Skip to content

Commit 04e8184

Browse files
dtapiacldtapiacl
committed
(classes) update tests
1 parent 0f41e59 commit 04e8184

File tree

5 files changed

+122
-80
lines changed

5 files changed

+122
-80
lines changed

spec/acceptance/openvpn_spec.rb

Lines changed: 51 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,11 @@
88
it_behaves_like 'an idempotent resource', 'master' do
99
let(:manifest) do
1010
<<-PUPPET
11+
class { 'openvpn':
12+
package_name => 'openvpn',
13+
service_name => 'openvpn',
14+
}
15+
1116
openvpn::server { 'test_openvpn_server':
1217
country => 'CO',
1318
province => 'ST',
@@ -54,18 +59,24 @@
5459
it_behaves_like 'an idempotent resource', 'master' do
5560
let(:manifest) do
5661
<<-PUPPET
57-
openvpn::server { 'test_openvpn_server':
58-
country => 'CO',
59-
province => 'ST',
60-
city => 'A city',
61-
organization => 'FOO',
62-
email => '[email protected]',
63-
server => '10.0.0.0 255.255.255.0',
64-
}
65-
openvpn::client { ['vpnclienta','vpnclientb'] :
66-
server => 'test_openvpn_server',
67-
require => Openvpn::Server['test_openvpn_server'],
68-
}
62+
class { 'openvpn':
63+
package_name => 'openvpn',
64+
service_name => 'openvpn',
65+
}
66+
67+
openvpn::server { 'test_openvpn_server':
68+
country => 'CO',
69+
province => 'ST',
70+
city => 'A city',
71+
organization => 'FOO',
72+
email => '[email protected]',
73+
server => '10.0.0.0 255.255.255.0',
74+
}
75+
76+
openvpn::client { ['vpnclienta','vpnclientb']:
77+
server => 'test_openvpn_server',
78+
require => Openvpn::Server['test_openvpn_server'],
79+
}
6980
PUPPET
7081
end
7182
end
@@ -83,30 +94,40 @@
8394
end
8495

8596
describe 'openvpn::revoke', order: :defined do
86-
it 'revoke a client certificate' do
97+
it 'revokes a client certificate' do
8798
pp = <<-PUPPET
88-
openvpn::server { 'test_openvpn_server':
89-
country => 'CO',
90-
province => 'ST',
91-
city => 'A city',
92-
organization => 'FOO',
93-
email => '[email protected]',
94-
server => '10.0.0.0 255.255.255.0',
95-
}
96-
openvpn::client { ['vpnclienta','vpnclientb'] :
97-
server => 'test_openvpn_server',
98-
require => Openvpn::Server['test_openvpn_server'],
99-
}
100-
openvpn::revoke { 'vpnclientb':
101-
server => 'test_openvpn_server',
102-
}
99+
class { 'openvpn':
100+
package_name => 'openvpn',
101+
service_name => 'openvpn',
102+
}
103+
104+
openvpn::server { 'test_openvpn_server':
105+
country => 'CO',
106+
province => 'ST',
107+
city => 'A city',
108+
organization => 'FOO',
109+
email => '[email protected]',
110+
server => '10.0.0.0 255.255.255.0',
111+
}
112+
113+
openvpn::client { ['vpnclienta','vpnclientb']:
114+
server => 'test_openvpn_server',
115+
require => Openvpn::Server['test_openvpn_server'],
116+
}
117+
118+
openvpn::revoke { 'vpnclientb':
119+
server => 'test_openvpn_server',
120+
require => Openvpn::Client['vpnclientb'],
121+
}
103122
PUPPET
104-
# Apply the manifest to revoke the client certificate
105123
apply_manifest_on(hosts_as('master'), pp, catch_failures: true)
106124
end
107125

108-
describe file('/etc/openvpn/server/test_openvpn_server/easy-rsa/revoked/vpnclientb') do
126+
# CRL file must exist and look valid
127+
describe file('/etc/openvpn/server/test_openvpn_server/crl.pem') do
109128
it { is_expected.to be_file }
129+
its(:content) { is_expected.to match(%r{-----BEGIN X509 CRL-----}) }
130+
its(:content) { is_expected.to match(%r{-----END X509 CRL-----}) }
110131
end
111132
end
112133

spec/classes/openvpn_init_spec.rb

Lines changed: 1 addition & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -16,18 +16,7 @@
1616
it { is_expected.to create_class('openvpn') }
1717
it { is_expected.to contain_class('openvpn::install') }
1818
it { is_expected.to contain_class('openvpn::config') }
19-
20-
if os_facts[:service_provider] == 'systemd'
21-
context 'system with systemd' do
22-
it { is_expected.to create_class('openvpn') }
23-
it { is_expected.not_to contain_class('openvpn::service') }
24-
end
25-
else
26-
context 'system without systemd' do
27-
it { is_expected.to create_class('openvpn') }
28-
it { is_expected.to contain_class('openvpn::service') }
29-
end
30-
end
19+
it { is_expected.to contain_class('openvpn::service') } # always included now
3120
end
3221
end
3322
end

spec/classes/openvpn_install_spec.rb

Lines changed: 18 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -2,15 +2,14 @@
22

33
require 'spec_helper'
44

5-
describe 'openvpn::install' do
5+
describe 'openvpn' do
66
on_supported_os.each do |os, os_facts|
77
context "on #{os}" do
88
let(:facts) do
99
os_facts.merge(
1010
easyrsa: '3.0'
1111
)
1212
end
13-
let(:pre_condition) { 'include openvpn' }
1413

1514
etc_directory = case os_facts[:os]['family']
1615
when 'Solaris'
@@ -23,23 +22,36 @@
2322

2423
it { is_expected.to compile.with_all_deps }
2524

26-
it { is_expected.to create_class('openvpn::install') }
25+
it { is_expected.to contain_class('openvpn::install') }
2726

28-
it { is_expected.to contain_package('openvpn') }
27+
# Default package
28+
it { is_expected.to contain_package('openvpn').with_ensure(%r{present|installed}) }
2929

30+
# Directories
3031
it { is_expected.to contain_file("#{etc_directory}/openvpn").with_ensure('directory') }
31-
3232
it { is_expected.to contain_file("#{etc_directory}/openvpn/keys").with_ensure('directory') }
33-
3433
it { is_expected.to contain_file('/var/log/openvpn').with_ensure('directory') }
3534

35+
# Additional packages
3636
it { is_expected.to contain_package('easy-rsa') }
3737

3838
if os_facts[:os]['family'] == 'Debian'
3939
it { is_expected.to contain_package('openvpn-auth-ldap') }
4040
else
4141
it { is_expected.not_to contain_package('openvpn-auth-ldap') }
4242
end
43+
44+
# Override package_name and package_ensure
45+
context 'with overridden package_name and package_ensure' do
46+
let(:params) do
47+
{
48+
package_name: 'openvpn-as',
49+
package_ensure: 'latest',
50+
}
51+
end
52+
53+
it { is_expected.to contain_package('openvpn-as').with_ensure('latest') }
54+
end
4355
end
4456
end
4557
end

spec/classes/openvpn_service_spec.rb

Lines changed: 40 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -2,54 +2,62 @@
22

33
require 'spec_helper'
44

5-
describe 'openvpn::service' do
5+
describe 'openvpn' do
66
on_supported_os.each do |os, os_facts|
77
context "on #{os}" do
8-
let(:facts) do
9-
os_facts.merge(
10-
easyrsa: '3.0'
11-
)
12-
end
13-
let(:pre_condition) { 'include openvpn' }
14-
15-
it { is_expected.to compile.with_all_deps }
8+
let(:facts) { os_facts.merge(easyrsa: '3.0') }
169

17-
context 'enabled manage_service and disabled namespecific_rclink' do
18-
let(:pre_condition) do
19-
'class { "openvpn":
20-
manage_service => true,
21-
namespecific_rclink => false
22-
}'
10+
context 'with manage_service => true and namespecific_rclink => false' do
11+
let(:params) do
12+
{
13+
manage_service: true,
14+
namespecific_rclink: false,
15+
}
2316
end
2417

25-
it { is_expected.to create_class('openvpn::service') }
18+
it { is_expected.to contain_class('openvpn::service') }
2619

27-
it { is_expected.to contain_service('openvpn').with_ensure('running').with_enable(true) }
20+
it {
21+
is_expected.to contain_service('openvpn').with(
22+
ensure: 'running',
23+
enable: true
24+
)
25+
}
2826
end
2927

30-
context 'disabled manage_service and disabled namespecific_rclink' do
31-
let(:pre_condition) do
32-
'class { "openvpn":
33-
manage_service => false,
34-
namespecific_rclink => false
35-
}'
28+
context 'with manage_service => false and namespecific_rclink => false' do
29+
let(:params) do
30+
{
31+
manage_service: false,
32+
namespecific_rclink: false,
33+
}
3634
end
3735

38-
it { is_expected.to create_class('openvpn::service') }
39-
36+
it { is_expected.to contain_class('openvpn::service') }
4037
it { is_expected.not_to contain_service('openvpn') }
4138
end
4239

43-
context 'disabled manage_service and enabled namespecific_rclink' do
44-
let(:pre_condition) do
45-
'class { "openvpn":
46-
manage_service => false,
47-
namespecific_rclink => true
48-
}'
40+
context 'with manage_service => true and namespecific_rclink => true' do
41+
let(:params) do
42+
{
43+
manage_service: true,
44+
namespecific_rclink: true,
45+
}
4946
end
5047

51-
it { is_expected.to create_class('openvpn::service') }
48+
it { is_expected.to contain_class('openvpn::service') }
49+
it { is_expected.not_to contain_service('openvpn') }
50+
end
51+
52+
context 'with manage_service => false and namespecific_rclink => true' do
53+
let(:params) do
54+
{
55+
manage_service: false,
56+
namespecific_rclink: true,
57+
}
58+
end
5259

60+
it { is_expected.to contain_class('openvpn::service') }
5361
it { is_expected.not_to contain_service('openvpn') }
5462
end
5563
end

spec/defines/openvpn_revoke_spec.rb

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -60,6 +60,18 @@
6060
is_expected.to contain_exec('copy renewed crl.pem to test_server keys directory because of revocation of test_client').
6161
with_command("cp #{server_directory}/test_server/easy-rsa/keys/crl.pem #{server_directory}/test_server/crl.pem")
6262
}
63+
64+
# Verify that OpenVPN service is notified to reload after CRL is updated
65+
it {
66+
is_expected.to contain_service('openvpn').
67+
with_ensure('running').
68+
with_enable(true).
69+
that_subscribes_to([
70+
'Exec[revoke certificate for test_client in context of test_server]',
71+
'Exec[renew crl.pem on test_server because of revocation of test_client]',
72+
'Exec[copy renewed crl.pem to test_server keys directory because of revocation of test_client]'
73+
])
74+
}
6375
end
6476
end
6577
end

0 commit comments

Comments
 (0)