diff --git a/manifests/api.pp b/manifests/api.pp index a4087049..c16d7396 100644 --- a/manifests/api.pp +++ b/manifests/api.pp @@ -117,7 +117,7 @@ class barbican::api ( Boolean $enabled = true, Boolean $sync_db = true, $db_auto_create = $facts['os_service_default'], - $service_name = $barbican::params::api_service_name, + String[1] $service_name = $barbican::params::api_service_name, $enable_proxy_headers_parsing = $facts['os_service_default'], $max_request_body_size = $facts['os_service_default'], $max_limit_paging = $facts['os_service_default'], @@ -190,64 +190,59 @@ class barbican::api ( } if $manage_service { - if $enabled { - $service_ensure = 'running' - } else { - $service_ensure = 'stopped' - } + case $service_name { + 'httpd': { + Service <| title == 'httpd' |> { tag +> 'barbican-service' } - if $service_name == $barbican::params::api_service_name { - if $facts['os']['name'] == 'Ubuntu' { - fail('With Ubuntu packages the service_name must be set to httpd as there is no eventlet init script.') - } + if $barbican::params::api_service_name { + service { 'barbican-api': + ensure => 'stopped', + name => $barbican::params::api_service_name, + enable => false, + tag => 'barbican-service', + } - service { 'barbican-api': - ensure => $service_ensure, - name => $barbican::params::api_service_name, - enable => $enabled, - hasstatus => true, - hasrestart => true, - tag => 'barbican-service', - } - - # Debian is using UWSGI, not gunicorn - if $facts['os']['name'] != 'Debian' { - $bind_host_real = normalize_ip_for_uri($bind_host) - - file_line { 'Modify bind_port in gunicorn-config.py': - path => '/etc/barbican/gunicorn-config.py', - line => "bind = '${bind_host_real}:${bind_port}'", - match => '^bind = .*', - tag => 'modify-bind-port', - require => Anchor['barbican::config::begin'], - before => Anchor['barbican::config::end'], - notify => Service['barbican-api'], + # we need to make sure barbican-api is stopped before trying to start apache + Service['barbican-api'] -> Service['httpd'] + } + + # On any paste-api.ini config change, we must restart Barbican API. + Barbican_api_paste_ini<||> ~> Service['httpd'] + } + default: { + $service_ensure = $enabled ? { + true => 'running', + default => 'stopped', } - } - # On any paste-api.ini config change, we must restart Barbican API. - Barbican_api_paste_ini<||> ~> Service['barbican-api'] - # On any uwsgi config change, we must restart Barbican API. - Barbican_api_uwsgi_config<||> ~> Service['barbican-api'] - } elsif $service_name == 'httpd' { - # Ubuntu packages does not have a barbican-api service - if $facts['os']['name'] != 'Ubuntu' { service { 'barbican-api': - ensure => 'stopped', - name => $barbican::params::api_service_name, - enable => false, - tag => 'barbican-service', + ensure => $service_ensure, + name => $service_name, + enable => $enabled, + hasstatus => true, + hasrestart => true, + tag => 'barbican-service', } - # we need to make sure barbican-api is stopped before trying to start apache - Service['barbican-api'] -> Service[$service_name] - } + if $facts['os']['family'] == 'RedHat' { + $bind_host_real = normalize_ip_for_uri($bind_host) - Service <| title == 'httpd' |> { tag +> 'barbican-service' } - # On any paste-api.ini config change, we must restart Barbican API. - Barbican_api_paste_ini<||> ~> Service[$service_name] - } else { - fail('Invalid service_name.') + file_line { 'Modify bind_port in gunicorn-config.py': + path => '/etc/barbican/gunicorn-config.py', + line => "bind = '${bind_host_real}:${bind_port}'", + match => '^bind = .*', + tag => 'modify-bind-port', + require => Anchor['barbican::config::begin'], + before => Anchor['barbican::config::end'], + notify => Service['barbican-api'], + } + } + + # On any paste-api.ini config change, we must restart Barbican API. + Barbican_api_paste_ini<||> ~> Service['barbican-api'] + # On any uwsgi config change, we must restart Barbican API. + Barbican_api_uwsgi_config<||> ~> Service['barbican-api'] + } } } diff --git a/manifests/params.pp b/manifests/params.pp index 6a8ab1e9..d27dd12a 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -28,7 +28,14 @@ class barbican::params { } 'Debian': { $common_package_name = 'barbican-common' - $api_service_name = 'barbican-api' + case $facts['os']['name'] { + 'Ubuntu': { + $api_service_name = undef + } + default: { + $api_service_name = 'barbican-api' + } + } $api_package_name = 'barbican-api' $worker_package_name = 'barbican-worker' $worker_service_name = 'barbican-worker' diff --git a/spec/classes/barbican_api_spec.rb b/spec/classes/barbican_api_spec.rb index b41d8baf..28a4050e 100644 --- a/spec/classes/barbican_api_spec.rb +++ b/spec/classes/barbican_api_spec.rb @@ -21,172 +21,131 @@ require 'spec_helper' describe 'barbican::api' do - shared_examples_for 'barbican api' do - - let :default_params do - { - :max_allowed_secret_in_bytes => '', - :max_allowed_request_size_in_bytes => '', - :manage_service => true, - :enabled => true, - :enabled_secretstore_plugins => [''], - :enabled_crypto_plugins => [''], - :auth_strategy => 'keystone', - :service_name => platform_params[:service_name], - :enable_proxy_headers_parsing => '', - :max_request_body_size => '', - :max_limit_paging => '', - :default_limit_paging => '', - :multiple_secret_stores_enabled => false, - :enabled_secret_stores => 'simple_crypto', + shared_examples_for 'barbican::api' do + let :pre_condition do + <<-EOS + class { "barbican::keystone::authtoken": + password => "secret", } + include apache +EOS end - [ - {}, - { - :manage_service => true, - :enabled => false, - :enabled_secretstore_plugins => ['dogtag_crypto', 'store_crypto', 'kmip'], - :enabled_crypto_plugins => ['simple_crypto'], - :max_allowed_secret_in_bytes => 20000, - :max_allowed_request_size_in_bytes => 2000000, - :enable_proxy_headers_parsing => false, - :max_request_body_size => '102400', - :max_limit_paging => 100, - :default_limit_paging => 10, - :multiple_secret_stores_enabled => true, - :enabled_secret_stores => 'simple_crypto,dogtag,kmip', - } - ].each do |param_set| - describe "when #{param_set == {} ? "using default" : "specifying"} class parameters" do - let :pre_condition do - 'class { "barbican::keystone::authtoken": password => "secret", } - include apache' - end - - let :param_hash do - default_params.merge(param_set) - end - - let :params do - default_params.merge(param_set) - end - - it { is_expected.to contain_class('barbican::deps') } - it { is_expected.to contain_class('barbican::db') } - it { is_expected.to contain_class('barbican::policy') } - - it { is_expected.to contain_package('barbican-api').with( - :tag => ['openstack', 'barbican-package'], - )} - - it 'is_expected.to set default parameters' do - [ - 'max_allowed_secret_in_bytes', - 'max_allowed_request_size_in_bytes', - ].each do |config| - is_expected.to contain_barbican_config("DEFAULT/#{config}").with_value(param_hash[config.intern]) - end - end - - it 'configures enabled plugins' do - is_expected.to contain_barbican_config('secretstore/enabled_secretstore_plugins') \ - .with_value(param_hash[:enabled_secretstore_plugins]) - is_expected.to contain_barbican_config('crypto/enabled_crypto_plugins') \ - .with_value(param_hash[:enabled_crypto_plugins]) - end - - it 'configures plugins in multiple plugin config' do - is_expected.to contain_barbican_config('secretstore/stores_lookup_suffix') \ - .with_value(param_hash[:enabled_secret_stores]) - is_expected.to contain_barbican_config('secretstore/enable_multiple_secret_stores') \ - .with_value(param_hash[:multiple_secret_stores_enabled]) - end - end - end - - describe 'with enable_proxy_headers_parsing' do - let :pre_condition do - 'class { "barbican::keystone::authtoken": password => "secret", } - include apache' - end - + context 'with defaults' do let :params do - default_params.merge!({:enable_proxy_headers_parsing => true }) + { + :service_name => 'httpd' + } end - it { is_expected.to contain_oslo__middleware('barbican_config').with( - :enable_proxy_headers_parsing => true, - )} + it { is_expected.to contain_class('barbican::deps') } + it { is_expected.to contain_class('barbican::db') } + it { is_expected.to contain_class('barbican::policy') } + + it { is_expected.to contain_package('barbican-api').with( + :ensure => 'present', + :name => platform_params[:package_name], + :tag => ['openstack', 'barbican-package'], + )} + + it 'sets default parameters' do + is_expected.to contain_barbican_config('secretstore/enabled_secretstore_plugins').with_value('') + is_expected.to contain_barbican_config('crypto/enabled_crypto_plugins').with_value('') + is_expected.to contain_barbican_config('secretstore/enable_multiple_secret_stores').with_value(false) + is_expected.to contain_barbican_config('secretstore/stores_lookup_suffix').with_value('simple_crypto') + + is_expected.to contain_barbican_config('DEFAULT/db_auto_create').with_value('') + + is_expected.to contain_oslo__middleware('barbican_config').with( + :enable_proxy_headers_parsing => '', + :max_request_body_size => '', + ) + is_expected.to contain_barbican_config('DEFAULT/max_limit_paging').with_value('') + is_expected.to contain_barbican_config('DEFAULT/default_limit_paging').with_value('') + end end - describe 'with max_request_body_size' do - let :pre_condition do - 'class { "barbican::keystone::authtoken": password => "secret", } - include apache' - end - + context 'with parameters' do let :params do - default_params.merge!({:max_request_body_size => '102400' }) + { + :service_name => 'httpd', + :enabled_secretstore_plugins => ['dogtag_crypto', 'store_crypto', 'kmip'], + :enabled_crypto_plugins => ['simple_crypto'], + :multiple_secret_stores_enabled => true, + :enabled_secret_stores => ['simple_crypto', 'dogtag', 'kmip'], + :db_auto_create => false, + :max_allowed_secret_in_bytes => 20000, + :max_allowed_request_size_in_bytes => 2000000, + :enable_proxy_headers_parsing => false, + :max_request_body_size => 102400, + :max_limit_paging => 100, + :default_limit_paging => 10, + } end - it { is_expected.to contain_oslo__middleware('barbican_config').with( - :max_request_body_size => '102400', - )} - end + it 'sets the provided parameters' do + is_expected.to contain_barbican_config('secretstore/enabled_secretstore_plugins').with_value(['dogtag_crypto', 'store_crypto', 'kmip']) + is_expected.to contain_barbican_config('crypto/enabled_crypto_plugins').with_value(['simple_crypto']) + is_expected.to contain_barbican_config('secretstore/enable_multiple_secret_stores').with_value(true) + is_expected.to contain_barbican_config('secretstore/stores_lookup_suffix').with_value('simple_crypto,dogtag,kmip') - describe 'with keystone auth' do - let :pre_condition do - 'class { "barbican::keystone::authtoken": password => "secret", } - include apache' - end + is_expected.to contain_barbican_config('DEFAULT/db_auto_create').with_value(false) - let :params do - default_params.merge({ - :auth_strategy => 'keystone', - }) - end - - it 'is_expected.to set keystone params correctly' do - is_expected.to contain_class('barbican::keystone::authtoken') + is_expected.to contain_oslo__middleware('barbican_config').with( + :enable_proxy_headers_parsing => false, + :max_request_body_size => 102400, + ) + is_expected.to contain_barbican_config('DEFAULT/max_limit_paging').with_value(100) + is_expected.to contain_barbican_config('DEFAULT/default_limit_paging').with_value(10) end end end - shared_examples_for 'barbican api redhat' do - let :param_hash do - { - :manage_service => true, - :enabled => true, - :auth_strategy => 'keystone', - } - end + shared_examples_for 'barbican::api in RedHat' do let :pre_condition do - 'class { "barbican::keystone::authtoken": password => "secret", }' + <<-EOS + class { "barbican::keystone::authtoken": + password => "secret", + } +EOS end - context 'redhat systems eventlet service enabled' do - describe 'should contain eventlet service' do - it { is_expected.to contain_service('barbican-api').with( - 'ensure' => (param_hash[:manage_service] && param_hash[:enabled]) ? 'running': 'stopped', - 'enable' => param_hash[:enabled], - 'hasstatus' => true, - 'hasrestart' => true, - 'tag' => 'barbican-service', - ) } - end - end - context 'on redhat systems eventlet service disabled' do - describe 'with disabled service managing' do - let :params do - { - :manage_service => false, - :enabled => false, - } - end - it { is_expected.to_not contain_service('barbican-api') } - end + context 'with defaults' do + it { is_expected.to contain_service('barbican-api').with( + :ensure => 'running', + :name => platform_params[:service_name], + :enable => true, + :hasstatus => true, + :hasrestart => true, + :tag => 'barbican-service', + )} + it { is_expected.to contain_file_line('Modify bind_port in gunicorn-config.py').with( + :path => '/etc/barbican/gunicorn-config.py', + :line => 'bind = \'0.0.0.0:9311\'', + :match => '^bind = .*', + :tag => 'modify-bind-port', + ) } + end + end + + shared_examples_for 'barbican::api in Debian' do + let :pre_condition do + <<-EOS + class { "barbican::keystone::authtoken": + password => "secret", + } +EOS + end + + context 'with defaults' do + it { is_expected.to contain_service('barbican-api').with( + :ensure => 'running', + :name => platform_params[:service_name], + :enabled => true, + :hasstatus => true, + :hasrestart => true, + :tag => 'barbican-service', + )} end end @@ -198,19 +157,37 @@ describe 'barbican::api' do facts.merge(OSDefaults.get_facts()) end - case facts[:os]['family'] - when 'RedHat' - let (:platform_params) do - { :service_name => 'openstack-barbican-api' } - end - it_behaves_like 'barbican api redhat' - when 'Debian' - let (:platform_params) do - { :service_name => 'httpd' } + let (:platform_params) do + case facts[:os]['family'] + when 'RedHat' + { + :package_name => 'openstack-barbican-api', + :service_name => 'openstack-barbican-api' + } + when 'Debian' + case facts[:os]['name'] + when 'Debian' + { + :package_name => 'barbican-api', + :service_name => 'barbican-api' + } + when 'Ubuntu' + { + :package_name => 'barbican-api', + } + end end end - it_behaves_like 'barbican api' + it_behaves_like 'barbican::api' + case facts[:os]['family'] + when 'RedHat' + it_behaves_like 'barbican::api in RedHat' + when 'Deiban' + if facts[:os]['name'] == 'Debian' + it_behaves_like 'barbican::api in Debian' + end + end end end end