summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.fixtures.yml6
-rw-r--r--.gitignore1
-rw-r--r--Rakefile2
-rw-r--r--manifests/client.pp2
-rw-r--r--manifests/init.pp1
-rw-r--r--spec/classes/openvpn_init_spec.rb20
-rw-r--r--spec/defines/openvpn_client_spec.rb116
-rw-r--r--spec/defines/openvpn_option_spec.rb42
-rw-r--r--spec/defines/openvpn_server_spec.rb109
-rw-r--r--spec/spec_helper.rb2
10 files changed, 300 insertions, 1 deletions
diff --git a/.fixtures.yml b/.fixtures.yml
new file mode 100644
index 0000000..1125ecc
--- /dev/null
+++ b/.fixtures.yml
@@ -0,0 +1,6 @@
+fixtures:
+ repositories:
+ concat: git://github.com/ripienaar/puppet-concat.git
+ symlinks:
+ openvpn: "#{source_dir}"
+
diff --git a/.gitignore b/.gitignore
index 5fff1d9..12c29e7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
pkg
+spec/fixtures
diff --git a/Rakefile b/Rakefile
new file mode 100644
index 0000000..14f1c24
--- /dev/null
+++ b/Rakefile
@@ -0,0 +1,2 @@
+require 'rubygems'
+require 'puppetlabs_spec_helper/rake_tasks'
diff --git a/manifests/client.pp b/manifests/client.pp
index 7927000..ed11b3a 100644
--- a/manifests/client.pp
+++ b/manifests/client.pp
@@ -1,6 +1,6 @@
# client.pp
-define openvpn::client($server, $remote_host = $fqdn) {
+define openvpn::client($server, $remote_host = $::fqdn) {
exec {
"generate certificate for ${name} in context of ${server}":
command => ". ./vars && ./pkitool ${name}",
diff --git a/manifests/init.pp b/manifests/init.pp
index 6fd4510..a3dd70c 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -8,6 +8,7 @@ class openvpn {
service {
'openvpn':
ensure => running,
+ enable => true,
hasrestart => true,
hasstatus => true,
require => Exec['concat_/etc/default/openvpn'];
diff --git a/spec/classes/openvpn_init_spec.rb b/spec/classes/openvpn_init_spec.rb
new file mode 100644
index 0000000..cdfdea1
--- /dev/null
+++ b/spec/classes/openvpn_init_spec.rb
@@ -0,0 +1,20 @@
+require 'spec_helper'
+
+describe 'openvpn', :type => :class do
+
+ let (:facts) { { :concat_basedir => '/var/lib/puppet/concat' } }
+
+ it { should create_class('openvpn') }
+ it { should contain_class('concat::setup') }
+ it { should contain_package('openvpn') }
+ it { should contain_service('openvpn').with(
+ 'ensure' => 'running',
+ 'enable' => true
+ ) }
+
+ it { should contain_file('/etc/openvpn').with('ensure' => 'directory') }
+ it { should contain_file('/etc/openvpn/keys').with('ensure' => 'directory') }
+
+ it { should contain_concat__fragment('openvpn.default.header') }
+
+end
diff --git a/spec/defines/openvpn_client_spec.rb b/spec/defines/openvpn_client_spec.rb
new file mode 100644
index 0000000..da71d63
--- /dev/null
+++ b/spec/defines/openvpn_client_spec.rb
@@ -0,0 +1,116 @@
+require 'spec_helper'
+
+describe 'openvpn::client', :type => :define do
+ let(:title) { 'test_client' }
+ let(:params) { { 'server' => 'test_server' } }
+ let(:facts) { { :fqdn => 'somehost', :concat_basedir => '/var/lib/puppet/concat' } }
+
+ it { should contain_exec('generate certificate for test_client in context of test_server') }
+
+ [ 'test_client', 'test_client/keys'].each do |directory|
+ it { should contain_file("/etc/openvpn/test_server/download-configs/#{directory}") }
+ end
+
+ [ 'test_client.crt', 'test_client.key', 'ca.crt' ].each do |file|
+ it { should contain_file("/etc/openvpn/test_server/download-configs/test_client/keys/#{file}").with(
+ 'ensure' => 'link',
+ 'target' => "/etc/openvpn/test_server/easy-rsa/keys/#{file}"
+ )}
+ end
+
+ it { should contain_exec('tar the thing test_server with test_client').with(
+ 'cwd' => '/etc/openvpn/test_server/download-configs/',
+ 'command' => '/bin/rm test_client.tar.gz; tar --exclude=\*.conf.d -chzvf test_client.tar.gz test_client'
+ ) }
+
+ it { should contain_openvpn__option('ca test_server with test_client').with(
+ 'server' => 'test_server',
+ 'client' => 'test_client',
+ 'key' => 'ca',
+ 'value' => 'keys/ca.crt'
+ )}
+ it { should contain_openvpn__option('cert test_server with test_client').with(
+ 'server' => 'test_server',
+ 'client' => 'test_client',
+ 'key' => 'cert',
+ 'value' => 'keys/test_client.crt'
+ )}
+ it { should contain_openvpn__option('key test_server with test_client').with(
+ 'server' => 'test_server',
+ 'client' => 'test_client',
+ 'key' => 'key',
+ 'value' => 'keys/test_client.key'
+ )}
+ it { should contain_openvpn__option('client test_server with test_client').with(
+ 'server' => 'test_server',
+ 'client' => 'test_client',
+ 'key' => 'client'
+ )}
+ it { should contain_openvpn__option('dev test_server with test_client').with(
+ 'server' => 'test_server',
+ 'client' => 'test_client',
+ 'key' => 'dev',
+ 'value' => 'tun'
+ )}
+ it { should contain_openvpn__option('proto test_server with test_client').with(
+ 'server' => 'test_server',
+ 'client' => 'test_client',
+ 'key' => 'proto',
+ 'value' => 'tcp'
+ )}
+ it { should contain_openvpn__option('remote test_server with test_client').with(
+ 'server' => 'test_server',
+ 'client' => 'test_client',
+ 'key' => 'remote',
+ 'value' => 'somehost 1194'
+ )}
+ it { should contain_openvpn__option('resolv-retry test_server with test_client').with(
+ 'server' => 'test_server',
+ 'client' => 'test_client',
+ 'key' => 'resolv-retry',
+ 'value' => 'infinite'
+ )}
+ it { should contain_openvpn__option('nobind test_server with test_client').with(
+ 'server' => 'test_server',
+ 'client' => 'test_client',
+ 'key' => 'nobind'
+ )}
+ it { should contain_openvpn__option('persist-key test_server with test_client').with(
+ 'server' => 'test_server',
+ 'client' => 'test_client',
+ 'key' => 'persist-key'
+ )}
+ it { should contain_openvpn__option('persist-tun test_server with test_client').with(
+ 'server' => 'test_server',
+ 'client' => 'test_client',
+ 'key' => 'persist-tun'
+ )}
+ it { should contain_openvpn__option('mute-replay-warnings test_server with test_client').with(
+ 'server' => 'test_server',
+ 'client' => 'test_client',
+ 'key' => 'mute-replay-warnings'
+ )}
+ it { should contain_openvpn__option('ns-cert-type test_server with test_client').with(
+ 'server' => 'test_server',
+ 'client' => 'test_client',
+ 'key' => 'ns-cert-type',
+ 'value' => 'server'
+ )}
+ it { should contain_openvpn__option('comp-lzo test_server with test_client').with(
+ 'server' => 'test_server',
+ 'client' => 'test_client',
+ 'key' => 'comp-lzo'
+ )}
+ it { should contain_openvpn__option('verb test_server with test_client').with(
+ 'server' => 'test_server',
+ 'client' => 'test_client',
+ 'key' => 'verb',
+ 'value' => '3'
+ )}
+ it { should contain_openvpn__option('mute test_server with test_client').with(
+ 'server' => 'test_server',
+ 'client' => 'test_client',
+ 'key' => 'mute',
+ 'value' => '20'
+ )}
+end
diff --git a/spec/defines/openvpn_option_spec.rb b/spec/defines/openvpn_option_spec.rb
new file mode 100644
index 0000000..a2d1661
--- /dev/null
+++ b/spec/defines/openvpn_option_spec.rb
@@ -0,0 +1,42 @@
+require 'spec_helper'
+
+describe 'openvpn::option', :type => :define do
+
+ let(:title) { 'test_param' }
+
+ context "when key => 'test_key', server => 'test_server'" do
+ let(:params) { { 'key' => 'test_key', 'server' => 'test_server' } }
+
+ it { should contain_concat__fragment('openvpn.test_server..test_param').with(
+ 'target' => '/etc/openvpn/test_server.conf',
+ 'content' => "test_key\n"
+ ) }
+ end
+
+ context "when key => 'test_key', value => 'test_value', server => 'test_server'" do
+ let(:params) { { 'key' => 'test_key', 'value' => 'test_value', 'server' => 'test_server' } }
+
+ it { should contain_concat__fragment('openvpn.test_server..test_param').with(
+ 'target' => '/etc/openvpn/test_server.conf',
+ 'content' => "test_key test_value\n"
+ ) }
+ end
+
+ context "when key => 'test_key', server => 'test_server', client => 'test_client'" do
+ let(:params) { { 'key' => 'test_key', 'server' => 'test_server', 'client' => 'test_client' } }
+
+ it { should contain_concat__fragment('openvpn.test_server.test_client.test_param').with(
+ 'target' => '/etc/openvpn/test_server/download-configs/test_client/test_client.conf',
+ 'content' => "test_key\n"
+ ) }
+ end
+
+ context "when key => 'test_key', server => 'test_server', client => 'test_client', csc => true" do
+ let(:params) { { 'key' => 'test_key', 'server' => 'test_server', 'client' => 'test_client', 'csc' => 'true' } }
+
+ it { should contain_concat__fragment('openvpn.test_server.test_client.test_param').with(
+ 'target' => '/etc/openvpn/test_server/client-configs/test_client',
+ 'content' => "test_key\n"
+ ) }
+ end
+end
diff --git a/spec/defines/openvpn_server_spec.rb b/spec/defines/openvpn_server_spec.rb
new file mode 100644
index 0000000..1032302
--- /dev/null
+++ b/spec/defines/openvpn_server_spec.rb
@@ -0,0 +1,109 @@
+require 'spec_helper'
+
+describe 'openvpn::server', :type => :define do
+
+ let(:title) { 'test_server' }
+ let(:params) { {
+ 'country' => 'CO',
+ 'province' => 'ST',
+ 'city' => 'Some City',
+ 'organization' => 'example.org',
+ 'email' => 'testemail@example.org'
+ } }
+
+ let (:facts) { { :concat_basedir => '/var/lib/puppet/concat' } }
+
+ # Files associated with a server config
+ it { should contain_file('/etc/openvpn/test_server').with('ensure' => 'directory')}
+ it { should contain_file('/etc/openvpn/test_server/client-configs').with('ensure' => 'directory')}
+ it { should contain_file('/etc/openvpn/test_server/download-configs').with('ensure' => 'directory')}
+ it { should contain_file('/etc/openvpn/test_server/easy-rsa/vars')}
+ it { should contain_file('/etc/openvpn/test_server/easy-rsa/openssl.cnf')}
+ it { should contain_file('/etc/openvpn/test_server/keys').with(
+ 'ensure' => 'link',
+ 'target' => '/etc/openvpn/test_server/easy-rsa/keys'
+ )}
+
+ it { should contain_concat__fragment('openvpn.default.autostart.test_server').with(
+ 'content' => "AUTOSTART=\"$AUTOSTART test_server\"\n",
+ 'target' => '/etc/default/openvpn'
+ )}
+
+ # Execs to working with certificates
+ it { should contain_exec('copy easy-rsa to openvpn config folder test_server').with(
+ 'command' => '/bin/cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/test_server/easy-rsa'
+ )}
+ it { should contain_exec('generate dh param test_server') }
+ it { should contain_exec('initca test_server') }
+ it { should contain_exec('generate server cert test_server') }
+
+ # Options that should be set
+ it { should contain_openvpn__option('client-config-dir test_server').with(
+ 'server' => 'test_server',
+ 'key' => 'client-config-dir',
+ 'value' => '/etc/openvpn/test_server/client-configs'
+ )}
+ it { should contain_openvpn__option('mode test_server').with(
+ 'server' => 'test_server',
+ 'key' => 'mode',
+ 'value' => 'server'
+ )}
+ it { should contain_openvpn__option('ca test_server').with(
+ 'server' => 'test_server',
+ 'key' => 'ca',
+ 'value' => '/etc/openvpn/test_server/keys/ca.crt'
+ )}
+ it { should contain_openvpn__option('cert test_server').with(
+ 'server' => 'test_server',
+ 'key' => 'cert',
+ 'value' => '/etc/openvpn/test_server/keys/server.crt'
+ )}
+ it { should contain_openvpn__option('key test_server').with(
+ 'server' => 'test_server',
+ 'key' => 'key',
+ 'value' => '/etc/openvpn/test_server/keys/server.key'
+ )}
+ it { should contain_openvpn__option('dh test_server').with(
+ 'server' => 'test_server',
+ 'key' => 'dh',
+ 'value' => '/etc/openvpn/test_server/keys/dh1024.pem'
+ )}
+ it { should contain_openvpn__option('proto test_server').with(
+ 'server' => 'test_server',
+ 'key' => 'proto',
+ 'value' => 'tcp'
+ )}
+ it { should contain_openvpn__option('comp-lzo test_server').with(
+ 'server' => 'test_server',
+ 'key' => 'comp-lzo'
+ )}
+
+ context "when RedHat based machine" do
+ let(:facts) { { :osfamily => 'RedHat', :concat_basedir => '/var/lib/puppet/concat' } }
+
+ it { should contain_file('/etc/openvpn/test_server/easy-rsa/openssl.cnf').with(
+ 'ensure' => 'link',
+ 'target' => '/etc/openvpn/test_server/easy-rsa/openssl-1.0.0.cnf'
+ )}
+
+ it { should contain_exec('copy easy-rsa to openvpn config folder test_server').with(
+ 'command' => '/bin/cp -r /usr/share/doc/openvpn-2.2.2/easy-rsa/2.0 /etc/openvpn/test_server/easy-rsa'
+ )}
+
+ end
+
+ context "when Debian based machine" do
+ let(:facts) { { :osfamily => 'Debian', :concat_basedir => '/var/lib/puppet/concat' } }
+
+ it { should contain_file('/etc/openvpn/test_server/easy-rsa/openssl.cnf').with(
+ 'ensure' => 'link',
+ 'target' => '/etc/openvpn/test_server/easy-rsa/openssl-1.0.0.cnf'
+ )}
+
+ it { should contain_exec('copy easy-rsa to openvpn config folder test_server').with(
+ 'command' => '/bin/cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/test_server/easy-rsa'
+ )}
+
+ end
+
+end
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
new file mode 100644
index 0000000..dc7e9f4
--- /dev/null
+++ b/spec/spec_helper.rb
@@ -0,0 +1,2 @@
+require 'rubygems'
+require 'puppetlabs_spec_helper/module_spec_helper'