From ba45bf0472573d7e8646376a4a2a5a71c764e6b9 Mon Sep 17 00:00:00 2001
From: varac <varacanero@zeromail.org>
Date: Mon, 29 Aug 2016 17:27:13 +0200
Subject: use experimental-0.9 deb repo for ci builds

---
 tests/puppet/provider/common.json | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/tests/puppet/provider/common.json b/tests/puppet/provider/common.json
index c891fea3..a13f8f75 100644
--- a/tests/puppet/provider/common.json
+++ b/tests/puppet/provider/common.json
@@ -1,5 +1,12 @@
-//
-// Options put here are inherited by all nodes.
-//
 {
+  "sources": {
+    "platform": {
+      "apt": {
+        "basic": "http://deb.leap.se/experimental-0.9"
+      }
+    },
+    "nickserver": {
+      "revision": "develop"
+    }
+  }
 }
-- 
cgit v1.2.3


From dadac49e55f19e7ac814ae798dcfb87fddbef0ba Mon Sep 17 00:00:00 2001
From: varac <varacanero@zeromail.org>
Date: Mon, 29 Aug 2016 18:31:42 +0200
Subject: [feat] Use twisted 16.2 from jessie-backports

New soledad packages now depend on Twisted 16.2.0 (see
https://leap.se/code/issues/8412), so we need to pin twisted to get
installed from jessie-backports.

- Resolves: #8418
---
 .../site_apt/manifests/preferences/twisted.pp      | 11 +++++++
 puppet/modules/site_webapp/manifests/init.pp       | 35 +++++++++++-----------
 2 files changed, 29 insertions(+), 17 deletions(-)
 create mode 100644 puppet/modules/site_apt/manifests/preferences/twisted.pp

diff --git a/puppet/modules/site_apt/manifests/preferences/twisted.pp b/puppet/modules/site_apt/manifests/preferences/twisted.pp
new file mode 100644
index 00000000..a3fa0950
--- /dev/null
+++ b/puppet/modules/site_apt/manifests/preferences/twisted.pp
@@ -0,0 +1,11 @@
+# Pin twisted to jessie-backports in order to
+# use 16.2.0 for i.e. soledad
+class site_apt::preferences::twisted {
+
+  apt::preferences_snippet { 'twisted':
+    package  => 'python-twisted*',
+    release  => "${::lsbdistcodename}-backports",
+    priority => 999;
+  }
+
+}
diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp
index 15925aba..cdad206a 100644
--- a/puppet/modules/site_webapp/manifests/init.pp
+++ b/puppet/modules/site_webapp/manifests/init.pp
@@ -16,21 +16,22 @@ class site_webapp {
 
   Class['site_config::default'] -> Class['site_webapp']
 
-  include site_config::ruby::dev
-  include site_webapp::apache
-  include site_webapp::couchdb
-  include site_haproxy
-  include site_webapp::cron
-  include site_config::default
-  include site_config::x509::cert
-  include site_config::x509::key
-  include site_config::x509::ca
-  include site_config::x509::client_ca::ca
-  include site_config::x509::client_ca::key
-  include site_nickserver
+  include ::site_config::ruby::dev
+  include ::site_webapp::apache
+  include ::site_webapp::couchdb
+  include ::site_haproxy
+  include ::site_webapp::cron
+  include ::site_config::default
+  include ::site_config::x509::cert
+  include ::site_config::x509::key
+  include ::site_config::x509::ca
+  include ::site_config::x509::client_ca::ca
+  include ::site_config::x509::client_ca::key
+  include ::site_nickserver
+  include ::site_apt::preferences::twisted
 
   # remove leftovers from previous installations on webapp nodes
-  include site_config::remove::webapp
+  include ::site_config::remove::webapp
 
   group { 'leap-webapp':
     ensure    => present,
@@ -163,17 +164,17 @@ class site_webapp {
   if $tor {
     $hidden_service = $tor['hidden_service']
     if $hidden_service['active'] {
-      include site_webapp::hidden_service
+      include ::site_webapp::hidden_service
     }
   }
 
 
   # needed for the soledad-sync check which is run on the
   # webapp node
-  include soledad::client
+  include ::soledad::client
 
   leap::logfile { 'webapp': }
 
-  include site_shorewall::webapp
-  include site_check_mk::agent::webapp
+  include ::site_shorewall::webapp
+  include ::site_check_mk::agent::webapp
 }
-- 
cgit v1.2.3


From d3bde1463bd31121a0015a93ad29f4db69fd77c7 Mon Sep 17 00:00:00 2001
From: varac <varacanero@zeromail.org>
Date: Mon, 29 Aug 2016 18:35:31 +0200
Subject: lint site_webapp/manifests/init.pp

---
 puppet/modules/site_webapp/manifests/init.pp | 36 +++++++++++++++++++---------
 1 file changed, 25 insertions(+), 11 deletions(-)

diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp
index cdad206a..83cf99a9 100644
--- a/puppet/modules/site_webapp/manifests/init.pp
+++ b/puppet/modules/site_webapp/manifests/init.pp
@@ -92,12 +92,16 @@ class site_webapp {
     '/srv/leap/webapp/config/provider':
       ensure  => directory,
       require => Vcsrepo['/srv/leap/webapp'],
-      owner   => leap-webapp, group => leap-webapp, mode => '0755';
+      owner   => 'leap-webapp',
+      group   => 'leap-webapp',
+      mode    => '0755';
 
     '/srv/leap/webapp/config/provider/provider.json':
       content => $provider,
       require => Vcsrepo['/srv/leap/webapp'],
-      owner   => leap-webapp, group => leap-webapp, mode => '0644';
+      owner   => 'leap-webapp',
+      group   => 'leap-webapp',
+      mode    => '0644';
 
     '/srv/leap/webapp/public/ca.crt':
       ensure  => link,
@@ -107,27 +111,37 @@ class site_webapp {
     "/srv/leap/webapp/public/${api_version}":
       ensure  => directory,
       require => Vcsrepo['/srv/leap/webapp'],
-      owner   => leap-webapp, group => leap-webapp, mode => '0755';
+      owner   => 'leap-webapp',
+      group   => 'leap-webapp',
+      mode    => '0755';
 
     "/srv/leap/webapp/public/${api_version}/config/":
       ensure  => directory,
       require => Vcsrepo['/srv/leap/webapp'],
-      owner   => leap-webapp, group => leap-webapp, mode => '0755';
+      owner   => 'leap-webapp',
+      group   => 'leap-webapp',
+      mode    => '0755';
 
     "/srv/leap/webapp/public/${api_version}/config/eip-service.json":
       content => $eip_service,
       require => Vcsrepo['/srv/leap/webapp'],
-      owner   => leap-webapp, group => leap-webapp, mode => '0644';
+      owner   => 'leap-webapp',
+      group   => 'leap-webapp',
+      mode    => '0644';
 
     "/srv/leap/webapp/public/${api_version}/config/soledad-service.json":
       content => $soledad_service,
       require => Vcsrepo['/srv/leap/webapp'],
-      owner   => leap-webapp, group => leap-webapp, mode => '0644';
+      owner   => 'leap-webapp',
+      group   => 'leap-webapp',
+      mode    => '0644';
 
     "/srv/leap/webapp/public/${api_version}/config/smtp-service.json":
       content => $smtp_service,
       require => Vcsrepo['/srv/leap/webapp'],
-      owner   => leap-webapp, group => leap-webapp, mode => '0644';
+      owner   => 'leap-webapp',
+      group   => 'leap-webapp',
+      mode    => '0644';
   }
 
   try::file {
@@ -136,8 +150,8 @@ class site_webapp {
       recurse => true,
       purge   => true,
       force   => true,
-      owner   => leap-webapp,
-      group   => leap-webapp,
+      owner   => 'leap-webapp',
+      group   => 'leap-webapp',
       mode    => 'u=rwX,go=rX',
       require => Vcsrepo['/srv/leap/webapp'],
       notify  => Exec['compile_assets'],
@@ -154,8 +168,8 @@ class site_webapp {
   file {
     '/srv/leap/webapp/config/config.yml':
       content => template('site_webapp/config.yml.erb'),
-      owner   => leap-webapp,
-      group   => leap-webapp,
+      owner   => 'leap-webapp',
+      group   => 'leap-webapp',
       mode    => '0600',
       require => Vcsrepo['/srv/leap/webapp'],
       notify  => Service['apache'];
-- 
cgit v1.2.3


From e9a4f439da7355dfe48a3f38aef8e291ea795bef Mon Sep 17 00:00:00 2001
From: varac <varacanero@zeromail.org>
Date: Tue, 30 Aug 2016 19:48:48 +0200
Subject: break on every deploy error

---
 bin/ci-build.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/bin/ci-build.sh b/bin/ci-build.sh
index 7b4895e5..248bd9f8 100755
--- a/bin/ci-build.sh
+++ b/bin/ci-build.sh
@@ -2,6 +2,9 @@
 
 . tests/puppet/provider/.platform-test.conf
 
+# break on every error
+set -e
+
 # create node(s) with unique id so we can run tests in parallel
 export TAG="build${CI_BUILD_ID}"
 [ -d "${PROVIDERDIR}/tags" ] || mkdir "${PROVIDERDIR}/tags"
-- 
cgit v1.2.3


From e98d216dedbec1dc672ba3d80d5d34f2f4d4e4df Mon Sep 17 00:00:00 2001
From: varac <varacanero@zeromail.org>
Date: Wed, 31 Aug 2016 23:50:45 +0200
Subject: [CI] Test catalog with all available services

---
 tests/puppet/provider/nodes/catalogtest.json | 33 ++++++++++++++++++++++++++--
 1 file changed, 31 insertions(+), 2 deletions(-)

diff --git a/tests/puppet/provider/nodes/catalogtest.json b/tests/puppet/provider/nodes/catalogtest.json
index 4f86ac19..05703666 100644
--- a/tests/puppet/provider/nodes/catalogtest.json
+++ b/tests/puppet/provider/nodes/catalogtest.json
@@ -1,10 +1,39 @@
 {
   "ip_address": "1.1.1.1",
+  "openvpn": {
+    "gateway_address": "1.1.1.2"
+  },
   "services": [
     "couchdb",
     "mx",
     "soledad",
-    "webapp"
+    "webapp",
+    "monitor",
+    "openvpn",
+    "tor",
+    "obfsproxy",
+    "static"
   ],
-  "tags": ["catalogtest"]
+  "tags": ["catalogtest","development"],
+  "static": {
+    "domains":{
+      "example.org": {
+        "tls_only": true,
+        "locations": {
+          "front": {
+            "path": "/",
+            "format": "amber",
+            "source": {
+              "type": "git",
+              "repo": "https://leap.se/git/bitmask_help",
+              "revision": "origin/master"
+            }
+          }
+        },
+        "cert": "= file('cert/example.org.crt')",
+        "key": "= file('cert/example.org.key')",
+        "ca_cert": "= file('cert/commercial_ca.crt')"
+      }
+    }
+  }
 }
-- 
cgit v1.2.3