diff options
Diffstat (limited to 'puppet/modules/openvpn/spec/defines')
m--------- | puppet/modules/openvpn | 8 | ||||
-rw-r--r-- | puppet/modules/openvpn/spec/defines/openvpn_client_spec.rb | 116 | ||||
-rw-r--r-- | puppet/modules/openvpn/spec/defines/openvpn_option_spec.rb | 42 | ||||
-rw-r--r-- | puppet/modules/openvpn/spec/defines/openvpn_server_spec.rb | 109 |
4 files changed, 267 insertions, 8 deletions
diff --git a/puppet/modules/openvpn b/puppet/modules/openvpn deleted file mode 160000 -Subproject 25f1fe8d813f6128068d890a40f5e24be78fb47 diff --git a/puppet/modules/openvpn/spec/defines/openvpn_client_spec.rb b/puppet/modules/openvpn/spec/defines/openvpn_client_spec.rb new file mode 100644 index 00000000..da71d63d --- /dev/null +++ b/puppet/modules/openvpn/spec/defines/openvpn_client_spec.rb @@ -0,0 +1,116 @@ +require 'spec_helper' + +describe 'openvpn::client', :type => :define do + let(:title) { 'test_client' } + let(:params) { { 'server' => 'test_server' } } + let(:facts) { { :fqdn => 'somehost', :concat_basedir => '/var/lib/puppet/concat' } } + + it { should contain_exec('generate certificate for test_client in context of test_server') } + + [ 'test_client', 'test_client/keys'].each do |directory| + it { should contain_file("/etc/openvpn/test_server/download-configs/#{directory}") } + end + + [ 'test_client.crt', 'test_client.key', 'ca.crt' ].each do |file| + it { should contain_file("/etc/openvpn/test_server/download-configs/test_client/keys/#{file}").with( + 'ensure' => 'link', + 'target' => "/etc/openvpn/test_server/easy-rsa/keys/#{file}" + )} + end + + it { should contain_exec('tar the thing test_server with test_client').with( + 'cwd' => '/etc/openvpn/test_server/download-configs/', + 'command' => '/bin/rm test_client.tar.gz; tar --exclude=\*.conf.d -chzvf test_client.tar.gz test_client' + ) } + + it { should contain_openvpn__option('ca test_server with test_client').with( + 'server' => 'test_server', + 'client' => 'test_client', + 'key' => 'ca', + 'value' => 'keys/ca.crt' + )} + it { should contain_openvpn__option('cert test_server with test_client').with( + 'server' => 'test_server', + 'client' => 'test_client', + 'key' => 'cert', + 'value' => 'keys/test_client.crt' + )} + it { should contain_openvpn__option('key test_server with test_client').with( + 'server' => 'test_server', + 'client' => 'test_client', + 'key' => 'key', + 'value' => 'keys/test_client.key' + )} + it { should contain_openvpn__option('client test_server with test_client').with( + 'server' => 'test_server', + 'client' => 'test_client', + 'key' => 'client' + )} + it { should contain_openvpn__option('dev test_server with test_client').with( + 'server' => 'test_server', + 'client' => 'test_client', + 'key' => 'dev', + 'value' => 'tun' + )} + it { should contain_openvpn__option('proto test_server with test_client').with( + 'server' => 'test_server', + 'client' => 'test_client', + 'key' => 'proto', + 'value' => 'tcp' + )} + it { should contain_openvpn__option('remote test_server with test_client').with( + 'server' => 'test_server', + 'client' => 'test_client', + 'key' => 'remote', + 'value' => 'somehost 1194' + )} + it { should contain_openvpn__option('resolv-retry test_server with test_client').with( + 'server' => 'test_server', + 'client' => 'test_client', + 'key' => 'resolv-retry', + 'value' => 'infinite' + )} + it { should contain_openvpn__option('nobind test_server with test_client').with( + 'server' => 'test_server', + 'client' => 'test_client', + 'key' => 'nobind' + )} + it { should contain_openvpn__option('persist-key test_server with test_client').with( + 'server' => 'test_server', + 'client' => 'test_client', + 'key' => 'persist-key' + )} + it { should contain_openvpn__option('persist-tun test_server with test_client').with( + 'server' => 'test_server', + 'client' => 'test_client', + 'key' => 'persist-tun' + )} + it { should contain_openvpn__option('mute-replay-warnings test_server with test_client').with( + 'server' => 'test_server', + 'client' => 'test_client', + 'key' => 'mute-replay-warnings' + )} + it { should contain_openvpn__option('ns-cert-type test_server with test_client').with( + 'server' => 'test_server', + 'client' => 'test_client', + 'key' => 'ns-cert-type', + 'value' => 'server' + )} + it { should contain_openvpn__option('comp-lzo test_server with test_client').with( + 'server' => 'test_server', + 'client' => 'test_client', + 'key' => 'comp-lzo' + )} + it { should contain_openvpn__option('verb test_server with test_client').with( + 'server' => 'test_server', + 'client' => 'test_client', + 'key' => 'verb', + 'value' => '3' + )} + it { should contain_openvpn__option('mute test_server with test_client').with( + 'server' => 'test_server', + 'client' => 'test_client', + 'key' => 'mute', + 'value' => '20' + )} +end diff --git a/puppet/modules/openvpn/spec/defines/openvpn_option_spec.rb b/puppet/modules/openvpn/spec/defines/openvpn_option_spec.rb new file mode 100644 index 00000000..a2d1661d --- /dev/null +++ b/puppet/modules/openvpn/spec/defines/openvpn_option_spec.rb @@ -0,0 +1,42 @@ +require 'spec_helper' + +describe 'openvpn::option', :type => :define do + + let(:title) { 'test_param' } + + context "when key => 'test_key', server => 'test_server'" do + let(:params) { { 'key' => 'test_key', 'server' => 'test_server' } } + + it { should contain_concat__fragment('openvpn.test_server..test_param').with( + 'target' => '/etc/openvpn/test_server.conf', + 'content' => "test_key\n" + ) } + end + + context "when key => 'test_key', value => 'test_value', server => 'test_server'" do + let(:params) { { 'key' => 'test_key', 'value' => 'test_value', 'server' => 'test_server' } } + + it { should contain_concat__fragment('openvpn.test_server..test_param').with( + 'target' => '/etc/openvpn/test_server.conf', + 'content' => "test_key test_value\n" + ) } + end + + context "when key => 'test_key', server => 'test_server', client => 'test_client'" do + let(:params) { { 'key' => 'test_key', 'server' => 'test_server', 'client' => 'test_client' } } + + it { should contain_concat__fragment('openvpn.test_server.test_client.test_param').with( + 'target' => '/etc/openvpn/test_server/download-configs/test_client/test_client.conf', + 'content' => "test_key\n" + ) } + end + + context "when key => 'test_key', server => 'test_server', client => 'test_client', csc => true" do + let(:params) { { 'key' => 'test_key', 'server' => 'test_server', 'client' => 'test_client', 'csc' => 'true' } } + + it { should contain_concat__fragment('openvpn.test_server.test_client.test_param').with( + 'target' => '/etc/openvpn/test_server/client-configs/test_client', + 'content' => "test_key\n" + ) } + end +end diff --git a/puppet/modules/openvpn/spec/defines/openvpn_server_spec.rb b/puppet/modules/openvpn/spec/defines/openvpn_server_spec.rb new file mode 100644 index 00000000..1032302e --- /dev/null +++ b/puppet/modules/openvpn/spec/defines/openvpn_server_spec.rb @@ -0,0 +1,109 @@ +require 'spec_helper' + +describe 'openvpn::server', :type => :define do + + let(:title) { 'test_server' } + let(:params) { { + 'country' => 'CO', + 'province' => 'ST', + 'city' => 'Some City', + 'organization' => 'example.org', + 'email' => 'testemail@example.org' + } } + + let (:facts) { { :concat_basedir => '/var/lib/puppet/concat' } } + + # Files associated with a server config + it { should contain_file('/etc/openvpn/test_server').with('ensure' => 'directory')} + it { should contain_file('/etc/openvpn/test_server/client-configs').with('ensure' => 'directory')} + it { should contain_file('/etc/openvpn/test_server/download-configs').with('ensure' => 'directory')} + it { should contain_file('/etc/openvpn/test_server/easy-rsa/vars')} + it { should contain_file('/etc/openvpn/test_server/easy-rsa/openssl.cnf')} + it { should contain_file('/etc/openvpn/test_server/keys').with( + 'ensure' => 'link', + 'target' => '/etc/openvpn/test_server/easy-rsa/keys' + )} + + it { should contain_concat__fragment('openvpn.default.autostart.test_server').with( + 'content' => "AUTOSTART=\"$AUTOSTART test_server\"\n", + 'target' => '/etc/default/openvpn' + )} + + # Execs to working with certificates + it { should contain_exec('copy easy-rsa to openvpn config folder test_server').with( + 'command' => '/bin/cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/test_server/easy-rsa' + )} + it { should contain_exec('generate dh param test_server') } + it { should contain_exec('initca test_server') } + it { should contain_exec('generate server cert test_server') } + + # Options that should be set + it { should contain_openvpn__option('client-config-dir test_server').with( + 'server' => 'test_server', + 'key' => 'client-config-dir', + 'value' => '/etc/openvpn/test_server/client-configs' + )} + it { should contain_openvpn__option('mode test_server').with( + 'server' => 'test_server', + 'key' => 'mode', + 'value' => 'server' + )} + it { should contain_openvpn__option('ca test_server').with( + 'server' => 'test_server', + 'key' => 'ca', + 'value' => '/etc/openvpn/test_server/keys/ca.crt' + )} + it { should contain_openvpn__option('cert test_server').with( + 'server' => 'test_server', + 'key' => 'cert', + 'value' => '/etc/openvpn/test_server/keys/server.crt' + )} + it { should contain_openvpn__option('key test_server').with( + 'server' => 'test_server', + 'key' => 'key', + 'value' => '/etc/openvpn/test_server/keys/server.key' + )} + it { should contain_openvpn__option('dh test_server').with( + 'server' => 'test_server', + 'key' => 'dh', + 'value' => '/etc/openvpn/test_server/keys/dh1024.pem' + )} + it { should contain_openvpn__option('proto test_server').with( + 'server' => 'test_server', + 'key' => 'proto', + 'value' => 'tcp' + )} + it { should contain_openvpn__option('comp-lzo test_server').with( + 'server' => 'test_server', + 'key' => 'comp-lzo' + )} + + context "when RedHat based machine" do + let(:facts) { { :osfamily => 'RedHat', :concat_basedir => '/var/lib/puppet/concat' } } + + it { should contain_file('/etc/openvpn/test_server/easy-rsa/openssl.cnf').with( + 'ensure' => 'link', + 'target' => '/etc/openvpn/test_server/easy-rsa/openssl-1.0.0.cnf' + )} + + it { should contain_exec('copy easy-rsa to openvpn config folder test_server').with( + 'command' => '/bin/cp -r /usr/share/doc/openvpn-2.2.2/easy-rsa/2.0 /etc/openvpn/test_server/easy-rsa' + )} + + end + + context "when Debian based machine" do + let(:facts) { { :osfamily => 'Debian', :concat_basedir => '/var/lib/puppet/concat' } } + + it { should contain_file('/etc/openvpn/test_server/easy-rsa/openssl.cnf').with( + 'ensure' => 'link', + 'target' => '/etc/openvpn/test_server/easy-rsa/openssl-1.0.0.cnf' + )} + + it { should contain_exec('copy easy-rsa to openvpn config folder test_server').with( + 'command' => '/bin/cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/test_server/easy-rsa' + )} + + end + +end |