diff --git a/manifests/api.pp b/manifests/api.pp index 4231efeb..84e77f68 100644 --- a/manifests/api.pp +++ b/manifests/api.pp @@ -303,12 +303,6 @@ class barbican::api ( warning('auth_url is deprecated, use barbican::keystone::authtoken::auth_url instead.') } - file { ['/etc/barbican', '/var/log/barbican']: - ensure => directory, - require => Package['barbican-api'], - notify => Service['barbican-api'], - } - # TODO: Remove the posix users and permissions and merge this definition # with the previous one, once the barbican package has been updated # with the correct ownership for this directory. @@ -321,25 +315,17 @@ class barbican::api ( notify => Service[$service_name], } - file { ['/etc/barbican/barbican.conf', - '/etc/barbican/barbican-api-paste.ini', - '/etc/barbican/gunicorn-config.py']: - ensure => present, - require => Package['barbican-api'], - notify => Service[$service_name], - } - package { 'barbican-api': ensure => $ensure_package, name => $::barbican::params::api_package_name, tag => ['openstack', 'barbican-package'], } - File['/etc/barbican/barbican.conf'] -> Barbican_config<||> - File['/etc/barbican/barbican-api-paste.ini'] -> Barbican_api_paste_ini<||> - Package['barbican-api'] ~> Service[$service_name] - Barbican_config<||> ~> Service[$service_name] - Barbican_api_paste_ini<||> ~> Service[$service_name] + Package['barbican-api'] ~> Service[$service_name] + Barbican_config<||> ~> Service[$service_name] + Barbican_api_paste_ini<||> ~> Service[$service_name] + Package<| tag == 'barbican-package' |> -> Barbican_config<||> + Package<| tag == 'barbican-package' |> -> Barbican_api_paste_ini<||> # basic service config if $host_href == undef { @@ -354,13 +340,6 @@ class barbican::api ( 'DEFAULT/host_href': value => $host_href_real; } - File['/etc/barbican/gunicorn-config.py'] -> - file_line { 'Modify bind_port in gunicorn-config.py': - path => '/etc/barbican/gunicorn-config.py', - line => "bind = '${bind_host}:${bind_port}'", - match => '.*bind = .*', - } -> Service[$service_name] - #rabbit config if $rpc_backend in [$::os_service_default, 'rabbit'] { oslo::messaging::rabbit {'barbican_config': @@ -461,9 +440,9 @@ class barbican::api ( # SSL Options barbican_config { - 'DEFAULT/cert_file' : value => $cert_file; - 'DEFAULT/key_file' : value => $key_file; - 'DEFAULT/ca_file' : value => $ca_file; + 'DEFAULT/cert_file': value => $cert_file; + 'DEFAULT/key_file': value => $key_file; + 'DEFAULT/ca_file': value => $ca_file; } if $sync_db { @@ -471,6 +450,9 @@ class barbican::api ( } if $service_name == 'barbican-api' { + if $::osfamily == 'Debian' { + fail('On Debian family the service_name must be set to httpd as there is no eventlet init script.') + } service { 'barbican-api': ensure => $service_ensure, name => $::barbican::params::api_service_name, @@ -479,17 +461,27 @@ class barbican::api ( hasrestart => true, tag => 'barbican-service', } - } elsif $service_name == 'httpd' { - include ::apache::params - service { 'barbican-api': - ensure => 'stopped', - name => $::barbican::params::api_service_name, - enable => false, - tag => 'barbican-service', + + file_line { 'Modify bind_port in gunicorn-config.py': + path => '/etc/barbican/gunicorn-config.py', + line => "bind = '${bind_host}:${bind_port}'", + match => '.*bind = .*', } - # we need to make sure barbican-api is stopped before trying to start apache - Service['barbican-api'] -> Service[$service_name] + Package<| tag == 'barbican-package' |> -> File_line['Modify bind_port in gunicorn-config.py'] ~> Service[$service_name] + } elsif $service_name == 'httpd' { + include ::apache::params + # Debian/Ubuntu do not have a barbican-api and this will error out on them. + if $::osfamily == 'RedHat' { + service { 'barbican-api': + ensure => 'stopped', + name => $::barbican::params::api_service_name, + enable => false, + tag => 'barbican-service', + } + # we need to make sure barbican-api is stopped before trying to start apache + Service['barbican-api'] -> Service[$service_name] + } } else { fail('Invalid service_name. Use barbican-api for stand-alone or httpd') } diff --git a/manifests/params.pp b/manifests/params.pp index ded4d8c9..eb3146ad 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -5,7 +5,6 @@ class barbican::params { case $::osfamily { 'RedHat': { - $package_name = 'openstack-barbican' $api_package_name = 'openstack-barbican-api' $api_service_name = 'openstack-barbican-api' $worker_package_name = 'openstack-barbican-worker' @@ -16,11 +15,12 @@ class barbican::params { $dogtag_client_package = 'pki-base' } 'Debian': { - $package_name = 'openstack-barbican' - $service_name = 'openstack-barbican' + $api_package_name = 'barbican-api' + $worker_package_name = 'barbican-worker' + $worker_service_name = 'barbican-worker' $client_package_name = 'python-barbicanclient' - $barbican_wsgi_script_path = '/var/www/cgi-bin/barbican' - $barbican_wsgi_script_source = '/usr/lib/python2.7/site-packages/barbican/api/app.wsgi' + $barbican_wsgi_script_path = '/usr/lib/cgi-bin/barbican' + $barbican_wsgi_script_source = '/usr/lib/python2.7/dist-packages/barbican/api/app.wsgi' $dogtag_client_package = 'pki-base' } default: { diff --git a/manifests/wsgi/apache.pp b/manifests/wsgi/apache.pp index 0c46f5e7..87f92529 100644 --- a/manifests/wsgi/apache.pp +++ b/manifests/wsgi/apache.pp @@ -164,6 +164,8 @@ class barbican::wsgi::apache ( require => Package['httpd'], } + Package<| tag == 'barbican-api' |> -> File[$::barbican::params::barbican_wsgi_script_path] + $wsgi_files = { 'barbican_wsgi_main' => { 'path' => "${::barbican::params::barbican_wsgi_script_path}/main", diff --git a/releasenotes/notes/fix_ubuntu_install-20a799586184762a.yaml b/releasenotes/notes/fix_ubuntu_install-20a799586184762a.yaml new file mode 100644 index 00000000..c27eeec9 --- /dev/null +++ b/releasenotes/notes/fix_ubuntu_install-20a799586184762a.yaml @@ -0,0 +1,11 @@ +--- +issues: + - Fix for wsgi app locations for Ubuntu/Debian, was previously using RedHat packaging locations. + - Add conditional to prevent puppet from trying to manage barbican-api service on Ubuntu/Debian + as the packaging contains no init script for the eventlet. + - Add api_package_name for Ubuntu/Debian. This worked because the title is the same as the + package name on Ubuntu/Debian and api_package_name was undefined. + - Add worker_package_name and worker_service_name for Ubuntu/Debian. + - Remove unused variable package_name from params for both Ubuntu/Debian and RedHat. + - Remove service_name for Ubuntu/Debian as there is no init script for Ubuntu/Debian and apache + must be used. diff --git a/spec/acceptance/basic_barbican_spec.rb b/spec/acceptance/basic_barbican_spec.rb index cce1cdde..6432187e 100644 --- a/spec/acceptance/basic_barbican_spec.rb +++ b/spec/acceptance/basic_barbican_spec.rb @@ -25,54 +25,43 @@ describe 'barbican::api basic test class' do include ::openstack_integration::repos include ::openstack_integration::mysql include ::openstack_integration::keystone + include ::barbican - case $::osfamily { - 'Debian': { - warning('Barbican is not yet packaged on Ubuntu systems.') - } - 'RedHat': { - # Barbican resources - include ::barbican - - class { '::barbican::keystone::auth': - password => 'a_big_secret', - } - - class { '::barbican::api::logging': - } - - class { '::barbican::quota': - } - - class { '::barbican::keystone::notification': - } - - class { '::barbican::db::mysql': - password => 'a_big_secret', - } - - class { '::barbican::db': - database_connection => 'mysql+pymysql://barbican:a_big_secret@127.0.0.1/barbican?charset=utf8', - } - - class { '::barbican::keystone::authtoken': - password => 'a_big_secret', - } - - class { '::barbican::api': - host_href => 'http://localhost:9311', - auth_strategy => 'keystone', - service_name => 'httpd', - enabled_certificate_plugins => ['simple_certificate'], - db_auto_create => false, - } - - include ::apache - class { '::barbican::wsgi::apache': - ssl => false, - } - } + class { '::barbican::keystone::auth': + password => 'a_big_secret', } + + class { '::barbican::api::logging': } + + class { '::barbican::quota': } + + class { '::barbican::keystone::notification': } + + class { '::barbican::db::mysql': + password => 'a_big_secret', + } + + class { '::barbican::db': + database_connection => 'mysql+pymysql://barbican:a_big_secret@127.0.0.1/barbican?charset=utf8', + } + + class { '::barbican::keystone::authtoken': + password => 'a_big_secret', + } + + class { '::barbican::api': + host_href => 'http://localhost:9311', + auth_strategy => 'keystone', + service_name => 'httpd', + enabled_certificate_plugins => ['simple_certificate'], + db_auto_create => false, + } + + include ::apache + class { '::barbican::wsgi::apache': + ssl => false, + } + EOS it 'should work with no errors' do diff --git a/spec/classes/barbican_api_logging_spec.rb b/spec/classes/barbican_api_logging_spec.rb index 267b7447..2b49b722 100644 --- a/spec/classes/barbican_api_logging_spec.rb +++ b/spec/classes/barbican_api_logging_spec.rb @@ -106,20 +106,20 @@ describe 'barbican::api::logging' do } end - context 'on Debian platforms' do - let :facts do - @default_facts.merge({ :osfamily => 'Debian' }) + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge(OSDefaults.get_facts({ + :processorcount => 8, + :fqdn => 'some.host.tld', + :concat_basedir => '/var/lib/puppet/concat', + })) + end + + it_configures 'barbican-logging' end - - it_configures 'barbican-logging' - end - - context 'on RedHat platforms' do - let :facts do - @default_facts.merge({ :osfamily => 'RedHat' }) - end - - it_configures 'barbican-logging' end end diff --git a/spec/classes/barbican_api_spec.rb b/spec/classes/barbican_api_spec.rb index cbe5449d..77fda861 100644 --- a/spec/classes/barbican_api_spec.rb +++ b/spec/classes/barbican_api_spec.rb @@ -21,283 +21,306 @@ require 'spec_helper' describe 'barbican::api' do - let :facts do - @default_facts.merge( - OSDefaults.get_facts({ - :osfamily => 'RedHat', - :os_workers => '7', - }) - ) - end + shared_examples_for 'barbican api' do - let :default_params do - { - :bind_host => '0.0.0.0', - :bind_port => '9311', - :rpc_backend => 'rabbit', - :rabbit_host => '', - :rabbit_hosts => [''], - :rabbit_password => '', - :rabbit_port => '', - :rabbit_userid => '', - :rabbit_virtual_host => '', - :rabbit_use_ssl => '', - :rabbit_heartbeat_timeout_threshold => '', - :rabbit_heartbeat_rate => '', - :rabbit_ha_queues => '', - :amqp_durable_queues => '', - :max_allowed_secret_in_bytes => '', - :max_allowed_request_size_in_bytes => '', - :enable_queue => '', - :queue_namespace => '', - :queue_topic => '', - :queue_version => '', - :queue_server_name => '', - :kombu_ssl_ca_certs => '', - :kombu_ssl_certfile => '', - :kombu_ssl_keyfile => '', - :kombu_ssl_version => '', - :kombu_reconnect_delay => '', - :manage_service => true, - :enabled => true, - :enabled_secretstore_plugins => [''], - :enabled_crypto_plugins => [''], - :enabled_certificate_plugins => [''], - :enabled_certificate_event_plugins => [''], - :auth_strategy => 'keystone', - :retry_scheduler_initial_delay_seconds => '', - :retry_scheduler_periodic_interval_max_seconds => '', - } - end + let :default_params do + { + :bind_host => '0.0.0.0', + :bind_port => '9311', + :rpc_backend => 'rabbit', + :rabbit_host => '', + :rabbit_hosts => [''], + :rabbit_password => '', + :rabbit_port => '', + :rabbit_userid => '', + :rabbit_virtual_host => '', + :rabbit_use_ssl => '', + :rabbit_heartbeat_timeout_threshold => '', + :rabbit_heartbeat_rate => '', + :rabbit_ha_queues => '', + :amqp_durable_queues => '', + :max_allowed_secret_in_bytes => '', + :max_allowed_request_size_in_bytes => '', + :enable_queue => '', + :queue_namespace => '', + :queue_topic => '', + :queue_version => '', + :queue_server_name => '', + :kombu_ssl_ca_certs => '', + :kombu_ssl_certfile => '', + :kombu_ssl_keyfile => '', + :kombu_ssl_version => '', + :kombu_reconnect_delay => '', + :manage_service => true, + :enabled => true, + :enabled_secretstore_plugins => [''], + :enabled_crypto_plugins => [''], + :enabled_certificate_plugins => [''], + :enabled_certificate_event_plugins => [''], + :auth_strategy => 'keystone', + :retry_scheduler_initial_delay_seconds => '', + :retry_scheduler_periodic_interval_max_seconds => '', + :service_name => platform_params[:service_name], + } + end - [{ - :bind_host => '127.0.0.1', - :bind_port => '9312', - :rpc_backend => 'rabbit', - :rabbit_host => 'rabbithost', - :rabbit_hosts => ['rabbithost:1234'], - :rabbit_password => 'bugs_bunny', - :rabbit_port => '1234', - :rabbit_userid => 'bugs', - :rabbit_virtual_host => 'rabbithost', - :rabbit_use_ssl => true, - :rabbit_heartbeat_timeout_threshold => '10', - :rabbit_heartbeat_rate => '10', - :rabbit_ha_queues => true, - :amqp_durable_queues => true, - :enable_queue => true, - :queue_namespace => 'barbican1', - :queue_topic => 'barbican1.workers', - :queue_version => '1.2', - :queue_server_name => 'barbican1.queue', - :manage_service => true, - :enabled => false, - :kombu_ssl_ca_certs => 'path_to_certs', - :kombu_ssl_certfile => 'path_to_certfile', - :kombu_ssl_keyfile => 'path_to_keyfile', - :kombu_ssl_version => '1.2', - :kombu_reconnect_delay => '10', - :enabled_secretstore_plugins => ['dogtag_crypto', 'store_crypto', 'kmip'], - :enabled_crypto_plugins => ['simple_crypto'], - :enabled_certificate_plugins => ['simple_certificate', 'dogtag'], - :enabled_certificate_event_plugins => ['simple_certificate_event', 'foo_event'], - :retry_scheduler_initial_delay_seconds => 20.0, - :retry_scheduler_periodic_interval_max_seconds => 20.0, - :max_allowed_secret_in_bytes => 20000, - :max_allowed_request_size_in_bytes => 2000000, - } - ].each do |param_set| + [{ + :bind_host => '127.0.0.1', + :bind_port => '9312', + :rpc_backend => 'rabbit', + :rabbit_host => 'rabbithost', + :rabbit_hosts => ['rabbithost:1234'], + :rabbit_password => 'bugs_bunny', + :rabbit_port => '1234', + :rabbit_userid => 'bugs', + :rabbit_virtual_host => 'rabbithost', + :rabbit_use_ssl => true, + :rabbit_heartbeat_timeout_threshold => '10', + :rabbit_heartbeat_rate => '10', + :rabbit_ha_queues => true, + :amqp_durable_queues => true, + :enable_queue => true, + :queue_namespace => 'barbican1', + :queue_topic => 'barbican1.workers', + :queue_version => '1.2', + :queue_server_name => 'barbican1.queue', + :manage_service => true, + :enabled => false, + :kombu_ssl_ca_certs => 'path_to_certs', + :kombu_ssl_certfile => 'path_to_certfile', + :kombu_ssl_keyfile => 'path_to_keyfile', + :kombu_ssl_version => '1.2', + :kombu_reconnect_delay => '10', + :enabled_secretstore_plugins => ['dogtag_crypto', 'store_crypto', 'kmip'], + :enabled_crypto_plugins => ['simple_crypto'], + :enabled_certificate_plugins => ['simple_certificate', 'dogtag'], + :enabled_certificate_event_plugins => ['simple_certificate_event', 'foo_event'], + :retry_scheduler_initial_delay_seconds => 20.0, + :retry_scheduler_periodic_interval_max_seconds => 20.0, + :max_allowed_secret_in_bytes => 20000, + :max_allowed_request_size_in_bytes => 2000000, + } + ].each do |param_set| + describe "when #{param_set == {} ? "using default" : "specifying"} class parameters" do + let :pre_condition do + 'class { "barbican::keystone::authtoken": password => "secret", } + include ::apache' + end - describe "when #{param_set == {} ? "using default" : "specifying"} class parameters" do - let :pre_condition do - 'class { "barbican::keystone::authtoken": password => "secret", }' + let :param_hash do + default_params.merge(param_set) + end + + let :params do + default_params.merge(param_set) + end + + let :host_ref do + "http://${::fqdn}:$param_hash[:bind_port]" + end + + it { is_expected.to contain_class 'barbican::api::logging' } + it { is_expected.to contain_class 'barbican::db' } + + it { is_expected.to contain_package('barbican-api').with( + :tag => ['openstack', 'barbican-package'], + )} + + it 'is_expected.to set default parameters' do + [ + 'bind_host', + 'bind_port', + 'max_allowed_secret_in_bytes', + 'max_allowed_request_size_in_bytes', + ].each do |config| + is_expected.to contain_barbican_config("DEFAULT/#{config}").with_value(param_hash[config.intern]) + end + end + + it 'configures queue' do + is_expected.to contain_barbican_config('queue/enable').with_value(param_hash[:enable_queue]) + is_expected.to contain_barbican_config('queue/namespace').with_value(param_hash[:queue_namespace]) + is_expected.to contain_barbican_config('queue/topic').with_value(param_hash[:queue_topic]) + is_expected.to contain_barbican_config('queue/version').with_value(param_hash[:queue_version]) + is_expected.to contain_barbican_config('queue/server_name').with_value(param_hash[:queue_server_name]) + end + + it 'configures rabbit' do + is_expected.to contain_barbican_config('DEFAULT/rpc_backend').with_value(param_hash[:rpc_backend]) + is_expected.to contain_barbican_config('oslo_messaging_rabbit/rabbit_hosts').with_value(param_hash[:rabbit_hosts]) + is_expected.to contain_barbican_config('oslo_messaging_rabbit/rabbit_password').with_value(param_hash[:rabbit_password]).with_secret(true) + is_expected.to contain_barbican_config('oslo_messaging_rabbit/rabbit_userid').with_value(param_hash[:rabbit_userid]) + is_expected.to contain_barbican_config('oslo_messaging_rabbit/rabbit_virtual_host').with_value(param_hash[:rabbit_virtual_host]) + is_expected.to contain_barbican_config('oslo_messaging_rabbit/heartbeat_timeout_threshold').with_value(param_hash[:rabbit_heartbeat_timeout_threshold]) + is_expected.to contain_barbican_config('oslo_messaging_rabbit/heartbeat_rate').with_value(param_hash[:rabbit_heartbeat_rate]) + end + + it 'configures kombu certs' do + is_expected.to contain_barbican_config('oslo_messaging_rabbit/kombu_ssl_ca_certs').with_value(param_hash[:kombu_ssl_ca_certs]) + is_expected.to contain_barbican_config('oslo_messaging_rabbit/kombu_ssl_certfile').with_value(param_hash[:kombu_ssl_certfile]) + is_expected.to contain_barbican_config('oslo_messaging_rabbit/kombu_ssl_keyfile').with_value(param_hash[:kombu_ssl_keyfile]) + is_expected.to contain_barbican_config('oslo_messaging_rabbit/kombu_ssl_version').with_value(param_hash[:kombu_ssl_version]) + is_expected.to contain_barbican_config('oslo_messaging_rabbit/kombu_reconnect_delay').with_value(param_hash[:kombu_reconnect_delay]) + end + + it 'configures enabled plugins' do + is_expected.to contain_barbican_config('secretstore/enabled_secretstore_plugins') \ + .with_value(param_hash[:enabled_secretstore_plugins]) + is_expected.to contain_barbican_config('crypto/enabled_crypto_plugins') \ + .with_value(param_hash[:enabled_crypto_plugins]) + is_expected.to contain_barbican_config('certificate/enabled_certificate_plugins') \ + .with_value(param_hash[:enabled_certificate_plugins]) + is_expected.to contain_barbican_config('certificate_event/enabled_certificate_event_plugins') \ + .with_value(param_hash[:enabled_certificate_event_plugins]) + end end + end - let :param_hash do - default_params.merge(param_set) + describe 'with SSL socket options set' do + let :pre_condition do + 'class { "barbican::keystone::authtoken": password => "secret", } + include ::apache' end let :params do - param_set + default_params.merge({ + :use_ssl => true, + :cert_file => '/path/to/cert', + :ca_file => '/path/to/ca', + :key_file => '/path/to/key', + }) end - let :host_ref do - "http://${::fqdn}:$param_hash[:bind_port]" + it { is_expected.to contain_barbican_config('DEFAULT/ca_file').with_value('/path/to/ca') } + it { is_expected.to contain_barbican_config('DEFAULT/cert_file').with_value('/path/to/cert') } + it { is_expected.to contain_barbican_config('DEFAULT/key_file').with_value('/path/to/key') } + end + + describe 'with SSL socket options left by default' do + let :pre_condition do + 'class { "barbican::keystone::authtoken": password => "secret", } + include ::apache' end - it { is_expected.to contain_class 'barbican::api::logging' } - it { is_expected.to contain_class 'barbican::db' } + let :params do + default_params.merge({ + :use_ssl => false, + }) + end - it { is_expected.to contain_service('barbican-api').with( - 'ensure' => (param_hash[:manage_service] && param_hash[:enabled]) ? 'running': 'stopped', - 'enable' => param_hash[:enabled], - 'hasstatus' => true, - 'hasrestart' => true, - 'tag' => 'barbican-service', - ) } + it { is_expected.to contain_barbican_config('DEFAULT/ca_file').with_value('') } + it { is_expected.to contain_barbican_config('DEFAULT/cert_file').with_value('') } + it { is_expected.to contain_barbican_config('DEFAULT/key_file').with_value('') } + end - it 'is_expected.to set default parameters' do - [ - 'bind_host', - 'bind_port', - 'max_allowed_secret_in_bytes', - 'max_allowed_request_size_in_bytes', - ].each do |config| - is_expected.to contain_barbican_config("DEFAULT/#{config}").with_value(param_hash[config.intern]) + describe 'with SSL socket options set wrongly configured' do + let :pre_condition do + 'class { "barbican::keystone::authtoken": password => "secret", } + include ::apache' + end + + let :params do + default_params.merge({ + :use_ssl => true, + :ca_file => '/path/to/ca', + :key_file => '/path/to/key', + }) + end + + it_raises 'a Puppet::Error', /The cert_file parameter is required when use_ssl is set to true/ + end + + describe 'with keystone auth' do + let :pre_condition do + 'class { "barbican::keystone::authtoken": password => "secret", } + include ::apache' + end + + let :params do + default_params.merge({ + :auth_strategy => 'keystone', + }) + end + + it 'is_expected.to set keystone params correctly' do + is_expected.to contain_barbican_api_paste_ini('pipeline:barbican_api/pipeline')\ + .with_value('cors authtoken context apiapp') + is_expected.to contain_class('barbican::keystone::authtoken') + end + end + end + + shared_examples_for 'barbican api redhat' do + let :param_hash do + { + :manage_service => true, + :enabled => true, + :auth_strategy => 'keystone', + } + end + let :pre_condition do + 'class { "barbican::keystone::authtoken": password => "secret", }' + end + context 'redhat systems eventlet service enabled' do + describe 'should contain eventlet service' do + it { is_expected.to contain_service('barbican-api').with( + 'ensure' => (param_hash[:manage_service] && param_hash[:enabled]) ? 'running': 'stopped', + 'enable' => param_hash[:enabled], + 'hasstatus' => true, + 'hasrestart' => true, + 'tag' => 'barbican-service', + ) } + end + end + context 'on redhat systems eventlet service disabled' do + describe 'with disabled service managing' do + let :params do + { + :manage_service => false, + :enabled => false, + :auth_strategy => 'keystone', + } + end + + it { is_expected.to contain_service('barbican-api').with( + 'ensure' => nil, + 'enable' => false, + 'hasstatus' => true, + 'hasrestart' => true, + 'tag' => 'barbican-service', + )} + end + end + end + + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge(OSDefaults.get_facts({ + :processorcount => 7, + :fqdn => 'some.host.tld', + :concat_basedir => '/var/lib/puppet/concat', + })) + end + + case facts[:osfamily] + when 'RedHat' + let (:platform_params) do + { :service_name => 'barbican-api' } + end + it_behaves_like 'barbican api redhat' + when 'Debian' + let :pre_condition do + 'include ::apache' + end + let (:platform_params) do + { :service_name => 'httpd' } end end - it 'configures queue' do - is_expected.to contain_barbican_config('queue/enable').with_value(param_hash[:enable_queue]) - is_expected.to contain_barbican_config('queue/namespace').with_value(param_hash[:queue_namespace]) - is_expected.to contain_barbican_config('queue/topic').with_value(param_hash[:queue_topic]) - is_expected.to contain_barbican_config('queue/version').with_value(param_hash[:queue_version]) - is_expected.to contain_barbican_config('queue/server_name').with_value(param_hash[:queue_server_name]) - end - - it 'configures rabbit' do - is_expected.to contain_barbican_config('DEFAULT/rpc_backend').with_value(param_hash[:rpc_backend]) - is_expected.to contain_barbican_config('oslo_messaging_rabbit/rabbit_hosts').with_value(param_hash[:rabbit_hosts]) - is_expected.to contain_barbican_config('oslo_messaging_rabbit/rabbit_password').with_value(param_hash[:rabbit_password]).with_secret(true) - is_expected.to contain_barbican_config('oslo_messaging_rabbit/rabbit_userid').with_value(param_hash[:rabbit_userid]) - is_expected.to contain_barbican_config('oslo_messaging_rabbit/rabbit_virtual_host').with_value(param_hash[:rabbit_virtual_host]) - is_expected.to contain_barbican_config('oslo_messaging_rabbit/heartbeat_timeout_threshold').with_value(param_hash[:rabbit_heartbeat_timeout_threshold]) - is_expected.to contain_barbican_config('oslo_messaging_rabbit/heartbeat_rate').with_value(param_hash[:rabbit_heartbeat_rate]) - end - - it 'configures kombu certs' do - is_expected.to contain_barbican_config('oslo_messaging_rabbit/kombu_ssl_ca_certs').with_value(param_hash[:kombu_ssl_ca_certs]) - is_expected.to contain_barbican_config('oslo_messaging_rabbit/kombu_ssl_certfile').with_value(param_hash[:kombu_ssl_certfile]) - is_expected.to contain_barbican_config('oslo_messaging_rabbit/kombu_ssl_keyfile').with_value(param_hash[:kombu_ssl_keyfile]) - is_expected.to contain_barbican_config('oslo_messaging_rabbit/kombu_ssl_version').with_value(param_hash[:kombu_ssl_version]) - is_expected.to contain_barbican_config('oslo_messaging_rabbit/kombu_reconnect_delay').with_value(param_hash[:kombu_reconnect_delay]) - end - - it 'configures enabled plugins' do - is_expected.to contain_barbican_config('secretstore/enabled_secretstore_plugins') \ - .with_value(param_hash[:enabled_secretstore_plugins]) - is_expected.to contain_barbican_config('crypto/enabled_crypto_plugins') \ - .with_value(param_hash[:enabled_crypto_plugins]) - is_expected.to contain_barbican_config('certificate/enabled_certificate_plugins') \ - .with_value(param_hash[:enabled_certificate_plugins]) - is_expected.to contain_barbican_config('certificate_event/enabled_certificate_event_plugins') \ - .with_value(param_hash[:enabled_certificate_event_plugins]) - end + it_behaves_like 'barbican api' end end - - describe 'with SSL socket options set' do - let :pre_condition do - 'class { "barbican::keystone::authtoken": password => "secret", }' - end - - let :params do - { - :use_ssl => true, - :cert_file => '/path/to/cert', - :ca_file => '/path/to/ca', - :key_file => '/path/to/key', - } - end - - it { is_expected.to contain_barbican_config('DEFAULT/ca_file').with_value('/path/to/ca') } - it { is_expected.to contain_barbican_config('DEFAULT/cert_file').with_value('/path/to/cert') } - it { is_expected.to contain_barbican_config('DEFAULT/key_file').with_value('/path/to/key') } - end - - describe 'with SSL socket options left by default' do - let :pre_condition do - 'class { "barbican::keystone::authtoken": password => "secret", }' - end - - let :params do - { - :use_ssl => false, - } - end - - it { is_expected.to contain_barbican_config('DEFAULT/ca_file').with_value('') } - it { is_expected.to contain_barbican_config('DEFAULT/cert_file').with_value('') } - it { is_expected.to contain_barbican_config('DEFAULT/key_file').with_value('') } - end - - describe 'with SSL socket options set wrongly configured' do - let :pre_condition do - 'class { "barbican::keystone::authtoken": password => "secret", }' - end - - let :params do - { - :use_ssl => true, - :ca_file => '/path/to/ca', - :key_file => '/path/to/key', - } - end - - it_raises 'a Puppet::Error', /The cert_file parameter is required when use_ssl is set to true/ - end - - describe 'with keystone auth' do - let :pre_condition do - 'class { "barbican::keystone::authtoken": password => "secret", }' - end - - let :params do - { - :auth_strategy => 'keystone', - } - end - - it 'is_expected.to set keystone params correctly' do - is_expected.to contain_barbican_api_paste_ini('pipeline:barbican_api/pipeline')\ - .with_value('cors authtoken context apiapp') - is_expected.to contain_class('barbican::keystone::authtoken') - end - end - - describe 'with disabled service managing' do - let :params do - { - :manage_service => false, - :enabled => false, - :auth_strategy => 'None', - } - end - - it { is_expected.to contain_service('barbican-api').with( - 'ensure' => nil, - 'enable' => false, - 'hasstatus' => true, - 'hasrestart' => true, - 'tag' => 'barbican-service', - ) } - end - - describe 'on RedHat platforms' do - let :pre_condition do - 'class { "barbican::keystone::authtoken": password => "secret", }' - end - - let :facts do - OSDefaults.get_facts({ - :osfamily => 'RedHat', - :operatingsystemrelease => '7', - }) - end - let(:params) { default_params } - - it { is_expected.to contain_package('barbican-api').with( - :tag => ['openstack', 'barbican-package'], - )} - end - - describe 'on unknown platforms' do - let :facts do - OSDefaults.get_facts({ :osfamily => 'unknown' }) - end - let(:params) { default_params } - - it_raises 'a Puppet::Error', /Unsupported osfamily/ - end - end diff --git a/spec/classes/barbican_client_spec.rb b/spec/classes/barbican_client_spec.rb index 100e9914..ab6b7f20 100644 --- a/spec/classes/barbican_client_spec.rb +++ b/spec/classes/barbican_client_spec.rb @@ -21,33 +21,41 @@ require 'spec_helper' describe 'barbican::client' do - let :facts do - @default_facts.merge( - { - :osfamily => 'RedHat', - } - ) - end - - describe "with default parameters" do - it { is_expected.to contain_package('python-barbicanclient').with( + shared_examples_for 'barbican client' do + describe "with default parameters" do + it { is_expected.to contain_package('python-barbicanclient').with( 'ensure' => 'present', 'tag' => 'openstack' - ) } - it { is_expected.to contain_package('python-openstackclient').with( + )} + it { is_expected.to contain_package('python-openstackclient').with( 'ensure' => 'present', 'tag' => 'openstack', - ) } - end - - describe "with specified version" do - let :params do - {:ensure => '2013.1'} + )} end - it { is_expected.to contain_package('python-barbicanclient').with( + describe "with specified version" do + let :params do + { :ensure => '2013.1' } + end + + it { is_expected.to contain_package('python-barbicanclient').with( 'ensure' => '2013.1', 'tag' => 'openstack' - ) } + )} + end + end + + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge(OSDefaults.get_facts({ + :fqdn => 'some.host.tld', + })) + end + + it_configures 'barbican client' + end end end diff --git a/spec/classes/barbican_db_mysql_spec.rb b/spec/classes/barbican_db_mysql_spec.rb index 126a630a..8506a0ae 100644 --- a/spec/classes/barbican_db_mysql_spec.rb +++ b/spec/classes/barbican_db_mysql_spec.rb @@ -21,61 +21,75 @@ require 'spec_helper' describe 'barbican::db::mysql' do - let :pre_condition do - [ - 'include mysql::server', - 'include barbican::db::sync' - ] - end + shared_examples_for 'barbican db mysql' do + let :pre_condition do + [ + 'include mysql::server', + 'include barbican::db::sync' + ] + end - let :facts do - @default_facts.merge({ :osfamily => 'Debian' }) - end - - let :params do - { - 'password' => 'fooboozoo_default_password', - } - end - - describe 'with only required params' do - it { is_expected.to contain_openstacklib__db__mysql('barbican').with( - 'user' => 'barbican', - 'password_hash' => '*3DDF34A86854A312A8E2C65B506E21C91800D206', - 'dbname' => 'barbican', - 'host' => '127.0.0.1', - 'charset' => 'utf8', - :collate => 'utf8_general_ci', - )} - end - - describe "overriding allowed_hosts param to array" do let :params do { - :password => 'barbicanpass', - :allowed_hosts => ['127.0.0.1','%'] + 'password' => 'fooboozoo_default_password', } end - end - describe "overriding allowed_hosts param to string" do - let :params do - { - :password => 'barbicanpass2', - :allowed_hosts => '192.168.1.1' - } + describe 'with only required params' do + it { is_expected.to contain_openstacklib__db__mysql('barbican').with( + 'user' => 'barbican', + 'password_hash' => '*3DDF34A86854A312A8E2C65B506E21C91800D206', + 'dbname' => 'barbican', + 'host' => '127.0.0.1', + 'charset' => 'utf8', + :collate => 'utf8_general_ci', + )} end - end + describe "overriding allowed_hosts param to array" do + let :params do + { + :password => 'barbicanpass', + :allowed_hosts => ['127.0.0.1','%'] + } + end + + end + describe "overriding allowed_hosts param to string" do + let :params do + { + :password => 'barbicanpass2', + :allowed_hosts => '192.168.1.1' + } + end - describe "overriding allowed_hosts param equals to host param " do - let :params do - { - :password => 'barbicanpass2', - :allowed_hosts => '127.0.0.1' - } end + describe "overriding allowed_hosts param equals to host param " do + let :params do + { + :password => 'barbicanpass2', + :allowed_hosts => '127.0.0.1' + } + end + + end + end + + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge(OSDefaults.get_facts({ + :processorcount => 8, + :fqdn => 'some.host.tld', + :concat_basedir => '/var/lib/puppet/concat', + })) + end + + it_configures 'barbican db mysql' + end end end diff --git a/spec/classes/barbican_db_spec.rb b/spec/classes/barbican_db_spec.rb index bdd55d32..14afe795 100644 --- a/spec/classes/barbican_db_spec.rb +++ b/spec/classes/barbican_db_spec.rb @@ -141,17 +141,10 @@ describe 'barbican::db' do ) end end + end - context 'on Redhat platforms' do - let :facts do - @default_facts.merge({ :osfamily => 'RedHat', - :operatingsystemrelease => '7.1', - }) - end - - it_configures 'barbican::db' - + shared_examples_for 'barbican db on redhat' do context 'using pymysql driver' do let :params do { :database_connection => 'mysql+pymysql://barbican:barbican@localhost/barbican', } @@ -161,5 +154,26 @@ describe 'barbican::db' do end end + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge(OSDefaults.get_facts({ + :processorcount => 8, + :fqdn => 'some.host.tld', + :concat_basedir => '/var/lib/puppet/concat', + })) + end + + it_configures 'barbican::db' + + case facts[:osfamily] + when 'RedHat' + it_configures 'barbican db on redhat' + end + end + end + end diff --git a/spec/classes/barbican_keystone_notification_spec.rb b/spec/classes/barbican_keystone_notification_spec.rb index dfbc9b39..5b0a7bc4 100644 --- a/spec/classes/barbican_keystone_notification_spec.rb +++ b/spec/classes/barbican_keystone_notification_spec.rb @@ -21,57 +21,67 @@ require 'spec_helper' describe 'barbican::keystone::notification' do - let :facts do - @default_facts.merge( + shared_examples_for 'barbican keystone notification' do + + let :default_params do { - :osfamily => 'RedHat', - :os_workers => '7', + :enable_keystone_notification => '', + :keystone_notification_control_exchange => '', + :keystone_notification_topic => '', + :keystone_notification_allow_requeue => '', + :keystone_notification_thread_pool_size => '', } - ) - end + end - let :default_params do - { - :enable_keystone_notification => '', - :keystone_notification_control_exchange => '', - :keystone_notification_topic => '', - :keystone_notification_allow_requeue => '', - :keystone_notification_thread_pool_size => '', - } - end + [{}, + { + :enable_keystone_notification => true, + :keystone_notification_control_exchange => 'exchange_data', + :keystone_notification_topic => 'barbican', + :keystone_notification_allow_requeue => true, + :keystone_notification_thread_pool_size => 20, + } + ].each do |param_set| - [{}, - { - :enable_keystone_notification => true, - :keystone_notification_control_exchange => 'exchange_data', - :keystone_notification_topic => 'barbican', - :keystone_notification_allow_requeue => true, - :keystone_notification_thread_pool_size => 20, - } - ].each do |param_set| + describe "when #{param_set == {} ? "using default" : "specifying"} class parameters" do - describe "when #{param_set == {} ? "using default" : "specifying"} class parameters" do + let :param_hash do + default_params.merge(param_set) + end - let :param_hash do - default_params.merge(param_set) - end + let :params do + param_set + end - let :params do - param_set - end - - it 'is_expected.to set keystone notification parameters' do - is_expected.to contain_barbican_config('keystone_notifications/enable')\ - .with_value(param_hash[:enable_keystone_notification]) - is_expected.to contain_barbican_config('keystone_notifications/allow_requeue')\ - .with_value(param_hash[:keystone_notification_allow_requeue]) - is_expected.to contain_barbican_config('keystone_notifications/thread_pool_size')\ - .with_value(param_hash[:keystone_notification_thread_pool_size]) - is_expected.to contain_barbican_config('keystone_notifications/topic')\ - .with_value(param_hash[:keystone_notification_topic]) - is_expected.to contain_barbican_config('keystone_notifications/control_exchange')\ - .with_value(param_hash[:keystone_notification_control_exchange]) + it 'is_expected.to set keystone notification parameters' do + is_expected.to contain_barbican_config('keystone_notifications/enable')\ + .with_value(param_hash[:enable_keystone_notification]) + is_expected.to contain_barbican_config('keystone_notifications/allow_requeue')\ + .with_value(param_hash[:keystone_notification_allow_requeue]) + is_expected.to contain_barbican_config('keystone_notifications/thread_pool_size')\ + .with_value(param_hash[:keystone_notification_thread_pool_size]) + is_expected.to contain_barbican_config('keystone_notifications/topic')\ + .with_value(param_hash[:keystone_notification_topic]) + is_expected.to contain_barbican_config('keystone_notifications/control_exchange')\ + .with_value(param_hash[:keystone_notification_control_exchange]) + end end end end + + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge(OSDefaults.get_facts({ + :processorcount => 8, + :fqdn => 'some.host.tld', + :concat_basedir => '/var/lib/puppet/concat', + })) + end + + it_configures 'barbican keystone notification' + end + end end diff --git a/spec/classes/barbican_plugins_kmip_spec.rb b/spec/classes/barbican_plugins_kmip_spec.rb index c0ede4c9..e440b7ca 100644 --- a/spec/classes/barbican_plugins_kmip_spec.rb +++ b/spec/classes/barbican_plugins_kmip_spec.rb @@ -21,59 +21,68 @@ require 'spec_helper' describe 'barbican::plugins::kmip' do - let :facts do - @default_facts.merge( - { - :osfamily => 'RedHat', - :os_workers => '7', - } - ) - end + shared_examples_for 'barbican plugins kmip' do - describe 'with kmip plugin with username' do - let :params do - { - :kmip_plugin_username => 'kmip_user', - :kmip_plugin_password => 'kmip_password', - :kmip_plugin_host => 'kmip_host', - :kmip_plugin_port => 9000, - } + describe 'with kmip plugin with username' do + let :params do + { + :kmip_plugin_username => 'kmip_user', + :kmip_plugin_password => 'kmip_password', + :kmip_plugin_host => 'kmip_host', + :kmip_plugin_port => 9000, + } + end + + it 'is_expected.to set kmip parameters' do + is_expected.to contain_barbican_config('kmip_plugin/host')\ + .with_value(params[:kmip_plugin_host]) + is_expected.to contain_barbican_config('kmip_plugin/port')\ + .with_value(params[:kmip_plugin_port]) + is_expected.to contain_barbican_config('kmip_plugin/username')\ + .with_value(params[:kmip_plugin_username]) + is_expected.to contain_barbican_config('kmip_plugin/password')\ + .with_value(params[:kmip_plugin_password]) + end end - it 'is_expected.to set kmip parameters' do - is_expected.to contain_barbican_config('kmip_plugin/host')\ - .with_value(params[:kmip_plugin_host]) - is_expected.to contain_barbican_config('kmip_plugin/port')\ - .with_value(params[:kmip_plugin_port]) - is_expected.to contain_barbican_config('kmip_plugin/username')\ - .with_value(params[:kmip_plugin_username]) - is_expected.to contain_barbican_config('kmip_plugin/password')\ - .with_value(params[:kmip_plugin_password]) + describe 'with kmip plugin with certificate' do + let :params do + { + :kmip_plugin_keyfile => 'key_file', + :kmip_plugin_certfile => 'cert_file', + :kmip_plugin_ca_certs => 'ca_cert_file', + :kmip_plugin_host => 'kmip_host', + :kmip_plugin_port => 9000, + } + end + + it 'is_expected.to set kmip parameters' do + is_expected.to contain_barbican_config('kmip_plugin/keyfile')\ + .with_value(params[:kmip_plugin_keyfile]) + is_expected.to contain_barbican_config('kmip_plugin/certfile')\ + .with_value(params[:kmip_plugin_certfile]) + is_expected.to contain_barbican_config('kmip_plugin/ca_certs')\ + .with_value(params[:kmip_plugin_ca_certs]) + is_expected.to contain_barbican_config('kmip_plugin/host')\ + .with_value(params[:kmip_plugin_host]) + is_expected.to contain_barbican_config('kmip_plugin/port')\ + .with_value(params[:kmip_plugin_port]) + end end end + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge(OSDefaults.get_facts({ + :processorcount => 8, + :fqdn => 'some.host.tld', + :concat_basedir => '/var/lib/puppet/concat', + })) + end - describe 'with kmip plugin with certificate' do - let :params do - { - :kmip_plugin_keyfile => 'key_file', - :kmip_plugin_certfile => 'cert_file', - :kmip_plugin_ca_certs => 'ca_cert_file', - :kmip_plugin_host => 'kmip_host', - :kmip_plugin_port => 9000, - } - end - - it 'is_expected.to set kmip parameters' do - is_expected.to contain_barbican_config('kmip_plugin/keyfile')\ - .with_value(params[:kmip_plugin_keyfile]) - is_expected.to contain_barbican_config('kmip_plugin/certfile')\ - .with_value(params[:kmip_plugin_certfile]) - is_expected.to contain_barbican_config('kmip_plugin/ca_certs')\ - .with_value(params[:kmip_plugin_ca_certs]) - is_expected.to contain_barbican_config('kmip_plugin/host')\ - .with_value(params[:kmip_plugin_host]) - is_expected.to contain_barbican_config('kmip_plugin/port')\ - .with_value(params[:kmip_plugin_port]) + it_configures 'barbican plugins kmip' end end end diff --git a/spec/classes/barbican_plugins_p11_crypto_spec.rb b/spec/classes/barbican_plugins_p11_crypto_spec.rb index 7e5ff451..9c73a0fb 100644 --- a/spec/classes/barbican_plugins_p11_crypto_spec.rb +++ b/spec/classes/barbican_plugins_p11_crypto_spec.rb @@ -21,40 +21,49 @@ require 'spec_helper' describe 'barbican::plugins::p11_crypto' do - let :facts do - @default_facts.merge( - { - :osfamily => 'RedHat', - :os_workers => '7', - } - ) + shared_examples_for 'barbican plugins p11_crypto' do + describe 'with pk11 plugin' do + let :params do + { + :p11_crypto_plugin_login => 'p11_user', + :p11_crypto_plugin_mkek_label => 'mkek_label', + :p11_crypto_plugin_mkek_length => 32, + :p11_crypto_plugin_hmac_label => 'hmac_label', + :p11_crypto_plugin_slot_id => 1, + :p11_crypto_plugin_library_path => '/usr/lib/libCryptoki2_64.so', + } + end + + it 'is_expected.to set p11 parameters' do + is_expected.to contain_barbican_config('p11_crypto_plugin/login') \ + .with_value(params[:p11_crypto_plugin_login]) + is_expected.to contain_barbican_config('p11_crypto_plugin/mkek_label') \ + .with_value(params[:p11_crypto_plugin_mkek_label]) + is_expected.to contain_barbican_config('p11_crypto_plugin/mkek_length') \ + .with_value(params[:p11_crypto_plugin_mkek_length]) + is_expected.to contain_barbican_config('p11_crypto_plugin/hmac_label') \ + .with_value(params[:p11_crypto_plugin_hmac_label]) + is_expected.to contain_barbican_config('p11_crypto_plugin/slot_id') \ + .with_value(params[:p11_crypto_plugin_slot_id]) + is_expected.to contain_barbican_config('p11_crypto_plugin/library_path') \ + .with_value(params[:p11_crypto_plugin_library_path]) + end + end end - describe 'with pk11 plugin' do - let :params do - { - :p11_crypto_plugin_login => 'p11_user', - :p11_crypto_plugin_mkek_label => 'mkek_label', - :p11_crypto_plugin_mkek_length => 32, - :p11_crypto_plugin_hmac_label => 'hmac_label', - :p11_crypto_plugin_slot_id => 1, - :p11_crypto_plugin_library_path => '/usr/lib/libCryptoki2_64.so', - } - end + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge(OSDefaults.get_facts({ + :processorcount => 8, + :fqdn => 'some.host.tld', + :concat_basedir => '/var/lib/puppet/concat', + })) + end - it 'is_expected.to set p11 parameters' do - is_expected.to contain_barbican_config('p11_crypto_plugin/login') \ - .with_value(params[:p11_crypto_plugin_login]) - is_expected.to contain_barbican_config('p11_crypto_plugin/mkek_label') \ - .with_value(params[:p11_crypto_plugin_mkek_label]) - is_expected.to contain_barbican_config('p11_crypto_plugin/mkek_length') \ - .with_value(params[:p11_crypto_plugin_mkek_length]) - is_expected.to contain_barbican_config('p11_crypto_plugin/hmac_label') \ - .with_value(params[:p11_crypto_plugin_hmac_label]) - is_expected.to contain_barbican_config('p11_crypto_plugin/slot_id') \ - .with_value(params[:p11_crypto_plugin_slot_id]) - is_expected.to contain_barbican_config('p11_crypto_plugin/library_path') \ - .with_value(params[:p11_crypto_plugin_library_path]) + it_configures 'barbican plugins p11_crypto' end end end diff --git a/spec/classes/barbican_plugins_simple_crypto_spec.rb b/spec/classes/barbican_plugins_simple_crypto_spec.rb index 2f661b7e..689ae646 100644 --- a/spec/classes/barbican_plugins_simple_crypto_spec.rb +++ b/spec/classes/barbican_plugins_simple_crypto_spec.rb @@ -21,36 +21,45 @@ require 'spec_helper' describe 'barbican::plugins::simple_crypto' do - let :facts do - @default_facts.merge( - { - :osfamily => 'RedHat', - :os_workers => '7', - } - ) - end + shared_examples_for 'barbican plugins simple_crypto' do + describe 'with parameter passed into pk11 plugin' do + let :params do + { + :simple_crypto_plugin_kek => 'XXXXXXXXXXXXX' + } + end - describe 'with parameter passed into pk11 plugin' do - let :params do - { - :simple_crypto_plugin_kek => 'XXXXXXXXXXXXX' - } + it 'is_expected.to set simple_crypto parameters' do + is_expected.to contain_barbican_config('simple_crypto_plugin/kek') \ + .with_value(params[:simple_crypto_plugin_kek]) + end end - it 'is_expected.to set simple_crypto parameters' do - is_expected.to contain_barbican_config('simple_crypto_plugin/kek') \ - .with_value(params[:simple_crypto_plugin_kek]) + describe 'with no parameter passed into pk11 plugin' do + let :params do + {} + end + + it 'is_expected.to set default simple_crypto parameters' do + is_expected.to contain_barbican_config('simple_crypto_plugin/kek') \ + .with_value('') + end end end - describe 'with no parameter passed into pk11 plugin' do - let :params do - {} - end + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge(OSDefaults.get_facts({ + :processorcount => 8, + :fqdn => 'some.host.tld', + :concat_basedir => '/var/lib/puppet/concat', + })) + end - it 'is_expected.to set default simple_crypto parameters' do - is_expected.to contain_barbican_config('simple_crypto_plugin/kek') \ - .with_value('') + it_configures 'barbican plugins simple_crypto' end end end diff --git a/spec/classes/barbican_quota_spec.rb b/spec/classes/barbican_quota_spec.rb index e31306db..06dc3437 100644 --- a/spec/classes/barbican_quota_spec.rb +++ b/spec/classes/barbican_quota_spec.rb @@ -21,56 +21,65 @@ require 'spec_helper' describe 'barbican::quota' do - let :facts do - @default_facts.merge( + shared_examples_for 'barbican quota' do + let :default_params do { - :osfamily => 'RedHat', - :os_workers => '7', + :quota_secrets => '', + :quota_orders => '', + :quota_containers => '', + :quota_consumers => '', + :quota_cas => '', } - ) - end + end - let :default_params do - { - :quota_secrets => '', - :quota_orders => '', - :quota_containers => '', - :quota_consumers => '', - :quota_cas => '', - } - end + [{}, + { + :quota_secrets => 100, + :quota_orders => 100, + :quota_containers => 100, + :quota_consumers => 100, + :quota_cas => 10, + } + ].each do |param_set| - [{}, - { - :quota_secrets => 100, - :quota_orders => 100, - :quota_containers => 100, - :quota_consumers => 100, - :quota_cas => 10, - } - ].each do |param_set| + describe "when #{param_set == {} ? "using default" : "specifying"} class parameters" do - describe "when #{param_set == {} ? "using default" : "specifying"} class parameters" do + let :param_hash do + default_params.merge(param_set) + end - let :param_hash do - default_params.merge(param_set) - end + let :params do + param_set + end - let :params do - param_set - end - - it 'is_expected.to set quota parameters' do - [ - 'quota_secrets', - 'quota_orders', - 'quota_containers', - 'quota_consumers', - 'quota_cas', - ].each do |config| - is_expected.to contain_barbican_config("quotas/#{config}").with_value(param_hash[config.intern]) + it 'is_expected.to set quota parameters' do + [ + 'quota_secrets', + 'quota_orders', + 'quota_containers', + 'quota_consumers', + 'quota_cas', + ].each do |config| + is_expected.to contain_barbican_config("quotas/#{config}").with_value(param_hash[config.intern]) + end end end end end + + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge(OSDefaults.get_facts({ + :processorcount => 8, + :fqdn => 'some.host.tld', + :concat_basedir => '/var/lib/puppet/concat', + })) + end + + it_configures 'barbican quota' + end + end end diff --git a/spec/classes/barbican_wsgi_apache_spec.rb b/spec/classes/barbican_wsgi_apache_spec.rb index dd485b15..0f17983e 100644 --- a/spec/classes/barbican_wsgi_apache_spec.rb +++ b/spec/classes/barbican_wsgi_apache_spec.rb @@ -121,7 +121,7 @@ describe 'barbican::wsgi::apache' do { :httpd_service_name => 'apache2', :httpd_ports_file => '/etc/apache2/ports.conf', - :wsgi_script_path => '/var/www/cgi-bin/barbican', + :wsgi_script_path => '/usr/lib/cgi-bin/barbican', } when 'RedHat' {