7def56f92f
This converts some more testing to rspec-puppet-facts so there is only these three missing now until done: * keystone_init_spec.rb * keystone_federation_identity_provider_spec.rb * keystone_ldap_spec.rb Also does cleanup of some formatting for documentation and testing specs. Change-Id: Ifd74aa8cedf630d98f9e12ab276300409a68eecd
57 lines
3.2 KiB
Ruby
57 lines
3.2 KiB
Ruby
require 'spec_helper'
|
|
|
|
describe 'keystone::security_compliance' do
|
|
shared_examples 'keystone security_compliance' do
|
|
it 'should configure security compliance defaults' do
|
|
is_expected.to contain_keystone_config('security_compliance/change_password_upon_first_use').with_value('<SERVICE DEFAULT>')
|
|
is_expected.to contain_keystone_config('security_compliance/disable_user_account_days_inactive').with_value('<SERVICE DEFAULT>')
|
|
is_expected.to contain_keystone_config('security_compliance/lockout_duration').with_value('<SERVICE DEFAULT>')
|
|
is_expected.to contain_keystone_config('security_compliance/lockout_failure_attempts').with_value('<SERVICE DEFAULT>')
|
|
is_expected.to contain_keystone_config('security_compliance/minimum_password_age').with_value('<SERVICE DEFAULT>')
|
|
is_expected.to contain_keystone_config('security_compliance/password_expires_days').with_value('<SERVICE DEFAULT>')
|
|
is_expected.to contain_keystone_config('security_compliance/password_regex').with_value('<SERVICE DEFAULT>')
|
|
is_expected.to contain_keystone_config('security_compliance/password_regex_description').with_value('<SERVICE DEFAULT>')
|
|
is_expected.to contain_keystone_config('security_compliance/unique_last_password_count').with_value('<SERVICE DEFAULT>')
|
|
end
|
|
|
|
context 'with specific params' do
|
|
let :params do
|
|
{
|
|
:change_password_upon_first_use => true,
|
|
:disable_user_account_days_inactive => 1,
|
|
:lockout_duration => 2,
|
|
:lockout_failure_attempts => 3,
|
|
:minimum_password_age => 4,
|
|
:password_expires_days => 5,
|
|
:password_regex => 'SomeRegex',
|
|
:password_regex_description => 'this is some regex',
|
|
:unique_last_password_count => 6,
|
|
}
|
|
end
|
|
it 'should have configure security compliance with params' do
|
|
is_expected.to contain_keystone_config('security_compliance/change_password_upon_first_use').with_value(true)
|
|
is_expected.to contain_keystone_config('security_compliance/disable_user_account_days_inactive').with_value(1)
|
|
is_expected.to contain_keystone_config('security_compliance/lockout_duration').with_value(2)
|
|
is_expected.to contain_keystone_config('security_compliance/lockout_failure_attempts').with_value(3)
|
|
is_expected.to contain_keystone_config('security_compliance/minimum_password_age').with_value(4)
|
|
is_expected.to contain_keystone_config('security_compliance/password_expires_days').with_value(5)
|
|
is_expected.to contain_keystone_config('security_compliance/password_regex').with_value('SomeRegex')
|
|
is_expected.to contain_keystone_config('security_compliance/password_regex_description').with_value('this is some regex')
|
|
is_expected.to contain_keystone_config('security_compliance/unique_last_password_count').with_value(6)
|
|
end
|
|
end
|
|
end
|
|
|
|
on_supported_os({
|
|
:supported_os => OSDefaults.get_supported_os
|
|
}).each do |os,facts|
|
|
context "on #{os}" do
|
|
let (:facts) do
|
|
facts.merge!(OSDefaults.get_facts())
|
|
end
|
|
|
|
it_behaves_like 'keystone security_compliance'
|
|
end
|
|
end
|
|
end
|