6 files changed, 126 insertions, 48 deletions

diff --git a/bin/ci-build.sh b/bin/ci-build.sh
index 7b4895e5..248bd9f8 100755
--- a/bin/ci-build.sh
+++ b/bin/ci-build.sh
@@ -2,6 +2,9 @@
 
 . tests/puppet/provider/.platform-test.conf
 
+# break on every error
+set -e
+
 # create node(s) with unique id so we can run tests in parallel
 export TAG="build${CI_BUILD_ID}"
 [ -d "${PROVIDERDIR}/tags" ] || mkdir "${PROVIDERDIR}/tags"
diff --git a/lib/leap_cli/commands/inspect.rb b/lib/leap_cli/commands/inspect.rb
index fbd577e5..b71da80e 100644
--- a/lib/leap_cli/commands/inspect.rb
+++ b/lib/leap_cli/commands/inspect.rb
@@ -25,27 +25,22 @@ module LeapCli; module Commands
     "PEM certificate request" => :inspect_x509_csr
   }
 
+  SUFFIX_MAP = {
+    ".json" => :inspect_unknown_json,
+    ".key"  => :inspect_x509_key
+  }
+
   def inspection_method(object)
     if File.exist?(object)
       ftype = `file #{object}`.split(':').last.strip
+      suffix = File.extname(object)
       log 2, "file is of type '#{ftype}'"
       if FTYPE_MAP[ftype]
         FTYPE_MAP[ftype]
-      elsif File.extname(object) == ".json"
-        full_path = File.expand_path(object, Dir.pwd)
-        if path_match?(:node_config, full_path)
-          :inspect_node
-        elsif path_match?(:service_config, full_path)
-          :inspect_service
-        elsif path_match?(:tag_config, full_path)
-          :inspect_tag
-        elsif path_match?(:provider_config, full_path) || path_match?(:provider_env_config, full_path)
-          :inspect_provider
-        elsif path_match?(:common_config, full_path)
-          :inspect_common
-        else
-          nil
-        end
+      elsif SUFFIX_MAP[suffix]
+        SUFFIX_MAP[suffix]
+      else
+        nil
       end
     elsif manager.nodes[object]
       :inspect_node
@@ -72,6 +67,7 @@ module LeapCli; module Commands
   end
 
   def inspect_x509_cert(file_path, options)
+    require 'leap_cli/x509'
     assert_bin! 'openssl'
     puts assert_run! 'openssl x509 -in %s -text -noout' % file_path
     log 0, :"SHA1 fingerprint", X509.fingerprint("SHA1", file_path)
@@ -124,6 +120,23 @@ module LeapCli; module Commands
     end
   end
 
+  def inspect_unknown_json(arg, options)
+    full_path = File.expand_path(arg, Dir.pwd)
+    if path_match?(:node_config, full_path)
+      inspect_node(arg, options)
+    elsif path_match?(:service_config, full_path)
+      inspect_service(arg, options)
+    elsif path_match?(:tag_config, full_path)
+      inspect_tag(arg, options)
+    elsif path_match?(:provider_config, full_path) || path_match?(:provider_env_config, full_path)
+      inspect_provider(arg, options)
+    elsif path_match?(:common_config, full_path)
+      inspect_common(arg, options)
+    else
+      inspect_json(arg, options)
+    end
+  end
+
   #
   # helpers
   #
diff --git a/puppet/modules/site_apt/manifests/preferences/twisted.pp b/puppet/modules/site_apt/manifests/preferences/twisted.pp
new file mode 100644
index 00000000..a3fa0950
--- /dev/null
+++ b/puppet/modules/site_apt/manifests/preferences/twisted.pp
@@ -0,0 +1,11 @@
+# Pin twisted to jessie-backports in order to
+# use 16.2.0 for i.e. soledad
+class site_apt::preferences::twisted {
+
+  apt::preferences_snippet { 'twisted':
+    package  => 'python-twisted*',
+    release  => "${::lsbdistcodename}-backports",
+    priority => 999;
+  }
+
+}
diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp
index 15925aba..83cf99a9 100644
--- a/puppet/modules/site_webapp/manifests/init.pp
+++ b/puppet/modules/site_webapp/manifests/init.pp
@@ -16,21 +16,22 @@ class site_webapp {
 
   Class['site_config::default'] -> Class['site_webapp']
 
-  include site_config::ruby::dev
-  include site_webapp::apache
-  include site_webapp::couchdb
-  include site_haproxy
-  include site_webapp::cron
-  include site_config::default
-  include site_config::x509::cert
-  include site_config::x509::key
-  include site_config::x509::ca
-  include site_config::x509::client_ca::ca
-  include site_config::x509::client_ca::key
-  include site_nickserver
+  include ::site_config::ruby::dev
+  include ::site_webapp::apache
+  include ::site_webapp::couchdb
+  include ::site_haproxy
+  include ::site_webapp::cron
+  include ::site_config::default
+  include ::site_config::x509::cert
+  include ::site_config::x509::key
+  include ::site_config::x509::ca
+  include ::site_config::x509::client_ca::ca
+  include ::site_config::x509::client_ca::key
+  include ::site_nickserver
+  include ::site_apt::preferences::twisted
 
   # remove leftovers from previous installations on webapp nodes
-  include site_config::remove::webapp
+  include ::site_config::remove::webapp
 
   group { 'leap-webapp':
     ensure    => present,
@@ -91,12 +92,16 @@ class site_webapp {
     '/srv/leap/webapp/config/provider':
       ensure  => directory,
       require => Vcsrepo['/srv/leap/webapp'],
-      owner   => leap-webapp, group => leap-webapp, mode => '0755';
+      owner   => 'leap-webapp',
+      group   => 'leap-webapp',
+      mode    => '0755';
 
     '/srv/leap/webapp/config/provider/provider.json':
       content => $provider,
       require => Vcsrepo['/srv/leap/webapp'],
-      owner   => leap-webapp, group => leap-webapp, mode => '0644';
+      owner   => 'leap-webapp',
+      group   => 'leap-webapp',
+      mode    => '0644';
 
     '/srv/leap/webapp/public/ca.crt':
       ensure  => link,
@@ -106,27 +111,37 @@ class site_webapp {
     "/srv/leap/webapp/public/${api_version}":
       ensure  => directory,
       require => Vcsrepo['/srv/leap/webapp'],
-      owner   => leap-webapp, group => leap-webapp, mode => '0755';
+      owner   => 'leap-webapp',
+      group   => 'leap-webapp',
+      mode    => '0755';
 
     "/srv/leap/webapp/public/${api_version}/config/":
       ensure  => directory,
       require => Vcsrepo['/srv/leap/webapp'],
-      owner   => leap-webapp, group => leap-webapp, mode => '0755';
+      owner   => 'leap-webapp',
+      group   => 'leap-webapp',
+      mode    => '0755';
 
     "/srv/leap/webapp/public/${api_version}/config/eip-service.json":
       content => $eip_service,
       require => Vcsrepo['/srv/leap/webapp'],
-      owner   => leap-webapp, group => leap-webapp, mode => '0644';
+      owner   => 'leap-webapp',
+      group   => 'leap-webapp',
+      mode    => '0644';
 
     "/srv/leap/webapp/public/${api_version}/config/soledad-service.json":
       content => $soledad_service,
       require => Vcsrepo['/srv/leap/webapp'],
-      owner   => leap-webapp, group => leap-webapp, mode => '0644';
+      owner   => 'leap-webapp',
+      group   => 'leap-webapp',
+      mode    => '0644';
 
     "/srv/leap/webapp/public/${api_version}/config/smtp-service.json":
       content => $smtp_service,
       require => Vcsrepo['/srv/leap/webapp'],
-      owner   => leap-webapp, group => leap-webapp, mode => '0644';
+      owner   => 'leap-webapp',
+      group   => 'leap-webapp',
+      mode    => '0644';
   }
 
   try::file {
@@ -135,8 +150,8 @@ class site_webapp {
       recurse => true,
       purge   => true,
       force   => true,
-      owner   => leap-webapp,
-      group   => leap-webapp,
+      owner   => 'leap-webapp',
+      group   => 'leap-webapp',
       mode    => 'u=rwX,go=rX',
       require => Vcsrepo['/srv/leap/webapp'],
       notify  => Exec['compile_assets'],
@@ -153,8 +168,8 @@ class site_webapp {
   file {
     '/srv/leap/webapp/config/config.yml':
       content => template('site_webapp/config.yml.erb'),
-      owner   => leap-webapp,
-      group   => leap-webapp,
+      owner   => 'leap-webapp',
+      group   => 'leap-webapp',
       mode    => '0600',
       require => Vcsrepo['/srv/leap/webapp'],
       notify  => Service['apache'];
@@ -163,17 +178,17 @@ class site_webapp {
   if $tor {
     $hidden_service = $tor['hidden_service']
     if $hidden_service['active'] {
-      include site_webapp::hidden_service
+      include ::site_webapp::hidden_service
     }
   }
 
 
   # needed for the soledad-sync check which is run on the
   # webapp node
-  include soledad::client
+  include ::soledad::client
 
   leap::logfile { 'webapp': }
 
-  include site_shorewall::webapp
-  include site_check_mk::agent::webapp
+  include ::site_shorewall::webapp
+  include ::site_check_mk::agent::webapp
 }
diff --git a/tests/puppet/provider/common.json b/tests/puppet/provider/common.json
index c891fea3..a13f8f75 100644
--- a/tests/puppet/provider/common.json
+++ b/tests/puppet/provider/common.json
@@ -1,5 +1,12 @@
-//
-// Options put here are inherited by all nodes.
-//
 {
+  "sources": {
+    "platform": {
+      "apt": {
+        "basic": "http://deb.leap.se/experimental-0.9"
+      }
+    },
+    "nickserver": {
+      "revision": "develop"
+    }
+  }
 }
diff --git a/tests/puppet/provider/nodes/catalogtest.json b/tests/puppet/provider/nodes/catalogtest.json
index 4f86ac19..05703666 100644
--- a/tests/puppet/provider/nodes/catalogtest.json
+++ b/tests/puppet/provider/nodes/catalogtest.json
@@ -1,10 +1,39 @@
 {
   "ip_address": "1.1.1.1",
+  "openvpn": {
+    "gateway_address": "1.1.1.2"
+  },
   "services": [
     "couchdb",
     "mx",
     "soledad",
-    "webapp"
+    "webapp",
+    "monitor",
+    "openvpn",
+    "tor",
+    "obfsproxy",
+    "static"
   ],
-  "tags": ["catalogtest"]
+  "tags": ["catalogtest","development"],
+  "static": {
+    "domains":{
+      "example.org": {
+        "tls_only": true,
+        "locations": {
+          "front": {
+            "path": "/",
+            "format": "amber",
+            "source": {
+              "type": "git",
+              "repo": "https://leap.se/git/bitmask_help",
+              "revision": "origin/master"
+            }
+          }
+        },
+        "cert": "= file('cert/example.org.crt')",
+        "key": "= file('cert/example.org.key')",
+        "ca_cert": "= file('cert/commercial_ca.crt')"
+      }
+    }
+  }
 }