From f89a8d1f0627d1ff76b0ebfb8c5acdc91e8025cc Mon Sep 17 00:00:00 2001 From: Christian Klein Date: Thu, 9 Apr 2020 12:03:20 +0200 Subject: [PATCH 1/3] (MODULES-10586) Centos 8: wrong package used to install mod_ldap Enhance spec/classes/mod/authnz_ldap_spec.rb unit tests Expand the RHEL tests to ensure that the 'mod_authnz_ldap' pkg is present on versions >= 7 and 'mod_ldap' is present on all other versions. An acceptance test executing against an actual RHEL instance will be the only way to catch any divergence in package names in the future. The unit tests will need to be updated with that change. There seems to be more effort required to get this running against all supported OSs. This was beyond the scope of this PR. Add acceptance test to ensure correct authnz_ldap pkg is installed Fix typos and nesting issues in mod_authnz_ldap_spec.rb Restrict mod_authnz_ldap_spec.rb tests to RHEL 7.x, 8.x Apply suggestions from code review Co-authored-by: Ewoud Kohl van Wijngaarden Fix authnz_ldap_spec.rb test expectations Some additional cleanup and filtering of scenarios too. Move filtering rule to context block --- manifests/params.pp | 1 + spec/acceptance/mod_authnz_ldap_spec.rb | 21 ++++++ spec/classes/mod/authnz_ldap_spec.rb | 89 +++++++++++++------------ 3 files changed, 68 insertions(+), 43 deletions(-) create mode 100644 spec/acceptance/mod_authnz_ldap_spec.rb diff --git a/manifests/params.pp b/manifests/params.pp index 545268256f..1e068d188f 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -210,6 +210,7 @@ 'auth_openidc' => 'mod_auth_openidc', 'authnz_ldap' => $::apache::version::distrelease ? { '7' => 'mod_ldap', + '8' => 'mod_ldap', default => 'mod_authz_ldap', }, 'authnz_pam' => 'mod_authnz_pam', diff --git a/spec/acceptance/mod_authnz_ldap_spec.rb b/spec/acceptance/mod_authnz_ldap_spec.rb new file mode 100644 index 0000000000..3face66ffb --- /dev/null +++ b/spec/acceptance/mod_authnz_ldap_spec.rb @@ -0,0 +1,21 @@ +require 'spec_helper_acceptance' +apache_hash = apache_settings_hash + +# We need to restrict this test to RHEL 7.x, 8.x derived OSs as there are too many unique +# dependency issues to solve on all supported platforms. +describe 'apache::mod_authnz_ldap', if: os[:family] == 'redhat' && os[:release].to_i > 6 do + context 'Default mod_authnz_ldap module installation' do + pp = <<-MANIFEST + class { 'apache': } + class { 'apache::mod::authnz_ldap': } + MANIFEST + + it 'succeeds in installing the mod_authnz_ldap module' do + apply_manifest(pp, catch_failures: true) + end + + describe file("#{apache_hash['mod_dir']}/authnz_ldap.load") do + it { is_expected.to contain 'mod_authnz_ldap.so' } + end + end +end diff --git a/spec/classes/mod/authnz_ldap_spec.rb b/spec/classes/mod/authnz_ldap_spec.rb index a48b1ad208..baa76dc237 100644 --- a/spec/classes/mod/authnz_ldap_spec.rb +++ b/spec/classes/mod/authnz_ldap_spec.rb @@ -41,50 +41,53 @@ end # Debian context 'default configuration with parameters on a RedHat OS' do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '6', - id: 'root', - kernel: 'Linux', - operatingsystem: 'RedHat', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_class('apache::mod::ldap') } - it { is_expected.to contain_apache__mod('authnz_ldap') } - - context 'default verify_server_cert' do - it { is_expected.to contain_file('authnz_ldap.conf').with_content(%r{^LDAPVerifyServerCert On$}) } - end - - context 'verify_server_cert = false' do - let(:params) { { verify_server_cert: false } } - - it { is_expected.to contain_file('authnz_ldap.conf').with_content(%r{^LDAPVerifyServerCert Off$}) } - end - - context 'verify_server_cert = wrong' do - let(:params) { { verify_server_cert: 'wrong' } } - - it 'raises an error' do - expect { is_expected.to raise_error Puppet::Error } + on_supported_os.each do |os, os_facts| + next unless os.start_with?('redhat') + context "On #{os}" do + let :facts do + os_facts + end + + it { is_expected.to contain_class('apache::params') } + it { is_expected.to contain_class('apache::mod::ldap') } + it { is_expected.to contain_apache__mod('authnz_ldap') } + + if os_facts[:operatingsystemmajrelease].to_i >= 7 + it { is_expected.to contain_package('mod_ldap') } + else + it { is_expected.to contain_package('mod_authz_ldap') } + end + + context 'default verify_server_cert' do + it { is_expected.to contain_file('authnz_ldap.conf').with_content(%r{^LDAPVerifyServerCert On$}) } + end + + context 'verify_server_cert = false' do + let(:params) { { verify_server_cert: false } } + + it { is_expected.to contain_file('authnz_ldap.conf').with_content(%r{^LDAPVerifyServerCert Off$}) } + end + + context 'verify_server_cert = wrong' do + let(:params) { { verify_server_cert: 'wrong' } } + + it 'raises an error' do + expect { is_expected.to raise_error Puppet::Error } + end + end + + context 'SCL', if: (os_facts[:operatingsystemmajrelease].to_i >= 6 && os_facts[:operatingsystemmajrelease].to_i < 8) do + let(:pre_condition) do + "class { 'apache::version': + scl_httpd_version => '2.4', + scl_php_version => '7.0', + } + include apache" + end + + it { is_expected.to contain_package('httpd24-mod_ldap') } + end end end - - context 'SCL' do - let(:pre_condition) do - "class { 'apache::version': - scl_httpd_version => '2.4', - scl_php_version => '7.0', - } - include apache" - end - - it { is_expected.to contain_package('httpd24-mod_ldap') } - end end # Redhat end From a20cf03eadeae418ccf2f742d496bef7ae4140ed Mon Sep 17 00:00:00 2001 From: Ciaran McCrisken Date: Mon, 29 Jun 2020 22:44:28 +0100 Subject: [PATCH 2/3] (IAC-790) Enable Oracle Linux 7 Optional Repo for mod_authnz_ldap_spec.rb --- spec/acceptance/mod_authnz_ldap_spec.rb | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/spec/acceptance/mod_authnz_ldap_spec.rb b/spec/acceptance/mod_authnz_ldap_spec.rb index 3face66ffb..1bb5f824e4 100644 --- a/spec/acceptance/mod_authnz_ldap_spec.rb +++ b/spec/acceptance/mod_authnz_ldap_spec.rb @@ -5,10 +5,24 @@ # dependency issues to solve on all supported platforms. describe 'apache::mod_authnz_ldap', if: os[:family] == 'redhat' && os[:release].to_i > 6 do context 'Default mod_authnz_ldap module installation' do - pp = <<-MANIFEST + pp = if run_shell("grep 'Oracle Linux Server' /etc/os-release", expect_failures: true).exit_status == 0 + <<-MANIFEST + yumrepo { 'ol7_optional_latest': + name => 'ol7_optional_latest', + baseurl => 'https://yum.oracle.com/repo/OracleLinux/OL7/optional/latest/x86_64/', + gpgkey => 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle', + gpgcheck => 1, + enabled => 1, + } class { 'apache': } class { 'apache::mod::authnz_ldap': } MANIFEST + else + <<-MANIFEST + class { 'apache': } + class { 'apache::mod::authnz_ldap': } + MANIFEST + end it 'succeeds in installing the mod_authnz_ldap module' do apply_manifest(pp, catch_failures: true) From 0c1fada8c4af9917f761255d5d52a286c93b5bbd Mon Sep 17 00:00:00 2001 From: Ciaran McCrisken Date: Mon, 29 Jun 2020 22:55:45 +0100 Subject: [PATCH 3/3] (IAC-790) Enable EPEL repo for mod_authnz_ldap_spec.rb --- spec/acceptance/mod_authnz_ldap_spec.rb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/spec/acceptance/mod_authnz_ldap_spec.rb b/spec/acceptance/mod_authnz_ldap_spec.rb index 1bb5f824e4..2dd235d6bd 100644 --- a/spec/acceptance/mod_authnz_ldap_spec.rb +++ b/spec/acceptance/mod_authnz_ldap_spec.rb @@ -19,6 +19,9 @@ class { 'apache::mod::authnz_ldap': } MANIFEST else <<-MANIFEST + package { 'epel-release': + ensure => present, + } class { 'apache': } class { 'apache::mod::authnz_ldap': } MANIFEST