1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
|
require 'spec_helper'
describe 'keystone::federation::shibboleth' do
let(:pre_condition) do
<<-EOS
include apache
class { 'keystone::wsgi::apache': }
EOS
end
let :default_params do
{
:methods => 'password, token, saml2',
:template_order => 331,
}
end
shared_examples 'keystone::federation::shibboleth with invalid parameters' do
context 'external method' do
let (:params) { default_params.merge(:methods => ['external']) }
it_raises 'a Puppet::Error', /The external method/
end
context 'method missing saml2' do
let (:params) { default_params.merge(:methods => ['password', 'token', 'oauth1']) }
it_raises 'a Puppet::Error', /Methods should contain saml2 as one of the auth methods./
end
context 'template port too low' do
let(:params) { default_params.merge(:template_order => 330) }
it_raises 'a Puppet::Error', /The template order should be greater than 330 and less than 999./
end
context 'template port too high' do
let(:params) { default_params.merge(:template_order => 999) }
it_raises 'a Puppet::Error', /The template order should be greater than 330 and less than 999./
end
end
shared_examples 'keystone::federation::shibboleth' do
let(:pre_condition) do
<<-EOS
include apache
class { 'keystone::wsgi::apache': }
EOS
end
context 'with only required parameters' do
let (:params) { default_params }
it 'should have basic params for shibboleth in Keystone configuration' do
is_expected.to contain_keystone_config('auth/methods').with_value('password, token, saml2')
end
end
context 'with override default parameters' do
let (:params) { default_params.merge({
:methods => ['password', 'token', 'saml2', 'somethingelse'],
}) }
it 'should have basic params for shibboleth in Keystone configuration' do
is_expected.to contain_keystone_config('auth/methods').with_value('password,token,saml2,somethingelse')
end
end
end
shared_examples 'keystone::federation::shibboleth on RedHat' do
context 'with shibboleth package' do
let(:pre_condition) do
<<-EOS
include apache
package { 'shibboleth': ensure => present }
class { 'keystone::wsgi::apache': }
EOS
end
context 'with defaults' do
let (:params) { default_params }
it { is_expected.to contain_apache__mod('shib2') }
it { is_expected.to contain_keystone_config('auth/methods').with_value('password, token, saml2') }
it { is_expected.to contain_apache__vhost__fragment('configure_shibboleth_keystone').with({
:vhost => 'keystone_wsgi',
# This need to change if priority is changed in keystone::wsgi::apache
:priority => 10,
:order => params[:template_order],
})}
it { is_expected.to contain_concat('10-keystone_wsgi.conf').with_show_diff(false) }
end
end
context 'with shibboleth repo' do
let(:pre_condition) do
<<-EOS
include apache
yumrepo { 'shibboleth': ensure => present }
class { 'keystone::wsgi::apache': }
EOS
end
context 'with defaults' do
let (:params) { default_params }
it { is_expected.to contain_apache__mod('shib2') }
it { is_expected.to contain_keystone_config('auth/methods').with_value('password, token, saml2') }
it { is_expected.to contain_apache__vhost__fragment('configure_shibboleth_keystone').with({
:vhost => 'keystone_wsgi',
# This need to change if priority is changed in keystone::wsgi::apache
:priority => 10,
:order => params[:template_order],
})}
it { is_expected.to contain_concat('10-keystone_wsgi.conf').with_show_diff(false) }
end
end
context 'without repo or package' do
context 'with defaults' do
let (:params) { default_params }
it { is_expected.to_not contain_apache__mod('shib2') }
it { is_expected.to contain_keystone_config('auth/methods').with_value('password, token, saml2') }
it { is_expected.to_not contain_apache__vhost__fragment('configure_shibboleth_keystone') }
end
end
end
shared_examples 'keystone::federation::shibboleth on Debian' do
context 'with defaults' do
let (:params) { default_params }
it { is_expected.to contain_apache__mod('shib2') }
it { is_expected.to contain_apache__vhost__fragment('configure_shibboleth_keystone').with({
:vhost => 'keystone_wsgi',
# This need to change if priority is changed in keystone::wsgi::apache
:priority => 10,
:order => params[:template_order],
})}
it { is_expected.to contain_concat('10-keystone_wsgi.conf').with_show_diff(false) }
end
end
on_supported_os({
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge(OSDefaults.get_facts())
end
it_behaves_like 'keystone::federation::shibboleth'
it_behaves_like 'keystone::federation::shibboleth with invalid parameters'
it_behaves_like "keystone::federation::shibboleth on #{facts[:os]['family']}"
end
end
end
|
