diff --git a/spec/unit/defines/server/grant_role_spec.rb b/spec/unit/defines/server/grant_role_spec.rb index d93b1e4..12a41e2 100644 --- a/spec/unit/defines/server/grant_role_spec.rb +++ b/spec/unit/defines/server/grant_role_spec.rb @@ -1,161 +1,105 @@ require 'spec_helper' describe 'postgresql::server::grant_role', :type => :define do let :pre_condition do "class { 'postgresql::server': }" end let :facts do {:osfamily => 'Debian', :operatingsystem => 'Debian', :operatingsystemrelease => '6.0', :kernel => 'Linux', :concat_basedir => tmpfilename('postgis'), :id => 'root', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end let (:title) { 'test' } let (:params) { { :group => 'my_group', :role => 'my_role', } } context "with mandatory arguments only" do it { is_expected.to contain_postgresql_psql("grant_role:#{title}").with({ :command => "GRANT \"#{params[:group]}\" TO \"#{params[:role]}\"", :unless => "SELECT 1 WHERE EXISTS (SELECT 1 FROM pg_roles AS r_role JOIN pg_auth_members AS am ON r_role.oid = am.member JOIN pg_roles AS r_group ON r_group.oid = am.roleid WHERE r_group.rolname = '#{params[:group]}' AND r_role.rolname = '#{params[:role]}') = true", }).that_requires('Class[postgresql::server]') } end - context "validation" do - context "group invalid type" do - let (:params) { { - :group => ['a', 'b'], - :role => 'r', - } } - - it { - expect { catalogue }.to raise_error(Puppet::Error, /is not a string/) - } - end - - context "role invalid type" do - let (:params) { { - :group => 'g', - :role => true, - } } - - it { - expect { catalogue }.to raise_error(Puppet::Error, /is not a string/) - } - end - - context "group empty" do - let (:params) { { - :group => '', - :role => 'r', - } } - - it { - expect { catalogue }.to raise_error(/\$group must be set/) - } - end - - context "role empty" do - let (:params) { { - :group => 'g', - :role => '', - } } - - it { - expect { catalogue }.to raise_error(/\$role must be set/) - } - end - end - context "with db arguments" do let (:params) { super().merge({ :psql_db => 'postgres', :psql_user => 'postgres', :port => '5432', }) } it { is_expected.to contain_postgresql_psql("grant_role:#{title}").with({ :command => "GRANT \"#{params[:group]}\" TO \"#{params[:role]}\"", :unless => "SELECT 1 WHERE EXISTS (SELECT 1 FROM pg_roles AS r_role JOIN pg_auth_members AS am ON r_role.oid = am.member JOIN pg_roles AS r_group ON r_group.oid = am.roleid WHERE r_group.rolname = '#{params[:group]}' AND r_role.rolname = '#{params[:role]}') = true", :db => params[:psql_db], :psql_user => params[:psql_user], :port => params[:port], }).that_requires('Class[postgresql::server]') } end context "with ensure => absent" do let (:params) { super().merge({ :ensure => 'absent', }) } it { is_expected.to contain_postgresql_psql("grant_role:#{title}").with({ :command => "REVOKE \"#{params[:group]}\" FROM \"#{params[:role]}\"", :unless => "SELECT 1 WHERE EXISTS (SELECT 1 FROM pg_roles AS r_role JOIN pg_auth_members AS am ON r_role.oid = am.member JOIN pg_roles AS r_group ON r_group.oid = am.roleid WHERE r_group.rolname = '#{params[:group]}' AND r_role.rolname = '#{params[:role]}') != true", }).that_requires('Class[postgresql::server]') } end - context "with ensure => invalid" do - let (:params) { super().merge({ - :ensure => 'invalid', - }) } - - it { - expect { catalogue }.to raise_error(Puppet::Error, /Unknown value for ensure/) - } - end - context "with user defined" do let :pre_condition do "class { 'postgresql::server': } postgresql::server::role { '#{params[:role]}': }" end it { is_expected.to contain_postgresql_psql("grant_role:#{title}").that_requires("Postgresql::Server::Role[#{params[:role]}]") } it { is_expected.not_to contain_postgresql_psql("grant_role:#{title}").that_requires("Postgresql::Server::Role[#{params[:group]}]") } end context "with group defined" do let :pre_condition do "class { 'postgresql::server': } postgresql::server::role { '#{params[:group]}': }" end it { is_expected.to contain_postgresql_psql("grant_role:#{title}").that_requires("Postgresql::Server::Role[#{params[:group]}]") } it { is_expected.not_to contain_postgresql_psql("grant_role:#{title}").that_requires("Postgresql::Server::Role[#{params[:role]}]") } end context "with connect_settings" do let (:params) { super().merge({ :connect_settings => { 'PGHOST' => 'postgres-db-server' }, }) } it { is_expected.to contain_postgresql_psql("grant_role:#{title}").with_connect_settings( { 'PGHOST' => 'postgres-db-server' } ) } it { is_expected.not_to contain_postgresql_psql("grant_role:#{title}").that_requires('Class[postgresql::server]') } end end diff --git a/spec/unit/defines/server/grant_spec.rb b/spec/unit/defines/server/grant_spec.rb index fe79636..79d569d 100644 --- a/spec/unit/defines/server/grant_spec.rb +++ b/spec/unit/defines/server/grant_spec.rb @@ -1,155 +1,155 @@ require 'spec_helper' describe 'postgresql::server::grant', :type => :define do let :facts do { :osfamily => 'Debian', :operatingsystem => 'Debian', :operatingsystemrelease => '6.0', :kernel => 'Linux', :concat_basedir => tmpfilename('contrib'), :id => 'root', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end let :title do 'test' end context 'plain' do let :params do { :db => 'test', :role => 'test', } end let :pre_condition do "class {'postgresql::server':}" end it { is_expected.to contain_postgresql__server__grant('test') } end context 'sequence' do let :params do { :db => 'test', :role => 'test', :privilege => 'usage', :object_type => 'sequence', } end let :pre_condition do "class {'postgresql::server':}" end it { is_expected.to contain_postgresql__server__grant('test') } it { is_expected.to contain_postgresql_psql('grant:test').with( { 'command' => /GRANT USAGE ON SEQUENCE "test" TO\s* "test"/m, 'unless' => /SELECT 1 WHERE has_sequence_privilege\('test',\s* 'test', 'USAGE'\)/m, } ) } end context 'all sequences' do let :params do { :db => 'test', :role => 'test', :privilege => 'usage', :object_type => 'all sequences in schema', :object_name => 'public', } end let :pre_condition do "class {'postgresql::server':}" end it { is_expected.to contain_postgresql__server__grant('test') } it { is_expected.to contain_postgresql_psql('grant:test').with( { 'command' => /GRANT USAGE ON ALL SEQUENCES IN SCHEMA "public" TO\s* "test"/m, 'unless' => /SELECT 1 FROM \(\s*SELECT sequence_name\s* FROM information_schema\.sequences\s* WHERE sequence_schema='public'\s* EXCEPT DISTINCT\s* SELECT object_name as sequence_name\s* FROM .* WHERE .*grantee='test'\s* AND object_schema='public'\s* AND privilege_type='USAGE'\s*\) P\s* HAVING count\(P\.sequence_name\) = 0/m, } ) } end context "with specific db connection settings - default port" do let :params do { :db => 'test', :role => 'test', :connect_settings => { 'PGHOST' => 'postgres-db-server', 'DBVERSION' => '9.1', }, } end let :pre_condition do "class {'postgresql::server':}" end it { is_expected.to contain_postgresql__server__grant('test') } it { is_expected.to contain_postgresql_psql("grant:test").with_connect_settings( { 'PGHOST' => 'postgres-db-server','DBVERSION' => '9.1' } ).with_port( 5432 ) } end context "with specific db connection settings - including port" do let :params do { :db => 'test', :role => 'test', :connect_settings => { 'PGHOST' => 'postgres-db-server', 'DBVERSION' => '9.1', 'PGPORT' => '1234', }, } end let :pre_condition do "class {'postgresql::server':}" end it { is_expected.to contain_postgresql__server__grant('test') } it { is_expected.to contain_postgresql_psql("grant:test").with_connect_settings( { 'PGHOST' => 'postgres-db-server','DBVERSION' => '9.1','PGPORT' => '1234' } ) } end context "with specific db connection settings - port overriden by explicit parameter" do let :params do { :db => 'test', :role => 'test', :connect_settings => { 'PGHOST' => 'postgres-db-server', 'DBVERSION' => '9.1', 'PGPORT' => '1234', }, - :port => '5678', + :port => 5678, } end let :pre_condition do "class {'postgresql::server':}" end it { is_expected.to contain_postgresql__server__grant('test') } it { is_expected.to contain_postgresql_psql("grant:test").with_connect_settings( { 'PGHOST' => 'postgres-db-server','DBVERSION' => '9.1','PGPORT' => '1234' } ).with_port( '5678' ) } end context 'invalid objectype' do let :params do { :db => 'test', :role => 'test', :privilege => 'usage', :object_type => 'invalid', } end let :pre_condition do "class {'postgresql::server':}" end it { is_expected.to compile.and_raise_error(/"INVALID" does not match/) } end end diff --git a/spec/unit/defines/server/pg_hba_rule_spec.rb b/spec/unit/defines/server/pg_hba_rule_spec.rb index dbaee37..f657589 100644 --- a/spec/unit/defines/server/pg_hba_rule_spec.rb +++ b/spec/unit/defines/server/pg_hba_rule_spec.rb @@ -1,198 +1,126 @@ require 'spec_helper' describe 'postgresql::server::pg_hba_rule', :type => :define do let :facts do { :osfamily => 'Debian', :operatingsystem => 'Debian', :operatingsystemrelease => '6.0', :kernel => 'Linux', :concat_basedir => tmpfilename('pg_hba'), :id => 'root', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end let :title do 'test' end let :target do tmpfilename('pg_hba_rule') end context 'test template 1' do let :pre_condition do <<-EOS class { 'postgresql::server': } EOS end let :params do { :type => 'host', :database => 'all', :user => 'all', :address => '1.1.1.1/24', :auth_method => 'md5', :target => target, } end it do is_expected.to contain_concat__fragment('pg_hba_rule_test').with({ :content => /host\s+all\s+all\s+1\.1\.1\.1\/24\s+md5/ }) end end context 'test template 2' do let :pre_condition do <<-EOS class { 'postgresql::server': } EOS end let :params do { :type => 'local', :database => 'all', :user => 'all', :auth_method => 'ident', :target => target, } end it do is_expected.to contain_concat__fragment('pg_hba_rule_test').with({ :content => /local\s+all\s+all\s+ident/ }) end end context 'test template 3' do let :pre_condition do <<-EOS class { 'postgresql::server': } EOS end let :params do { :type => 'host', :database => 'all', :user => 'all', :address => '0.0.0.0/0', :auth_method => 'ldap', :auth_option => 'foo=bar', :target => target, } end it do is_expected.to contain_concat__fragment('pg_hba_rule_test').with({ :content => /host\s+all\s+all\s+0\.0\.0\.0\/0\s+ldap\s+foo=bar/ }) end end context 'validation' do - context 'validate type test 1' do - let :pre_condition do - <<-EOS - class { 'postgresql::server': } - EOS - end - - let :params do - { - :type => 'invalid', - :database => 'all', - :user => 'all', - :address => '0.0.0.0/0', - :auth_method => 'ldap', - :target => target, - } - end - it 'should fail parsing when type is not valid' do - expect { catalogue }.to raise_error(Puppet::Error, - /The type you specified \[invalid\] must be one of/) - end - end - - context 'validate auth_method' do - let :pre_condition do - <<-EOS - class { 'postgresql::server': } - EOS - end - - let :params do - { - :type => 'local', - :database => 'all', - :user => 'all', - :address => '0.0.0.0/0', - :auth_method => 'invalid', - :target => target, - } - end - - it 'should fail parsing when auth_method is not valid' do - expect { catalogue }.to raise_error(Puppet::Error, - /The auth_method you specified \[invalid\] must be one of/) - end - end - - context 'validate unsupported auth_method' do - let :pre_condition do - <<-EOS - class { 'postgresql::globals': - version => '9.0', - } - class { 'postgresql::server': } - EOS - end - - let :params do - { - :type => 'local', - :database => 'all', - :user => 'all', - :address => '0.0.0.0/0', - :auth_method => 'peer', - :target => target, - } - end - - it 'should fail parsing when auth_method is not valid' do - expect { catalogue }.to raise_error(Puppet::Error, - /The auth_method you specified \[peer\] must be one of: trust, reject, md5, password, gss, sspi, krb5, ident, ldap, radius, cert, pam/) - end - end - context 'validate supported auth_method' do let :pre_condition do <<-EOS class { 'postgresql::globals': version => '9.2', } class { 'postgresql::server': } EOS end let :params do { :type => 'local', :database => 'all', :user => 'all', :address => '0.0.0.0/0', :auth_method => 'peer', :target => target, } end it do - is_expected.to contain_concat__fragment('pg_hba_rule_test').with({ - :content => /local\s+all\s+all\s+0\.0\.0\.0\/0\s+peer/ - }) + is_expected.to contain_concat__fragment('pg_hba_rule_test').with( + { + :content => /local\s+all\s+all\s+0\.0\.0\.0\/0\s+peer/ + } + ) end end end end