diff options
author | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-06-29 15:03:11 +0300 |
---|---|---|
committer | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-07-31 13:30:14 +0000 |
commit | e51e79692032d2cf8c6092e86c5a28a0e7f1832d (patch) | |
tree | f1b8615c5d0cff941a263b8936abfedd0e534080 /spec | |
parent | 01ae50352519d80810739c0f9319f74aab2e786d (diff) |
Enable TLS for the HAProxy stats interface
This creates a new class for the stats interface and furtherly
configures it to also use the certificates that are provided by
certmonger (via the internal_certificates_specs variable).
Note that the already existing haproxy_stats_certificate still works and
will take precedence if it's set.
bp tls-via-certmonger
Change-Id: Iea65d91648ab13dbe6ec20241a1a7c95ce856e3e
Diffstat (limited to 'spec')
-rw-r--r-- | spec/classes/tripleo_haproxy_stats_spec.rb | 104 |
1 files changed, 104 insertions, 0 deletions
diff --git a/spec/classes/tripleo_haproxy_stats_spec.rb b/spec/classes/tripleo_haproxy_stats_spec.rb new file mode 100644 index 0000000..bad5bf1 --- /dev/null +++ b/spec/classes/tripleo_haproxy_stats_spec.rb @@ -0,0 +1,104 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::haproxy::stats' do + + shared_examples_for 'tripleo::haproxy::stats' do + let :pre_condition do + "Haproxy::Listen { + config_file => '/etc/haproxy.cfg' + }" + end + + context 'with only required parameters' do + let(:params) do + { + :ip => '127.0.0.1', + :haproxy_listen_bind_param => ['transparent'], + } + end + it 'should configure basic stats frontend' do + is_expected.to contain_haproxy__listen('haproxy.stats').with( + :bind => { + "127.0.0.1:1993" => ['transparent'] + }, + :mode => 'http', + :options => { + 'stats' => ['enable', 'uri /'] + }, + :collect_exported => false + ) + end + end + + context 'with auth parameters' do + let(:params) do + { + :ip => '127.0.0.1', + :haproxy_listen_bind_param => ['transparent'], + :user => 'myuser', + :password => 'superdupersecret', + } + end + it 'should configure stats frontend with auth enabled' do + is_expected.to contain_haproxy__listen('haproxy.stats').with( + :bind => { + "127.0.0.1:1993" => ['transparent'] + }, + :mode => 'http', + :options => { + 'stats' => ['enable', 'uri /', 'auth myuser:superdupersecret'] + }, + :collect_exported => false + ) + end + end + + context 'with certificate parameter' do + let(:params) do + { + :ip => '127.0.0.1', + :haproxy_listen_bind_param => ['transparent'], + :certificate => '/path/to/cert', + } + end + it 'should configure stats frontend with TLS enabled' do + is_expected.to contain_haproxy__listen('haproxy.stats').with( + :bind => { + "127.0.0.1:1993" => ['transparent', 'ssl', 'crt', '/path/to/cert'] + }, + :mode => 'http', + :options => { + 'stats' => ['enable', 'uri /'] + }, + :collect_exported => false + ) + end + end + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({}) + end + + it_behaves_like 'tripleo::haproxy::stats' + end + end +end |