opuppet/module-puppetdb
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
module-puppetdb/spec/unit/classes/server/puppetdb_ini_spec.rb
Ken Barber 59100fd6bc (PDB-2571) Ensure all managed ini files have correct permissions 
Much like read-database.ini, we need to ensure the permissions for puppetdb.ini and others are set explicitly
to ensure permissions are still correct after configuration. Without this users with different umask
settings may find their files are no longer accessible after the module runs.

This patch fixes the globally for all the ini files we currently manage (repl.ini is not managed fwiw).

This also fixes a bug whereby we were missing puppetdb::server::global from the main server class, it adds this
back and fixes the tests to ensure we don't lose it.

Signed-off-by: Ken Barber <ken@bob.sh>
2016-05-12 18:31:50 +01:00

64 lines
2.1 KiB
Ruby
Raw Blame History

require 'spec_helper'
describe 'puppetdb::server::puppetdb', :type => :class do
context 'on a supported platform' do
let(:facts) do
{
:osfamily => 'RedHat',
:fqdn => 'test.domain.local',
}
end
it { should contain_class('puppetdb::server::puppetdb') }
describe 'when using default values' do
it { should contain_ini_setting('puppetdb-connections-from-master-only').
with(
'ensure' => 'absent',
'path' => '/etc/puppetlabs/puppetdb/conf.d/puppetdb.ini',
'section' => 'puppetdb',
'setting' => 'certificate-whitelist',
'value' => '/etc/puppetlabs/puppetdb/certificate-whitelist'
)}
it { should contain_file('/etc/puppetlabs/puppetdb/certificate-whitelist').
with(
'ensure' => 'absent',
'owner' => 0,
'group' => 0,
'mode' => '0644',
'content' => ''
)}
it { should contain_file('/etc/puppetlabs/puppetdb/conf.d/puppetdb.ini').
with(
'ensure' => 'file',
'owner' => 'puppetdb',
'group' => 'puppetdb',
'mode' => '0600'
)}
end
describe 'when restricting access to puppetdb' do
let(:params) do
{
'certificate_whitelist' => [ 'puppetmaster' ]
}
end
it { should contain_ini_setting('puppetdb-connections-from-master-only').
with(
'ensure' => 'present',
'path' => '/etc/puppetlabs/puppetdb/conf.d/puppetdb.ini',
'section' => 'puppetdb',
'setting' => 'certificate-whitelist',
'value' => '/etc/puppetlabs/puppetdb/certificate-whitelist'
)}
it { should contain_file('/etc/puppetlabs/puppetdb/certificate-whitelist').
with(
'ensure' => 'present',
'owner' => 0,
'group' => 0,
'mode' => '0644',
'content' => "puppetmaster\n"
)}
end
end
end
Reference in a new issue View git blame Copy permalink