Skip to content

Commit b1c4e7d

Browse files
committed
fix lint and tests for clientcert value
1 parent 290c3ba commit b1c4e7d

File tree

4 files changed

+30
-35
lines changed

4 files changed

+30
-35
lines changed

manifests/database/postgresql.pp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -117,7 +117,7 @@
117117
postgresql_ssl_cert_path => $postgresql_ssl_cert_path,
118118
postgresql_ssl_ca_cert_path => $postgresql_ssl_ca_cert_path,
119119
postgres_version => $postgres_version,
120-
create_read_user_rule => $create_read_user_rule
120+
create_read_user_rule => $create_read_user_rule,
121121
}
122122
}
123123

spec/defines/database/postgresql_ssl_rules_spec.rb

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,11 +6,28 @@
66
'puppetdb-read': {
77
database_name: 'puppetdb',
88
database_username: 'monitor',
9+
postgres_version: '11',
910
puppetdb_server: 'localhost',
1011
},
1112
'monitor': {
1213
database_name: 'opensesame',
1314
database_username: 'grover',
15+
postgres_version: '11',
16+
puppetdb_server: 'rainbow',
17+
},
18+
}
19+
20+
valid_12plus = {
21+
'puppetdb-read': {
22+
database_name: 'puppetdb',
23+
database_username: 'monitor',
24+
postgres_version: '12',
25+
puppetdb_server: 'localhost',
26+
},
27+
'monitor': {
28+
database_name: 'opensesame',
29+
database_username: 'grover',
30+
postgres_version: '12',
1431
puppetdb_server: 'rainbow',
1532
},
1633
}
@@ -34,6 +51,15 @@
3451
end
3552
end
3653

54+
valid_12plus.each do |name, params|
55+
context "for valid_12plus #{name}" do
56+
include_examples 'puppetdb::database::postgresql_ssl_rules' do
57+
let(:title) { name.to_s }
58+
let(:params) { params }
59+
end
60+
end
61+
end
62+
3763
invalid.each do |name, params|
3864
context "for invalid #{name}" do
3965
include_examples 'puppetdb::database::postgresql_ssl_rules', Puppet::Error do

spec/support/unit/shared/database.rb

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -227,6 +227,7 @@
227227
it { is_expected.to raise_error(error) }
228228
else
229229
let(:identity_map_key) { "#{with[:database_name]}-#{with[:database_username]}-map" }
230+
let(:client_cert) { (with[:postgres_version].to_f >= 12.0) ? 'verify-full' : '1' }
230231

231232
it { is_expected.to contain_puppetdb__database__postgresql_ssl_rules(name).with(with) }
232233

@@ -239,7 +240,7 @@
239240
address: '0.0.0.0/0',
240241
auth_method: 'cert',
241242
order: 0,
242-
auth_option: "map=#{identity_map_key} clientcert=1",
243+
auth_option: "map=#{identity_map_key} clientcert=#{client_cert}",
243244
)
244245
}
245246

@@ -252,7 +253,7 @@
252253
address: '::0/0',
253254
auth_method: 'cert',
254255
order: 0,
255-
auth_option: "map=#{identity_map_key} clientcert=1",
256+
auth_option: "map=#{identity_map_key} clientcert=#{client_cert}",
256257
)
257258
}
258259

spec/unit/classes/database/ssl_configuration_spec.rb

Lines changed: 0 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -110,37 +110,5 @@
110110
end
111111
end
112112
end
113-
114-
context 'when the specified Postgresql version is 12 or later' do
115-
let(:params) do
116-
{
117-
database_name: 'puppetdb',
118-
database_username: 'puppetdb',
119-
postgres_version: '12'
120-
}
121-
end
122-
123-
it 'has hba rule for puppetdb user ipv4' do
124-
is_expected.to contain_postgresql__server__pg_hba_rule("Allow certificate mapped connections to #{params[:database_name]} as #{params[:database_username]} (ipv4)")
125-
.with_type('hostssl')
126-
.with_database(params[:database_name])
127-
.with_user(params[:database_username])
128-
.with_address('0.0.0.0/0')
129-
.with_auth_method('cert')
130-
.with_order(0)
131-
.with_auth_option("map=#{identity_map} clientcert=verify-full")
132-
end
133-
134-
it 'has hba rule for puppetdb user ipv6' do
135-
is_expected.to contain_postgresql__server__pg_hba_rule("Allow certificate mapped connections to #{params[:database_name]} as #{params[:database_username]} (ipv6)")
136-
.with_type('hostssl')
137-
.with_database(params[:database_name])
138-
.with_user(params[:database_username])
139-
.with_address('::0/0')
140-
.with_auth_method('cert')
141-
.with_order(0)
142-
.with_auth_option("map=#{identity_map} clientcert=verify-full")
143-
end
144-
end
145113
end
146114
end

0 commit comments

Comments
 (0)