diff --git a/.gitignore b/.gitignore index 811e77a6b..e48ead054 100644 --- a/.gitignore +++ b/.gitignore @@ -1,10 +1,6 @@ -pkg/ +.*.sw? +pkg +spec/fixtures +.rspec_system +.vagrant Gemfile.lock -vendor/ -spec/fixtures/ -.vagrant/ -.bundle/ -coverage/ -*.iml -.idea/ -log/ diff --git a/.rubocop.yml b/.rubocop.yml new file mode 100644 index 000000000..ba4bd48f5 --- /dev/null +++ b/.rubocop.yml @@ -0,0 +1,51 @@ +AllCops: + Exclude: + - vendor/**/* + - pkg/**/* + - spec/fixtures/**/* + +# Configuration parameters: AllowURI, URISchemes. +Metrics/LineLength: + Max: 328 + +# 'Complexity' is very relative +Metrics/PerceivedComplexity: + Enabled: false + +# 'Complexity' is very relative +Metrics/CyclomaticComplexity: + Enabled: false + +# 'Complexity' is very relative +Metrics/AbcSize: + Enabled: false + +# Method length is not necessarily an indicator of code quality +Metrics/MethodLength: + Enabled: false + +# Class length is not necessarily an indicator of code quality +Metrics/ClassLength: + Enabled: false + +# dealbreaker: +Style/TrailingComma: + Enabled: false +Style/ClosingParenthesisIndentation: + Enabled: false + +# we still support ruby 1.8 +Style/HashSyntax: + Enabled: false + +Lint/AmbiguousRegexpLiteral: + Enabled: true +Style/RegexpLiteral: + Enabled: true +Style/WordArray: + Enabled: true + +# this catches the cases of using `module` for parser functions, types, or +# providers +Style/ClassAndModuleChildren: + Enabled: false diff --git a/.travis.yml b/.travis.yml index 0ccdfd251..3d8e5cf24 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,23 +1,32 @@ +--- notifications: email: false -language: ruby -bundler_args: --without development system_tests sudo: false +language: ruby +cache: bundler +bundler_args: --without system_tests +addons: + apt: + packages: + - libaugeas-dev before_install: rm Gemfile.lock || true -script: bundle exec rake test +script: + - 'bundle exec rake $CHECK' matrix: + fast_finish: true include: - - rvm: 1.8.7 - env: PUPPET_GEM_VERSION="~> 3.0" FACTER_GEM_VERSION="~> 1.7.0" - rvm: 1.9.3 - env: PUPPET_GEM_VERSION="~> 3.0" - - rvm: 2.0.0 - env: PUPPET_GEM_VERSION="~> 3.0" - - rvm: 2.0.0 - env: PUPPET_GEM_VERSION="~> 3.0" FUTURE_PARSER="yes" - - rvm: 2.1.0 - env: PUPPET_GEM_VERSION="~> 3.0" STRICT_VARIABLES=yes FUTURE_PARSER="yes" - + env: PUPPET_VERSION="~> 3.4" CHECK=test + - rvm: 1.9.3 + env: PUPPET_VERSION="~> 3.0" STRICT_VARIABLES="yes" CHECK=test + - rvm: 2.1.6 + env: PUPPET_VERSION="~> 3.0" STRICT_VARIABLES="yes" CHECK=test + - rvm: 2.1.6 + env: PUPPET_VERSION="~> 4.0" STRICT_VARIABLES="yes" CHECK=test + - rvm: 2.2.3 + env: PUPPET_VERSION="~> 4.0" STRICT_VARIABLES="yes" CHECK=test + - rvm: 2.2.3 + env: PUPPET_VERSION="~> 4.0" STRICT_VARIABLES="yes" CHECK=rubocop deploy: provider: puppetforge user: puppet diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index e1288478a..34ebfff09 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,234 +1,83 @@ -Checklist (and a short version for the impatient) -================================================= +This module has grown over time based on a range of contributions from +people using it. If you follow these contributing guidelines your patch +will likely make it into a release a little quicker. - * Commits: - - Make commits of logical units. +## Contributing - - Check for unnecessary whitespace with "git diff --check" before - committing. +1. Fork the repo. - - Commit using Unix line endings (check the settings around "crlf" in - git-config(1)). +1. Create a separate branch for your change. - - Do not check in commented out code or unneeded files. +1. Run the tests. We only take pull requests with passing tests, and + documentation. - - The first line of the commit message should be a short - description (50 characters is the soft limit, excluding ticket - number(s)), and should skip the full stop. +1. Add a test for your change. Only refactoring and documentation + changes require no new tests. If you are adding functionality + or fixing a bug, please add a test. - - Associate the issue in the message. The first line should include - the issue number in the form "(#XXXX) Rest of message". +1. Squash your commits down into logical components. Make sure to rebase + against the current master. - - The body should provide a meaningful commit message, which: +1. Push the branch to your fork and submit a pull request. - - uses the imperative, present tense: "change", not "changed" or - "changes". +Please be prepared to repeat some of these steps as our contributors review +your code. - - includes motivation for the change, and contrasts its - implementation with the previous behavior. +## Dependencies - - Make sure that you have tests for the bug you are fixing, or - feature you are adding. +The testing and development tools have a bunch of dependencies, +all managed by [bundler](http://bundler.io/) according to the +[Puppet support matrix](http://docs.puppetlabs.com/guides/platforms.html#ruby-versions). - - Make sure the test suites passes after your commit: - `bundle exec rspec spec/acceptance` More information on [testing](#Testing) below +By default the tests use a baseline version of Puppet. - - When introducing a new feature, make sure it is properly - documented in the README.md +If you have Ruby 2.x or want a specific version of Puppet, +you must set an environment variable such as: - * Submission: + export PUPPET_VERSION="~> 4.2.0" - * Pre-requisites: +Install the dependencies like so... - - Sign the [Contributor License Agreement](https://cla.puppetlabs.com/) + bundle install - - Make sure you have a [GitHub account](https://github.com/join) +## Syntax and style - - [Create a ticket](http://projects.puppetlabs.com/projects/modules/issues/new), or [watch the ticket](http://projects.puppetlabs.com/projects/modules/issues) you are patching for. +The test suite will run [Puppet Lint](http://puppet-lint.com/) and +[Puppet Syntax](https://github.com/gds-operations/puppet-syntax) to +check various syntax and style things. You can run these locally with: - * Preferred method: + bundle exec rake test - - Fork the repository on GitHub. +## Running the unit tests - - Push your changes to a topic branch in your fork of the - repository. (the format ticket/1234-short_description_of_change is - usually preferred for this project). +The unit test suite covers most of the code, as mentioned above please +add tests if you're adding new functionality. If you've not used +[rspec-puppet](http://rspec-puppet.com/) before then feel free to ask +about how best to test your new feature. To run your specific spec test +you can pass it to `SPEC`: - - Submit a pull request to the repository in the puppetlabs - organization. + bundle exec rake spec SPEC=spec/foo_spec.rb -The long version -================ +## Integration tests - 1. Make separate commits for logically separate changes. +The unit tests just check the code runs, not that it does exactly what +we want on a real machine. For that we're using +[beaker](https://github.com/puppetlabs/beaker). - Please break your commits down into logically consistent units - which include new or changed tests relevant to the rest of the - change. The goal of doing this is to make the diff easier to - read for whoever is reviewing your code. In general, the easier - your diff is to read, the more likely someone will be happy to - review it and get it into the code base. +This fires up a new virtual machine (using vagrant) and runs a series of +simple tests against it after applying the module. You can run this +with: - If you are going to refactor a piece of code, please do so as a - separate commit from your feature or bug fix changes. + bundle exec rake acceptance - We also really appreciate changes that include tests to make - sure the bug is not re-introduced, and that the feature is not - accidentally broken. +This will run the tests on an Ubuntu 12.04 virtual machine. You can also +run the integration tests against Centos 6.5 with. - Describe the technical detail of the change(s). If your - description starts to get too long, that is a good sign that you - probably need to split up your commit into more finely grained - pieces. + RS_SET=centos-64-x64 bundle exec rake acceptances - Commits which plainly describe the things which help - reviewers check the patch and future developers understand the - code are much more likely to be merged in with a minimum of - bike-shedding or requested changes. Ideally, the commit message - would include information, and be in a form suitable for - inclusion in the release notes for the version of Puppet that - includes them. - - Please also check that you are not introducing any trailing - whitespace or other "whitespace errors". You can do this by - running "git diff --check" on your changes before you commit. - - 2. Sign the Contributor License Agreement - - Before we can accept your changes, we do need a signed Puppet - Labs Contributor License Agreement (CLA). - - You can access the CLA via the [Contributor License Agreement link](https://cla.puppetlabs.com/) - - If you have any questions about the CLA, please feel free to - contact Puppet Labs via email at cla-submissions@puppetlabs.com. - - 3. Sending your patches - - To submit your changes via a GitHub pull request, we _highly_ - recommend that you have them on a topic branch, instead of - directly on "master". - It makes things much easier to keep track of, especially if - you decide to work on another thing before your first change - is merged in. - - GitHub has some pretty good - [general documentation](http://help.github.com/) on using - their site. They also have documentation on - [creating pull requests](http://help.github.com/send-pull-requests/). - - In general, after pushing your topic branch up to your - repository on GitHub, you can switch to the branch in the - GitHub UI and click "Pull Request" towards the top of the page - in order to open a pull request. - - - 4. Update the related GitHub issue. - - If there is a GitHub issue associated with the change you - submitted, then you should update the ticket to include the - location of your branch, along with any other commentary you - may wish to make. - -Testing -======= - -Getting Started ---------------- - -Our puppet modules provide [`Gemfile`](./Gemfile)s which can tell a ruby -package manager such as [bundler](http://bundler.io/) what Ruby packages, -or Gems, are required to build, develop, and test this software. - -Please make sure you have [bundler installed](http://bundler.io/#getting-started) -on your system, then use it to install all dependencies needed for this project, -by running - -```shell -% bundle install -Fetching gem metadata from https://rubygems.org/........ -Fetching gem metadata from https://rubygems.org/.. -Using rake (10.1.0) -Using builder (3.2.2) --- 8><-- many more --><8 -- -Using rspec-system-puppet (2.2.0) -Using serverspec (0.6.3) -Using rspec-system-serverspec (1.0.0) -Using bundler (1.3.5) -Your bundle is complete! -Use `bundle show [gemname]` to see where a bundled gem is installed. -``` - -NOTE some systems may require you to run this command with sudo. - -If you already have those gems installed, make sure they are up-to-date: - -```shell -% bundle update -``` - -With all dependencies in place and up-to-date we can now run the tests: - -```shell -% rake spec -``` - -This will execute all the [rspec tests](http://rspec-puppet.com/) tests -under [spec/defines](./spec/defines), [spec/classes](./spec/classes), -and so on. rspec tests may have the same kind of dependencies as the -module they are testing. While the module defines in its [Modulefile](./Modulefile), -rspec tests define them in [.fixtures.yml](./fixtures.yml). - -Some puppet modules also come with [beaker](https://github.com/puppetlabs/beaker) -tests. These tests spin up a virtual machine under -[VirtualBox](https://www.virtualbox.org/)) with, controlling it with -[Vagrant](http://www.vagrantup.com/) to actually simulate scripted test -scenarios. In order to run these, you will need both of those tools -installed on your system. - -You can run them by issuing the following command - -```shell -% rake spec_clean -% rspec spec/acceptance -``` - -This will now download a pre-fabricated image configured in the [default node-set](./spec/acceptance/nodesets/default.yml), -install puppet, copy this module and install its dependencies per [spec/spec_helper_acceptance.rb](./spec/spec_helper_acceptance.rb) -and then run all the tests under [spec/acceptance](./spec/acceptance). - -Writing Tests -------------- - -XXX getting started writing tests. - -If you have commit access to the repository -=========================================== - -Even if you have commit access to the repository, you will still need to -go through the process above, and have someone else review and merge -in your changes. The rule is that all changes must be reviewed by a -developer on the project (that did not write the code) to ensure that -all changes go through a code review process. - -Having someone other than the author of the topic branch recorded as -performing the merge is the record that they performed the code -review. - - -Additional Resources -==================== - -* [Getting additional help](http://projects.puppetlabs.com/projects/puppet/wiki/Getting_Help) - -* [Writing tests](http://projects.puppetlabs.com/projects/puppet/wiki/Development_Writing_Tests) - -* [Patchwork](https://patchwork.puppetlabs.com) - -* [Contributor License Agreement](https://projects.puppetlabs.com/contributor_licenses/sign) - -* [General GitHub documentation](http://help.github.com/) - -* [GitHub pull request documentation](http://help.github.com/send-pull-requests/) +If you don't want to have to recreate the virtual machine every time you +can use `BEAKER_DESTROY=no` and `BEAKER_PROVISION=no`. On the first run you will +at least need `BEAKER_PROVISION` set to yes (the default). The Vagrantfile +for the created virtual machines will be in `.vagrant/beaker_vagrant_fies`. diff --git a/Gemfile b/Gemfile index e84f3bab4..eb947bf71 100644 --- a/Gemfile +++ b/Gemfile @@ -1,38 +1,33 @@ -# Copyright 2014 Puppet Community -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -source "https://rubygems.org" +source 'https://rubygems.org' group :test do - gem "rake" - gem "puppet", ENV['PUPPET_VERSION'] || '~> 3.7.0' - gem "rspec-puppet", :git => 'https://github.com/rodjek/rspec-puppet.git' - gem "puppetlabs_spec_helper" - gem "metadata-json-lint" - gem "rspec-puppet-facts" - gem "rspec", "< 3.2.0", { "platforms" => ["ruby_18"] } + gem 'rake' + gem 'puppet', ENV['PUPPET_VERSION'] || '~> 3.8.0' + gem 'rspec-puppet', git: 'https://github.com/rodjek/rspec-puppet.git' + gem 'rspec-puppet-augeas' + gem 'ruby-augeas' + gem 'puppetlabs_spec_helper' + gem 'metadata-json-lint' + gem 'rspec-puppet-facts' + gem 'rspec' + gem 'puppet-blacksmith' + gem 'rubocop' + gem 'puppet-lint-absolute_classname-check' + gem 'puppet-lint-leading_zero-check' + gem 'puppet-lint-trailing_comma-check' + gem 'puppet-lint-version_comparison-check' + gem 'puppet-lint-classes_and_types_beginning_with_digits-check' + gem 'puppet-lint-unquoted_string-check' + gem 'puppet-lint-variable_contains_upcase' end group :development do - gem "travis" - gem "travis-lint" - gem "puppet-blacksmith" - gem "guard-rake" + gem 'travis' + gem 'travis-lint' + gem 'guard-rake' end group :system_tests do - gem "beaker" - gem "beaker-rspec" - gem "vagrant-wrapper" + gem 'beaker' + gem 'beaker-rspec' end diff --git a/Rakefile b/Rakefile index 8a5af6a32..db3796617 100644 --- a/Rakefile +++ b/Rakefile @@ -1,31 +1,15 @@ -# Copyright 2014 Puppet Community -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - require 'puppetlabs_spec_helper/rake_tasks' require 'puppet-lint/tasks/puppet-lint' require 'puppet-syntax/tasks/puppet-syntax' +require 'metadata-json-lint/rake_task' +require 'puppet_blacksmith/rake_tasks' +require 'rubocop/rake_task' -# These two gems aren't always present, for instance -# on Travis with --without development -begin - require 'puppet_blacksmith/rake_tasks' -rescue LoadError -end +RuboCop::RakeTask.new PuppetLint.configuration.relative = true -PuppetLint.configuration.send("disable_80chars") -PuppetLint.configuration.log_format = "%{path}:%{linenumber}:%{check}:%{KIND}:%{message}" +PuppetLint.configuration.send('disable_80chars') +PuppetLint.configuration.log_format = '%{path}:%{linenumber}:%{check}:%{KIND}:%{message}' PuppetLint.configuration.fail_on_warnings = true # Forsake support for Puppet 2.6.2 for the benefit of cleaner code. @@ -34,22 +18,42 @@ PuppetLint.configuration.send('disable_class_parameter_defaults') # http://puppet-lint.com/checks/class_inherits_from_params_class/ PuppetLint.configuration.send('disable_class_inherits_from_params_class') -exclude_paths = [ - "pkg/**/*", - "vendor/**/*", - "spec/**/*", -] +exclude_paths = %w( + pkg/**/* + vendor/**/* + spec/**/* +) PuppetLint.configuration.ignore_paths = exclude_paths PuppetSyntax.exclude_paths = exclude_paths -desc "Run acceptance tests" +desc 'Run acceptance tests' RSpec::Core::RakeTask.new(:acceptance) do |t| t.pattern = 'spec/acceptance' end -desc "Run syntax, lint, and spec tests." -task :test => [ - :syntax, +desc 'Run metadata_lint, lint, syntax, and spec tests.' +task test: [ + :metadata_lint, :lint, + :syntax, :spec, ] + +Blacksmith::RakeTask.new do |t| + t.build = false # do not build the module nor push it to the Forge + # just do the tagging [:clean, :tag, :bump_commit] +end + +desc 'Offload release process to Travis.' +task travis_release: [ + :check_changelog, # check that the changelog contains an entry for the current release + :"module:release", # do everything except build / push to forge, travis will do that for us +] + +desc 'Check Changelog.' +task :check_changelog do + v = Blacksmith::Modulefile.new.version + if File.readlines('CHANGELOG.md').grep(/Releasing #{v}/).size == 0 + fail "Unable to find a CHANGELOG.md entry for the #{v} release." + end +end diff --git a/examples/ldap_shared.pp b/examples/ldap_shared.pp index a779a2dfd..b90f83219 100644 --- a/examples/ldap_shared.pp +++ b/examples/ldap_shared.pp @@ -2,7 +2,7 @@ # Configuring shared authentication credentials # Performs LDAP authentication and file authorization # -class { 'rundeck': +class { '::rundeck': auth_types => ['ldap_shared'], auth_config => { 'file' => { @@ -15,7 +15,7 @@ 'username' => 'stan', 'roles' => ['sre'], } - ] + ], }, 'ldap' => { 'url' => 'ldap://ldap:389', @@ -33,6 +33,6 @@ 'role_object_class' => 'posixGroup', 'supplemental_roles' => 'user', 'nested_groups' => false, - } + }, }, } diff --git a/lib/puppet/parser/functions/validate_rd_policy.rb b/lib/puppet/parser/functions/validate_rd_policy.rb index 21109746c..a1afaf0ce 100644 --- a/lib/puppet/parser/functions/validate_rd_policy.rb +++ b/lib/puppet/parser/functions/validate_rd_policy.rb @@ -1,23 +1,20 @@ require 'puppet/util/rundeck_acl' -module Puppet::Parser::Functions +# Validates the rundeck ACL policies +# Usage: +# Example: +# Parser +Puppet::Parser::Functions.newfunction(:validate_rd_policy, :doc => <<-'ENDHEREDOC') do |args| + ENDHEREDOC - newfunction(:validate_rd_policy, :doc => <<-'ENDHEREDOC') do |args| + fail Puppet::ParseError, ("validate_rd_policy(): wrong number of arguments (#{args.length}; must be 1)") unless args.length == 1 - ENDHEREDOC - - unless args.length == 1 then - raise Puppet::ParseError, ("validate_rd_policy(): wrong number of arguments (#{args.length}; must be 1)") - end - - args.each do |arg| - if arg.is_a?(Array) - - elsif arg.is_a?(Hash) - Puppet::Util::RundeckACL.validate_acl(arg) - else - raise Puppet::ParseError, ("#{arg.inspect} is not a Hash or Array of hashes. It looks to be a #{arg.class}") - end + args.each do |arg| + next if arg.is_a?(Array) + if arg.is_a?(Hash) + Puppet::Util::RundeckACL.validate_acl(arg) + else + fail Puppet::ParseError, ("#{arg.inspect} is not a Hash or Array of hashes. It looks to be a #{arg.class}") end end -end \ No newline at end of file +end diff --git a/lib/puppet/util/rundeck_acl.rb b/lib/puppet/util/rundeck_acl.rb index 6ab0f852c..0df023832 100644 --- a/lib/puppet/util/rundeck_acl.rb +++ b/lib/puppet/util/rundeck_acl.rb @@ -1,39 +1,22 @@ +# Module to check ACL validity module Puppet::Util::RundeckACL - + # RundeckValidator class class RundeckValidator - def raise_err(msg) - raise(Puppet::ParseError, "The policy is invalid - #{msg}") + fail(Puppet::ParseError, "The policy is invalid - #{msg}") end def validate_description(description) - if !description.is_a? String - raise_err('description is not a String') - end + raise_err('description is not a String') unless description.is_a? String end def validate_context(context) - if !context.is_a? Hash - raise_err('context is not a Hash') - elsif context.empty? - raise_err('context is empty') - else - if context.keys.length != 1 - raise_err('context can only contain project or application') - else - type = context.keys[0] - - case type - when 'project', 'application' - if !context[type].is_a? String - raise_err("context:#{type} is not a String") - end - else - raise_err("context can only be project or application") - end - - end - end + raise_err('context is not a Hash') unless context.is_a? Hash + raise_err('context is empty') if context.empty? + raise_err('context can only contain project or application') unless context.keys.length == 1 + type = context.keys[0] + raise_err("context:#{type} is not a String") unless context[type].is_a? String + raise_err('context can only be project or application') unless %w(application project).include? type end def validate_rule_action(type, type_section, scope) @@ -42,21 +25,16 @@ def validate_rule_action(type, type_section, scope) property = '' value = '' - if type_section.empty? - raise_err("for:#{type} is empty") - end + raise_err("for:#{type} is empty") if type_section.empty? type_section.each do |e| - if !e.is_a? Hash - raise_err("for:#{type} entry is not a Hash") - end + raise_err("for:#{type} entry is not a Hash") unless e.is_a? Hash end - type_section.each do |e| - e.each do |k,v| - if k.eql?('allow') or k.eql?('deny') + e.each do |k, v| + if k.eql?('allow') || k.eql?('deny') action_found = true actions = v - elsif ['match','equals','contains'].include?(k) + elsif %w(match equals contains).include?(k) case type when 'resource' property = v['kind'] @@ -87,40 +65,31 @@ def validate_rule_action(type, type_section, scope) else property = v.keys[0] end - else - # end end end - - if !action_found - raise_err("for:#{type} does not contain a rule action of [allow,deny]") - else - if scope.eql?('project') - if property.to_s != '' or type.eql?('adhoc') or type.eql?('node') - validate_proj_actions(type, actions, property, value) - end - elsif scope.eql?('application') - validate_app_actions(type, actions, property, value) - end + raise_err("for:#{type} does not contain a rule action of [allow,deny]") unless action_found + if scope.eql?('project') + validate_proj_actions(type, actions, property, value) if property.to_s != '' || type.eql?('adhoc') || type.eql?('node') + elsif scope.eql?('application') + validate_app_actions(type, actions, property, value) end end - end - def validate_proj_actions(type, actions, property, value='') + def validate_proj_actions(type, actions, property, value = '') project_actions = { 'resource' => { - 'job' => ['create','delete'], - 'node' => ['read','create','update','refresh'], - 'event' => ['read','create'] - }, - 'adhoc' => ['read','run','runAs','kill','killAs'], + 'job' => %w(create delete), + 'node' => %w(read create update refresh), + 'event' => %w(read create) + }, + 'adhoc' => %w(read run runAs kill killAs), 'job' => { - 'name' => ['read','update','delete','run','runAs','kill','killAs','create'], - 'group' => ['read','update','delete','run','runAs','kill','killAs','create'] + 'name' => %w(read update delete run runAs kill killAs create), + 'group' => %w(read update delete run runAs kill killAs create) }, - 'node' => ['read','run'] + 'node' => %w(read run) } case type @@ -128,69 +97,52 @@ def validate_proj_actions(type, actions, property, value='') case property when 'job', 'node', 'event' actions.each do |action| - if !project_actions[type][property].include?(action) + unless project_actions[type][property].include?(action) raise_err("for:resource kind:#{property} can only contain actions #{project_actions[type][property]}") end end - else - # end when 'adhoc', 'node' - actions.each do |action| - if !project_actions[type].include?(action) - raise_err("for:#{type} can only contain actions #{project_actions[type]}") + actions.each do |action| + raise_err("for:#{type} can only contain actions #{project_actions[type]}") unless project_actions[type].include?(action) end - end when 'job' case property - when 'name','group' + when 'name', 'group' actions.each do |action| - if !project_actions[type][property].include?(action) - raise_err("for:job #{property}:#{value} can only contain actions #{project_actions[type][property]}") - end + raise_err("for:job #{property}:#{value} can only contain actions #{project_actions[type][property]}") unless project_actions[type][property].include?(action) end else raise_err("#{property} is not a valid property for the job scope") end - else - # end end - def validate_app_actions(type, actions, property, value='') + def validate_app_actions(type, actions, property, _value = '') app_actions = { - 'resource' => { - 'project' => ['create'], - 'system' => ['read'], - 'user' => ['admin'], - 'job' => ['admin'] - }, - 'project' => { - 'name' => ['read','configure','delete','import','export','delete_execution','admin'] - }, - 'storage' => { - 'name' => ['create','update','read','delete'], - 'path' => ['create','update','read','delete'] - } + 'resource' => { 'project' => ['create'], + 'system' => ['read'], + 'user' => ['admin'], + 'job' => ['admin'] + }, + 'project' => { 'name' => %w(read configure delete import export delete_execution admin) }, + 'storage' => { 'name' => %w(create update read delete), + 'path' => %w(create update read delete) + } } case type when 'resource' case property - when 'project', 'system','user','job' + when 'project', 'system', 'user', 'job' actions.each do |action| - if !app_actions[type][property].include?(action) - raise_err("for:resource kind:#{property} can only contain actions #{app_actions[type][property]}") - end + raise_err("for:resource kind:#{property} can only contain actions #{app_actions[type][property]}") unless app_actions[type][property].include? action end - else end when 'project' if property.eql?('name') actions.each do |action| - if !app_actions[type][property].include?(action) - raise_err("for:project #{property} can only contain actions #{app_actions[type][property]}") - end + raise_err("for:project #{property} can only contain actions #{app_actions[type][property]}") unless app_actions[type][property].include? action end end when 'storage' @@ -199,107 +151,73 @@ def validate_app_actions(type, actions, property, value='') case property when 'name', 'path' actions.each do |action| - if !app_actions[type][property].include?(action) - raise_err("for:storage #{property} can only contain actions #{app_actions[type][property]}") - end + raise_err("for:storage #{property} can only contain actions #{app_actions[type][property]}") unless app_actions[type][property].include? action end - else end - else - # end end def validate_matching(type, type_section) matching_found = false - if type_section.empty? - raise_err("for:#{type} is empty") - end + raise_err("for:#{type} is empty") if type_section.empty? type_section.each do |e| if e.is_a? Hash - e.each do |k,v| - if k.eql?('match') or k.eql?('equals') or k.eql?('contains') - matching_found = true - end + e.each do |k, _v| + matching_found = true if k.eql?('match') || k.eql?('equals') || k.eql?('contains') end else raise_err("for:#{type} entry is not a Hash") end end - if !matching_found - raise_err("for:#{type} does not contain a matching statement of [match,equals,contains]") - end + raise_err("for:#{type} does not contain a matching statement of [match,equals,contains]") unless matching_found end def validate_for(for_section, context) if !for_section.is_a? Hash - raise_err("for is not a Hash") + raise_err('for is not a Hash') elsif for_section.empty? - raise_err("for is empty") + raise_err('for is empty') else scope = context.keys[0] - if scope.eql?('project') - resource_types = ['job','node','adhoc','project','resource'] + resource_types = %w(job node adhoc project resource) elsif scope.eql?('application') - resource_types = ['resource','project','storage'] + resource_types = %w(resource project storage) else raise_err("unknown scope: #{scope}") end - for_section.each do |k,v| - if !resource_types.include?(k) - raise_err("for section must only contain #{resource_types.inspect.gsub!('"',"'")}") - end + for_section.each do |k, _v| + raise_err("for section must only contain #{resource_types.inspect.tr!('"', "'")}") unless resource_types.include?(k) end - resource_types.each do |type| - if for_section.has_key?(type) - if !for_section[type].is_a? Array - raise_err("for:#{type} is not an Array") - elsif for_section[type].empty? - raise_err("for:#{type} is empty") - else - validate_rule_action(type, for_section[type], scope) - validate_matching(type, for_section[type]) unless for_section[type].eql?('adhoc') - end + next unless for_section.key?(type) + if !for_section[type].is_a? Array + raise_err("for:#{type} is not an Array") + elsif for_section[type].empty? + raise_err("for:#{type} is empty") + else + validate_rule_action(type, for_section[type], scope) + validate_matching(type, for_section[type]) unless for_section[type].eql?('adhoc') end end end end def validate_by(by_section) - if !by_section.is_a? Array - raise_err("by is not an Array") - elsif by_section.empty? - raise_err("by is empty") - else - - by_section.each do |item| - if !item.is_a? Hash - raise_err("by:#{item} is not a Hash") - elsif item.empty? - raise_err("by is empty") - else - - item.each do |k,v| - if !['username','group'].include?(k) - raise_err("by section must only contain [username,group]") - end - end - - ['username','group'].each do |type| - if item.has_key?(type) - if !item[type].is_a? String and !item[type].is_a? Array - raise_err("by:#{type} is not a String or an Array") - end - end - end - end - end - end + raise_err('by is not an Array') unless by_section.is_a? Array + raise_err('by is empty') if by_section.empty? + by_section.each do |item| + raise_err("by:#{item} is not a Hash") unless item.is_a? Hash + raise_err('by is empty') if item.empty? + item.each do |k, _v| + raise_err('by section must only contain [username,group]') unless %w(username group).include?(k) + end + %w(username group).each do |type| + raise_err("by:#{type} is not a String or an Array") if (!item[type].is_a? String) && (!item[type].is_a? Array) if item.key?(type) + end + end end - end def validate_acl(hash) @@ -309,6 +227,5 @@ def validate_acl(hash) rv.validate_for(hash['for'], hash['context']) rv.validate_by(hash['by']) end - module_function :validate_acl -end \ No newline at end of file +end diff --git a/manifests/config.pp b/manifests/config.pp index f260ae48a..e157c0534 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -99,7 +99,7 @@ group => $group, mode => '0640', content => template($auth_template), - require => File[$properties_dir] + require => File[$properties_dir], } file { "${properties_dir}/log4j.properties": @@ -108,7 +108,7 @@ mode => '0640', content => template('rundeck/log4j.properties.erb'), notify => Service[$service_name], - require => File[$properties_dir] + require => File[$properties_dir], } rundeck::config::aclpolicyfile { 'admin': @@ -131,26 +131,26 @@ mode => '0640', content => template('rundeck/profile.erb'), notify => Service[$service_name], - require => File[$properties_dir] + require => File[$properties_dir], } - include 'rundeck::config::global::framework' - include 'rundeck::config::global::project' - include 'rundeck::config::global::rundeck_config' + include '::rundeck::config::global::framework' + include '::rundeck::config::global::project' + include '::rundeck::config::global::rundeck_config' Class[rundeck::config::global::framework] -> Class[rundeck::config::global::project] -> Class[rundeck::config::global::rundeck_config] if $ssl_enabled { - include 'rundeck::config::global::ssl' + include '::rundeck::config::global::ssl' Class[rundeck::config::global::rundeck_config] -> Class[rundeck::config::global::ssl] } create_resources(rundeck::config::project, $projects) - class { 'rundeck::config::global::web': + class { '::rundeck::config::global::web': security_role => $security_role, notify => Service[$service_name], } diff --git a/manifests/config/global/framework.pp b/manifests/config/global/framework.pp index 1999189aa..577901a87 100644 --- a/manifests/config/global/framework.pp +++ b/manifests/config/global/framework.pp @@ -25,7 +25,7 @@ owner => $user, group => $group, mode => '0640', - require => File[$properties_dir] + require => File[$properties_dir], } } diff --git a/manifests/config/global/project.pp b/manifests/config/global/project.pp index afb828155..0cbbf9211 100644 --- a/manifests/config/global/project.pp +++ b/manifests/config/global/project.pp @@ -24,7 +24,7 @@ owner => $user, group => $group, mode => '0640', - require => File[$properties_dir] + require => File[$properties_dir], } ini_setting { 'project.dir': @@ -33,7 +33,7 @@ section => '', setting => 'project.dir', value => "${projects_dir}/\${project.name}", - require => File[$properties_file] + require => File[$properties_file], } ini_setting { 'project.etc.dir': @@ -42,7 +42,7 @@ section => '', setting => 'project.etc.dir', value => "${projects_dir}/\${project.name}/etc", - require => File[$properties_file] + require => File[$properties_file], } ini_setting { 'project.resources.file': @@ -51,7 +51,7 @@ section => '', setting => 'project.resources.file', value => "${projects_dir}/\${project.name}/etc/resources.xml", - require => File[$properties_file] + require => File[$properties_file], } ini_setting { 'project.description': @@ -60,7 +60,7 @@ section => '', setting => 'project.description', value => $projects_organization, - require => File[$properties_file] + require => File[$properties_file], } ini_setting { 'project.organization': @@ -69,6 +69,6 @@ section => '', setting => 'project.organization', value => $projects_description, - require => File[$properties_file] + require => File[$properties_file], } } diff --git a/manifests/config/global/rundeck_config.pp b/manifests/config/global/rundeck_config.pp index e3504f78b..0a10af12e 100644 --- a/manifests/config/global/rundeck_config.pp +++ b/manifests/config/global/rundeck_config.pp @@ -26,7 +26,7 @@ $database_config = merge($rundeck::params::database_config, $rundeck::config::database_config) file { "${properties_dir}/rundeck-config.properties": - ensure => absent + ensure => absent, } file { $properties_file: diff --git a/manifests/config/global/ssl.pp b/manifests/config/global/ssl.pp index faebd36ec..c309978e1 100644 --- a/manifests/config/global/ssl.pp +++ b/manifests/config/global/ssl.pp @@ -33,7 +33,7 @@ group => $group, mode => '0640', notify => Service[$service_name], - require => File[$properties_dir] + require => File[$properties_dir], } ini_setting { 'keystore': @@ -42,7 +42,7 @@ section => '', setting => 'keystore', value => $keystore, - require => File[$properties_file] + require => File[$properties_file], } ini_setting { 'keystore.password': @@ -51,7 +51,7 @@ section => '', setting => 'keystore.password', value => $keystore_password, - require => File[$properties_file] + require => File[$properties_file], } ini_setting { 'key.password': @@ -60,7 +60,7 @@ section => '', setting => 'key.password', value => $key_password, - require => File[$properties_file] + require => File[$properties_file], } ini_setting { 'truststore': @@ -69,7 +69,7 @@ section => '', setting => 'truststore', value => $truststore, - require => File[$properties_file] + require => File[$properties_file], } ini_setting { 'truststore.password': @@ -78,6 +78,6 @@ section => '', setting => 'truststore.password', value => $truststore_password, - require => File[$properties_file] + require => File[$properties_file], } } diff --git a/manifests/config/plugin.pp b/manifests/config/plugin.pp index eba1cd0a8..9fad453c7 100644 --- a/manifests/config/plugin.pp +++ b/manifests/config/plugin.pp @@ -28,7 +28,7 @@ ) { include '::rundeck' - include 'archive' + include '::archive' $framework_config = deep_merge($::rundeck::params::framework_config, $::rundeck::framework_config) diff --git a/manifests/config/project.pp b/manifests/config/project.pp index d7e0180aa..98490e369 100644 --- a/manifests/config/project.pp +++ b/manifests/config/project.pp @@ -44,7 +44,7 @@ $group = $rundeck::group ) { - include rundeck::params + include ::rundeck::params $framework_properties = deep_merge($rundeck::params::framework_config, $framework_config) @@ -74,21 +74,21 @@ ensure => present, owner => $user, group => $group, - require => File["${project_dir}/etc"] + require => File["${project_dir}/etc"], } file { "${project_dir}/var": ensure => directory, owner => $user, group => $group, - require => File[$project_dir] + require => File[$project_dir], } file { "${project_dir}/etc": ensure => directory, owner => $user, group => $group, - require => File[$project_dir] + require => File[$project_dir], } ini_setting { "${name}::project.name": @@ -97,7 +97,7 @@ section => '', setting => 'project.name', value => $name, - require => File[$properties_file] + require => File[$properties_file], } ini_setting { "${name}::project.ssh-authentication": @@ -106,7 +106,7 @@ section => '', setting => 'project.ssh-authentication', value => 'privateKey', - require => File[$properties_file] + require => File[$properties_file], } ini_setting { "${name}::project.ssh-keypath": @@ -115,7 +115,7 @@ section => '', setting => 'project.ssh-keypath', value => $ssh_keypath, - require => File[$properties_file] + require => File[$properties_file], } $resource_source_defaults = { @@ -132,7 +132,7 @@ section => '', setting => 'service.FileCopier.default.provider', value => $file_copier_provider, - require => File[$properties_file] + require => File[$properties_file], } ini_setting { "${name}::service.NodeExecutor.default.provider": @@ -141,6 +141,6 @@ section => '', setting => 'service.NodeExecutor.default.provider', value => $node_executor_provider, - require => File[$properties_file] + require => File[$properties_file], } } diff --git a/manifests/config/resource_source.pp b/manifests/config/resource_source.pp index ffe162f10..5d2a57eb0 100644 --- a/manifests/config/resource_source.pp +++ b/manifests/config/resource_source.pp @@ -82,7 +82,7 @@ $running_only = true, ) { - include rundeck + include ::rundeck $framework_properties = deep_merge($rundeck::params::framework_config, $::rundeck::framework_config) @@ -114,7 +114,7 @@ section => '', setting => "resources.source.${number}.type", value => $source_type, - require => File[$properties_file] + require => File[$properties_file], } case downcase($source_type) { @@ -141,7 +141,7 @@ section => '', setting => "resources.source.${number}.config.requireFileExists", value => true, - require => File[$properties_file] + require => File[$properties_file], } ini_setting { "${name}::resources.source.${number}.config.includeServerNode": @@ -150,7 +150,7 @@ section => '', setting => "resources.source.${number}.config.includeServerNode", value => $include_server_node, - require => File[$properties_file] + require => File[$properties_file], } ini_setting { "${name}::resources.source.${number}.config.generateFileAutomatically": @@ -159,7 +159,7 @@ section => '', setting => "resources.source.${number}.config.generateFileAutomatically", value => true, - require => File[$properties_file] + require => File[$properties_file], } ini_setting { "${name}::resources.source.${number}.config.format": @@ -168,7 +168,7 @@ section => '', setting => "resources.source.${number}.config.format", value => $resource_format, - require => File[$properties_file] + require => File[$properties_file], } ini_setting { "${name}::resources.source.${number}.config.file": @@ -177,7 +177,7 @@ section => '', setting => "resources.source.${number}.config.file", value => $file, - require => File[$properties_file] + require => File[$properties_file], } } 'url': { @@ -192,7 +192,7 @@ section => '', setting => "resources.source.${number}.config.url", value => $url, - require => File[$properties_file] + require => File[$properties_file], } ini_setting { "${name}::resources.source.${number}.config.timeout": @@ -201,7 +201,7 @@ section => '', setting => "resources.source.${number}.config.timeout", value => $url_timeout, - require => File[$properties_file] + require => File[$properties_file], } ini_setting { "${name}::resources.source.${number}.config.cache": @@ -210,7 +210,7 @@ section => '', setting => "resources.source.${number}.config.cache", value => $url_cache, - require => File[$properties_file] + require => File[$properties_file], } } 'directory': { @@ -229,7 +229,7 @@ section => '', setting => "resources.source.${number}.config.directory", value => $directory, - require => File[$properties_file] + require => File[$properties_file], } } 'script': { @@ -245,7 +245,7 @@ section => '', setting => "resources.source.${number}.config.file", value => $script_file, - require => File[$properties_file] + require => File[$properties_file], } ini_setting { "${name}::resources.source.${number}.config.args": @@ -254,7 +254,7 @@ section => '', setting => "resources.source.${number}.config.args", value => $script_args, - require => File[$properties_file] + require => File[$properties_file], } ini_setting { "${name}::resources.source.${number}.config.format": @@ -263,7 +263,7 @@ section => '', setting => "resources.source.${number}.config.format", value => $resource_format, - require => File[$properties_file] + require => File[$properties_file], } ini_setting { "${name}::resources.source.${number}.config.interpreter": @@ -272,7 +272,7 @@ section => '', setting => "resources.source.${number}.config.interpreter", value => $script_interpreter, - require => File[$properties_file] + require => File[$properties_file], } ini_setting { "${name}::resources.source.${number}.config.argsQuoted": @@ -281,7 +281,7 @@ section => '', setting => "resources.source.${number}.config.argsQuoted", value => $script_args_quoted, - require => File[$properties_file] + require => File[$properties_file], } } 'aws-ec2': { diff --git a/manifests/facts.pp b/manifests/facts.pp index 9b920c9f0..d71d1b144 100644 --- a/manifests/facts.pp +++ b/manifests/facts.pp @@ -15,7 +15,13 @@ $ensure = 'present', ) { - if $::puppetversion =~ /Puppet Enterprise/ { + if !defined('$::puppetversion') { + $versionfact = $::clientversion + } else { + $versionfact = $::puppetversion + } + + if $versionfact =~ /Puppet Enterprise/ { $ruby_bin = '/opt/puppet/bin/ruby' $dir = 'puppetlabs/' } else { diff --git a/manifests/init.pp b/manifests/init.pp index 7369999dd..51a70e6ee 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -181,9 +181,9 @@ validate_absolute_path($rdeck_home) validate_rd_policy($acl_policies) - class { 'rundeck::facts': } -> - class { 'rundeck::install': } -> - class { 'rundeck::config': } ~> - class { 'rundeck::service': } -> + class { '::rundeck::facts': } -> + class { '::rundeck::install': } -> + class { '::rundeck::config': } ~> + class { '::rundeck::service': } -> Class['rundeck'] } diff --git a/manifests/install.pp b/manifests/install.pp index 706eb86c9..cb3d0dc54 100644 --- a/manifests/install.pp +++ b/manifests/install.pp @@ -47,18 +47,18 @@ if $::rundeck_version != $version { exec { 'download rundeck package': command => "/usr/bin/wget ${package_source}/rundeck-${package_ensure}.deb -O /tmp/rundeck-${package_ensure}.deb", - unless => "/usr/bin/test -f /tmp/rundeck-${package_ensure}.deb" + unless => "/usr/bin/test -f /tmp/rundeck-${package_ensure}.deb", } exec { 'stop rundeck service': command => '/usr/sbin/service rundeckd stop', - unless => "/bin/bash -c 'if ps ax | grep -v grep | grep RunServer > /dev/null; then echo 1; else echo 0; fi'" + unless => "/bin/bash -c 'if pgrep -f RunServer > /dev/null; then echo 1; else echo 0; fi'", } exec { 'install rundeck package': command => "/usr/bin/dpkg --force-confold --ignore-depends 'java7-runtime' -i /tmp/rundeck-${package_ensure}.deb", unless => "/usr/bin/dpkg -l | grep rundeck | grep ${version}", - require => [ Exec['download rundeck package'], Exec['stop rundeck service'] ] + require => [ Exec['download rundeck package'], Exec['stop rundeck service'] ], } } diff --git a/manifests/params.pp b/manifests/params.pp index a46bfeac0..48f1da2c6 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -66,21 +66,21 @@ { 'description' => 'Admin, all access', 'context' => { - 'project' => '.*' + 'project' => '.*', }, 'for' => { 'resource' => [ - {'allow' => '*'} + {'allow' => '*'}, ], 'adhoc' => [ - {'allow' => '*'} + {'allow' => '*'}, ], 'job' => [ - {'allow' => '*'} + {'allow' => '*'}, ], 'node' => [ - {'allow' => '*'} - ] + {'allow' => '*'}, + ], }, 'by' => [{ 'group' => ['admin'] @@ -89,15 +89,15 @@ { 'description' => 'Admin, all access', 'context' => { - 'application' => 'rundeck' + 'application' => 'rundeck', }, 'for' => { 'resource' => [ - {'allow' => '*'} + {'allow' => '*'}, ], 'project' => [ - {'allow' => '*'} - ] + {'allow' => '*'}, + ], }, 'by' => [{ 'group' => ['admin'] @@ -109,7 +109,7 @@ { 'description' => 'API project level access control', 'context' => { - 'project' => '.*' + 'project' => '.*', }, 'for' => { 'resource' => [ @@ -122,7 +122,7 @@ ], 'node' => [ {'allow' => ['read','run']} - ] + ], }, 'by' => [{ 'group' => ['api_token_group'] @@ -131,7 +131,7 @@ { 'description' => 'API Application level access control', 'context' => { - 'application' => 'rundeck' + 'application' => 'rundeck', }, 'for' => { 'resource' => [ @@ -141,8 +141,8 @@ { 'match' => {'name' => '.*'}, 'allow' => ['read'] } ], 'storage' => [ - { 'match' => {'path' => '(keys|keys/.*)'}, 'allow' => '*' } - ] + { 'match' => {'path' => '(keys|keys/.*)'}, 'allow' => '*' }, + ], }, 'by' => [{ 'group' => ['api_token_group'] @@ -155,7 +155,7 @@ 'admin_user' => $framework_config['framework.server.username'], 'admin_password' => $framework_config['framework.server.password'], 'auth_users' => {}, - 'file' => '/etc/rundeck/realm.properties' + 'file' => '/etc/rundeck/realm.properties', }, 'pam' => { 'service' => 'sshd', @@ -182,7 +182,7 @@ 'role_name_attribute' => 'cn', 'role_member_attribute' => 'memberUid', 'role_object_class' => 'group', - 'nested_groups' => true + 'nested_groups' => true, }, 'active_directory' => { 'server' => undef, @@ -201,8 +201,8 @@ 'role_member_attribute' => 'member', 'role_object_class' => 'group', 'supplemental_roles' => 'user', - 'nested_groups' => true - } + 'nested_groups' => true, + }, } @@ -210,7 +210,7 @@ $security_config = { 'useHMacRequestTokens' => true, - 'apiCookieAccess' => true + 'apiCookieAccess' => true, } $projects = {} @@ -248,7 +248,7 @@ 'driverClassName' => '', 'username' => '', 'password' => '', - 'dialect' => '' + 'dialect' => '', } $keystore = '/etc/rundeck/ssl/keystore' diff --git a/manifests/service.pp b/manifests/service.pp index 0d45fdf04..42245406a 100644 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -22,13 +22,13 @@ file { '/etc/init/rundeckd.conf': ensure => present, mode => '0644', - content => template($service_config) + content => template($service_config), } file { '/etc/init.d/rundeckd': ensure => present, mode => '0755', - content => template($service_script) + content => template($service_script), } } @@ -36,6 +36,6 @@ ensure => running, enable => true, hasstatus => true, - hasrestart => true + hasrestart => true, } } diff --git a/spec/acceptance/nodesets/centos-59-x64.yml b/spec/acceptance/nodesets/centos-59-x64.yml new file mode 100644 index 000000000..2ad90b86a --- /dev/null +++ b/spec/acceptance/nodesets/centos-59-x64.yml @@ -0,0 +1,10 @@ +HOSTS: + centos-59-x64: + roles: + - master + platform: el-5-x86_64 + box : centos-59-x64-vbox4210-nocm + box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-59-x64-vbox4210-nocm.box + hypervisor : vagrant +CONFIG: + type: git diff --git a/spec/acceptance/rundeck_spec.rb b/spec/acceptance/rundeck_spec.rb index 313bd9a56..72ec98db7 100644 --- a/spec/acceptance/rundeck_spec.rb +++ b/spec/acceptance/rundeck_spec.rb @@ -1,7 +1,6 @@ require 'spec_helper_acceptance' describe 'rundeck class' do - context 'default parameters on ubuntu', :if => fact('osfamily').eql?('Debian') do it 'should work with no errors' do pp = <<-EOS @@ -26,7 +25,7 @@ class { 'rundeck': } it { should be_running } end end - + context 'default parameters on centos', :if => fact('osfamily').eql?('RedHat') do it 'should work with no errors' do pp = <<-EOS diff --git a/spec/classes/config/global/auth_spec.rb b/spec/classes/config/global/auth_spec.rb index 2923f0872..2e8a8929c 100644 --- a/spec/classes/config/global/auth_spec.rb +++ b/spec/classes/config/global/auth_spec.rb @@ -1,104 +1,117 @@ require 'spec_helper' describe 'rundeck' do - let(:facts) {{ - :osfamily => 'Debian', - :fqdn => 'test.domain.com', - :serialnumber => 0, - :rundeck_version => '' - }} + let(:facts) do + { + :osfamily => 'Debian', + :fqdn => 'test.domain.com', + :serialnumber => 0, + :rundeck_version => '', + :puppetversion => Puppet.version, + } + end describe 'with empty params' do - let(:params) {{ - }} + let(:params) do + { + } + end it 'should generate valid content for realm.properties' do content = catalogue.resource('file', '/etc/rundeck/realm.properties')[:content] - content.should include('admin:admin,user,admin,architect,deploy,build') + expect(content).to include('admin:admin,user,admin,architect,deploy,build') end end describe 'with empty auth users array' do - let(:params) {{ - :auth_config => { - 'file' => { - 'auth_users' => [] + let(:params) do + { + :auth_config => { + 'file' => { + 'auth_users' => [], + }, } } - }} + end it 'should generate valid content for realm.properties' do content = catalogue.resource('file', '/etc/rundeck/realm.properties')[:content] - content.should include('admin:admin,user,admin,architect,deploy,build') + expect(content).to include('admin:admin,user,admin,architect,deploy,build') end end describe 'with auth users array' do - let(:params) {{ - :auth_config => { - 'file' => { - 'auth_users' => [ - { - 'username' => 'testuser', - 'password' => 'password', - 'roles' => ['user', 'deploy'] - }, - { - 'username' => 'anotheruser', - 'password' => 'anotherpassword', - 'roles' => ['user'] - } - ] - } + let(:params) do + { + :auth_config => { + 'file' => { + 'auth_users' => [ + { + 'username' => 'testuser', + 'password' => 'password', + 'roles' => %w(user deploy), + }, + { + 'username' => 'anotheruser', + 'password' => 'anotherpassword', + 'roles' => ['user'], + }, + ], + }, + }, } - }} + end it 'should generate valid content for realm.properties' do content = catalogue.resource('file', '/etc/rundeck/realm.properties')[:content] - content.should include('admin:admin,user,admin,architect,deploy,build') - content.should include('testuser:password,user,deploy') - content.should include('anotheruser:anotherpassword,user') + expect(content).to include('admin:admin,user,admin,architect,deploy,build') + expect(content).to include('testuser:password,user,deploy') + expect(content).to include('anotheruser:anotherpassword,user') end end describe 'with auth user without roles' do - let(:params) {{ - :auth_config => { - 'file' => { - 'auth_users' => [ - { - 'username' => 'testuser', - 'password' => 'password' - } - ] - } + let(:params) do + { + :auth_config => { + 'file' => { + 'auth_users' => [ + { + 'username' => 'testuser', + 'password' => 'password', + }, + ], + }, + }, } - }} + end it 'should generate valid content for realm.properties' do content = catalogue.resource('file', '/etc/rundeck/realm.properties')[:content] - content.should include('admin:admin,user,admin,architect,deploy,build') - content.should include('testuser:password') + expect(content).to include('admin:admin,user,admin,architect,deploy,build') + expect(content).to include('testuser:password') end end describe 'backward compatibility (no array of users)' do - let(:params) {{ - :auth_config => { - 'file' => { - 'auth_users' => { + let(:params) do + { + :auth_config => { + 'file' => { + 'auth_users' => { 'username' => 'testuser', 'password' => 'password', - 'roles' => ['user', 'deploy'] - } - } + 'roles' => %w(user deploy), + }, + }, + }, } - }} + end it 'should generate valid content for realm.properties' do content = catalogue.resource('file', '/etc/rundeck/realm.properties')[:content] - content.should include('admin:admin,user,admin,architect,deploy,build') - content.should include('testuser:password,user,deploy') + expect(content).to include('admin:admin,user,admin,architect,deploy,build') + expect(content).to include('testuser:password,user,deploy') end end end diff --git a/spec/classes/config/global/framework_spec.rb b/spec/classes/config/global/framework_spec.rb index 6b9584dc5..2ddf023ce 100644 --- a/spec/classes/config/global/framework_spec.rb +++ b/spec/classes/config/global/framework_spec.rb @@ -2,15 +2,18 @@ describe 'rundeck' do context 'supported operating systems' do - ['Debian','RedHat'].each do |osfamily| + %w(Debian RedHat).each do |osfamily| describe "rundeck::config::global::framework class without any parameters on #{osfamily}" do - let(:params) {{ }} - let(:facts) {{ - :osfamily => osfamily, - :fqdn => 'test.domain.com', - :serialnumber => 0, - :rundeck_version => '' - }} + let(:params) { {} } + let(:facts) do + { + :osfamily => osfamily, + :fqdn => 'test.domain.com', + :serialnumber => 0, + :rundeck_version => '', + :puppetversion => Puppet.version, + } + end framework_details = { 'framework.server.name' => 'test.domain.com', @@ -27,15 +30,15 @@ 'framework.libext.dir' => '/var/lib/rundeck/libext', 'framework.ssh.keypath' => '/var/lib/rundeck/.ssh/id_rsa', 'framework.ssh.user' => 'rundeck', - 'framework.ssh.timeout' => '0' + 'framework.ssh.timeout' => '0', } it { should contain_file('/etc/rundeck/framework.properties') } - framework_details.each do |key,value| + framework_details.each do |key, value| it 'should generate valid content for framework.properties' do content = catalogue.resource('file', '/etc/rundeck/framework.properties')[:content] - content.should include("#{key} = #{value}") + expect(content).to include("#{key} = #{value}") end end end @@ -44,22 +47,27 @@ context 'add plugin configuration' do describe 'add plugin configuration for the logstash plugin' do - let(:params) {{ - :framework_config => { - 'framework.plugin.StreamingLogWriter.LogstashPlugin.port' => '9700' + let(:params) do + { + :framework_config => { + 'framework.plugin.StreamingLogWriter.LogstashPlugin.port' => '9700', + }, + } + end + let(:facts) do + { + :osfamily => 'Debian', + :fqdn => 'test.domain.com', + :serialnumber => 0, + :rundeck_version => '', + :puppetversion => Puppet.version, } - }} - let(:facts) {{ - :osfamily => 'Debian', - :fqdn => 'test.domain.com', - :serialnumber => 0, - :rundeck_version => '' - }} + end it 'should generate valid content for framework.properties' do content = catalogue.resource('file', '/etc/rundeck/framework.properties')[:content] - content.should include('framework.server.name = test.domain.com') - content.should include('framework.plugin.StreamingLogWriter.LogstashPlugin.port = 9700') + expect(content).to include('framework.server.name = test.domain.com') + expect(content).to include('framework.plugin.StreamingLogWriter.LogstashPlugin.port = 9700') end end end diff --git a/spec/classes/config/global/project_spec.rb b/spec/classes/config/global/project_spec.rb index 045df95fa..cba34719c 100644 --- a/spec/classes/config/global/project_spec.rb +++ b/spec/classes/config/global/project_spec.rb @@ -2,33 +2,37 @@ describe 'rundeck' do context 'supported operating systems' do - ['Debian','RedHat'].each do |osfamily| + %w(Debian RedHat).each do |osfamily| describe "rundeck::config::global::project class without any parameters on #{osfamily}" do - let(:params) {{ }} - let(:facts) {{ - :osfamily => osfamily, - :serialnumber => 0, - :rundeck_version => '' - }} + let(:params) { {} } + let(:facts) do + { + :osfamily => osfamily, + :serialnumber => 0, + :rundeck_version => '', + :puppetversion => Puppet.version, + } + end project_details = { 'project.dir' => '/var/lib/rundeck/projects/${project.name}', 'project.etc.dir' => '/var/lib/rundeck/projects/${project.name}/etc', 'project.resources.file' => '/var/lib/rundeck/projects/${project.name}/etc/resources.xml', 'project.description' => '', - 'project.organization' => '' + 'project.organization' => '', } it { should contain_file('/etc/rundeck/project.properties') } - project_details.each do |key,value| - it { should contain_ini_setting(key).with( - 'path' => '/etc/rundeck/project.properties', - 'setting' => key, - 'value' => value - ) } + project_details.each do |key, value| + it do + should contain_ini_setting(key).with( + 'path' => '/etc/rundeck/project.properties', + 'setting' => key, + 'value' => value, + ) + end end - end end end diff --git a/spec/classes/config/global/rundeck_config_spec.rb b/spec/classes/config/global/rundeck_config_spec.rb index ef50fb0dc..185f16dea 100644 --- a/spec/classes/config/global/rundeck_config_spec.rb +++ b/spec/classes/config/global/rundeck_config_spec.rb @@ -2,17 +2,20 @@ describe 'rundeck' do context 'supported operating systems' do - ['Debian','RedHat'].each do |osfamily| + %w(Debian RedHat).each do |osfamily| describe "rundeck::config::global::rundeck_config class without any parameters on #{osfamily}" do - let(:params) {{ }} - let(:facts) {{ - :osfamily => osfamily, - :fqdn => 'test.domain.com', - :serialnumber => 0, - :rundeck_version => '' - }} + let(:params) { {} } + let(:facts) do + { + :osfamily => osfamily, + :fqdn => 'test.domain.com', + :serialnumber => 0, + :rundeck_version => '', + :puppetversion => Puppet.version, + } + end - $default_config = <<-CONFIG.gsub /[^\S\n]{10}/, "" + default_config = <<-CONFIG.gsub(/[^\S\n]{10}/, '') loglevel.default = "INFO" rdeck.base = "/var/lib/rundeck" rss.enabled = "false" @@ -29,10 +32,11 @@ rundeck.clusterMode.enabled = "false" CONFIG - it { should contain_file('/etc/rundeck/rundeck-config.groovy').with( - 'content' => $default_config - )} - + it do + should contain_file('/etc/rundeck/rundeck-config.groovy').with( + 'content' => default_config + ) + end end end end diff --git a/spec/classes/config/global/ssl_spec.rb b/spec/classes/config/global/ssl_spec.rb index e02807871..48380d59d 100644 --- a/spec/classes/config/global/ssl_spec.rb +++ b/spec/classes/config/global/ssl_spec.rb @@ -2,34 +2,39 @@ describe 'rundeck' do context 'supported operating systems' do - ['Debian','RedHat'].each do |osfamily| - describe "rundeck::config::global::ssl class without any parameters on #{osfamily}" do - let(:params) {{ + %w(Debian RedHat).each do |osfamily| + let(:params) do + { :ssl_enabled => true, - }} - let(:facts) {{ - :osfamily => osfamily, - :serialnumber => 0, - :rundeck_version => '' - }} - - ssl_details = { - 'keystore' => '/etc/rundeck/ssl/keystore', - 'keystore.password' => 'adminadmin', - 'key.password' => 'adminadmin', - 'truststore' => '/etc/rundeck/ssl/truststore', - 'truststore.password' => 'adminadmin' } + end + let(:facts) do + { + :osfamily => osfamily, + :serialnumber => 0, + :rundeck_version => '', + :puppetversion => Puppet.version, + } + end + + ssl_details = { + 'keystore' => '/etc/rundeck/ssl/keystore', + 'keystore.password' => 'adminadmin', + 'key.password' => 'adminadmin', + 'truststore' => '/etc/rundeck/ssl/truststore', + 'truststore.password' => 'adminadmin', + } - it { should contain_file('/etc/rundeck/ssl').with({ 'ensure' => 'directory'}) } - it { should contain_file('/etc/rundeck/ssl/ssl.properties') } + it { should contain_file('/etc/rundeck/ssl').with('ensure' => 'directory') } + it { should contain_file('/etc/rundeck/ssl/ssl.properties') } - ssl_details.each do |key,value| - it { should contain_ini_setting(key).with( - 'path' => '/etc/rundeck/ssl/ssl.properties', + ssl_details.each do |key, value| + it do + should contain_ini_setting(key).with( + 'path' => '/etc/rundeck/ssl/ssl.properties', 'setting' => key, - 'value' => value - ) } + 'value' => value, + ) end end end diff --git a/spec/classes/config/global/web_spec.rb b/spec/classes/config/global/web_spec.rb index b8a10f31e..7e77774f5 100644 --- a/spec/classes/config/global/web_spec.rb +++ b/spec/classes/config/global/web_spec.rb @@ -1,12 +1,14 @@ require 'spec_helper' describe 'rundeck' do - let(:facts) {{ - :osfamily => 'RedHat', - :fqdn => 'test.example.com', - :serialnumber => 0, - :rundeck_version => '' - }} + let(:facts) do + { + :osfamily => 'RedHat', + :fqdn => 'test.example.com', + :serialnumber => 0, + :rundeck_version => '' + } + end context 'with empty params' do it 'should generate augeas resource with default security_role' do @@ -16,7 +18,7 @@ end context 'with security_role param' do - let(:params) {{ :security_role => 'superduper' }} + let(:params) { { :security_role => 'superduper' } } it 'should generate augeas resource with specified security_role' do should contain_augeas('rundeck/web.xml/security-role/role-name') \ diff --git a/spec/classes/config_spec.rb b/spec/classes/config_spec.rb index be154afef..865578e34 100644 --- a/spec/classes/config_spec.rb +++ b/spec/classes/config_spec.rb @@ -2,75 +2,77 @@ describe 'rundeck' do context 'supported operating systems' do - ['Debian','RedHat'].each do |osfamily| + %w(Debian RedHat).each do |osfamily| describe "rundeck::config class without any parameters on #{osfamily}" do - let(:facts) {{ - :osfamily => osfamily, - :serialnumber => 0, - :rundeck_version => '', - :puppetversion => '3.8.1' - }} + let(:facts) do + { + :osfamily => osfamily, + :serialnumber => 0, + :rundeck_version => '', + :puppetversion => '3.8.1' + } + end it { should contain_class('rundeck::config::global::framework') } it { should contain_class('rundeck::config::global::project') } it { should contain_class('rundeck::config::global::rundeck_config') } - it { should contain_file('/etc/rundeck').with({'ensure' => 'directory'})} + it { should contain_file('/etc/rundeck').with('ensure' => 'directory') } it { should contain_file('/etc/rundeck/jaas-auth.conf') } it 'should generate valid content for jaas-auth.conf' do content = catalogue.resource('file', '/etc/rundeck/jaas-auth.conf')[:content] - content.should include('PropertyFileLoginModule') - content.should include('/etc/rundeck/realm.properties') + expect(content).to include('PropertyFileLoginModule') + expect(content).to include('/etc/rundeck/realm.properties') end it { should contain_file('/etc/rundeck/realm.properties') } it 'should generate valid content for realm.properties' do content = catalogue.resource('file', '/etc/rundeck/realm.properties')[:content] - content.should include('admin:admin,user,admin,architect,deploy,build') + expect(content).to include('admin:admin,user,admin,architect,deploy,build') end it { should contain_file('/etc/rundeck/log4j.properties') } it 'should generate valid content for log4j.propertiess' do content = catalogue.resource('file', '/etc/rundeck/log4j.properties')[:content] - content.should include('log4j.appender.server-logger.file=/var/log/rundeck/rundeck.log') + expect(content).to include('log4j.appender.server-logger.file=/var/log/rundeck/rundeck.log') end it { should contain_file('/etc/rundeck/profile') } it 'should generate valid content for profile' do content = catalogue.resource('file', '/etc/rundeck/profile')[:content] - content.should include('-Drdeck.base=/var/lib/rundeck') - content.should include('-Drundeck.server.configDir=/etc/rundeck') - content.should include('-Dserver.datastore.path=/var/lib/rundeck/data') - content.should include('-Drundeck.server.serverDir=/var/lib/rundeck') - content.should include('-Drdeck.projects=/var/lib/rundeck/projects') - content.should include('-Drdeck.runlogs=/var/lib/rundeck/logs') - content.should include('-Drundeck.config.location=/etc/rundeck/rundeck-config.groovy') - content.should include('-Djava.security.auth.login.config=/etc/rundeck/jaas-auth.conf') - content.should include('-Dloginmodule.name=authentication') - content.should include('RDECK_JVM="$RDECK_JVM -Xmx1024m -Xms256m -server"') + expect(content).to include('-Drdeck.base=/var/lib/rundeck') + expect(content).to include('-Drundeck.server.configDir=/etc/rundeck') + expect(content).to include('-Dserver.datastore.path=/var/lib/rundeck/data') + expect(content).to include('-Drundeck.server.serverDir=/var/lib/rundeck') + expect(content).to include('-Drdeck.projects=/var/lib/rundeck/projects') + expect(content).to include('-Drdeck.runlogs=/var/lib/rundeck/logs') + expect(content).to include('-Drundeck.config.location=/etc/rundeck/rundeck-config.groovy') + expect(content).to include('-Djava.security.auth.login.config=/etc/rundeck/jaas-auth.conf') + expect(content).to include('-Dloginmodule.name=authentication') + expect(content).to include('RDECK_JVM="$RDECK_JVM -Xmx1024m -Xms256m -server"') end - it { should contain_rundeck__config__aclpolicyfile('admin') } it { should contain_rundeck__config__aclpolicyfile('apitoken') } - end end describe 'rundeck::config with jvm_args set' do jvm_args = '-Dserver.http.port=8008 -Xms2048m -Xmx2048m -server' - let(:facts) {{ - :osfamily => 'RedHat', - :serialnumber => 0, - :rundeck_version => '', - :puppetversion => '3.8.1' - }} - let(:params) {{ :jvm_args => jvm_args }} + let(:facts) do + { + :osfamily => 'RedHat', + :serialnumber => 0, + :rundeck_version => '', + :puppetversion => '3.8.1', + } + end + let(:params) { { :jvm_args => jvm_args } } it { should contain_file('/etc/rundeck/profile') } it 'should generate valid content for profile' do content = catalogue.resource('file', '/etc/rundeck/profile')[:content] - content.should include("RDECK_JVM=\"$RDECK_JVM #{jvm_args}\"") + expect(content).to include("RDECK_JVM=\"$RDECK_JVM #{jvm_args}\"") end end end diff --git a/spec/classes/install_spec.rb b/spec/classes/install_spec.rb index 3b52349bd..cf7ac10cc 100644 --- a/spec/classes/install_spec.rb +++ b/spec/classes/install_spec.rb @@ -2,15 +2,17 @@ describe 'rundeck' do context 'supported operating systems' do - ['Debian','RedHat'].each do |osfamily| + %w(Debian RedHat).each do |osfamily| describe "rundeck class without any parameters on #{osfamily}" do - let(:params) {{ }} - let(:facts) {{ - :osfamily => osfamily, - :serialnumber => 0, - :rundeck_version => '', - :puppetversion => '3.8.1' - }} + let(:params) { {} } + let(:facts) do + { + :osfamily => osfamily, + :serialnumber => 0, + :rundeck_version => '', + :puppetversion => '3.8.1', + } + end plugin_dir = '/var/lib/rundeck/libext' if osfamily.eql?('RedHat') @@ -21,47 +23,65 @@ it { should_not contain_yumrepo('bintray-rundeck') } end - it { should contain_file('/var/lib/rundeck').with( - 'ensure' => 'directory' - )} + it do + should contain_file('/var/lib/rundeck').with( + 'ensure' => 'directory', + ) + end - it { should contain_file(plugin_dir).with( - 'ensure' => 'directory' - ) } + it do + should contain_file(plugin_dir).with( + 'ensure' => 'directory', + ) + end - it { should contain_user('rundeck').with( - 'ensure' => 'present' - )} - end + it do + should contain_user('rundeck').with( + 'ensure' => 'present', + ) + end + end end end describe 'different user and group' do - let(:params) {{ - :user => 'A1234', - :group => 'A1234' - }} - let(:facts) {{ - :osfamily => 'Debian', - :serialnumber => 0, - :rundeck_version => '', - :puppetversion => '3.8.1' - }} + let(:params) do + { + :user => 'A1234', + :group => 'A1234', + } + end + let(:facts) do + { + :osfamily => 'Debian', + :serialnumber => 0, + :rundeck_version => '', + :puppetversion => '3.8.1', + } + end - it { should contain_group('A1234').with( - 'ensure' => 'present' - )} + it do + should contain_group('A1234').with( + 'ensure' => 'present', + ) + end - it { should contain_group('rundeck').with( - 'ensure' => 'absent' - )} + it do + should contain_group('rundeck').with( + 'ensure' => 'absent', + ) + end - it { should contain_user('A1234').with( - 'ensure' => 'present' - )} + it do + should contain_user('A1234').with( + 'ensure' => 'present', + ) + end - it { should contain_user('rundeck').with( - 'ensure' => 'absent' - )} + it do + should contain_user('rundeck').with( + 'ensure' => 'absent', + ) + end end end diff --git a/spec/classes/rundeck_spec.rb b/spec/classes/rundeck_spec.rb index 548083b8c..af00c0775 100644 --- a/spec/classes/rundeck_spec.rb +++ b/spec/classes/rundeck_spec.rb @@ -2,15 +2,17 @@ describe 'rundeck' do context 'supported operating systems' do - ['Debian','RedHat'].each do |osfamily| + %w(Debian RedHat).each do |osfamily| describe "rundeck class without any parameters on #{osfamily}" do - let(:params) {{ }} - let(:facts) {{ - :osfamily => osfamily, - :serialnumber => 0, - :rundeck_version => '', - :puppetversion => '3.8.1' - }} + let(:params) { {} } + let(:facts) do + { + :osfamily => osfamily, + :serialnumber => 0, + :rundeck_version => '', + :puppetversion => '3.8.1', + } + end it { should compile } it { should contain_class('rundeck::params') } @@ -18,68 +20,75 @@ it { should contain_class('rundeck::config') } it { should contain_class('rundeck::service').that_comes_before('rundeck') } it { should contain_class('rundeck').that_requires('rundeck::service') } - end end end context 'unsupported operating system' do describe 'rundeck class without any parameters on Solaris/Nexenta' do - let(:facts) {{ - :osfamily => 'Solaris', - :operatingsystem => 'Nexenta', - :serialnumber => 0, - :rundeck_version => '', - :puppetversion => '3.8.1' - }} + let(:facts) do + { + :osfamily => 'Solaris', + :operatingsystem => 'Nexenta', + :serialnumber => 0, + :rundeck_version => '', + :puppetversion => '3.8.1', + } + end it { expect { should contain_package('rundeck') }.to raise_error(Puppet::Error, /Nexenta not supported/) } end end context 'non-platform-specific config parameters' do - let(:facts) {{ - :osfamily => 'RedHat', - :serialnumber => 0, - :rundeck_version => '', - :puppetversion => '3.8.1' - }} + let(:facts) do + { + :osfamily => 'RedHat', + :serialnumber => 0, + :rundeck_version => '', + :puppetversion => '3.8.1', + } + end # auth_config cannot be passed as a parameter to rundeck::config :-( # so we have to test it here describe 'setting auth_config ldap roleUsernameMemberAttribute' do - let(:params) {{ - :auth_types => [ 'ldap' ], - :auth_config => { - 'ldap' => { - 'role_username_member_attribute' => 'memberUid' - } + let(:params) do + { + :auth_types => ['ldap'], + :auth_config => { + 'ldap' => { + 'role_username_member_attribute' => 'memberUid', + }, + }, } - }} + end it { should contain_file('/etc/rundeck/jaas-auth.conf') } it 'should generate valid content for jaas-auth.conf' do content = catalogue.resource('file', '/etc/rundeck/jaas-auth.conf')[:content] - content.should include('roleUsernameMemberAttribute="memberUid"') - content.should_not include('roleMemberAttribute') + expect(content).to include('roleUsernameMemberAttribute="memberUid"') + expect(content).to_not include('roleMemberAttribute') end end describe 'setting auth_config ldap url' do - let(:params) {{ - :auth_types => ['ldap'], - :auth_config => { - 'ldap' => { - 'url' => 'ldaps://myrealldap.example.com', - 'server' => 'fakeldap', - 'port' => '983', - } + let(:params) do + { + :auth_types => ['ldap'], + :auth_config => { + 'ldap' => { + 'url' => 'ldaps://myrealldap.example.com', + 'server' => 'fakeldap', + 'port' => '983', + }, + }, } - }} + end it { should contain_file('/etc/rundeck/jaas-auth.conf') } it 'should generate valid content for jaas-auth.conf' do content = catalogue.resource('file', '/etc/rundeck/jaas-auth.conf')[:content] - content.should include('providerUrl="ldaps://myrealldap.example.com"') - content.should_not include('providerUrl="ldap://fakeldap:983"') + expect(content).to include('providerUrl="ldaps://myrealldap.example.com"') + expect(content).to_not include('providerUrl="ldap://fakeldap:983"') end end end diff --git a/spec/classes/service_spec.rb b/spec/classes/service_spec.rb index dc952deff..6fe111ed5 100644 --- a/spec/classes/service_spec.rb +++ b/spec/classes/service_spec.rb @@ -2,15 +2,17 @@ describe 'rundeck' do context 'supported operating systems' do - ['Debian','RedHat'].each do |osfamily| + %w(Debian RedHat).each do |osfamily| describe "rundeck class without any parameters on #{osfamily}" do - let(:params) {{ }} - let(:facts) {{ - :osfamily => osfamily, - :serialnumber => 0, - :rundeck_version => '', - :puppetversion => '3.8.1' - }} + let(:params) { {} } + let(:facts) do + { + :osfamily => osfamily, + :serialnumber => 0, + :rundeck_version => '', + :puppetversion => '3.8.1', + } + end it { should contain_service('rundeckd') } end end diff --git a/spec/defines/config/aclpolicyfile_spec.rb b/spec/defines/config/aclpolicyfile_spec.rb index 706a622af..5e4d2b57a 100644 --- a/spec/defines/config/aclpolicyfile_spec.rb +++ b/spec/defines/config/aclpolicyfile_spec.rb @@ -1,7 +1,6 @@ require 'spec_helper' describe 'rundeck::config::aclpolicyfile', :type => :define do - test_policies = [ { 'description' => 'Admin, all access', @@ -10,11 +9,11 @@ }, 'for' => { 'resource' => [ - { 'equals' => {'kind' => 'job'}, 'allow' => ['create'] } + { 'equals' => { 'kind' => 'job' }, 'allow' => ['create'] } ] - }, + }, 'by' => [ - {'group' => ['admin']}, + { 'group' => ['admin'] }, ] }, { @@ -24,42 +23,45 @@ }, 'for' => { 'resource' => [ - { 'equals' => {'kind' => 'project'}, 'allow' => ['create'] } + { 'equals' => { 'kind' => 'project' }, 'allow' => ['create'] } ] }, 'by' => [ - {'groups' => ['admin']}, + { 'groups' => ['admin'] }, ] } ] context 'default parameters' do let(:title) { 'defaultPolicy' } - let(:params) {{ - :acl_policies => test_policies - }} + let(:params) do + { + :acl_policies => test_policies + } + end - it { should contain_file('/etc/rundeck/defaultPolicy.aclpolicy').with({ - 'owner' => 'rundeck', - 'group' => 'rundeck', - 'mode' => '0640', - })} + it do + should contain_file('/etc/rundeck/defaultPolicy.aclpolicy').with('owner' => 'rundeck', + 'group' => 'rundeck', + 'mode' => '0640',) + end end context 'custom parameters' do let(:title) { 'myPolicy' } - let(:params) {{ - :acl_policies => test_policies, - :properties_dir => '/etc/rundeck-acl', - :owner => 'myUser', - :group => 'myGroup', - }} + let(:params) do + { + :acl_policies => test_policies, + :properties_dir => '/etc/rundeck-acl', + :owner => 'myUser', + :group => 'myGroup', + } + end - it { should contain_file('/etc/rundeck-acl/myPolicy.aclpolicy').with({ - 'owner' => 'myUser', - 'group' => 'myGroup', - 'mode' => '0640', - })} + it do + should contain_file('/etc/rundeck-acl/myPolicy.aclpolicy').with('owner' => 'myUser', + 'group' => 'myGroup', + 'mode' => '0640',) + end end end - diff --git a/spec/defines/config/plugin_spec.rb b/spec/defines/config/plugin_spec.rb index 6cdd5458e..657382537 100644 --- a/spec/defines/config/plugin_spec.rb +++ b/spec/defines/config/plugin_spec.rb @@ -2,32 +2,41 @@ describe 'rundeck::config::plugin', :type => :define do context 'supported operating systems' do - ['Debian','RedHat'].each do |osfamily| + %w(Debian RedHat).each do |osfamily| describe "rundeck::config::plugin definition without any parameters on #{osfamily}" do name = 'rundeck-hipchat-plugin-1.0.0.jar' source = 'http://search.maven.org/remotecontent?filepath=com/hbakkum/rundeck/plugins/rundeck-hipchat-plugin/1.0.0/rundeck-hipchat-plugin-1.0.0.jar' plugin_dir = '/var/lib/rundeck/libext' let(:title) { name } - let(:params) {{ - 'source' => source - }} - - let(:facts) {{ - :osfamily => 'Debian', - :serialnumber => 0, - :rundeck_version => '' - }} - - it { should contain_archive("download plugin #{name}").with( - 'source' => 'http://search.maven.org/remotecontent?filepath=com/hbakkum/rundeck/plugins/rundeck-hipchat-plugin/1.0.0/rundeck-hipchat-plugin-1.0.0.jar' - ) } - - it { should contain_file("#{plugin_dir}/#{name}").with( - 'mode' => '0644', - 'owner' => 'rundeck', - 'group' => 'rundeck' - )} + let(:params) do + { + 'source' => source + } + end + + let(:facts) do + { + :osfamily => 'Debian', + :serialnumber => 0, + :rundeck_version => '', + :puppetversion => Puppet.version, + } + end + + it do + should contain_archive("download plugin #{name}").with( + 'source' => 'http://search.maven.org/remotecontent?filepath=com/hbakkum/rundeck/plugins/rundeck-hipchat-plugin/1.0.0/rundeck-hipchat-plugin-1.0.0.jar' + ) + end + + it do + should contain_file("#{plugin_dir}/#{name}").with( + 'mode' => '0644', + 'owner' => 'rundeck', + 'group' => 'rundeck' + ) + end end describe "rundeck::config::plugin definition with ensure set to absent on #{osfamily}" do @@ -36,21 +45,27 @@ plugin_dir = '/var/lib/rundeck/libext' let(:title) { name } - let(:params) {{ - 'source' => source, - 'ensure' => 'absent' - }} - - let(:facts) {{ - :osfamily => 'Debian', - :serialnumber => 0, - :rundeck_version => '' - }} - - it { should contain_file("#{plugin_dir}/#{name}").with( - 'ensure' => 'absent' + let(:params) do + { + 'source' => source, + 'ensure' => 'absent' + } + end + + let(:facts) do + { + :osfamily => 'Debian', + :serialnumber => 0, + :rundeck_version => '', + :puppetversion => Puppet.version, + } + end + + it do + should contain_file("#{plugin_dir}/#{name}").with( + 'ensure' => 'absent' ) - } + end end end end diff --git a/spec/defines/config/project_spec.rb b/spec/defines/config/project_spec.rb index b7c938a6d..f27d31e1b 100644 --- a/spec/defines/config/project_spec.rb +++ b/spec/defines/config/project_spec.rb @@ -2,36 +2,45 @@ describe 'rundeck::config::project', :type => :define do context 'supported operating systems' do - ['Debian','RedHat'].each do |osfamily| + %w(Debian RedHat).each do |osfamily| describe "rundeck::config::project definition without any parameters on #{osfamily}" do projects_dir = '/var/rundeck/projects' let(:title) { 'test' } - let(:params) {{ - :framework_config => { - 'framework.projects.dir' => projects_dir, - 'framework.ssh.keypath' => '/var/lib/rundeck/.ssh/id_rsa' - }, - :file_copier_provider => 'jsch-scp', - :resource_sources => {}, - :node_executor_provider => 'jsch-ssh', - :user => 'rundedck', - :group => 'rundeck' - }} - - let(:facts) {{ - :osfamily => osfamily, - :serialnumber => 0, - :rundeck_version => '' - }} - - it { should contain_file("#{projects_dir}/test/var").with( - 'ensure' => 'directory' - ) } - - it { should contain_file("#{projects_dir}/test/etc").with( - 'ensure' => 'directory' - ) } + let(:params) do + { + :framework_config => { + 'framework.projects.dir' => projects_dir, + 'framework.ssh.keypath' => '/var/lib/rundeck/.ssh/id_rsa' + }, + :file_copier_provider => 'jsch-scp', + :resource_sources => {}, + :node_executor_provider => 'jsch-ssh', + :user => 'rundedck', + :group => 'rundeck' + } + end + + let(:facts) do + { + :osfamily => osfamily, + :serialnumber => 0, + :rundeck_version => '', + :puppetversion => Puppet.version, + } + end + + it do + should contain_file("#{projects_dir}/test/var").with( + 'ensure' => 'directory' + ) + end + + it do + should contain_file("#{projects_dir}/test/etc").with( + 'ensure' => 'directory' + ) + end it { should contain_file("#{projects_dir}/test/etc/project.properties") } @@ -43,12 +52,14 @@ 'service.FileCopier.default.provider' => 'jsch-scp' } - project_details.each do |key,value| - it { should contain_ini_setting("test::#{key}").with( - 'path' => '/var/rundeck/projects/test/etc/project.properties', - 'setting' => key, - 'value' => value - ) } + project_details.each do |key, value| + it do + should contain_ini_setting("test::#{key}").with( + 'path' => '/var/rundeck/projects/test/etc/project.properties', + 'setting' => key, + 'value' => value + ) + end end end end diff --git a/spec/defines/config/resource_source_spec.rb b/spec/defines/config/resource_source_spec.rb index c44784bc1..6eacf7e66 100644 --- a/spec/defines/config/resource_source_spec.rb +++ b/spec/defines/config/resource_source_spec.rb @@ -2,20 +2,25 @@ describe 'rundeck::config::resource_source', :type => :define do context 'supported operating systems' do - ['Debian','RedHat'].each do |osfamily| + %w(Debian RedHat).each do |osfamily| describe "rundeck::config::resource_source definition with default parameters on #{osfamily}" do let(:title) { 'source one' } - let(:params) {{ - 'project_name' => 'test', - 'source_type' => 'file', - 'include_server_node' => false, - 'resource_format' => 'resourcexml', - }} - let(:facts) {{ - :osfamily => osfamily, - :serialnumber => 0, - :rundeck_version => '' - }} + let(:params) do + { + 'project_name' => 'test', + 'source_type' => 'file', + 'include_server_node' => false, + 'resource_format' => 'resourcexml', + } + end + let(:facts) do + { + :osfamily => osfamily, + :serialnumber => 0, + :rundeck_version => '', + :puppetversion => Puppet.version, + } + end file_details = { 'resources.source.1.config.requireFileExists' => 'true', @@ -26,36 +31,43 @@ 'resources.source.1.type' => 'file' } - file_details.each do |key,value| - it { should contain_ini_setting("source one::#{key}").with( - 'path' => '/var/lib/rundeck/projects/test/etc/project.properties', - 'setting' => key, - 'value' => value - ) } + file_details.each do |key, value| + it do + should contain_ini_setting("source one::#{key}").with( + 'path' => '/var/lib/rundeck/projects/test/etc/project.properties', + 'setting' => key, + 'value' => value + ) + end end it do should contain_file('/var/lib/rundeck/projects/test').with( 'owner' => 'rundeck', 'group' => 'rundeck' - ) + ) end end describe "rundeck::config::resource_source definition with url parameters on #{osfamily}" do let(:title) { 'source one' } - let(:params) {{ + let(:params) do + { 'project_name' => 'test', 'source_type' => 'url', 'url' => 'http\://localhost\:9999', 'include_server_node' => true, 'url_cache' => true, 'url_timeout' => '30', - }} - let(:facts) {{ - :osfamily => osfamily, - :serialnumber => 0 - }} + } + end + let(:facts) do + { + :osfamily => osfamily, + :serialnumber => 0, + :puppetversion => Puppet.version, + } + end url_details = { 'resources.source.1.config.url' => 'http\://localhost\:9999', @@ -64,46 +76,56 @@ 'resources.source.1.type' => 'url' } - url_details.each do |key,value| - it { should contain_ini_setting("source one::#{key}").with( - 'path' => '/var/lib/rundeck/projects/test/etc/project.properties', - 'setting' => key, - 'value' => value - ) } + url_details.each do |key, value| + it do + should contain_ini_setting("source one::#{key}").with( + 'path' => '/var/lib/rundeck/projects/test/etc/project.properties', + 'setting' => key, + 'value' => value + ) + end end end describe "rundeck::config::resource definition with directory parameters on #{osfamily}" do let(:title) { 'source one' } - let(:params) {{ + let(:params) do + { 'project_name' => 'test', 'source_type' => 'directory', 'directory' => '/fubar/resources', 'include_server_node' => true, - }} - let(:facts) {{ - :osfamily => osfamily, - :serialnumber => 0, - :rundeck_version => '' - }} + } + end + let(:facts) do + { + :osfamily => osfamily, + :serialnumber => 0, + :rundeck_version => '', + :puppetversion => Puppet.version, + } + end directory_details = { 'resources.source.1.config.directory' => '/fubar/resources', 'resources.source.1.type' => 'directory' } - directory_details.each do |key,value| - it { should contain_ini_setting("source one::#{key}").with( - 'path' => '/var/lib/rundeck/projects/test/etc/project.properties', - 'setting' => key, - 'value' => value - ) } + directory_details.each do |key, value| + it do + should contain_ini_setting("source one::#{key}").with( + 'path' => '/var/lib/rundeck/projects/test/etc/project.properties', + 'setting' => key, + 'value' => value + ) + end end end describe "rundeck::config::resource definition with script parameters on #{osfamily}" do let(:title) { 'source one' } - let(:params) {{ + let(:params) do + { 'project_name' => 'test', 'source_type' => 'script', 'script_file' => '/fubar/test.sh', @@ -112,13 +134,16 @@ 'resource_format' => 'resourcexml', 'script_args_quoted' => true, 'script_interpreter' => '/bin/bash', - }} - let(:facts) {{ - :osfamily => osfamily, - :serialnumber => 0, - :rundeck_version => '' - }} - + } + end + let(:facts) do + { + :osfamily => osfamily, + :serialnumber => 0, + :rundeck_version => '', + :puppetversion => Puppet.version, + } + end script_details = { 'resources.source.1.config.file' => '/fubar/test.sh', @@ -129,12 +154,14 @@ 'resources.source.1.type' => 'script' } - script_details.each do |key,value| - it { should contain_ini_setting("source one::#{key}").with( - 'path' => '/var/lib/rundeck/projects/test/etc/project.properties', - 'setting' => key, - 'value' => value - ) } + script_details.each do |key, value| + it do + should contain_ini_setting("source one::#{key}").with( + 'path' => '/var/lib/rundeck/projects/test/etc/project.properties', + 'setting' => key, + 'value' => value + ) + end end end end diff --git a/spec/functions/validate_rd_policy/application_spec.rb b/spec/functions/validate_rd_policy/application_spec.rb index ea71ec8d4..8b3065596 100644 --- a/spec/functions/validate_rd_policy/application_spec.rb +++ b/spec/functions/validate_rd_policy/application_spec.rb @@ -1,7 +1,6 @@ require 'spec_helper' describe 'validate_rd_policy' do - describe 'application policy' do describe 'valid policy' do test_policy = { @@ -15,7 +14,7 @@ ], }, 'by' => [{ - 'group' => ['admin'], + 'group' => ['admin'], }] } @@ -23,500 +22,498 @@ end describe 'invalid policy' do - it { is_expected.to run.with_params({}).and_raise_error(Puppet::ParseError, //)} - - context "description" do - it { is_expected.to run.with_params({ - 'context' => { - 'application' => 'rundeck' - } - }).and_raise_error(Puppet::ParseError, 'The policy is invalid - description is not a String')} - - it { is_expected.to run.with_params({ - 'description' => {} - }).and_raise_error(Puppet::ParseError, 'The policy is invalid - description is not a String')} + it { is_expected.to run.with_params({}).and_raise_error(Puppet::ParseError, //) } + + context 'description' do + it do + is_expected.to run.with_params('context' => { + 'application' => 'rundeck' + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - description is not a String') + end + + it do + is_expected.to run.with_params('description' => {}).and_raise_error(Puppet::ParseError, 'The policy is invalid - description is not a String') + end + end + + context 'context' do + it do + is_expected.to run.with_params('description' => 'test').and_raise_error(Puppet::ParseError, 'The policy is invalid - context is not a Hash') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => {}).and_raise_error(Puppet::ParseError, 'The policy is invalid - context is empty') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => '').and_raise_error(Puppet::ParseError, 'The policy is invalid - context is not a Hash') + end + end + + context 'context:application' do + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'fubar' => '' + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - context can only be project or application') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'application' => {} + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - context:application is not a String') + end + end + + context 'for' do + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'application' => 'rundeck' + }, + 'for' => '').and_raise_error(Puppet::ParseError, 'The policy is invalid - for is not a Hash') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'application' => 'rundeck' + }, + 'for' => {}).and_raise_error(Puppet::ParseError, 'The policy is invalid - for is empty') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'application' => 'rundeck' + }, + 'for' => { + 'fubar' => {} + }).and_raise_error(Puppet::ParseError, "The policy is invalid - for section must only contain ['resource', 'project', 'storage']") + end + end + context 'for:resource' do + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'application' => 'rundeck' + }, + 'for' => { + 'resource' => '' + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:resource is not an Array') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'application' => 'rundeck' + }, + 'for' => { + 'resource' => {} + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:resource is not an Array') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'application' => 'rundeck' + }, + 'for' => { + 'resource' => [] + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:resource is empty') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'application' => 'rundeck' + }, + 'for' => { + 'resource' => [{}] + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:resource does not contain a rule action of [allow,deny]') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'application' => 'rundeck' + }, + 'for' => { + 'resource' => [ + { 'equals' => { 'kind' => 'job' }, 'allow' => ['admin'] }, + '' + ] + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:resource entry is not a Hash') + end end - context "context" do - it { is_expected.to run.with_params({ - 'description' => 'test' - }).and_raise_error(Puppet::ParseError, 'The policy is invalid - context is not a Hash')} + context 'for:resource rules' do + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'application' => 'rundeck' + }, + 'for' => { + 'resource' => [ + { 'equals' => { 'kind' => 'job' }, 'fubar' => ['admin'] }, + ] + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:resource does not contain a rule action of [allow,deny]') + end + end - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => {} - }).and_raise_error(Puppet::ParseError, 'The policy is invalid - context is empty')} + context 'for:resource matching' do + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'application' => 'rundeck' + }, + 'for' => { + 'resource' => [ + { 'fubar' => { 'kind' => 'job' }, 'deny' => ['admin'] }, + ] + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:resource does not contain a matching statement of [match,equals,contains]') + end + end - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => '' - }).and_raise_error(Puppet::ParseError, 'The policy is invalid - context is not a Hash')} + context 'for:resource kind:project' do + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'application' => 'rundeck' + }, + 'for' => { + 'resource' => [ + { 'equals' => { 'kind' => 'project' }, 'allow' => ['x'] }, + ] + }, + 'by' => [{ 'group' => 'admins' }]).and_raise_error(Puppet::ParseError, /^The policy is invalid - for:resource kind:project can only contain actions/) + end end - context "context:application" do - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'fubar' => '' - } - }).and_raise_error(Puppet::ParseError, 'The policy is invalid - context can only be project or application')} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'application' => {} - } - }).and_raise_error(Puppet::ParseError, 'The policy is invalid - context:application is not a String')} + context 'for:resource kind:system' do + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'application' => 'rundeck' + }, + 'for' => { + 'resource' => [ + { 'equals' => { 'kind' => 'system' }, 'allow' => ['x'] }, + ] + }, + 'by' => [{ 'group' => 'admins' }]).and_raise_error(Puppet::ParseError, /^The policy is invalid - for:resource kind:system can only contain actions/) + end end - - context "for" do - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'application' => 'rundeck' - }, - 'for' => '' - }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for is not a Hash')} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'application' => 'rundeck' - }, - 'for' => {} - }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for is empty')} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'application' => 'rundeck' - }, - 'for' => { - 'fubar' => {} - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for section must only contain ['resource', 'project', 'storage']")} + + context 'for:resource kind:user' do + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'application' => 'rundeck' + }, + 'for' => { + 'resource' => [ + { 'equals' => { 'kind' => 'user' }, 'allow' => ['x'] }, + ] + }).and_raise_error(Puppet::ParseError, /^The policy is invalid - for:resource kind:user can only contain actions/) + end end - context "for:resource" do - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'application' => 'rundeck' - }, - 'for' => { - 'resource' => '' - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:resource is not an Array")} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'application' => 'rundeck' - }, - 'for' => { - 'resource' => {} - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:resource is not an Array")} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'application' => 'rundeck' - }, - 'for' => { - 'resource' => [] - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:resource is empty")} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'application' => 'rundeck' - }, - 'for' => { - 'resource' => [{}] - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:resource does not contain a rule action of [allow,deny]")} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'application' => 'rundeck' - }, - 'for' => { - 'resource' => [ - { 'equals' => { 'kind' => 'job' }, 'allow' => ['admin'] }, - '' - ] - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:resource entry is not a Hash")} - end - - context "for:resource rules" do - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'application' => 'rundeck' - }, - 'for' => { - 'resource' => [ - { 'equals' => { 'kind' => 'job' }, 'fubar' => ['admin'] }, - ] - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:resource does not contain a rule action of [allow,deny]")} - end - - context "for:resource matching" do - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'application' => 'rundeck' - }, - 'for' => { - 'resource' => [ - { 'fubar' => { 'kind' => 'job' }, 'deny' => ['admin'] }, - ] - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:resource does not contain a matching statement of [match,equals,contains]")} - end - - context "for:resource kind:project" do - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'application' => 'rundeck' - }, - 'for' => { - 'resource' => [ - { 'equals' => { 'kind' => 'project' }, 'allow' => ['x'] }, - ] - }, - 'by' => [{'group'=>'admins'}] - }).and_raise_error(Puppet::ParseError, /^The policy is invalid - for:resource kind:project can only contain actions/) } - end - - context "for:resource kind:system" do - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'application' => 'rundeck' - }, - 'for' => { - 'resource' => [ - { 'equals' => { 'kind' => 'system' }, 'allow' => ['x'] }, - ] - }, - 'by' => [{'group'=>'admins'}] - }).and_raise_error(Puppet::ParseError, /^The policy is invalid - for:resource kind:system can only contain actions/) } - end - - context "for:resource kind:user" do - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'application' => 'rundeck' - }, - 'for' => { - 'resource' => [ - { 'equals' => { 'kind' => 'user' }, 'allow' => ['x'] }, - ] - } - }).and_raise_error(Puppet::ParseError, /^The policy is invalid - for:resource kind:user can only contain actions/) } - end - - context "for:resource kind:job" do - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'application' => 'rundeck' - }, - 'for' => { - 'resource' => [ - { 'equals' => { 'kind' => 'job' }, 'allow' => ['x'] }, - ] - } - }).and_raise_error(Puppet::ParseError, /^The policy is invalid - for:resource kind:job can only contain actions/) } - end - - context "for:project" do - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'application' => 'rundeck' - }, - 'for' => { - 'project' => '' - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:project is not an Array")} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'application' => 'rundeck' - }, - 'for' => { - 'project' => {} - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:project is not an Array")} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'application' => 'rundeck' - }, - 'for' => { - 'project' => [] - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:project is empty")} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'application' => 'rundeck' - }, - 'for' => { - 'project' => [{}] - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:project does not contain a rule action of [allow,deny]")} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'application' => 'rundeck' - }, - 'for' => { - 'project' => [ - { 'allow' => ['create'] }, - '' - ] - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:project entry is not a Hash")} - end - - context "for:project rules" do - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'application' => 'rundeck' - }, - 'for' => { - 'project' => [ - { 'equals' => { 'name' => 'test' }, 'fubar' => ['read'] }, - ] - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:project does not contain a rule action of [allow,deny]")} - end - - context "for:project matching" do - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'application' => 'rundeck' - }, - 'for' => { - 'project' => [ - { 'fubar' => { 'name' => 'test' }, 'deny' => ['read'] }, - ] - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:project does not contain a matching statement of [match,equals,contains]")} - end - - context "for:project property:name" do - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'application' => 'rundeck' - }, - 'for' => { - 'project' => [ - { 'equals' => { 'name' => 'test' }, 'allow' => ['x'] }, - ] - }, - 'by' => [{'group' => 'admins'}] - }).and_raise_error(Puppet::ParseError, /^The policy is invalid - for:project name can only contain actions/) } - end - - context "for:storage" do - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'application' => 'rundeck' - }, - 'for' => { - 'storage' => '' - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:storage is not an Array")} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'application' => 'rundeck' - }, - 'for' => { - 'storage' => {} - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:storage is not an Array")} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'application' => 'rundeck' - }, - 'for' => { - 'storage' => [] - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:storage is empty")} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'application' => 'rundeck' - }, - 'for' => { - 'storage' => [{}] - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:storage does not contain a rule action of [allow,deny]")} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'application' => 'rundeck' - }, - 'for' => { - 'storage' => [ - { 'allow' => ['create'] }, - '' - ] - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:storage entry is not a Hash")} - end - - context "for:storage rules" do - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'application' => 'rundeck' - }, - 'for' => { - 'storage' => [ - { 'equals' => { 'name' => 'test' }, 'fubar' => ['read'] }, - ] - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:storage does not contain a rule action of [allow,deny]")} - end - - context "for:storage matching" do - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'application' => 'rundeck' - }, - 'for' => { - 'storage' => [ - { 'fubar' => { 'name' => 'test' }, 'deny' => ['read'] }, - ] - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:storage does not contain a matching statement of [match,equals,contains]")} - end - - context "for:storage property:name" do - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'application' => 'rundeck' - }, - 'for' => { - 'storage' => [ - { 'equals' => { 'name' => 'test' }, 'allow' => ['x'] }, - ] - }, - 'by' => [{'group' => 'admins'}] - }).and_raise_error(Puppet::ParseError, /^The policy is invalid - for:storage name can only contain actions/) } - end - - context "for:storage property:path" do - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'application' => 'rundeck' - }, - 'for' => { - 'storage' => [ - { 'equals' => { 'path' => 'test' }, 'allow' => ['x'] }, - ] - }, - 'by' => [{'group' => 'admins'}] - }).and_raise_error(Puppet::ParseError, /^The policy is invalid - for:storage path can only contain actions/) } - end - - context "by" do - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'application' => 'rundeck' - }, - 'for' => { - 'project' => [ - { 'equals' => {'name' => 'test' }, 'allow' => ['read'] } - ] - }, - 'by' => '' - }).and_raise_error(Puppet::ParseError, "The policy is invalid - by is not an Array")} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'application' => 'rundeck' - }, - 'for' => { - 'project' => [ - { 'equals' => {'name' => 'test' }, 'allow' => ['read'] } - ] - }, - 'by' => {} - }).and_raise_error(Puppet::ParseError, "The policy is invalid - by is not an Array")} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'application' => 'rundeck' - }, - 'for' => { - 'project' => [ - { 'equals' => {'name' => 'test' }, 'allow' => ['read'] } - ] - }, - 'by' => [] - }).and_raise_error(Puppet::ParseError, "The policy is invalid - by is empty")} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'application' => 'rundeck' - }, - 'for' => { - 'project' => [ - { 'equals' => {'name' => 'test' }, 'allow' => ['read'] } - ] - }, - 'by' => [{}] - }).and_raise_error(Puppet::ParseError, "The policy is invalid - by is empty")} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'application' => 'rundeck' - }, - 'for' => { - 'project' => [ - { 'equals' => {'name' => 'test' }, 'allow' => ['read'] } - ] - }, - 'by' => [{'username'=>'test'},''] - }).and_raise_error(Puppet::ParseError, "The policy is invalid - by: is not a Hash")} - end - - end + context 'for:resource kind:job' do + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'application' => 'rundeck' + }, + 'for' => { + 'resource' => [ + { 'equals' => { 'kind' => 'job' }, 'allow' => ['x'] }, + ] + }).and_raise_error(Puppet::ParseError, /^The policy is invalid - for:resource kind:job can only contain actions/) + end + end + + context 'for:project' do + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'application' => 'rundeck' + }, + 'for' => { + 'project' => '' + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:project is not an Array') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'application' => 'rundeck' + }, + 'for' => { + 'project' => {} + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:project is not an Array') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'application' => 'rundeck' + }, + 'for' => { + 'project' => [] + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:project is empty') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'application' => 'rundeck' + }, + 'for' => { + 'project' => [{}] + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:project does not contain a rule action of [allow,deny]') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'application' => 'rundeck' + }, + 'for' => { + 'project' => [ + { 'allow' => ['create'] }, + '' + ] + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:project entry is not a Hash') + end + end + + context 'for:project rules' do + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'application' => 'rundeck' + }, + 'for' => { + 'project' => [ + { 'equals' => { 'name' => 'test' }, 'fubar' => ['read'] }, + ] + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:project does not contain a rule action of [allow,deny]') + end + end + + context 'for:project matching' do + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'application' => 'rundeck' + }, + 'for' => { + 'project' => [ + { 'fubar' => { 'name' => 'test' }, 'deny' => ['read'] }, + ] + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:project does not contain a matching statement of [match,equals,contains]') + end + end + + context 'for:project property:name' do + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'application' => 'rundeck' + }, + 'for' => { + 'project' => [ + { 'equals' => { 'name' => 'test' }, 'allow' => ['x'] }, + ] + }, + 'by' => [{ 'group' => 'admins' }]).and_raise_error(Puppet::ParseError, /^The policy is invalid - for:project name can only contain actions/) + end + end + + context 'for:storage' do + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'application' => 'rundeck' + }, + 'for' => { + 'storage' => '' + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:storage is not an Array') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'application' => 'rundeck' + }, + 'for' => { + 'storage' => {} + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:storage is not an Array') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'application' => 'rundeck' + }, + 'for' => { + 'storage' => [] + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:storage is empty') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'application' => 'rundeck' + }, + 'for' => { + 'storage' => [{}] + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:storage does not contain a rule action of [allow,deny]') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'application' => 'rundeck' + }, + 'for' => { + 'storage' => [ + { 'allow' => ['create'] }, + '' + ] + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:storage entry is not a Hash') + end + end + + context 'for:storage rules' do + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'application' => 'rundeck' + }, + 'for' => { + 'storage' => [ + { 'equals' => { 'name' => 'test' }, 'fubar' => ['read'] }, + ] + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:storage does not contain a rule action of [allow,deny]') + end + end + + context 'for:storage matching' do + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'application' => 'rundeck' + }, + 'for' => { + 'storage' => [ + { 'fubar' => { 'name' => 'test' }, 'deny' => ['read'] }, + ] + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:storage does not contain a matching statement of [match,equals,contains]') + end + end + + context 'for:storage property:name' do + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'application' => 'rundeck' + }, + 'for' => { + 'storage' => [ + { 'equals' => { 'name' => 'test' }, 'allow' => ['x'] }, + ] + }, + 'by' => [{ 'group' => 'admins' }]).and_raise_error(Puppet::ParseError, /^The policy is invalid - for:storage name can only contain actions/) + end + end + + context 'for:storage property:path' do + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'application' => 'rundeck' + }, + 'for' => { + 'storage' => [ + { 'equals' => { 'path' => 'test' }, 'allow' => ['x'] }, + ] + }, + 'by' => [{ 'group' => 'admins' }]).and_raise_error(Puppet::ParseError, /^The policy is invalid - for:storage path can only contain actions/) + end + end + + context 'by' do + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'application' => 'rundeck' + }, + 'for' => { + 'project' => [ + { 'equals' => { 'name' => 'test' }, 'allow' => ['read'] } + ] + }, + 'by' => '').and_raise_error(Puppet::ParseError, 'The policy is invalid - by is not an Array') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'application' => 'rundeck' + }, + 'for' => { + 'project' => [ + { 'equals' => { 'name' => 'test' }, 'allow' => ['read'] } + ] + }, + 'by' => {}).and_raise_error(Puppet::ParseError, 'The policy is invalid - by is not an Array') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'application' => 'rundeck' + }, + 'for' => { + 'project' => [ + { 'equals' => { 'name' => 'test' }, 'allow' => ['read'] } + ] + }, + 'by' => []).and_raise_error(Puppet::ParseError, 'The policy is invalid - by is empty') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'application' => 'rundeck' + }, + 'for' => { + 'project' => [ + { 'equals' => { 'name' => 'test' }, 'allow' => ['read'] } + ] + }, + 'by' => [{}]).and_raise_error(Puppet::ParseError, 'The policy is invalid - by is empty') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'application' => 'rundeck' + }, + 'for' => { + 'project' => [ + { 'equals' => { 'name' => 'test' }, 'allow' => ['read'] } + ] + }, + 'by' => [{ 'username' => 'test' }, '']).and_raise_error(Puppet::ParseError, 'The policy is invalid - by: is not a Hash') + end + end + end end -end \ No newline at end of file +end diff --git a/spec/functions/validate_rd_policy/project_spec.rb b/spec/functions/validate_rd_policy/project_spec.rb index 321244d92..4e5348871 100644 --- a/spec/functions/validate_rd_policy/project_spec.rb +++ b/spec/functions/validate_rd_policy/project_spec.rb @@ -1,7 +1,6 @@ require 'spec_helper' describe 'validate_rd_policy' do - describe 'project policy' do describe 'valid policy' do test_policy = { @@ -15,7 +14,7 @@ ], }, 'by' => [{ - 'group' => ['admin'], + 'group' => ['admin'], }] } @@ -23,562 +22,560 @@ end describe 'invalid policy' do - it { is_expected.to run.with_params({}).and_raise_error(Puppet::ParseError, //)} - - context "description" do - it { is_expected.to run.with_params({ - 'context' => { - 'project' => '.*' - } - }).and_raise_error(Puppet::ParseError, 'The policy is invalid - description is not a String')} - - it { is_expected.to run.with_params({ - 'description' => {} - }).and_raise_error(Puppet::ParseError, 'The policy is invalid - description is not a String')} + it { is_expected.to run.with_params({}).and_raise_error(Puppet::ParseError, //) } + + context 'description' do + it do + is_expected.to run.with_params('context' => { + 'project' => '.*' + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - description is not a String') + end + + it do + is_expected.to run.with_params('description' => {}).and_raise_error(Puppet::ParseError, 'The policy is invalid - description is not a String') + end + end + + context 'context' do + it do + is_expected.to run.with_params('description' => 'test').and_raise_error(Puppet::ParseError, 'The policy is invalid - context is not a Hash') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => {}).and_raise_error(Puppet::ParseError, 'The policy is invalid - context is empty') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => '').and_raise_error(Puppet::ParseError, 'The policy is invalid - context is not a Hash') + end + end + context 'context:project' do + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'fubar' => '' + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - context can only be project or application') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => {} + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - context:project is not a String') + end end - context "context" do - it { is_expected.to run.with_params({ - 'description' => 'test' - }).and_raise_error(Puppet::ParseError, 'The policy is invalid - context is not a Hash')} + context 'for' do + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => '').and_raise_error(Puppet::ParseError, 'The policy is invalid - for is not a Hash') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => {}).and_raise_error(Puppet::ParseError, 'The policy is invalid - for is empty') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => { + 'fubar' => {} + }).and_raise_error(Puppet::ParseError, "The policy is invalid - for section must only contain ['job', 'node', 'adhoc', 'project', 'resource']") + end + end - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => {} - }).and_raise_error(Puppet::ParseError, 'The policy is invalid - context is empty')} + context 'for:resource' do + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => { + 'resource' => '' + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:resource is not an Array') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => { + 'resource' => {} + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:resource is not an Array') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => { + 'resource' => [] + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:resource is empty') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => { + 'resource' => [{}] + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:resource does not contain a rule action of [allow,deny]') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => { + 'resource' => [ + { 'equals' => { 'kind' => 'job' }, 'allow' => ['create'] }, + '' + ] + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:resource entry is not a Hash') + end + end + + context 'for:resource rules' do + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => { + 'resource' => [ + { 'equals' => { 'kind' => 'job' }, 'fubar' => ['create'] }, + ] + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:resource does not contain a rule action of [allow,deny]') + end + end - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => '' - }).and_raise_error(Puppet::ParseError, 'The policy is invalid - context is not a Hash')} + context 'for:resource matching' do + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => { + 'resource' => [ + { 'fubar' => { 'kind' => 'job' }, 'deny' => ['create'] }, + ] + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:resource does not contain a matching statement of [match,equals,contains]') + end end - context "context:project" do - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'fubar' => '' - } - }).and_raise_error(Puppet::ParseError, 'The policy is invalid - context can only be project or application')} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => {} - } - }).and_raise_error(Puppet::ParseError, 'The policy is invalid - context:project is not a String')} + context 'for:resource kind:job' do + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => { + 'resource' => [ + { 'equals' => { 'kind' => 'job' }, 'allow' => ['x'] }, + ] + }).and_raise_error(Puppet::ParseError, /^The policy is invalid - for:resource kind:job can only contain actions/) + end end - - context "for" do - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => '' - }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for is not a Hash')} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => {} - }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for is empty')} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => { - 'fubar' => {} - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for section must only contain ['job', 'node', 'adhoc', 'project', 'resource']")} + + context 'for:resource kind:node' do + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => { + 'resource' => [ + { 'equals' => { 'kind' => 'node' }, 'allow' => ['x'] }, + ] + }).and_raise_error(Puppet::ParseError, /^The policy is invalid - for:resource kind:node can only contain actions/) + end + end + + context 'for:resource kind:event' do + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => { + 'resource' => [ + { 'equals' => { 'kind' => 'event' }, 'allow' => ['x'] }, + ] + }).and_raise_error(Puppet::ParseError, /^The policy is invalid - for:resource kind:event can only contain actions/) + end + end + + context 'for:adhoc' do + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => { + 'adhoc' => '' + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:adhoc is not an Array') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => { + 'adhoc' => {} + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:adhoc is not an Array') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => { + 'adhoc' => [] + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:adhoc is empty') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => { + 'adhoc' => [{}] + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:adhoc does not contain a rule action of [allow,deny]') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => { + 'resource' => [ + { 'equals' => { 'kind' => 'job' }, 'allow' => ['create'] }, + '' + ] + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:resource entry is not a Hash') + end + end + + context 'for:adhoc rules' do + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => { + 'adhoc' => [ + { 'fubar' => ['create'] }, + ] + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:adhoc does not contain a rule action of [allow,deny]') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => { + 'adhoc' => [ + { 'allow' => ['x'] }, + ] + }).and_raise_error(Puppet::ParseError, /^The policy is invalid - for:adhoc can only contain actions/) + end + end + + context 'for:job' do + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => { + 'job' => '' + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:job is not an Array') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => { + 'job' => {} + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:job is not an Array') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => { + 'job' => [] + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:job is empty') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => { + 'job' => [{}] + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:job does not contain a rule action of [allow,deny]') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => { + 'job' => [ + { 'allow' => ['create'] }, + '' + ] + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:job entry is not a Hash') + end end - context "for:resource" do - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => { - 'resource' => '' - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:resource is not an Array")} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => { - 'resource' => {} - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:resource is not an Array")} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => { - 'resource' => [] - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:resource is empty")} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => { - 'resource' => [{}] - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:resource does not contain a rule action of [allow,deny]")} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => { - 'resource' => [ - { 'equals' => { 'kind' => 'job' }, 'allow' => ['create'] }, - '' - ] - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:resource entry is not a Hash")} - end - - context "for:resource rules" do - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => { - 'resource' => [ - { 'equals' => { 'kind' => 'job' }, 'fubar' => ['create'] }, - ] - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:resource does not contain a rule action of [allow,deny]")} - end - - context "for:resource matching" do - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => { - 'resource' => [ - { 'fubar' => { 'kind' => 'job' }, 'deny' => ['create'] }, - ] - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:resource does not contain a matching statement of [match,equals,contains]")} - end - - context "for:resource kind:job" do - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => { - 'resource' => [ - { 'equals' => { 'kind' => 'job' }, 'allow' => ['x'] }, - ] - } - }).and_raise_error(Puppet::ParseError, /^The policy is invalid - for:resource kind:job can only contain actions/) } - end - - context "for:resource kind:node" do - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => { - 'resource' => [ - { 'equals' => { 'kind' => 'node' }, 'allow' => ['x'] }, - ] - } - }).and_raise_error(Puppet::ParseError, /^The policy is invalid - for:resource kind:node can only contain actions/) } - end - - context "for:resource kind:event" do - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => { - 'resource' => [ - { 'equals' => { 'kind' => 'event' }, 'allow' => ['x'] }, - ] - } - }).and_raise_error(Puppet::ParseError, /^The policy is invalid - for:resource kind:event can only contain actions/) } - end - - context "for:adhoc" do - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => { - 'adhoc' => '' - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:adhoc is not an Array")} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => { - 'adhoc' => {} - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:adhoc is not an Array")} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => { - 'adhoc' => [] - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:adhoc is empty")} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => { - 'adhoc' => [{}] - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:adhoc does not contain a rule action of [allow,deny]")} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => { - 'resource' => [ - { 'equals' => { 'kind' => 'job' }, 'allow' => ['create'] }, - '' - ] - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:resource entry is not a Hash")} - end - - context "for:adhoc rules" do - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => { - 'adhoc' => [ - { 'fubar' => ['create'] }, - ] - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:adhoc does not contain a rule action of [allow,deny]")} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => { - 'adhoc' => [ - { 'allow' => ['x'] }, - ] - } - }).and_raise_error(Puppet::ParseError, /^The policy is invalid - for:adhoc can only contain actions/) } - end - - context "for:job" do - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => { - 'job' => '' - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:job is not an Array")} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => { - 'job' => {} - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:job is not an Array")} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => { - 'job' => [] - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:job is empty")} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => { - 'job' => [{}] - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:job does not contain a rule action of [allow,deny]")} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => { - 'job' => [ - { 'allow' => ['create'] }, - '' - ] - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:job entry is not a Hash")} - end - - context "for:job rules" do - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => { - 'job' => [ - { 'equals' => { 'name' => 'job' }, 'fubar' => ['create'] }, - ] - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:job does not contain a rule action of [allow,deny]")} - end - - context "for:job matching" do - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => { - 'job' => [ - { 'fubar' => { 'name' => 'job' }, 'deny' => ['create'] }, - ] - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:job does not contain a matching statement of [match,equals,contains]")} - end - - context "for:job property:name" do - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => { - 'job' => [ - { 'equals' => { 'name' => 'test-job' }, 'allow' => ['x'] }, - ] - } - }).and_raise_error(Puppet::ParseError, /^The policy is invalid - for:job name:test-job can only contain actions/) } - end - - context "for:job property:group" do - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => { - 'job' => [ - { 'equals' => { 'group' => 'test-group' }, 'allow' => ['x'] }, - ] - } - }).and_raise_error(Puppet::ParseError, /^The policy is invalid - for:job group:test-group can only contain actions/) } - end - - context "for:node" do - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => { - 'node' => '' - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:node is not an Array")} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => { - 'node' => {} - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:node is not an Array")} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => { - 'node' => [] - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:node is empty")} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => { - 'node' => [{}] - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:node does not contain a rule action of [allow,deny]")} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => { - 'node' => [ - { 'allow' => ['read'] }, - '' - ] - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:node entry is not a Hash")} - end - - context "for:node rules" do - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => { - 'node' => [ - { 'equals' => { 'name' => 'test.mycorp.com' }, 'fubar' => ['read'] }, - ] - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:node does not contain a rule action of [allow,deny]")} - end - - context "for:node matching" do - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => { - 'node' => [ - { 'fubar' => { 'name' => 'job' }, 'deny' => ['read'] }, - ] - } - }).and_raise_error(Puppet::ParseError, "The policy is invalid - for:node does not contain a matching statement of [match,equals,contains]")} - end - - context "for:node property:hostname" do - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => { - 'node' => [ - { 'equals' => { 'hostname' => 'test.mycorp.com' }, 'allow' => ['x'] }, - ] - } - }).and_raise_error(Puppet::ParseError, /^The policy is invalid - for:node can only contain actions/) } - end - - context "by" do - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => { - 'node' => [ - { 'equals' => {'hostname' => 'test.mycorp.com' }, 'allow' => ['read'] } - ] - }, - 'by' => '' - }).and_raise_error(Puppet::ParseError, "The policy is invalid - by is not an Array")} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => { - 'node' => [ - { 'equals' => {'hostname' => 'test.mycorp.com' }, 'allow' => ['read'] } - ] - }, - 'by' => {} - }).and_raise_error(Puppet::ParseError, "The policy is invalid - by is not an Array")} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => { - 'node' => [ - { 'equals' => {'hostname' => 'test.mycorp.com' }, 'allow' => ['read'] } - ] - }, - 'by' => [] - }).and_raise_error(Puppet::ParseError, "The policy is invalid - by is empty")} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => { - 'node' => [ - { 'equals' => {'hostname' => 'test.mycorp.com' }, 'allow' => ['read'] } - ] - }, - 'by' => [{}] - }).and_raise_error(Puppet::ParseError, "The policy is invalid - by is empty")} - - it { is_expected.to run.with_params({ - 'description' => 'test', - 'context' => { - 'project' => '.*' - }, - 'for' => { - 'node' => [ - { 'equals' => {'hostname' => 'test.mycorp.com' }, 'allow' => ['read'] } - ] - }, - 'by' => [{'username'=>'test'},''] - }).and_raise_error(Puppet::ParseError, "The policy is invalid - by: is not a Hash")} - end - - end + context 'for:job rules' do + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => { + 'job' => [ + { 'equals' => { 'name' => 'job' }, 'fubar' => ['create'] }, + ] + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:job does not contain a rule action of [allow,deny]') + end + end + + context 'for:job matching' do + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => { + 'job' => [ + { 'fubar' => { 'name' => 'job' }, 'deny' => ['create'] }, + ] + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:job does not contain a matching statement of [match,equals,contains]') + end + end + + context 'for:job property:name' do + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => { + 'job' => [ + { 'equals' => { 'name' => 'test-job' }, 'allow' => ['x'] }, + ] + }).and_raise_error(Puppet::ParseError, /^The policy is invalid - for:job name:test-job can only contain actions/) + end + end + + context 'for:job property:group' do + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => { + 'job' => [ + { 'equals' => { 'group' => 'test-group' }, 'allow' => ['x'] }, + ] + }).and_raise_error(Puppet::ParseError, /^The policy is invalid - for:job group:test-group can only contain actions/) + end + end + + context 'for:node' do + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => { + 'node' => '' + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:node is not an Array') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => { + 'node' => {} + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:node is not an Array') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => { + 'node' => [] + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:node is empty') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => { + 'node' => [{}] + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:node does not contain a rule action of [allow,deny]') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => { + 'node' => [ + { 'allow' => ['read'] }, + '' + ] + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:node entry is not a Hash') + end + end + + context 'for:node rules' do + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => { + 'node' => [ + { 'equals' => { 'name' => 'test.mycorp.com' }, 'fubar' => ['read'] }, + ] + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:node does not contain a rule action of [allow,deny]') + end + end + + context 'for:node matching' do + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => { + 'node' => [ + { 'fubar' => { 'name' => 'job' }, 'deny' => ['read'] }, + ] + }).and_raise_error(Puppet::ParseError, 'The policy is invalid - for:node does not contain a matching statement of [match,equals,contains]') + end + end + + context 'for:node property:hostname' do + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => { + 'node' => [ + { 'equals' => { 'hostname' => 'test.mycorp.com' }, 'allow' => ['x'] }, + ] + }).and_raise_error(Puppet::ParseError, /^The policy is invalid - for:node can only contain actions/) + end + end + + context 'by' do + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => { + 'node' => [ + { 'equals' => { 'hostname' => 'test.mycorp.com' }, 'allow' => ['read'] } + ] + }, + 'by' => '').and_raise_error(Puppet::ParseError, 'The policy is invalid - by is not an Array') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => { + 'node' => [ + { 'equals' => { 'hostname' => 'test.mycorp.com' }, 'allow' => ['read'] } + ] + }, + 'by' => {}).and_raise_error(Puppet::ParseError, 'The policy is invalid - by is not an Array') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => { + 'node' => [ + { 'equals' => { 'hostname' => 'test.mycorp.com' }, 'allow' => ['read'] } + ] + }, + 'by' => []).and_raise_error(Puppet::ParseError, 'The policy is invalid - by is empty') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => { + 'node' => [ + { 'equals' => { 'hostname' => 'test.mycorp.com' }, 'allow' => ['read'] } + ] + }, + 'by' => [{}]).and_raise_error(Puppet::ParseError, 'The policy is invalid - by is empty') + end + + it do + is_expected.to run.with_params('description' => 'test', + 'context' => { + 'project' => '.*' + }, + 'for' => { + 'node' => [ + { 'equals' => { 'hostname' => 'test.mycorp.com' }, 'allow' => ['read'] } + ] + }, + 'by' => [{ 'username' => 'test' }, '']).and_raise_error(Puppet::ParseError, 'The policy is invalid - by: is not a Hash') + end + end + end end -end \ No newline at end of file +end diff --git a/spec/functions/validate_rd_policy/signature_spec.rb b/spec/functions/validate_rd_policy/signature_spec.rb index 1dd233ab4..864e3549b 100644 --- a/spec/functions/validate_rd_policy/signature_spec.rb +++ b/spec/functions/validate_rd_policy/signature_spec.rb @@ -3,13 +3,12 @@ describe 'validate_rd_policy' do describe 'signature validation' do it { is_expected.not_to eq(nil) } - it { is_expected.to run.with_params().and_raise_error(Puppet::ParseError, /wrong number of arguments/i) } - + it { is_expected.to run.with_params.and_raise_error(Puppet::ParseError, /wrong number of arguments/i) } + describe 'basic invalid inputs' do - it { is_expected.to run.with_params(1).and_raise_error(Puppet::ParseError, /is not a Hash or Array of hashes/) } - it { is_expected.to run.with_params(true).and_raise_error(Puppet::ParseError, /is not a Hash or Array of hashes/) } - it { is_expected.to run.with_params('one').and_raise_error(Puppet::ParseError, /is not a Hash or Array of hashes/) } + it { is_expected.to run.with_params(1).and_raise_error(Puppet::ParseError, /is not a Hash or Array of hashes/) } + it { is_expected.to run.with_params(true).and_raise_error(Puppet::ParseError, /is not a Hash or Array of hashes/) } + it { is_expected.to run.with_params('one').and_raise_error(Puppet::ParseError, /is not a Hash or Array of hashes/) } end - end -end \ No newline at end of file +end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 2b321785d..2c6f56649 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,10 +1 @@ require 'puppetlabs_spec_helper/module_spec_helper' - -RSpec.configure do |config| - config.default_facts = { - :puppetversion => '3.7.4', - } - config.expect_with :rspec do |c| - c.syntax = [:should, :expect] - end -end diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index 3a87e7a38..e4cf256a2 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -1,32 +1,28 @@ require 'beaker-rspec/spec_helper' require 'beaker-rspec/helpers/serverspec' - -hosts.each do |host| - - - version = ENV['PUPPET_GEM_VERSION'] - install_puppet(:version => version) +hosts.each do |_host| + version = ENV['PUPPET_GEM_VERSION'] + install_puppet(:version => version) end RSpec.configure do |c| proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..')) - c.formatter = :documentation - - c.before :suite do + c.formatter = :documentation - hosts.each do |host| - c.host = host + c.before :suite do + hosts.each do |host| + c.host = host - path = (File.expand_path(File.dirname(__FILE__)+'/../')).split('/') - name = path[path.length-1].split('-')[1] + path = (File.expand_path(File.dirname(__FILE__) + '/../')).split('/') + name = path[path.length - 1].split('-')[1] - copy_module_to(host, :source => proj_root, :module_name => name) + copy_module_to(host, :source => proj_root, :module_name => name) - on host, puppet('module','install', 'puppetlabs-stdlib'), { :acceptable_exit_codes => [0,1] } - on host, puppet('module','install', 'puppetlabs-java'), { :acceptable_exit_codes => [0,1] } - on host, puppet('module','install', 'puppetlabs-inifile'), { :acceptable_exit_codes => [0,1] } - end + on host, puppet('module', 'install', 'puppetlabs-stdlib'), :acceptable_exit_codes => [0, 1] + on host, puppet('module', 'install', 'puppetlabs-java'), :acceptable_exit_codes => [0, 1] + on host, puppet('module', 'install', 'puppetlabs-inifile'), :acceptable_exit_codes => [0, 1] + end end end diff --git a/tests/init.pp b/tests/init.pp index 5d68ebae1..0c040fbe3 100644 --- a/tests/init.pp +++ b/tests/init.pp @@ -9,4 +9,4 @@ # Learn more about module testing here: # http://docs.puppetlabs.com/guides/tests_smoke.html # -include rundeck +include ::rundeck