add some more rspec tests, and fix template

Johan De Wit · Johan De Wit · commit 6849c58fdbe9 · 2024-01-10T17:08:00.000+01:00
diff --git a/manifests/server/config.pp b/manifests/server/config.pp
@@ -129,16 +129,18 @@
     }
 
     # TODO: we kind of use this file to force x509 autehntication in the providers when it exsists
-    #       Open for suugestions how to deal with this
-    if $admin_auth_mechanism == 'x509' {
-      $_ensure = 'present'
+    #       Open for suggestions how to deal with this
+    if $admin_auth_mechanism == 'x509' and $handle_creds {
+      $_ensure = 'file'
     } else {
       $_ensure = 'absent'
     }
 
     file { '/root/.mongosh.yaml':
       ensure  => $_ensure,
-      mode    => '0400',
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0600',
       content => "---\n${admin_username}:\n  tlsCertificateKeyFile: ${admin_tls_key}",
     }
 
diff --git a/spec/classes/repo_spec.rb b/spec/classes/repo_spec.rb
@@ -86,6 +86,16 @@
           it { is_expected.to raise_error(Puppet::Error, %r{not supported}) }
         end
       end
+
+      describe 'with older version' do
+        let :params do
+          {
+            version: '3.0.2'
+          }
+        end
+
+        it { is_expected.to raise_error(Puppet::Error, %r{older than 4.4 are unsupported}) }
+      end
     end
   end
 end
diff --git a/spec/classes/server_spec.rb b/spec/classes/server_spec.rb
@@ -43,6 +43,22 @@
         end
       end
 
+      let(:mongo_user) do
+        if facts[:os]['family'] == 'Debian'
+          'mongodb'
+        else
+          'mongod'
+        end
+      end
+
+      let(:mongo_group) do
+        if facts[:os]['family'] == 'Debian'
+          'mongodb'
+        else
+          'mongod'
+        end
+      end
+
       describe 'with defaults' do
         it_behaves_like 'server classes'
 
@@ -62,6 +78,8 @@
         it { is_expected.not_to contain_file(config_file).with_content(%r{fork}) }
 
         it { is_expected.to contain_file('/root/.mongoshrc.js').with_ensure('file').without_content(%r{db\.auth}) }
+        it { is_expected.to contain_file('/var/lib/mongo').with(ensure: 'directory', mode: '0750', owner: mongo_user, group: mongo_group) }
+
         it { is_expected.not_to contain_exec('fix dbpath permissions') }
       end
 
@@ -264,7 +282,7 @@
       end
 
       describe 'with store_creds' do
-        context 'true' do
+        context 'true with scram_sha_1' do
           let :params do
             {
               admin_username: 'admin',
@@ -284,6 +302,60 @@
           }
         end
 
+        context 'true with scram_sha_256' do
+          let :params do
+            {
+              admin_username: 'admin',
+              admin_password: 'password',
+              admin_auth_mechanism: 'scram_sha_256',
+              admin_update_password: true,
+              auth: true,
+              store_creds: true
+            }
+          end
+
+          it {
+            is_expected.to contain_file('/root/.mongoshrc.js').
+              with_ensure('file').
+              with_owner('root').
+              with_group('root').
+              with_mode('0600').
+              with_content(%r{db\.auth\('admin', 'password'\)})
+          }
+        end
+
+        context 'true with x509' do
+          let :params do
+            {
+              admin_username: 'subject=CN=admin,OU=some,O=company,ST=somewhere,C=EX',
+              admin_auth_mechanism: 'x509',
+              admin_tls_key: '/path/to/key',
+              auth: true,
+              store_creds: true
+            }
+          end
+
+          it {
+            is_expected.to contain_file('/root/.mongoshrc.js').
+              with_ensure('file').
+              with_owner('root').
+              with_group('root').
+              with_mode('0600').
+              with_content(%r{db\.getSiblingDB\('\$external'\)\.auth}).
+              with_content(%r{mechanism: 'MONGODB-X509'})
+          }
+
+          it {
+            is_expected.to contain_file('/root/.mongosh.yaml').
+              with_ensure('file').
+              with_owner('root').
+              with_group('root').
+              with_mode('0600').
+              with_content(%r{^subject=CN=admin,OU=some,O=company,ST=somewhere,C=EX:$}).
+              with_content(%r{tlsCertificateKeyFile: /path/to/key})
+          }
+        end
+
         context 'false' do
           let :params do
             {
diff --git a/templates/mongoshrc.js.erb b/templates/mongoshrc.js.erb
@@ -32,7 +32,8 @@ function authRequired() {
 if (authRequired()) {
   <%- if @replset -%>
   db.getMongo().setReadPref('primaryPreferred')
-    <%- if @admin_auth_mechanism == 'x509' -%>
+  <%- end -%>
+  <%- if @admin_auth_mechanism == 'x509' -%>
   try {
     db.getSiblingDB('$external').auth(
       {
@@ -44,7 +45,7 @@ if (authRequired()) {
     // This isn't catching authentication errors as I'd expect...
     throw(err)
   }
-    <%- else -%>
+  <%- else -%>
   try {
     var prev_db = db.getName()
     db = db.getSiblingDB('admin')
@@ -55,7 +56,6 @@ if (authRequired()) {
     // This isn't catching authentication errors as I'd expect...
     throw(err)
   }
-    <%- end -%>
   <%- end -%>
 }
 <% end -%>
