# # Copyright (C) 2016 Red Hat Inc. # # Author: Ade Lee # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Unit tests for barbican::api class # require 'spec_helper' describe 'barbican::api' do let :facts do @default_facts.merge( OSDefaults.get_facts({ :osfamily => 'RedHat', :processorcount => '7', }) ) end let :default_params do { :bind_host => '0.0.0.0', :bind_port => '9311', :rpc_backend => 'rabbit', :rabbit_host => '', :rabbit_hosts => [''], :rabbit_password => '', :rabbit_port => '', :rabbit_userid => '', :rabbit_virtual_host => '', :rabbit_use_ssl => '', :rabbit_heartbeat_timeout_threshold => '', :rabbit_heartbeat_rate => '', :rabbit_ha_queues => '', :amqp_durable_queues => '', :max_allowed_secret_in_bytes => '', :max_allowed_request_size_in_bytes => '', :enable_queue => '', :queue_namespace => '', :queue_topic => '', :queue_version => '', :queue_server_name => '', :kombu_ssl_ca_certs => '', :kombu_ssl_certfile => '', :kombu_ssl_keyfile => '', :kombu_ssl_version => '', :kombu_reconnect_delay => '', :manage_service => true, :enabled => true, :enabled_secretstore_plugins => [''], :enabled_crypto_plugins => [''], :enabled_certificate_plugins => [''], :enabled_certificate_event_plugins => [''], :auth_strategy => 'keystone', :retry_scheduler_initial_delay_seconds => '', :retry_scheduler_periodic_interval_max_seconds => '', } end [{ :bind_host => '127.0.0.1', :bind_port => '9312', :rpc_backend => 'rabbit', :rabbit_host => 'rabbithost', :rabbit_hosts => ['rabbithost:1234'], :rabbit_password => 'bugs_bunny', :rabbit_port => '1234', :rabbit_userid => 'bugs', :rabbit_virtual_host => 'rabbithost', :rabbit_use_ssl => true, :rabbit_heartbeat_timeout_threshold => '10', :rabbit_heartbeat_rate => '10', :rabbit_ha_queues => true, :amqp_durable_queues => true, :enable_queue => true, :queue_namespace => 'barbican1', :queue_topic => 'barbican1.workers', :queue_version => '1.2', :queue_server_name => 'barbican1.queue', :manage_service => true, :enabled => false, :kombu_ssl_ca_certs => 'path_to_certs', :kombu_ssl_certfile => 'path_to_certfile', :kombu_ssl_keyfile => 'path_to_keyfile', :kombu_ssl_version => '1.2', :kombu_reconnect_delay => '10', :enabled_secretstore_plugins => ['dogtag_crypto', 'store_crypto', 'kmip'], :enabled_crypto_plugins => ['simple_crypto'], :enabled_certificate_plugins => ['simple_certificate', 'dogtag'], :enabled_certificate_event_plugins => ['simple_certificate_event', 'foo_event'], :retry_scheduler_initial_delay_seconds => 20.0, :retry_scheduler_periodic_interval_max_seconds => 20.0, :max_allowed_secret_in_bytes => 20000, :max_allowed_request_size_in_bytes => 2000000, } ].each do |param_set| describe "when #{param_set == {} ? "using default" : "specifying"} class parameters" do let :pre_condition do 'class { "barbican::keystone::authtoken": password => "secret", }' end let :param_hash do default_params.merge(param_set) end let :params do param_set end let :host_ref do "http://${::fqdn}:$param_hash[:bind_port]" end it { is_expected.to contain_class 'barbican::api::logging' } it { is_expected.to contain_class 'barbican::db' } it { is_expected.to contain_service('barbican-api').with( 'ensure' => (param_hash[:manage_service] && param_hash[:enabled]) ? 'running': 'stopped', 'enable' => param_hash[:enabled], 'hasstatus' => true, 'hasrestart' => true, 'tag' => 'barbican-service', ) } it 'is_expected.to set default parameters' do [ 'bind_host', 'bind_port', 'max_allowed_secret_in_bytes', 'max_allowed_request_size_in_bytes', ].each do |config| is_expected.to contain_barbican_config("DEFAULT/#{config}").with_value(param_hash[config.intern]) end end it 'configures queue' do is_expected.to contain_barbican_config('queue/enable').with_value(param_hash[:enable_queue]) is_expected.to contain_barbican_config('queue/namespace').with_value(param_hash[:queue_namespace]) is_expected.to contain_barbican_config('queue/topic').with_value(param_hash[:queue_topic]) is_expected.to contain_barbican_config('queue/version').with_value(param_hash[:queue_version]) is_expected.to contain_barbican_config('queue/server_name').with_value(param_hash[:queue_server_name]) end it 'configures rabbit' do is_expected.to contain_barbican_config('DEFAULT/rpc_backend').with_value(param_hash[:rpc_backend]) is_expected.to contain_barbican_config('oslo_messaging_rabbit/rabbit_hosts').with_value(param_hash[:rabbit_hosts]) is_expected.to contain_barbican_config('oslo_messaging_rabbit/rabbit_password').with_value(param_hash[:rabbit_password]).with_secret(true) is_expected.to contain_barbican_config('oslo_messaging_rabbit/rabbit_userid').with_value(param_hash[:rabbit_userid]) is_expected.to contain_barbican_config('oslo_messaging_rabbit/rabbit_virtual_host').with_value(param_hash[:rabbit_virtual_host]) is_expected.to contain_barbican_config('oslo_messaging_rabbit/heartbeat_timeout_threshold').with_value(param_hash[:rabbit_heartbeat_timeout_threshold]) is_expected.to contain_barbican_config('oslo_messaging_rabbit/heartbeat_rate').with_value(param_hash[:rabbit_heartbeat_rate]) end it 'configures kombu certs' do is_expected.to contain_barbican_config('oslo_messaging_rabbit/kombu_ssl_ca_certs').with_value(param_hash[:kombu_ssl_ca_certs]) is_expected.to contain_barbican_config('oslo_messaging_rabbit/kombu_ssl_certfile').with_value(param_hash[:kombu_ssl_certfile]) is_expected.to contain_barbican_config('oslo_messaging_rabbit/kombu_ssl_keyfile').with_value(param_hash[:kombu_ssl_keyfile]) is_expected.to contain_barbican_config('oslo_messaging_rabbit/kombu_ssl_version').with_value(param_hash[:kombu_ssl_version]) is_expected.to contain_barbican_config('oslo_messaging_rabbit/kombu_reconnect_delay').with_value(param_hash[:kombu_reconnect_delay]) end it 'configures enabled plugins' do is_expected.to contain_barbican_config('secretstore/enabled_secretstore_plugins') \ .with_value(param_hash[:enabled_secretstore_plugins]) is_expected.to contain_barbican_config('crypto/enabled_crypto_plugins') \ .with_value(param_hash[:enabled_crypto_plugins]) is_expected.to contain_barbican_config('certificate/enabled_certificate_plugins') \ .with_value(param_hash[:enabled_certificate_plugins]) is_expected.to contain_barbican_config('certificate_event/enabled_certificate_event_plugins') \ .with_value(param_hash[:enabled_certificate_event_plugins]) end end end describe 'with SSL socket options set' do let :pre_condition do 'class { "barbican::keystone::authtoken": password => "secret", }' end let :params do { :use_ssl => true, :cert_file => '/path/to/cert', :ca_file => '/path/to/ca', :key_file => '/path/to/key', } end it { is_expected.to contain_barbican_config('DEFAULT/ca_file').with_value('/path/to/ca') } it { is_expected.to contain_barbican_config('DEFAULT/cert_file').with_value('/path/to/cert') } it { is_expected.to contain_barbican_config('DEFAULT/key_file').with_value('/path/to/key') } end describe 'with SSL socket options left by default' do let :pre_condition do 'class { "barbican::keystone::authtoken": password => "secret", }' end let :params do { :use_ssl => false, } end it { is_expected.to contain_barbican_config('DEFAULT/ca_file').with_value('') } it { is_expected.to contain_barbican_config('DEFAULT/cert_file').with_value('') } it { is_expected.to contain_barbican_config('DEFAULT/key_file').with_value('') } end describe 'with SSL socket options set wrongly configured' do let :pre_condition do 'class { "barbican::keystone::authtoken": password => "secret", }' end let :params do { :use_ssl => true, :ca_file => '/path/to/ca', :key_file => '/path/to/key', } end it_raises 'a Puppet::Error', /The cert_file parameter is required when use_ssl is set to true/ end describe 'with keystone auth' do let :pre_condition do 'class { "barbican::keystone::authtoken": password => "secret", }' end let :params do { :auth_strategy => 'keystone', } end it 'is_expected.to set keystone params correctly' do is_expected.to contain_barbican_api_paste_ini('pipeline:barbican_api/pipeline')\ .with_value('cors authtoken context apiapp') is_expected.to contain_class('barbican::keystone::authtoken') end end describe 'with disabled service managing' do let :params do { :manage_service => false, :enabled => false, :auth_strategy => 'None', } end it { is_expected.to contain_service('barbican-api').with( 'ensure' => nil, 'enable' => false, 'hasstatus' => true, 'hasrestart' => true, 'tag' => 'barbican-service', ) } end describe 'on RedHat platforms' do let :pre_condition do 'class { "barbican::keystone::authtoken": password => "secret", }' end let :facts do OSDefaults.get_facts({ :osfamily => 'RedHat', :operatingsystemrelease => '7', }) end let(:params) { default_params } it { is_expected.to contain_package('barbican-api').with( :tag => ['openstack', 'barbican-package'], )} end describe 'on unknown platforms' do let :facts do OSDefaults.get_facts({ :osfamily => 'unknown' }) end let(:params) { default_params } it_raises 'a Puppet::Error', /Unsupported osfamily/ end end