Convert more to rspec-puppet-facts
After this it's only the keystone init class and the keystone ldap backend definition left. puppet-keystone is the last module then everything is using rspec-puppet-facts. Change-Id: I3d22478a6d3f9feeacfa7d6ca9c728f9f9f2b361
This commit is contained in:
parent
498aca15dd
commit
8f5c6835db
@ -1,24 +1,20 @@
|
||||
require 'spec_helper'
|
||||
|
||||
describe 'keystone::federation::identity_provider' do
|
||||
|
||||
let :pre_condition do
|
||||
"class { 'keystone':
|
||||
service_name => 'httpd',
|
||||
enable_ssl=> true }"
|
||||
end
|
||||
|
||||
let :params do
|
||||
{ :user => 'keystone',
|
||||
{
|
||||
:user => 'keystone',
|
||||
:certfile => '/etc/keystone/ssl/certs/signing_cert.pem',
|
||||
:keyfile => '/etc/keystone/ssl/private/signing_key.pem',
|
||||
:idp_entity_id => 'https://keystone.example.com/v3/OS-FEDERATION/saml2/idp',
|
||||
:idp_sso_endpoint => 'https://keystone.example.com/v3/OS-FEDERATION/saml2/sso',
|
||||
:idp_metadata_path => '/etc/keystone/saml2_idp_metadata.xml' }
|
||||
:idp_metadata_path => '/etc/keystone/saml2_idp_metadata.xml'
|
||||
}
|
||||
end
|
||||
|
||||
let :optional_params do
|
||||
{ :idp_organization_name => 'ExampleCompany',
|
||||
{
|
||||
:idp_organization_name => 'ExampleCompany',
|
||||
:idp_organization_display_name => 'Example',
|
||||
:idp_organization_url => 'www.example.com',
|
||||
:idp_contact_company => 'someone',
|
||||
@ -26,59 +22,55 @@ describe 'keystone::federation::identity_provider' do
|
||||
:idp_contact_surname => 'surname',
|
||||
:idp_contact_email => 'name@example.com',
|
||||
:idp_contact_telephone => '+55000000000',
|
||||
:idp_contact_type => 'other' }
|
||||
:idp_contact_type => 'other'
|
||||
}
|
||||
end
|
||||
|
||||
shared_examples 'keystone federation identity provider' do
|
||||
|
||||
it { is_expected.to contain_class('keystone::params') }
|
||||
|
||||
context 'keystone not running under apache' do
|
||||
shared_examples 'keystone::federation::identity_provider' do
|
||||
let :pre_condition do
|
||||
"class { 'keystone':
|
||||
service_name => 'keystone',
|
||||
enable_ssl=> true }"
|
||||
service_name => 'httpd',
|
||||
enable_ssl => true,
|
||||
}"
|
||||
end
|
||||
|
||||
it_raises 'a Puppet::Error', /Keystone need to be running under Apache for Federation work./
|
||||
end
|
||||
context 'with required params' do
|
||||
it { is_expected.to contain_class('keystone::params') }
|
||||
|
||||
it 'should have' do
|
||||
is_expected.to contain_package('xmlsec1').with(
|
||||
it { is_expected.to contain_package('xmlsec1').with(
|
||||
:ensure => 'present',
|
||||
)
|
||||
is_expected.to contain_package('python-pysaml2').with(
|
||||
:ensure => 'present',
|
||||
)
|
||||
end
|
||||
)}
|
||||
|
||||
it 'should configure keystone.conf' do
|
||||
it { is_expected.to contain_package('python-pysaml2').with(
|
||||
:ensure => 'present',
|
||||
)}
|
||||
|
||||
it {
|
||||
is_expected.to contain_keystone_config('saml/certfile').with_value(params[:certfile])
|
||||
is_expected.to contain_keystone_config('saml/keyfile').with_value(params[:keyfile])
|
||||
is_expected.to contain_keystone_config('saml/idp_entity_id').with_value(params[:idp_entity_id])
|
||||
is_expected.to contain_keystone_config('saml/idp_sso_endpoint').with_value(params[:idp_sso_endpoint])
|
||||
is_expected.to contain_keystone_config('saml/idp_metadata_path').with_value(params[:idp_metadata_path])
|
||||
end
|
||||
}
|
||||
|
||||
it { is_expected.to contain_exec('saml_idp_metadata').with(
|
||||
:command => "keystone-manage saml_idp_metadata > #{params[:idp_metadata_path]}",
|
||||
:creates => "#{params[:idp_metadata_path]}",
|
||||
) }
|
||||
)}
|
||||
|
||||
it 'creates saml idp metadata file' do
|
||||
is_expected.to contain_file("#{params[:idp_metadata_path]}").with(
|
||||
it { is_expected.to contain_file("#{params[:idp_metadata_path]}").with(
|
||||
:ensure => 'present',
|
||||
:mode => '0600',
|
||||
:owner => 'keystone',
|
||||
)
|
||||
)}
|
||||
end
|
||||
|
||||
context 'configure Keystone with optional params' do
|
||||
before :each do
|
||||
context 'with keystone optional params' do
|
||||
before do
|
||||
params.merge!(optional_params)
|
||||
end
|
||||
|
||||
it 'should configure keystone.conf' do
|
||||
it {
|
||||
is_expected.to contain_keystone_config('saml/certfile').with_value(params[:certfile])
|
||||
is_expected.to contain_keystone_config('saml/keyfile').with_value(params[:keyfile])
|
||||
is_expected.to contain_keystone_config('saml/idp_entity_id').with_value(params[:idp_entity_id])
|
||||
@ -93,7 +85,7 @@ describe 'keystone::federation::identity_provider' do
|
||||
is_expected.to contain_keystone_config('saml/idp_contact_email').with_value(params[:idp_contact_email])
|
||||
is_expected.to contain_keystone_config('saml/idp_contact_telephone').with_value(params[:idp_contact_telephone])
|
||||
is_expected.to contain_keystone_config('saml/idp_contact_type').with_value(params[:idp_contact_type])
|
||||
end
|
||||
}
|
||||
end
|
||||
|
||||
context 'with invalid values for idp_contact_type' do
|
||||
@ -101,9 +93,42 @@ describe 'keystone::federation::identity_provider' do
|
||||
params.merge!(:idp_contact_type => 'foobar')
|
||||
end
|
||||
|
||||
it_raises 'a Puppet::Error', /Allowed values for idp_contact_type are: technical, support, administrative, billing and other/
|
||||
it { is_expected.to raise_error(Puppet::Error, /Allowed values for idp_contact_type are: technical, support, administrative, billing and other/) }
|
||||
end
|
||||
end
|
||||
|
||||
shared_examples 'keystone::federation::identity_provider without Apache' do
|
||||
let :pre_condition do
|
||||
"class { 'keystone':
|
||||
service_name => '#{platform_params[:keystone_service]}',
|
||||
enable_ssl => true,
|
||||
}"
|
||||
end
|
||||
|
||||
context 'with default parameters' do
|
||||
it { is_expected.to raise_error(Puppet::Error, /Keystone need to be running under Apache for Federation work./) }
|
||||
end
|
||||
end
|
||||
|
||||
on_supported_os({
|
||||
:supported_os => OSDefaults.get_supported_os
|
||||
}).each do |os,facts|
|
||||
context "on #{os}" do
|
||||
let (:facts) do
|
||||
facts.merge!(OSDefaults.get_facts())
|
||||
end
|
||||
|
||||
let (:platform_params) do
|
||||
if facts[:osfamily] == 'RedHat'
|
||||
keystone_service = 'openstack-keystone'
|
||||
else
|
||||
keystone_service = 'keystone'
|
||||
end
|
||||
{ :keystone_service => keystone_service }
|
||||
end
|
||||
|
||||
it_behaves_like 'keystone::federation::identity_provider'
|
||||
it_behaves_like 'keystone::federation::identity_provider without Apache'
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -1,7 +1,7 @@
|
||||
require 'spec_helper'
|
||||
|
||||
describe 'keystone::ldap' do
|
||||
describe 'with basic params' do
|
||||
shared_examples 'keystone::ldap' do
|
||||
let :params do
|
||||
{
|
||||
:url => 'ldap://foo',
|
||||
@ -81,17 +81,20 @@ describe 'keystone::ldap' do
|
||||
:auth_pool_connection_lifetime => 200,
|
||||
}
|
||||
end
|
||||
|
||||
context 'with parameters' do
|
||||
it { is_expected.to contain_package('python-ldappool') }
|
||||
it 'should have basic params' do
|
||||
# basic params
|
||||
|
||||
it {
|
||||
is_expected.to contain_keystone_config('ldap/url').with_value('ldap://foo')
|
||||
is_expected.to contain_keystone_config('ldap/user').with_value('cn=foo,dc=example,dc=com')
|
||||
is_expected.to contain_keystone_config('ldap/password').with_value('abcdefg').with_secret(true)
|
||||
is_expected.to contain_keystone_config('ldap/suffix').with_value('dc=example,dc=com')
|
||||
is_expected.to contain_keystone_config('ldap/query_scope').with_value('sub')
|
||||
is_expected.to contain_keystone_config('ldap/page_size').with_value('50')
|
||||
}
|
||||
|
||||
# users
|
||||
it {
|
||||
is_expected.to contain_keystone_config('ldap/user_tree_dn').with_value('cn=users,dc=example,dc=com')
|
||||
is_expected.to contain_keystone_config('ldap/user_filter').with_value('(memberOf=cn=openstack,cn=groups,cn=accounts,dc=example,dc=com)')
|
||||
is_expected.to contain_keystone_config('ldap/user_objectclass').with_value('inetUser')
|
||||
@ -110,8 +113,9 @@ describe 'keystone::ldap' do
|
||||
is_expected.to contain_keystone_config('ldap/user_enabled_emulation').with_value('True')
|
||||
is_expected.to contain_keystone_config('ldap/user_enabled_emulation_dn').with_value('cn=openstack-enabled,cn=groups,cn=accounts,dc=example,dc=com')
|
||||
is_expected.to contain_keystone_config('ldap/user_additional_attribute_mapping').with_value('description:name, gecos:name')
|
||||
}
|
||||
|
||||
# projects
|
||||
it {
|
||||
is_expected.to contain_keystone_config('ldap/project_tree_dn').with_value('ou=projects,ou=openstack,dc=example,dc=com')
|
||||
is_expected.to contain_keystone_config('ldap/project_filter').with_value('')
|
||||
is_expected.to contain_keystone_config('ldap/project_objectclass').with_value('organizationalUnit')
|
||||
@ -128,8 +132,9 @@ describe 'keystone::ldap' do
|
||||
is_expected.to contain_keystone_config('ldap/project_enabled_emulation').with_value('False')
|
||||
is_expected.to contain_keystone_config('ldap/project_enabled_emulation_dn').with_value('True')
|
||||
is_expected.to contain_keystone_config('ldap/project_additional_attribute_mapping').with_value('cn=enabled,ou=openstack,dc=example,dc=com')
|
||||
}
|
||||
|
||||
# roles
|
||||
it {
|
||||
is_expected.to contain_keystone_config('ldap/role_tree_dn').with_value('ou=roles,ou=openstack,dc=example,dc=com')
|
||||
is_expected.to contain_keystone_config('ldap/role_filter').with_value('')
|
||||
is_expected.to contain_keystone_config('ldap/role_objectclass').with_value('organizationalRole')
|
||||
@ -141,8 +146,9 @@ describe 'keystone::ldap' do
|
||||
is_expected.to contain_keystone_config('ldap/role_allow_update').with_value('True')
|
||||
is_expected.to contain_keystone_config('ldap/role_allow_delete').with_value('True')
|
||||
is_expected.to contain_keystone_config('ldap/role_additional_attribute_mapping').with_value('')
|
||||
}
|
||||
|
||||
# groups
|
||||
it {
|
||||
is_expected.to contain_keystone_config('ldap/group_tree_dn').with_value('ou=groups,ou=openstack,dc=example,dc=com')
|
||||
is_expected.to contain_keystone_config('ldap/group_filter').with_value('cn=enabled-groups,cn=groups,cn=accounts,dc=example,dc=com')
|
||||
is_expected.to contain_keystone_config('ldap/group_objectclass').with_value('organizationalRole')
|
||||
@ -153,17 +159,18 @@ describe 'keystone::ldap' do
|
||||
is_expected.to contain_keystone_config('ldap/group_name_attribute').with_value('cn')
|
||||
is_expected.to contain_keystone_config('ldap/group_attribute_ignore').with_value('')
|
||||
is_expected.to contain_keystone_config('ldap/group_additional_attribute_mapping').with_value('')
|
||||
}
|
||||
|
||||
# referrals
|
||||
is_expected.to contain_keystone_config('ldap/chase_referrals').with_value('False')
|
||||
it { is_expected.to contain_keystone_config('ldap/chase_referrals').with_value('False') }
|
||||
|
||||
# tls
|
||||
it {
|
||||
is_expected.to contain_keystone_config('ldap/use_tls').with_value('False')
|
||||
is_expected.to contain_keystone_config('ldap/tls_cacertdir').with_value('/etc/ssl/certs/')
|
||||
is_expected.to contain_keystone_config('ldap/tls_cacertfile').with_value('/etc/ssl/certs/ca-certificates.crt')
|
||||
is_expected.to contain_keystone_config('ldap/tls_req_cert').with_value('demand')
|
||||
}
|
||||
|
||||
# ldap pooling
|
||||
it {
|
||||
is_expected.to contain_keystone_config('ldap/use_pool').with_value('True')
|
||||
is_expected.to contain_keystone_config('ldap/pool_size').with_value('20')
|
||||
is_expected.to contain_keystone_config('ldap/pool_retry_max').with_value('2')
|
||||
@ -173,17 +180,29 @@ describe 'keystone::ldap' do
|
||||
is_expected.to contain_keystone_config('ldap/use_auth_pool').with_value('True')
|
||||
is_expected.to contain_keystone_config('ldap/auth_pool_size').with_value('20')
|
||||
is_expected.to contain_keystone_config('ldap/auth_pool_connection_lifetime').with_value('200')
|
||||
}
|
||||
|
||||
# drivers
|
||||
is_expected.to contain_keystone_config('identity/driver').with_value('ldap')
|
||||
end
|
||||
it { is_expected.to contain_keystone_config('identity/driver').with_value('ldap') }
|
||||
end
|
||||
|
||||
describe 'with packages unmanaged' do
|
||||
let :params do
|
||||
{ :manage_packages => false }
|
||||
context 'with manage_packages set to false' do
|
||||
before do
|
||||
params.merge!( :manage_packages => false )
|
||||
end
|
||||
|
||||
it { is_expected.to_not contain_package('python-ldappool') }
|
||||
end
|
||||
end
|
||||
|
||||
on_supported_os({
|
||||
:supported_os => OSDefaults.get_supported_os
|
||||
}).each do |os,facts|
|
||||
context "on #{os}" do
|
||||
let (:facts) do
|
||||
facts.merge!(OSDefaults.get_facts())
|
||||
end
|
||||
|
||||
it_behaves_like 'keystone::ldap'
|
||||
end
|
||||
end
|
||||
end
|
||||
|
Loading…
Reference in New Issue
Block a user