openstack/puppet-keystone
Code Issues Proposed changes

Convert more to rspec-puppet-facts

Browse Source 
After this it's only the keystone init class and the
keystone ldap backend definition left.

puppet-keystone is the last module then everything
is using rspec-puppet-facts.

Change-Id: I3d22478a6d3f9feeacfa7d6ca9c728f9f9f2b361
This commit is contained in:
Tobias Urdin 2020-07-08 18:17:37 +02:00
parent 498aca15dd
commit 8f5c6835db
2 changed files with 216 additions and 172 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

183
spec/classes/keystone_federation_identity_provider_spec.rb
View File

@ -1,24 +1,20 @@
require 'spec_helper'
describe 'keystone::federation::identity_provider' do
let :pre_condition do
"class { 'keystone':
service_name => 'httpd',
enable_ssl=> true }"
end
let :params do
{ :user => 'keystone',
{
:user => 'keystone',
:certfile => '/etc/keystone/ssl/certs/signing_cert.pem',
:keyfile => '/etc/keystone/ssl/private/signing_key.pem',
:idp_entity_id => 'https://keystone.example.com/v3/OS-FEDERATION/saml2/idp',
:idp_sso_endpoint => 'https://keystone.example.com/v3/OS-FEDERATION/saml2/sso',
:idp_metadata_path => '/etc/keystone/saml2_idp_metadata.xml' }
:idp_metadata_path => '/etc/keystone/saml2_idp_metadata.xml'
}
end
let :optional_params do
{ :idp_organization_name => 'ExampleCompany',
{
:idp_organization_name => 'ExampleCompany',
:idp_organization_display_name => 'Example',
:idp_organization_url => 'www.example.com',
:idp_contact_company => 'someone',
@ -26,84 +22,113 @@ describe 'keystone::federation::identity_provider' do
:idp_contact_surname => 'surname',
:idp_contact_email => 'name@example.com',
:idp_contact_telephone => '+55000000000',
:idp_contact_type => 'other' }
:idp_contact_type => 'other'
}
end
shared_examples 'keystone federation identity provider' do
shared_examples 'keystone::federation::identity_provider' do
let :pre_condition do
"class { 'keystone':
service_name => 'httpd',
enable_ssl => true,
}"
end
it { is_expected.to contain_class('keystone::params') }
context 'with required params' do
it { is_expected.to contain_class('keystone::params') }
context 'keystone not running under apache' do
let :pre_condition do
"class { 'keystone':
service_name => 'keystone',
enable_ssl=> true }"
it { is_expected.to contain_package('xmlsec1').with(
:ensure => 'present',
)}
it { is_expected.to contain_package('python-pysaml2').with(
:ensure => 'present',
)}
it {
is_expected.to contain_keystone_config('saml/certfile').with_value(params[:certfile])
is_expected.to contain_keystone_config('saml/keyfile').with_value(params[:keyfile])
is_expected.to contain_keystone_config('saml/idp_entity_id').with_value(params[:idp_entity_id])
is_expected.to contain_keystone_config('saml/idp_sso_endpoint').with_value(params[:idp_sso_endpoint])
is_expected.to contain_keystone_config('saml/idp_metadata_path').with_value(params[:idp_metadata_path])
}
it { is_expected.to contain_exec('saml_idp_metadata').with(
:command => "keystone-manage saml_idp_metadata > #{params[:idp_metadata_path]}",
:creates => "#{params[:idp_metadata_path]}",
)}
it { is_expected.to contain_file("#{params[:idp_metadata_path]}").with(
:ensure => 'present',
:mode => '0600',
:owner => 'keystone',
)}
end
context 'with keystone optional params' do
before do
params.merge!(optional_params)
end
it_raises 'a Puppet::Error', /Keystone need to be running under Apache for Federation work./
it {
is_expected.to contain_keystone_config('saml/certfile').with_value(params[:certfile])
is_expected.to contain_keystone_config('saml/keyfile').with_value(params[:keyfile])
is_expected.to contain_keystone_config('saml/idp_entity_id').with_value(params[:idp_entity_id])
is_expected.to contain_keystone_config('saml/idp_sso_endpoint').with_value(params[:idp_sso_endpoint])
is_expected.to contain_keystone_config('saml/idp_metadata_path').with_value(params[:idp_metadata_path])
is_expected.to contain_keystone_config('saml/idp_organization_name').with_value(params[:idp_organization_name])
is_expected.to contain_keystone_config('saml/idp_organization_display_name').with_value(params[:idp_organization_display_name])
is_expected.to contain_keystone_config('saml/idp_organization_url').with_value(params[:idp_organization_url])
is_expected.to contain_keystone_config('saml/idp_contact_company').with_value(params[:idp_contact_company])
is_expected.to contain_keystone_config('saml/idp_contact_name').with_value(params[:idp_contact_name])
is_expected.to contain_keystone_config('saml/idp_contact_surname').with_value(params[:idp_contact_surname])
is_expected.to contain_keystone_config('saml/idp_contact_email').with_value(params[:idp_contact_email])
is_expected.to contain_keystone_config('saml/idp_contact_telephone').with_value(params[:idp_contact_telephone])
is_expected.to contain_keystone_config('saml/idp_contact_type').with_value(params[:idp_contact_type])
}
end
it 'should have' do
is_expected.to contain_package('xmlsec1').with(
:ensure => 'present',
)
is_expected.to contain_package('python-pysaml2').with(
:ensure => 'present',
)
context 'with invalid values for idp_contact_type' do
before do
params.merge!(:idp_contact_type => 'foobar')
end
it { is_expected.to raise_error(Puppet::Error, /Allowed values for idp_contact_type are: technical, support, administrative, billing and other/) }
end
it 'should configure keystone.conf' do
is_expected.to contain_keystone_config('saml/certfile').with_value(params[:certfile])
is_expected.to contain_keystone_config('saml/keyfile').with_value(params[:keyfile])
is_expected.to contain_keystone_config('saml/idp_entity_id').with_value(params[:idp_entity_id])
is_expected.to contain_keystone_config('saml/idp_sso_endpoint').with_value(params[:idp_sso_endpoint])
is_expected.to contain_keystone_config('saml/idp_metadata_path').with_value(params[:idp_metadata_path])
end
it { is_expected.to contain_exec('saml_idp_metadata').with(
:command => "keystone-manage saml_idp_metadata > #{params[:idp_metadata_path]}",
:creates => "#{params[:idp_metadata_path]}",
) }
it 'creates saml idp metadata file' do
is_expected.to contain_file("#{params[:idp_metadata_path]}").with(
:ensure => 'present',
:mode => '0600',
:owner => 'keystone',
)
end
context 'configure Keystone with optional params' do
before :each do
params.merge!(optional_params)
end
it 'should configure keystone.conf' do
is_expected.to contain_keystone_config('saml/certfile').with_value(params[:certfile])
is_expected.to contain_keystone_config('saml/keyfile').with_value(params[:keyfile])
is_expected.to contain_keystone_config('saml/idp_entity_id').with_value(params[:idp_entity_id])
is_expected.to contain_keystone_config('saml/idp_sso_endpoint').with_value(params[:idp_sso_endpoint])
is_expected.to contain_keystone_config('saml/idp_metadata_path').with_value(params[:idp_metadata_path])
is_expected.to contain_keystone_config('saml/idp_organization_name').with_value(params[:idp_organization_name])
is_expected.to contain_keystone_config('saml/idp_organization_display_name').with_value(params[:idp_organization_display_name])
is_expected.to contain_keystone_config('saml/idp_organization_url').with_value(params[:idp_organization_url])
is_expected.to contain_keystone_config('saml/idp_contact_company').with_value(params[:idp_contact_company])
is_expected.to contain_keystone_config('saml/idp_contact_name').with_value(params[:idp_contact_name])
is_expected.to contain_keystone_config('saml/idp_contact_surname').with_value(params[:idp_contact_surname])
is_expected.to contain_keystone_config('saml/idp_contact_email').with_value(params[:idp_contact_email])
is_expected.to contain_keystone_config('saml/idp_contact_telephone').with_value(params[:idp_contact_telephone])
is_expected.to contain_keystone_config('saml/idp_contact_type').with_value(params[:idp_contact_type])
end
end
context 'with invalid values for idp_contact_type' do
before do
params.merge!(:idp_contact_type => 'foobar')
end
it_raises 'a Puppet::Error', /Allowed values for idp_contact_type are: technical, support, administrative, billing and other/
end
end
shared_examples 'keystone::federation::identity_provider without Apache' do
let :pre_condition do
"class { 'keystone':
service_name => '#{platform_params[:keystone_service]}',
enable_ssl => true,
}"
end
context 'with default parameters' do
it { is_expected.to raise_error(Puppet::Error, /Keystone need to be running under Apache for Federation work./) }
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts())
end
let (:platform_params) do
if facts[:osfamily] == 'RedHat'
keystone_service = 'openstack-keystone'
else
keystone_service = 'keystone'
end
{ :keystone_service => keystone_service }
end
it_behaves_like 'keystone::federation::identity_provider'
it_behaves_like 'keystone::federation::identity_provider without Apache'
end
end
end

205
spec/classes/keystone_ldap_spec.rb
View File

@ -1,7 +1,7 @@
require 'spec_helper'
describe 'keystone::ldap' do
describe 'with basic params' do
shared_examples 'keystone::ldap' do
let :params do
{
:url => 'ldap://foo',
@ -81,109 +81,128 @@ describe 'keystone::ldap' do
:auth_pool_connection_lifetime => 200,
}
end
it { is_expected.to contain_package('python-ldappool') }
it 'should have basic params' do
# basic params
is_expected.to contain_keystone_config('ldap/url').with_value('ldap://foo')
is_expected.to contain_keystone_config('ldap/user').with_value('cn=foo,dc=example,dc=com')
is_expected.to contain_keystone_config('ldap/password').with_value('abcdefg').with_secret(true)
is_expected.to contain_keystone_config('ldap/suffix').with_value('dc=example,dc=com')
is_expected.to contain_keystone_config('ldap/query_scope').with_value('sub')
is_expected.to contain_keystone_config('ldap/page_size').with_value('50')
# users
is_expected.to contain_keystone_config('ldap/user_tree_dn').with_value('cn=users,dc=example,dc=com')
is_expected.to contain_keystone_config('ldap/user_filter').with_value('(memberOf=cn=openstack,cn=groups,cn=accounts,dc=example,dc=com)')
is_expected.to contain_keystone_config('ldap/user_objectclass').with_value('inetUser')
is_expected.to contain_keystone_config('ldap/user_id_attribute').with_value('uid')
is_expected.to contain_keystone_config('ldap/user_name_attribute').with_value('cn')
is_expected.to contain_keystone_config('ldap/user_description_attribute').with_value('description')
is_expected.to contain_keystone_config('ldap/user_mail_attribute').with_value('mail')
is_expected.to contain_keystone_config('ldap/user_enabled_attribute').with_value('UserAccountControl')
is_expected.to contain_keystone_config('ldap/user_enabled_mask').with_value('2')
is_expected.to contain_keystone_config('ldap/user_enabled_default').with_value('512')
is_expected.to contain_keystone_config('ldap/user_enabled_invert').with_value('False')
is_expected.to contain_keystone_config('ldap/user_attribute_ignore').with_value('')
is_expected.to contain_keystone_config('ldap/user_default_project_id_attribute').with_value('defaultProject')
is_expected.to contain_keystone_config('ldap/user_tree_dn').with_value('cn=users,dc=example,dc=com')
is_expected.to contain_keystone_config('ldap/user_pass_attribute').with_value('krbPassword')
is_expected.to contain_keystone_config('ldap/user_enabled_emulation').with_value('True')
is_expected.to contain_keystone_config('ldap/user_enabled_emulation_dn').with_value('cn=openstack-enabled,cn=groups,cn=accounts,dc=example,dc=com')
is_expected.to contain_keystone_config('ldap/user_additional_attribute_mapping').with_value('description:name, gecos:name')
context 'with parameters' do
it { is_expected.to contain_package('python-ldappool') }
# projects
is_expected.to contain_keystone_config('ldap/project_tree_dn').with_value('ou=projects,ou=openstack,dc=example,dc=com')
is_expected.to contain_keystone_config('ldap/project_filter').with_value('')
is_expected.to contain_keystone_config('ldap/project_objectclass').with_value('organizationalUnit')
is_expected.to contain_keystone_config('ldap/project_id_attribute').with_value('ou')
is_expected.to contain_keystone_config('ldap/project_member_attribute').with_value('member')
is_expected.to contain_keystone_config('ldap/project_desc_attribute').with_value('description')
is_expected.to contain_keystone_config('ldap/project_name_attribute').with_value('ou')
is_expected.to contain_keystone_config('ldap/project_enabled_attribute').with_value('enabled')
is_expected.to contain_keystone_config('ldap/project_domain_id_attribute').with_value('businessCategory')
is_expected.to contain_keystone_config('ldap/project_attribute_ignore').with_value('')
is_expected.to contain_keystone_config('ldap/project_allow_create').with_value('True')
is_expected.to contain_keystone_config('ldap/project_allow_update').with_value('True')
is_expected.to contain_keystone_config('ldap/project_allow_delete').with_value('True')
is_expected.to contain_keystone_config('ldap/project_enabled_emulation').with_value('False')
is_expected.to contain_keystone_config('ldap/project_enabled_emulation_dn').with_value('True')
is_expected.to contain_keystone_config('ldap/project_additional_attribute_mapping').with_value('cn=enabled,ou=openstack,dc=example,dc=com')
it {
is_expected.to contain_keystone_config('ldap/url').with_value('ldap://foo')
is_expected.to contain_keystone_config('ldap/user').with_value('cn=foo,dc=example,dc=com')
is_expected.to contain_keystone_config('ldap/password').with_value('abcdefg').with_secret(true)
is_expected.to contain_keystone_config('ldap/suffix').with_value('dc=example,dc=com')
is_expected.to contain_keystone_config('ldap/query_scope').with_value('sub')
is_expected.to contain_keystone_config('ldap/page_size').with_value('50')
}
# roles
is_expected.to contain_keystone_config('ldap/role_tree_dn').with_value('ou=roles,ou=openstack,dc=example,dc=com')
is_expected.to contain_keystone_config('ldap/role_filter').with_value('')
is_expected.to contain_keystone_config('ldap/role_objectclass').with_value('organizationalRole')
is_expected.to contain_keystone_config('ldap/role_id_attribute').with_value('cn')
is_expected.to contain_keystone_config('ldap/role_name_attribute').with_value('ou')
is_expected.to contain_keystone_config('ldap/role_member_attribute').with_value('roleOccupant')
is_expected.to contain_keystone_config('ldap/role_attribute_ignore').with_value('description')
is_expected.to contain_keystone_config('ldap/role_allow_create').with_value('True')
is_expected.to contain_keystone_config('ldap/role_allow_update').with_value('True')
is_expected.to contain_keystone_config('ldap/role_allow_delete').with_value('True')
is_expected.to contain_keystone_config('ldap/role_additional_attribute_mapping').with_value('')
it {
is_expected.to contain_keystone_config('ldap/user_tree_dn').with_value('cn=users,dc=example,dc=com')
is_expected.to contain_keystone_config('ldap/user_filter').with_value('(memberOf=cn=openstack,cn=groups,cn=accounts,dc=example,dc=com)')
is_expected.to contain_keystone_config('ldap/user_objectclass').with_value('inetUser')
is_expected.to contain_keystone_config('ldap/user_id_attribute').with_value('uid')
is_expected.to contain_keystone_config('ldap/user_name_attribute').with_value('cn')
is_expected.to contain_keystone_config('ldap/user_description_attribute').with_value('description')
is_expected.to contain_keystone_config('ldap/user_mail_attribute').with_value('mail')
is_expected.to contain_keystone_config('ldap/user_enabled_attribute').with_value('UserAccountControl')
is_expected.to contain_keystone_config('ldap/user_enabled_mask').with_value('2')
is_expected.to contain_keystone_config('ldap/user_enabled_default').with_value('512')
is_expected.to contain_keystone_config('ldap/user_enabled_invert').with_value('False')
is_expected.to contain_keystone_config('ldap/user_attribute_ignore').with_value('')
is_expected.to contain_keystone_config('ldap/user_default_project_id_attribute').with_value('defaultProject')
is_expected.to contain_keystone_config('ldap/user_tree_dn').with_value('cn=users,dc=example,dc=com')
is_expected.to contain_keystone_config('ldap/user_pass_attribute').with_value('krbPassword')
is_expected.to contain_keystone_config('ldap/user_enabled_emulation').with_value('True')
is_expected.to contain_keystone_config('ldap/user_enabled_emulation_dn').with_value('cn=openstack-enabled,cn=groups,cn=accounts,dc=example,dc=com')
is_expected.to contain_keystone_config('ldap/user_additional_attribute_mapping').with_value('description:name, gecos:name')
}
# groups
is_expected.to contain_keystone_config('ldap/group_tree_dn').with_value('ou=groups,ou=openstack,dc=example,dc=com')
is_expected.to contain_keystone_config('ldap/group_filter').with_value('cn=enabled-groups,cn=groups,cn=accounts,dc=example,dc=com')
is_expected.to contain_keystone_config('ldap/group_objectclass').with_value('organizationalRole')
is_expected.to contain_keystone_config('ldap/group_id_attribute').with_value('cn')
is_expected.to contain_keystone_config('ldap/group_member_attribute').with_value('roleOccupant')
is_expected.to contain_keystone_config('ldap/group_members_are_ids').with_value('True')
is_expected.to contain_keystone_config('ldap/group_desc_attribute').with_value('description')
is_expected.to contain_keystone_config('ldap/group_name_attribute').with_value('cn')
is_expected.to contain_keystone_config('ldap/group_attribute_ignore').with_value('')
is_expected.to contain_keystone_config('ldap/group_additional_attribute_mapping').with_value('')
it {
is_expected.to contain_keystone_config('ldap/project_tree_dn').with_value('ou=projects,ou=openstack,dc=example,dc=com')
is_expected.to contain_keystone_config('ldap/project_filter').with_value('')
is_expected.to contain_keystone_config('ldap/project_objectclass').with_value('organizationalUnit')
is_expected.to contain_keystone_config('ldap/project_id_attribute').with_value('ou')
is_expected.to contain_keystone_config('ldap/project_member_attribute').with_value('member')
is_expected.to contain_keystone_config('ldap/project_desc_attribute').with_value('description')
is_expected.to contain_keystone_config('ldap/project_name_attribute').with_value('ou')
is_expected.to contain_keystone_config('ldap/project_enabled_attribute').with_value('enabled')
is_expected.to contain_keystone_config('ldap/project_domain_id_attribute').with_value('businessCategory')
is_expected.to contain_keystone_config('ldap/project_attribute_ignore').with_value('')
is_expected.to contain_keystone_config('ldap/project_allow_create').with_value('True')
is_expected.to contain_keystone_config('ldap/project_allow_update').with_value('True')
is_expected.to contain_keystone_config('ldap/project_allow_delete').with_value('True')
is_expected.to contain_keystone_config('ldap/project_enabled_emulation').with_value('False')
is_expected.to contain_keystone_config('ldap/project_enabled_emulation_dn').with_value('True')
is_expected.to contain_keystone_config('ldap/project_additional_attribute_mapping').with_value('cn=enabled,ou=openstack,dc=example,dc=com')
}
# referrals
is_expected.to contain_keystone_config('ldap/chase_referrals').with_value('False')
it {
is_expected.to contain_keystone_config('ldap/role_tree_dn').with_value('ou=roles,ou=openstack,dc=example,dc=com')
is_expected.to contain_keystone_config('ldap/role_filter').with_value('')
is_expected.to contain_keystone_config('ldap/role_objectclass').with_value('organizationalRole')
is_expected.to contain_keystone_config('ldap/role_id_attribute').with_value('cn')
is_expected.to contain_keystone_config('ldap/role_name_attribute').with_value('ou')
is_expected.to contain_keystone_config('ldap/role_member_attribute').with_value('roleOccupant')
is_expected.to contain_keystone_config('ldap/role_attribute_ignore').with_value('description')
is_expected.to contain_keystone_config('ldap/role_allow_create').with_value('True')
is_expected.to contain_keystone_config('ldap/role_allow_update').with_value('True')
is_expected.to contain_keystone_config('ldap/role_allow_delete').with_value('True')
is_expected.to contain_keystone_config('ldap/role_additional_attribute_mapping').with_value('')
}
# tls
is_expected.to contain_keystone_config('ldap/use_tls').with_value('False')
is_expected.to contain_keystone_config('ldap/tls_cacertdir').with_value('/etc/ssl/certs/')
is_expected.to contain_keystone_config('ldap/tls_cacertfile').with_value('/etc/ssl/certs/ca-certificates.crt')
is_expected.to contain_keystone_config('ldap/tls_req_cert').with_value('demand')
it {
is_expected.to contain_keystone_config('ldap/group_tree_dn').with_value('ou=groups,ou=openstack,dc=example,dc=com')
is_expected.to contain_keystone_config('ldap/group_filter').with_value('cn=enabled-groups,cn=groups,cn=accounts,dc=example,dc=com')
is_expected.to contain_keystone_config('ldap/group_objectclass').with_value('organizationalRole')
is_expected.to contain_keystone_config('ldap/group_id_attribute').with_value('cn')
is_expected.to contain_keystone_config('ldap/group_member_attribute').with_value('roleOccupant')
is_expected.to contain_keystone_config('ldap/group_members_are_ids').with_value('True')
is_expected.to contain_keystone_config('ldap/group_desc_attribute').with_value('description')
is_expected.to contain_keystone_config('ldap/group_name_attribute').with_value('cn')
is_expected.to contain_keystone_config('ldap/group_attribute_ignore').with_value('')
is_expected.to contain_keystone_config('ldap/group_additional_attribute_mapping').with_value('')
}
# ldap pooling
is_expected.to contain_keystone_config('ldap/use_pool').with_value('True')
is_expected.to contain_keystone_config('ldap/pool_size').with_value('20')
is_expected.to contain_keystone_config('ldap/pool_retry_max').with_value('2')
is_expected.to contain_keystone_config('ldap/pool_retry_delay').with_value('0.2')
is_expected.to contain_keystone_config('ldap/pool_connection_timeout').with_value('222')
is_expected.to contain_keystone_config('ldap/pool_connection_lifetime').with_value('222')
is_expected.to contain_keystone_config('ldap/use_auth_pool').with_value('True')
is_expected.to contain_keystone_config('ldap/auth_pool_size').with_value('20')
is_expected.to contain_keystone_config('ldap/auth_pool_connection_lifetime').with_value('200')
it { is_expected.to contain_keystone_config('ldap/chase_referrals').with_value('False') }
# drivers
is_expected.to contain_keystone_config('identity/driver').with_value('ldap')
it {
is_expected.to contain_keystone_config('ldap/use_tls').with_value('False')
is_expected.to contain_keystone_config('ldap/tls_cacertdir').with_value('/etc/ssl/certs/')
is_expected.to contain_keystone_config('ldap/tls_cacertfile').with_value('/etc/ssl/certs/ca-certificates.crt')
is_expected.to contain_keystone_config('ldap/tls_req_cert').with_value('demand')
}
it {
is_expected.to contain_keystone_config('ldap/use_pool').with_value('True')
is_expected.to contain_keystone_config('ldap/pool_size').with_value('20')
is_expected.to contain_keystone_config('ldap/pool_retry_max').with_value('2')
is_expected.to contain_keystone_config('ldap/pool_retry_delay').with_value('0.2')
is_expected.to contain_keystone_config('ldap/pool_connection_timeout').with_value('222')
is_expected.to contain_keystone_config('ldap/pool_connection_lifetime').with_value('222')
is_expected.to contain_keystone_config('ldap/use_auth_pool').with_value('True')
is_expected.to contain_keystone_config('ldap/auth_pool_size').with_value('20')
is_expected.to contain_keystone_config('ldap/auth_pool_connection_lifetime').with_value('200')
}
it { is_expected.to contain_keystone_config('identity/driver').with_value('ldap') }
end
end
describe 'with packages unmanaged' do
let :params do
{ :manage_packages => false }
end
context 'with manage_packages set to false' do
before do
params.merge!( :manage_packages => false )
end
it { is_expected.to_not contain_package('python-ldappool') }
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts())
end
it_behaves_like 'keystone::ldap'
end
end
end