diff options
| author | elijah <elijah@riseup.net> | 2016-07-21 12:13:33 -0700 |
|---|---|---|
| committer | elijah <elijah@riseup.net> | 2016-07-21 12:13:33 -0700 |
| commit | 2df23a682b9a1a99502c79d7112dcefeecf63619 (patch) | |
| tree | 80b3acab77cad9323f21bad035f31f660fad8ddd /puppet/modules/openvpn/spec | |
| parent | d6719731dce8ee7e048a16a447a426abcaa44f24 (diff) | |
git subrepo clone https://leap.se/git/puppet_openvpn puppet/modules/openvpn
subrepo:
subdir: "puppet/modules/openvpn"
merged: "ba7ec7a"
upstream:
origin: "https://leap.se/git/puppet_openvpn"
branch: "master"
commit: "ba7ec7a"
git-subrepo:
version: "0.3.0"
origin: "https://github.com/ingydotnet/git-subrepo"
commit: "cb2995b"
Diffstat (limited to 'puppet/modules/openvpn/spec')
5 files changed, 289 insertions, 0 deletions
diff --git a/puppet/modules/openvpn/spec/classes/openvpn_init_spec.rb b/puppet/modules/openvpn/spec/classes/openvpn_init_spec.rb new file mode 100644 index 00000000..cdfdea19 --- /dev/null +++ b/puppet/modules/openvpn/spec/classes/openvpn_init_spec.rb @@ -0,0 +1,20 @@ +require 'spec_helper' + +describe 'openvpn', :type => :class do + + let (:facts) { { :concat_basedir => '/var/lib/puppet/concat' } } + + it { should create_class('openvpn') } + it { should contain_class('concat::setup') } + it { should contain_package('openvpn') } + it { should contain_service('openvpn').with( + 'ensure' => 'running', + 'enable' => true + ) } + + it { should contain_file('/etc/openvpn').with('ensure' => 'directory') } + it { should contain_file('/etc/openvpn/keys').with('ensure' => 'directory') } + + it { should contain_concat__fragment('openvpn.default.header') } + +end diff --git a/puppet/modules/openvpn/spec/defines/openvpn_client_spec.rb b/puppet/modules/openvpn/spec/defines/openvpn_client_spec.rb new file mode 100644 index 00000000..da71d63d --- /dev/null +++ b/puppet/modules/openvpn/spec/defines/openvpn_client_spec.rb @@ -0,0 +1,116 @@ +require 'spec_helper' + +describe 'openvpn::client', :type => :define do + let(:title) { 'test_client' } + let(:params) { { 'server' => 'test_server' } } + let(:facts) { { :fqdn => 'somehost', :concat_basedir => '/var/lib/puppet/concat' } } + + it { should contain_exec('generate certificate for test_client in context of test_server') } + + [ 'test_client', 'test_client/keys'].each do |directory| + it { should contain_file("/etc/openvpn/test_server/download-configs/#{directory}") } + end + + [ 'test_client.crt', 'test_client.key', 'ca.crt' ].each do |file| + it { should contain_file("/etc/openvpn/test_server/download-configs/test_client/keys/#{file}").with( + 'ensure' => 'link', + 'target' => "/etc/openvpn/test_server/easy-rsa/keys/#{file}" + )} + end + + it { should contain_exec('tar the thing test_server with test_client').with( + 'cwd' => '/etc/openvpn/test_server/download-configs/', + 'command' => '/bin/rm test_client.tar.gz; tar --exclude=\*.conf.d -chzvf test_client.tar.gz test_client' + ) } + + it { should contain_openvpn__option('ca test_server with test_client').with( + 'server' => 'test_server', + 'client' => 'test_client', + 'key' => 'ca', + 'value' => 'keys/ca.crt' + )} + it { should contain_openvpn__option('cert test_server with test_client').with( + 'server' => 'test_server', + 'client' => 'test_client', + 'key' => 'cert', + 'value' => 'keys/test_client.crt' + )} + it { should contain_openvpn__option('key test_server with test_client').with( + 'server' => 'test_server', + 'client' => 'test_client', + 'key' => 'key', + 'value' => 'keys/test_client.key' + )} + it { should contain_openvpn__option('client test_server with test_client').with( + 'server' => 'test_server', + 'client' => 'test_client', + 'key' => 'client' + )} + it { should contain_openvpn__option('dev test_server with test_client').with( + 'server' => 'test_server', + 'client' => 'test_client', + 'key' => 'dev', + 'value' => 'tun' + )} + it { should contain_openvpn__option('proto test_server with test_client').with( + 'server' => 'test_server', + 'client' => 'test_client', + 'key' => 'proto', + 'value' => 'tcp' + )} + it { should contain_openvpn__option('remote test_server with test_client').with( + 'server' => 'test_server', + 'client' => 'test_client', + 'key' => 'remote', + 'value' => 'somehost 1194' + )} + it { should contain_openvpn__option('resolv-retry test_server with test_client').with( + 'server' => 'test_server', + 'client' => 'test_client', + 'key' => 'resolv-retry', + 'value' => 'infinite' + )} + it { should contain_openvpn__option('nobind test_server with test_client').with( + 'server' => 'test_server', + 'client' => 'test_client', + 'key' => 'nobind' + )} + it { should contain_openvpn__option('persist-key test_server with test_client').with( + 'server' => 'test_server', + 'client' => 'test_client', + 'key' => 'persist-key' + )} + it { should contain_openvpn__option('persist-tun test_server with test_client').with( + 'server' => 'test_server', + 'client' => 'test_client', + 'key' => 'persist-tun' + )} + it { should contain_openvpn__option('mute-replay-warnings test_server with test_client').with( + 'server' => 'test_server', + 'client' => 'test_client', + 'key' => 'mute-replay-warnings' + )} + it { should contain_openvpn__option('ns-cert-type test_server with test_client').with( + 'server' => 'test_server', + 'client' => 'test_client', + 'key' => 'ns-cert-type', + 'value' => 'server' + )} + it { should contain_openvpn__option('comp-lzo test_server with test_client').with( + 'server' => 'test_server', + 'client' => 'test_client', + 'key' => 'comp-lzo' + )} + it { should contain_openvpn__option('verb test_server with test_client').with( + 'server' => 'test_server', + 'client' => 'test_client', + 'key' => 'verb', + 'value' => '3' + )} + it { should contain_openvpn__option('mute test_server with test_client').with( + 'server' => 'test_server', + 'client' => 'test_client', + 'key' => 'mute', + 'value' => '20' + )} +end diff --git a/puppet/modules/openvpn/spec/defines/openvpn_option_spec.rb b/puppet/modules/openvpn/spec/defines/openvpn_option_spec.rb new file mode 100644 index 00000000..a2d1661d --- /dev/null +++ b/puppet/modules/openvpn/spec/defines/openvpn_option_spec.rb @@ -0,0 +1,42 @@ +require 'spec_helper' + +describe 'openvpn::option', :type => :define do + + let(:title) { 'test_param' } + + context "when key => 'test_key', server => 'test_server'" do + let(:params) { { 'key' => 'test_key', 'server' => 'test_server' } } + + it { should contain_concat__fragment('openvpn.test_server..test_param').with( + 'target' => '/etc/openvpn/test_server.conf', + 'content' => "test_key\n" + ) } + end + + context "when key => 'test_key', value => 'test_value', server => 'test_server'" do + let(:params) { { 'key' => 'test_key', 'value' => 'test_value', 'server' => 'test_server' } } + + it { should contain_concat__fragment('openvpn.test_server..test_param').with( + 'target' => '/etc/openvpn/test_server.conf', + 'content' => "test_key test_value\n" + ) } + end + + context "when key => 'test_key', server => 'test_server', client => 'test_client'" do + let(:params) { { 'key' => 'test_key', 'server' => 'test_server', 'client' => 'test_client' } } + + it { should contain_concat__fragment('openvpn.test_server.test_client.test_param').with( + 'target' => '/etc/openvpn/test_server/download-configs/test_client/test_client.conf', + 'content' => "test_key\n" + ) } + end + + context "when key => 'test_key', server => 'test_server', client => 'test_client', csc => true" do + let(:params) { { 'key' => 'test_key', 'server' => 'test_server', 'client' => 'test_client', 'csc' => 'true' } } + + it { should contain_concat__fragment('openvpn.test_server.test_client.test_param').with( + 'target' => '/etc/openvpn/test_server/client-configs/test_client', + 'content' => "test_key\n" + ) } + end +end diff --git a/puppet/modules/openvpn/spec/defines/openvpn_server_spec.rb b/puppet/modules/openvpn/spec/defines/openvpn_server_spec.rb new file mode 100644 index 00000000..1032302e --- /dev/null +++ b/puppet/modules/openvpn/spec/defines/openvpn_server_spec.rb @@ -0,0 +1,109 @@ +require 'spec_helper' + +describe 'openvpn::server', :type => :define do + + let(:title) { 'test_server' } + let(:params) { { + 'country' => 'CO', + 'province' => 'ST', + 'city' => 'Some City', + 'organization' => 'example.org', + 'email' => 'testemail@example.org' + } } + + let (:facts) { { :concat_basedir => '/var/lib/puppet/concat' } } + + # Files associated with a server config + it { should contain_file('/etc/openvpn/test_server').with('ensure' => 'directory')} + it { should contain_file('/etc/openvpn/test_server/client-configs').with('ensure' => 'directory')} + it { should contain_file('/etc/openvpn/test_server/download-configs').with('ensure' => 'directory')} + it { should contain_file('/etc/openvpn/test_server/easy-rsa/vars')} + it { should contain_file('/etc/openvpn/test_server/easy-rsa/openssl.cnf')} + it { should contain_file('/etc/openvpn/test_server/keys').with( + 'ensure' => 'link', + 'target' => '/etc/openvpn/test_server/easy-rsa/keys' + )} + + it { should contain_concat__fragment('openvpn.default.autostart.test_server').with( + 'content' => "AUTOSTART=\"$AUTOSTART test_server\"\n", + 'target' => '/etc/default/openvpn' + )} + + # Execs to working with certificates + it { should contain_exec('copy easy-rsa to openvpn config folder test_server').with( + 'command' => '/bin/cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/test_server/easy-rsa' + )} + it { should contain_exec('generate dh param test_server') } + it { should contain_exec('initca test_server') } + it { should contain_exec('generate server cert test_server') } + + # Options that should be set + it { should contain_openvpn__option('client-config-dir test_server').with( + 'server' => 'test_server', + 'key' => 'client-config-dir', + 'value' => '/etc/openvpn/test_server/client-configs' + )} + it { should contain_openvpn__option('mode test_server').with( + 'server' => 'test_server', + 'key' => 'mode', + 'value' => 'server' + )} + it { should contain_openvpn__option('ca test_server').with( + 'server' => 'test_server', + 'key' => 'ca', + 'value' => '/etc/openvpn/test_server/keys/ca.crt' + )} + it { should contain_openvpn__option('cert test_server').with( + 'server' => 'test_server', + 'key' => 'cert', + 'value' => '/etc/openvpn/test_server/keys/server.crt' + )} + it { should contain_openvpn__option('key test_server').with( + 'server' => 'test_server', + 'key' => 'key', + 'value' => '/etc/openvpn/test_server/keys/server.key' + )} + it { should contain_openvpn__option('dh test_server').with( + 'server' => 'test_server', + 'key' => 'dh', + 'value' => '/etc/openvpn/test_server/keys/dh1024.pem' + )} + it { should contain_openvpn__option('proto test_server').with( + 'server' => 'test_server', + 'key' => 'proto', + 'value' => 'tcp' + )} + it { should contain_openvpn__option('comp-lzo test_server').with( + 'server' => 'test_server', + 'key' => 'comp-lzo' + )} + + context "when RedHat based machine" do + let(:facts) { { :osfamily => 'RedHat', :concat_basedir => '/var/lib/puppet/concat' } } + + it { should contain_file('/etc/openvpn/test_server/easy-rsa/openssl.cnf').with( + 'ensure' => 'link', + 'target' => '/etc/openvpn/test_server/easy-rsa/openssl-1.0.0.cnf' + )} + + it { should contain_exec('copy easy-rsa to openvpn config folder test_server').with( + 'command' => '/bin/cp -r /usr/share/doc/openvpn-2.2.2/easy-rsa/2.0 /etc/openvpn/test_server/easy-rsa' + )} + + end + + context "when Debian based machine" do + let(:facts) { { :osfamily => 'Debian', :concat_basedir => '/var/lib/puppet/concat' } } + + it { should contain_file('/etc/openvpn/test_server/easy-rsa/openssl.cnf').with( + 'ensure' => 'link', + 'target' => '/etc/openvpn/test_server/easy-rsa/openssl-1.0.0.cnf' + )} + + it { should contain_exec('copy easy-rsa to openvpn config folder test_server').with( + 'command' => '/bin/cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/test_server/easy-rsa' + )} + + end + +end diff --git a/puppet/modules/openvpn/spec/spec_helper.rb b/puppet/modules/openvpn/spec/spec_helper.rb new file mode 100644 index 00000000..dc7e9f4a --- /dev/null +++ b/puppet/modules/openvpn/spec/spec_helper.rb @@ -0,0 +1,2 @@ +require 'rubygems' +require 'puppetlabs_spec_helper/module_spec_helper' |