diff --git a/manifests/config.pp b/manifests/config.pp index 0c93633..70faa93 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -1,172 +1,176 @@ # == Class: icingaweb2::config # # This class manages general configuration files of Icinga Web 2. # # === Parameters # # This class does not provide any parameters. # # === Examples # # This class is private and should not be called by others than this module. # class icingaweb2::config { $conf_dir = $::icingaweb2::params::conf_dir $conf_user = $::icingaweb2::conf_user $conf_group = $::icingaweb2::params::conf_group $logging = $::icingaweb2::logging $logging_file = $::icingaweb2::logging_file $logging_dir = dirname($::icingaweb2::logging_file) $logging_level = $::icingaweb2::logging_level $show_stacktraces = $::icingaweb2::show_stacktraces $module_path = $::icingaweb2::module_path $theme = $::icingaweb2::theme $theme_disabled = $::icingaweb2::theme_disabled $import_schema = $::icingaweb2::import_schema $schema_dir = $::icingaweb2::params::schema_dir $db_name = $::icingaweb2::db_name $db_host = $::icingaweb2::db_host $db_port = $::icingaweb2::db_port $db_type = $::icingaweb2::db_type $db_username = $::icingaweb2::db_username $db_password = $::icingaweb2::db_password $default_domain = $::icingaweb2::default_domain $config_backend = $::icingaweb2::config_backend $config_resource = $::icingaweb2::config_backend ? { 'ini' => undef, 'db' => "${db_type}-icingaweb2", } File { mode => '0660', owner => $conf_user, group => $conf_group } Exec { user => 'root', path => $::path, } file { $logging_dir: ensure => directory, mode => '0750', } file { $logging_file: ensure => file, mode => '0640', } - icingaweb2::inisection {'logging': - target => "${conf_dir}/config.ini", - settings => { + icingaweb2::inisection { 'config-logging': + section_name => 'logging', + target => "${conf_dir}/config.ini", + settings => { 'log' => $logging, 'file' => $logging_file, 'level' => $logging_level }, } $settings = { 'show_stacktraces' => $show_stacktraces, 'module_path' => $module_path, 'config_backend' => $config_backend, 'config_resource' => $config_resource, } - icingaweb2::inisection {'global': - target => "${conf_dir}/config.ini", - settings => delete_undef_values($settings), + icingaweb2::inisection { 'config-global': + section_name => 'global', + target => "${conf_dir}/config.ini", + settings => delete_undef_values($settings), } if $default_domain { - icingaweb2::inisection {'authentication': - target => "${conf_dir}/config.ini", - settings => { + icingaweb2::inisection { 'config-authentication': + section_name => 'authentication', + target => "${conf_dir}/config.ini", + settings => { 'default_domain' => $default_domain, } } } - icingaweb2::inisection {'themes': - target => "${conf_dir}/config.ini", - settings => { + icingaweb2::inisection { 'config-themes': + section_name => 'themes', + target => "${conf_dir}/config.ini", + settings => { 'default' => $theme, 'disabled' => $theme_disabled, }, } file { "${conf_dir}/modules": ensure => 'directory' } file { "${conf_dir}/enabledModules": ensure => 'directory' } if $import_schema or $config_backend == 'db' { icingaweb2::config::resource { "${db_type}-icingaweb2": type => 'db', host => $db_host, port => $db_port, db_type => $db_type, db_name => $db_name, db_username => $db_username, db_password => $db_password, } } if $import_schema { icingaweb2::config::authmethod { "${db_type}-auth": backend => 'db', resource => "${db_type}-icingaweb2" } icingaweb2::config::role { 'default admin user': users => 'icingaadmin', permissions => '*', } icingaweb2::config::groupbackend { "${db_type}-group": backend => 'db', resource => "${db_type}-icingaweb2" } case $db_type { 'mysql': { exec { 'import schema': command => "mysql -h '${db_host}' -P '${db_port}' -u '${db_username}' -p'${db_password}' '${db_name}' < '${schema_dir}/mysql.schema.sql'", unless => "mysql -h '${db_host}' -P '${db_port}' -u '${db_username}' -p'${db_password}' '${db_name}' -Ns -e 'SELECT 1 FROM icingaweb_user'", notify => Exec['create default user'], } exec { 'create default user': command => "mysql -h '${db_host}' -P '${db_port}' -u '${db_username}' -p'${db_password}' '${db_name}' -Ns -e 'INSERT INTO icingaweb_user (name, active, password_hash) VALUES (\"icingaadmin\", 1, \"\$1\$3no6eqZp\$FlcHQDdnxGPqKadmfVcCU.\")'", refreshonly => true, } } 'pgsql': { exec { 'import schema': environment => ["PGPASSWORD=${db_password}"], command => "psql -h '${db_host}' -p '${db_port}' -U '${db_username}' -d '${db_name}' -w -f ${schema_dir}/pgsql.schema.sql", unless => "psql -h '${db_host}' -p '${db_port}' -U '${db_username}' -d '${db_name}' -w -c 'SELECT 1 FROM icingaweb_user'", notify => Exec['create default user'], } exec { 'create default user': environment => ["PGPASSWORD=${db_password}"], command => "psql -h '${db_host}' -p '${db_port}' -U '${db_username}' -d '${db_name}' -w -c \"INSERT INTO icingaweb_user(name, active, password_hash) VALUES ('icingaadmin', 1, '\\\$1\\\$3no6eqZp\\\$FlcHQDdnxGPqKadmfVcCU.')\"", refreshonly => true, } } default: { fail('The database type you provided is not supported.') } } } } diff --git a/manifests/config/authmethod.pp b/manifests/config/authmethod.pp index c3eb08d..0dc2661 100644 --- a/manifests/config/authmethod.pp +++ b/manifests/config/authmethod.pp @@ -1,90 +1,91 @@ # == Define: icingaweb2::config::authmethod # # Manage Icinga Web 2 authentication methods. Auth methods may be chained by setting proper ordering. Some backends # require additional resources. # # === Parameters # # [*backend*] # Select between 'external', 'ldap', 'msldap' or 'db'. Each backend may require other settings. # # [*resource*] # The name of the resource defined in resources.ini. # # [*ldap_user_class*] # LDAP user class. Only valid if `backend` is `ldap`. # # [*ldap_user_name_attribute*] # LDAP attribute which contains the username. Only valid if `backend` is `ldap`. # # [*ldap_filter*] # LDAP search filter. Only valid if `backend` is `ldap`. # # [*ldap_base_dn*] # LDAP base DN. Only valid if `backend` is `ldap`. # # [*domain*] # Domain for domain-aware authentication # # [*order*] # Multiple authentication methods can be chained. The order of entries in the authentication configuration determines # the order of the authentication methods. Defaults to `01` # # === Examples # # Create a 'db' authentication method and reference to 'my-sql' resource: # # icingaweb2::config::authmethod {'db-auth': # backend => 'db', # resource => 'my-sql', # order => '02', # } # define icingaweb2::config::authmethod( Enum['external', 'ldap', 'msldap', 'db'] $backend = undef, Optional[String] $resource = undef, Optional[String] $ldap_user_class = undef, Optional[String] $ldap_user_name_attribute = undef, Optional[String] $ldap_filter = undef, Optional[String] $ldap_base_dn = undef, Optional[String] $domain = undef, Pattern[/^\d+$/] $order = '01', ) { $conf_dir = $::icingaweb2::params::conf_dir case $backend { 'external': { $settings = { 'backend' => $backend, } } 'ldap': { $settings = { 'backend' => $backend, 'resource' => $resource, 'user_class' => $ldap_user_class, 'user_name_attribute' => $ldap_user_name_attribute, 'filter' => $ldap_filter, 'base_dn' => $ldap_base_dn, 'domain' => $domain, } } 'msldap', 'db': { $settings = { 'backend' => $backend, 'resource' => $resource, 'domain' => $domain, } } default: { fail('The backend type you provided is not supported.') } } - icingaweb2::inisection { $title: - target => "${conf_dir}/authentication.ini", - settings => delete_undef_values($settings), - order => $order, + icingaweb2::inisection { "authmethod-${title}": + section_name => $title, + target => "${conf_dir}/authentication.ini", + settings => delete_undef_values($settings), + order => $order, } } diff --git a/manifests/config/groupbackend.pp b/manifests/config/groupbackend.pp index 445b0b4..3d14bca 100644 --- a/manifests/config/groupbackend.pp +++ b/manifests/config/groupbackend.pp @@ -1,120 +1,121 @@ # == Define: icingaweb2::config::groupbackend # # Groups of users can be stored either in a database, LDAP or ActiveDirectory. This defined type configures backends # that store groups. # # === Parameters # # [*group_name*] # Name of the resources. Resources are referenced by their name in other configuration sections. # # [*backend*] # Type of backend. Valide values are: `db`, `ldap` and `msldap`. Each backend supports different settings, see the # parameters for detailed information. # # [*resource*] # The resource used to connect to the backend. The resource contains connection information. # # [*ldap_user_backend*] # A group backend can be connected with an authentication method. This parameter references the auth method. Only # valid with backend `ldap` or `msldap`. # # [*ldap_group_class*] # Class used to identify group objects. Only valid with backend `ldap`. # # [*ldap_group_filter*] # Use a LDAP filter to receive only certain groups. Only valid with backend `ldap` or `msldap`. # # [*ldap_group_name_attribute*] # The group name attribute. Only valid with backend `ldap`. # # [*ldap_group_member_attribute*] # The group member attribute. Only valid with backend `ldap`. # # [*ldap_base_dn*] # Base DN that is searched for groups. Only valid with backend `ldap` with `msldap`. # # [*ldap_nested_group_search*] # Search for groups in groups. Only valid with backend `msldap`. # # [*domain*] # Domain for domain-aware authentication # # === Examples # # A group backend for groups stored in LDAP: # # icingaweb2::config::groupbackend {'ldap-backend': # backend => 'ldap', # resource => 'my-ldap', # ldap_group_class => 'groupofnames', # ldap_group_name_attribute => 'cn', # ldap_group_member_attribute => 'member', # ldap_base_dn => 'ou=groups,dc=icinga,dc=com', # domain => 'icinga.com', # } # # define icingaweb2::config::groupbackend( String $group_name = $title, Enum['db', 'ldap', 'msldap'] $backend = undef, String $resource = undef, Optional[String] $ldap_user_backend = undef, Optional[String] $ldap_group_class = undef, Optional[String] $ldap_group_filter = undef, Optional[String] $ldap_group_name_attribute = undef, Optional[String] $ldap_group_member_attribute = undef, Optional[String] $ldap_base_dn = undef, Optional[Boolean] $ldap_nested_group_search = undef, Optional[String] $domain = undef, ) { $conf_dir = $::icingaweb2::params::conf_dir case $backend { 'db': { $settings = { 'backend' => $backend, 'resource' => $resource, 'domain' => $domain, } } 'ldap': { $settings = { 'backend' => $backend, 'resource' => $resource, 'user_backend' => $ldap_user_backend, 'group_class' => $ldap_group_class, 'group_filter' => $ldap_group_filter, 'group_name_attribute' => $ldap_group_name_attribute, 'group_member_attribute' => $ldap_group_member_attribute, 'base_dn' => $ldap_base_dn, 'domain' => $domain, } } 'msldap': { $ldap_nested_group_search_as_string = $ldap_nested_group_search ? { true => '1', default => '0', } $settings = { 'backend' => $backend, 'resource' => $resource, 'user_backend' => $ldap_user_backend, 'nested_group_search' => $ldap_nested_group_search_as_string, 'group_filter' => $ldap_group_filter, 'base_dn' => $ldap_base_dn, 'domain' => $domain, } } default: { fail('The backend type you provided is not supported.') } } - icingaweb2::inisection { $title: - target => "${conf_dir}/groups.ini", - settings => delete_undef_values($settings), + icingaweb2::inisection { "groupbackend-${title}": + section_name => $title, + target => "${conf_dir}/groups.ini", + settings => delete_undef_values($settings), } } diff --git a/manifests/config/resource.pp b/manifests/config/resource.pp index 053433e..6a6ba53 100644 --- a/manifests/config/resource.pp +++ b/manifests/config/resource.pp @@ -1,114 +1,115 @@ # == Define: icingaweb2::config::resource # # Create and remove Icinga Web 2 resources. Resources may be referenced in other configuration sections. # # === Parameters # # [*resource_name*] # Name of the resources. Resources are referenced by their name in other configuration sections. # # [*type*] # Supported resource types are `db` and `ldap`. # # [*host*] # Connect to the database or ldap server on the given host. For using unix domain sockets, specify 'localhost' for # MySQL and the path to the unix domain socket directory for PostgreSQL. When using the 'ldap' type you can also # provide multiple hosts separated by a space. # # [*port*] # Port number to use. # # [*db_type*] # Supported DB types are `mysql` and `pgsql`. # # [*db_name*] # The database to use. Only valid if `type` is `db`. # # [*db_username*] # The username to use when connecting to the server. Only valid if `type` is `db`. # # [*db_password*] # The password to use when connecting to the server. Only valid if `type` is `db`. # # [*db_charset*] # The character set to use for the database connection. Only valid if `type` is `db`. # # [*ldap_root_dn*] # Root object of the tree, e.g. 'ou=people,dc=icinga,dc=com'. Only valid if `type` is `ldap`. # # [*ldap_bind_dn*] # The user to use when connecting to the server. Only valid if `type` is `ldap`. # # [*ldap_bind_pw*] # The password to use when connecting to the server. Only valid if `type` is `ldap`. # # [*ldap_encryption*] # Type of encryption to use: none (default), starttls, ldaps. Only valid if `type` is `ldap`. # # === Examples # # Create a 'db' resource: # # icingaweb2::config::resource{'my-sql': # type => 'db', # db_type => 'mysql', # host => 'localhost', # port => '3306', # db_name => 'icingaweb2', # db_username => 'root', # db_password => 'supersecret', # } # # define icingaweb2::config::resource( String $resource_name = $title, Enum['db', 'ldap'] $type = undef, String $host = undef, Integer[1,65535] $port = undef, Optional[Enum['mysql', 'pgsql']] $db_type = undef, Optional[String] $db_name = undef, Optional[String] $db_username = undef, Optional[String] $db_password = undef, Optional[String] $db_charset = undef, Optional[String] $ldap_root_dn = undef, Optional[String] $ldap_bind_dn = undef, Optional[String] $ldap_bind_pw = undef, Optional[Enum['none', 'starttls', 'ldaps']] $ldap_encryption = 'none', ) { $conf_dir = $::icingaweb2::params::conf_dir case $type { 'db': { $settings = { 'type' => $type, 'db' => $db_type, 'host' => $host, 'port' => $port, 'dbname' => $db_name, 'username' => $db_username, 'password' => $db_password, 'charset' => $db_charset, } } 'ldap': { $settings = { 'type' => $type, 'hostname' => $host, 'port' => $port, 'root_dn' => $ldap_root_dn, 'bind_dn' => $ldap_bind_dn, 'bind_pw' => $ldap_bind_pw, 'encryption' => $ldap_encryption, } } default: { fail('The resource type you provided is not supported.') } } - icingaweb2::inisection { $resource_name: - target => "${conf_dir}/resources.ini", - settings => delete_undef_values($settings), + icingaweb2::inisection { "resource-${resource_name}": + section_name => $resource_name, + target => "${conf_dir}/resources.ini", + settings => delete_undef_values($settings), } } diff --git a/manifests/config/role.pp b/manifests/config/role.pp index d2aa4bd..c653999 100644 --- a/manifests/config/role.pp +++ b/manifests/config/role.pp @@ -1,65 +1,66 @@ # == Define: icingaweb2::config::resource # # Roles define a set of permissions that may be applied to users or groups. # # === Parameters # # [*role_name*] # Name of the role. # # [*users*] # Comma separated list of users this role applies to. # # [*groups*] # Comma separated list of groups this role applies to. # # [*permissions*] # Comma separated lsit of permissions. Each module may add it's own permissions. Examples are # - Allow everything: '*' # - Allow config access: 'config/*' # - Allow access do module monitoring: 'module/monitoring' # - Allow scheduling checks: 'monitoring/command/schedule-checks' # - Grant admin permissions: 'admin' # # [*filters*] # Hash of filters. Modules may add new filter keys, some sample keys are: # - application/share/users # - application/share/groups # - monitoring/filter/objects # - monitoring/blacklist/properties # A string value is expected for each used key. For example: # - monitoring/filter/objects = "host_name!=*win*" # # === Examples # # Create role that allows only hosts beginning with 'linux-*': # # icingaweb2::config::role{'linux-user': # groups => 'linuxer', # permissions => '*', # filters => { # 'monitoring/filter/objects' => 'host_name=linux-*' # } # } # define icingaweb2::config::role( String $role_name = $title, Optional[String] $users = undef, Optional[String] $groups = undef, Optional[String] $permissions = undef, Hash $filters = {}, ) { $conf_dir = $::icingaweb2::params::conf_dir $settings = { 'users' => $users, 'groups' => $groups, 'permissions' => $permissions, } - icingaweb2::inisection{ $role_name: - target => "${conf_dir}/roles.ini", - settings => delete_undef_values(merge($settings,$filters)) + icingaweb2::inisection{ "role-${role_name}": + section_name => $role_name, + target => "${conf_dir}/roles.ini", + settings => delete_undef_values(merge($settings,$filters)) } } diff --git a/spec/classes/config_spec.rb b/spec/classes/config_spec.rb index 69a6e22..161fe22 100644 --- a/spec/classes/config_spec.rb +++ b/spec/classes/config_spec.rb @@ -1,93 +1,93 @@ require 'spec_helper' describe('icingaweb2::config', :type => :class) do on_supported_os.each do |os, facts| context "on #{os}" do let :facts do facts end context 'with default parameters' do let :pre_condition do "class { 'icingaweb2': }" end - it { is_expected.to contain_icingaweb2__inisection('logging') } - it { is_expected.to contain_icingaweb2__inisection('global') + it { is_expected.to contain_icingaweb2__inisection('config-logging') } + it { is_expected.to contain_icingaweb2__inisection('config-global') .with_settings({ 'show_stacktraces' => false, 'module_path' => '/usr/share/icingaweb2/modules', 'config_backend' => 'ini' }) } - it { is_expected.to contain_icingaweb2__inisection('themes') } + it { is_expected.to contain_icingaweb2__inisection('config-themes') } it { is_expected.to contain_file('/var/log/icingaweb2') .with_ensure('directory') .with_mode('0750') } it { is_expected.to contain_file('/var/log/icingaweb2/icingaweb2.log') .with_ensure('file') .with_mode('0640') } end context 'with import_schema => true and db_type => mysql' do let :pre_condition do "class { 'icingaweb2': import_schema => true, db_type => 'mysql'}" end it { is_expected.to contain_icingaweb2__config__resource('mysql-icingaweb2')} it { is_expected.to contain_icingaweb2__config__authmethod('mysql-auth')} it { is_expected.to contain_icingaweb2__config__role('default admin user')} it { is_expected.to contain_exec('import schema') } it { is_expected.to contain_exec('create default user') } end context 'with import_schema => true and db_type => pgsql' do let :pre_condition do "class { 'icingaweb2': import_schema => true, db_type => 'pgsql'}" end it { is_expected.to contain_icingaweb2__config__resource('pgsql-icingaweb2')} it { is_expected.to contain_icingaweb2__config__authmethod('pgsql-auth')} it { is_expected.to contain_icingaweb2__config__role('default admin user')} it { is_expected.to contain_exec('import schema') } it { is_expected.to contain_exec('create default user') } end context 'with import_schema => true and invalid db_type' do let :pre_condition do "class { 'icingaweb2': import_schema => true, db_type => 'foobar'}" end it { is_expected.to raise_error(Puppet::Error, /expects a match for Enum\['mysql', 'pgsql'\]/) } end context 'with import_schema => false' do let :pre_condition do "class { 'icingaweb2': import_schema => false }" end it { is_expected.not_to contain_exec('import schema')} it { is_expected.not_to contain_exec('create default user')} it { is_expected.not_to contain_icingaweb2__config__role('default admin user')} end context 'with config_backend => db' do let :pre_condition do "class { 'icingaweb2': config_backend => 'db' }" end - it { is_expected.to contain_icingaweb2__inisection('global') + it { is_expected.to contain_icingaweb2__inisection('config-global') .with_settings({ 'show_stacktraces' => false, 'module_path' => '/usr/share/icingaweb2/modules', 'config_backend' => 'db', 'config_resource' => 'mysql-icingaweb2' }) } it { is_expected.to contain_icingaweb2__config__resource('mysql-icingaweb2')} end context 'with invalid config_backend' do let :pre_condition do "class { 'icingaweb2': config_backend => 'foobar' }" end it { is_expected.to raise_error(Puppet::Error, /expects a match for Enum\['db', 'ini'\]/) } end end end end diff --git a/spec/defines/authmethod_spec.rb b/spec/defines/authmethod_spec.rb index 986ce5b..0a58ab6 100644 --- a/spec/defines/authmethod_spec.rb +++ b/spec/defines/authmethod_spec.rb @@ -1,59 +1,59 @@ require 'spec_helper' describe('icingaweb2::config::authmethod', :type => :define) do let(:title) { 'myauthmethod' } let(:pre_condition) { [ "class { 'icingaweb2': }" ] } on_supported_os.each do |os, facts| context "on #{os}" do let :facts do facts end context "#{os} with backend 'external'" do let(:params) { { :backend => 'external', :order => '10' } } - it { is_expected.to contain_icingaweb2__inisection('myauthmethod') + it { is_expected.to contain_icingaweb2__inisection('authmethod-myauthmethod') .with_target('/etc/icingaweb2/authentication.ini') .with_settings({'backend'=>'external'}) .with_order('10')} end context "#{os} with backend 'ldap'" do let(:params) { { :backend => 'ldap', :resource => 'myresource', :ldap_user_class => 'users', :ldap_user_name_attribute => 'uid', :ldap_filter => 'foobar', :domain => 'icinga.com', :order => '10' } } - it { is_expected.to contain_icingaweb2__inisection('myauthmethod') + it { is_expected.to contain_icingaweb2__inisection('authmethod-myauthmethod') .with_target('/etc/icingaweb2/authentication.ini') .with_settings({'backend'=>'ldap', 'resource'=>'myresource', 'user_class'=>'users', 'user_name_attribute'=>'uid', 'filter'=>'foobar', 'domain'=>'icinga.com' }, ) .with_order('10')} end context "#{os} with backend 'msldap'" do let(:params) { { :backend => 'msldap', :resource => 'myresource', :order => '10' } } - it { is_expected.to contain_icingaweb2__inisection('myauthmethod') + it { is_expected.to contain_icingaweb2__inisection('authmethod-myauthmethod') .with_target('/etc/icingaweb2/authentication.ini') .with_settings({'backend'=>'msldap', 'resource'=>'myresource'}) .with_order('10')} end context "#{os} with backend 'db'" do let(:params) { { :backend => 'db', :resource => 'myresource', :order => '10' } } - it { is_expected.to contain_icingaweb2__inisection('myauthmethod') + it { is_expected.to contain_icingaweb2__inisection('authmethod-myauthmethod') .with_target('/etc/icingaweb2/authentication.ini') .with_settings({'backend'=>'db', 'resource'=>'myresource'}) .with_order('10')} end context "#{os} with invalid backend" do let(:params) { { :backend => 'foobar' } } it { is_expected.to raise_error(Puppet::Error, /expects a match for Enum\['db', 'external', 'ldap', 'msldap'\]/) } end end end end diff --git a/spec/defines/groupbackend_spec.rb b/spec/defines/groupbackend_spec.rb index 1c843bd..16cc81c 100644 --- a/spec/defines/groupbackend_spec.rb +++ b/spec/defines/groupbackend_spec.rb @@ -1,47 +1,47 @@ require 'spec_helper' describe('icingaweb2::config::groupbackend', :type => :define) do let(:title) { 'mygroupbackend' } let(:pre_condition) { [ "class { 'icingaweb2': }" ] } on_supported_os.each do |os, facts| context "on #{os}" do let :facts do facts end context "#{os} with backend 'db'" do let(:params) { { :backend => 'db', :resource => 'my-ldap' } } - it { is_expected.to contain_icingaweb2__inisection('mygroupbackend') + it { is_expected.to contain_icingaweb2__inisection('groupbackend-mygroupbackend') .with_target('/etc/icingaweb2/groups.ini') .with_settings({'backend'=>'db', 'resource' => 'my-ldap'})} end context "#{os} with backend 'ldap'" do let(:params) { { :backend => 'ldap', :resource => 'my-ldap', :ldap_group_class => 'groupofnames', :ldap_group_name_attribute => 'cn', :ldap_group_member_attribute => 'member', :ldap_base_dn => 'foobar', :domain => 'icinga.com' } } - it { is_expected.to contain_icingaweb2__inisection('mygroupbackend') + it { is_expected.to contain_icingaweb2__inisection('groupbackend-mygroupbackend') .with_target('/etc/icingaweb2/groups.ini') .with_settings({'backend'=>'ldap', 'resource'=>'my-ldap', 'group_class'=>'groupofnames', 'group_name_attribute'=>'cn', 'group_member_attribute'=>'member', 'base_dn'=>'foobar', 'domain' => 'icinga.com'})} end context "#{os} with backend 'msldap'" do let(:params) { { :backend => 'msldap', :resource => 'my-msldap', :ldap_user_backend => 'ad1', :ldap_nested_group_search => true, :ldap_group_filter => 'baz', :ldap_base_dn => 'foobar', :domain => 'icinga.com' } } - it { is_expected.to contain_icingaweb2__inisection('mygroupbackend') + it { is_expected.to contain_icingaweb2__inisection('groupbackend-mygroupbackend') .with_target('/etc/icingaweb2/groups.ini') .with_settings({'backend'=>'msldap', 'resource'=>'my-msldap', 'user_backend'=>'ad1', 'nested_group_search'=>'1', 'group_filter'=>'baz', 'base_dn'=>'foobar', 'domain' => 'icinga.com' })} end context "#{os} with invalid backend" do let(:params) { { :backend => 'foobar' } } it { is_expected.to raise_error(Puppet::Error, /expects a match for Enum\['db', 'ldap', 'msldap'\]/) } end end end end diff --git a/spec/defines/resource_spec.rb b/spec/defines/resource_spec.rb index 0bfbf2b..102a9cd 100644 --- a/spec/defines/resource_spec.rb +++ b/spec/defines/resource_spec.rb @@ -1,56 +1,56 @@ require 'spec_helper' describe('icingaweb2::config::resource', :type => :define) do let(:title) { 'myresource' } let(:pre_condition) { [ "class { 'icingaweb2': }" ] } on_supported_os.each do |os, facts| context "on #{os}" do let :facts do facts end context "#{os} with type db" do let(:params) { { :type => 'db', :host => 'localhost', :port => 3306, :db_type => 'mysql', :db_name => 'foo', :db_username => 'bar', :db_password => 'secret' } } - it { is_expected.to contain_icingaweb2__inisection('myresource') + it { is_expected.to contain_icingaweb2__inisection('resource-myresource') .with_target('/etc/icingaweb2/resources.ini') .with_settings({'type'=>'db', 'db'=>'mysql', 'host'=>'localhost', 'port'=>'3306', 'dbname'=>'foo', 'username'=>'bar', 'password'=>'secret'}) } end context "#{os} with type ldap" do let(:params) { { :type => 'ldap', :host => 'localhost', :port => 389, :ldap_root_dn => 'cn=foo,dc=bar', :ldap_bind_dn => 'cn=root,dc=bar', :ldap_bind_pw => 'secret' } } - it { is_expected.to contain_icingaweb2__inisection('myresource') + it { is_expected.to contain_icingaweb2__inisection('resource-myresource') .with_target('/etc/icingaweb2/resources.ini') .with_settings({'type'=>'ldap', 'hostname'=>'localhost', 'port'=>'389', 'root_dn'=>'cn=foo,dc=bar', 'bind_dn'=>'cn=root,dc=bar', 'bind_pw'=>'secret', 'encryption'=>'none'})} end context "#{os} with invalid type" do let(:params) { { :type => 'foobar', :host => 'localhost', :port => 3306 } } it { is_expected.to raise_error(Puppet::Error, /expects a match for Enum\['db', 'ldap'\]/) } end end end end diff --git a/spec/defines/role_spec.rb b/spec/defines/role_spec.rb index 62396b5..5152720 100644 --- a/spec/defines/role_spec.rb +++ b/spec/defines/role_spec.rb @@ -1,34 +1,34 @@ require 'spec_helper' describe('icingaweb2::config::role', :type => :define) do let(:title) { 'myrole' } let(:pre_condition) { [ "class { 'icingaweb2': }" ] } on_supported_os.each do |os, facts| context "on #{os}" do let :facts do facts end context "#{os} with users => 'bob, pete' and permissions => '*'" do let(:params) { { :users => 'bob, pete', :permissions => '*' } } - it { is_expected.to contain_icingaweb2__inisection('myrole') + it { is_expected.to contain_icingaweb2__inisection('role-myrole') .with_target('/etc/icingaweb2/roles.ini') .with_settings({'users'=>'bob, pete', 'permissions' => '*'}) } end context "#{os} with users => 'bob, pete', permissions => 'module/monitoring', filters => {'monitoring/filter/objects' => 'host_name=linux-*'}" do let(:params) { { :users => 'bob, pete', :permissions => 'module/monitoring', :filters => {'monitoring/filter/objects' => 'host_name=linux-*'} } } - it { is_expected.to contain_icingaweb2__inisection('myrole') + it { is_expected.to contain_icingaweb2__inisection('role-myrole') .with_target('/etc/icingaweb2/roles.ini') .with_settings({'users'=>'bob, pete', 'permissions'=>'module/monitoring', 'monitoring/filter/objects'=>'host_name=linux-*'}) } end end end end