Update dns_rfc2136 plugin package handling

ekohl · ekohl · commit a142cad9c2ca · 2019-07-28T17:02:25.000+02:00
This makes it a parameter and updates it for more distributions. Also
fixes the unit tests and adds acceptance tests.
diff --git a/README.md b/README.md
@@ -156,7 +156,7 @@ Example:
 
 ```puppet
 class { 'letsencrypt::plugin::dns_rfc2136':
-  server     => '1.2.3.4',
+  server     => '192.0.2.1',
   key_name   => 'certbot',
   key_secret => '[...]==',
 }
diff --git a/manifests/params.pp b/manifests/params.pp
@@ -21,31 +21,41 @@
     $package_name = 'certbot'
     $package_command = 'certbot'
     $config_dir = '/etc/letsencrypt'
+    $dns_rfc2136_package_name = 'python3-certbot-dns-rfc2136'
   } elsif $facts['osfamily'] == 'RedHat' {
     $install_method = 'package'
     $package_name = 'certbot'
     $package_command = 'certbot'
     $config_dir = '/etc/letsencrypt'
+    if $facts['operatingsystemmajrelease'] == '7' {
+      $dns_rfc2136_package_name = 'python2-certbot-dns-rfc2136'
+    } else {
+      $dns_rfc2136_package_name = 'python3-certbot-dns-rfc2136'
+    }
   } elsif $facts['osfamily'] == 'Gentoo' {
     $install_method = 'package'
     $package_name = 'app-crypt/certbot'
     $package_command = 'certbot'
     $config_dir = '/etc/letsencrypt'
+    $dns_rfc2136_package_name = undef
   } elsif $facts['osfamily'] == 'OpenBSD' {
     $install_method = 'package'
     $package_name = 'certbot'
     $package_command = 'certbot'
     $config_dir = '/etc/letsencrypt'
+    $dns_rfc2136_package_name = undef
   } elsif $facts['osfamily'] == 'FreeBSD' {
     $install_method = 'package'
     $package_name = 'py27-certbot'
     $package_command = 'certbot'
     $config_dir = '/usr/local/etc/letsencrypt'
+    $dns_rfc2136_package_name = undef
   } else {
     $install_method = 'vcs'
     $package_name = 'letsencrypt'
     $package_command = 'letsencrypt'
     $config_dir = '/etc/letsencrypt'
+    $dns_rfc2136_package_name = undef
   }
 
   $config_file = "${config_dir}/cli.ini"
diff --git a/manifests/plugin/dns_rfc2136.pp b/manifests/plugin/dns_rfc2136.pp
@@ -19,22 +19,25 @@
 #   Number of seconds to wait for the DNS server to propagate the DNS-01 challenge.
 # [*manage_package*]
 #   Manage the plugin package.
+# [*package_name*]
+#   The name of the package to install when $manage_package is true.
 # [*config_dir*]
 #   The path to the configuration directory.
 #
 class letsencrypt::plugin::dns_rfc2136 (
   Stdlib::Host $server,
   String[1] $key_name,
   String[1] $key_secret,
-  String[1] $key_algorithm         = $letsencrypt::params::dns_rfc2136_algorithm,
-  Stdlib::Port $port               = $letsencrypt::params::dns_rfc2136_port,
-  Integer $propagation_seconds     = $letsencrypt::params::dns_rfc2136_propagation_seconds,
+  String[1] $key_algorithm         = $letsencrypt::dns_rfc2136_algorithm,
+  Stdlib::Port $port               = $letsencrypt::dns_rfc2136_port,
+  Integer $propagation_seconds     = $letsencrypt::dns_rfc2136_propagation_seconds,
   Stdlib::Absolutepath $config_dir = $letsencrypt::config_dir,
-  Boolean $manage_package          = $letsencrypt::params::dns_rfc2136_manage_package,
+  Boolean $manage_package          = $letsencrypt::dns_rfc2136_manage_package,
+  String $package_name             = $letsencrypt::dns_rfc2136_package_name,
 ) {
 
-  if ($manage_package) {
-    package { 'python2-certbot-dns-rfc2136':
+  if $manage_package {
+    package { $package_name:
       ensure => installed,
     }
   }
diff --git a/spec/acceptance/letsencrypt_plugin_dns_rfc2136_spec.rb b/spec/acceptance/letsencrypt_plugin_dns_rfc2136_spec.rb
@@ -0,0 +1,49 @@
+require 'spec_helper_acceptance'
+
+describe 'letsencrypt::plugin::dns_rfc2136' do
+  supported = case fact('os.family')
+              when 'Debian'
+                # Debian 9 has it in backports, Ubuntu started shipping in Bionic
+                fact('os.release.major') != '9' && fact('os.release.major') != '16.04'
+              when 'RedHat'
+                true
+              else
+                false
+              end
+
+  context 'with defaults values' do
+    pp = <<-PUPPET
+      class { 'letsencrypt' :
+        email  => 'letsregister@example.com',
+        config => {
+          'server' => 'https://acme-staging.api.letsencrypt.org/directory',
+        },
+      }
+      class { 'letsencrypt::plugin::dns_rfc2136':
+        server     => '192.0.2.1',
+        key_name   => 'certbot',
+        key_secret => 'secret',
+      }
+    PUPPET
+
+    if supported
+      it 'installs letsencrypt and dns rfc2136 plugin without error' do
+        apply_manifest(pp, catch_failures: true)
+      end
+      it 'installs letsencrypt and dns rfc2136 idempotently' do
+        apply_manifest(pp, catch_changes: true)
+      end
+
+      describe file('/etc/letsencrypt/dns-rfc2136.ini') do
+        it { is_expected.to be_file }
+        it { is_expected.to be_owned_by 'root' }
+        it { is_expected.to be_grouped_into 'root' }
+        it { is_expected.to be_mode 400 }
+      end
+    else
+      it 'fails to install' do
+        apply_manifest(pp, expect_failures: true)
+      end
+    end
+  end
+end
diff --git a/spec/classes/plugin/dns_rfc2136_spec.rb b/spec/classes/plugin/dns_rfc2136_spec.rb
@@ -2,60 +2,71 @@
 
 describe 'letsencrypt::plugin::dns_rfc2136' do
   on_supported_os.each do |os, facts|
-    let(:facts) do
-      facts
-    end
-
-    let(:params) { default_params.merge(required_params).merge(additional_params) }
-    let(:default_params) do
-      { key_algorithm: 'HMAC-SHA512',
-        port: 53,
-        manage_package: true,
-        config_dir: '/etc/letsencrypt',
-        propagation_seconds: 10 }
-    end
-    let(:required_params) { {} }
-    let(:additional_params) { {} }
-
-    context 'without required parameters' do
-      it { is_expected.not_to compile }
-    end
-
     context "on #{os} based operating systems" do
-      let(:required_params) do
-        { server: '1.2.3.4',
-          key_name: 'certbot',
-          key_secret: 'secret' }
-      end
+      let(:facts) { facts }
+      let(:params) { {} }
       let(:pre_condition) do
-        "class { letsencrypt:
-          email           => 'foo@example.com',
-          config_dir      => '/etc/letsencrypt',
-          package_command => 'letsencrypt',
-        }"
+        <<-PUPPET
+        class { 'letsencrypt':
+          email => 'foo@example.com',
+        }
+        PUPPET
+      end
+      let(:package_name) do
+        case facts[:osfamily]
+        when 'Debian'
+          'python3-certbot-dns-rfc2136'
+        when 'RedHat'
+          facts[:operatingsystem] == 'Fedora' ? 'python3-certbot-dns-rfc2136' : 'python2-certbot-dns-rfc2136'
+        end
       end
 
-      it { is_expected.to compile.with_all_deps }
+      context 'without required parameters' do
+        it { is_expected.not_to compile }
+      end
 
-      describe 'with manage_package => true' do
-        let(:additional_params) { { manage_package: true } }
+      context 'with required parameters' do
+        let(:params) do
+          super().merge(
+            server: '192.0.2.1',
+            key_name: 'certbot',
+            key_secret: 'secret'
+          )
+        end
 
-        it { is_expected.to contain_package('python2-certbot-dns-rfc2136').with_ensure('installed') }
-      end
+        it do
+          if package_name.nil?
+            is_expected.not_to compile
+          else
+            is_expected.to compile.with_all_deps
 
-      describe 'with manage_package => false' do
-        let(:additional_params) { { manage_package: false } }
+            is_expected.to contain_file('/etc/letsencrypt/dns-rfc2136.ini').
+              with_ensure('file').
+              with_owner('root').
+              with_group('root').
+              with_mode('0400').
+              with_content(%r{^.*dns_rfc2136_server.*$})
+          end
+        end
 
-        it { is_expected.not_to contain_package('python2-certbot-dns-rfc2136') }
-      end
+        describe 'with manage_package => true' do
+          let(:params) { super().merge(manage_package: true) }
+
+          it do
+            if package_name.nil?
+              is_expected.not_to compile
+            else
+              is_expected.to contain_class('letsencrypt::plugin::dns_rfc2136').with_package_name(package_name)
+              is_expected.to contain_package(package_name).with_ensure('installed')
+            end
+          end
+        end
+
+        describe 'with manage_package => false' do
+          let(:params) { super().merge(manage_package: false, package_name: 'dns-rfc2136-package') }
 
-      it do
-        is_expected.to contain_file('/etc/letsencrypt/dns-rfc2136.ini').with(
-          ensure: 'file',
-          owner: 'root',
-          group: 'root',
-          mode: '0400'
-        ).with_content(%r{^.*dns_rfc2136_server.*$})
+          it { is_expected.not_to contain_package('dns-rfc2136-package') }
+        end
       end
     end
   end
diff --git a/spec/defines/letsencrypt_certonly_spec.rb b/spec/defines/letsencrypt_certonly_spec.rb
@@ -105,23 +105,20 @@
 
       context 'with dns-rfc2136 plugin' do
         let(:title) { 'foo.example.com' }
-        let(:params) { { plugin: 'dns-rfc2136', letsencrypt_command: "letsencrypt" } }
+        let(:params) { { plugin: 'dns-rfc2136', letsencrypt_command: 'letsencrypt' } }
         let(:pre_condition) do
-          "class { 'letsencrypt':
+          <<-PUPPET
+          class { 'letsencrypt':
             email      => 'foo@example.com',
             config_dir => '/etc/letsencrypt',
-            venv_path  => '/opt/letsencrypt/.venv',
           }
           class { 'letsencrypt::plugin::dns_rfc2136':
-            server              => '1.2.3.4',
-            key_name            => 'certbot',
-            key_secret          => 'secret',
-            key_algorithm       => 'HMAC-SHA512',
-            port                => 53,
-            manage_package      => true,
-            config_dir          => '/etc/letsencrypt',
-            propagation_seconds => 10,
-          }"
+            server         => '192.0.2.1',
+            key_name       => 'certbot',
+            key_secret     => 'secret',
+            package_name   => 'irrelevant',
+          }
+          PUPPET
         end
 
         it { is_expected.to compile.with_all_deps }

Original file line number	Diff line number	Diff line change
`@@ -156,7 +156,7 @@ Example:`
`156`	`156`
`157`	`157`	```puppet
`158`	`158`	`class { 'letsencrypt::plugin::dns_rfc2136':`
`159`		`- server => '1.2.3.4',`
	`159`	`+ server => '192.0.2.1',`
`160`	`160`	`key_name => 'certbot',`
`161`	`161`	`key_secret => '[...]==',`
`162`	`162`	`}`