diff --git a/manifests/module.pp b/manifests/module.pp index 1d5791f7..41e37ad2 100644 --- a/manifests/module.pp +++ b/manifests/module.pp @@ -62,33 +62,36 @@ icingaweb2::assert_module() $conf_dir = $icingaweb2::globals::conf_dir + $state_dir = $icingaweb2::globals::state_dir $conf_user = $icingaweb2::conf_user $conf_group = $icingaweb2::conf_group - File { - owner => $conf_user, - group => $conf_group, - } - $enable_module = if $ensure == 'present' { 'link' } else { 'absent' } - file { "${conf_dir}/enabledModules/${module}": - ensure => $enable_module, - target => $module_dir, - } - - file { "${conf_dir}/modules/${module}": - ensure => directory, - mode => '2770', + file { + default: + owner => $conf_user, + group => $conf_group, + ; + "${conf_dir}/enabledModules/${module}": + ensure => $enable_module, + target => $module_dir, + ; + ["${conf_dir}/modules/${module}", "${state_dir}/${module}"]: + ensure => directory, + owner => 'root', + mode => '2770', + ; } create_resources('icingaweb2::inisection', $settings) case $install_method { + 'none': {} 'git': { vcsrepo { $module_dir: ensure => present, @@ -97,7 +100,6 @@ revision => $git_revision, } } - 'none': {} 'package': { package { $package_name: ensure => installed, diff --git a/manifests/module/icingadb.pp b/manifests/module/icingadb.pp index 7c39cadf..8baa9b8e 100644 --- a/manifests/module/icingadb.pp +++ b/manifests/module/icingadb.pp @@ -155,13 +155,15 @@ ) { icingaweb2::assert_module() - $conf_dir = $icingaweb2::globals::conf_dir - $module_conf_dir = "${conf_dir}/modules/icingadb" + $module_conf_dir = "${icingaweb2::globals::conf_dir}/modules/icingadb" + $cert_dir = "${icingaweb2::globals::state_dir}/icingadb/certs" + $conf_user = $icingaweb2::conf_user + $conf_group = $icingaweb2::conf_group if $redis_use_tls { - $redis_tls_files = icingaweb2::cert::files( + $redis_tls_files = icinga::cert::files( 'redis', - $module_conf_dir, + $cert_dir, $redis_tls_key_file, $redis_tls_cert_file, $redis_tls_cacert_file, @@ -175,7 +177,7 @@ key => $redis_tls_files['key_file'], ca => $redis_tls_files['cacert_file'], }) - icingaweb2::tls::client { 'icingaweb2::module::icingadb redis client tls config': + icinga::cert { 'icingaweb2::module::icingadb redis client tls config': args => $redis_tls_files, } } else { @@ -215,23 +217,28 @@ }, } - $db_tls = delete($icingaweb2::config::tls, ['key', 'cert', 'cacert']) + delete_undef_values(icingaweb2::cert::files( - 'client', - $module_conf_dir, + $db_tls = delete_undef_values(icinga::cert::files( + $db_username, + $cert_dir, $db_tls_key_file, $db_tls_cert_file, $db_tls_cacert_file, $db_tls_key, $db_tls_cert, $db_tls_cacert, - ), { - capath => $db_tls_capath, - noverify => $db_tls_noverify, - cipher => $db_tls_cipher, - }) + )) - icingaweb2::tls::client { 'icingaweb2::module::icingadb tls client config': - args => $db_tls, + file { $cert_dir: + ensure => directory, + owner => 'root', + group => $conf_group, + mode => '2770', + } + + icinga::cert { 'icingaweb2::module::icingadb tls client config': + owner => $conf_user, + group => $conf_group, + args => $db_tls, } icingaweb2::resource::database { 'icingaweb2-module-icingadb': @@ -243,12 +250,12 @@ password => $db_password, charset => $db_charset, use_tls => $db_use_tls, - tls_noverify => $db_tls['noverify'], + tls_noverify => unless $db_tls_noverify { $icingaweb2::config::tls['noverify'] } else { $db_tls_noverify }, tls_key => $db_tls['key_file'], tls_cert => $db_tls['cert_file'], - tls_cacert => $db_tls['cacert_file'], - tls_capath => $db_tls['capath'], - tls_cipher => $db_tls['cipher'], + tls_cacert => unless $db_tls_cacert_file { $icingaweb2::config::tls['cacert_file'] } else { $db_tls_cacert_file }, + tls_capath => unless $db_tls_capath { $icingaweb2::config::tls['capath'] } else { $db_tls_capath }, + tls_cipher => unless $db_tls_cipher { $icingaweb2::config::tls['cipher'] } else { $db_tls_cipher }, } create_resources('icingaweb2::module::icingadb::commandtransport', $commandtransports) diff --git a/metadata.json b/metadata.json index 7498f8f0..913707f2 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "icinga-icingaweb2", - "version": "3.9.1", + "version": "4.0.0", "author": "Icinga Team", "summary": "Icinga Web 2 Puppet Module", "license": "Apache-2.0", @@ -18,7 +18,7 @@ }, { "name": "icinga/icinga", - "version_requirement": ">= 2.1.0 < 5.0.0" + "version_requirement": ">= 2.9.0 < 5.0.0" }, { "name": "puppetlabs/vcsrepo", diff --git a/spec/classes/icingaweb2_spec.rb b/spec/classes/icingaweb2_spec.rb index 2d42ee2b..0b331533 100644 --- a/spec/classes/icingaweb2_spec.rb +++ b/spec/classes/icingaweb2_spec.rb @@ -131,7 +131,7 @@ end context "with db_type 'mysql', import_schema 'true'" do - let(:params) {{ import_schema: true, db_type: 'mysql' }} + let(:params) { { import_schema: true, db_type: 'mysql' } } it { is_expected.to contain_icingaweb2__resource__database('mysql-icingaweb2') } it { is_expected.to contain_icingaweb2__config__authmethod('mysql-auth') } @@ -141,7 +141,7 @@ end context "with db_type 'pgsql', import_schema 'true'" do - let(:params) {{ import_schema: true, db_type: 'pgsql' }} + let(:params) { { import_schema: true, db_type: 'pgsql' } } it { is_expected.to contain_icingaweb2__resource__database('pgsql-icingaweb2') } it { is_expected.to contain_icingaweb2__config__authmethod('pgsql-auth') } @@ -151,7 +151,7 @@ end context 'with import_schema => true and admin_role => false' do - let(:params) {{ import_schema: true, db_type: 'mysql', admin_role: false }} + let(:params) { { import_schema: true, db_type: 'mysql', admin_role: false } } it { is_expected.not_to contain_icingaweb2__config__role('default admin user') } end diff --git a/spec/classes/icingadb_spec.rb b/spec/classes/modules/icingadb_spec.rb similarity index 64% rename from spec/classes/icingadb_spec.rb rename to spec/classes/modules/icingadb_spec.rb index 031d6200..06877b7a 100644 --- a/spec/classes/icingadb_spec.rb +++ b/spec/classes/modules/icingadb_spec.rb @@ -1,12 +1,6 @@ require 'spec_helper' describe('icingaweb2::module::icingadb', type: :class) do - let(:pre_condition) do - [ - "class { 'icingaweb2': db_type => 'mysql' }", - ] - end - on_supported_os.each do |os, facts| context "on #{os}" do let :facts do @@ -14,6 +8,12 @@ end context "#{os} with local MySQL and Redis" do + let(:pre_condition) do + [ + "class { 'icingaweb2': db_type => 'mysql' }", + ] + end + let(:params) do { db_type: 'mysql', @@ -71,6 +71,12 @@ end context "#{os} with local PostgreSQL and Redis" do + let(:pre_condition) do + [ + "class { 'icingaweb2': db_type => 'mysql' }", + ] + end + let(:params) do { db_type: 'pgsql', @@ -126,6 +132,74 @@ ) } end + + context "#{os} with db_use_tls 'true'" do + let(:pre_condition) do + [ + "class { 'icingaweb2': db_type => 'mysql', tls_cacert_file => '/foo/bar', tls_capath => '/foo/bar', tls_noverify => true, tls_cipher => 'cipher' }", + ] + end + + let(:params) do + { + db_type: 'mysql', + db_use_tls: true, + } + end + + it { + is_expected.to contain_icingaweb2__resource__database('icingaweb2-module-icingadb').with( + { + 'type' => 'mysql', + 'host' => 'localhost', + 'port' => 3306, + 'database' => 'icingadb', + 'username' => 'icingadb', + 'use_tls' => true, + 'tls_cacert' => '/foo/bar', + 'tls_capath' => '/foo/bar', + 'tls_noverify' => true, + 'tls_cipher' => 'cipher', + }, + ) + } + end + + context "#{os} with db_use_tls 'true', db_tls_cacert 'cacert', db_tls_capath '/foo/bar', db_tls_noverify 'true', db_tls_cipher 'cipher'" do + let(:pre_condition) do + [ + "class { 'icingaweb2': db_type => 'pgsql' }", + ] + end + + let(:params) do + { + db_type: 'pgsql', + db_use_tls: true, + db_tls_cacert_file: '/foo/bar', + db_tls_capath: '/foo/bar', + db_tls_noverify: true, + db_tls_cipher: 'cipher', + } + end + + it { + is_expected.to contain_icingaweb2__resource__database('icingaweb2-module-icingadb').with( + { + 'type' => 'pgsql', + 'host' => 'localhost', + 'port' => 5432, + 'database' => 'icingadb', + 'username' => 'icingadb', + 'use_tls' => true, + 'tls_cacert' => '/foo/bar', + 'tls_capath' => '/foo/bar', + 'tls_noverify' => true, + 'tls_cipher' => 'cipher', + }, + ) + } + end end end end diff --git a/spec/defines/module_spec.rb b/spec/defines/module_spec.rb index 78a7b91f..3524cf14 100644 --- a/spec/defines/module_spec.rb +++ b/spec/defines/module_spec.rb @@ -4,7 +4,7 @@ let(:title) { 'mymodule' } let(:pre_condition) do [ - "class { 'icingaweb2': db_type => 'mysql', db_password => 'secret' }", + "class { 'icingaweb2': db_type => 'mysql', conf_user => 'foobaz' }", ] end @@ -16,16 +16,36 @@ context "#{os} with install_method 'none'" do let(:params) do - { module: 'foo', + { + module: 'foo', module_dir: '/usr/local/icingaweb2-modules/foo', install_method: 'none', - settings: { 'section1' => { 'target' => '/foo/bar', 'settings' => { 'setting1' => 'value1', 'setting2' => 'value2' } } } } + settings: { 'section1' => { 'target' => '/foo/bar', 'settings' => { 'setting1' => 'value1', 'setting2' => 'value2' } } } + } end - it { is_expected.to contain_file('/etc/icingaweb2/enabledModules') } - it { is_expected.to contain_file('/etc/icingaweb2/enabledModules/foo') } - it { is_expected.to contain_file('/etc/icingaweb2/modules') } - it { is_expected.to contain_file('/etc/icingaweb2/modules/foo') } + it { + is_expected.to contain_file('/etc/icingaweb2/enabledModules/foo') + .with_ensure('link') + .with_owner('foobaz') + .with_group('icingaweb2') + } + + it { + is_expected.to contain_file('/etc/icingaweb2/modules/foo') + .with_ensure('directory') + .with_mode('2770') + .with_owner('root') + .with_group('icingaweb2') + } + + it { + is_expected.to contain_file('/var/lib/icingaweb2/foo') + .with_ensure('directory') + .with_mode('2770') + .with_owner('root') + .with_group('icingaweb2') + } it { is_expected.to contain_icingaweb2__inisection('section1') @@ -39,26 +59,14 @@ { module: 'foo', module_dir: '/usr/local/icingaweb2-modules/foo', git_repository: 'https://github.com/icinga/foo.git', - git_revision: 'master', - settings: { 'section1' => { 'target' => '/foo/bar', 'settings' => { 'setting1' => 'value1', 'setting2' => 'value2' } } } } + git_revision: 'main' } end - it { is_expected.to contain_file('/etc/icingaweb2/enabledModules') } - it { is_expected.to contain_file('/etc/icingaweb2/enabledModules/foo') } - it { is_expected.to contain_file('/etc/icingaweb2/modules') } - it { is_expected.to contain_file('/etc/icingaweb2/modules/foo') } - it { is_expected.to contain_vcsrepo('/usr/local/icingaweb2-modules/foo') .with_provider('git') .with_source('https://github.com/icinga/foo.git') - .with_revision('master') - } - - it { - is_expected.to contain_icingaweb2__inisection('section1') - .with_target('/foo/bar') - .with_settings('setting1' => 'value1', 'setting2' => 'value2') + .with_revision('main') } end @@ -67,32 +75,10 @@ { module: 'foo', module_dir: '/usr/local/icingaweb2-modules/foo', install_method: 'package', - package_name: 'foo', - settings: { 'section1' => { 'target' => '/foo/bar', 'settings' => { 'setting1' => 'value1', 'setting2' => 'value2' } } } } + package_name: 'foo' } end - it { is_expected.to contain_file('/etc/icingaweb2/enabledModules') } - it { is_expected.to contain_file('/etc/icingaweb2/enabledModules/foo') } - it { is_expected.to contain_file('/etc/icingaweb2/modules') } - it { is_expected.to contain_file('/etc/icingaweb2/modules/foo') } - it { is_expected.to contain_package('foo').with('ensure' => 'installed') } - - it { - is_expected.to contain_icingaweb2__inisection('section1') - .with_target('/foo/bar') - .with_settings('setting1' => 'value1', 'setting2' => 'value2') - } - end - - context "#{os} with invalid installation_method" do - let(:params) do - { module: 'foor', - module_dir: '/usr/local/icingaweb2-modules/foo', - install_method: 'foobar' } - end - - it { is_expected.to raise_error(Puppet::Error, %r{expects a match for Enum\['git', 'none', 'package'\]}) } end context "#{os} with ensure => absent" do @@ -100,20 +86,10 @@ { module: 'foo', ensure: 'absent', module_dir: '/usr/local/icingaweb2-modules/foo', - install_method: 'none', - settings: { 'section1' => { 'target' => '/foo/bar', 'settings' => { 'setting1' => 'value1', 'setting2' => 'value2' } } } } + install_method: 'none' } end - it { is_expected.to contain_file('/etc/icingaweb2/enabledModules') } it { is_expected.to contain_file('/etc/icingaweb2/enabledModules/foo').with_ensure('absent') } - it { is_expected.to contain_file('/etc/icingaweb2/modules') } - it { is_expected.to contain_file('/etc/icingaweb2/modules/foo') } - - it { - is_expected.to contain_icingaweb2__inisection('section1') - .with_target('/foo/bar') - .with_settings('setting1' => 'value1', 'setting2' => 'value2') - } end end end