diff --git a/lib/puppet/type/elasticsearch_role.rb b/lib/puppet/type/elasticsearch_role.rb index ae129bb..2248ab5 100644 --- a/lib/puppet/type/elasticsearch_role.rb +++ b/lib/puppet/type/elasticsearch_role.rb @@ -1,15 +1,15 @@ Puppet::Type.newtype(:elasticsearch_role) do desc 'Type to model Elasticsearch roles.' ensurable newparam(:name, :namevar => true) do desc 'Role name.' - newvalues(/^[a-zA-Z_]{1}[-\w@.$]{0,29}$/) + newvalues(/^[a-zA-Z_]{1}[-\w@.$]{0,39}$/) end newproperty(:privileges) do desc 'Security privileges of the given role.' end end diff --git a/lib/puppet/type/elasticsearch_role_mapping.rb b/lib/puppet/type/elasticsearch_role_mapping.rb index 4a52bda..6bc669c 100644 --- a/lib/puppet/type/elasticsearch_role_mapping.rb +++ b/lib/puppet/type/elasticsearch_role_mapping.rb @@ -1,15 +1,15 @@ Puppet::Type.newtype(:elasticsearch_role_mapping) do desc 'Type to model Elasticsearch role mappings.' ensurable newparam(:name, :namevar => true) do desc 'Role name.' - newvalues(/^[a-zA-Z_]{1}[-\w@.$]{0,29}$/) + newvalues(/^[a-zA-Z_]{1}[-\w@.$]{0,39}$/) end newproperty(:mappings, :array_matching => :all) do desc 'List of role mappings.' end end diff --git a/manifests/role.pp b/manifests/role.pp index d2fe507..79a63c5 100644 --- a/manifests/role.pp +++ b/manifests/role.pp @@ -1,58 +1,58 @@ # Manage x-pack roles. # # @param ensure # Whether the role should be present or not. # Set to 'absent' to ensure a role is not present. # # @param mappings # A list of optional mappings defined for this role. # # @param privileges # A hash of permissions defined for the role. Valid privilege settings can # be found in the x-pack documentation. # # @example create and manage the role 'power_user' mapped to an LDAP group. # elasticsearch::role { 'power_user': # privileges => { # 'cluster' => 'monitor', # 'indices' => { # '*' => 'all', # }, # }, # mappings => [ # "cn=users,dc=example,dc=com", # ], # } # # @author Tyler Langlois # @author Gavin Williams # define elasticsearch::role ( Enum['absent', 'present'] $ensure = 'present', Array $mappings = [], Hash $privileges = {}, ) { - validate_slength($name, 30, 1) + validate_slength($name, 40, 1) if empty($privileges) or $ensure == 'absent' { $_role_ensure = 'absent' } else { $_role_ensure = $ensure } if empty($mappings) or $ensure == 'absent' { $_mapping_ensure = 'absent' } else { $_mapping_ensure = $ensure } elasticsearch_role { $name : ensure => $_role_ensure, privileges => $privileges, } elasticsearch_role_mapping { $name : ensure => $_mapping_ensure, mappings => $mappings, } } diff --git a/spec/defines/008_elasticsearch_role_spec.rb b/spec/defines/008_elasticsearch_role_spec.rb index 2275d57..df1e6b3 100644 --- a/spec/defines/008_elasticsearch_role_spec.rb +++ b/spec/defines/008_elasticsearch_role_spec.rb @@ -1,109 +1,109 @@ require 'spec_helper' describe 'elasticsearch::role' do let(:title) { 'elastic_role' } let(:pre_condition) do <<-EOS class { 'elasticsearch': } EOS end let(:params) do { :privileges => { 'cluster' => '*' }, :mappings => [ 'cn=users,dc=example,dc=com', 'cn=admins,dc=example,dc=com', 'cn=John Doe,cn=other users,dc=example,dc=com' ] } end on_supported_os( :hardwaremodels => ['x86_64'], :supported_os => [ { 'operatingsystem' => 'CentOS', 'operatingsystemrelease' => ['7'] } ] ).each do |os, facts| context "on #{os}" do let(:facts) { facts.merge( :scenario => '', :common => '' ) } context 'with an invalid role name' do context 'too long' do - let(:title) { 'A' * 31 } + let(:title) { 'A' * 41 } it { should raise_error(Puppet::Error, /expected length/i) } end end context 'with default parameters' do it { should contain_elasticsearch__role('elastic_role') } it { should contain_elasticsearch_role('elastic_role') } it do should contain_elasticsearch_role_mapping('elastic_role').with( 'ensure' => 'present', 'mappings' => [ 'cn=users,dc=example,dc=com', 'cn=admins,dc=example,dc=com', 'cn=John Doe,cn=other users,dc=example,dc=com' ] ) end end describe 'collector ordering' do describe 'when present' do let(:pre_condition) do <<-EOS class { 'elasticsearch': } elasticsearch::template { 'foo': content => {"foo" => "bar"} } elasticsearch::user { 'elastic': password => 'foobar', roles => ['elastic_role'], } EOS end it { should contain_elasticsearch__role('elastic_role') .that_comes_before([ 'Elasticsearch::Template[foo]', 'Elasticsearch::User[elastic]' ])} include_examples 'class', :systemd end describe 'when absent' do let(:pre_condition) do <<-EOS class { 'elasticsearch': } elasticsearch::template { 'foo': content => {"foo" => "bar"} } elasticsearch::user { 'elastic': password => 'foobar', roles => ['elastic_role'], } EOS end include_examples 'class', :systemd # TODO: Uncomment once upstream issue is fixed. # https://github.com/rodjek/rspec-puppet/issues/418 # it { should contain_elasticsearch__shield__role('elastic_role') # .that_comes_before([ # 'Elasticsearch::Template[foo]', # 'Elasticsearch::Plugin[shield]', # 'Elasticsearch::Shield::User[elastic]' # ])} end end end end end diff --git a/spec/unit/type/elasticsearch_role_mapping_spec.rb b/spec/unit/type/elasticsearch_role_mapping_spec.rb index 309e533..4f5394b 100644 --- a/spec/unit/type/elasticsearch_role_mapping_spec.rb +++ b/spec/unit/type/elasticsearch_role_mapping_spec.rb @@ -1,66 +1,66 @@ require 'spec_helper_rspec' describe Puppet::Type.type(:elasticsearch_role_mapping) do let(:resource_name) { 'elastic_role' } describe 'when validating attributes' do [:name].each do |param| it "should have a #{param} parameter" do expect(described_class.attrtype(param)).to eq(:param) end end [:ensure, :mappings].each do |prop| it "should have a #{prop} property" do expect(described_class.attrtype(prop)).to eq(:property) end end end # of describe when validating attributes describe 'when validating values' do describe 'ensure' do it 'should support present as a value for ensure' do expect { described_class.new( :name => resource_name, :ensure => :present ) }.to_not raise_error end it 'should support absent as a value for ensure' do expect { described_class.new( :name => resource_name, :ensure => :absent ) }.to_not raise_error end it 'should not support other values' do expect { described_class.new( :name => resource_name, :ensure => :foo ) }.to raise_error(Puppet::Error, /Invalid value/) end end describe 'name' do it 'should reject long role names' do expect { described_class.new( - :name => 'a' * 31 + :name => 'a' * 41 ) }.to raise_error( Puppet::ResourceError, /valid values/i ) end it 'should reject invalid role characters' do ['@foobar', '0foobar'].each do |role| expect { described_class.new( :name => role ) }.to raise_error( Puppet::ResourceError, /valid values/i ) end end end end # of describing when validing values end # of describe Puppet::Type diff --git a/spec/unit/type/elasticsearch_role_spec.rb b/spec/unit/type/elasticsearch_role_spec.rb index 44c2a67..f007d52 100644 --- a/spec/unit/type/elasticsearch_role_spec.rb +++ b/spec/unit/type/elasticsearch_role_spec.rb @@ -1,66 +1,66 @@ require 'spec_helper_rspec' describe Puppet::Type.type(:elasticsearch_role) do let(:resource_name) { 'elastic_role' } describe 'when validating attributes' do [:name].each do |param| it "should have a #{param} parameter" do expect(described_class.attrtype(param)).to eq(:param) end end [:ensure, :privileges].each do |prop| it "should have a #{prop} property" do expect(described_class.attrtype(prop)).to eq(:property) end end end # of describe when validating attributes describe 'when validating values' do describe 'ensure' do it 'should support present as a value for ensure' do expect { described_class.new( :name => resource_name, :ensure => :present ) }.to_not raise_error end it 'should support absent as a value for ensure' do expect { described_class.new( :name => resource_name, :ensure => :absent ) }.to_not raise_error end it 'should not support other values' do expect { described_class.new( :name => resource_name, :ensure => :foo ) }.to raise_error(Puppet::Error, /Invalid value/) end end describe 'name' do it 'should reject long role names' do expect { described_class.new( - :name => 'a' * 31 + :name => 'a' * 41 ) }.to raise_error( Puppet::ResourceError, /valid values/i ) end it 'should reject invalid role characters' do ['@foobar', '0foobar'].each do |role| expect { described_class.new( :name => role ) }.to raise_error( Puppet::ResourceError, /valid values/i ) end end end end # of describing when validing values end # of describe Puppet::Type