Fix shibboleth tests

This patch basically rewrites the shibboleth unit tests. The previous version was not properly running the invalid parameters cases and the cases for installing under Red Hat were not properly being exercised. Change-Id: Id578980cae370ad46187ea2ced0ae8dada1ef3ee Closes-Bug: #1667866
2017-02-27 11:20:35 -07:00 · 2017-02-27 11:20:35 -07:00 · d369e3ab0f
commit d369e3ab0f
parent b0ee2426c2
1 changed files with 155 additions and 50 deletions
--- a/spec/classes/keystone_federation_shibboleth_spec.rb
+++ b/spec/classes/keystone_federation_shibboleth_spec.rb
@ -1,7 +1,6 @@
 require 'spec_helper'

 describe 'keystone::federation::shibboleth' do
-
  let(:pre_condition) do
    <<-EOS
    include apache
@ -10,91 +9,197 @@ describe 'keystone::federation::shibboleth' do
    EOS
  end

-  let :params do
-    { :methods => 'password, token, saml2',
-      :template_order => 331
-     }
+  let :default_params do
+    {
+      :methods => 'password, token, saml2',
+      :template_order => 331,
+    }
  end

-
-  describe 'with invalid params' do
-    before do
-      params.merge!(:methods => 'external, password, token, oauth1')
-      it_raises 'a Puppet::Error', /The external method should be dropped to avoid any interference with some Apache + Shibboleth SP setups, where a REMOTE_USER env variable is always set, even as an empty value./
+  shared_examples 'keystone::federation::shibboleth with invalid parameters' do
+    context 'external method' do
+      let (:params) { default_params.merge(:methods => ['external']) }
+      it_raises 'a Puppet::Error', /The external method/
    end

-    before do
-      params.merge!(:methods => 'password, token, oauth1')
+    context 'method missing saml2' do
+      let (:params) { default_params.merge(:methods => ['password', 'token', 'oauth1']) }
      it_raises 'a Puppet::Error', /Methods should contain saml2 as one of the auth methods./
    end

-    before do
-      params.merge!(:methods       => 'password, token, oauth1, saml2',
-                    :module_plugin => 'keystone.auth.plugins')
-      it_raises 'a Puppet:Error', /The plugin for saml and shibboleth should be keystone.auth.plugins.mapped.Mapped/
+    context 'wrong plugin' do
+      let (:params) { default_params.merge(:methods => ['password', 'token', 'oauth1', 'saml2'],
+                    :module_plugin => 'keystone.auth.plugins') }
+      it_raises 'a Puppet::Error', /The plugin for saml and shibboleth should be keystone.auth.plugins.mapped.Mapped/
    end

-    before do
-      params.merge!(:admin_port => false,
-                    :main_port  => false)
-      it_raises 'a Puppet:Error', /No VirtualHost port to configure, please choose at least one./
+    context 'no ports' do
+      let (:params) { default_params.merge(:admin_port => false,
+                    :main_port  => false) }
+      it_raises 'a Puppet::Error', /No VirtualHost port to configure, please choose at least one./
    end

-    before do
-      params.merge!(:template_port => 330)
-      it_raises 'a Puppet:Error', /The template order should be greater than 330 and less than 999./
+    context 'template port too low' do
+      let(:params) { default_params.merge(:template_order => 330) }
+      it_raises 'a Puppet::Error', /The template order should be greater than 330 and less than 999./
    end

-    before do
-      params.merge!(:template_port => 999)
-      it_raises 'a Puppet:Error', /The template order should be greater than 330 and less than 999./
+    context 'template port too high' do
+      let(:params) { default_params.merge(:template_order => 999) }
+      it_raises 'a Puppet::Error', /The template order should be greater than 330 and less than 999./
    end
  end

-  shared_examples 'Federation Shibboleth' do
+  shared_examples 'keystone::federation::shibboleth' do
+    let(:pre_condition) do
+      <<-EOS
+      include apache
+
+      class { 'keystone::wsgi::apache': }
+      EOS
+    end
+
+
    context 'with only required parameters' do
+      let (:params) { default_params }
      it 'should have basic params for shibboleth in Keystone configuration' do
        is_expected.to contain_keystone_config('auth/methods').with_value('password, token, saml2')
        is_expected.to contain_keystone_config('auth/saml2').with_value('keystone.auth.plugins.mapped.Mapped')
      end
-
-      it { is_expected.to contain_concat__fragment('configure_shibboleth_on_port_5000').with({
-        :target => "10-keystone_wsgi_main.conf",
-        :order  => params[:template_order],
-      })}
    end

    context 'with override default parameters' do
-       before do
-         params.merge!({
-          :admin_port => true })
-      end
+      let (:params) { default_params.merge({
+        :methods => ['password', 'token', 'saml2', 'somethingelse'],
+      }) }

      it 'should have basic params for shibboleth in Keystone configuration' do
-        is_expected.to contain_keystone_config('auth/methods').with_value('password, token, saml2')
-        is_expected.to contain_keystone_config('auth/saml2').with_value('keystone.auth.plugins.mapped.Mapped')
+        is_expected.to contain_keystone_config('auth/methods').with_value('password,token,saml2,somethingelse')
+      end
+    end
+  end
+
+  shared_examples 'keystone::federation::shibboleth on RedHat' do
+    context 'with shibboleth package' do
+      let(:pre_condition) do
+        <<-EOS
+        include apache
+
+        package { 'shibboleth': ensure => present }
+        class { 'keystone::wsgi::apache': }
+        EOS
      end

-      it { is_expected.to contain_class('apache::mod::shib') }
+      context 'with defaults' do

+        let (:params) { default_params }
+
+        it { is_expected.to contain_apache__mod('shib2') }
+        it { is_expected.to contain_concat__fragment('configure_shibboleth_on_port_5000').with({
+          :target => "10-keystone_wsgi_main.conf",
+          :order  => params[:template_order],
+        })}
+      end
+      context 'with overrides' do
+        let (:params) { default_params.merge({
+          :admin_port => true,
+          :template_order => 332
+        }) }
+
+        it { is_expected.to contain_keystone_config('auth/methods').with_value('password, token, saml2') }
+        it {is_expected.to contain_keystone_config('auth/saml2').with_value('keystone.auth.plugins.mapped.Mapped') }
+        it {
+          is_expected.to contain_concat__fragment('configure_shibboleth_on_port_35357').with({
+            :target => "10-keystone_wsgi_admin.conf",
+            :order  => params[:template_order],
+          })
+        }
+      end
+    end
+
+
+    context 'with shibboleth repo' do
+      let(:pre_condition) do
+        <<-EOS
+        include apache
+
+        yumrepo { 'shibboleth': ensure => present }
+        class { 'keystone::wsgi::apache': }
+        EOS
+      end
+
+      context 'with defaults' do
+        let (:params) { default_params }
+
+        it { is_expected.to contain_apache__mod('shib2') }
+        it { is_expected.to contain_concat__fragment('configure_shibboleth_on_port_5000').with({
+          :target => "10-keystone_wsgi_main.conf",
+          :order  => params[:template_order],
+        })}
+      end
+      context 'with overrides' do
+        let (:params) { default_params.merge({
+          :admin_port => true,
+          :template_order => 332
+        }) }
+
+        it { is_expected.to contain_keystone_config('auth/methods').with_value('password, token, saml2') }
+        it { is_expected.to contain_keystone_config('auth/saml2').with_value('keystone.auth.plugins.mapped.Mapped') }
+        it {
+          is_expected.to contain_concat__fragment('configure_shibboleth_on_port_35357').with({
+            :target => "10-keystone_wsgi_admin.conf",
+            :order  => params[:template_order],
+          })
+        }
+      end
+
+    end
+
+    context 'without repo or package' do
+      context 'with defaults' do
+        let (:params) { default_params }
+        it { is_expected.to_not contain_apache__mod('shib2') }
+        it { is_expected.to_not contain_concat__fragment('configure_shibboleth_on_port_5000') }
+      end
+
+      context 'with overrides' do
+        let (:params) { default_params.merge({
+          :admin_port => true,
+          :template_order => 332
+        }) }
+
+        it { is_expected.to contain_keystone_config('auth/methods').with_value('password, token, saml2') }
+        it { is_expected.to contain_keystone_config('auth/saml2').with_value('keystone.auth.plugins.mapped.Mapped') }
+        it { is_expected.to_not contain_concat__fragment('configure_shibboleth_on_port_35357') }
+      end
+    end
+  end
+
+  shared_examples 'keystone::federation::shibboleth on Debian' do
+    context 'with defaults' do
+      let (:params) { default_params }
+
+      it { is_expected.to contain_apache__mod('shib2') }
      it { is_expected.to contain_concat__fragment('configure_shibboleth_on_port_5000').with({
-        :target => "10-keystone_wsgi_main.conf",
-        :order  => params[:template_order],
-      })}
+         :target => "10-keystone_wsgi_main.conf",
+         :order  => params[:template_order],
+       })}

-      it { is_expected.to contain_concat__fragment('configure_shibboleth_on_port_35357').with({
-        :target => "10-keystone_wsgi_admin.conf",
-        :order  => params[:template_order],
-      })}
    end
  end

  on_supported_os({
  }).each do |os,facts|
-    let (:facts) do
-      facts.merge!(OSDefaults.get_facts({}))
-    end
+    context "on #{os}" do
+      let (:facts) do
+        facts.merge(OSDefaults.get_facts({
+          :concat_basedir => '/var/lib/puppet/concat'
+        }))
+      end

-    it_behaves_like 'Federation Shibboleth'
+      it_behaves_like 'keystone::federation::shibboleth'
+      it_behaves_like 'keystone::federation::shibboleth with invalid parameters'
+      it_behaves_like "keystone::federation::shibboleth on #{facts[:osfamily]}"
+    end
  end
 end