1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
require 'spec_helper'
describe 'glance::property_protection' do
shared_examples 'glance::property_protection' do
context 'with defaults' do
it 'configures the property protection parameters' do
is_expected.to contain_glance_api_config('DEFAULT/property_protection_file')
.with_value('<SERVICE DEFAULT>')
is_expected.to contain_glance_api_config('DEFAULT/property_protection_rule_format')
.with_value('<SERVICE DEFAULT>')
end
it 'shoul remove the property protection config file' do
is_expected.to contain_file('/etc/glance/property-protections.conf').with(
:ensure => 'absent',
)
end
end
context 'with parameters (policies format)' do
let :params do
{
:property_protection_rule_format => 'policies',
:rules => {
'^x_.*/create' => { 'value' => 'default' },
'^x_.*/read' => { 'value' => 'default' },
'^x_.*/update' => { 'value' => 'default' },
'^x_.*/delete' => { 'value' => 'default' },
}
}
end
it 'configures the property protection parameters' do
is_expected.to contain_glance_api_config('DEFAULT/property_protection_file')
.with_value('/etc/glance/property-protections.conf')
is_expected.to contain_glance_api_config('DEFAULT/property_protection_rule_format')
.with_value('policies')
end
it 'should configure the property protection config file' do
is_expected.to contain_file('/etc/glance/property-protections.conf').with(
:ensure => 'file',
:owner => 'root',
:group => 'glance',
:mode => '0640',
)
is_expected.to contain_glance_property_protections_config('^x_.*/create')
.with_value('default')
is_expected.to contain_glance_property_protections_config('^x_.*/read')
.with_value('default')
is_expected.to contain_glance_property_protections_config('^x_.*/update')
.with_value('default')
is_expected.to contain_glance_property_protections_config('^x_.*/delete')
.with_value('default')
end
end
context 'with parameters (roles format)' do
let :params do
{
:property_protection_rule_format => 'roles',
:rules => {
'^x_.*/create' => { 'value' => ['admin', 'member', '_member_'] },
'^x_.*/read' => { 'value' => ['admin', 'member', '_member_'] },
'^x_.*/update' => { 'value' => ['admin', 'member', '_member_'] },
'^x_.*/delete' => { 'value' => ['admin', 'member', '_member_'] },
}
}
end
it 'configures the property protection parameters' do
is_expected.to contain_glance_api_config('DEFAULT/property_protection_file')
.with_value('/etc/glance/property-protections.conf')
is_expected.to contain_glance_api_config('DEFAULT/property_protection_rule_format')
.with_value('roles')
end
it 'should configure the property protection config file' do
is_expected.to contain_file('/etc/glance/property-protections.conf').with(
:ensure => 'file',
:owner => 'root',
:group => 'glance',
:mode => '0640',
)
is_expected.to contain_glance_property_protections_config('^x_.*/create')
.with_value('admin,member,_member_')
is_expected.to contain_glance_property_protections_config('^x_.*/read')
.with_value('admin,member,_member_')
is_expected.to contain_glance_property_protections_config('^x_.*/update')
.with_value('admin,member,_member_')
is_expected.to contain_glance_property_protections_config('^x_.*/delete')
.with_value('admin,member,_member_')
end
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts())
end
it_behaves_like 'glance::property_protection'
end
end
end
|
