module-puppetdb/spec/unit/classes/server/jetty_ini_spec.rb

require 'spec_helper'

describe 'puppetdb::server::jetty', :type => :class do
  context 'on a supported platform' do
    let(:facts) do
      {
        :osfamily                 => 'RedHat',
        :fqdn                     => 'test.domain.local',
      }
    end

    it { should contain_class('puppetdb::server::jetty') }

    describe 'when using default values' do
      it { should contain_file('/etc/puppetlabs/puppetdb/conf.d/jetty.ini').
        with(
             'ensure'  => 'file',
             'owner'   => 'puppetdb',
             'group'   => 'puppetdb',
             'mode'    => '0600'
             )}
      it { should contain_ini_setting('puppetdb_host').
        with(
             'ensure'  => 'present',
             'path'    => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini',
             'section' => 'jetty',
             'setting' => 'host',
             'value'   => 'localhost'
             )}
      it { should contain_ini_setting('puppetdb_port').
        with(
             'ensure'  => 'present',
             'path'    => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini',
             'section' => 'jetty',
             'setting' => 'port',
             'value'   => 8080
             )}
      it { should contain_ini_setting('puppetdb_sslhost').
        with(
             'ensure'  => 'present',
             'path'    => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini',
             'section' => 'jetty',
             'setting' => 'ssl-host',
             'value'   => '0.0.0.0'
             )}
      it { should contain_ini_setting('puppetdb_sslport').
        with(
             'ensure'  => 'present',
             'path'    => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini',
             'section' => 'jetty',
             'setting' => 'ssl-port',
             'value'   => 8081
             )}
      it { should_not contain_ini_setting('puppetdb_sslprotocols') }
    end

    describe 'when using a legacy PuppetDB version' do
      let (:pre_condition) { 'class { "puppetdb::globals": version => "2.2.0", }' }
      it { should contain_ini_setting('puppetdb_host').
        with(
             'ensure'  => 'present',
             'path'    => '/etc/puppetdb/conf.d/jetty.ini',
             'section' => 'jetty',
             'setting' => 'host',
             'value'   => 'localhost'
             )}
      it { should contain_ini_setting('puppetdb_port').
        with(
             'ensure'  => 'present',
             'path'    => '/etc/puppetdb/conf.d/jetty.ini',
             'section' => 'jetty',
             'setting' => 'port',
             'value'   => 8080
             )}
      it { should contain_ini_setting('puppetdb_sslhost').
        with(
             'ensure'  => 'present',
             'path'    => '/etc/puppetdb/conf.d/jetty.ini',
             'section' => 'jetty',
             'setting' => 'ssl-host',
             'value'   => '0.0.0.0'
             )}
      it { should contain_ini_setting('puppetdb_sslport').
        with(
             'ensure'  => 'present',
             'path'    => '/etc/puppetdb/conf.d/jetty.ini',
             'section' => 'jetty',
             'setting' => 'ssl-port',
             'value'   => 8081
             )}
      it { should_not contain_ini_setting('puppetdb_sslprotocols') }
    end

    describe 'when disabling ssl' do
      let(:params) do
        {
          'disable_ssl' => true
        }
      end
      it { should contain_ini_setting('puppetdb_host').
        with(
             'ensure'  => 'present',
             'path'    => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini',
             'section' => 'jetty',
             'setting' => 'host',
             'value'   => 'localhost'
             )}
      it { should contain_ini_setting('puppetdb_port').
        with(
             'ensure'  => 'present',
             'path'    => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini',
             'section' => 'jetty',
             'setting' => 'port',
             'value'   => 8080
             )}
      it { should contain_ini_setting('puppetdb_sslhost').
        with(
             'ensure'  => 'absent',
             'path'    => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini',
             'section' => 'jetty',
             'setting' => 'ssl-host'
             )}
      it { should contain_ini_setting('puppetdb_sslport').
        with(
             'ensure'  => 'absent',
             'path'    => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini',
             'section' => 'jetty',
             'setting' => 'ssl-port'
             )}
    end

    describe 'when setting max_threads' do
      let(:params) do
        {
          'max_threads' => 150
        }
      end
      it { should contain_ini_setting('puppetdb_max_threads').
        with(
             'ensure'  => 'present',
             'path'    => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini',
             'section' => 'jetty',
             'setting' => 'max-threads',
             'value'   => '150'
             )}
    end

    describe 'when setting ssl_protocols' do
      context 'to a valid string' do
        let(:params) { { 'ssl_protocols' => 'TLSv1, TLSv1.1, TLSv1.2' } }

        it {
          should contain_ini_setting('puppetdb_sslprotocols').with(
            'ensure' => 'present',
            'path' => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini',
            'section' => 'jetty',
            'setting' => 'ssl-protocols',
            'value' => 'TLSv1, TLSv1.1, TLSv1.2'
          )
        }
      end

      context 'to an invalid type (non-string)' do
        let(:params) { { 'ssl_protocols' => ['invalid','type'] } }

        it 'should fail' do
          expect {
            should contain_class('puppetdb::server::jetty')
          }.to raise_error(Puppet::Error)
        end
      end
    end

    describe 'when disabling the cleartext HTTP port' do
      let(:params) do
        {
          'disable_cleartext' => true
        }
      end
      it { should contain_ini_setting('puppetdb_host').
        with(
             'ensure'  => 'absent',
             'path'    => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini',
             'section' => 'jetty',
             'setting' => 'host',
             'value'   => 'localhost'
             )}
      it { should contain_ini_setting('puppetdb_port').
        with(
             'ensure'  => 'absent',
             'path'    => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini',
             'section' => 'jetty',
             'setting' => 'port',
             'value'   => 8080
             )}
    end
  end
end
Add tests for puppetdb::server::jetty_ini 2013-04-10 00:18:31 +02:00			`require 'spec_helper'`

(PDB-1913) manage vardir This updates the module to manage vardir, and also makes room for general management of the global ini section. 2015-09-16 00:21:33 +02:00			`describe 'puppetdb::server::jetty', :type => :class do`
Add tests for puppetdb::server::jetty_ini 2013-04-10 00:18:31 +02:00			`context 'on a supported platform' do`
			`let(:facts) do`
			`{`
			`:osfamily => 'RedHat',`
Use fqdn for ssl listen address instead of clientcert Chris Barker reported that the default value of `$::clientcert` was not the best choice for some things we were using it for in the module; specifically, for the default value of the jetty ssl listen address. He suggested using `$::fqdn` instead. This commit makes that change; rspec-system tests pass, but I'm not 100% sure that there aren't edge cases that would be affected by this. 2013-05-22 01:35:42 +02:00			`:fqdn => 'test.domain.local',`
Add tests for puppetdb::server::jetty_ini 2013-04-10 00:18:31 +02:00			`}`
			`end`

(PDB-1913) manage vardir This updates the module to manage vardir, and also makes room for general management of the global ini section. 2015-09-16 00:21:33 +02:00			`it { should contain_class('puppetdb::server::jetty') }`
Add tests for puppetdb::server::jetty_ini 2013-04-10 00:18:31 +02:00
			`describe 'when using default values' do`
(PDB-2571) Ensure all managed ini files have correct permissions Much like read-database.ini, we need to ensure the permissions for puppetdb.ini and others are set explicitly to ensure permissions are still correct after configuration. Without this users with different umask settings may find their files are no longer accessible after the module runs. This patch fixes the globally for all the ini files we currently manage (repl.ini is not managed fwiw). This also fixes a bug whereby we were missing puppetdb::server::global from the main server class, it adds this back and fixes the tests to ensure we don't lose it. Signed-off-by: Ken Barber <ken@bob.sh> 2016-04-28 13:39:54 +02:00			`it { should contain_file('/etc/puppetlabs/puppetdb/conf.d/jetty.ini').`
			`with(`
			`'ensure' => 'file',`
			`'owner' => 'puppetdb',`
			`'group' => 'puppetdb',`
			`'mode' => '0600'`
			`)}`
(maint) Add pathing for AIO, defaulting to non-AIO for older PDBs This commit adds a globals class to PuppetDB which allows us to change the param defaults for the module depending on what version of PuppetDB they are using (similar to the PostgreSQL module). This commit also changes the default PuppetDB 3.x configuration pathing to assume AIO Puppet. 2015-06-18 22:45:51 +02:00			`it { should contain_ini_setting('puppetdb_host').`
			`with(`
			`'ensure' => 'present',`
			`'path' => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini',`
			`'section' => 'jetty',`
			`'setting' => 'host',`
			`'value' => 'localhost'`
			`)}`
			`it { should contain_ini_setting('puppetdb_port').`
			`with(`
			`'ensure' => 'present',`
			`'path' => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini',`
			`'section' => 'jetty',`
			`'setting' => 'port',`
			`'value' => 8080`
			`)}`
			`it { should contain_ini_setting('puppetdb_sslhost').`
			`with(`
			`'ensure' => 'present',`
			`'path' => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini',`
			`'section' => 'jetty',`
			`'setting' => 'ssl-host',`
			`'value' => '0.0.0.0'`
			`)}`
			`it { should contain_ini_setting('puppetdb_sslport').`
			`with(`
			`'ensure' => 'present',`
			`'path' => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini',`
			`'section' => 'jetty',`
			`'setting' => 'ssl-port',`
			`'value' => 8081`
			`)}`
			`it { should_not contain_ini_setting('puppetdb_sslprotocols') }`
			`end`

			`describe 'when using a legacy PuppetDB version' do`
			`let (:pre_condition) { 'class { "puppetdb::globals": version => "2.2.0", }' }`
Add tests for puppetdb::server::jetty_ini 2013-04-10 00:18:31 +02:00			`it { should contain_ini_setting('puppetdb_host').`
			`with(`
			`'ensure' => 'present',`
			`'path' => '/etc/puppetdb/conf.d/jetty.ini',`
			`'section' => 'jetty',`
			`'setting' => 'host',`
Ruby 1.8.7 doesn't like a comma after the last hash entry. 2013-04-10 00:51:58 +02:00			`'value' => 'localhost'`
Add tests for puppetdb::server::jetty_ini 2013-04-10 00:18:31 +02:00			`)}`
			`it { should contain_ini_setting('puppetdb_port').`
			`with(`
			`'ensure' => 'present',`
			`'path' => '/etc/puppetdb/conf.d/jetty.ini',`
			`'section' => 'jetty',`
			`'setting' => 'port',`
Ruby 1.8.7 doesn't like a comma after the last hash entry. 2013-04-10 00:51:58 +02:00			`'value' => 8080`
Add tests for puppetdb::server::jetty_ini 2013-04-10 00:18:31 +02:00			`)}`
			`it { should contain_ini_setting('puppetdb_sslhost').`
			`with(`
			`'ensure' => 'present',`
			`'path' => '/etc/puppetdb/conf.d/jetty.ini',`
			`'section' => 'jetty',`
			`'setting' => 'ssl-host',`
(maint) Change default ssl-host to 0.0.0.0 This was changes in the package, but never reflected in the module. Signed-off-by: Ken Barber <ken@bob.sh> 2015-05-29 14:32:02 +02:00			`'value' => '0.0.0.0'`
Add tests for puppetdb::server::jetty_ini 2013-04-10 00:18:31 +02:00			`)}`
			`it { should contain_ini_setting('puppetdb_sslport').`
			`with(`
			`'ensure' => 'present',`
			`'path' => '/etc/puppetdb/conf.d/jetty.ini',`
			`'section' => 'jetty',`
			`'setting' => 'ssl-port',`
Ruby 1.8.7 doesn't like a comma after the last hash entry. 2013-04-10 00:51:58 +02:00			`'value' => 8081`
Add tests for puppetdb::server::jetty_ini 2013-04-10 00:18:31 +02:00			`)}`
Add ability to specify SSL protocols. This is in response to CVE-2014-3566 - POODLE 2014-10-17 07:07:45 +02:00			`it { should_not contain_ini_setting('puppetdb_sslprotocols') }`
Add tests for puppetdb::server::jetty_ini 2013-04-10 00:18:31 +02:00			`end`
Add unit tests for disabling SSL in puppetdb::server::jetty_ini 2013-04-10 00:31:43 +02:00
			`describe 'when disabling ssl' do`
			`let(:params) do`
			`{`
			`'disable_ssl' => true`
			`}`
			`end`
			`it { should contain_ini_setting('puppetdb_host').`
			`with(`
			`'ensure' => 'present',`
(maint) Add pathing for AIO, defaulting to non-AIO for older PDBs This commit adds a globals class to PuppetDB which allows us to change the param defaults for the module depending on what version of PuppetDB they are using (similar to the PostgreSQL module). This commit also changes the default PuppetDB 3.x configuration pathing to assume AIO Puppet. 2015-06-18 22:45:51 +02:00			`'path' => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini',`
Add unit tests for disabling SSL in puppetdb::server::jetty_ini 2013-04-10 00:31:43 +02:00			`'section' => 'jetty',`
			`'setting' => 'host',`
Ruby 1.8.7 doesn't like a comma after the last hash entry. 2013-04-10 00:51:58 +02:00			`'value' => 'localhost'`
Add unit tests for disabling SSL in puppetdb::server::jetty_ini 2013-04-10 00:31:43 +02:00			`)}`
			`it { should contain_ini_setting('puppetdb_port').`
			`with(`
			`'ensure' => 'present',`
(maint) Add pathing for AIO, defaulting to non-AIO for older PDBs This commit adds a globals class to PuppetDB which allows us to change the param defaults for the module depending on what version of PuppetDB they are using (similar to the PostgreSQL module). This commit also changes the default PuppetDB 3.x configuration pathing to assume AIO Puppet. 2015-06-18 22:45:51 +02:00			`'path' => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini',`
Add unit tests for disabling SSL in puppetdb::server::jetty_ini 2013-04-10 00:31:43 +02:00			`'section' => 'jetty',`
			`'setting' => 'port',`
Ruby 1.8.7 doesn't like a comma after the last hash entry. 2013-04-10 00:51:58 +02:00			`'value' => 8080`
Add unit tests for disabling SSL in puppetdb::server::jetty_ini 2013-04-10 00:31:43 +02:00			`)}`
			`it { should contain_ini_setting('puppetdb_sslhost').`
			`with(`
			`'ensure' => 'absent',`
(maint) Add pathing for AIO, defaulting to non-AIO for older PDBs This commit adds a globals class to PuppetDB which allows us to change the param defaults for the module depending on what version of PuppetDB they are using (similar to the PostgreSQL module). This commit also changes the default PuppetDB 3.x configuration pathing to assume AIO Puppet. 2015-06-18 22:45:51 +02:00			`'path' => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini',`
Add unit tests for disabling SSL in puppetdb::server::jetty_ini 2013-04-10 00:31:43 +02:00			`'section' => 'jetty',`
Ruby 1.8.7 doesn't like a comma after the last hash entry. 2013-04-10 00:51:58 +02:00			`'setting' => 'ssl-host'`
Add unit tests for disabling SSL in puppetdb::server::jetty_ini 2013-04-10 00:31:43 +02:00			`)}`
			`it { should contain_ini_setting('puppetdb_sslport').`
			`with(`
			`'ensure' => 'absent',`
(maint) Add pathing for AIO, defaulting to non-AIO for older PDBs This commit adds a globals class to PuppetDB which allows us to change the param defaults for the module depending on what version of PuppetDB they are using (similar to the PostgreSQL module). This commit also changes the default PuppetDB 3.x configuration pathing to assume AIO Puppet. 2015-06-18 22:45:51 +02:00			`'path' => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini',`
Add unit tests for disabling SSL in puppetdb::server::jetty_ini 2013-04-10 00:31:43 +02:00			`'section' => 'jetty',`
Ruby 1.8.7 doesn't like a comma after the last hash entry. 2013-04-10 00:51:58 +02:00			`'setting' => 'ssl-port'`
Add unit tests for disabling SSL in puppetdb::server::jetty_ini 2013-04-10 00:31:43 +02:00			`)}`
			`end`
implement max_threads option for jetty 2014-06-26 17:15:34 +02:00
			`describe 'when setting max_threads' do`
			`let(:params) do`
			`{`
			`'max_threads' => 150`
			`}`
			`end`
			`it { should contain_ini_setting('puppetdb_max_threads').`
			`with(`
			`'ensure' => 'present',`
(maint) Add pathing for AIO, defaulting to non-AIO for older PDBs This commit adds a globals class to PuppetDB which allows us to change the param defaults for the module depending on what version of PuppetDB they are using (similar to the PostgreSQL module). This commit also changes the default PuppetDB 3.x configuration pathing to assume AIO Puppet. 2015-06-18 22:45:51 +02:00			`'path' => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini',`
implement max_threads option for jetty 2014-06-26 17:15:34 +02:00			`'section' => 'jetty',`
			`'setting' => 'max-threads',`
			`'value' => '150'`
			`)}`
			`end`
Add ability to specify SSL protocols. This is in response to CVE-2014-3566 - POODLE 2014-10-17 07:07:45 +02:00
			`describe 'when setting ssl_protocols' do`
			`context 'to a valid string' do`
			`let(:params) { { 'ssl_protocols' => 'TLSv1, TLSv1.1, TLSv1.2' } }`

			`it {`
			`should contain_ini_setting('puppetdb_sslprotocols').with(`
			`'ensure' => 'present',`
(maint) Add pathing for AIO, defaulting to non-AIO for older PDBs This commit adds a globals class to PuppetDB which allows us to change the param defaults for the module depending on what version of PuppetDB they are using (similar to the PostgreSQL module). This commit also changes the default PuppetDB 3.x configuration pathing to assume AIO Puppet. 2015-06-18 22:45:51 +02:00			`'path' => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini',`
Add ability to specify SSL protocols. This is in response to CVE-2014-3566 - POODLE 2014-10-17 07:07:45 +02:00			`'section' => 'jetty',`
			`'setting' => 'ssl-protocols',`
			`'value' => 'TLSv1, TLSv1.1, TLSv1.2'`
			`)`
			`}`
			`end`

			`context 'to an invalid type (non-string)' do`
			`let(:params) { { 'ssl_protocols' => ['invalid','type'] } }`

			`it 'should fail' do`
			`expect {`
(PDB-1913) manage vardir This updates the module to manage vardir, and also makes room for general management of the global ini section. 2015-09-16 00:21:33 +02:00			`should contain_class('puppetdb::server::jetty')`
Add ability to specify SSL protocols. This is in response to CVE-2014-3566 - POODLE 2014-10-17 07:07:45 +02:00			`}.to raise_error(Puppet::Error)`
			`end`
			`end`
			`end`
Add option to disable cleartext HTTP port 2015-10-13 19:39:15 +02:00
			`describe 'when disabling the cleartext HTTP port' do`
			`let(:params) do`
			`{`
			`'disable_cleartext' => true`
			`}`
			`end`
			`it { should contain_ini_setting('puppetdb_host').`
			`with(`
			`'ensure' => 'absent',`
			`'path' => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini',`
			`'section' => 'jetty',`
			`'setting' => 'host',`
			`'value' => 'localhost'`
			`)}`
			`it { should contain_ini_setting('puppetdb_port').`
			`with(`
			`'ensure' => 'absent',`
			`'path' => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini',`
			`'section' => 'jetty',`
			`'setting' => 'port',`
			`'value' => 8080`
			`)}`
			`end`
Add tests for puppetdb::server::jetty_ini 2013-04-10 00:18:31 +02:00			`end`
			`end`