Project

General

Profile

« Previous | Next » 

Revision 5cd77954

Added by Ewoud Kohl van Wijngaarden about 4 years ago

Convert to rspec-puppet-facts

View differences:

manifests/params.pp
'Archlinux': {
$dnsdir = '/etc'
$vardir = '/var/named'
$optionspath = '/etc/named.options.conf'
$optionspath = "${dnsdir}/named.options.conf"
$zonefilepath = "${vardir}/dynamic"
$localzonepath = 'unmanaged' # "${dnsdir}/named.local.conf"
$defaultzonepath = 'unmanaged'
spec/classes/dns_init_spec.rb
require 'spec_helper'
describe 'dns' do
on_supported_os.each do |os, os_facts|
context "on #{os}" do
let(:facts) { os_facts }
let(:package_name) do
case facts[:os]['family']
when 'Debian'
'bind9'
when 'FreeBSD'
'bind910'
else
'bind'
end
end
describe 'on RedHat with no custom parameters' do
let(:facts) do
{
:clientcert => 'puppetmaster.example.com',
:fqdn => 'puppetmaster.example.com',
:osfamily => 'RedHat',
}
end
describe 'with no custom parameters' do
it { should contain_class('dns::install') }
it { should contain_class('dns::config') }
it { should contain_class('dns::service') }
it { should contain_package('bind').with_ensure('present') }
it { should contain_group('named') }
it { should contain_concat('/etc/named/options.conf') }
it { verify_concat_fragment_contents(catalogue, 'options.conf+10-main.dns', [
'directory "/var/named";',
'recursion yes;',
'allow-query { any; };',
'dnssec-enable yes;',
'dnssec-validation yes;',
'empty-zones-enable yes;',
'listen-on-v6 { any; };',
'allow-recursion { localnets; localhost; };'
])}
it { should contain_concat('/etc/named/zones.conf').with_validate_cmd('/usr/sbin/named-checkconf %') }
it { should contain_concat('/etc/named.conf').with_validate_cmd('/usr/sbin/named-checkconf %') }
it { verify_concat_fragment_exact_contents(catalogue, 'named.conf+10-main.dns', [
'// named.conf',
'include "/etc/rndc.key";',
'controls {',
' inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };',
'};',
'options {',
' include "/etc/named/options.conf";',
'};',
'include "/etc/named.rfc1912.zones";',
'// Public view read by Server Admin',
'include "/etc/named/zones.conf";'
])}
it { should contain_file('/var/named/dynamic').with_ensure('directory') }
it { should contain_exec('create-rndc.key').
with_command("/usr/sbin/rndc-confgen -r /dev/urandom -a -c /etc/rndc.key") }
sysconfig_named_content = <<-SYSCONFIG
# This file is managed by Puppet.
#
# BIND named process options
# ~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# OPTIONS="whatever" -- These additional options will be passed to named
# at startup. Don't add -t here, enable proper
# -chroot.service unit file.
# Use of parameter -c is not supported here. Extend
# systemd named*.service instead. For more
# information please read the following KB article:
# https://access.redhat.com/articles/2986001
#
# DISABLE_ZONE_CHECKING -- By default, service file calls named-checkzone
# utility for every zone to ensure all zones are
# valid before named starts. If you set this option
# to 'yes' then service file doesn't perform those
# checks.
SYSCONFIG
it {
should contain_file('/etc/sysconfig/named').with(
owner: 'root',
group: 'root',
mode: '0644',
content: sysconfig_named_content
)
}
it { should contain_service('named').with_ensure('running').with_enable(true).with_restart(nil) }
end
describe 'with unmanaged localzonepath' do
let(:params) do {
:localzonepath => 'unmanaged',
} end
it { verify_concat_fragment_exact_contents(catalogue, 'named.conf+10-main.dns', [
'// named.conf',
'include "/etc/rndc.key";',
'controls {',
' inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };',
'};',
'options {',
' include "/etc/named/options.conf";',
'};',
'// Public view read by Server Admin',
'include "/etc/named/zones.conf";'
])}
end
describe 'with additional_directives' do
let(:params) { {:additional_directives => [
[
'logging {',
' channel string {',
' print-severity boolean;',
' print-category boolean;',
' };',
'};',
].join("\n"),
[
'lwres {',
' listen-on [ port integer ] {',
' ( ipv4_address | ipv6_address ) [ port integer ];',
' };',
' view string optional_class;',
' search { string; ... };',
' ndots integer;',
'};',
].join("\n"),
]} }
it { verify_concat_fragment_exact_contents(catalogue, 'named.conf+10-main.dns', [
'// named.conf',
'include "/etc/rndc.key";',
'controls {',
' inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };',
'};',
'options {',
' include "/etc/named/options.conf";',
'};',
'include "/etc/named.rfc1912.zones";',
'// additional directives',
'logging {',
' channel string {',
' print-severity boolean;',
' print-category boolean;',
' };',
'};',
'lwres {',
' listen-on [ port integer ] {',
' ( ipv4_address | ipv6_address ) [ port integer ];',
' };',
' view string optional_class;',
' search { string; ... };',
' ndots integer;',
'};',
'// Public view read by Server Admin',
'include "/etc/named/zones.conf";'
])}
end
describe 'with ipv6 disabled' do
let(:params) { {:listen_on_v6 => 'none'} }
it { should contain_concat('/etc/named/options.conf') }
it { verify_concat_fragment_contents(catalogue, 'options.conf+10-main.dns', [
'listen-on-v6 { none; };',
])}
end
describe 'with empty zones disabled' do
let(:params) { {:empty_zones_enable => 'no'} }
it { should contain_concat('/etc/named/options.conf') }
it { verify_concat_fragment_contents(catalogue, 'options.conf+10-main.dns', [
'empty-zones-enable no;',
])}
end
let(:group_name) do
case facts[:os]['family']
when 'RedHat'
'named'
when 'Archlinux'
'named'
else
'bind'
end
end
describe 'with dns_notify disabled' do
let(:params) { {:dns_notify => 'no' } }
it { should contain_concat('/etc/named/options.conf') }
it { verify_concat_fragment_contents(catalogue, 'options.conf+10-main.dns', [
'notify no;',
])}
end
let(:sbin) { facts[:os]['family'] == 'FreeBSD' ? '/usr/local/sbin' : '/usr/sbin' }
let(:etc_named_directory) do
case facts[:os]['family']
when 'Debian'
'/etc/bind'
when 'FreeBSD'
'/usr/local/etc/namedb'
when 'RedHat'
'/etc/named'
when 'Archlinux'
'/etc'
end
end
describe 'with forward only' do
let(:params) { {:forward => 'only'} }
it { should contain_concat('/etc/named/options.conf') }
it { verify_concat_fragment_contents(catalogue, 'options.conf+10-main.dns', [
'forward only;',
])}
end
let(:options_path) do
case facts[:os]['family']
when 'Debian'
'/etc/bind/named.conf.options'
when 'Archlinux'
"#{etc_named_directory}/named.options.conf"
else
"#{etc_named_directory}/options.conf"
end
end
describe 'with undef forward' do
let(:params) { {:forward => :undef} }
it { should contain_concat('/etc/named/options.conf') }
it { should contain_concat_fragment('options.conf+10-main.dns').without_content('/forward ;/') }
end
let(:etc_directory) { facts[:os]['family'] == 'RedHat' ? '/etc' : etc_named_directory }
let(:rndc_key) { "#{etc_directory}/rndc.key" }
describe 'with false listen_on_v6' do
let(:params) { {:listen_on_v6 => false} }
it { should contain_concat('/etc/named/options.conf') }
it { should contain_concat_fragment('options.conf+10-main.dns').without_content('/listen_on_v6/') }
end
describe 'with service_ensure stopped' do
let(:params) { {:service_ensure => 'stopped'} }
it { should contain_service('named').with_ensure('stopped').with_enable(true) }
end
let(:localzonepath) do
case facts[:os]['family']
when 'Debian'
"#{etc_directory}/zones.rfc1918"
when 'RedHat'
"#{etc_directory}/named.rfc1912.zones"
end
end
describe 'with service_enable false' do
let(:params) { {:service_enable => false} }
it { should contain_service('named').with_ensure('running').with_enable(false) }
end
let(:var_path) do
case facts[:os]['family']
when 'Debian'
'/var/cache/bind'
when 'FreeBSD'
"#{etc_named_directory}/working"
else
'/var/named'
end
end
describe 'with service_restart_command set to "/usr/sbin/service bind9 reload' do
let(:params) { {:service_restart_command => '/usr/sbin/service bind9 reload'} }
it {
should contain_service('named')
.with_ensure('running')
.with_enable(true)
.with_restart('/usr/sbin/service bind9 reload')
}
end
let(:zonefilepath) do
case facts[:os]['family']
when 'Debian'
"#{var_path}/zones"
when 'FreeBSD'
"#{etc_named_directory}/dynamic"
else
"#{var_path}/dynamic"
end
end
describe 'with group_manage false' do
let(:params) { {:group_manage => false} }
it { should_not contain_group('named') }
end
let(:service_name) { facts[:os]['family'] == 'Debian' ? 'bind9' : 'named' }
describe 'with no custom parameters' do
it { should contain_class('dns::params') }
it { should contain_class('dns::install') }
it { should contain_class('dns::config') }
it { should contain_class('dns::service') }
it { should contain_package(package_name).with_ensure('present') }
it { should contain_group(group_name) }
it { should contain_concat(options_path) }
it do
expected = [
"directory \"#{var_path}\";",
'recursion yes;',
'allow-query { any; };',
'dnssec-enable yes;',
'dnssec-validation yes;',
'empty-zones-enable yes;',
'listen-on-v6 { any; };',
'allow-recursion { localnets; localhost; };'
]
if facts[:os]['family'] == 'FreeBSD'
expected << 'pid-file "/var/run/named/pid";'
end
verify_concat_fragment_exact_contents(catalogue, 'options.conf+10-main.dns', expected)
end
it { should contain_concat("#{etc_named_directory}/zones.conf").with_validate_cmd("#{sbin}/named-checkconf %") }
it { should contain_concat("#{etc_directory}/named.conf").with_validate_cmd("#{sbin}/named-checkconf %") }
it do
expected = [
'// named.conf',
"include \"#{rndc_key}\";",
'controls {',
' inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };',
'};',
'options {',
" include \"#{options_path}\";",
'};',
"include \"#{localzonepath}\";",
'// Public view read by Server Admin',
"include \"#{etc_named_directory}/zones.conf\";"
]
unless localzonepath
expected = expected.reject { |line| line == 'include "";' }
end
verify_concat_fragment_exact_contents(catalogue, 'named.conf+10-main.dns', expected)
end
it { should contain_file(zonefilepath).with_ensure('directory') }
it do
should contain_exec('create-rndc.key')
.with_command("#{sbin}/rndc-confgen -r /dev/urandom -a -c #{rndc_key}")
.with_creates(rndc_key)
end
it { should contain_file(rndc_key) }
it { should contain_service(service_name).with_ensure('running').with_enable(true).with_restart(nil) }
end
describe 'with manage_service true' do
let(:params) { {:manage_service => true} }
it { should contain_service('named') }
end
describe 'with unmanaged localzonepath' do
describe 'with manage_service false' do
let(:params) { {:manage_service => false} }
it { should_not contain_service('named') }
end
let(:params) do {
:localzonepath => 'unmanaged',
} end
describe 'with acls set' do
let(:params) { {:acls => { 'trusted_nets' => [ '127.0.0.1/24', '127.0.1.0/24' ] } } }
it { verify_concat_fragment_exact_contents(catalogue, 'named.conf+10-main.dns', [
it { verify_concat_fragment_exact_contents(catalogue, 'named.conf+10-main.dns', [
'// named.conf',
'include "/etc/rndc.key";',
"include \"#{rndc_key}\";",
'controls {',
' inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };',
'};',
'options {',
' include "/etc/named/options.conf";',
'};',
'include "/etc/named.rfc1912.zones";',
'acl "trusted_nets" {',
' 127.0.0.1/24;',
' 127.0.1.0/24;',
" include \"#{options_path}\";",
'};',
'// Public view read by Server Admin',
'include "/etc/named/zones.conf";'
])}
end
describe 'with additional options' do
let(:params) { { :additional_options => { 'max-cache-ttl' => 3600, 'max-ncache-ttl' => 3600 } } }
it { verify_concat_fragment_contents(catalogue, 'options.conf+10-main.dns', [
'directory "/var/named";',
'recursion yes;',
'allow-query { any; };',
'dnssec-enable yes;',
'dnssec-validation yes;',
'empty-zones-enable yes;',
'listen-on-v6 { any; };',
'allow-recursion { localnets; localhost; };',
'max-cache-ttl 3600;',
'max-ncache-ttl 3600;'
])}
end
"include \"#{etc_named_directory}/zones.conf\";"
])}
end
describe 'with zones' do
let :params do
{
:zones => {
'example.com' => {},
},
}
describe 'with additional_directives' do
let(:params) { {:additional_directives => [
[
'logging {',
' channel string {',
' print-severity boolean;',
' print-category boolean;',
' };',
'};',
].join("\n"),
[
'lwres {',
' listen-on [ port integer ] {',
' ( ipv4_address | ipv6_address ) [ port integer ];',
' };',
' view string optional_class;',
' search { string; ... };',
' ndots integer;',
'};',
].join("\n"),
]} }
it do
expected = [
'// named.conf',
"include \"#{rndc_key}\";",
'controls {',
' inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };',
'};',
'options {',
" include \"#{options_path}\";",
'};',
localzonepath ? "include \"#{localzonepath}\";" : nil,
'// additional directives',
'logging {',
' channel string {',
' print-severity boolean;',
' print-category boolean;',
' };',
'};',
'lwres {',
' listen-on [ port integer ] {',
' ( ipv4_address | ipv6_address ) [ port integer ];',
' };',
' view string optional_class;',
' search { string; ... };',
' ndots integer;',
'};',
'// Public view read by Server Admin',
"include \"#{etc_named_directory}/zones.conf\";"
].compact
verify_concat_fragment_exact_contents(catalogue, 'named.conf+10-main.dns', expected)
end
end
it { should compile.with_all_deps }
it { should contain_dns__zone('example.com') }
end
describe 'with ipv6 disabled' do
let(:params) { {:listen_on_v6 => 'none'} }
describe 'with keys' do
let :params do
{
:keys => {
'dns-key' => {},
},
}
it { verify_concat_fragment_contents(catalogue, 'options.conf+10-main.dns', [
'listen-on-v6 { none; };',
])}
end
it { should compile.with_all_deps }
it { should contain_dns__key('dns-key') }
end
describe 'with empty zones disabled' do
let(:params) { {:empty_zones_enable => 'no'} }
describe 'with sysconfig settings' do
let :params do
{
sysconfig_startup_options: '-u named -4',
sysconfig_disable_zone_checking: true
}
it { verify_concat_fragment_contents(catalogue, 'options.conf+10-main.dns', [
'empty-zones-enable no;',
])}
end
sysconfig_named_content = <<-SYSCONFIG
# This file is managed by Puppet.
#
# BIND named process options
# ~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# OPTIONS="whatever" -- These additional options will be passed to named
# at startup. Don't add -t here, enable proper
# -chroot.service unit file.
# Use of parameter -c is not supported here. Extend
# systemd named*.service instead. For more
# information please read the following KB article:
# https://access.redhat.com/articles/2986001
#
# DISABLE_ZONE_CHECKING -- By default, service file calls named-checkzone
# utility for every zone to ensure all zones are
# valid before named starts. If you set this option
# to 'yes' then service file doesn't perform those
# checks.
OPTIONS="-u named -4"
DISABLE_ZONE_CHECKING="yes"
SYSCONFIG
it {
should contain_file('/etc/sysconfig/named').with(
owner: 'root',
group: 'root',
mode: '0644',
content: sysconfig_named_content
)
}
describe 'with dns_notify disabled' do
let(:params) { {:dns_notify => 'no' } }
end
it { verify_concat_fragment_contents(catalogue, 'options.conf+10-main.dns', [
'notify no;',
])}
end
describe 'with additional sysconfig settings' do
let :params do
{
sysconfig_startup_options: '-u named -4',
sysconfig_disable_zone_checking: true,
sysconfig_additional_settings: {
'FOO' => 'bar',
'export SOMETHING' => 'other',
'BAZ' => 'quux'
}
}
describe 'with forward only' do
let(:params) { {:forward => 'only'} }
it { verify_concat_fragment_contents(catalogue, 'options.conf+10-main.dns', [
'forward only;',
])}
end
sysconfig_named_content = <<-SYSCONFIG
# This file is managed by Puppet.
#
# BIND named process options
# ~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# OPTIONS="whatever" -- These additional options will be passed to named
# at startup. Don't add -t here, enable proper
# -chroot.service unit file.
# Use of parameter -c is not supported here. Extend
# systemd named*.service instead. For more
# information please read the following KB article:
# https://access.redhat.com/articles/2986001
#
# DISABLE_ZONE_CHECKING -- By default, service file calls named-checkzone
# utility for every zone to ensure all zones are
# valid before named starts. If you set this option
# to 'yes' then service file doesn't perform those
# checks.
OPTIONS="-u named -4"
DISABLE_ZONE_CHECKING="yes"
BAZ="quux"
FOO="bar"
export SOMETHING="other"
SYSCONFIG
it {
should contain_file('/etc/sysconfig/named').with(
owner: 'root',
group: 'root',
mode: '0644',
content: sysconfig_named_content
)
}
describe 'with undef forward' do
let(:params) { {:forward => :undef} }
end
end
it { should contain_concat_fragment('options.conf+10-main.dns').without_content('/forward ;/') }
end
describe 'on FreeBSD with no custom parameters' do
describe 'with false listen_on_v6' do
let(:params) { {:listen_on_v6 => false} }
let(:facts) do
{
:clientcert => 'puppetmaster.example.com',
:fqdn => 'puppetmaster.example.com',
:osfamily => 'FreeBSD',
}
end
it { should contain_concat_fragment('options.conf+10-main.dns').without_content('/listen_on_v6/') }
end
describe 'with no custom parameters' do
it { should contain_class('dns::install') }
it { should contain_class('dns::config') }
it { should contain_class('dns::service') }
it { should contain_package('bind910').with_ensure('present') }
it { should contain_group('bind') }
it { should contain_concat('/usr/local/etc/namedb/options.conf') }
it { verify_concat_fragment_contents(catalogue, 'options.conf+10-main.dns', [
'recursion yes;',
'allow-query { any; };',
'dnssec-enable yes;',
'dnssec-validation yes;',
'empty-zones-enable yes;',
'listen-on-v6 { any; };',
'allow-recursion { localnets; localhost; };'
])}
it { should contain_concat('/usr/local/etc/namedb/zones.conf').with_validate_cmd('/usr/local/sbin/named-checkconf %') }
it { should contain_concat('/usr/local/etc/namedb/named.conf').with_validate_cmd('/usr/local/sbin/named-checkconf %') }
it { verify_concat_fragment_exact_contents(catalogue, 'named.conf+10-main.dns', [
'// named.conf',
'include "/usr/local/etc/namedb/rndc.key";',
'controls {',
' inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };',
'};',
'options {',
' include "/usr/local/etc/namedb/options.conf";',
'};',
'// Public view read by Server Admin',
'include "/usr/local/etc/namedb/zones.conf";'
])}
describe 'with group_manage false' do
let(:params) { {:group_manage => false} }
it { should contain_file('/usr/local/etc/namedb/dynamic').with_ensure('directory') }
it { should contain_exec('create-rndc.key').
with_command("/usr/local/sbin/rndc-confgen -r /dev/urandom -a -c /usr/local/etc/namedb/rndc.key") }
it { should_not contain_group(group_name) }
end
it { should contain_service('named').with_ensure('running').with_enable(true) }
end
context 'service' do
describe 'with service_ensure stopped' do
let(:params) { {:service_ensure => 'stopped'} }
describe 'with service_ensure stopped' do
let(:params) { {:service_ensure => 'stopped'} }
it { should contain_service('named').with_ensure('stopped').with_enable(true) }
end
it { should contain_service(service_name).with_ensure('stopped').with_enable(true) }
end
describe 'with service_enable false' do
let(:params) { {:service_enable => false} }
it { should contain_service('named').with_ensure('running').with_enable(false) }
end
describe 'with service_enable false' do
let(:params) { {:service_enable => false} }
describe 'with group_manage false' do
let(:params) { {:group_manage => false} }
it { should_not contain_group('bind') }
end
it { should contain_service(service_name).with_ensure('running').with_enable(false) }
end
describe 'with manage_service true' do
let(:params) { {:manage_service => true} }
it { should contain_service('named') }
end
describe 'with service_restart_command set to "/usr/sbin/service bind9 reload' do
let(:params) { {:service_restart_command => '/usr/sbin/service bind9 reload'} }
it {
should contain_service(service_name)
.with_ensure('running')
.with_enable(true)
.with_restart('/usr/sbin/service bind9 reload')
}
end
describe 'with manage_service false' do
let(:params) { {:manage_service => false} }
it { should_not contain_service('named') }
end
end
describe 'with manage_service true' do
let(:params) { {:manage_service => true} }
it { should contain_service(service_name) }
end
describe 'on Debian' do
describe 'with manage_service false' do
let(:params) { {:manage_service => false} }
it { should_not contain_service(service_name) }
end
end
let(:facts) do
{
:clientcert => 'puppetmaster.example.com',
:fqdn => 'puppetmaster.example.com',
:osfamily => 'Debian',
}
end
describe 'with acls set' do
let(:params) { {:acls => { 'trusted_nets' => [ '127.0.0.1/24', '127.0.1.0/24' ] } } }
describe 'with no custom parameters' do
it { should contain_class('dns::install') }
it { should contain_class('dns::config') }
it { should contain_class('dns::service') }
it { should contain_package('bind9').with_ensure('present') }
it { should contain_group('bind') }
it { should contain_concat('/etc/bind/named.conf.options') }
it { verify_concat_fragment_contents(catalogue, 'options.conf+10-main.dns', [
'directory "/var/cache/bind";',
'recursion yes;',
'allow-query { any; };',
'dnssec-enable yes;',
'dnssec-validation yes;',
'empty-zones-enable yes;',
'listen-on-v6 { any; };',
'allow-recursion { localnets; localhost; };'
])}
it { should contain_concat('/etc/bind/named.conf') }
it { verify_concat_fragment_exact_contents(catalogue, 'named.conf+10-main.dns', [
'// named.conf',
'include "/etc/bind/rndc.key";',
'controls {',
' inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };',
'};',
'options {',
' include "/etc/bind/named.conf.options";',
it { verify_concat_fragment_contents(catalogue, 'named.conf+10-main.dns', [
'acl "trusted_nets" {',
' 127.0.0.1/24;',
' 127.0.1.0/24;',
'};',
'include "/etc/bind/zones.rfc1918";',
'// Public view read by Server Admin',
'include "/etc/bind/zones.conf";'
])}
it { should contain_file('/var/cache/bind/zones').with_ensure('directory') }
it { should contain_exec('create-rndc.key').
with_command("/usr/sbin/rndc-confgen -r /dev/urandom -a -c /etc/bind/rndc.key") }
sysconfig_named_content = <<-SYSCONFIG
# This file is managed by Puppet.
#
# run resolvconf?
RESOLVCONF=no
# startup options for the server
OPTIONS="-u bind"
SYSCONFIG
it {
should contain_file('/etc/default/bind9').with(
owner: 'root',
group: 'root',
mode: '0644',
content: sysconfig_named_content
)
}
it { should contain_service('bind9').with_ensure('running').with_enable(true) }
end
describe 'with sysconfig settings' do
let :params do
{
sysconfig_startup_options: '-u bind -4',
sysconfig_resolvconf_integration: true,
}
])}
end
sysconfig_named_content = <<-SYSCONFIG
# This file is managed by Puppet.
#
# run resolvconf?
RESOLVCONF=yes
# startup options for the server
OPTIONS="-u bind -4"
SYSCONFIG
it {
should contain_file('/etc/default/bind9').with(
owner: 'root',
group: 'root',
mode: '0644',
content: sysconfig_named_content
)
}
end
describe 'with additional options' do
let(:params) { { :additional_options => { 'max-cache-ttl' => 3600, 'max-ncache-ttl' => 3600 } } }
it { verify_concat_fragment_contents(catalogue, 'options.conf+10-main.dns', [
'max-cache-ttl 3600;',
'max-ncache-ttl 3600;'
])}
end
describe 'with additional sysconfig settings' do
let :params do
{
sysconfig_startup_options: '-u bind -4',
sysconfig_additional_settings: {
'FOO' => 'bar',
'export SOMETHING' => 'other',
'BAZ' => 'quux'
describe 'with zones' do
let :params do
{
:zones => {
'example.com' => {},
},
}
}
end
it { should compile.with_all_deps }
it { should contain_dns__zone('example.com') }
it { should contain_file("#{zonefilepath}/db.example.com") }
end
sysconfig_named_content = <<-SYSCONFIG
# This file is managed by Puppet.
#
# run resolvconf?
RESOLVCONF=no
# startup options for the server
OPTIONS="-u bind -4"
BAZ="quux"
FOO="bar"
export SOMETHING="other"
SYSCONFIG
it {
should contain_file('/etc/default/bind9').with(
owner: 'root',
group: 'root',
mode: '0644',
content: sysconfig_named_content
)
}
end
describe 'with keys' do
let :params do
{
:keys => {
'dns-key' => {},
},
}
end
describe 'with manage_service true' do
let(:params) { {:manage_service => true} }
it { should contain_service('bind9') }
end
it { should compile.with_all_deps }
it { should contain_dns__key('dns-key') }
it { should contain_concat__fragment('named.conf+20-key-dns-key.dns') }
it { should contain_exec('create-dns-key.key') }
it { should contain_file("#{etc_directory}/dns-key.key") }
end
describe 'with manage_service false' do
let(:params) { {:manage_service => false} }
it { should_not contain_service('bind9') }
context 'sysconfig', if: ['Debian', 'RedHat'].include?(os_facts[:os]['family']) do
let(:sysconfig_named_path) do
case facts[:os]['family']
when 'RedHat'
'/etc/sysconfig/named'
when 'Debian'
'/etc/default/bind9'
end
end
describe 'default parameters' do
let(:sysconfig_named_content) do
case facts[:os]['family']
when 'RedHat'
<<~SYSCONFIG
# This file is managed by Puppet.
#
# BIND named process options
# ~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# OPTIONS="whatever" -- These additional options will be passed to named
# at startup. Don't add -t here, enable proper
# -chroot.service unit file.
# Use of parameter -c is not supported here. Extend
# systemd named*.service instead. For more
# information please read the following KB article:
# https://access.redhat.com/articles/2986001
#
# DISABLE_ZONE_CHECKING -- By default, service file calls named-checkzone
# utility for every zone to ensure all zones are
# valid before named starts. If you set this option
# to 'yes' then service file doesn't perform those
# checks.
SYSCONFIG
when 'Debian'
<<~SYSCONFIG
# This file is managed by Puppet.
#
# run resolvconf?
RESOLVCONF=no
# startup options for the server
OPTIONS="-u bind"
SYSCONFIG
end
end
it do
should contain_file(sysconfig_named_path).with(
owner: 'root',
group: 'root',
mode: '0644',
content: sysconfig_named_content
)
end
end
describe 'with Red Hat sysconfig settings', if: os_facts[:os]['family'] == 'RedHat' do
let :params do
{
sysconfig_startup_options: '-u named -4',
sysconfig_disable_zone_checking: true
}
end
let(:sysconfig_named_content) do
<<~SYSCONFIG
# This file is managed by Puppet.
#
# BIND named process options
# ~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# OPTIONS="whatever" -- These additional options will be passed to named
# at startup. Don't add -t here, enable proper
# -chroot.service unit file.
# Use of parameter -c is not supported here. Extend
# systemd named*.service instead. For more
# information please read the following KB article:
# https://access.redhat.com/articles/2986001
#
# DISABLE_ZONE_CHECKING -- By default, service file calls named-checkzone
# utility for every zone to ensure all zones are
# valid before named starts. If you set this option
# to 'yes' then service file doesn't perform those
# checks.
OPTIONS="-u named -4"
DISABLE_ZONE_CHECKING="yes"
SYSCONFIG
end
it {
should contain_file(sysconfig_named_path).with(
owner: 'root',
group: 'root',
mode: '0644',
content: sysconfig_named_content
)
}
end
describe 'with Debian sysconfig settings', if: os_facts[:os]['family'] == 'Debian' do
let :params do
{
sysconfig_startup_options: '-u bind -4',
sysconfig_resolvconf_integration: true,
}
end
let(:sysconfig_named_content) do
<<~SYSCONFIG
# This file is managed by Puppet.
#
# run resolvconf?
RESOLVCONF=yes
# startup options for the server
OPTIONS="-u bind -4"
SYSCONFIG
end
it {
should contain_file(sysconfig_named_path).with(
owner: 'root',
group: 'root',
mode: '0644',
content: sysconfig_named_content
)
}
end
describe 'with additional sysconfig settings' do
let :params do
{
sysconfig_additional_settings: {
'FOO' => 'bar',
'export SOMETHING' => 'other',
'BAZ' => 'quux'
}
}
end
it {
verify_contents(catalogue, sysconfig_named_path, [
'BAZ="quux"',
'FOO="bar"',
'export SOMETHING="other"',
])
}
end
end
end
end
end
spec/defines/dns_key_spec.rb
require 'spec_helper'
describe 'dns::key' do
let(:facts) do
{
:clientcert => 'puppetmaster.example.com',
:fqdn => 'puppetmaster.example.com',
:osfamily => 'RedHat',
}
end
let(:title) { 'foreman_key' }
on_supported_os.each do |os, os_facts|
context "on #{os}" do
let(:facts) { os_facts }
let(:title) { 'foreman_key' }
let(:pre_condition) { 'include dns' }
let(:etc_named_directory) do
case facts[:os]['family']
when 'Debian'
'/etc/bind'
when 'FreeBSD'
'/usr/local/etc/namedb'
when 'RedHat'
'/etc'
when 'Archlinux'
'/etc'
end
end
let :pre_condition do
'include dns'
end
it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_exec('create-foreman_key.key').with_creates("#{etc_named_directory}/foreman_key.key") }
it { is_expected.to contain_file("#{etc_named_directory}/foreman_key.key").that_requires('Exec[create-foreman_key.key]') }
it { is_expected.to compile }
it { is_expected.to contain_exec('create-foreman_key.key') }
context 'secret set' do
let(:params) do
{
:secret => 'top_secret',
}
end
context 'secret set' do
let(:params) do
{
:secret => 'top_secret',
}
end
it 'should contain a file with the secret in it' do
is_expected.to contain_file('/etc/foreman_key.key')
verify_contents(catalogue, '/etc/foreman_key.key', [
'key "foreman_key" {',
' algorithm hmac-md5;',
' secret "top_secret";',
'};',
])
verify_concat_fragment_exact_contents(catalogue, 'named.conf+20-key-foreman_key.dns', [
'include "/etc/foreman_key.key";',
])
it 'should contain a file with the secret in it' do
verify_exact_contents(catalogue, "#{etc_named_directory}/foreman_key.key", [
'key "foreman_key" {',
' algorithm hmac-md5;',
' secret "top_secret";',
'};',
])
end
it do
is_expected.to contain_concat__fragment('named.conf+20-key-foreman_key.dns')
.with_content("include \"#{etc_named_directory}/foreman_key.key\";\n")
end
end
end
end
end
spec/defines/dns_view_spec.rb
require 'spec_helper'
describe 'dns::view' do
on_supported_os.each do |os, os_facts|
context "on #{os}" do
let(:facts) { os_facts }
let(:title) { "default" }
let(:facts) do
{
:clientcert => 'puppetmaster.example.com',
:fqdn => 'puppetmaster.example.com',
:osfamily => 'RedHat',
}
end
context "without dns::enable_view flag set" do
let :pre_condition do
'include dns'
end
let(:title) { "default" }
it { is_expected.to_not compile }
end
context "without dns::enable_view flag set" do
let :pre_condition do
'include dns'
end
it { is_expected.to_not compile }
end
context "with dns::enable_view flag set" do
let :pre_condition do
'class {"::dns": enable_views => true}'
end
context "with dns::enable_view flag set" do
let :pre_condition do
'class {"::dns": enable_views => true}'
it { should compile.with_all_deps }
end
end
it { should compile.with_all_deps }
end
end
spec/defines/dns_zone_spec.rb
require 'spec_helper'
describe 'dns::zone' do
let(:facts) do
{
:clientcert => 'puppetmaster.example.com',
:fqdn => 'puppetmaster.example.com',
:osfamily => 'RedHat',
}
end
let(:title) { "example.com" }
let :pre_condition do
'include dns'
end
it { is_expected.to compile.with_all_deps }
it "should have valid zone configuration" do
verify_concat_fragment_exact_contents(catalogue, 'dns_zones+10__GLOBAL__example.com.dns', [
'zone "example.com" {',
' type master;',
' file "/var/named/dynamic/db.example.com";',
' update-policy {',
' grant rndc-key zonesub ANY;',
' };',
'};',
])
end
it "should create zone file" do
should contain_file('/var/named/dynamic/db.example.com').with({
:owner => 'named',
:group => 'named',
:mode => '0644',
:replace => 'false',
}).that_notifies('Class[Dns::Service]')
end
it "should have valid zone file contents" do
verify_exact_contents(catalogue, '/var/named/dynamic/db.example.com', [
'$TTL 10800',
'@ IN SOA puppetmaster.example.com. root.example.com. (',
' 1 ;Serial',
' 86400 ;Refresh',
' 3600 ;Retry',
' 604800 ;Expire',
' 3600 ;Negative caching TTL',
')',
'@ IN NS puppetmaster.example.com.',
])
end
context 'when reverse => true' do
let(:title) { '1.168.192.in-addr.arpa' }
let(:params) {{ :reverse => true }}
it "should have valid zone file contents" do
verify_exact_contents(catalogue, '/var/named/dynamic/db.1.168.192.in-addr.arpa', [
'$TTL 10800',
'@ IN SOA puppetmaster.example.com. root.1.168.192.in-addr.arpa. (',
' 1 ;Serial',
' 86400 ;Refresh',
' 3600 ;Retry',
' 604800 ;Expire',
' 3600 ;Negative caching TTL',
')',
'@ IN NS puppetmaster.example.com.',
])
end
end
context 'with soaip and soaipv6' do
let(:params) { { soaip: '192.0.2.1', soaipv6: '2001:db8::1' } }
it "should have valid zone file contents" do
verify_exact_contents(catalogue, '/var/named/dynamic/db.example.com', [
'$TTL 10800',
'@ IN SOA puppetmaster.example.com. root.example.com. (',
' 1 ;Serial',
' 86400 ;Refresh',
' 3600 ;Retry',
' 604800 ;Expire',
' 3600 ;Negative caching TTL',
')',
'@ IN NS puppetmaster.example.com.',
'puppetmaster.example.com. IN A 192.0.2.1',
'puppetmaster.example.com. IN AAAA 2001:db8::1',
])
end
end
context 'when allow_transfer defined' do
let(:params) {{ :allow_transfer => ['192.168.1.2'] }}
it "should have valid zone configuration with allow-transfer" do
verify_concat_fragment_exact_contents(catalogue, 'dns_zones+10__GLOBAL__example.com.dns', [
'zone "example.com" {',
' type master;',
' file "/var/named/dynamic/db.example.com";',
' update-policy {',
' grant rndc-key zonesub ANY;',
' };',
' allow-transfer { 192.168.1.2; };',
'};',
])
end
context 'when allow_transfer with multiple values' do
let(:params) {{ :allow_transfer => ['192.168.1.2', '192.168.1.3'] }}
it "should have valid zone configuration with allow-transfer" do
verify_concat_fragment_exact_contents(catalogue, 'dns_zones+10__GLOBAL__example.com.dns', [
'zone "example.com" {',
' type master;',
' file "/var/named/dynamic/db.example.com";',
' update-policy {',
' grant rndc-key zonesub ANY;',
' };',
' allow-transfer { 192.168.1.2; 192.168.1.3; };',
'};',
])
on_supported_os.each do |os, os_facts|
context "on #{os}" do
let(:facts) { os_facts.merge(fqdn: 'puppetmaster.example.com') }
let(:title) { "example.com" }
let(:pre_condition) { 'include dns' }
let(:zonefilepath) do
case facts[:os]['family']
when 'Debian'
'/var/cache/bind/zones'
when 'FreeBSD'
'/usr/local/etc/namedb/dynamic'
else
'/var/named/dynamic'
end
end
end
end
context 'when also_notify defined' do
let(:params) {{ :also_notify => ['192.168.1.2'] }}
it "should have valid zone configuration with also-notify" do
verify_concat_fragment_exact_contents(catalogue, 'dns_zones+10__GLOBAL__example.com.dns', [
'zone "example.com" {',
' type master;',
' file "/var/named/dynamic/db.example.com";',
' update-policy {',
' grant rndc-key zonesub ANY;',
' };',
' also-notify { 192.168.1.2; };',
'};',
])
end
context 'when also_notify with multiple values' do
let(:params) {{ :also_notify => ['192.168.1.2', '192.168.1.3'] }}
it "should have valid zone configuration with also-notify" do
verify_concat_fragment_exact_contents(catalogue, 'dns_zones+10__GLOBAL__example.com.dns', [
'zone "example.com" {',
' type master;',
' file "/var/named/dynamic/db.example.com";',
' update-policy {',
' grant rndc-key zonesub ANY;',
' };',
' also-notify { 192.168.1.2; 192.168.1.3; };',
'};',
])
end
end
end
context 'when zonetype => slave' do
let(:params) {{ :zonetype => 'slave', :masters => ['192.168.1.1'] }}
it "should have valid slave zone configuration" do
verify_concat_fragment_exact_contents(catalogue, 'dns_zones+10__GLOBAL__example.com.dns', [
'zone "example.com" {',
' type slave;',
' file "/var/named/dynamic/db.example.com";',
' masters { 192.168.1.1; };',
' notify no;',
'};',
])
end
context 'when multiple masters defined' do
let(:params) {{ :zonetype => 'slave', :masters => ['192.168.1.1', '192.168.1.2'] }}
it "should have valid slave zone configuration" do
verify_concat_fragment_exact_contents(catalogue, 'dns_zones+10__GLOBAL__example.com.dns', [
'zone "example.com" {',
' type slave;',
' file "/var/named/dynamic/db.example.com";',
' masters { 192.168.1.1; 192.168.1.2; };',
' notify no;',
'};',
])
let(:user_name) do
case facts[:os]['family']
when 'RedHat'
'named'
when 'Archlinux'
'named'
else
'bind'
end
end
end
context 'when dns_notify => no' do
let(:params) {{ :dns_notify => 'no' }}
it { is_expected.to compile.with_all_deps }
it "should have valid slave zone configuration" do
it "should have valid zone configuration" do
verify_concat_fragment_exact_contents(catalogue, 'dns_zones+10__GLOBAL__example.com.dns', [
'zone "example.com" {',
' type master;',
' file "/var/named/dynamic/db.example.com";',
" file \"#{zonefilepath}/db.example.com\";",
' update-policy {',
' grant rndc-key zonesub ANY;',
' };',
' notify no;',
'};',
])
end
end
context 'with allow query' do
let(:params) {{ :zonetype => 'slave', :masters => ['192.168.1.1', '192.168.1.2'], :allow_query => ['1.2.3.4'] }}
it "should create zone file" do
should contain_file("#{zonefilepath}/db.example.com").with({
:owner => user_name,
:group => user_name,
:mode => '0644',
:replace => 'false',
}).that_notifies('Class[Dns::Service]')
end
it "should have valid slave zone configuration" do
verify_concat_fragment_exact_contents(catalogue, 'dns_zones+10__GLOBAL__example.com.dns', [
'zone "example.com" {',
' type slave;',
' file "/var/named/dynamic/db.example.com";',
' allow-query { 1.2.3.4; };',
' masters { 192.168.1.1; 192.168.1.2; };',
' notify no;',
'};',
it "should have valid zone file contents" do
verify_exact_contents(catalogue, "#{zonefilepath}/db.example.com", [
... This diff was truncated because it exceeds the maximum size that can be displayed.

Also available in: Unified diff