File

@ -21,57 +21,67 @@ require 'spec_helper'
describe 'barbican::keystone::notification' do
let :facts do
@default_facts.merge(
shared_examples_for 'barbican keystone notification' do
let :default_params do
{
:osfamily => 'RedHat',
:os_workers => '7',
:enable_keystone_notification => '<SERVICE DEFAULT>',
:keystone_notification_control_exchange => '<SERVICE DEFAULT>',
:keystone_notification_topic => '<SERVICE DEFAULT>',
:keystone_notification_allow_requeue => '<SERVICE DEFAULT>',
:keystone_notification_thread_pool_size => '<SERVICE DEFAULT>',
}
)
end
end
let :default_params do
{
:enable_keystone_notification => '<SERVICE DEFAULT>',
:keystone_notification_control_exchange => '<SERVICE DEFAULT>',
:keystone_notification_topic => '<SERVICE DEFAULT>',
:keystone_notification_allow_requeue => '<SERVICE DEFAULT>',
:keystone_notification_thread_pool_size => '<SERVICE DEFAULT>',
}
end
[{},
{
:enable_keystone_notification => true,
:keystone_notification_control_exchange => 'exchange_data',
:keystone_notification_topic => 'barbican',
:keystone_notification_allow_requeue => true,
:keystone_notification_thread_pool_size => 20,
}
].each do |param_set|
[{},
{
:enable_keystone_notification => true,
:keystone_notification_control_exchange => 'exchange_data',
:keystone_notification_topic => 'barbican',
:keystone_notification_allow_requeue => true,
:keystone_notification_thread_pool_size => 20,
}
].each do |param_set|
describe "when #{param_set == {} ? "using default" : "specifying"} class parameters" do
describe "when #{param_set == {} ? "using default" : "specifying"} class parameters" do
let :param_hash do
default_params.merge(param_set)
end
let :param_hash do
default_params.merge(param_set)
end
let :params do
param_set
end
let :params do
param_set
end
it 'is_expected.to set keystone notification parameters' do
is_expected.to contain_barbican_config('keystone_notifications/enable')\
.with_value(param_hash[:enable_keystone_notification])
is_expected.to contain_barbican_config('keystone_notifications/allow_requeue')\
.with_value(param_hash[:keystone_notification_allow_requeue])
is_expected.to contain_barbican_config('keystone_notifications/thread_pool_size')\
.with_value(param_hash[:keystone_notification_thread_pool_size])
is_expected.to contain_barbican_config('keystone_notifications/topic')\
.with_value(param_hash[:keystone_notification_topic])
is_expected.to contain_barbican_config('keystone_notifications/control_exchange')\
.with_value(param_hash[:keystone_notification_control_exchange])
it 'is_expected.to set keystone notification parameters' do
is_expected.to contain_barbican_config('keystone_notifications/enable')\
.with_value(param_hash[:enable_keystone_notification])
is_expected.to contain_barbican_config('keystone_notifications/allow_requeue')\
.with_value(param_hash[:keystone_notification_allow_requeue])
is_expected.to contain_barbican_config('keystone_notifications/thread_pool_size')\
.with_value(param_hash[:keystone_notification_thread_pool_size])
is_expected.to contain_barbican_config('keystone_notifications/topic')\
.with_value(param_hash[:keystone_notification_topic])
is_expected.to contain_barbican_config('keystone_notifications/control_exchange')\
.with_value(param_hash[:keystone_notification_control_exchange])
end
end
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge(OSDefaults.get_facts({
:processorcount => 8,
:fqdn => 'some.host.tld',
:concat_basedir => '/var/lib/puppet/concat',
}))
end
it_configures 'barbican keystone notification'
end
end
end

103
spec/classes/barbican_plugins_kmip_spec.rb
View File

@ -21,59 +21,68 @@ require 'spec_helper'
describe 'barbican::plugins::kmip' do
let :facts do
@default_facts.merge(
{
:osfamily => 'RedHat',
:os_workers => '7',
}
)
end
shared_examples_for 'barbican plugins kmip' do
describe 'with kmip plugin with username' do
let :params do
{
:kmip_plugin_username => 'kmip_user',
:kmip_plugin_password => 'kmip_password',
:kmip_plugin_host => 'kmip_host',
:kmip_plugin_port => 9000,
}
describe 'with kmip plugin with username' do
let :params do
{
:kmip_plugin_username => 'kmip_user',
:kmip_plugin_password => 'kmip_password',
:kmip_plugin_host => 'kmip_host',
:kmip_plugin_port => 9000,
}
end
it 'is_expected.to set kmip parameters' do
is_expected.to contain_barbican_config('kmip_plugin/host')\
.with_value(params[:kmip_plugin_host])
is_expected.to contain_barbican_config('kmip_plugin/port')\
.with_value(params[:kmip_plugin_port])
is_expected.to contain_barbican_config('kmip_plugin/username')\
.with_value(params[:kmip_plugin_username])
is_expected.to contain_barbican_config('kmip_plugin/password')\
.with_value(params[:kmip_plugin_password])
end
end
it 'is_expected.to set kmip parameters' do
is_expected.to contain_barbican_config('kmip_plugin/host')\
.with_value(params[:kmip_plugin_host])
is_expected.to contain_barbican_config('kmip_plugin/port')\
.with_value(params[:kmip_plugin_port])
is_expected.to contain_barbican_config('kmip_plugin/username')\
.with_value(params[:kmip_plugin_username])
is_expected.to contain_barbican_config('kmip_plugin/password')\
.with_value(params[:kmip_plugin_password])
describe 'with kmip plugin with certificate' do
let :params do
{
:kmip_plugin_keyfile => 'key_file',
:kmip_plugin_certfile => 'cert_file',
:kmip_plugin_ca_certs => 'ca_cert_file',
:kmip_plugin_host => 'kmip_host',
:kmip_plugin_port => 9000,
}
end
it 'is_expected.to set kmip parameters' do
is_expected.to contain_barbican_config('kmip_plugin/keyfile')\
.with_value(params[:kmip_plugin_keyfile])
is_expected.to contain_barbican_config('kmip_plugin/certfile')\
.with_value(params[:kmip_plugin_certfile])
is_expected.to contain_barbican_config('kmip_plugin/ca_certs')\
.with_value(params[:kmip_plugin_ca_certs])
is_expected.to contain_barbican_config('kmip_plugin/host')\
.with_value(params[:kmip_plugin_host])
is_expected.to contain_barbican_config('kmip_plugin/port')\
.with_value(params[:kmip_plugin_port])
end
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge(OSDefaults.get_facts({
:processorcount => 8,
:fqdn => 'some.host.tld',
:concat_basedir => '/var/lib/puppet/concat',
}))
end
describe 'with kmip plugin with certificate' do
let :params do
{
:kmip_plugin_keyfile => 'key_file',
:kmip_plugin_certfile => 'cert_file',
:kmip_plugin_ca_certs => 'ca_cert_file',
:kmip_plugin_host => 'kmip_host',
:kmip_plugin_port => 9000,
}
end
it 'is_expected.to set kmip parameters' do
is_expected.to contain_barbican_config('kmip_plugin/keyfile')\
.with_value(params[:kmip_plugin_keyfile])
is_expected.to contain_barbican_config('kmip_plugin/certfile')\
.with_value(params[:kmip_plugin_certfile])
is_expected.to contain_barbican_config('kmip_plugin/ca_certs')\
.with_value(params[:kmip_plugin_ca_certs])
is_expected.to contain_barbican_config('kmip_plugin/host')\
.with_value(params[:kmip_plugin_host])
is_expected.to contain_barbican_config('kmip_plugin/port')\
.with_value(params[:kmip_plugin_port])
it_configures 'barbican plugins kmip'
end
end
end

71
spec/classes/barbican_plugins_p11_crypto_spec.rb
View File

@ -21,40 +21,49 @@ require 'spec_helper'
describe 'barbican::plugins::p11_crypto' do
let :facts do
@default_facts.merge(
{
:osfamily => 'RedHat',
:os_workers => '7',
}
)
shared_examples_for 'barbican plugins p11_crypto' do
describe 'with pk11 plugin' do
let :params do
{
:p11_crypto_plugin_login => 'p11_user',
:p11_crypto_plugin_mkek_label => 'mkek_label',
:p11_crypto_plugin_mkek_length => 32,
:p11_crypto_plugin_hmac_label => 'hmac_label',
:p11_crypto_plugin_slot_id => 1,
:p11_crypto_plugin_library_path => '/usr/lib/libCryptoki2_64.so',
}
end
it 'is_expected.to set p11 parameters' do
is_expected.to contain_barbican_config('p11_crypto_plugin/login') \
.with_value(params[:p11_crypto_plugin_login])
is_expected.to contain_barbican_config('p11_crypto_plugin/mkek_label') \
.with_value(params[:p11_crypto_plugin_mkek_label])
is_expected.to contain_barbican_config('p11_crypto_plugin/mkek_length') \
.with_value(params[:p11_crypto_plugin_mkek_length])
is_expected.to contain_barbican_config('p11_crypto_plugin/hmac_label') \
.with_value(params[:p11_crypto_plugin_hmac_label])
is_expected.to contain_barbican_config('p11_crypto_plugin/slot_id') \
.with_value(params[:p11_crypto_plugin_slot_id])
is_expected.to contain_barbican_config('p11_crypto_plugin/library_path') \
.with_value(params[:p11_crypto_plugin_library_path])
end
end
end
describe 'with pk11 plugin' do
let :params do
{
:p11_crypto_plugin_login => 'p11_user',
:p11_crypto_plugin_mkek_label => 'mkek_label',
:p11_crypto_plugin_mkek_length => 32,
:p11_crypto_plugin_hmac_label => 'hmac_label',
:p11_crypto_plugin_slot_id => 1,
:p11_crypto_plugin_library_path => '/usr/lib/libCryptoki2_64.so',
}
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge(OSDefaults.get_facts({
:processorcount => 8,
:fqdn => 'some.host.tld',
:concat_basedir => '/var/lib/puppet/concat',
}))
end
it 'is_expected.to set p11 parameters' do
is_expected.to contain_barbican_config('p11_crypto_plugin/login') \
.with_value(params[:p11_crypto_plugin_login])
is_expected.to contain_barbican_config('p11_crypto_plugin/mkek_label') \
.with_value(params[:p11_crypto_plugin_mkek_label])
is_expected.to contain_barbican_config('p11_crypto_plugin/mkek_length') \
.with_value(params[:p11_crypto_plugin_mkek_length])
is_expected.to contain_barbican_config('p11_crypto_plugin/hmac_label') \
.with_value(params[:p11_crypto_plugin_hmac_label])
is_expected.to contain_barbican_config('p11_crypto_plugin/slot_id') \
.with_value(params[:p11_crypto_plugin_slot_id])
is_expected.to contain_barbican_config('p11_crypto_plugin/library_path') \
.with_value(params[:p11_crypto_plugin_library_path])
it_configures 'barbican plugins p11_crypto'
end
end
end

55
spec/classes/barbican_plugins_simple_crypto_spec.rb
View File

@ -21,36 +21,45 @@ require 'spec_helper'
describe 'barbican::plugins::simple_crypto' do
let :facts do
@default_facts.merge(
{
:osfamily => 'RedHat',
:os_workers => '7',
}
)
end
shared_examples_for 'barbican plugins simple_crypto' do
describe 'with parameter passed into pk11 plugin' do
let :params do
{
:simple_crypto_plugin_kek => 'XXXXXXXXXXXXX'
}
end
describe 'with parameter passed into pk11 plugin' do
let :params do
{
:simple_crypto_plugin_kek => 'XXXXXXXXXXXXX'
}
it 'is_expected.to set simple_crypto parameters' do
is_expected.to contain_barbican_config('simple_crypto_plugin/kek') \
.with_value(params[:simple_crypto_plugin_kek])
end
end
it 'is_expected.to set simple_crypto parameters' do
is_expected.to contain_barbican_config('simple_crypto_plugin/kek') \
.with_value(params[:simple_crypto_plugin_kek])
describe 'with no parameter passed into pk11 plugin' do
let :params do
{}
end
it 'is_expected.to set default simple_crypto parameters' do
is_expected.to contain_barbican_config('simple_crypto_plugin/kek') \
.with_value('<SERVICE DEFAULT>')
end
end
end
describe 'with no parameter passed into pk11 plugin' do
let :params do
{}
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge(OSDefaults.get_facts({
:processorcount => 8,
:fqdn => 'some.host.tld',
:concat_basedir => '/var/lib/puppet/concat',
}))
end
it 'is_expected.to set default simple_crypto parameters' do
is_expected.to contain_barbican_config('simple_crypto_plugin/kek') \
.with_value('<SERVICE DEFAULT>')
it_configures 'barbican plugins simple_crypto'
end
end
end

91
spec/classes/barbican_quota_spec.rb
View File

@ -21,56 +21,65 @@ require 'spec_helper'
describe 'barbican::quota' do
let :facts do
@default_facts.merge(
shared_examples_for 'barbican quota' do
let :default_params do
{
:osfamily => 'RedHat',
:os_workers => '7',
:quota_secrets => '<SERVICE DEFAULT>',
:quota_orders => '<SERVICE DEFAULT>',
:quota_containers => '<SERVICE DEFAULT>',
:quota_consumers => '<SERVICE DEFAULT>',
:quota_cas => '<SERVICE DEFAULT>',
}
)
end
end
let :default_params do
{
:quota_secrets => '<SERVICE DEFAULT>',
:quota_orders => '<SERVICE DEFAULT>',
:quota_containers => '<SERVICE DEFAULT>',
:quota_consumers => '<SERVICE DEFAULT>',
:quota_cas => '<SERVICE DEFAULT>',
}
end
[{},
{
:quota_secrets => 100,
:quota_orders => 100,
:quota_containers => 100,
:quota_consumers => 100,
:quota_cas => 10,
}
].each do |param_set|
[{},
{
:quota_secrets => 100,
:quota_orders => 100,
:quota_containers => 100,
:quota_consumers => 100,
:quota_cas => 10,
}
].each do |param_set|
describe "when #{param_set == {} ? "using default" : "specifying"} class parameters" do
describe "when #{param_set == {} ? "using default" : "specifying"} class parameters" do
let :param_hash do
default_params.merge(param_set)
end
let :param_hash do
default_params.merge(param_set)
end
let :params do
param_set
end
let :params do
param_set
end
it 'is_expected.to set quota parameters' do
[
'quota_secrets',
'quota_orders',
'quota_containers',
'quota_consumers',
'quota_cas',
].each do |config|
is_expected.to contain_barbican_config("quotas/#{config}").with_value(param_hash[config.intern])
it 'is_expected.to set quota parameters' do
[
'quota_secrets',
'quota_orders',
'quota_containers',
'quota_consumers',
'quota_cas',
].each do |config|
is_expected.to contain_barbican_config("quotas/#{config}").with_value(param_hash[config.intern])
end
end
end
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge(OSDefaults.get_facts({
:processorcount => 8,
:fqdn => 'some.host.tld',
:concat_basedir => '/var/lib/puppet/concat',
}))
end
it_configures 'barbican quota'
end
end
end

2
spec/classes/barbican_wsgi_apache_spec.rb
View File

@ -121,7 +121,7 @@ describe 'barbican::wsgi::apache' do
{
:httpd_service_name => 'apache2',
:httpd_ports_file => '/etc/apache2/ports.conf',
:wsgi_script_path => '/var/www/cgi-bin/barbican',
:wsgi_script_path => '/usr/lib/cgi-bin/barbican',
}
when 'RedHat'
{