summaryrefslogtreecommitdiffstats
path: root/spec/classes
diff options
context:
space:
mode:
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-06-29 15:03:11 +0300
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-07-31 13:30:14 +0000
commite51e79692032d2cf8c6092e86c5a28a0e7f1832d (patch)
treef1b8615c5d0cff941a263b8936abfedd0e534080 /spec/classes
parent01ae50352519d80810739c0f9319f74aab2e786d (diff)
Enable TLS for the HAProxy stats interface
This creates a new class for the stats interface and furtherly configures it to also use the certificates that are provided by certmonger (via the internal_certificates_specs variable). Note that the already existing haproxy_stats_certificate still works and will take precedence if it's set. bp tls-via-certmonger Change-Id: Iea65d91648ab13dbe6ec20241a1a7c95ce856e3e
Diffstat (limited to 'spec/classes')
-rw-r--r--spec/classes/tripleo_haproxy_stats_spec.rb104
1 files changed, 104 insertions, 0 deletions
diff --git a/spec/classes/tripleo_haproxy_stats_spec.rb b/spec/classes/tripleo_haproxy_stats_spec.rb
new file mode 100644
index 0000000..bad5bf1
--- /dev/null
+++ b/spec/classes/tripleo_haproxy_stats_spec.rb
@@ -0,0 +1,104 @@
+#
+# Copyright (C) 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+
+describe 'tripleo::haproxy::stats' do
+
+ shared_examples_for 'tripleo::haproxy::stats' do
+ let :pre_condition do
+ "Haproxy::Listen {
+ config_file => '/etc/haproxy.cfg'
+ }"
+ end
+
+ context 'with only required parameters' do
+ let(:params) do
+ {
+ :ip => '127.0.0.1',
+ :haproxy_listen_bind_param => ['transparent'],
+ }
+ end
+ it 'should configure basic stats frontend' do
+ is_expected.to contain_haproxy__listen('haproxy.stats').with(
+ :bind => {
+ "127.0.0.1:1993" => ['transparent']
+ },
+ :mode => 'http',
+ :options => {
+ 'stats' => ['enable', 'uri /']
+ },
+ :collect_exported => false
+ )
+ end
+ end
+
+ context 'with auth parameters' do
+ let(:params) do
+ {
+ :ip => '127.0.0.1',
+ :haproxy_listen_bind_param => ['transparent'],
+ :user => 'myuser',
+ :password => 'superdupersecret',
+ }
+ end
+ it 'should configure stats frontend with auth enabled' do
+ is_expected.to contain_haproxy__listen('haproxy.stats').with(
+ :bind => {
+ "127.0.0.1:1993" => ['transparent']
+ },
+ :mode => 'http',
+ :options => {
+ 'stats' => ['enable', 'uri /', 'auth myuser:superdupersecret']
+ },
+ :collect_exported => false
+ )
+ end
+ end
+
+ context 'with certificate parameter' do
+ let(:params) do
+ {
+ :ip => '127.0.0.1',
+ :haproxy_listen_bind_param => ['transparent'],
+ :certificate => '/path/to/cert',
+ }
+ end
+ it 'should configure stats frontend with TLS enabled' do
+ is_expected.to contain_haproxy__listen('haproxy.stats').with(
+ :bind => {
+ "127.0.0.1:1993" => ['transparent', 'ssl', 'crt', '/path/to/cert']
+ },
+ :mode => 'http',
+ :options => {
+ 'stats' => ['enable', 'uri /']
+ },
+ :collect_exported => false
+ )
+ end
+ end
+ end
+
+ on_supported_os.each do |os, facts|
+ context "on #{os}" do
+ let(:facts) do
+ facts.merge({})
+ end
+
+ it_behaves_like 'tripleo::haproxy::stats'
+ end
+ end
+end