From e51e79692032d2cf8c6092e86c5a28a0e7f1832d Mon Sep 17 00:00:00 2001 From: Juan Antonio Osorio Robles Date: Thu, 29 Jun 2017 15:03:11 +0300 Subject: Enable TLS for the HAProxy stats interface This creates a new class for the stats interface and furtherly configures it to also use the certificates that are provided by certmonger (via the internal_certificates_specs variable). Note that the already existing haproxy_stats_certificate still works and will take precedence if it's set. bp tls-via-certmonger Change-Id: Iea65d91648ab13dbe6ec20241a1a7c95ce856e3e --- spec/classes/tripleo_haproxy_stats_spec.rb | 104 +++++++++++++++++++++++++++++ 1 file changed, 104 insertions(+) create mode 100644 spec/classes/tripleo_haproxy_stats_spec.rb (limited to 'spec/classes/tripleo_haproxy_stats_spec.rb') diff --git a/spec/classes/tripleo_haproxy_stats_spec.rb b/spec/classes/tripleo_haproxy_stats_spec.rb new file mode 100644 index 0000000..bad5bf1 --- /dev/null +++ b/spec/classes/tripleo_haproxy_stats_spec.rb @@ -0,0 +1,104 @@ +# +# Copyright (C) 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::haproxy::stats' do + + shared_examples_for 'tripleo::haproxy::stats' do + let :pre_condition do + "Haproxy::Listen { + config_file => '/etc/haproxy.cfg' + }" + end + + context 'with only required parameters' do + let(:params) do + { + :ip => '127.0.0.1', + :haproxy_listen_bind_param => ['transparent'], + } + end + it 'should configure basic stats frontend' do + is_expected.to contain_haproxy__listen('haproxy.stats').with( + :bind => { + "127.0.0.1:1993" => ['transparent'] + }, + :mode => 'http', + :options => { + 'stats' => ['enable', 'uri /'] + }, + :collect_exported => false + ) + end + end + + context 'with auth parameters' do + let(:params) do + { + :ip => '127.0.0.1', + :haproxy_listen_bind_param => ['transparent'], + :user => 'myuser', + :password => 'superdupersecret', + } + end + it 'should configure stats frontend with auth enabled' do + is_expected.to contain_haproxy__listen('haproxy.stats').with( + :bind => { + "127.0.0.1:1993" => ['transparent'] + }, + :mode => 'http', + :options => { + 'stats' => ['enable', 'uri /', 'auth myuser:superdupersecret'] + }, + :collect_exported => false + ) + end + end + + context 'with certificate parameter' do + let(:params) do + { + :ip => '127.0.0.1', + :haproxy_listen_bind_param => ['transparent'], + :certificate => '/path/to/cert', + } + end + it 'should configure stats frontend with TLS enabled' do + is_expected.to contain_haproxy__listen('haproxy.stats').with( + :bind => { + "127.0.0.1:1993" => ['transparent', 'ssl', 'crt', '/path/to/cert'] + }, + :mode => 'http', + :options => { + 'stats' => ['enable', 'uri /'] + }, + :collect_exported => false + ) + end + end + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({}) + end + + it_behaves_like 'tripleo::haproxy::stats' + end + end +end -- cgit 1.2.3-korg