From 83ac37b1f247c1dc01434cf3774b18a19a0aebf3 Mon Sep 17 00:00:00 2001 From: Matthew Alexander LaChance Date: Mon, 4 Nov 2024 17:10:23 -0500 Subject: [PATCH] Fix linting --- .github/workflows/ci.yml | 2 +- .rubocop.yml | 34 +++ Gemfile | 1 + Gemfile.lock | 3 + docker-compose.test.yml | 2 +- manifests/local_storage_volume.pp | 12 +- manifests/log.pp | 4 +- manifests/profile/apache/auth_openidc.pp | 4 +- manifests/profile/apache/authz_umichlib.pp | 10 +- manifests/profile/apt.pp | 4 +- manifests/profile/apt/mono.pp | 4 +- manifests/profile/bolt.pp | 26 +- manifests/profile/certbot_cloudflare.pp | 46 +-- manifests/profile/certbot_route53.pp | 48 ++-- manifests/profile/containerd.pp | 8 +- manifests/profile/fulcrum/app.pp | 10 +- manifests/profile/github_pull_account.pp | 26 +- manifests/profile/haproxy.pp | 2 +- manifests/profile/hathitrust/apache/babel.pp | 2 +- manifests/profile/hathitrust/solr6.pp | 58 ++-- manifests/profile/hathitrust/solr6/catalog.pp | 34 +-- manifests/profile/hathitrust/solr6/classic.pp | 4 +- manifests/profile/hathitrust/solr6/lss.pp | 46 +-- manifests/profile/http_fileserver.pp | 8 +- manifests/profile/kubelet.pp | 56 ++-- .../kubernetes/bootstrap/etcd_config.pp | 12 +- manifests/profile/kubernetes/dns_server.pp | 2 +- manifests/profile/kubernetes/etcdctl.pp | 12 +- manifests/profile/kubernetes/kubelet.pp | 8 +- manifests/profile/logrotate.pp | 4 +- manifests/profile/loki.pp | 4 +- manifests/profile/networking/firewall/http.pp | 2 +- manifests/profile/openjdk_java.pp | 2 +- manifests/profile/prometheus.pp | 40 +-- manifests/profile/prometheus/exporter/ipmi.pp | 20 +- manifests/profile/prometheus/exporter/node.pp | 4 +- manifests/profile/solr.pp | 4 +- manifests/profile/tsm.pp | 4 +- manifests/profile/www_lib/apache/base.pp | 11 +- manifests/profile/www_lib/apache/fulcrum.pp | 4 +- manifests/profile/www_lib/php.pp | 12 +- manifests/profile/www_lib/vhosts/apps_lib.pp | 44 +-- manifests/profile/www_lib/vhosts/datamart.pp | 24 +- manifests/profile/www_lib/vhosts/deepblue.pp | 32 +-- manifests/profile/www_lib/vhosts/staff_lib.pp | 48 ++-- manifests/profile/www_lib/vhosts/www_lib.pp | 10 +- manifests/resolv_conf.pp | 2 +- manifests/role/fulcrum/standalone.pp | 2 +- manifests/role/umich_mailserver.pp | 6 +- spec/classes/all_roles_1_spec.rb | 4 +- spec/classes/all_roles_2_spec.rb | 4 +- spec/classes/all_roles_3_spec.rb | 4 +- spec/classes/all_roles_4_spec.rb | 4 +- spec/classes/all_roles_5_spec.rb | 4 +- spec/classes/all_roles_spec.rb | 5 +- spec/classes/profile/afs_spec.rb | 20 +- .../classes/profile/alma_integrations_spec.rb | 6 +- spec/classes/profile/apt/mono_spec.rb | 30 +- spec/classes/profile/apt_spec.rb | 76 ++--- spec/classes/profile/authorized_keys_spec.rb | 4 +- spec/classes/profile/aws/filesystem_spec.rb | 12 +- spec/classes/profile/base_spec.rb | 47 +-- .../profile/certbot_cloudflare_spec.rb | 206 +++++++------- spec/classes/profile/certbot_route53_spec.rb | 216 +++++++------- spec/classes/profile/containerd_spec.rb | 8 +- spec/classes/profile/cron_runner_spec.rb | 10 +- spec/classes/profile/dns/aws_spec.rb | 3 +- spec/classes/profile/dns/smartconnect_spec.rb | 31 +- spec/classes/profile/dns/standard_spec.rb | 15 +- spec/classes/profile/docker_spec.rb | 12 +- spec/classes/profile/duo_spec.rb | 6 +- .../elastic/filebeat/configs/ulib_spec.rb | 10 +- spec/classes/profile/elastic/filebeat_spec.rb | 6 +- .../profile/elastic/metricbeat_spec.rb | 8 +- spec/classes/profile/elastic_spec.rb | 12 +- spec/classes/profile/exim4_spec.rb | 18 +- spec/classes/profile/falcon_spec.rb | 4 +- spec/classes/profile/fulcrum/base_spec.rb | 18 +- .../classes/profile/fulcrum/logrotate_spec.rb | 2 +- spec/classes/profile/grub_spec.rb | 12 +- spec/classes/profile/haproxy_spec.rb | 89 +++--- .../profile/hathitrust/apache/babel_spec.rb | 41 +-- .../classes/profile/hathitrust/apache_spec.rb | 40 +-- .../profile/hathitrust/babel_logs_spec.rb | 6 +- .../profile/hathitrust/cron/catalog_spec.rb | 5 +- .../profile/hathitrust/cron/mdp_misc_spec.rb | 5 +- spec/classes/profile/hathitrust/hosts_spec.rb | 10 +- .../classes/profile/hathitrust/mounts_spec.rb | 3 +- .../profile/hathitrust/solr6/catalog_spec.rb | 67 +++-- .../profile/hathitrust/solr6/classic_spec.rb | 1 + .../profile/hathitrust/solr6/lss_spec.rb | 77 +++-- spec/classes/profile/hathitrust/solr6_spec.rb | 13 +- spec/classes/profile/http_fileserver_spec.rb | 42 +-- spec/classes/profile/https_to_port_spec.rb | 26 +- spec/classes/profile/imagemagick_spec.rb | 2 +- .../profile/known_host_public_keys_spec.rb | 36 +-- spec/classes/profile/krb5_spec.rb | 6 +- spec/classes/profile/kubelet_spec.rb | 125 ++++---- spec/classes/profile/kubernetes/apt_spec.rb | 18 +- .../kubernetes/bootstrap/destination_spec.rb | 4 +- .../kubernetes/bootstrap/etcd_config_spec.rb | 14 +- .../kubernetes/bootstrap/source_spec.rb | 8 +- .../profile/kubernetes/bootstrap/user_spec.rb | 6 +- .../kubernetes/destination_port_spec.rb | 6 +- .../profile/kubernetes/dns_client_spec.rb | 30 +- .../profile/kubernetes/dns_server_spec.rb | 24 +- .../profile/kubernetes/etcdctl_spec.rb | 16 +- .../profile/kubernetes/filesystems_spec.rb | 8 +- .../profile/kubernetes/haproxy_spec.rb | 30 +- .../profile/kubernetes/keepalived_spec.rb | 34 +-- .../profile/kubernetes/kubeadm_spec.rb | 6 +- .../profile/kubernetes/kubectl_spec.rb | 6 +- .../profile/kubernetes/kubelet_spec.rb | 16 +- .../profile/kubernetes/prometheus_spec.rb | 2 +- .../classes/profile/kubernetes/router_spec.rb | 12 +- spec/classes/profile/logrotate_spec.rb | 6 +- spec/classes/profile/loki_spec.rb | 30 +- .../profile/managed_known_hosts_spec.rb | 2 +- spec/classes/profile/monitor_pl_spec.rb | 23 +- .../profile/networking/firewall/ssh_spec.rb | 6 +- .../profile/networking/firewall_spec.rb | 24 +- .../classes/profile/networking/keytab_spec.rb | 4 +- .../profile/networking/private_spec.rb | 6 +- .../networking/sshd_group_mask_spec.rb | 2 +- spec/classes/profile/networking/sshd_spec.rb | 20 +- .../classes/profile/networking/sysctl_spec.rb | 2 +- spec/classes/profile/networking_spec.rb | 2 +- spec/classes/profile/ntp_spec.rb | 4 +- .../prometheus/exporter/haproxy_spec.rb | 8 +- .../profile/prometheus/exporter/ipmi_spec.rb | 268 +++++++++--------- .../profile/prometheus/exporter/mysql_spec.rb | 6 +- .../profile/prometheus/exporter/node_spec.rb | 102 +++---- spec/classes/profile/prometheus_spec.rb | 106 +++---- spec/classes/profile/puppet/db_spec.rb | 2 +- spec/classes/profile/puppet/master_spec.rb | 24 +- .../profile/puppet/master_with_db_spec.rb | 4 +- .../profile/root_ssh_private_keys_spec.rb | 14 +- spec/classes/profile/ruby_spec.rb | 12 +- spec/classes/profile/solr_spec.rb | 6 +- spec/classes/profile/tsm_spec.rb | 14 +- .../profile/unattended_upgrades_spec.rb | 4 +- spec/classes/profile/unison_spec.rb | 12 +- spec/classes/profile/users_spec.rb | 6 +- spec/classes/profile/vim_spec.rb | 4 +- spec/classes/profile/vmhost/host_spec.rb | 26 +- spec/classes/profile/www_lib/cron_spec.rb | 6 +- .../register_for_load_balancing_spec.rb | 2 +- spec/classes/resolv_conf_spec.rb | 37 ++- spec/classes/role/fulcrum_www_and_app_spec.rb | 6 +- .../role/hathitrust/solr/catalog_spec.rb | 1 + spec/classes/role/hathitrust/solr/lss_spec.rb | 1 + spec/classes/role/hathitrust_spec.rb | 3 +- .../role/htvm_global_primary_webhost_spec.rb | 2 +- spec/classes/role/htvm_webhost_spec.rb | 16 +- spec/classes/role/kubernetes_spec.rb | 18 +- spec/classes/role/load_balancer_spec.rb | 4 +- spec/classes/role/www_lib_vm_spec.rb | 50 ++-- spec/defines/authzd_user_spec.rb | 12 +- spec/defines/cert_spec.rb | 16 +- spec/defines/cifs_mount_spec.rb | 10 +- spec/defines/exposed_port_spec.rb | 10 +- spec/defines/file/ssh_keys_spec.rb | 16 +- spec/defines/firewall_allow_spec.rb | 10 +- spec/defines/haproxy_binding_spec.rb | 18 +- spec/defines/haproxy_service_spec.rb | 86 +++--- spec/defines/log_spec.rb | 25 +- spec/defines/unison_client_spec.rb | 8 +- spec/defines/unison_server_spec.rb | 4 +- spec/defines/virtual_machine_spec.rb | 64 ++--- spec/functions/fact_for_spec.rb | 8 +- spec/functions/is_publicly_accessible_spec.rb | 8 +- spec/functions/nodes_for_class_spec.rb | 16 +- 172 files changed, 1866 insertions(+), 1758 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ecf205a6c..a7f5a3176 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -13,5 +13,5 @@ jobs: - name: Run tests run: | docker compose --file docker-compose.test.yml build + docker compose --file docker-compose.test.yml run lint docker compose --file docker-compose.test.yml run specs -# docker compose --file docker-compose.test.yml run lint diff --git a/.rubocop.yml b/.rubocop.yml index cf3438a1f..f7f51e2e0 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -118,3 +118,37 @@ RSpec/NamedSubject: Enabled: false # would love to enable, but rspec-puppet plays by its own rules Style/NumericLiterals: Enabled: false # all our long numbers are ports, and 8080 should not look like 8_080 +Lint/DuplicateBranch: # (new in 1.3) + Enabled: false +Lint/DuplicateRegexpCharacterClassElement: # (new in 1.1) + Enabled: false +Lint/EmptyBlock: # (new in 1.1) + Enabled: false +Lint/EmptyClass: # (new in 1.3) + Enabled: false +Lint/NoReturnInBeginEndBlocks: # (new in 1.2) + Enabled: false +Lint/ToEnumArguments: # (new in 1.1) + Enabled: false +Lint/UnexpectedBlockArity: # (new in 1.5) + Enabled: false +Lint/UnmodifiedReduceAccumulator: # (new in 1.1) + Enabled: false +Style/ArgumentsForwarding: # (new in 1.1) + Enabled: false +Style/CollectionCompact: # (new in 1.2) + Enabled: false +Style/DocumentDynamicEvalDefinition: # (new in 1.1) + Enabled: false +Style/NegatedIfElseCondition: # (new in 1.2) + Enabled: false +Style/NilLambda: # (new in 1.3) + Enabled: false +Style/RedundantArgument: # (new in 1.4) + Enabled: false +Style/SwapValues: # (new in 1.1) + Enabled: false +RSpec/MultipleMemoizedHelpers: + Max: 15 +Naming/VariableNumber: + EnforcedStyle: snake_case diff --git a/Gemfile b/Gemfile index b4c90fc5f..0347bd5f9 100644 --- a/Gemfile +++ b/Gemfile @@ -9,6 +9,7 @@ group :development do gem "puppet-module-posix-default-r#{minor_version}", require: false, platforms: [:ruby] gem "puppet-module-posix-dev-r#{minor_version}", require: false, platforms: [:ruby] gem "rspec-puppet-utils" + gem "rubocop-rake" gem "faker" gem "parallel_tests" gem "librarian-puppet" diff --git a/Gemfile.lock b/Gemfile.lock index b6d233345..e45cfdc3b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -244,6 +244,8 @@ GEM rubocop-performance (1.9.1) rubocop (>= 0.90.0, < 2.0) rubocop-ast (>= 0.4.0) + rubocop-rake (0.6.0) + rubocop (~> 1.0) rubocop-rspec (2.0.1) rubocop (~> 1.0) rubocop-ast (>= 1.1.0) @@ -301,6 +303,7 @@ DEPENDENCIES puppet-strings rake (>= 13.0.6) rspec-puppet-utils + rubocop-rake semantic_puppet yard (>= 0.9.36) diff --git a/docker-compose.test.yml b/docker-compose.test.yml index 3894df1cf..52b3849b3 100644 --- a/docker-compose.test.yml +++ b/docker-compose.test.yml @@ -9,7 +9,7 @@ services: command: - /bin/bash - '-c' - - 'bundle exec rake rubocop && bundle exec rake syntax lint && bundle exec rake metadata_lint' + - 'bundle exec rubocop ''spec/{aliases,classes,defines,functions,hosts,integration,plans,tasks,type_aliases,types,unit}/**/*_spec.rb'' && bundle exec rake syntax lint && bundle exec rake metadata_lint' librarian: build: . diff --git a/manifests/local_storage_volume.pp b/manifests/local_storage_volume.pp index de0f0f57e..6cd3b2e1f 100644 --- a/manifests/local_storage_volume.pp +++ b/manifests/local_storage_volume.pp @@ -3,7 +3,7 @@ # BSD License. See LICENSE.txt for details. # nebula::local_storage_volume -# +# # Create a volume to use for kubernetes local storage on a worker node ## # @param volume_name The name of the volume (conventionally the UUID of the PVC) @@ -14,24 +14,24 @@ Integer $mib_capacity ) { - file { "/mnt/local-pvs/mounts/$volume_name": + file { "/mnt/local-pvs/mounts/${volume_name}": ensure => 'directory' } - exec { "make $volume_name disk file": + exec { "make ${volume_name} disk file": command => "/bin/dd if=/dev/zero of=/mnt/local-pvs/disks/${volume_name} bs=1048576 count=${mib_capacity}", creates => "/mnt/local-pvs/disks/${volume_name}" } - exec { "make $volume_name a filesystem": + exec { "make ${volume_name} a filesystem": command => "/sbin/mkfs.ext4 -m 0 /mnt/local-pvs/disks/${volume_name}", - unless => "/usr/bin/file /mnt/local-pvs/disks/${volume_name} | grep ext4" + unless => "/usr/bin/file /mnt/local-pvs/disks/${volume_name} | grep ext4" } mount { "/mnt/local-pvs/mounts/${volume_name}": ensure => 'mounted', device => "/mnt/local-pvs/disks/${volume_name}", - options => "loop,rw,usrquota,grpquota", + options => 'loop,rw,usrquota,grpquota', fstype => 'ext4', } } diff --git a/manifests/log.pp b/manifests/log.pp index db49b45f1..91a6a1f27 100644 --- a/manifests/log.pp +++ b/manifests/log.pp @@ -14,8 +14,8 @@ # } # define nebula::log ( - String $service = $title, Array[String] $files, + String $service = $title, ){ include nebula::profile::loki @@ -25,6 +25,6 @@ mode => '0644', require => Package['alloy'], notify => Service['alloy'], - content => template("nebula/profile/loki/drop_in.alloy.erb"), + content => template('nebula/profile/loki/drop_in.alloy.erb'), } } diff --git a/manifests/profile/apache/auth_openidc.pp b/manifests/profile/apache/auth_openidc.pp index 2ba434f01..7a093be77 100644 --- a/manifests/profile/apache/auth_openidc.pp +++ b/manifests/profile/apache/auth_openidc.pp @@ -49,8 +49,8 @@ file { '/var/cache/apache2/mod_auth_openidc/oidc-sessions': ensure => 'directory', - owner => "${::apache::user}", - group => "${::apache::group}", + owner => $::apache::user, + group => $::apache::group, mode => '0700' } diff --git a/manifests/profile/apache/authz_umichlib.pp b/manifests/profile/apache/authz_umichlib.pp index 568819436..4ba134b11 100644 --- a/manifests/profile/apache/authz_umichlib.pp +++ b/manifests/profile/apache/authz_umichlib.pp @@ -11,19 +11,19 @@ # # @param oracle_home The value for the $ORACLE_HOME environment variable. # -# @param oracle_servers The names of servers (Hash) and their relevant +# @param oracle_servers The names of servers (Hash) and their relevant # aliases (String Array). Note servers should be lowercase while aliases # must be uppercase. # -# e.g. +# e.g. # myserver: # - ORCL.MYSERVER1 -# - ORCL.MYSERVER2 +# - ORCL.MYSERVER2 # -# @param oracle_sid The SID for the oracle service. Oracle default is +# @param oracle_sid The SID for the oracle service. Oracle default is # set as default here # -# @param oracle_port The port for the oracle service. Oracle default is +# @param oracle_port The port for the oracle service. Oracle default is # set as default here # # @example diff --git a/manifests/profile/apt.pp b/manifests/profile/apt.pp index 160414e49..ab6147c08 100644 --- a/manifests/profile/apt.pp +++ b/manifests/profile/apt.pp @@ -10,9 +10,9 @@ # include nebula::profile::apt class nebula::profile::apt ( String $mirror, - String $ubuntu_mirror = "http://us.archive.ubuntu.com/ubuntu", String $puppet_repo, Boolean $purge = true, + String $ubuntu_mirror = 'http://us.archive.ubuntu.com/ubuntu', Optional[Hash] $local_repo = undef, ) { @@ -141,7 +141,7 @@ location => $ubuntu_mirror, repos => 'main restricted universe', ; - 'main' : release => "${::lsbdistcodename}"; + 'main' : release => $::lsbdistcodename; 'updates' : release => "${::lsbdistcodename}-updates"; 'backports': release => "${::lsbdistcodename}-backports"; 'security' : release => "${::lsbdistcodename}-security"; diff --git a/manifests/profile/apt/mono.pp b/manifests/profile/apt/mono.pp index 025895420..a464c56d7 100644 --- a/manifests/profile/apt/mono.pp +++ b/manifests/profile/apt/mono.pp @@ -10,8 +10,8 @@ # default to buster if we're not on a supported release # check here to see if list of supported releases updated: # https://download.mono-project.com/repo/debian/index.html - if "${::lsbdistcodename}" in ['xenial', 'bionic', 'focal', 'jessie', 'stretch', 'buster'] { - $apt_release = "${::lsbdistcodename}" + if $::lsbdistcodename in ['xenial', 'bionic', 'focal', 'jessie', 'stretch', 'buster'] { + $apt_release = $::lsbdistcodename } else { warning("nebula::profile::apt::mono: defaulting to apt repo dist 'buster'") # using buster because it's newer than focal diff --git a/manifests/profile/bolt.pp b/manifests/profile/bolt.pp index 85d30db4a..f3d865881 100644 --- a/manifests/profile/bolt.pp +++ b/manifests/profile/bolt.pp @@ -28,26 +28,26 @@ } } - file { "/opt/bolt": - ensure => "directory", - owner => "git", + file { '/opt/bolt': + ensure => 'directory', + owner => 'git', group => 100, - mode => "0755", + mode => '0755', } - vcsrepo { "/opt/bolt": - provider => "git", - ensure => "latest", - source => "ssh://git@github.com/mlibrary/bolt.git", - user => "git", + vcsrepo { '/opt/bolt': + ensure => 'latest', + provider => 'git', + source => 'ssh://git@github.com/mlibrary/bolt.git', + user => 'git', require => [ - Class["nebula::profile::github_pull_account"], - File["/opt/bolt"], - Package["git"], + Class['nebula::profile::github_pull_account'], + File['/opt/bolt'], + Package['git'], ] } - lookup("nebula::profile::kubernetes::clusters", default_value => {}).each |$id, $cluster| { + lookup('nebula::profile::kubernetes::clusters', default_value => {}).each |$id, $cluster| { $host = $cluster["control_dns"] concat_fragment { "configure ssh client for ${id}": diff --git a/manifests/profile/certbot_cloudflare.pp b/manifests/profile/certbot_cloudflare.pp index cea2e03b7..18270a3ab 100644 --- a/manifests/profile/certbot_cloudflare.pp +++ b/manifests/profile/certbot_cloudflare.pp @@ -9,46 +9,46 @@ class nebula::profile::certbot_cloudflare ( Hash[String, Hash[String, Array[String]]] $certs = {}, Hash[String, Array[String]] $simple_certs = {}, - String $cert_dir = "/var/local/cert_dir", - String $haproxy_cert_dir = "/var/local/haproxy_cert_dir", - String $letsencrypt_email = "nope@nope.zone", - String $cloudflare_api_token = "default.invalid", + String $cert_dir = '/var/local/cert_dir', + String $haproxy_cert_dir = '/var/local/haproxy_cert_dir', + String $letsencrypt_email = 'nope@nope.zone', + String $cloudflare_api_token = 'default.invalid', ) { ensure_packages([ - "certbot", - "python3-certbot-dns-cloudflare", + 'certbot', + 'python3-certbot-dns-cloudflare', ]) - file { "/root/.secrets": - ensure => "directory" + file { '/root/.secrets': + ensure => 'directory' } - file { "/root/.secrets/certbot": - ensure => "directory", - mode => "0700" + file { '/root/.secrets/certbot': + ensure => 'directory', + mode => '0700' } - file { "/root/.secrets/certbot/cloudflare.ini": - mode => "0600", - content => template("nebula/profile/certbot_cloudflare/cloudflare.ini.erb") + file { '/root/.secrets/certbot/cloudflare.ini': + mode => '0600', + content => template('nebula/profile/certbot_cloudflare/cloudflare.ini.erb') } - file { "/tmp/all_cert_commands_cloudflare": - content => template("nebula/profile/certbot_cloudflare/commands.erb") + file { '/tmp/all_cert_commands_cloudflare': + content => template('nebula/profile/certbot_cloudflare/commands.erb') } $certs.each |$service, $domains| { $domains.each |$main_domain, $alt_domains| { concat { "${cert_dir}/${main_domain}.crt": - group => "puppet", + group => 'puppet', } concat { "${cert_dir}/${main_domain}.key": - group => "puppet", + group => 'puppet', } concat { "${haproxy_cert_dir}/${service}/${main_domain}.pem": - group => "puppet", + group => 'puppet', } concat_fragment { "${main_domain}.crt cert": @@ -62,13 +62,13 @@ } concat_fragment { "${main_domain}.pem cert": - order => "01", + order => '01', target => "${haproxy_cert_dir}/${service}/${main_domain}.pem", source => "/etc/letsencrypt/live/${main_domain}/fullchain.pem" } concat_fragment { "${main_domain}.pem key": - order => "02", + order => '02', target => "${haproxy_cert_dir}/${service}/${main_domain}.pem", source => "/etc/letsencrypt/live/${main_domain}/privkey.pem" } @@ -77,7 +77,7 @@ $simple_certs.each |$domain, $sans| { concat { "${cert_dir}/${domain}.crt": - group => "puppet", + group => 'puppet', } concat_fragment { "${cert_dir}/${domain}.crt cert": @@ -86,7 +86,7 @@ } concat { "${cert_dir}/${domain}.key": - group => "puppet", + group => 'puppet', } concat_fragment { "${cert_dir}/${domain}.key key": diff --git a/manifests/profile/certbot_route53.pp b/manifests/profile/certbot_route53.pp index 2f5c2357c..74fddd65a 100644 --- a/manifests/profile/certbot_route53.pp +++ b/manifests/profile/certbot_route53.pp @@ -9,48 +9,48 @@ class nebula::profile::certbot_route53 ( Hash[String, Hash[String, Array[String]]] $certs = {}, Hash[String, Array[String]] $simple_certs = {}, - String $cert_dir = "/var/local/cert_dir", - String $haproxy_cert_dir = "/var/local/haproxy_cert_dir", - String $letsencrypt_email = "nope@nope.zone", - String $aws_access_key_id = "default.invalid", - String $aws_secret_access_key = "default.invalid", + String $cert_dir = '/var/local/cert_dir', + String $haproxy_cert_dir = '/var/local/haproxy_cert_dir', + String $letsencrypt_email = 'nope@nope.zone', + String $aws_access_key_id = 'default.invalid', + String $aws_secret_access_key = 'default.invalid', ) { ensure_packages([ - "certbot", - "awscli", - "python3-certbot-dns-route53", + 'certbot', + 'awscli', + 'python3-certbot-dns-route53', ]) - file { "/root/.aws": - ensure => "directory" + file { '/root/.aws': + ensure => 'directory' } - file { "/root/.aws/config": - mode => "0600", + file { '/root/.aws/config': + mode => '0600', content => "[default]\nregion = us-east-1\n" } - file { "/root/.aws/credentials": - mode => "0600", - content => template("nebula/profile/certbot_route53/credentials.ini.erb") + file { '/root/.aws/credentials': + mode => '0600', + content => template('nebula/profile/certbot_route53/credentials.ini.erb') } - file { "/tmp/all_cert_commands": - content => template("nebula/profile/certbot_route53/commands.erb") + file { '/tmp/all_cert_commands': + content => template('nebula/profile/certbot_route53/commands.erb') } $certs.each |$service, $domains| { $domains.each |$main_domain, $alt_domains| { concat { "${cert_dir}/${main_domain}.crt": - group => "puppet", + group => 'puppet', } concat { "${cert_dir}/${main_domain}.key": - group => "puppet", + group => 'puppet', } concat { "${haproxy_cert_dir}/${service}/${main_domain}.pem": - group => "puppet", + group => 'puppet', } concat_fragment { "${main_domain}.crt cert": @@ -64,13 +64,13 @@ } concat_fragment { "${main_domain}.pem cert": - order => "01", + order => '01', target => "${haproxy_cert_dir}/${service}/${main_domain}.pem", source => "/etc/letsencrypt/live/${main_domain}/fullchain.pem" } concat_fragment { "${main_domain}.pem key": - order => "02", + order => '02', target => "${haproxy_cert_dir}/${service}/${main_domain}.pem", source => "/etc/letsencrypt/live/${main_domain}/privkey.pem" } @@ -79,11 +79,11 @@ $simple_certs.each |$domain, $sans| { concat { "${cert_dir}/${domain}.crt": - group => "puppet", + group => 'puppet', } concat { "${cert_dir}/${domain}.key": - group => "puppet", + group => 'puppet', } concat_fragment { "${domain}.crt cert": diff --git a/manifests/profile/containerd.pp b/manifests/profile/containerd.pp index 2e748d642..fda5048ac 100644 --- a/manifests/profile/containerd.pp +++ b/manifests/profile/containerd.pp @@ -25,12 +25,12 @@ }, } - file { "/etc/containerd/config.toml": + file { '/etc/containerd/config.toml': content => template('nebula/profile/containerd/config.toml.erb'), - notify => Service['containerd'] + notify => Service['containerd'] } - file { "/etc/containerd": - ensure => "directory" + file { '/etc/containerd': + ensure => 'directory' } } diff --git a/manifests/profile/fulcrum/app.pp b/manifests/profile/fulcrum/app.pp index e64c1acfb..9393119b8 100644 --- a/manifests/profile/fulcrum/app.pp +++ b/manifests/profile/fulcrum/app.pp @@ -165,10 +165,10 @@ } file_line { 'fulcrum-profile-rails-env': - ensure => present, - path => '/fulcrum/.profile', - line => 'export RAILS_ENV=production', - match => '^export RAILS_ENV=', + ensure => present, + path => '/fulcrum/.profile', + line => 'export RAILS_ENV=production', + match => '^export RAILS_ENV=', require => User['fulcrum'], } @@ -181,8 +181,8 @@ } service { 'fulcrum': - name => 'fulcrum.target', ensure => 'running', + name => 'fulcrum.target', enable => true, require => [ File['/etc/systemd/system/fulcrum.target'], diff --git a/manifests/profile/github_pull_account.pp b/manifests/profile/github_pull_account.pp index 7955276bd..b7e853f3c 100644 --- a/manifests/profile/github_pull_account.pp +++ b/manifests/profile/github_pull_account.pp @@ -3,24 +3,24 @@ # BSD License. See LICENSE.txt for details. class nebula::profile::github_pull_account ( - String $git_username = "git", + String $git_username = 'git', Integer $git_gid = 100, - String $git_homedir = "/var/lib/autogit", + String $git_homedir = '/var/lib/autogit', ) { - package { "git": } + package { 'git': } user { $git_username: - ensure => "present", + ensure => 'present', home => $git_homedir, gid => $git_gid, managehome => true, } file { "${git_homedir}/.ssh": - ensure => "directory", + ensure => 'directory', owner => $git_username, group => $git_gid, - mode => "0700", + mode => '0700', require => User[$git_username], } @@ -33,18 +33,18 @@ require => File["${git_homedir}/.ssh"], } - exec { "create /var/local/github_ssh_keys": - creates => "/var/local/github_ssh_keys", - command => "/usr/bin/ssh-keyscan github.com > /var/local/github_ssh_keys", + exec { 'create /var/local/github_ssh_keys': + creates => '/var/local/github_ssh_keys', + command => '/usr/bin/ssh-keyscan github.com > /var/local/github_ssh_keys', } include nebula::profile::managed_known_hosts # Without this, the git user will not be able to pull from private # repos using ssh. - concat_fragment { "github ssh keys": - target => "/etc/ssh/ssh_known_hosts", - source => "/var/local/github_ssh_keys", - require => Exec["create /var/local/github_ssh_keys"], + concat_fragment { 'github ssh keys': + target => '/etc/ssh/ssh_known_hosts', + source => '/var/local/github_ssh_keys', + require => Exec['create /var/local/github_ssh_keys'], } } diff --git a/manifests/profile/haproxy.pp b/manifests/profile/haproxy.pp index 76ac322d8..7ddbd14c5 100644 --- a/manifests/profile/haproxy.pp +++ b/manifests/profile/haproxy.pp @@ -12,7 +12,7 @@ Boolean $master = false, Optional[String] $cert_source = undef, Hash $extra_floating_ips = {}, - String $global_badrobots = "", + String $global_badrobots = '', ) { include nebula::profile::haproxy::prereqs include nebula::profile::networking::sysctl diff --git a/manifests/profile/hathitrust/apache/babel.pp b/manifests/profile/hathitrust/apache/babel.pp index 695bf40f8..aaf21dccd 100644 --- a/manifests/profile/hathitrust/apache/babel.pp +++ b/manifests/profile/hathitrust/apache/babel.pp @@ -237,7 +237,7 @@ { # handle entityID hint for dex oidc <-> saml proxy - redirect user to # /Shibboleth.sso and consume the entityID parameter on return - # + # # see explanation: https://github.com/hathitrust/ht_kubernetes/blob/master/htrc-dex/README.md rewrite_map => 'unescape int:unescape', rewrite_cond => ['"%{QUERY_STRING}" "(.*(?:^|&))entityID=([^&]*)&?(.*)&?$"'], diff --git a/manifests/profile/hathitrust/solr6.pp b/manifests/profile/hathitrust/solr6.pp index 670e2ecb8..89b213cab 100644 --- a/manifests/profile/hathitrust/solr6.pp +++ b/manifests/profile/hathitrust/solr6.pp @@ -6,13 +6,13 @@ # @example # include nebula::profile::hathitrust::solr6 class nebula::profile::hathitrust::solr6 ( + String $port, String $jdk_version = '8', String $solr_home = '/var/lib/solr', String $java_home = "/usr/lib/jvm/temurin-${jdk_version}-jre-${::os['architecture']}", String $heap = '16G', String $timezone = 'America/Detroit', String $solr_bin = '/opt/solr/bin/solr', - String $port, ){ include nebula::profile::hathitrust::networking include nebula::profile::hathitrust::hosts @@ -25,63 +25,63 @@ include nebula::profile::dns::smartconnect; include nebula::profile::users - realize User["solr"] + realize User['solr'] # parent dir structure for solr mounts, not all used by every use case file { default: - ensure => "directory", - owner => "root", - mode => "755", + ensure => 'directory', + owner => 'root', + mode => '0755', ; - "/htsolr":; - "/htsolr/lss":; - "/htsolr/lss/cores":; - "/htsolr/serve":; + '/htsolr':; + '/htsolr/lss':; + '/htsolr/lss/cores':; + '/htsolr/serve':; } nebula::nfs_mount { default: - tag => "smartconnect", + tag => 'smartconnect', private_network => true, monitored => true, - before => Service["solr"], + before => Service['solr'], ; - "/htapps": remote_target => "nas-${::datacenter}.sc:/ifs/htapps"; + '/htapps': remote_target => "nas-${::datacenter}.sc:/ifs/htapps"; } # solr config files file { default: - ensure => "directory", - owner => "solr", - group => "htprod", - mode => "2775", - before => Service["solr"], + ensure => 'directory', + owner => 'solr', + group => 'htprod', + mode => '2775', + before => Service['solr'], ; $solr_home:; "${solr_home}/logs":; } file { default: - owner => "root", - mode => "644", - notify => Service["solr"], + owner => 'root', + mode => '0644', + notify => Service['solr'], ; - "${solr_home}/log4j.properties": content => template("nebula/profile/hathitrust/solr6/log4j.properties.erb"); - "${solr_home}/solr.in.sh": content => template("nebula/profile/hathitrust/solr6/solr.in.sh.erb"); - "${solr_home}/solr.xml": content => template("nebula/profile/hathitrust/solr6/solr.xml.erb"); - "/etc/systemd/system/solr.service": content => template("nebula/profile/hathitrust/solr6/solr.service.erb"), + "${solr_home}/log4j.properties": content => template('nebula/profile/hathitrust/solr6/log4j.properties.erb'); + "${solr_home}/solr.in.sh": content => template('nebula/profile/hathitrust/solr6/solr.in.sh.erb'); + "${solr_home}/solr.xml": content => template('nebula/profile/hathitrust/solr6/solr.xml.erb'); + '/etc/systemd/system/solr.service': content => template('nebula/profile/hathitrust/solr6/solr.service.erb'), } - service { "solr": - ensure => "running", + service { 'solr': + ensure => 'running', enable => true, - require => [Package["solr"], File["/etc/systemd/system/solr.service"]], + require => [Package['solr'], File['/etc/systemd/system/solr.service']], } # allow access to solr port servers, staff nebula::exposed_port { default: port => $port; - "200 Solr - Private": block => "hathitrust::networks::private_all"; - "200 Solr - Staff": block => "hathitrust::networks::staff"; + '200 Solr - Private': block => 'hathitrust::networks::private_all'; + '200 Solr - Staff': block => 'hathitrust::networks::staff'; } } diff --git a/manifests/profile/hathitrust/solr6/catalog.pp b/manifests/profile/hathitrust/solr6/catalog.pp index 927569394..cd7503fff 100644 --- a/manifests/profile/hathitrust/solr6/catalog.pp +++ b/manifests/profile/hathitrust/solr6/catalog.pp @@ -14,38 +14,38 @@ String $mail_recipient = lookup('nebula::profile::hathitrust::solr6::mail_recipient'), ){ class { 'nebula::profile::hathitrust::solr6': - port => $port, + port => $port, solr_home => $solr_home, } # solr nfs mounts - nebula::nfs_mount { "/htsolr/catalog": - tag => "smartconnect", + nebula::nfs_mount { '/htsolr/catalog': + tag => 'smartconnect', private_network => true, monitored => true, - before => Service["solr"], + before => Service['solr'], remote_target => "nas-${::datacenter}.sc:/ifs/htsolr/catalog"; } # link to core in solr home file { "${solr_home}/catalog": - ensure => "link", - target => "/htsolr/serve/catalog", - notify => Service["solr"], + ensure => 'link', + target => '/htsolr/serve/catalog', + notify => Service['solr'], } # catalog release script - $solr_name = "catalog" - $solr_stop_flag = "STOPCATALOGRELEASE" - $solr_cores = ["catalog"] + $solr_name = 'catalog' + $solr_stop_flag = 'STOPCATALOGRELEASE' + $solr_cores = ['catalog'] $core_data_dir_template = 'data' - $core_link_prefix = "" + $core_link_prefix = '' $is_catalog = true $is_primary_node = true # catalog solr is only one node per site - file { "/usr/local/bin/index-release": - owner => "root", - mode => "755", - content => template("nebula/profile/hathitrust/solr6/index-release.sh.erb"), + file { '/usr/local/bin/index-release': + owner => 'root', + mode => '0755', + content => template('nebula/profile/hathitrust/solr6/index-release.sh.erb'), } if ($is_primary_site) { $cron_h = 6 @@ -54,13 +54,13 @@ $cron_h = 6 $cron_m = 25 } - cron { "catalog solr index release": + cron { 'catalog solr index release': hour => $cron_h, minute => $cron_m, command => "/usr/local/bin/index-release > /tmp/index-release.log 2>&1 || /usr/bin/mail -s '${facts['networking']['hostname']} catalog index release problem' ${mail_recipient} < /tmp/index-release.log", } nebula::log { 'catalog_solr': - files => ["/var/lib/solr/logs/solr.log"], + files => ['/var/lib/solr/logs/solr.log'], } } diff --git a/manifests/profile/hathitrust/solr6/classic.pp b/manifests/profile/hathitrust/solr6/classic.pp index cf73a4ccd..d92f0ded3 100644 --- a/manifests/profile/hathitrust/solr6/classic.pp +++ b/manifests/profile/hathitrust/solr6/classic.pp @@ -7,9 +7,9 @@ class nebula::profile::hathitrust::solr6::classic ( ){ nebula::log { 'lss_solr': - files => ["/var/lib/solr-current-lss/logs/solr.log"], + files => ['/var/lib/solr-current-lss/logs/solr.log'], } nebula::log { 'catalog_solr': - files => ["/var/lib/solr-current-catalog/logs/solr.log"], + files => ['/var/lib/solr-current-catalog/logs/solr.log'], } } diff --git a/manifests/profile/hathitrust/solr6/lss.pp b/manifests/profile/hathitrust/solr6/lss.pp index d5fc773b5..b2f3223ab 100644 --- a/manifests/profile/hathitrust/solr6/lss.pp +++ b/manifests/profile/hathitrust/solr6/lss.pp @@ -5,6 +5,7 @@ # @example # include nebula::profile::hathitrust::solr6::lss class nebula::profile::hathitrust::solr6::lss ( + Array[String] $solr_cores, String $port = '8081', String $solr_home = '/var/lib/solr', String $snapshot_name = 'htsolr-lss', @@ -13,60 +14,59 @@ String $release_flag_prefix = lookup('nebula::profile::hathitrust::solr6::release_flag_prefix', default_value => ''), String $mirror_site_ip = lookup('nebula::profile::hathitrust::solr6::mirror_site_ip'), String $mail_recipient = lookup('nebula::profile::hathitrust::solr6::mail_recipient'), - Array[String] $solr_cores, ){ class { 'nebula::profile::hathitrust::solr6': - port => $port, + port => $port, solr_home => $solr_home, } # solr nfs mounts $solr_cores.each |$core| { nebula::nfs_mount { "/htsolr/lss/cores/${core}": - tag => "smartconnect", + tag => 'smartconnect', private_network => true, monitored => true, - before => Service["solr"], + before => Service['solr'], remote_target => "nas-${::datacenter}.sc:/ifs/htsolr/lss/cores/${core}"; } } nebula::nfs_mount { default: - tag => "smartconnect", + tag => 'smartconnect', private_network => true, monitored => true, - before => Service["solr"], + before => Service['solr'], ; - "/htsolr/lss/flags": remote_target => "nas-${::datacenter}.sc:/ifs/htsolr/lss/flags"; - "/htsolr/lss/prep": remote_target => "nas-${::datacenter}.sc:/ifs/htsolr/lss/prep"; - "/htsolr/lss/shared": remote_target => "nas-${::datacenter}.sc:/ifs/htsolr/lss/shared"; + '/htsolr/lss/flags': remote_target => "nas-${::datacenter}.sc:/ifs/htsolr/lss/flags"; + '/htsolr/lss/prep': remote_target => "nas-${::datacenter}.sc:/ifs/htsolr/lss/prep"; + '/htsolr/lss/shared': remote_target => "nas-${::datacenter}.sc:/ifs/htsolr/lss/shared"; } # core configs require jars to be available in solr home as well as /htsolr/serve file { "${solr_home}/lib": - ensure => "link", - target => "/htsolr/serve/lss-shared/lib", - before => Service["solr"], + ensure => 'link', + target => '/htsolr/serve/lss-shared/lib', + before => Service['solr'], } # link to cores in solr home $solr_cores.each |$core| { file { "${solr_home}/${core}": - ensure => "link", + ensure => 'link', target => "/htsolr/serve/lss-${core}", - notify => Service["solr"], + notify => Service['solr'], } } # lss release script - $solr_name = "lss" - $solr_stop_flag = "STOPLSSRELEASE" + $solr_name = 'lss' + $solr_stop_flag = 'STOPLSSRELEASE' $core_data_dir_template = 'core-${s}x/data' - $core_link_prefix = "lss-" + $core_link_prefix = 'lss-' $is_lss = true - file { "/usr/local/bin/index-release": - owner => "root", - mode => "755", - content => template("nebula/profile/hathitrust/solr6/index-release.sh.erb"), + file { '/usr/local/bin/index-release': + owner => 'root', + mode => '0755', + content => template('nebula/profile/hathitrust/solr6/index-release.sh.erb'), } if ($is_primary_site) { $cron_h = 6 @@ -75,13 +75,13 @@ $cron_h = 5 $cron_m = 55 } - cron { "lss solr index release": + cron { 'lss solr index release': hour => $cron_h, minute => $cron_m, command => "/usr/local/bin/index-release > /tmp/index-release.log 2>&1 || /usr/bin/mail -s '${facts['networking']['hostname']} lss index release problem' ${mail_recipient} < /tmp/index-release.log", } nebula::log { 'lss_solr': - files => ["/var/lib/solr/logs/solr.log"], + files => ['/var/lib/solr/logs/solr.log'], } } diff --git a/manifests/profile/http_fileserver.pp b/manifests/profile/http_fileserver.pp index 8d200987f..b9584b016 100644 --- a/manifests/profile/http_fileserver.pp +++ b/manifests/profile/http_fileserver.pp @@ -20,7 +20,7 @@ ensure => 'directory', } - file { "/var/local/http": + file { '/var/local/http': ensure => 'directory', } @@ -56,12 +56,12 @@ apache::vhost { "${::fqdn} http": servername => $::fqdn, port => 80, - docroot => "/var/local/http", - require => File["/var/local/http"] + docroot => '/var/local/http', + require => File['/var/local/http'] } nebula::cert { $::fqdn: - webroot => "/var/local/http", + webroot => '/var/local/http', require => Apache::Vhost["${::fqdn} http"] } diff --git a/manifests/profile/kubelet.pp b/manifests/profile/kubelet.pp index 24068a18c..25147ead3 100644 --- a/manifests/profile/kubelet.pp +++ b/manifests/profile/kubelet.pp @@ -3,67 +3,67 @@ # BSD License. See LICENSE.txt for details. class nebula::profile::kubelet ( String $kubelet_version, - String $pod_manifest_path = "/etc/kubernetes/manifests", + String $pod_manifest_path = '/etc/kubernetes/manifests', Boolean $manage_pods_with_puppet = true, ) { include nebula::profile::networking::sysctl include nebula::profile::containerd include nebula::profile::kubernetes::apt - kmod::load { "overlay": } - kmod::load { "br_netfilter": } + kmod::load { 'overlay': } + kmod::load { 'br_netfilter': } - file { "/etc/sysctl.d/kubelet.conf": - content => template("nebula/profile/kubernetes/kubelet_sysctl.conf.erb"), - notify => Service["procps"], + file { '/etc/sysctl.d/kubelet.conf': + content => template('nebula/profile/kubernetes/kubelet_sysctl.conf.erb'), + notify => Service['procps'], } - package { "kubelet": + package { 'kubelet': ensure => $kubelet_version, - require => Apt::Source["kubernetes"], + require => Apt::Source['kubernetes'], } - apt::pin { "kubelet": - packages => ["kubelet"], + apt::pin { 'kubelet': + packages => ['kubelet'], version => $kubelet_version, priority => 999, } - service { "kubelet": - ensure => "running", + service { 'kubelet': + ensure => 'running', enable => true, - require => Package["kubelet"], + require => Package['kubelet'], } if $manage_pods_with_puppet { file { $pod_manifest_path: - ensure => "directory", + ensure => 'directory', recurse => true, purge => true, - require => Package["kubelet"], + require => Package['kubelet'], } - file { "/etc/systemd/system/kubelet.service.d": - ensure => "directory", - require => Package["kubelet"], + file { '/etc/systemd/system/kubelet.service.d': + ensure => 'directory', + require => Package['kubelet'], } - file { "/etc/systemd/system/kubelet.service.d/20-containerd-and-manifest-dir.conf": - content => template("nebula/profile/kubelet/systemd.conf.erb"), - require => Package["kubelet"], - notify => Exec["kubelet reload daemon"], + file { '/etc/systemd/system/kubelet.service.d/20-containerd-and-manifest-dir.conf': + content => template('nebula/profile/kubelet/systemd.conf.erb'), + require => Package['kubelet'], + notify => Exec['kubelet reload daemon'], } - file { "/etc/kubernetes/kubelet.yaml": - content => template("nebula/profile/kubelet/config.yaml.erb"), - require => Package["kubelet"], - notify => Service["kubelet"], + file { '/etc/kubernetes/kubelet.yaml': + content => template('nebula/profile/kubelet/config.yaml.erb'), + require => Package['kubelet'], + notify => Service['kubelet'], } exec { 'kubelet reload daemon': - command => "/bin/systemctl daemon-reload", + command => '/bin/systemctl daemon-reload', refreshonly => true, - notify => Service["kubelet"], + notify => Service['kubelet'], } } } diff --git a/manifests/profile/kubernetes/bootstrap/etcd_config.pp b/manifests/profile/kubernetes/bootstrap/etcd_config.pp index 79a37bfe4..5f0aa8647 100644 --- a/manifests/profile/kubernetes/bootstrap/etcd_config.pp +++ b/manifests/profile/kubernetes/bootstrap/etcd_config.pp @@ -17,11 +17,11 @@ notify => Exec['kubelet reload daemon'], } - $pod_manifest_path = "/etc/kubernetes/manifests" - file { "/etc/kubernetes/kubelet.yaml": - content => template("nebula/profile/kubelet/config.yaml.erb"), - require => Package["kubelet"], - notify => Service["kubelet"], + $pod_manifest_path = '/etc/kubernetes/manifests' + file { '/etc/kubernetes/kubelet.yaml': + content => template('nebula/profile/kubelet/config.yaml.erb'), + require => Package['kubelet'], + notify => Service['kubelet'], } file { '/etc/systemd/system/kubelet.service.d': @@ -30,7 +30,7 @@ if $initial_cluster { file { '/tmp/etcd.yaml': - ensure => 'file', + ensure => 'file', content => template('nebula/profile/kubernetes/etcd/etcd.yaml.erb'), } } diff --git a/manifests/profile/kubernetes/dns_server.pp b/manifests/profile/kubernetes/dns_server.pp index a5f595067..03254d339 100644 --- a/manifests/profile/kubernetes/dns_server.pp +++ b/manifests/profile/kubernetes/dns_server.pp @@ -57,7 +57,7 @@ concat { '/etc/ssh/ssh_known_hosts': } Concat_fragment <<| tag == "${cluster_name}_known_host_public_keys" |>> - file { "/etc/dnsmasq.d/local_domain": + file { '/etc/dnsmasq.d/local_domain': content => "local=/${private_domain}/\n", notify => Service['dnsmasq'] } diff --git a/manifests/profile/kubernetes/etcdctl.pp b/manifests/profile/kubernetes/etcdctl.pp index ba687ec3f..a309b4bd2 100644 --- a/manifests/profile/kubernetes/etcdctl.pp +++ b/manifests/profile/kubernetes/etcdctl.pp @@ -7,17 +7,17 @@ $cluster = lookup('nebula::profile::kubernetes::clusters')[$cluster_name] $etcdctl_endpoints = $cluster["etcdctl_endpoints"] - package { "etcd-client": } + package { 'etcd-client': } - file { "/etc/etcd": - ensure => "directory", + file { '/etc/etcd': + ensure => 'directory', } - file { "/etc/profile.d/etcdctl.sh": - content => template("nebula/profile/kubernetes/etcdctl.sh.erb"), + file { '/etc/profile.d/etcdctl.sh': + content => template('nebula/profile/kubernetes/etcdctl.sh.erb'), } - file { "/etc/etcd/README": + file { '/etc/etcd/README': content => @("README") You just kind of have to do this yourself whenever etcd certs get renewed: diff --git a/manifests/profile/kubernetes/kubelet.pp b/manifests/profile/kubernetes/kubelet.pp index 0411fccd0..639da2c81 100644 --- a/manifests/profile/kubernetes/kubelet.pp +++ b/manifests/profile/kubernetes/kubelet.pp @@ -2,7 +2,7 @@ # All Rights Reserved. Licensed according to the terms of the Revised # BSD License. See LICENSE.txt for details. -class nebula::profile::kubernetes::kubelet ( +class nebula::profile::kubernetes::kubelet ( Boolean $install_kubelet = true, ) { $cluster_name = lookup('nebula::profile::kubernetes::cluster') @@ -40,10 +40,10 @@ fail("You must set a kube api IP address for the cluster's gateway") } - if $install_kubelet { - class { "nebula::profile::kubelet": + if $install_kubelet { + class { 'nebula::profile::kubelet': kubelet_version => "${kubernetes_version}-${kubernetes_revision_version}", - pod_manifest_path => "/etc/kubernetes/manifests", + pod_manifest_path => '/etc/kubernetes/manifests', manage_pods_with_puppet => false, } } diff --git a/manifests/profile/logrotate.pp b/manifests/profile/logrotate.pp index ca3dbdd69..37c95b307 100644 --- a/manifests/profile/logrotate.pp +++ b/manifests/profile/logrotate.pp @@ -19,8 +19,8 @@ create_group => 'utmp', rotate => 4, ; -# Override the logrotate module definition for -# wtmp and btmp to apply our preferred 4 x weekly schedule +# Override the logrotate module definition for +# wtmp and btmp to apply our preferred 4 x weekly schedule 'wtmp': path => '/var/log/wtmp', create_mode => '0664', diff --git a/manifests/profile/loki.pp b/manifests/profile/loki.pp index 0b9d8f082..09141d80f 100644 --- a/manifests/profile/loki.pp +++ b/manifests/profile/loki.pp @@ -64,9 +64,9 @@ mode => '0755', ; '/etc/alloy/config.alloy': - content => template("nebula/profile/loki/config.alloy.erb"), + content => template('nebula/profile/loki/config.alloy.erb'), ; '/etc/default/alloy': - content => template("nebula/profile/loki/alloy.env.erb"), + content => template('nebula/profile/loki/alloy.env.erb'), } } diff --git a/manifests/profile/networking/firewall/http.pp b/manifests/profile/networking/firewall/http.pp index 7ac1f8089..e6731403f 100644 --- a/manifests/profile/networking/firewall/http.pp +++ b/manifests/profile/networking/firewall/http.pp @@ -7,7 +7,7 @@ # Manage firewall (iptables) settings for HTTP/s # # This class gathers all firewall rules with the tag 'haproxy' -# to allow access from any haproxy servers. The actual rules are +# to allow access from any haproxy servers. The actual rules are # first generated by nebula::profile::haproxy each time # a role (e.g. load_balancer) includes the haproxy profile. # diff --git a/manifests/profile/openjdk_java.pp b/manifests/profile/openjdk_java.pp index c769f9933..c32635785 100644 --- a/manifests/profile/openjdk_java.pp +++ b/manifests/profile/openjdk_java.pp @@ -13,7 +13,7 @@ ensure_packages($jdk_packages) exec { 'ensure default java': command => "/usr/sbin/update-java-alternatives -s ${java_alternative}", - unless => "/usr/bin/update-alternatives --query java | grep '^Value:.*${base_alternative}'", + unless => "/usr/bin/update-alternatives --query java | grep '^Value:.*${base_alternative}'", require => Package[$default_jdk] } } diff --git a/manifests/profile/prometheus.pp b/manifests/profile/prometheus.pp index d4008005d..2eb110360 100644 --- a/manifests/profile/prometheus.pp +++ b/manifests/profile/prometheus.pp @@ -98,9 +98,9 @@ require => File['/etc/prometheus'], } - concat_fragment { "prometheus ipmi scrape config first line": - target => "/etc/prometheus/ipmi.yml", - order => "01", + concat_fragment { 'prometheus ipmi scrape config first line': + target => '/etc/prometheus/ipmi.yml', + order => '01', content => "scrape_configs:\n" } @@ -159,20 +159,20 @@ server_tokens => 'off', } nginx::resource::server { 'https-forwarder': - server_name => [$::fqdn], - listen_options => "proxy_protocol default_server", - listen_port => 443, - proxy => "http://localhost:9090", - ssl => true, - ssl_cert => "/etc/prometheus/tls/client.crt", - ssl_key => "/etc/prometheus/tls/client.key", - server_cfg_append => { + server_name => [$::fqdn], + listen_options => 'proxy_protocol default_server', + listen_port => 443, + proxy => 'http://localhost:9090', + ssl => true, + ssl_cert => '/etc/prometheus/tls/client.crt', + ssl_key => '/etc/prometheus/tls/client.key', + server_cfg_append => { 'ssl_client_certificate' => '/etc/prometheus/tls/ca.crt', 'ssl_verify_client' => 'on', 'ssl_verify_depth' => 1, }, } - firewall { "200 HTTPS: Client Cert": + firewall { '200 HTTPS: Client Cert': proto => 'tcp', dport => [443], state => 'NEW', @@ -233,13 +233,13 @@ ; "010 prometheus public node exporter ${::hostname} ${address}": - tag => "${::datacenter}_prometheus_public_node_exporter", - dport => 9100, + tag => "${::datacenter}_prometheus_public_node_exporter", + dport => 9100, ; "010 prometheus public ipmi exporter ${::hostname} ${address}": - tag => "${::datacenter}_prometheus_public_ipmi_exporter", - dport => 9290, + tag => "${::datacenter}_prometheus_public_ipmi_exporter", + dport => 9290, ; } } @@ -254,13 +254,13 @@ ; "010 prometheus private node exporter ${::hostname} ${address}": - tag => "${::datacenter}_prometheus_private_node_exporter", - dport => 9100, + tag => "${::datacenter}_prometheus_private_node_exporter", + dport => 9100, ; "010 prometheus private ipmi exporter ${::hostname} ${address}": - tag => "${::datacenter}_prometheus_private_ipmi_exporter", - dport => 9290, + tag => "${::datacenter}_prometheus_private_ipmi_exporter", + dport => 9290, ; } } diff --git a/manifests/profile/prometheus/exporter/ipmi.pp b/manifests/profile/prometheus/exporter/ipmi.pp index bee37d888..372dcadcf 100644 --- a/manifests/profile/prometheus/exporter/ipmi.pp +++ b/manifests/profile/prometheus/exporter/ipmi.pp @@ -8,16 +8,16 @@ if $accounts != {} { include nebula::profile::kubelet - file { "/etc/kubernetes/manifests/ipmi_exporter.yaml": - content => template("nebula/profile/prometheus/exporter/ipmi/pod.yaml.erb") + file { '/etc/kubernetes/manifests/ipmi_exporter.yaml': + content => template('nebula/profile/prometheus/exporter/ipmi/pod.yaml.erb') } - file { "/etc/prometheus": - ensure => "directory" + file { '/etc/prometheus': + ensure => 'directory' } - file { "/etc/prometheus/ipmi.yaml": - content => template("nebula/profile/prometheus/exporter/ipmi/config.yaml.erb") + file { '/etc/prometheus/ipmi.yaml': + content => template('nebula/profile/prometheus/exporter/ipmi/config.yaml.erb') } # This looks awfully similar to, but not the same as, the code in @@ -30,7 +30,7 @@ $all_private_addresses = $facts["mlibrary_ip_addresses"]["private"] if $all_public_addresses == [] and $all_private_addresses == [] { - fail("Host cannot be scraped without a public or private IP address") + fail('Host cannot be scraped without a public or private IP address') } elsif $all_private_addresses != [] { $ipaddress = $all_private_addresses[0] Firewall <<| tag == "${::datacenter}_prometheus_private_ipmi_exporter" |>> @@ -41,9 +41,9 @@ @@concat_fragment { "prometheus ipmi scrape config ${::hostname}": tag => "${::datacenter}_prometheus_ipmi_exporter", - target => "/etc/prometheus/ipmi.yml", - order => "02", - content => template("nebula/profile/prometheus/exporter/ipmi/scrape_config.yaml.erb") + target => '/etc/prometheus/ipmi.yml', + order => '02', + content => template('nebula/profile/prometheus/exporter/ipmi/scrape_config.yaml.erb') } } } diff --git a/manifests/profile/prometheus/exporter/node.pp b/manifests/profile/prometheus/exporter/node.pp index ddfa86818..d82998f6f 100644 --- a/manifests/profile/prometheus/exporter/node.pp +++ b/manifests/profile/prometheus/exporter/node.pp @@ -107,7 +107,7 @@ $role = lookup_role() $datacenter = $::datacenter - if $::domain == lookup("umich::default_domain", default_value => "prometheus-node-exporter.default.invalid") { + if $::domain == lookup('umich::default_domain', default_value => 'prometheus-node-exporter.default.invalid') { $hostname = $::hostname } else { $hostname = $::fqdn @@ -134,7 +134,7 @@ } if $all_public_addresses == [] and $all_private_addresses == [] { - fail("Host cannot be scraped without a public or private IP address") + fail('Host cannot be scraped without a public or private IP address') } elsif $all_public_addresses == [] and $monitoring_datacenter != $datacenter { fail("${datacenter} host cannot be scraped by ${monitoring_datacenter} prometheus server without a public IP address") } elsif $all_private_addresses != [] and $monitoring_datacenter == $datacenter { diff --git a/manifests/profile/solr.pp b/manifests/profile/solr.pp index e3cb47f24..3262b84a1 100644 --- a/manifests/profile/solr.pp +++ b/manifests/profile/solr.pp @@ -5,8 +5,8 @@ # nebula::profile::solr # # Install Solr with base configuration. -# -# Note: The variables set are also used by the erb files. +# +# Note: The variables set are also used by the erb files. class nebula::profile::solr ( String $base = '/var/lib/solr', String $home = "${base}/home", diff --git a/manifests/profile/tsm.pp b/manifests/profile/tsm.pp index 97e357edc..1eb9c6bbb 100644 --- a/manifests/profile/tsm.pp +++ b/manifests/profile/tsm.pp @@ -27,8 +27,8 @@ # "/etc" is not its own filesystem) # # @param exclude_dirs Directories never to back up -# -# @param opt_settings An Array containing node-specific configuration settings +# +# @param opt_settings An Array containing node-specific configuration settings # for the dsm.opt file. # # This does not automate entry of the node password or encryption key (if diff --git a/manifests/profile/www_lib/apache/base.pp b/manifests/profile/www_lib/apache/base.pp index 6d866536d..5dfdf5ee5 100644 --- a/manifests/profile/www_lib/apache/base.pp +++ b/manifests/profile/www_lib/apache/base.pp @@ -23,11 +23,12 @@ include nebula::profile::apache::monitoring class { 'nebula::profile::monitor_pl': - directory => $nebula::profile::apache::monitoring::monitor_dir, - shibboleth => true, - solr_cores => lookup('nebula::www_lib::monitor::solr_cores'), - http_checks => lookup('nebula::www_lib::monitor::http_checks', default_value => []), - mysql => lookup('nebula::www_lib::monitor::mysql') + directory => $nebula::profile::apache::monitoring::monitor_dir, + shibboleth => true, + solr_cores => lookup('nebula::www_lib::monitor::solr_cores'), + http_checks => lookup('nebula::www_lib::monitor::http_checks', + default_value => []), + mysql => lookup('nebula::www_lib::monitor::mysql') } apache::mod { ['access_compat','asis','authz_groupfile','usertrack']: } diff --git a/manifests/profile/www_lib/apache/fulcrum.pp b/manifests/profile/www_lib/apache/fulcrum.pp index 6af0db61f..ea1d78017 100644 --- a/manifests/profile/www_lib/apache/fulcrum.pp +++ b/manifests/profile/www_lib/apache/fulcrum.pp @@ -16,8 +16,8 @@ nebula::apache::redirect_vhost_https { default: - ssl_cn => 'fulcrum.org', - priority => '08', + ssl_cn => 'fulcrum.org', + priority => '08', ; 'northwestern.fulcrumscholar.org': diff --git a/manifests/profile/www_lib/php.pp b/manifests/profile/www_lib/php.pp index bdfc2d442..3056b5a17 100644 --- a/manifests/profile/www_lib/php.pp +++ b/manifests/profile/www_lib/php.pp @@ -30,11 +30,11 @@ config_root => "/etc/php/${default_php_version}", } - # Install default php packages. Some are implicit as described + # Install default php packages. Some are implicit as described # below while rest have to be specified. # - # php*-cli, php*-common, php*-fpm and php-pear get installed by - # the puppet PHP module by default (if enabled). Devel packages + # php*-cli, php*-common, php*-fpm and php-pear get installed by + # the puppet PHP module by default (if enabled). Devel packages # are implicit also but we aren't using them. # # Note: The PHP module doesn't use ensure_packages so if we don't @@ -117,7 +117,7 @@ phpunit => true, # Unsure whether this should be system or app-level # Configure FPM default pool ('www') - # + # # The 'www' pool is hard-coded in the php module so can't be created here. # # The php::fpm::pool class is intended to be used to create other pools only. @@ -127,8 +127,8 @@ # 2. Adjust the settings in hiera as: # - php::params::fpm_tools: # www: - # 3. Set fpm_pools => {} to disable default 'www' creation and then - # create it manually using php::fpm::pool class like any pool. This + # 3. Set fpm_pools => {} to disable default 'www' creation and then + # create it manually using php::fpm::pool class like any pool. This # is the option we are choosing. # # diff --git a/manifests/profile/www_lib/vhosts/apps_lib.pp b/manifests/profile/www_lib/vhosts/apps_lib.pp index d9a5dae6e..06a8fef73 100644 --- a/manifests/profile/www_lib/vhosts/apps_lib.pp +++ b/manifests/profile/www_lib/vhosts/apps_lib.pp @@ -55,27 +55,27 @@ } nebula::apache::www_lib_vhost { 'apps.lib-https': - servername => $servername, - ssl => true, - usertrack => true, - auth_openidc => true, - auth_openidc_redirect_uri => 'https://apps.lib.umich.edu/openid-connect/callback', - docroot => $docroot, + servername => $servername, + ssl => true, + usertrack => true, + auth_openidc => true, + auth_openidc_redirect_uri => 'https://apps.lib.umich.edu/openid-connect/callback', + docroot => $docroot, - directories => [ + directories => [ { - provider => 'directory', - path => $docroot, - options => ['IncludesNOEXEC','Indexes','FollowSymLinks','MultiViews'], - allow_override => ['AuthConfig','FileInfo','Limit','Options'], - require => $nebula::profile::www_lib::apache::default_access, + provider => 'directory', + path => $docroot, + options => ['IncludesNOEXEC','Indexes','FollowSymLinks','MultiViews'], + allow_override => ['AuthConfig','FileInfo','Limit','Options'], + require => $nebula::profile::www_lib::apache::default_access, }, { - provider => 'directory', - path => "${www_lib_root}/cgi", - allow_override => ['None'], - options => ['None'], - require => $nebula::profile::www_lib::apache::default_access, + provider => 'directory', + path => "${www_lib_root}/cgi", + allow_override => ['None'], + options => ['None'], + require => $nebula::profile::www_lib::apache::default_access, }, { provider => 'directory', @@ -100,7 +100,7 @@ # Passive authn globally { provider => 'location', - path => "/", + path => '/', auth_type => 'openid-connect', require => 'valid-user', custom_fragment => 'OIDCUnAuthAction pass' @@ -108,14 +108,14 @@ # Force authn for these paths { provider => 'location', - path => "/login", + path => '/login', auth_type => 'openid-connect', require => 'valid-user', custom_fragment => 'OIDCUnAuthAction auth true' }, { provider => 'location', - path => "/cgi/l/login/manage", + path => '/cgi/l/login/manage', auth_type => 'openid-connect', require => 'valid-user', custom_fragment => 'OIDCUnAuthAction auth true' @@ -144,7 +144,7 @@ ], # TODO: hopefully these can all be removed - rewrites => [ + rewrites => [ { # rewrite for wsfh # @@ -197,7 +197,7 @@ { rewrite_rule => '^/user/.*/profile https://account.lib.umich.edu/settings [redirect=permanent,last]' }, ], - aliases => [ + aliases => [ { scriptalias => '/cgi/', path => "${www_lib_root}/cgi/", diff --git a/manifests/profile/www_lib/vhosts/datamart.pp b/manifests/profile/www_lib/vhosts/datamart.pp index c79825137..3f77ea203 100644 --- a/manifests/profile/www_lib/vhosts/datamart.pp +++ b/manifests/profile/www_lib/vhosts/datamart.pp @@ -34,16 +34,16 @@ } nebula::apache::www_lib_vhost { 'datamart-https': - servername => $servername, - docroot => $docroot, - logging_prefix => 'datamart.lib/', + servername => $servername, + docroot => $docroot, + logging_prefix => 'datamart.lib/', - ssl => true, - ssl_cn => $ssl_cn, - auth_openidc => true, - auth_openidc_redirect_uri => 'https://datamart.lib.umich.edu/openid-connect/callback', + ssl => true, + ssl_cn => $ssl_cn, + auth_openidc => true, + auth_openidc_redirect_uri => 'https://datamart.lib.umich.edu/openid-connect/callback', - directories => [ + directories => [ { provider => 'directory', path => $docroot, @@ -68,13 +68,13 @@ | EOT }, { - provider => 'location', - path => '/robots.txt', - auth_require => 'all granted', + provider => 'location', + path => '/robots.txt', + auth_require => 'all granted', }, ], - rewrites => [ + rewrites => [ { rewrite_cond => ['%{REQUEST_URI} !^/openid-connect', '%{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-f'], diff --git a/manifests/profile/www_lib/vhosts/deepblue.pp b/manifests/profile/www_lib/vhosts/deepblue.pp index 68c3555a4..2e3df9886 100644 --- a/manifests/profile/www_lib/vhosts/deepblue.pp +++ b/manifests/profile/www_lib/vhosts/deepblue.pp @@ -35,17 +35,17 @@ } nebula::apache::www_lib_vhost { 'deepblue-https': - servername => $servername, - docroot => $docroot, - logging_prefix => 'deepblue/', + servername => $servername, + docroot => $docroot, + logging_prefix => 'deepblue/', - ssl => true, - ssl_cn => $ssl_cn, - usertrack => true, - auth_openidc => true, - auth_openidc_redirect_uri => 'https://deepblue.lib.umich.edu/openid-connect/callback', + ssl => true, + ssl_cn => $ssl_cn, + usertrack => true, + auth_openidc => true, + auth_openidc_redirect_uri => 'https://deepblue.lib.umich.edu/openid-connect/callback', - rewrites => [ + rewrites => [ { comment => 'Deep Blue Repositories home page is on www.lib now', rewrite_cond => '%{REQUEST_URI} ^((\/?|/index.html)$|/splash/)', @@ -80,7 +80,7 @@ }, ], - directories => [ + directories => [ { provider => 'directory', path => $docroot, @@ -133,7 +133,7 @@ }, ], - request_headers => [ + request_headers => [ # Setting remote user for 2.4 'set X-Remote-User "expr=%{REMOTE_USER}"', # Fix redirects being sent to non ssl url (https -> http) @@ -142,20 +142,20 @@ 'unset X-Forwarded-For', ], - headers => [ + headers => [ 'set "Strict-Transport-Security" "max-age=3600"', 'set "X-Frame-Options" "SAMEORIGIN"', ], - ssl_proxyengine => true, - ssl_proxy_check_peer_name => 'on', - ssl_proxy_check_peer_expire => 'on', + ssl_proxyengine => true, + ssl_proxy_check_peer_name => 'on', + ssl_proxy_check_peer_expire => 'on', ## Redirect Deep Blue Data to an outage ## RewriteEngine On ## RewriteRule ^/data(.*)$ http://www.lib.umich.edu/outages/deep-blue-data-0 [redirect,noescape,last] - custom_fragment => @(EOT) + custom_fragment => @(EOT) ProxyPassReverse /data https://app-deepbluedata.deepblue.lib.umich.edu:30060/ ProxyPassReverse / http://bulleit-2.umdl.umich.edu:8080/ | EOT diff --git a/manifests/profile/www_lib/vhosts/staff_lib.pp b/manifests/profile/www_lib/vhosts/staff_lib.pp index 3c838b561..0e5db0edd 100644 --- a/manifests/profile/www_lib/vhosts/staff_lib.pp +++ b/manifests/profile/www_lib/vhosts/staff_lib.pp @@ -27,28 +27,28 @@ } nebula::apache::www_lib_vhost { 'apps.staff.lib ssl': - servername => "${prefix}apps.staff.${domain}", - ssl_cn => 'apps.staff.lib.umich.edu', - ssl => true, - usertrack => true, - auth_openidc => true, - auth_openidc_redirect_uri => 'https://apps.staff.lib.umich.edu/openid-connect/callback', - docroot => $docroot, - setenvifnocase => ['^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1'], - default_allow_override => ['AuthConfig','FileInfo','Limit','Options'], + servername => "${prefix}apps.staff.${domain}", + ssl_cn => 'apps.staff.lib.umich.edu', + ssl => true, + usertrack => true, + auth_openidc => true, + auth_openidc_redirect_uri => 'https://apps.staff.lib.umich.edu/openid-connect/callback', + docroot => $docroot, + setenvifnocase => ['^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1'], + default_allow_override => ['AuthConfig','FileInfo','Limit','Options'], - aliases => [ + aliases => [ { scriptalias => '/cgi', path => "${vhost_root}/cgi" } ], - directories => [ + directories => [ { - provider => 'directory', - path => $docroot, - options => ['IncludesNOEXEC','Indexes','FollowSymLinks','MultiViews'], - allow_override => ['AuthConfig','FileInfo','Limit','Options'], - require => $nebula::profile::www_lib::apache::default_access, - addhandlers => [{ + provider => 'directory', + path => $docroot, + options => ['IncludesNOEXEC','Indexes','FollowSymLinks','MultiViews'], + allow_override => ['AuthConfig','FileInfo','Limit','Options'], + require => $nebula::profile::www_lib::apache::default_access, + addhandlers => [{ extensions => ['.php'], # TODO: Extract version or socket path to params/hiera handler => 'proxy:unix:/run/php/php8.1-fpm.sock|fcgi://localhost' @@ -131,8 +131,8 @@ require => 'valid-user', custom_fragment => 'OIDCUnAuthAction auth true', addhandlers => [{ - extensions => ['.php'], - handler => 'application/x-httpd-php' + extensions => ['.php'], + handler => 'application/x-httpd-php' }] }, { @@ -142,8 +142,8 @@ require => 'valid-user', custom_fragment => 'OIDCUnAuthAction auth true', addhandlers => [{ - extensions => ['.php'], - handler => 'application/x-httpd-php' + extensions => ['.php'], + handler => 'application/x-httpd-php' }] }, { @@ -153,13 +153,13 @@ require => 'valid-user', custom_fragment => 'OIDCUnAuthAction auth true', addhandlers => [{ - extensions => ['.php'], - handler => 'application/x-httpd-php' + extensions => ['.php'], + handler => 'application/x-httpd-php' }] }, ], - request_headers => [ + request_headers => [ # Setting remote user for 2.4 'set X-Remote-User "expr=%{REMOTE_USER}"', # Fix redirects being sent to non ssl url (https -> http) diff --git a/manifests/profile/www_lib/vhosts/www_lib.pp b/manifests/profile/www_lib/vhosts/www_lib.pp index 83f9eb608..ede02b417 100644 --- a/manifests/profile/www_lib/vhosts/www_lib.pp +++ b/manifests/profile/www_lib/vhosts/www_lib.pp @@ -18,11 +18,11 @@ ) { nebula::apache::www_lib_vhost { 'www.lib-ssl': - servername => "${prefix}www.${domain}", - ssl => true, - usertrack => true, - docroot => $docroot, - directories => [ + servername => "${prefix}www.${domain}", + ssl => true, + usertrack => true, + docroot => $docroot, + directories => [ { provider => 'directory', path => $docroot, diff --git a/manifests/resolv_conf.pp b/manifests/resolv_conf.pp index 07025a586..68f531a5b 100644 --- a/manifests/resolv_conf.pp +++ b/manifests/resolv_conf.pp @@ -12,6 +12,6 @@ owner => 'root', group => 'root', mode => $mode, - content => template("nebula/resolv_conf/resolv.conf.erb"), + content => template('nebula/resolv_conf/resolv.conf.erb'), } } diff --git a/manifests/role/fulcrum/standalone.pp b/manifests/role/fulcrum/standalone.pp index 47583975d..33465bbf2 100644 --- a/manifests/role/fulcrum/standalone.pp +++ b/manifests/role/fulcrum/standalone.pp @@ -4,7 +4,7 @@ # Fulcrum # -# This is desiged to manage a Debian Server that hosts the Fulcrum project, with all of the dependencies and services included. +# This is desiged to manage a Debian Server that hosts the Fulcrum project, with all of the dependencies and services included. class nebula::role::fulcrum::standalone { include nebula::role::minimum diff --git a/manifests/role/umich_mailserver.pp b/manifests/role/umich_mailserver.pp index 6b731f8d9..5e90de951 100644 --- a/manifests/role/umich_mailserver.pp +++ b/manifests/role/umich_mailserver.pp @@ -2,9 +2,9 @@ # All Rights Reserved. Licensed according to the terms of the Revised # BSD License. See LICENSE.txt for details. -# A minimum configuration for a mail server host that logically belongs -# the University of Michigan. -# +# A minimum configuration for a mail server host that logically belongs +# the University of Michigan. +# # # @example # include nebula::role::umich_mailserver diff --git a/spec/classes/all_roles_1_spec.rb b/spec/classes/all_roles_1_spec.rb index 423b7db13..1d6da3838 100644 --- a/spec/classes/all_roles_1_spec.rb +++ b/spec/classes/all_roles_1_spec.rb @@ -1,4 +1,6 @@ +# frozen_string_literal: true + require 'spec_helper' require_relative './all_roles_spec' -test_roles(1,5) +test_roles(1, 5) diff --git a/spec/classes/all_roles_2_spec.rb b/spec/classes/all_roles_2_spec.rb index 6ccacbc44..774e25026 100644 --- a/spec/classes/all_roles_2_spec.rb +++ b/spec/classes/all_roles_2_spec.rb @@ -1,4 +1,6 @@ +# frozen_string_literal: true + require 'spec_helper' require_relative './all_roles_spec' -test_roles(2,5) +test_roles(2, 5) diff --git a/spec/classes/all_roles_3_spec.rb b/spec/classes/all_roles_3_spec.rb index 1cb4da69b..eb42638ad 100644 --- a/spec/classes/all_roles_3_spec.rb +++ b/spec/classes/all_roles_3_spec.rb @@ -1,4 +1,6 @@ +# frozen_string_literal: true + require 'spec_helper' require_relative './all_roles_spec' -test_roles(3,5) +test_roles(3, 5) diff --git a/spec/classes/all_roles_4_spec.rb b/spec/classes/all_roles_4_spec.rb index 0d95739c9..cf4871ead 100644 --- a/spec/classes/all_roles_4_spec.rb +++ b/spec/classes/all_roles_4_spec.rb @@ -1,4 +1,6 @@ +# frozen_string_literal: true + require 'spec_helper' require_relative './all_roles_spec' -test_roles(4,5) +test_roles(4, 5) diff --git a/spec/classes/all_roles_5_spec.rb b/spec/classes/all_roles_5_spec.rb index 198d142d3..6714a49c2 100644 --- a/spec/classes/all_roles_5_spec.rb +++ b/spec/classes/all_roles_5_spec.rb @@ -1,4 +1,6 @@ +# frozen_string_literal: true + require 'spec_helper' require_relative './all_roles_spec' -test_roles(5,5) +test_roles(5, 5) diff --git a/spec/classes/all_roles_spec.rb b/spec/classes/all_roles_spec.rb index f7332ebbd..bb6210985 100644 --- a/spec/classes/all_roles_spec.rb +++ b/spec/classes/all_roles_spec.rb @@ -43,7 +43,7 @@ def compile_along_with_all_roles(hiera_fixture) def test_roles(slice_number = 1, slice_count = 1) slice_index = slice_number - 1 # number is 1..n, index is 0..n; using "number" for input to be less confusing roles = `find manifests/role -name '*.pp'`.each_line.to_a - slice = roles.each_slice(roles.size/slice_count + 1).to_a[slice_index] + slice = roles.each_slice(roles.size / slice_count + 1).to_a[slice_index] slice.each do |file_path| role_name = puppet_role_name_from(file_path) @@ -83,7 +83,8 @@ def test_roles(slice_number = 1, slice_count = 1) it { is_expected.to compile_along_with_all_roles(hiera_fixture) } it { is_expected.to contain_class('nebula::role::minimum') } - if role_name.match?(/^nebula::role::hathitrust/) + + if role_name.match?(%r{^nebula::role::hathitrust}) it { is_expected.to contain_class('nebula::role::hathitrust') } end end diff --git a/spec/classes/profile/afs_spec.rb b/spec/classes/profile/afs_spec.rb index ad11d15ee..b6ea9adf1 100644 --- a/spec/classes/profile/afs_spec.rb +++ b/spec/classes/profile/afs_spec.rb @@ -22,7 +22,7 @@ it { is_expected.to contain_class('nebula::profile::krb5') } it do - is_expected.to contain_exec('reinstall kernel to enable afs').with( + expect(subject).to contain_exec('reinstall kernel to enable afs').with( command: '/usr/bin/apt-get -y install --reinstall linux-headers-amd64', creates: "/lib/modules/#{kernelrelease}/updates/dkms/openafs.ko", timeout: 600, @@ -42,39 +42,39 @@ let(:params) { { allow_auto_reboot_until: tomorrow } } it do - is_expected.to contain_reboot('afs') + expect(subject).to contain_reboot('afs') .that_subscribes_to('Exec[reinstall kernel to enable afs]') .with_apply('finished') end end it do - is_expected.to contain_debconf('openafs-client/thiscell') + expect(subject).to contain_debconf('openafs-client/thiscell') .with_type('string') .with_value('cell.default.invalid') end it do - is_expected.to contain_debconf('openafs-client/cachesize') + expect(subject).to contain_debconf('openafs-client/cachesize') .with_type('string') .with_value('50000') end - context 'given a cell of example.com' do + context 'with a cell of example.com' do let(:params) { { cell: 'example.com' } } it do - is_expected.to contain_debconf('openafs-client/thiscell') + expect(subject).to contain_debconf('openafs-client/thiscell') .with_type('string') .with_value('example.com') end end - context 'given a cache_size of 100' do + context 'with a cache_size of 100' do let(:params) { { cache_size: 100 } } it do - is_expected.to contain_debconf('openafs-client/cachesize') + expect(subject).to contain_debconf('openafs-client/cachesize') .with_type('string') .with_value('100') end @@ -82,14 +82,14 @@ %w[login profile].each do |suffix| it do - is_expected.to contain_file("/usr/local/skel/sys.#{suffix}") + expect(subject).to contain_file("/usr/local/skel/sys.#{suffix}") .with_source('puppet:///modules/nebula/skel.txt') .that_requires('File[/usr/local/skel]') end end it do - is_expected.to contain_file('/usr/local/skel').with( + expect(subject).to contain_file('/usr/local/skel').with( ensure: 'directory', mode: '0755', ) diff --git a/spec/classes/profile/alma_integrations_spec.rb b/spec/classes/profile/alma_integrations_spec.rb index 9cdde9a4b..e9b17e3ca 100644 --- a/spec/classes/profile/alma_integrations_spec.rb +++ b/spec/classes/profile/alma_integrations_spec.rb @@ -13,13 +13,13 @@ it { is_expected.to compile } it do - is_expected.to contain_user('alma') + expect(subject).to contain_user('alma') .with_home('/var/local/alma') .with_managehome(true) end it do - is_expected.to contain_nebula__file__ssh_keys('/var/local/alma/.ssh/authorized_keys') + expect(subject).to contain_nebula__file__ssh_keys('/var/local/alma/.ssh/authorized_keys') .with(secret: true) .with(owner: 'alma') .with(group: 'alma') @@ -30,7 +30,7 @@ let(:hiera_config) { 'spec/fixtures/hiera/alma_config.yaml' } it do - is_expected.to contain_nebula__file__ssh_keys('/var/local/alma/.ssh/authorized_keys') + expect(subject).to contain_nebula__file__ssh_keys('/var/local/alma/.ssh/authorized_keys') .with(secret: true) .with(owner: 'alma') .with(group: 'alma') diff --git a/spec/classes/profile/apt/mono_spec.rb b/spec/classes/profile/apt/mono_spec.rb index 622fd1c1d..7e86f17bc 100644 --- a/spec/classes/profile/apt/mono_spec.rb +++ b/spec/classes/profile/apt/mono_spec.rb @@ -1,4 +1,5 @@ # frozen_string_literal: true + require 'spec_helper' describe 'nebula::profile::apt::mono' do @@ -6,25 +7,18 @@ context "on #{os}" do let(:facts) { os_facts } - case os - when 'ubuntu-20.04-x86_64', 'debian-10-x86_64' - it do - is_expected.to contain_apt__source('mono-official-stable').with( - location: 'https://download.mono-project.com/repo/debian', - release: "stable-#{facts[:lsbdistcodename]}", - repos: 'main', - ) - end - else - it do - is_expected.to contain_apt__source('mono-official-stable').with( - location: 'https://download.mono-project.com/repo/debian', - release: "stable-buster", - repos: 'main', - ) - end + it do + expect(subject).to contain_apt__source('mono-official-stable').with( + location: 'https://download.mono-project.com/repo/debian', + release: case os + when 'ubuntu-20.04-x86_64', 'debian-10-x86_64' + "stable-#{facts[:lsbdistcodename]}" + else + 'stable-buster' + end, + repos: 'main', + ) end - end end end diff --git a/spec/classes/profile/apt_spec.rb b/spec/classes/profile/apt_spec.rb index 357759efd..472d01b48 100644 --- a/spec/classes/profile/apt_spec.rb +++ b/spec/classes/profile/apt_spec.rb @@ -10,14 +10,14 @@ context "on #{os}" do let(:facts) { os_facts } - if os.start_with? "debian" + if os.start_with? 'debian' it do - is_expected.to contain_class('apt').with( + expect(subject).to contain_class('apt').with( purge: { - 'sources.list' => true, + 'sources.list' => true, 'sources.list.d' => true, - 'preferences' => true, - 'preferences.d' => true, + 'preferences' => true, + 'preferences.d' => true, }, update: { 'frequency' => 'daily', @@ -26,13 +26,13 @@ end it 'sets apt to never install recommended packages' do - is_expected.to contain_file('/etc/apt/apt.conf.d/99no-recommends') + expect(subject).to contain_file('/etc/apt/apt.conf.d/99no-recommends') .with_content(%r{^APT::Install-Recommends "0";$}) .with_content(%r{^APT::Install-Suggests "0";$}) end it do - is_expected.to contain_apt__source('main').with( + expect(subject).to contain_apt__source('main').with( location: 'http://ftp.us.debian.org/debian/', repos: 'main contrib non-free', ) @@ -40,24 +40,28 @@ it { is_expected.to contain_apt__source('security').with_repos('main contrib non-free') } - case os - when 'debian-9-x86_64' - it { is_expected.to contain_apt__source('security').with_release("#{facts[:lsbdistcodename]}/updates") } - when 'debian-10-x86_64' - it { is_expected.to contain_apt__source('security').with_release("#{facts[:lsbdistcodename]}/updates") } - else - it { is_expected.to contain_apt__source('security').with_release("#{facts[:lsbdistcodename]}-security") } + it do + expect(subject).to contain_apt__source('security').with_release( + case os + when 'debian-9-x86_64' + "#{facts[:lsbdistcodename]}/updates" + when 'debian-10-x86_64' + "#{facts[:lsbdistcodename]}/updates" + else + "#{facts[:lsbdistcodename]}-security" + end, + ) end it do - is_expected.to contain_apt__source('puppet').with( + expect(subject).to contain_apt__source('puppet').with( location: 'http://apt.puppetlabs.com', repos: 'puppet5', ) end it do - is_expected.to contain_file('/etc/apt/apt.conf.d/99force-ipv4') + expect(subject).to contain_file('/etc/apt/apt.conf.d/99force-ipv4') .with_content(%r{^Acquire::ForceIPv4 "true";$}) end @@ -65,7 +69,7 @@ let(:params) { { mirror: 'http://debian.uchicago.edu/' } } it do - is_expected.to contain_apt__source('main') + expect(subject).to contain_apt__source('main') .with_location('http://debian.uchicago.edu/') end end @@ -80,14 +84,14 @@ it { is_expected.to contain_apt__source('local').with_architecture('amd64') } case os - when /^debian/ + when %r{^debian} it do - is_expected.to contain_apt__source('security') + expect(subject).to contain_apt__source('security') .with_location('http://security.debian.org/debian-security') end it do - is_expected.to contain_apt__source('updates').with( + expect(subject).to contain_apt__source('updates').with( location: 'http://ftp.us.debian.org/debian/', release: "#{facts[:lsbdistcodename]}-updates", repos: 'main contrib non-free', @@ -98,15 +102,15 @@ let(:params) do { local_repo: { 'location' => 'http://somehost.example.invalid/debs', - 'key' => { 'id' => '12345678', 'source' => 'http://somehost.example.invalid/repo-key.gpg' } } } + 'key' => { 'id' => '12345678', 'source' => 'http://somehost.example.invalid/repo-key.gpg' } } } end it do - is_expected.to contain_apt__source('local').with(location: 'http://somehost.example.invalid/debs', - architecture: 'amd64', - release: "#{facts[:lsbdistcodename]}", - key: params[:local_repo]['key'], - repos: 'main') + expect(subject).to contain_apt__source('local').with(location: 'http://somehost.example.invalid/debs', + architecture: 'amd64', + release: facts[:lsbdistcodename].to_s, + key: params[:local_repo]['key'], + repos: 'main') end end @@ -116,25 +120,25 @@ let(:facts) { os_facts.merge(installed_backports: ['abc']) } it do - is_expected.to contain_class('apt::backports') + expect(subject).to contain_class('apt::backports') .with_location('http://ftp.us.debian.org/debian/') end end - when /^ubuntu/ + when %r{^ubuntu} it do - is_expected.to contain_apt__source('main') + expect(subject).to contain_apt__source('main') .with_location('http://us.archive.ubuntu.com/ubuntu') .with_repos('main restricted universe') - .with_release("#{facts[:lsbdistcodename]}") - is_expected.to contain_apt__source('updates') + .with_release(facts[:lsbdistcodename].to_s) + expect(subject).to contain_apt__source('updates') .with_location('http://us.archive.ubuntu.com/ubuntu') .with_repos('main restricted universe') .with_release("#{facts[:lsbdistcodename]}-updates") - is_expected.to contain_apt__source('security') + expect(subject).to contain_apt__source('security') .with_location('http://us.archive.ubuntu.com/ubuntu') .with_repos('main restricted universe') .with_release("#{facts[:lsbdistcodename]}-security") - is_expected.to contain_apt__source('backports') + expect(subject).to contain_apt__source('backports') .with_location('http://us.archive.ubuntu.com/ubuntu') .with_repos('main restricted universe') .with_release("#{facts[:lsbdistcodename]}-backports") @@ -143,11 +147,11 @@ it { is_expected.not_to contain_apt__source('hp') } - context 'on an HPE machine' do + context 'when on an HPE machine' do let(:facts) { os_facts.merge('dmi' => { 'manufacturer' => 'HPE' }) } it do - is_expected.to contain_apt__source('hp').with( + expect(subject).to contain_apt__source('hp').with( location: 'http://downloads.linux.hpe.com/SDR/repo/mcp/debian', release: "#{facts[:lsbdistcodename]}/current", repos: 'non-free', @@ -161,7 +165,7 @@ end it do - is_expected.to contain_apt__source('hp').with( + expect(subject).to contain_apt__source('hp').with( location: 'http://downloads.linux.hpe.com/SDR/repo/mcp/debian', release: "#{facts[:lsbdistcodename]}/current", repos: 'non-free', diff --git a/spec/classes/profile/authorized_keys_spec.rb b/spec/classes/profile/authorized_keys_spec.rb index b9e484588..c7ecb8eca 100644 --- a/spec/classes/profile/authorized_keys_spec.rb +++ b/spec/classes/profile/authorized_keys_spec.rb @@ -16,13 +16,13 @@ %r{^ssh-dsa BBBBBBBBBBBB invalid_special_admin@special\.invalid$}, ].each do |line| it do - is_expected.to contain_file('/etc/secretkeys/default.invalid') + expect(subject).to contain_file('/etc/secretkeys/default.invalid') .with_content(line) end end it do - is_expected.to contain_file('/etc/secretkeys').with( + expect(subject).to contain_file('/etc/secretkeys').with( ensure: 'directory', mode: '0700', ) diff --git a/spec/classes/profile/aws/filesystem_spec.rb b/spec/classes/profile/aws/filesystem_spec.rb index 8663138a0..4691f1ec5 100644 --- a/spec/classes/profile/aws/filesystem_spec.rb +++ b/spec/classes/profile/aws/filesystem_spec.rb @@ -16,7 +16,7 @@ it { is_expected.to compile.with_all_deps } - context '/dev/xvdb present' do + context 'with /dev/xvdb present' do let(:facts) do os_facts.merge('disks' => { 'xvdb' => 'some stuff', @@ -24,16 +24,18 @@ end it 'formats the disk' do - is_expected.to contain_filesystem('/dev/xvdb') + expect(subject).to contain_filesystem('/dev/xvdb') .with_ensure('present') .with_fs_type('ext4') end + it 'creates the mountpoint' do - is_expected.to contain_file('/l') + expect(subject).to contain_file('/l') .with_ensure('directory') end + it 'mounts the disk' do - is_expected.to contain_mount('/l') + expect(subject).to contain_mount('/l') .with_ensure('mounted') .with_name('/l') .with_device('/dev/xvdb') @@ -41,7 +43,7 @@ end end - context '/dev/xvdb not present' do + context 'without /dev/xvdb present' do it { is_expected.not_to contain_filesystem('/dev/xvdb') } it { is_expected.not_to contain_file('/l') } it { is_expected.not_to contain_mount('/l') } diff --git a/spec/classes/profile/base_spec.rb b/spec/classes/profile/base_spec.rb index 052740cc4..3c26d22d5 100644 --- a/spec/classes/profile/base_spec.rb +++ b/spec/classes/profile/base_spec.rb @@ -19,7 +19,7 @@ def contain_base_class(name) it { is_expected.to contain_service('puppet').with_enable(true) } case os - when /^debian/, /^ubuntu/ + when %r{^debian}, %r{^ubuntu} it { is_expected.to contain_package('dselect') } it { is_expected.to contain_package('ifenslave') } it { is_expected.to contain_package('vlan') } @@ -27,13 +27,13 @@ def contain_base_class(name) it { is_expected.to contain_package('dkms') } it do - is_expected.to contain_file('/etc/localtime') + expect(subject).to contain_file('/etc/localtime') .with_ensure('link') .with_target('/usr/share/zoneinfo/US/Eastern') end it do - is_expected.to contain_file('/etc/timezone') + expect(subject).to contain_file('/etc/timezone') .with_content("US/Eastern\n") end @@ -41,30 +41,30 @@ def contain_base_class(name) let(:params) { { timezone: 'America/Detroit' } } it do - is_expected.to contain_file('/etc/localtime') + expect(subject).to contain_file('/etc/localtime') .with_ensure('link') .with_target('/usr/share/zoneinfo/America/Detroit') end it do - is_expected.to contain_file('/etc/timezone') + expect(subject).to contain_file('/etc/timezone') .with_content("America/Detroit\n") end end it do - is_expected.to contain_file('/etc/hostname') + expect(subject).to contain_file('/etc/hostname') .with_content("#{fqdn}\n") .that_notifies("Exec[/bin/hostname #{fqdn}]") end it do - is_expected.to contain_exec("/bin/hostname #{fqdn}") + expect(subject).to contain_exec("/bin/hostname #{fqdn}") .with_refreshonly(true) end it do - is_expected.to contain_file('/etc/motd') + expect(subject).to contain_file('/etc/motd') .with_content(%r{contact us at contact@default\.invalid\.$}) .with_content(%r{administered by Default Incorrect Dept\.$}) end @@ -73,7 +73,7 @@ def contain_base_class(name) let(:params) { { contact_email: 'the_dean@umich.edu' } } it do - is_expected.to contain_file('/etc/motd') + expect(subject).to contain_file('/etc/motd') .with_content(%r{contact us at the_dean@umich\.edu\.$}) end end @@ -82,61 +82,61 @@ def contain_base_class(name) let(:params) { { sysadmin_dept: 'The Cool Team' } } it do - is_expected.to contain_file('/etc/motd') + expect(subject).to contain_file('/etc/motd') .with_content(%r{administered by The Cool Team\.$}) end end end case os - when /^ubuntu/ - it "disables ubuntu motd spam" do - is_expected.to contain_file('/var/lib/update-notifier/hide-esm-in-motd') + when %r{^ubuntu} + it 'disables ubuntu motd spam' do + expect(subject).to contain_file('/var/lib/update-notifier/hide-esm-in-motd') end else - it "does not manage ubuntu specific motd files" do - is_expected.not_to contain_file('/var/lib/update-notifier/hide-esm-in-motd') + it 'does not manage ubuntu specific motd files' do + expect(subject).not_to contain_file('/var/lib/update-notifier/hide-esm-in-motd') end end it do - is_expected.to contain_service('mcollective').with( + expect(subject).to contain_service('mcollective').with( ensure: 'stopped', enable: false, ) end - context 'on an HP machine' do + context 'when on an HP machine' do let(:facts) do super().merge('dmi' => { 'manufacturer' => 'HP' }) end it do - is_expected.to contain_kmod__blacklist('hpwdt').with( + expect(subject).to contain_kmod__blacklist('hpwdt').with( file: '/etc/modprobe.d/hpwdt-blacklist.conf', ) end it do - is_expected.to contain_kmod__blacklist('acpi_power_meter').with( + expect(subject).to contain_kmod__blacklist('acpi_power_meter').with( file: '/etc/modprobe.d/acpi_power_meter-blacklist.conf', ) end end - context 'on an HPE machine' do + context 'when on an HPE machine' do let(:facts) do super().merge('dmi' => { 'manufacturer' => 'HPE' }) end it do - is_expected.to contain_kmod__blacklist('hpwdt').with( + expect(subject).to contain_kmod__blacklist('hpwdt').with( file: '/etc/modprobe.d/hpwdt-blacklist.conf', ) end it do - is_expected.to contain_kmod__blacklist('acpi_power_meter').with( + expect(subject).to contain_kmod__blacklist('acpi_power_meter').with( file: '/etc/modprobe.d/acpi_power_meter-blacklist.conf', ) end @@ -144,7 +144,7 @@ def contain_base_class(name) it { is_expected.to contain_package('ssacli') } end - context 'on an Dell machine' do + context 'when on an Dell machine' do let(:facts) do super().merge('dmi' => { 'manufacturer' => 'Dell Inc.' }) end @@ -154,6 +154,7 @@ def contain_base_class(name) end it { is_expected.not_to contain_package('i40e-dkms') } + context 'with an Intel X710 network card' do let(:facts) do super().merge('network_cards' => ['Intel Corporation Ethernet Controller X710 for 10GbE SFP+ (rev 01)']) diff --git a/spec/classes/profile/certbot_cloudflare_spec.rb b/spec/classes/profile/certbot_cloudflare_spec.rb index df56e8a8b..65542ec52 100644 --- a/spec/classes/profile/certbot_cloudflare_spec.rb +++ b/spec/classes/profile/certbot_cloudflare_spec.rb @@ -12,218 +12,218 @@ it { is_expected.to compile } - it { is_expected.to contain_package("certbot") } - it { is_expected.to contain_package("python3-certbot-dns-cloudflare") } + it { is_expected.to contain_package('certbot') } + it { is_expected.to contain_package('python3-certbot-dns-cloudflare') } - it { is_expected.to contain_file("/root/.secrets/certbot").with_ensure("directory") } + it { is_expected.to contain_file('/root/.secrets/certbot').with_ensure('directory') } it do - is_expected.to contain_file("/root/.secrets/certbot/cloudflare.ini") - .with_mode("0600") - .that_requires("File[/root/.secrets/certbot]") + expect(subject).to contain_file('/root/.secrets/certbot/cloudflare.ini') + .with_mode('0600') + .that_requires('File[/root/.secrets/certbot]') .with_content( - <<~EOF + <<~CREDENTIALS, dns_cloudflare_api_token = default.invalid - EOF + CREDENTIALS ) end - context "with a single cert" do + context 'with a single cert' do let(:params) do { - certs: { "onlyservice" => { "example.invalid" => [] } }, - cert_dir: "/certs", - haproxy_cert_dir: "/haproxy", - letsencrypt_email: "our_real_email@email.gov", - cloudflare_api_token: "MYTOKEN" + certs: { 'onlyservice' => { 'example.invalid' => [] } }, + cert_dir: '/certs', + haproxy_cert_dir: '/haproxy', + letsencrypt_email: 'our_real_email@email.gov', + cloudflare_api_token: 'MYTOKEN', } end it { is_expected.to compile } it do - is_expected.to contain_file("/root/.secrets/certbot/cloudflare.ini") + expect(subject).to contain_file('/root/.secrets/certbot/cloudflare.ini') .with_content( - <<~EOF + <<~CREDENTIALS, dns_cloudflare_api_token = MYTOKEN - EOF + CREDENTIALS ) end it do - is_expected.to contain_file("/tmp/all_cert_commands_cloudflare") + expect(subject).to contain_file('/tmp/all_cert_commands_cloudflare') .with_content( - <<~EOF + <<~CREDENTIALS, certbot certonly --dns-cloudflare --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini -m "our_real_email@email.gov" -d "example.invalid,*.example.invalid" - EOF + CREDENTIALS ) end - it { is_expected.to contain_concat("/certs/example.invalid.crt").with_group("puppet") } - it { is_expected.to contain_concat("/certs/example.invalid.key").with_group("puppet") } - it { is_expected.to contain_concat("/haproxy/onlyservice/example.invalid.pem").with_group("puppet") } + it { is_expected.to contain_concat('/certs/example.invalid.crt').with_group('puppet') } + it { is_expected.to contain_concat('/certs/example.invalid.key').with_group('puppet') } + it { is_expected.to contain_concat('/haproxy/onlyservice/example.invalid.pem').with_group('puppet') } it do - is_expected.to contain_concat_fragment("example.invalid.crt cert") - .with_target("/certs/example.invalid.crt") - .with_source("/etc/letsencrypt/live/example.invalid/fullchain.pem") + expect(subject).to contain_concat_fragment('example.invalid.crt cert') + .with_target('/certs/example.invalid.crt') + .with_source('/etc/letsencrypt/live/example.invalid/fullchain.pem') end it do - is_expected.to contain_concat_fragment("example.invalid.key key") - .with_target("/certs/example.invalid.key") - .with_source("/etc/letsencrypt/live/example.invalid/privkey.pem") + expect(subject).to contain_concat_fragment('example.invalid.key key') + .with_target('/certs/example.invalid.key') + .with_source('/etc/letsencrypt/live/example.invalid/privkey.pem') end it do - is_expected.to contain_concat_fragment("example.invalid.pem cert") - .with_order("01") - .with_target("/haproxy/onlyservice/example.invalid.pem") - .with_source("/etc/letsencrypt/live/example.invalid/fullchain.pem") + expect(subject).to contain_concat_fragment('example.invalid.pem cert') + .with_order('01') + .with_target('/haproxy/onlyservice/example.invalid.pem') + .with_source('/etc/letsencrypt/live/example.invalid/fullchain.pem') end it do - is_expected.to contain_concat_fragment("example.invalid.pem key") - .with_order("02") - .with_target("/haproxy/onlyservice/example.invalid.pem") - .with_source("/etc/letsencrypt/live/example.invalid/privkey.pem") + expect(subject).to contain_concat_fragment('example.invalid.pem key') + .with_order('02') + .with_target('/haproxy/onlyservice/example.invalid.pem') + .with_source('/etc/letsencrypt/live/example.invalid/privkey.pem') end end - context "with a multiple certs and services" do + context 'with a multiple certs and services' do let(:params) do { certs: { - "a" => { "abc.invalid" => %w[abc.example], "abc.com" => [] }, - "z" => { "zyx.invalid" => [] } - } + 'a' => { 'abc.invalid' => %w[abc.example], 'abc.com' => [] }, + 'z' => { 'zyx.invalid' => [] }, + }, } end it do - is_expected.to contain_file("/tmp/all_cert_commands_cloudflare") + expect(subject).to contain_file('/tmp/all_cert_commands_cloudflare') .with_content( - <<~EOF + <<~CREDENTIALS, certbot certonly --dns-cloudflare --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini -m "nope@nope.zone" -d "abc.invalid,*.abc.invalid,abc.example,*.abc.example" certbot certonly --dns-cloudflare --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini -m "nope@nope.zone" -d "abc.com,*.abc.com" certbot certonly --dns-cloudflare --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini -m "nope@nope.zone" -d "zyx.invalid,*.zyx.invalid" - EOF + CREDENTIALS ) end it { is_expected.to compile } - it { is_expected.to contain_concat("/var/local/cert_dir/abc.invalid.crt") } - it { is_expected.to contain_concat("/var/local/cert_dir/abc.invalid.key") } - it { is_expected.to contain_concat("/var/local/haproxy_cert_dir/a/abc.invalid.pem") } - it { is_expected.to contain_concat_fragment("abc.invalid.crt cert") } - it { is_expected.to contain_concat_fragment("abc.invalid.key key") } - it { is_expected.to contain_concat_fragment("abc.invalid.pem cert") } - it { is_expected.to contain_concat_fragment("abc.invalid.pem key") } - - it { is_expected.to contain_concat("/var/local/cert_dir/abc.com.crt") } - it { is_expected.to contain_concat("/var/local/cert_dir/abc.com.key") } - it { is_expected.to contain_concat("/var/local/haproxy_cert_dir/a/abc.com.pem") } - it { is_expected.to contain_concat_fragment("abc.com.crt cert") } - it { is_expected.to contain_concat_fragment("abc.com.key key") } - it { is_expected.to contain_concat_fragment("abc.com.pem cert") } - it { is_expected.to contain_concat_fragment("abc.com.pem key") } - - it { is_expected.to contain_concat("/var/local/cert_dir/zyx.invalid.crt") } - it { is_expected.to contain_concat("/var/local/cert_dir/zyx.invalid.key") } - it { is_expected.to contain_concat("/var/local/haproxy_cert_dir/z/zyx.invalid.pem") } - it { is_expected.to contain_concat_fragment("zyx.invalid.crt cert") } - it { is_expected.to contain_concat_fragment("zyx.invalid.key key") } - it { is_expected.to contain_concat_fragment("zyx.invalid.pem cert") } - it { is_expected.to contain_concat_fragment("zyx.invalid.pem key") } - - it { is_expected.not_to contain_concat("/var/local/cert_dir/abc.example.crt") } - it { is_expected.not_to contain_concat("/var/local/cert_dir/abc.example.key") } - it { is_expected.not_to contain_concat("/var/local/haproxy_cert_dir/a/abc.example.pem") } - it { is_expected.not_to contain_concat_fragment("abc.example.crt cert") } - it { is_expected.not_to contain_concat_fragment("abc.example.key key") } - it { is_expected.not_to contain_concat_fragment("abc.example.pem cert") } - it { is_expected.not_to contain_concat_fragment("abc.example.pem key") } + it { is_expected.to contain_concat('/var/local/cert_dir/abc.invalid.crt') } + it { is_expected.to contain_concat('/var/local/cert_dir/abc.invalid.key') } + it { is_expected.to contain_concat('/var/local/haproxy_cert_dir/a/abc.invalid.pem') } + it { is_expected.to contain_concat_fragment('abc.invalid.crt cert') } + it { is_expected.to contain_concat_fragment('abc.invalid.key key') } + it { is_expected.to contain_concat_fragment('abc.invalid.pem cert') } + it { is_expected.to contain_concat_fragment('abc.invalid.pem key') } + + it { is_expected.to contain_concat('/var/local/cert_dir/abc.com.crt') } + it { is_expected.to contain_concat('/var/local/cert_dir/abc.com.key') } + it { is_expected.to contain_concat('/var/local/haproxy_cert_dir/a/abc.com.pem') } + it { is_expected.to contain_concat_fragment('abc.com.crt cert') } + it { is_expected.to contain_concat_fragment('abc.com.key key') } + it { is_expected.to contain_concat_fragment('abc.com.pem cert') } + it { is_expected.to contain_concat_fragment('abc.com.pem key') } + + it { is_expected.to contain_concat('/var/local/cert_dir/zyx.invalid.crt') } + it { is_expected.to contain_concat('/var/local/cert_dir/zyx.invalid.key') } + it { is_expected.to contain_concat('/var/local/haproxy_cert_dir/z/zyx.invalid.pem') } + it { is_expected.to contain_concat_fragment('zyx.invalid.crt cert') } + it { is_expected.to contain_concat_fragment('zyx.invalid.key key') } + it { is_expected.to contain_concat_fragment('zyx.invalid.pem cert') } + it { is_expected.to contain_concat_fragment('zyx.invalid.pem key') } + + it { is_expected.not_to contain_concat('/var/local/cert_dir/abc.example.crt') } + it { is_expected.not_to contain_concat('/var/local/cert_dir/abc.example.key') } + it { is_expected.not_to contain_concat('/var/local/haproxy_cert_dir/a/abc.example.pem') } + it { is_expected.not_to contain_concat_fragment('abc.example.crt cert') } + it { is_expected.not_to contain_concat_fragment('abc.example.key key') } + it { is_expected.not_to contain_concat_fragment('abc.example.pem cert') } + it { is_expected.not_to contain_concat_fragment('abc.example.pem key') } end - context "with one simple cert, no SANs" do + context 'with one simple cert, no SANs' do let(:params) do { simple_certs: { - "abc.example": [] - } + "abc.example": [], + }, } end it { is_expected.to compile } it do - is_expected.to contain_file("/tmp/all_cert_commands_cloudflare") + expect(subject).to contain_file('/tmp/all_cert_commands_cloudflare') .with_content(%r{certbot certonly --dns-cloudflare --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini -m "nope@nope.zone" -d "abc.example"}) end it do - is_expected.to contain_concat_fragment("/var/local/cert_dir/abc.example.crt cert") - .with_target("/var/local/cert_dir/abc.example.crt") - .with_source("/etc/letsencrypt/live/abc.example/fullchain.pem") + expect(subject).to contain_concat_fragment('/var/local/cert_dir/abc.example.crt cert') + .with_target('/var/local/cert_dir/abc.example.crt') + .with_source('/etc/letsencrypt/live/abc.example/fullchain.pem') end it do - is_expected.to contain_concat_fragment("/var/local/cert_dir/abc.example.key key") - .with_target("/var/local/cert_dir/abc.example.key") - .with_source("/etc/letsencrypt/live/abc.example/privkey.pem") + expect(subject).to contain_concat_fragment('/var/local/cert_dir/abc.example.key key') + .with_target('/var/local/cert_dir/abc.example.key') + .with_source('/etc/letsencrypt/live/abc.example/privkey.pem') end end - context "with one simple cert, two SANs" do + context 'with one simple cert, two SANs' do let(:params) do { simple_certs: { - "abc.example": ['san.local','xyz.local'] - } + "abc.example": ['san.local', 'xyz.local'], + }, } end it do - is_expected.to contain_file("/tmp/all_cert_commands_cloudflare") + expect(subject).to contain_file('/tmp/all_cert_commands_cloudflare') .with_content( - <<~EOF - certbot certonly --dns-cloudflare --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini -m "nope@nope.zone" -d "abc.example,san.local,xyz.local" - EOF + <<~CREDENTIALS, + certbot certonly --dns-cloudflare --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini -m "nope@nope.zone" -d "abc.example,san.local,xyz.local" + CREDENTIALS ) end end - context "with two simple certs" do + context 'with two simple certs' do let(:params) do { simple_certs: { "abc.example": [], - "xyz.example": ['alt.example', '*.alt.example'] - } + "xyz.example": ['alt.example', '*.alt.example'], + }, } end it do - is_expected.to contain_file("/tmp/all_cert_commands_cloudflare") + expect(subject).to contain_file('/tmp/all_cert_commands_cloudflare') .with_content(%r{certbot certonly --dns-cloudflare --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini -m "nope@nope.zone" -d "abc.example"}) end it do - is_expected.to contain_file("/tmp/all_cert_commands_cloudflare") + expect(subject).to contain_file('/tmp/all_cert_commands_cloudflare') .with_content(%r{certbot certonly --dns-cloudflare --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini -m "nope@nope.zone" -d "xyz.example,alt.example,\*.alt.example"}) end it do - is_expected.to contain_concat_fragment("/var/local/cert_dir/abc.example.crt cert") - .with_target("/var/local/cert_dir/abc.example.crt") - .with_source("/etc/letsencrypt/live/abc.example/fullchain.pem") + expect(subject).to contain_concat_fragment('/var/local/cert_dir/abc.example.crt cert') + .with_target('/var/local/cert_dir/abc.example.crt') + .with_source('/etc/letsencrypt/live/abc.example/fullchain.pem') end it do - is_expected.to contain_concat_fragment("/var/local/cert_dir/xyz.example.crt cert") - .with_target("/var/local/cert_dir/xyz.example.crt") - .with_source("/etc/letsencrypt/live/xyz.example/fullchain.pem") + expect(subject).to contain_concat_fragment('/var/local/cert_dir/xyz.example.crt cert') + .with_target('/var/local/cert_dir/xyz.example.crt') + .with_source('/etc/letsencrypt/live/xyz.example/fullchain.pem') end end end diff --git a/spec/classes/profile/certbot_route53_spec.rb b/spec/classes/profile/certbot_route53_spec.rb index d4522807f..b2d08e54a 100644 --- a/spec/classes/profile/certbot_route53_spec.rb +++ b/spec/classes/profile/certbot_route53_spec.rb @@ -12,230 +12,230 @@ it { is_expected.to compile } - it { is_expected.to contain_package("certbot") } - it { is_expected.to contain_package("awscli") } - it { is_expected.to contain_package("python3-certbot-dns-route53") } + it { is_expected.to contain_package('certbot') } + it { is_expected.to contain_package('awscli') } + it { is_expected.to contain_package('python3-certbot-dns-route53') } - it { is_expected.to contain_file("/root/.aws").with_ensure("directory") } + it { is_expected.to contain_file('/root/.aws').with_ensure('directory') } it do - is_expected.to contain_file("/root/.aws/config") - .with_mode("0600") - .that_requires("File[/root/.aws]") + expect(subject).to contain_file('/root/.aws/config') + .with_mode('0600') + .that_requires('File[/root/.aws]') end it do - is_expected.to contain_file("/root/.aws/credentials") - .with_mode("0600") - .that_requires("File[/root/.aws]") + expect(subject).to contain_file('/root/.aws/credentials') + .with_mode('0600') + .that_requires('File[/root/.aws]') .with_content( - <<~EOF + <<~CREDENTIALS, [default] aws_access_key_id = default.invalid aws_secret_access_key = default.invalid - EOF + CREDENTIALS ) end - context "with a single cert" do + context 'with a single cert' do let(:params) do { - certs: { "onlyservice" => { "example.invalid" => [] } }, - cert_dir: "/certs", - haproxy_cert_dir: "/haproxy", - letsencrypt_email: "our_real_email@email.gov", - aws_access_key_id: "ACCESSKEY", - aws_secret_access_key: "SECRETKEY" + certs: { 'onlyservice' => { 'example.invalid' => [] } }, + cert_dir: '/certs', + haproxy_cert_dir: '/haproxy', + letsencrypt_email: 'our_real_email@email.gov', + aws_access_key_id: 'ACCESSKEY', + aws_secret_access_key: 'SECRETKEY', } end it { is_expected.to compile } it do - is_expected.to contain_file("/root/.aws/credentials") + expect(subject).to contain_file('/root/.aws/credentials') .with_content( - <<~EOF + <<~CREDENTIALS, [default] aws_access_key_id = ACCESSKEY aws_secret_access_key = SECRETKEY - EOF + CREDENTIALS ) end it do - is_expected.to contain_file("/tmp/all_cert_commands") + expect(subject).to contain_file('/tmp/all_cert_commands') .with_content( - <<~EOF + <<~CREDENTIALS, certbot certonly --dns-route53 -m "our_real_email@email.gov" -d "example.invalid,*.example.invalid" - EOF + CREDENTIALS ) end - it { is_expected.to contain_concat("/certs/example.invalid.crt").with_group("puppet") } - it { is_expected.to contain_concat("/certs/example.invalid.key").with_group("puppet") } - it { is_expected.to contain_concat("/haproxy/onlyservice/example.invalid.pem").with_group("puppet") } + it { is_expected.to contain_concat('/certs/example.invalid.crt').with_group('puppet') } + it { is_expected.to contain_concat('/certs/example.invalid.key').with_group('puppet') } + it { is_expected.to contain_concat('/haproxy/onlyservice/example.invalid.pem').with_group('puppet') } it do - is_expected.to contain_concat_fragment("example.invalid.crt cert") - .with_target("/certs/example.invalid.crt") - .with_source("/etc/letsencrypt/live/example.invalid/fullchain.pem") + expect(subject).to contain_concat_fragment('example.invalid.crt cert') + .with_target('/certs/example.invalid.crt') + .with_source('/etc/letsencrypt/live/example.invalid/fullchain.pem') end it do - is_expected.to contain_concat_fragment("example.invalid.key key") - .with_target("/certs/example.invalid.key") - .with_source("/etc/letsencrypt/live/example.invalid/privkey.pem") + expect(subject).to contain_concat_fragment('example.invalid.key key') + .with_target('/certs/example.invalid.key') + .with_source('/etc/letsencrypt/live/example.invalid/privkey.pem') end it do - is_expected.to contain_concat_fragment("example.invalid.pem cert") - .with_order("01") - .with_target("/haproxy/onlyservice/example.invalid.pem") - .with_source("/etc/letsencrypt/live/example.invalid/fullchain.pem") + expect(subject).to contain_concat_fragment('example.invalid.pem cert') + .with_order('01') + .with_target('/haproxy/onlyservice/example.invalid.pem') + .with_source('/etc/letsencrypt/live/example.invalid/fullchain.pem') end it do - is_expected.to contain_concat_fragment("example.invalid.pem key") - .with_order("02") - .with_target("/haproxy/onlyservice/example.invalid.pem") - .with_source("/etc/letsencrypt/live/example.invalid/privkey.pem") + expect(subject).to contain_concat_fragment('example.invalid.pem key') + .with_order('02') + .with_target('/haproxy/onlyservice/example.invalid.pem') + .with_source('/etc/letsencrypt/live/example.invalid/privkey.pem') end end - context "with a multiple certs and services" do + context 'with a multiple certs and services' do let(:params) do { certs: { - "a" => { "abc.invalid" => %w[abc.example], "abc.com" => [] }, - "z" => { "zyx.invalid" => [] } - } + 'a' => { 'abc.invalid' => %w[abc.example], 'abc.com' => [] }, + 'z' => { 'zyx.invalid' => [] }, + }, } end it do - is_expected.to contain_file("/tmp/all_cert_commands") + expect(subject).to contain_file('/tmp/all_cert_commands') .with_content( - <<~EOF + <<~CREDENTIALS, certbot certonly --dns-route53 -m "nope@nope.zone" -d "abc.invalid,*.abc.invalid,abc.example,*.abc.example" certbot certonly --dns-route53 -m "nope@nope.zone" -d "abc.com,*.abc.com" certbot certonly --dns-route53 -m "nope@nope.zone" -d "zyx.invalid,*.zyx.invalid" - EOF + CREDENTIALS ) end it { is_expected.to compile } - it { is_expected.to contain_concat("/var/local/cert_dir/abc.invalid.crt") } - it { is_expected.to contain_concat("/var/local/cert_dir/abc.invalid.key") } - it { is_expected.to contain_concat("/var/local/haproxy_cert_dir/a/abc.invalid.pem") } - it { is_expected.to contain_concat_fragment("abc.invalid.crt cert") } - it { is_expected.to contain_concat_fragment("abc.invalid.key key") } - it { is_expected.to contain_concat_fragment("abc.invalid.pem cert") } - it { is_expected.to contain_concat_fragment("abc.invalid.pem key") } - - it { is_expected.to contain_concat("/var/local/cert_dir/abc.com.crt") } - it { is_expected.to contain_concat("/var/local/cert_dir/abc.com.key") } - it { is_expected.to contain_concat("/var/local/haproxy_cert_dir/a/abc.com.pem") } - it { is_expected.to contain_concat_fragment("abc.com.crt cert") } - it { is_expected.to contain_concat_fragment("abc.com.key key") } - it { is_expected.to contain_concat_fragment("abc.com.pem cert") } - it { is_expected.to contain_concat_fragment("abc.com.pem key") } - - it { is_expected.to contain_concat("/var/local/cert_dir/zyx.invalid.crt") } - it { is_expected.to contain_concat("/var/local/cert_dir/zyx.invalid.key") } - it { is_expected.to contain_concat("/var/local/haproxy_cert_dir/z/zyx.invalid.pem") } - it { is_expected.to contain_concat_fragment("zyx.invalid.crt cert") } - it { is_expected.to contain_concat_fragment("zyx.invalid.key key") } - it { is_expected.to contain_concat_fragment("zyx.invalid.pem cert") } - it { is_expected.to contain_concat_fragment("zyx.invalid.pem key") } - - it { is_expected.not_to contain_concat("/var/local/cert_dir/abc.example.crt") } - it { is_expected.not_to contain_concat("/var/local/cert_dir/abc.example.key") } - it { is_expected.not_to contain_concat("/var/local/haproxy_cert_dir/a/abc.example.pem") } - it { is_expected.not_to contain_concat_fragment("abc.example.crt cert") } - it { is_expected.not_to contain_concat_fragment("abc.example.key key") } - it { is_expected.not_to contain_concat_fragment("abc.example.pem cert") } - it { is_expected.not_to contain_concat_fragment("abc.example.pem key") } + it { is_expected.to contain_concat('/var/local/cert_dir/abc.invalid.crt') } + it { is_expected.to contain_concat('/var/local/cert_dir/abc.invalid.key') } + it { is_expected.to contain_concat('/var/local/haproxy_cert_dir/a/abc.invalid.pem') } + it { is_expected.to contain_concat_fragment('abc.invalid.crt cert') } + it { is_expected.to contain_concat_fragment('abc.invalid.key key') } + it { is_expected.to contain_concat_fragment('abc.invalid.pem cert') } + it { is_expected.to contain_concat_fragment('abc.invalid.pem key') } + + it { is_expected.to contain_concat('/var/local/cert_dir/abc.com.crt') } + it { is_expected.to contain_concat('/var/local/cert_dir/abc.com.key') } + it { is_expected.to contain_concat('/var/local/haproxy_cert_dir/a/abc.com.pem') } + it { is_expected.to contain_concat_fragment('abc.com.crt cert') } + it { is_expected.to contain_concat_fragment('abc.com.key key') } + it { is_expected.to contain_concat_fragment('abc.com.pem cert') } + it { is_expected.to contain_concat_fragment('abc.com.pem key') } + + it { is_expected.to contain_concat('/var/local/cert_dir/zyx.invalid.crt') } + it { is_expected.to contain_concat('/var/local/cert_dir/zyx.invalid.key') } + it { is_expected.to contain_concat('/var/local/haproxy_cert_dir/z/zyx.invalid.pem') } + it { is_expected.to contain_concat_fragment('zyx.invalid.crt cert') } + it { is_expected.to contain_concat_fragment('zyx.invalid.key key') } + it { is_expected.to contain_concat_fragment('zyx.invalid.pem cert') } + it { is_expected.to contain_concat_fragment('zyx.invalid.pem key') } + + it { is_expected.not_to contain_concat('/var/local/cert_dir/abc.example.crt') } + it { is_expected.not_to contain_concat('/var/local/cert_dir/abc.example.key') } + it { is_expected.not_to contain_concat('/var/local/haproxy_cert_dir/a/abc.example.pem') } + it { is_expected.not_to contain_concat_fragment('abc.example.crt cert') } + it { is_expected.not_to contain_concat_fragment('abc.example.key key') } + it { is_expected.not_to contain_concat_fragment('abc.example.pem cert') } + it { is_expected.not_to contain_concat_fragment('abc.example.pem key') } end - context "with one simple cert, no SANs" do + context 'with one simple cert, no SANs' do let(:params) do { simple_certs: { - "abc.example": [] - } + "abc.example": [], + }, } end it { is_expected.to compile } it do - is_expected.to contain_file("/tmp/all_cert_commands") + expect(subject).to contain_file('/tmp/all_cert_commands') .with_content(%r{certbot certonly --dns-route53 -m "nope@nope.zone" -d "abc.example"}) end it do - is_expected.to contain_concat_fragment("abc.example.crt cert") - .with_target("/var/local/cert_dir/abc.example.crt") - .with_source("/etc/letsencrypt/live/abc.example/fullchain.pem") + expect(subject).to contain_concat_fragment('abc.example.crt cert') + .with_target('/var/local/cert_dir/abc.example.crt') + .with_source('/etc/letsencrypt/live/abc.example/fullchain.pem') end it do - is_expected.to contain_concat_fragment("abc.example.key key") - .with_target("/var/local/cert_dir/abc.example.key") - .with_source("/etc/letsencrypt/live/abc.example/privkey.pem") + expect(subject).to contain_concat_fragment('abc.example.key key') + .with_target('/var/local/cert_dir/abc.example.key') + .with_source('/etc/letsencrypt/live/abc.example/privkey.pem') end end - context "with one simple cert, two SANs" do + context 'with one simple cert, two SANs' do let(:params) do { simple_certs: { - "abc.example": ['san.local','xyz.local'] - } + "abc.example": ['san.local', 'xyz.local'], + }, } end it do - is_expected.to contain_file("/tmp/all_cert_commands") + expect(subject).to contain_file('/tmp/all_cert_commands') .with_content( - <<~EOF - certbot certonly --dns-route53 -m "nope@nope.zone" -d "abc.example,san.local,xyz.local" - EOF + <<~CREDENTIALS, + certbot certonly --dns-route53 -m "nope@nope.zone" -d "abc.example,san.local,xyz.local" + CREDENTIALS ) end end - context "with two simple certs" do + context 'with two simple certs' do let(:params) do { simple_certs: { "abc.example": [], - "xyz.example": ['alt.example', '*.alt.example'] - } + "xyz.example": ['alt.example', '*.alt.example'], + }, } end it do - is_expected.to contain_file("/tmp/all_cert_commands") + expect(subject).to contain_file('/tmp/all_cert_commands') .with_content(%r{certbot certonly --dns-route53 -m "nope@nope.zone" -d "abc.example"}) end it do - is_expected.to contain_file("/tmp/all_cert_commands") + expect(subject).to contain_file('/tmp/all_cert_commands') .with_content(%r{certbot certonly --dns-route53 -m "nope@nope.zone" -d "xyz.example,alt.example,\*.alt.example"}) end it do - is_expected.to contain_concat_fragment("abc.example.crt cert") - .with_target("/var/local/cert_dir/abc.example.crt") - .with_source("/etc/letsencrypt/live/abc.example/fullchain.pem") + expect(subject).to contain_concat_fragment('abc.example.crt cert') + .with_target('/var/local/cert_dir/abc.example.crt') + .with_source('/etc/letsencrypt/live/abc.example/fullchain.pem') end it do - is_expected.to contain_concat_fragment("xyz.example.crt cert") - .with_target("/var/local/cert_dir/xyz.example.crt") - .with_source("/etc/letsencrypt/live/xyz.example/fullchain.pem") + expect(subject).to contain_concat_fragment('xyz.example.crt cert') + .with_target('/var/local/cert_dir/xyz.example.crt') + .with_source('/etc/letsencrypt/live/xyz.example/fullchain.pem') end end end diff --git a/spec/classes/profile/containerd_spec.rb b/spec/classes/profile/containerd_spec.rb index 4a058fdf0..e2157a52b 100644 --- a/spec/classes/profile/containerd_spec.rb +++ b/spec/classes/profile/containerd_spec.rb @@ -14,10 +14,10 @@ it { is_expected.to contain_apt__source('docker') } it { is_expected.to contain_package('containerd.io').that_requires('Apt::Source[docker]') } it { is_expected.to contain_service('containerd').that_requires('Package[containerd.io]') } - it { is_expected.to contain_file('/etc/containerd/config.toml').with_content(/^disabled_plugins = \[\]$/) } - it { is_expected.to contain_file('/etc/containerd/config.toml').with_content(/^\s*SystemdCgroup = true$/) } - it { is_expected.to contain_file('/etc/containerd').with_ensure("directory") } - it { is_expected.to contain_file('/etc/containerd').that_comes_before("File[/etc/containerd/config.toml]") } + it { is_expected.to contain_file('/etc/containerd/config.toml').with_content(%r{^disabled_plugins = \[\]$}) } + it { is_expected.to contain_file('/etc/containerd/config.toml').with_content(%r{^\s*SystemdCgroup = true$}) } + it { is_expected.to contain_file('/etc/containerd').with_ensure('directory') } + it { is_expected.to contain_file('/etc/containerd').that_comes_before('File[/etc/containerd/config.toml]') } end end end diff --git a/spec/classes/profile/cron_runner_spec.rb b/spec/classes/profile/cron_runner_spec.rb index 7d8223dd6..6e0af8f13 100644 --- a/spec/classes/profile/cron_runner_spec.rb +++ b/spec/classes/profile/cron_runner_spec.rb @@ -15,7 +15,7 @@ it { is_expected.not_to contain_cron('delete old backups') } context 'when given a "delete old backups" cronjob' do - let(:params) { + let(:params) do { crons: { 'delete old backups' => { @@ -23,11 +23,11 @@ 'user' => 'foo', 'minute' => 50, 'hour' => 5, - 'environment' => ['MAILTO=default@invalid.example'] - } - } + 'environment' => ['MAILTO=default@invalid.example'], + }, + }, } - } + end it { is_expected.to compile } it { is_expected.to contain_cron('delete old backups') } diff --git a/spec/classes/profile/dns/aws_spec.rb b/spec/classes/profile/dns/aws_spec.rb index 7397ba629..255aa06df 100644 --- a/spec/classes/profile/dns/aws_spec.rb +++ b/spec/classes/profile/dns/aws_spec.rb @@ -14,8 +14,9 @@ it { is_expected.to contain_exec('restart_networking') } it { is_expected.to contain_file_line('domain_name') } # search_domain should match content of nebula::resolv_conf::searchpath + it do - is_expected.to contain_file_line('search_domain').with_line( + expect(subject).to contain_file_line('search_domain').with_line( 'supersede domain-search "searchpath.default.invalid";', ) end diff --git a/spec/classes/profile/dns/smartconnect_spec.rb b/spec/classes/profile/dns/smartconnect_spec.rb index 1b36c1307..88b476894 100644 --- a/spec/classes/profile/dns/smartconnect_spec.rb +++ b/spec/classes/profile/dns/smartconnect_spec.rb @@ -11,36 +11,37 @@ let(:facts) { os_facts } it do - is_expected.to contain_package( + expect(subject).to contain_package( 'nebula::profile::dns::smartconnect::bind9', ).with_name('bind9').with_ensure('present') end it do - is_expected.to contain_service('bind9').with_ensure('running') + expect(subject).to contain_service('bind9').with_ensure('running') end it do - is_expected.to contain_class('nebula::resolv_conf').with_nameservers( + expect(subject).to contain_class('nebula::resolv_conf').with_nameservers( [ '127.0.0.1', # localhost '5.5.5.5', # nebula::resolv_conf::nameservers[0] '4.4.4.4', # nebula::resolv_conf::nameservers[1] ], ).with_searchpath(['searchpath.default.invalid']) - .with_require('Service[bind9]') + .with_require('Service[bind9]') end it 'removes resolvconf package if present' do - is_expected.to contain_package('resolvconf').with_ensure('absent') + expect(subject).to contain_package('resolvconf').with_ensure('absent') end + it 'contains expected resolv.conf file' do - is_expected.to contain_file('/etc/resolv.conf') - .with_content(/^#.*puppet/) - .with_content(/^search searchpath\.default\.invalid$/) - .with_content(/^nameserver 127.0.0.1$/) - .with_content(/^nameserver 5.5.5.5$/) - .with_content(/^nameserver 4.4.4.4$/) + expect(subject).to contain_file('/etc/resolv.conf') + .with_content(%r{^#.*puppet}) + .with_content(%r{^search searchpath\.default\.invalid$}) + .with_content(%r{^nameserver 127.0.0.1$}) + .with_content(%r{^nameserver 5.5.5.5$}) + .with_content(%r{^nameserver 4.4.4.4$}) end [ @@ -52,7 +53,7 @@ end it do - is_expected.to contain_file('/etc/bind/named.conf').with_content( + expect(subject).to contain_file('/etc/bind/named.conf').with_content( %r{/etc/bind/named.conf.options}, ).with_content( %r{/etc/bind/named.conf.local}, @@ -70,7 +71,7 @@ end it do - is_expected.to contain_file('/etc/bind/named.conf.options').with_content( + expect(subject).to contain_file('/etc/bind/named.conf.options').with_content( %r{^\s*5\.5\.5\.5; 4\.4\.4\.4;$}, ) end @@ -79,7 +80,7 @@ let(:params) { { other_ns_ips: ['3.3.3.3', '2.2.2.2', '1.1.1.1'] } } it do - is_expected.to contain_class('nebula::resolv_conf').with_nameservers( + expect(subject).to contain_class('nebula::resolv_conf').with_nameservers( [ '127.0.0.1', '3.3.3.3', @@ -90,7 +91,7 @@ end it do - is_expected.to contain_file('/etc/bind/named.conf.options').with_content( + expect(subject).to contain_file('/etc/bind/named.conf.options').with_content( %r{^\s*3\.3\.3\.3; 2\.2\.2\.2; 1\.1\.1\.1;$}, ) end diff --git a/spec/classes/profile/dns/standard_spec.rb b/spec/classes/profile/dns/standard_spec.rb index 41258e375..8a59c5005 100644 --- a/spec/classes/profile/dns/standard_spec.rb +++ b/spec/classes/profile/dns/standard_spec.rb @@ -11,20 +11,21 @@ let(:facts) { os_facts } it do - is_expected.to contain_class('nebula::resolv_conf').with_nameservers( + expect(subject).to contain_class('nebula::resolv_conf').with_nameservers( ['5.5.5.5', '4.4.4.4'], ).with_searchpath(['searchpath.default.invalid']) end it 'removes resolvconf package if present' do - is_expected.to contain_package('resolvconf').with_ensure('absent') + expect(subject).to contain_package('resolvconf').with_ensure('absent') end + it 'contains expected resolv.conf file' do - is_expected.to contain_file('/etc/resolv.conf') - .with_content(/^#.*puppet/) - .with_content(/^search searchpath\.default\.invalid$/) - .with_content(/^nameserver 5.5.5.5$/) - .with_content(/^nameserver 4.4.4.4$/) + expect(subject).to contain_file('/etc/resolv.conf') + .with_content(%r{^#.*puppet}) + .with_content(%r{^search searchpath\.default\.invalid$}) + .with_content(%r{^nameserver 5.5.5.5$}) + .with_content(%r{^nameserver 4.4.4.4$}) end end end diff --git a/spec/classes/profile/docker_spec.rb b/spec/classes/profile/docker_spec.rb index 40398de1a..da957afe0 100644 --- a/spec/classes/profile/docker_spec.rb +++ b/spec/classes/profile/docker_spec.rb @@ -13,7 +13,7 @@ it { is_expected.to compile } it do - is_expected.to contain_concat_file('cri daemon') + expect(subject).to contain_concat_file('cri daemon') .with_path('/etc/docker/daemon.json') .with_format('json') .that_notifies('Exec[docker: systemctl daemon-reload]') @@ -23,13 +23,13 @@ it { is_expected.to contain_file('/etc/docker').with_ensure('directory') } it do - is_expected.to contain_file('/etc/systemd/system/docker.service.d') + expect(subject).to contain_file('/etc/systemd/system/docker.service.d') .with_ensure('directory') .that_notifies('Exec[docker: systemctl daemon-reload]') end it do - is_expected.to contain_exec('docker: systemctl daemon-reload') + expect(subject).to contain_exec('docker: systemctl daemon-reload') .with_command('/bin/systemctl daemon-reload') .with_refreshonly(true) .that_notifies('Service[docker]') @@ -44,7 +44,7 @@ ['storage-driver', '"overlay2"'], ].each do |key, value| it do - is_expected.to contain_concat_fragment("cri daemon #{key}") + expect(subject).to contain_concat_fragment("cri daemon #{key}") .with_target('cri daemon') .with_content("{\"#{key}\":#{value}}") end @@ -63,7 +63,7 @@ it { is_expected.to contain_class('docker').with_version('5') } it do - is_expected.to contain_apt__pin('docker-ce').with( + expect(subject).to contain_apt__pin('docker-ce').with( packages: %w[docker-ce docker-ce-cli], version: '5', ) @@ -74,7 +74,7 @@ let(:params) { { docker_compose_version: '1.7.0' } } it do - is_expected.to contain_class('docker::compose') + expect(subject).to contain_class('docker::compose') .with_ensure('present') .with_version('1.7.0') end diff --git a/spec/classes/profile/duo_spec.rb b/spec/classes/profile/duo_spec.rb index 8b3ca09a2..5a7fcb6fc 100644 --- a/spec/classes/profile/duo_spec.rb +++ b/spec/classes/profile/duo_spec.rb @@ -18,13 +18,13 @@ def contain_pam_duo it { is_expected.to contain_package('libpam-duo') } it do - is_expected.to contain_concat_fragment('/etc/pam.d/sshd: pam_duo') + expect(subject).to contain_concat_fragment('/etc/pam.d/sshd: pam_duo') .with_target('/etc/pam.d/sshd') .with_content(%r{auth required pam_duo.so}) end it do - is_expected.to contain_file_line('/etc/pam.d/sudo: pam_duo') + expect(subject).to contain_file_line('/etc/pam.d/sudo: pam_duo') .with_path('/etc/pam.d/sudo') .with_line('auth required pam_duo.so') .with_after('^@include common-auth') @@ -32,7 +32,7 @@ def contain_pam_duo end it do - is_expected.to contain_pam_duo + expect(subject).to contain_pam_duo .with_mode('0600') .that_requires('Package[libpam-duo]') end diff --git a/spec/classes/profile/elastic/filebeat/configs/ulib_spec.rb b/spec/classes/profile/elastic/filebeat/configs/ulib_spec.rb index e0f1f6ad2..1d42e18c4 100644 --- a/spec/classes/profile/elastic/filebeat/configs/ulib_spec.rb +++ b/spec/classes/profile/elastic/filebeat/configs/ulib_spec.rb @@ -17,16 +17,18 @@ it { is_expected.to contain_service('filebeat') } it do - is_expected.to contain_file(file) + expect(subject).to contain_file(file) .that_notifies('Service[filebeat]') .with_content(%r{^\s+ulib_type: 90_day$}) end - it { is_expected.to contain_file(file).with_content(%r{^ \- "/var/log/1.log"$}) } - it { is_expected.to contain_file(file).with_content(%r{^ \- "/var/log/logger/2.txt"$}) } + + it { is_expected.to contain_file(file).with_content(%r{^ - "/var/log/1.log"$}) } + it { is_expected.to contain_file(file).with_content(%r{^ - "/var/log/logger/2.txt"$}) } end + context 'without params' do it "doesn't fail with no files specified" do - is_expected.to compile + expect(subject).to compile end end end diff --git a/spec/classes/profile/elastic/filebeat_spec.rb b/spec/classes/profile/elastic/filebeat_spec.rb index 8510b173e..432430f25 100644 --- a/spec/classes/profile/elastic/filebeat_spec.rb +++ b/spec/classes/profile/elastic/filebeat_spec.rb @@ -11,7 +11,7 @@ let(:facts) { os_facts } it do - is_expected.to contain_service('filebeat').with( + expect(subject).to contain_service('filebeat').with( ensure: 'running', enable: true, ) @@ -20,7 +20,7 @@ it { is_expected.to contain_package('filebeat') } it do - is_expected.to contain_file('/etc/filebeat/filebeat.yml').with( + expect(subject).to contain_file('/etc/filebeat/filebeat.yml').with( ensure: 'present', require: 'Package[filebeat]', notify: 'Service[filebeat]', @@ -36,7 +36,7 @@ end it do - is_expected.to contain_file('/etc/filebeat/configs').with( + expect(subject).to contain_file('/etc/filebeat/configs').with( ensure: 'directory', require: 'Package[filebeat]', ) diff --git a/spec/classes/profile/elastic/metricbeat_spec.rb b/spec/classes/profile/elastic/metricbeat_spec.rb index 92e7c851d..9f4b2c833 100644 --- a/spec/classes/profile/elastic/metricbeat_spec.rb +++ b/spec/classes/profile/elastic/metricbeat_spec.rb @@ -11,7 +11,7 @@ let(:facts) { os_facts } it do - is_expected.to contain_service('metricbeat').with( + expect(subject).to contain_service('metricbeat').with( ensure: 'stopped', enable: false, ) @@ -22,7 +22,7 @@ it { is_expected.to contain_apt__source('elastic.co') } it do - is_expected.to contain_file('/etc/metricbeat/metricbeat.yml').with( + expect(subject).to contain_file('/etc/metricbeat/metricbeat.yml').with( ensure: 'present', require: 'Package[metricbeat]', notify: 'Service[metricbeat]', @@ -38,11 +38,11 @@ it { is_expected.to contain_file('/etc/metricbeat/metricbeat.yml').with_content(content) } end - context 'given logstash_auth_cert => "/some/file.crt"' do + context 'with logstash_auth_cert => "/some/file.crt"' do let(:params) { { logstash_auth_cert: '/some/file.crt' } } it do - is_expected.to contain_file('/etc/metricbeat/metricbeat.yml').with_content( + expect(subject).to contain_file('/etc/metricbeat/metricbeat.yml').with_content( %r{^\s* ssl\.certificate_authorities: \["/etc/ssl/certs/logstash-forwarder\.crt"\]$}, ) end diff --git a/spec/classes/profile/elastic_spec.rb b/spec/classes/profile/elastic_spec.rb index f95f9a884..0b24039b1 100644 --- a/spec/classes/profile/elastic_spec.rb +++ b/spec/classes/profile/elastic_spec.rb @@ -11,7 +11,7 @@ let(:facts) { os_facts } it do - is_expected.to contain_apt__source('elastic.co').with( + expect(subject).to contain_apt__source('elastic.co').with( comment: 'Elastic.co apt source for beats and elastic search', location: 'https://artifacts.elastic.co/packages/7.x/apt', release: 'stable', @@ -26,11 +26,11 @@ it { is_expected.not_to contain_file('/etc/ssl/certs') } it { is_expected.not_to contain_file('/etc/ssl/certs/logstash-forwarder.crt') } - context 'given logstash_auth_cert => "/some/file.crt"' do + context 'with logstash_auth_cert => "/some/file.crt"' do let(:params) { { logstash_auth_cert: '/some/file.crt' } } it do - is_expected.to contain_file('/etc/ssl/certs/logstash-forwarder.crt').with( + expect(subject).to contain_file('/etc/ssl/certs/logstash-forwarder.crt').with( ensure: 'present', require: 'File[/etc/ssl/certs]', mode: '0644', @@ -39,18 +39,18 @@ end it do - is_expected.to contain_file('/etc/ssl/certs').with( + expect(subject).to contain_file('/etc/ssl/certs').with( ensure: 'directory', mode: '0755', ) end end - context 'given logstash_auth_cert => "/another/cert.crt"' do + context 'with logstash_auth_cert => "/another/cert.crt"' do let(:params) { { logstash_auth_cert: '/another/cert.crt' } } it do - is_expected.to contain_file('/etc/ssl/certs/logstash-forwarder.crt').with( + expect(subject).to contain_file('/etc/ssl/certs/logstash-forwarder.crt').with( source: 'puppet:///another/cert.crt', ) end diff --git a/spec/classes/profile/exim4_spec.rb b/spec/classes/profile/exim4_spec.rb index 374268b98..62c5bf083 100644 --- a/spec/classes/profile/exim4_spec.rb +++ b/spec/classes/profile/exim4_spec.rb @@ -12,7 +12,7 @@ let(:fqdn) { facts[:fqdn] } it do - is_expected.to contain_service('exim4').with( + expect(subject).to contain_service('exim4').with( ensure: 'running', enable: true, require: 'Package[exim4]', @@ -24,7 +24,7 @@ '/etc/email-addresses', ].each do |filename| it do - is_expected.to contain_file_line("#{filename}: root email").with( + expect(subject).to contain_file_line("#{filename}: root email").with( path: filename, match: '^root: ', line: 'root: root@default.invalid', @@ -42,7 +42,7 @@ '/etc/email-addresses', ].each do |filename| it do - is_expected.to contain_file_line("#{filename}: root email").with( + expect(subject).to contain_file_line("#{filename}: root email").with( path: filename, match: '^root: ', line: 'root: majordomo@email.gov', @@ -53,24 +53,24 @@ end it do - is_expected.to contain_file('/etc/mailname') + expect(subject).to contain_file('/etc/mailname') .with_content("#{fqdn}\n") .that_notifies('Exec[update exim4 config]') end it do - is_expected.to contain_file('/etc/exim4/update-exim4.conf.conf') + expect(subject).to contain_file('/etc/exim4/update-exim4.conf.conf') .with_content(%r{^dc_other_hostnames='#{fqdn}'$}) .with_content(%r{^dc_relay_domains='exim\.default\.invalid'$}) .that_notifies('Exec[update exim4 config]') .that_requires('Package[exim4]') end - context 'given a relay_domain of umich.edu' do + context 'when given a relay_domain of umich.edu' do let(:params) { { relay_domain: 'umich.edu' } } it do - is_expected.to contain_file('/etc/exim4/update-exim4.conf.conf') + expect(subject).to contain_file('/etc/exim4/update-exim4.conf.conf') .with_content(%r{^dc_relay_domains='umich\.edu'$}) end end @@ -78,14 +78,14 @@ it { is_expected.to contain_package('exim4') } it do - is_expected.to contain_exec('load new email aliases').with( + expect(subject).to contain_exec('load new email aliases').with( command: '/usr/bin/newaliases', refreshonly: true, ) end it do - is_expected.to contain_exec('update exim4 config').with( + expect(subject).to contain_exec('update exim4 config').with( command: '/usr/sbin/update-exim4.conf', refreshonly: true, notify: 'Service[exim4]', diff --git a/spec/classes/profile/falcon_spec.rb b/spec/classes/profile/falcon_spec.rb index a1b64944e..a52894bd8 100644 --- a/spec/classes/profile/falcon_spec.rb +++ b/spec/classes/profile/falcon_spec.rb @@ -18,7 +18,7 @@ it { is_expected.to contain_service('falcon-sensor').with_ensure('running') } it do - is_expected.to contain_exec('set falcon-sensor CID') + expect(subject).to contain_exec('set falcon-sensor CID') .with_command("/opt/CrowdStrike/falconctl -s '--cid=mycid'") .with_unless('/opt/CrowdStrike/falconctl -g --cid') .that_requires('Package[falcon-sensor]') @@ -30,7 +30,7 @@ let(:params) { { cid: 'somethingelse' } } it do - is_expected.to contain_exec('set falcon-sensor CID') + expect(subject).to contain_exec('set falcon-sensor CID') .with_command("/opt/CrowdStrike/falconctl -s '--cid=somethingelse'") end end diff --git a/spec/classes/profile/fulcrum/base_spec.rb b/spec/classes/profile/fulcrum/base_spec.rb index 5373e33d2..134d12455 100644 --- a/spec/classes/profile/fulcrum/base_spec.rb +++ b/spec/classes/profile/fulcrum/base_spec.rb @@ -12,35 +12,35 @@ it { is_expected.to compile } - context "with default uid and gid" do + context 'with default uid and gid' do it do - is_expected.to contain_user('fulcrum') + expect(subject).to contain_user('fulcrum') .with(uid: 717) .with(gid: 717) end it do - is_expected.to contain_group('fulcrum') + expect(subject).to contain_group('fulcrum') .with(gid: 717) end end - context "with a uid and gid specified" do - let(:params) { + context 'with a uid and gid specified' do + let(:params) do { uid: 1001, - gid: 1001 + gid: 1001, } - } + end it do - is_expected.to contain_user('fulcrum') + expect(subject).to contain_user('fulcrum') .with(uid: 1001) .with(gid: 1001) end it do - is_expected.to contain_group('fulcrum') + expect(subject).to contain_group('fulcrum') .with(gid: 1001) end end diff --git a/spec/classes/profile/fulcrum/logrotate_spec.rb b/spec/classes/profile/fulcrum/logrotate_spec.rb index 7141638e0..ca0aff74c 100644 --- a/spec/classes/profile/fulcrum/logrotate_spec.rb +++ b/spec/classes/profile/fulcrum/logrotate_spec.rb @@ -15,7 +15,7 @@ it { is_expected.to contain_class('Nebula::Profile::Logrotate') } it do - is_expected.to contain_logrotate__rule('fulcrum') + expect(subject).to contain_logrotate__rule('fulcrum') .with_path('/fulcrum/app/shared/log/*.log') .with_rotate(7) .with_rotate_every('day') diff --git a/spec/classes/profile/grub_spec.rb b/spec/classes/profile/grub_spec.rb index bc802fdd3..fbf4303bd 100644 --- a/spec/classes/profile/grub_spec.rb +++ b/spec/classes/profile/grub_spec.rb @@ -10,7 +10,7 @@ context "on #{os}" do let(:facts) { os_facts } - context 'on a kvm vm' do + context 'when on a kvm vm' do let(:facts) { super().merge(is_virtual: true, virtual: 'kvm') } [ @@ -20,7 +20,7 @@ ['^#?GRUB_TERMINAL', 'GRUB_TERMINAL=serial'], ].each do |match, line| it do - is_expected.to contain_file_line("/etc/default/grub: #{match}").with( + expect(subject).to contain_file_line("/etc/default/grub: #{match}").with( path: '/etc/default/grub', line: line, match: "#{match}=", @@ -31,7 +31,7 @@ end it do - is_expected.to contain_service('getty@hvc0').with( + expect(subject).to contain_service('getty@hvc0').with( ensure: 'running', enable: true, ) @@ -52,7 +52,7 @@ ['^#?GRUB_TERMINAL', 'GRUB_TERMINAL=console'], ].each do |match, line| it do - is_expected.to contain_file_line("/etc/default/grub: #{match}").with( + expect(subject).to contain_file_line("/etc/default/grub: #{match}").with( path: '/etc/default/grub', line: line, match: "#{match}=", @@ -63,7 +63,7 @@ end it do - is_expected.to contain_service('serial-getty@ttyS1').with( + expect(subject).to contain_service('serial-getty@ttyS1').with( ensure: 'running', enable: true, ) @@ -72,7 +72,7 @@ end it do - is_expected.to contain_exec('/usr/sbin/update-grub') + expect(subject).to contain_exec('/usr/sbin/update-grub') .with_refreshonly(true) end end diff --git a/spec/classes/profile/haproxy_spec.rb b/spec/classes/profile/haproxy_spec.rb index ca0420956..1637caa9e 100644 --- a/spec/classes/profile/haproxy_spec.rb +++ b/spec/classes/profile/haproxy_spec.rb @@ -28,7 +28,6 @@ let(:service) { 'keepalived' } let(:thisnode) { { 'ip' => facts[:networking][:ip], 'hostname' => facts[:hostname] } } - let(:haproxy2) { { 'ip' => Faker::Internet.ip_v4_address, 'hostname' => 'haproxy2' } } let(:base_params) do { cert_source: '/some/where', @@ -59,7 +58,7 @@ end it do - is_expected.to contain_service('haproxy').with( + expect(subject).to contain_service('haproxy').with( ensure: 'running', enable: true, restart: '/bin/systemctl reload haproxy', @@ -67,13 +66,13 @@ end it do - is_expected.to contain_exec('check haproxy config').with( + expect(subject).to contain_exec('check haproxy config').with( command: "/usr/sbin/haproxy -f #{haproxy_conf} -c -q -f /etc/haproxy/services.d", ) end it do - is_expected.to contain_nebula__haproxy__service('svc1').with( + expect(subject).to contain_nebula__haproxy__service('svc1').with( floating_ip: '12.23.32.22', cert_source: '/some/where', max_requests_per_sec: 10, @@ -82,7 +81,7 @@ end it do - is_expected.to contain_nebula__haproxy__service('svc2').with( + expect(subject).to contain_nebula__haproxy__service('svc2').with( floating_ip: '12.23.32.23', cert_source: '/some/where', ) @@ -100,7 +99,7 @@ describe 'users' do it do - is_expected.to contain_user('haproxyctl').with( + expect(subject).to contain_user('haproxyctl').with( name: 'haproxyctl', gid: 'haproxy', managehome: true, @@ -109,12 +108,12 @@ end it do - is_expected.to contain_nebula__authzd_user('haproxyctl') + expect(subject).to contain_nebula__authzd_user('haproxyctl') .that_requires(['Package[haproxy]', 'Package[haproxyctl]']) end it 'grants ssh access to the monitoring user' do - is_expected.to contain_file('/var/haproxyctl/.ssh/authorized_keys') + expect(subject).to contain_file('/var/haproxyctl/.ssh/authorized_keys') .with_content(%r{^ecdsa-sha2-nistp256 CCCCCCCCCCCC haproxyctl@default\.invalid$}) end end @@ -134,24 +133,25 @@ it { is_expected.to contain_file(file).with(mode: '0644') } it 'says it is managed by puppet' do - is_expected.to contain_file(file).with_content( - %r{\A# Managed by puppet \(nebula\/profile\/haproxy\/default\.erb\)\n}, + expect(subject).to contain_file(file).with_content( + %r{\A# Managed by puppet \(nebula/profile/haproxy/default\.erb\)\n}, ) end + it 'sets $CONFIG to the base config' do - is_expected.to contain_file(file).with_content(%r{^CONFIG="#{haproxy_conf}"\n}) + expect(subject).to contain_file(file).with_content(%r{^CONFIG="#{haproxy_conf}"\n}) end it 'sets $EXTRAOPTS to include the service directory' do - is_expected.to contain_file(file).with_content( - %r{EXTRAOPTS="-f \/etc\/haproxy\/services.d"\n}, + expect(subject).to contain_file(file).with_content( + %r{EXTRAOPTS="-f /etc/haproxy/services.d"\n}, ) end end describe 'global_badrobots.txt file' do it 'lists ips to block' do - is_expected.to contain_file('/etc/haproxy/global_badrobots.txt').with_content("1.2.3.0/24\n5.6.7.8\n") + expect(subject).to contain_file('/etc/haproxy/global_badrobots.txt').with_content("1.2.3.0/24\n5.6.7.8\n") end end @@ -165,27 +165,33 @@ it { is_expected.to contain_file('/etc/haproxy/services.d').with(ensure: 'directory') } it 'says it is managed by puppet' do - is_expected.to contain_file(file).with_content( - %r{\A# Managed by puppet \(nebula\/profile\/haproxy\/haproxy\.cfg\.erb\)\n}, + expect(subject).to contain_file(file).with_content( + %r{\A# Managed by puppet \(nebula/profile/haproxy/haproxy\.cfg\.erb\)\n}, ) end + it 'has a global section' do - is_expected.to contain_file(file).with_content(%r{^global\n}) + expect(subject).to contain_file(file).with_content(%r{^global\n}) end + it 'has a defaults section' do - is_expected.to contain_file(file).with_content(%r{^defaults\n}) + expect(subject).to contain_file(file).with_content(%r{^defaults\n}) end + it 'does not have a backend section' do - is_expected.not_to contain_file(file).with_content(%r{^backend\W+.*\n}) + expect(subject).not_to contain_file(file).with_content(%r{^backend\W+.*\n}) end + it 'does not have a frontend section' do - is_expected.not_to contain_file(file).with_content(%r{^frontend\W+.*\n}) + expect(subject).not_to contain_file(file).with_content(%r{^frontend\W+.*\n}) end + it 'configures the admin socket in the correct place with group privileges' do - is_expected.to contain_file(file).with_content(%r{stats socket /run/haproxy/admin.sock mode 660 level admin}) + expect(subject).to contain_file(file).with_content(%r{stats socket /run/haproxy/admin.sock mode 660 level admin}) end + it 'runs with the haproxy group' do - is_expected.to contain_file(file).with_content(%r{group haproxy}) + expect(subject).to contain_file(file).with_content(%r{group haproxy}) end end @@ -197,7 +203,7 @@ let(:file) { keepalived_conf } it do - is_expected.to contain_concat(file).with( + expect(subject).to contain_concat(file).with( ensure: 'present', require: 'Package[keepalived]', notify: 'Service[keepalived]', @@ -208,11 +214,11 @@ it { is_expected.to contain_concat_fragment('keepalived preamble').with_target(keepalived_conf) } it 'has a vrrp_scripts check_haproxy section' do - is_expected.to contain_concat_fragment('keepalived preamble').with_content(%r{^vrrp_script check_haproxy}) + expect(subject).to contain_concat_fragment('keepalived preamble').with_content(%r{^vrrp_script check_haproxy}) end it 'has the haproxy floating ip addresses' do - is_expected.to contain_concat_fragment('keepalived preamble').with_content(%r{virtual_ipaddress {\n\s*12\.23\.32\.22\n\s*12\.23\.32\.23\n\s*}}m) + expect(subject).to contain_concat_fragment('keepalived preamble').with_content(%r{virtual_ipaddress {\n\s*12\.23\.32\.22\n\s*12\.23\.32\.23\n\s*}}m) end context 'with a floating ip address parameter' do @@ -224,7 +230,7 @@ end it do - is_expected.to contain_concat_fragment('keepalived preamble') + expect(subject).to contain_concat_fragment('keepalived preamble') .with_content(%r{virtual_ipaddress {\n\s*#{params[:services]["svc1"]["floating_ip"]}\n\s*#{params[:services]["svc2"]["floating_ip"]}\n\s*}}m) end end @@ -235,7 +241,7 @@ end it do - is_expected.to contain_concat_fragment('keepalived preamble') + expect(subject).to contain_concat_fragment('keepalived preamble') .with_content(%r{virtual_ipaddress {\n\s*10\.0\.1\.2\n\s*}}m) end end @@ -255,24 +261,26 @@ it { is_expected.to contain_concat_fragment('keepalived preamble').with_content(%r{notification_email {\n\s.*root@default.invalid\n\s.*}}m) } it { is_expected.to contain_concat_fragment('keepalived preamble').with_content(%r{notification_email_from root@default.invalid}) } - context 'on a master node' do + context 'when on a master node' do let(:params) { base_params.merge(master: true) } it { is_expected.to contain_concat_fragment('keepalived preamble').with_content(%r{priority 101}) } it { is_expected.to contain_concat_fragment('keepalived preamble').with_content(%r{state MASTER}) } + it do - is_expected.to contain_class('Nebula::Profile::Prometheus::Exporter::Haproxy') + expect(subject).to contain_class('Nebula::Profile::Prometheus::Exporter::Haproxy') .with_master(true) end end - context 'on a backup node' do + context 'when on a backup node' do let(:params) { base_params.merge(master: false) } it { is_expected.to contain_concat_fragment('keepalived preamble').with_content(%r{priority 100}) } it { is_expected.to contain_concat_fragment('keepalived preamble').with_content(%r{state BACKUP}) } + it do - is_expected.to contain_class('Nebula::Profile::Prometheus::Exporter::Haproxy') + expect(subject).to contain_class('Nebula::Profile::Prometheus::Exporter::Haproxy') .with_master(false) end end @@ -285,13 +293,13 @@ it { is_expected.to contain_file(file).with(mode: '0644') } it 'says it is managed by puppet' do - is_expected.to contain_file(file).with_content( + expect(subject).to contain_file(file).with_content( %r{\A# Managed by puppet}, ) end it 'enables ip_nonlocal_bind' do - is_expected.to contain_file(file).with_content(%r{^net.ipv4.ip_nonlocal_bind = 1$}) + expect(subject).to contain_file(file).with_content(%r{^net.ipv4.ip_nonlocal_bind = 1$}) end end @@ -304,7 +312,7 @@ describe 'metrics' do it 'defines haproxy stats file' do - is_expected.to contain_file('/etc/haproxy/services.d/stats.cfg') + expect(subject).to contain_file('/etc/haproxy/services.d/stats.cfg') .that_requires('Package[haproxy]') .that_notifies('Service[haproxy]') end @@ -312,23 +320,24 @@ describe 'server monitoring / dynamic weighting' do it 'includes the private key' do - is_expected.to contain_file('/var/haproxyctl/.ssh/id_ecdsa') + expect(subject).to contain_file('/var/haproxyctl/.ssh/id_ecdsa') end + it 'includes the monitoring script' do - is_expected.to contain_file('/usr/local/bin/set_weights.rb') + expect(subject).to contain_file('/usr/local/bin/set_weights.rb') end end describe 'log rotation' do - let(:rotate_logs) { contain_logrotate__rule("haproxy") } + let(:rotate_logs) { contain_logrotate__rule('haproxy') } - it { is_expected.to rotate_logs.with_path("/var/log/haproxy.log") } - it { is_expected.to rotate_logs.with_rotate_every("day") } + it { is_expected.to rotate_logs.with_path('/var/log/haproxy.log') } + it { is_expected.to rotate_logs.with_rotate_every('day') } it { is_expected.to rotate_logs.with_rotate(5) } it { is_expected.to rotate_logs.with_missingok(true) } it { is_expected.to rotate_logs.with_ifempty(false) } it { is_expected.to rotate_logs.with_compress(true) } - it { is_expected.to rotate_logs.with_postrotate(["/usr/lib/rsyslog/rsyslog-rotate", "/bin/systemctl restart filebeat"]) } + it { is_expected.to rotate_logs.with_postrotate(['/usr/lib/rsyslog/rsyslog-rotate', '/bin/systemctl restart filebeat']) } end end end diff --git a/spec/classes/profile/hathitrust/apache/babel_spec.rb b/spec/classes/profile/hathitrust/apache/babel_spec.rb index 5513a4bec..2389efb1f 100644 --- a/spec/classes/profile/hathitrust/apache/babel_spec.rb +++ b/spec/classes/profile/hathitrust/apache/babel_spec.rb @@ -10,37 +10,38 @@ context "on #{os}" do let(:facts) { os_facts } let(:hiera_config) { 'spec/fixtures/hiera/hathitrust_config.yaml' } - let(:pre_condition) { "include apache" } - - let(:base_params) { { - sdrroot: '/sdrroot', - sdremail: 'sdremail@default.invalid', - default_access: { enforce: 'all', requires: ['all denied'] }, - haproxy_ips: [], - ssl_params: {}, - prefix: '', - domain: 'hathitrust.org', - } } + let(:pre_condition) { 'include apache' } + + let(:base_params) do + { + sdrroot: '/sdrroot', + sdremail: 'sdremail@default.invalid', + default_access: { enforce: 'all', requires: ['all denied'] }, + haproxy_ips: [], + ssl_params: {}, + prefix: '', + domain: 'hathitrust.org', + } + end let(:params) { base_params } - describe "CRMS_INSTANCE" do - + describe 'CRMS_INSTANCE' do let(:babel_env) do - catalogue.resource('apache::vhost','babel.hathitrust.org ssl')["setenv"] + catalogue.resource('apache::vhost', 'babel.hathitrust.org ssl')['setenv'] end - it "sets crms_instance production" do - expect(babel_env).to include("CRMS_INSTANCE production") + it 'sets crms_instance production' do + expect(babel_env).to include('CRMS_INSTANCE production') end - context("with prod_crms_instance set to false") do + context('with prod_crms_instance set to false') do let(:params) { base_params.merge(prod_crms_instance: false) } - it "does not set CRMS_INSTANCE env var" do - expect(babel_env).not_to include(/^CRMS_INSTANCE/) + + it 'does not set CRMS_INSTANCE env var' do + expect(babel_env).not_to include(%r{^CRMS_INSTANCE}) end end - end end end diff --git a/spec/classes/profile/hathitrust/apache_spec.rb b/spec/classes/profile/hathitrust/apache_spec.rb index cfff44d1d..97ed8fd80 100644 --- a/spec/classes/profile/hathitrust/apache_spec.rb +++ b/spec/classes/profile/hathitrust/apache_spec.rb @@ -24,12 +24,12 @@ def multiline2re(string) it { is_expected.to contain_file('/usr/local/lib/cgi-bin/monitor/monitor.pl') } it 'sends logs to loki' do - is_expected.to contain_class('nebula::profile::loki') - is_expected.to contain_file('/etc/alloy/apache.alloy') + expect(subject).to contain_class('nebula::profile::loki') + expect(subject).to contain_file('/etc/alloy/apache.alloy') end snippets = [ - <<~EOT, + <<~SNIPPET, AllowOverride None @@ -37,13 +37,13 @@ def multiline2re(string) SetHandler proxy:fcgi://127.0.0.1:31028 - EOT - <<~EOT + SNIPPET + <<~SNIPPET, Options +ExecCGI SetHandler cgi-script - EOT + SNIPPET ] snippets.each do |snippet| @@ -51,26 +51,26 @@ def multiline2re(string) end it do - is_expected.to contain_file('access_compat.load') + expect(subject).to contain_file('access_compat.load') .with(path: '/etc/apache2/mods-available/access_compat.load', content: %r{LoadModule access_compat_module /usr/lib/apache2/modules/mod_access_compat.so}) end it do - is_expected.to contain_file('access_compat.load symlink') + expect(subject).to contain_file('access_compat.load symlink') .with(ensure: 'link', path: '/etc/apache2/mods-enabled/access_compat.load', target: '/etc/apache2/mods-available/access_compat.load') end it do - is_expected.to contain_file('/etc/logrotate.d/apache2') + expect(subject).to contain_file('/etc/logrotate.d/apache2') end describe 'Production HT hostnames' do %w[babel catalog www crms-training.babel].each do |vhost| it { - is_expected.to contain_apache__vhost("#{vhost}.hathitrust.org ssl").with( + expect(subject).to contain_apache__vhost("#{vhost}.hathitrust.org ssl").with( servername: "#{vhost}.hathitrust.org", ssl: true, ssl_protocol: '+TLSv1.2', @@ -95,7 +95,7 @@ def multiline2re(string) it { is_expected.to contain_apache__vhost('foo.www.example.org ssl').with_servername('foo.www.example.org') } it { - is_expected.to contain_apache__vhost('foo.babel.example.org non-ssl').with( + expect(subject).to contain_apache__vhost('foo.babel.example.org non-ssl').with( redirect_dest: 'https://foo.babel.example.org/', servername: 'foo.babel.example.org', ) @@ -112,7 +112,7 @@ def multiline2re(string) it { is_expected.to contain_apache__vhost('babel.example.org ssl').with_servername('babel.example.org') } it { - is_expected.to contain_apache__vhost('hathitrust canonical name redirection').with( + expect(subject).to contain_apache__vhost('hathitrust canonical name redirection').with( servername: 'example.org', serveraliases: ['domain.one', 'domain.two', 'www.domain.one', 'www.domain.two'], redirect_dest: 'https://www.example.org/', @@ -121,28 +121,28 @@ def multiline2re(string) end it do - is_expected.to contain_concat_file('/usr/local/lib/cgi-bin/monitor/monitor_config.yaml') + expect(subject).to contain_concat_file('/usr/local/lib/cgi-bin/monitor/monitor_config.yaml') end it do - is_expected.to contain_concat_fragment('monitor solr cores').with(tag: 'monitor_config', - content: { 'solr' => %w[solrcore1 solrcore2] }.to_yaml) + expect(subject).to contain_concat_fragment('monitor solr cores').with(tag: 'monitor_config', + content: { 'solr' => %w[solrcore1 solrcore2] }.to_yaml) end it do - is_expected.to contain_concat_fragment('monitor mysql').with(tag: 'monitor_config', - content: { 'mysql' => { 'param1' => 'value1', 'param2' => 'value2' } }.to_yaml) + expect(subject).to contain_concat_fragment('monitor mysql').with(tag: 'monitor_config', + content: { 'mysql' => { 'param1' => 'value1', 'param2' => 'value2' } }.to_yaml) end it do # set via hiera - is_expected.to contain_cron('purge caches') + expect(subject).to contain_cron('purge caches') .with_command('/htapps/babel/mdp-misc/scripts/managecache.sh /somewhere/whatever:1:2 /elsewhere/whatever:3:4') end describe 'monitoring user' do it do - is_expected.to have_nebula__authzd_user_resource_count(0) + expect(subject).to have_nebula__authzd_user_resource_count(0) end context 'with specified key' do @@ -153,7 +153,7 @@ def multiline2re(string) end it do - is_expected.to contain_nebula__authzd_user('haproxyctl') + expect(subject).to contain_nebula__authzd_user('haproxyctl') end end end diff --git a/spec/classes/profile/hathitrust/babel_logs_spec.rb b/spec/classes/profile/hathitrust/babel_logs_spec.rb index ab08b1dc0..9f41052d2 100644 --- a/spec/classes/profile/hathitrust/babel_logs_spec.rb +++ b/spec/classes/profile/hathitrust/babel_logs_spec.rb @@ -8,13 +8,13 @@ require_relative '../../../support/contexts/with_htvm_setup' describe 'nebula::profile::hathitrust::babel_logs' do - on_supported_os.each do |os, os_facts| + on_supported_os.each do |os, _os_facts| context "on #{os}" do it { is_expected.to compile } it { is_expected.to contain_file('/var/log/babel').with_owner('nobody') } - it { is_expected.to contain_file('/etc/alloy/babel.alloy').with_content(%r(/var/log/babel)) } - it { is_expected.to contain_file('/etc/logrotate.d/babel').with_content(%r(/var/log/babel)) } + it { is_expected.to contain_file('/etc/alloy/babel.alloy').with_content(%r{/var/log/babel}) } + it { is_expected.to contain_file('/etc/logrotate.d/babel').with_content(%r{/var/log/babel}) } end end end diff --git a/spec/classes/profile/hathitrust/cron/catalog_spec.rb b/spec/classes/profile/hathitrust/cron/catalog_spec.rb index 6d118e80e..339414cc7 100644 --- a/spec/classes/profile/hathitrust/cron/catalog_spec.rb +++ b/spec/classes/profile/hathitrust/cron/catalog_spec.rb @@ -1,4 +1,3 @@ - # frozen_string_literal: true # Copyright (c) 2019 The Regents of the University of Michigan. @@ -19,7 +18,7 @@ end it do - is_expected.to contain_cron('clean sessions') + expect(subject).to contain_cron('clean sessions') .with(command: %r{.*perl /htapps/catalog/web/derived_data/clean_sessions\.pl}, user: 'libadm', environment: ['MAILTO=nobody@default.invalid']) @@ -36,7 +35,7 @@ end it do - is_expected.to contain_cron('clean sessions') + expect(subject).to contain_cron('clean sessions') .with(command: %r{.*perl /nowhere/derived_data/clean_sessions\.pl}, user: 'cronuser', environment: ['MAILTO=somebody@default.invalid']) diff --git a/spec/classes/profile/hathitrust/cron/mdp_misc_spec.rb b/spec/classes/profile/hathitrust/cron/mdp_misc_spec.rb index bd9b84c68..3a908029f 100644 --- a/spec/classes/profile/hathitrust/cron/mdp_misc_spec.rb +++ b/spec/classes/profile/hathitrust/cron/mdp_misc_spec.rb @@ -1,4 +1,3 @@ - # frozen_string_literal: true # Copyright (c) 2019 The Regents of the University of Michigan. @@ -19,7 +18,7 @@ end it do - is_expected.to contain_cron('manage mbook sessions') + expect(subject).to contain_cron('manage mbook sessions') .with(command: %r{/htapps/babel/mdp-misc/scripts/managembookssessions\.pl.*mail.*nobody@default\.invalid}, user: 'libadm', @@ -46,7 +45,7 @@ end it do - is_expected.to contain_cron('manage mbook sessions') + expect(subject).to contain_cron('manage mbook sessions') .with(command: %r{.*/homewhere/scripts/managembookssessions\.pl.*mail.*somebody@default\.invalid}, user: 'cronuser', environment: [ diff --git a/spec/classes/profile/hathitrust/hosts_spec.rb b/spec/classes/profile/hathitrust/hosts_spec.rb index bd6aaf2a3..c16d73c49 100644 --- a/spec/classes/profile/hathitrust/hosts_spec.rb +++ b/spec/classes/profile/hathitrust/hosts_spec.rb @@ -38,17 +38,17 @@ let(:file) { '/etc/hosts' } it 'maps the ip, fqdn, and hostname' do - is_expected.to contain_host(hostname).with_ip(my_ip) - is_expected.to contain_host(hostname).with_host_aliases([fqdn]) + expect(subject).to contain_host(hostname).with_ip(my_ip) + expect(subject).to contain_host(hostname).with_host_aliases([fqdn]) end it 'maps 1:1 aliases' do - is_expected.to contain_host('mysql-sdr').with_ip(mysql_ip) + expect(subject).to contain_host('mysql-sdr').with_ip(mysql_ip) end it 'unpacks the many search aliases' do - is_expected.to contain_host('solr-sdr-search-1').with_ip(solr_ips[0]) - is_expected.to contain_host('solr-sdr-search-2').with_ip(solr_ips[1]) + expect(subject).to contain_host('solr-sdr-search-1').with_ip(solr_ips[0]) + expect(subject).to contain_host('solr-sdr-search-2').with_ip(solr_ips[1]) end end end diff --git a/spec/classes/profile/hathitrust/mounts_spec.rb b/spec/classes/profile/hathitrust/mounts_spec.rb index e11abfe5b..a1b55591a 100644 --- a/spec/classes/profile/hathitrust/mounts_spec.rb +++ b/spec/classes/profile/hathitrust/mounts_spec.rb @@ -1,4 +1,3 @@ - # frozen_string_literal: true # Copyright (c) 2018 The Regents of the University of Michigan. @@ -34,7 +33,7 @@ end it do - is_expected.to contain_mount('/htapps').with( + expect(subject).to contain_mount('/htapps').with( device: 'somehost:/htapps', fstype: 'nfs', ) diff --git a/spec/classes/profile/hathitrust/solr6/catalog_spec.rb b/spec/classes/profile/hathitrust/solr6/catalog_spec.rb index 689cf2f70..b9ead659c 100644 --- a/spec/classes/profile/hathitrust/solr6/catalog_spec.rb +++ b/spec/classes/profile/hathitrust/solr6/catalog_spec.rb @@ -1,4 +1,5 @@ # frozen_string_literal: true + require 'spec_helper' describe 'nebula::profile::hathitrust::solr6::catalog' do @@ -9,47 +10,61 @@ it { is_expected.to compile } it { is_expected.to contain_class('nebula::profile::hathitrust::solr6') } - it { is_expected.to contain_file('/var/lib/solr/solr.in.sh').with_content(/SOLR_PORT=9033/) } - it { is_expected.to contain_file('/usr/local/bin/index-release') - .with_content(%r|BASE=/htsolr/catalog|) - .with_content(%r|^SNAP=".snapshot/htsolr-catalog_\${TODAY}"$|) - .with_content(/CORES="catalog"/) - .with_content(%r|/flags/STOPCATALOGRELEASE|) - .with_content(%r|/bin/echo "STOPCATALOGRELEASE flag present|) - .with_content(%r|SEGMENTS=`ls \${BASE}/cores/\${s}/\${SNAP}/data/index/|) - .with_content(/if \[ \${SEGMENTS} -eq 0 \];/) - .without_content(/if \[ \${SEGMENTS} -lt 1 \] \|\| \[ \${SEGMENTS} -gt 2 \];/) - .with_content(%r|rm -f \${SYMLINKBASE}/\${s} && ln -s \${BASE}/cores/\${s}/\${SNAP} \${SYMLINKBASE}/\${s}$|) - .with_content(/^# run the first query to initialize catalog solr$/) - .without_content(/^# run the first query to initialize lss solr$/) + it { is_expected.to contain_file('/var/lib/solr/solr.in.sh').with_content(%r{SOLR_PORT=9033}) } + + it { + expect(subject).to contain_file('/usr/local/bin/index-release') + .with_content(%r{BASE=/htsolr/catalog}) + .with_content(%r|^SNAP=".snapshot/htsolr-catalog_\${TODAY}"$|) + .with_content(%r{CORES="catalog"}) + .with_content(%r{/flags/STOPCATALOGRELEASE}) + .with_content(%r{/bin/echo "STOPCATALOGRELEASE flag present}) + .with_content(%r|SEGMENTS=`ls \${BASE}/cores/\${s}/\${SNAP}/data/index/|) + .with_content(%r{if \[ \${SEGMENTS} -eq 0 \];}) + .without_content(%r{if \[ \${SEGMENTS} -lt 1 \] \|\| \[ \${SEGMENTS} -gt 2 \];}) + .with_content(%r|rm -f \${SYMLINKBASE}/\${s} && ln -s \${BASE}/cores/\${s}/\${SNAP} \${SYMLINKBASE}/\${s}$|) + .with_content(%r{^# run the first query to initialize catalog solr$}) + .without_content(%r{^# run the first query to initialize lss solr$}) } - it { is_expected.to contain_cron('catalog solr index release') - .with(command: "/usr/local/bin/index-release > /tmp/index-release.log 2>&1 || /usr/bin/mail -s 'foo catalog index release problem' anybody@default.invalid < /tmp/index-release.log") + + it { + expect(subject).to contain_cron('catalog solr index release') + .with(command: "/usr/local/bin/index-release > /tmp/index-release.log 2>&1 || /usr/bin/mail -s 'foo catalog index release problem' anybody@default.invalid < /tmp/index-release.log") } - context 'on primary site' do + context 'when on primary site' do let(:params) do { is_primary_site: true } end - it { is_expected.to contain_file('/usr/local/bin/index-release') - .with_content(%r|^if ! curl -A SOLR -s --retry 5 --fail https://babel.hathitrust.org/flags/web/catalog-release-\${TODAY} --resolve "babel.hathitrust.org:443:6.5.4.3|) } - it { is_expected.to contain_cron('catalog solr index release') - .with(hour: 6, minute: 30) + + it { + expect(subject).to contain_file('/usr/local/bin/index-release') + .with_content(%r|^if ! curl -A SOLR -s --retry 5 --fail https://babel.hathitrust.org/flags/web/catalog-release-\${TODAY} --resolve "babel.hathitrust.org:443:6.5.4.3|) + } + + it { + expect(subject).to contain_cron('catalog solr index release') + .with(hour: 6, minute: 30) } end - context 'on mirror site' do + + context 'when on mirror site' do let(:params) do { is_primary_site: false } end - it { is_expected.to contain_file('/usr/local/bin/index-release') - .without_content(%r|^if ! curl -A SOLR -s --retry 5 --fail https://babel.hathitrust.org|) } - it { is_expected.to contain_cron('catalog solr index release') - .with(hour: 6, minute: 25) + + it { + expect(subject).to contain_file('/usr/local/bin/index-release') + .without_content(%r{^if ! curl -A SOLR -s --retry 5 --fail https://babel.hathitrust.org}) + } + + it { + expect(subject).to contain_cron('catalog solr index release') + .with(hour: 6, minute: 25) } end it { is_expected.to contain_class('nebula::profile::loki') } - end end end diff --git a/spec/classes/profile/hathitrust/solr6/classic_spec.rb b/spec/classes/profile/hathitrust/solr6/classic_spec.rb index 608632c15..8397d995a 100644 --- a/spec/classes/profile/hathitrust/solr6/classic_spec.rb +++ b/spec/classes/profile/hathitrust/solr6/classic_spec.rb @@ -1,4 +1,5 @@ # frozen_string_literal: true + require 'spec_helper' describe 'nebula::profile::hathitrust::solr6::classic' do diff --git a/spec/classes/profile/hathitrust/solr6/lss_spec.rb b/spec/classes/profile/hathitrust/solr6/lss_spec.rb index cbf05cb7b..50484f376 100644 --- a/spec/classes/profile/hathitrust/solr6/lss_spec.rb +++ b/spec/classes/profile/hathitrust/solr6/lss_spec.rb @@ -1,4 +1,5 @@ # frozen_string_literal: true + require 'spec_helper' describe 'nebula::profile::hathitrust::solr6::lss' do @@ -9,63 +10,79 @@ it { is_expected.to compile } it { is_expected.to contain_class('nebula::profile::hathitrust::solr6') } - it { is_expected.to contain_file('/var/lib/solr/solr.in.sh').with_content(/SOLR_PORT=8081/) } - it { is_expected.to contain_file('/usr/local/bin/index-release') - .with_content(%r|BASE=/htsolr/lss|) - .with_content(%r|^SNAP=".snapshot/htsolr-lss_\${TODAY}"$|) - .with_content(/CORES="66 99"/) - .with_content(%r|/flags/STOPLSSRELEASE|) - .with_content(%r|/bin/echo "STOPLSSRELEASE flag present|) - .with_content(%r|SEGMENTS=`ls \${BASE}/cores/\${s}/\${SNAP}/core-\${s}x/data/index/|) - .without_content(/if \[ \${SEGMENTS} -eq 0 \];/) - .with_content(/if \[ \${SEGMENTS} -lt 1 \] \|\| \[ \${SEGMENTS} -gt 2 \];/) - .with_content(%r|rm -f \${SYMLINKBASE}/lss-\${s} && ln -s \${BASE}/cores/\${s}/\${SNAP} \${SYMLINKBASE}/lss-\${s}$|) - .without_content(/^# run the first query to initialize catalog solr$/) - .with_content(/^# run the first query to initialize lss solr$/) + it { is_expected.to contain_file('/var/lib/solr/solr.in.sh').with_content(%r{SOLR_PORT=8081}) } + + it { + expect(subject).to contain_file('/usr/local/bin/index-release') + .with_content(%r{BASE=/htsolr/lss}) + .with_content(%r|^SNAP=".snapshot/htsolr-lss_\${TODAY}"$|) + .with_content(%r{CORES="66 99"}) + .with_content(%r{/flags/STOPLSSRELEASE}) + .with_content(%r{/bin/echo "STOPLSSRELEASE flag present}) + .with_content(%r|SEGMENTS=`ls \${BASE}/cores/\${s}/\${SNAP}/core-\${s}x/data/index/|) + .without_content(%r{if \[ \${SEGMENTS} -eq 0 \];}) + .with_content(%r{if \[ \${SEGMENTS} -lt 1 \] \|\| \[ \${SEGMENTS} -gt 2 \];}) + .with_content(%r|rm -f \${SYMLINKBASE}/lss-\${s} && ln -s \${BASE}/cores/\${s}/\${SNAP} \${SYMLINKBASE}/lss-\${s}$|) + .without_content(%r{^# run the first query to initialize catalog solr$}) + .with_content(%r{^# run the first query to initialize lss solr$}) } - it { is_expected.to contain_cron('lss solr index release') - .with(command: "/usr/local/bin/index-release > /tmp/index-release.log 2>&1 || /usr/bin/mail -s 'foo lss index release problem' nobody@default.invalid < /tmp/index-release.log") + + it { + expect(subject).to contain_cron('lss solr index release') + .with(command: "/usr/local/bin/index-release > /tmp/index-release.log 2>&1 || /usr/bin/mail -s 'foo lss index release problem' nobody@default.invalid < /tmp/index-release.log") } - context 'on primary site' do + context 'when on primary site' do let(:params) do { is_primary_site: true } end - it { is_expected.to contain_file('/usr/local/bin/index-release') - .with_content(%r|^if ! curl -A SOLR -s --retry 5 --fail https://babel.hathitrust.org/flags/web/lss-release-\${TODAY} --resolve "babel.hathitrust.org:443:5.4.3.2"|) + + it { + expect(subject).to contain_file('/usr/local/bin/index-release') + .with_content(%r|^if ! curl -A SOLR -s --retry 5 --fail https://babel.hathitrust.org/flags/web/lss-release-\${TODAY} --resolve "babel.hathitrust.org:443:5.4.3.2"|) } - it { is_expected.to contain_cron('lss solr index release') - .with(hour: 6, minute: 0) + + it { + expect(subject).to contain_cron('lss solr index release') + .with(hour: 6, minute: 0) } end - context 'on mirror site' do + + context 'when on mirror site' do let(:params) do { is_primary_site: false } end - it { is_expected.to contain_file('/usr/local/bin/index-release') - .without_content(%r|^if ! curl -A SOLR -s --retry 5 --fail https://babel.hathitrust.org|) } - it { is_expected.to contain_cron('lss solr index release') - .with(hour: 5, minute: 55) + + it { + expect(subject).to contain_file('/usr/local/bin/index-release') + .without_content(%r{^if ! curl -A SOLR -s --retry 5 --fail https://babel.hathitrust.org}) + } + + it { + expect(subject).to contain_cron('lss solr index release') + .with(hour: 5, minute: 55) } end - context 'on primary node' do + context 'when on primary node' do let(:params) do { is_primary_node: true } end + it { - is_expected.to contain_file('/usr/local/bin/index-release').with_content(%r|^touch /htapps/babel/flags/web/lss-release-\${TODAY}$|) + expect(subject).to contain_file('/usr/local/bin/index-release').with_content(%r|^touch /htapps/babel/flags/web/lss-release-\${TODAY}$|) } end - context 'on non-primary node' do + + context 'when on non-primary node' do let(:params) do { is_primary_node: false } end + it { - is_expected.to contain_file('/usr/local/bin/index-release').without_content(%r|^touch /htapps/babel/flags/web/lss-release-\${TODAY}$|) + expect(subject).to contain_file('/usr/local/bin/index-release').without_content(%r|^touch /htapps/babel/flags/web/lss-release-\${TODAY}$|) } end - end end end diff --git a/spec/classes/profile/hathitrust/solr6_spec.rb b/spec/classes/profile/hathitrust/solr6_spec.rb index 610c22251..f9bbdde64 100644 --- a/spec/classes/profile/hathitrust/solr6_spec.rb +++ b/spec/classes/profile/hathitrust/solr6_spec.rb @@ -1,4 +1,5 @@ # frozen_string_literal: true + require 'spec_helper' describe 'nebula::profile::hathitrust::solr6' do @@ -18,11 +19,13 @@ it { is_expected.to contain_file('/etc/systemd/system/solr.service').with_content(%r{SOLR_INCLUDE=/s0lr/h0me/solr.in.sh}) } it { is_expected.to contain_file('/s0lr/h0me/log4j.properties').with_content(%r{solr.log=/s0lr/h0me/logs}) } it { is_expected.to contain_file('/s0lr/h0me/solr.xml') } - it { is_expected.to contain_file('/s0lr/h0me/solr.in.sh') - .with_content(/SOLR_PORT=2525/) - .with_content(/-Dsolr.lock.type=single/) - .with_content(%r|SOLR_HOME="/s0lr/h0me"|) - .with_content(%r|SOLR_JAVA_HOME="/usr/lib/jvm/temurin-8-jre-amd64"|) + + it { + expect(subject).to contain_file('/s0lr/h0me/solr.in.sh') + .with_content(%r{SOLR_PORT=2525}) + .with_content(%r{-Dsolr.lock.type=single}) + .with_content(%r{SOLR_HOME="/s0lr/h0me"}) + .with_content(%r{SOLR_JAVA_HOME="/usr/lib/jvm/temurin-8-jre-amd64"}) } # firewall diff --git a/spec/classes/profile/http_fileserver_spec.rb b/spec/classes/profile/http_fileserver_spec.rb index da1d58997..a271c7e71 100644 --- a/spec/classes/profile/http_fileserver_spec.rb +++ b/spec/classes/profile/http_fileserver_spec.rb @@ -13,7 +13,7 @@ let(:facts) { os_facts } let(:hiera_config) { 'spec/fixtures/hiera/deb_server_config.yaml' } - let(:node) { "foo.example.com" } # see spec/default_facts.yml + let(:node) { 'foo.example.com' } # see spec/default_facts.yml let(:params) do { storage_path: 'somehost:/whatever' } @@ -24,7 +24,7 @@ it { is_expected.to contain_file('/var/local/http').with_ensure('directory') } it do - is_expected.to contain_class('apache').with( + expect(subject).to contain_class('apache').with( docroot: '/srv/www', default_ssl_cert: '/etc/letsencrypt/live/foo.example.com/fullchain.pem', default_ssl_key: '/etc/letsencrypt/live/foo.example.com/privkey.pem', @@ -34,43 +34,43 @@ end it do - is_expected.to contain_apache__vhost("foo.example.com http") - .with_servername("foo.example.com") + expect(subject).to contain_apache__vhost('foo.example.com http') + .with_servername('foo.example.com') .with_port(80) - .with_docroot("/var/local/http") - .that_requires("File[/var/local/http]") + .with_docroot('/var/local/http') + .that_requires('File[/var/local/http]') end it do - is_expected.to contain_nebula__cert("foo.example.com") - .with_webroot("/var/local/http") - .that_requires("File[/var/local/http]") - .that_requires("Apache::Vhost[foo.example.com http]") + expect(subject).to contain_nebula__cert('foo.example.com') + .with_webroot('/var/local/http') + .that_requires('File[/var/local/http]') + .that_requires('Apache::Vhost[foo.example.com http]') end - context "with no existing certificate" do - let(:node) { "nocert.example.com" } + context 'with no existing certificate' do + let(:node) { 'nocert.example.com' } it do - is_expected.to contain_class('apache') + expect(subject).to contain_class('apache') .with_docroot('/srv/www') .with_default_vhost(false) .with_default_ssl_vhost(false) end it do - is_expected.to contain_apache__vhost("nocert.example.com http") - .with_servername("nocert.example.com") + expect(subject).to contain_apache__vhost('nocert.example.com http') + .with_servername('nocert.example.com') .with_port(80) - .with_docroot("/var/local/http") - .that_requires("File[/var/local/http]") + .with_docroot('/var/local/http') + .that_requires('File[/var/local/http]') end it do - is_expected.to contain_nebula__cert("nocert.example.com") - .with_webroot("/var/local/http") - .that_requires("File[/var/local/http]") - .that_requires("Apache::Vhost[nocert.example.com http]") + expect(subject).to contain_nebula__cert('nocert.example.com') + .with_webroot('/var/local/http') + .that_requires('File[/var/local/http]') + .that_requires('Apache::Vhost[nocert.example.com http]') end end end diff --git a/spec/classes/profile/https_to_port_spec.rb b/spec/classes/profile/https_to_port_spec.rb index 480fc88f1..26aee1461 100644 --- a/spec/classes/profile/https_to_port_spec.rb +++ b/spec/classes/profile/https_to_port_spec.rb @@ -20,20 +20,20 @@ it { is_expected.to contain_class('nginx') } it do - is_expected.to contain_nginx__resource__server('letsencrypt-webroot') + expect(subject).to contain_nginx__resource__server('letsencrypt-webroot') .with_server_name([server_name]) .with_listen_port(80) .with_www_root('/var/www') end it do - is_expected.to contain_nebula__cert(server_name) + expect(subject).to contain_nebula__cert(server_name) .with_webroot('/var/www') .that_requires('Nginx::Resource::Server[letsencrypt-webroot]') end it do - is_expected.to contain_nginx__resource__server('https-forwarder') + expect(subject).to contain_nginx__resource__server('https-forwarder') .with_server_name([server_name]) .with_listen_port(443) .with_proxy('http://localhost:1234') @@ -44,27 +44,27 @@ end it do - is_expected.to contain_cron('restart nginx weekly to keep SSL keys up to date') + expect(subject).to contain_cron('restart nginx weekly to keep SSL keys up to date') .with_command('/bin/systemctl restart nginx') end - context 'and server_name is set to example.invalid' do + context 'with server_name set to example.invalid' do let(:server_name) { 'example.invalid' } let(:params) do super().merge(server_name: server_name) end it do - is_expected.to contain_nginx__resource__server('letsencrypt-webroot') + expect(subject).to contain_nginx__resource__server('letsencrypt-webroot') .with_server_name([server_name]) end it do - is_expected.to contain_nebula__cert(server_name) + expect(subject).to contain_nebula__cert(server_name) end it do - is_expected.to contain_nginx__resource__server('https-forwarder') + expect(subject).to contain_nginx__resource__server('https-forwarder') .with_server_name([server_name]) .with_ssl_cert("#{letsencrypt_directory}/fullchain.pem") .with_ssl_key("#{letsencrypt_directory}/privkey.pem") @@ -72,7 +72,7 @@ end end - context "and server_name is set to something that doesn't have keys yet" do + context "with server_name set to something that doesn't have keys yet" do let(:server_name) { 'nokeysyet.invalid' } let(:params) do super().merge(server_name: server_name) @@ -81,18 +81,18 @@ it { is_expected.not_to contain_nginx__resource__server('https-forwarder') } end - context 'and webroot is set to /opt/html' do + context 'with webroot set to /opt/html' do let(:params) do super().merge(webroot: '/opt/html') end it do - is_expected.to contain_nginx__resource__server('letsencrypt-webroot') + expect(subject).to contain_nginx__resource__server('letsencrypt-webroot') .with_www_root('/opt/html') end it do - is_expected.to contain_nebula__cert(server_name) + expect(subject).to contain_nebula__cert(server_name) .with_webroot('/opt/html') end end @@ -102,7 +102,7 @@ let(:params) { { port: 2468 } } it do - is_expected.to contain_nginx__resource__server('https-forwarder') + expect(subject).to contain_nginx__resource__server('https-forwarder') .with_proxy('http://localhost:2468') end end diff --git a/spec/classes/profile/imagemagick_spec.rb b/spec/classes/profile/imagemagick_spec.rb index 1eb241893..e98fc10cb 100644 --- a/spec/classes/profile/imagemagick_spec.rb +++ b/spec/classes/profile/imagemagick_spec.rb @@ -20,7 +20,7 @@ # don't expect it to need to be different on different machines. # # Other values were taken from the default jessie config. - is_expected.to contain_file('/etc/ImageMagick-6/policy.xml').with( + expect(subject).to contain_file('/etc/ImageMagick-6/policy.xml').with( require: 'Package[imagemagick]', content: %r{domain="resource" name="width" value="1MP"}, ) diff --git a/spec/classes/profile/known_host_public_keys_spec.rb b/spec/classes/profile/known_host_public_keys_spec.rb index 777164593..380747f42 100644 --- a/spec/classes/profile/known_host_public_keys_spec.rb +++ b/spec/classes/profile/known_host_public_keys_spec.rb @@ -13,33 +13,33 @@ context 'with fqdn of example.invalid and some ssh public keys' do let(:facts) do { - 'fqdn' => "example.invalid", - "ssh" => { - "ecdsa" => { - "type" => "ecdsa-sha2-nistp256", - "key" => "ecdsa_key" + 'fqdn' => 'example.invalid', + 'ssh' => { + 'ecdsa' => { + 'type' => 'ecdsa-sha2-nistp256', + 'key' => 'ecdsa_key', }, - "rsa" => { - "type" => "ssh-rsa", - "key" => "rsa_key" - } - } + 'rsa' => { + 'type' => 'ssh-rsa', + 'key' => 'rsa_key', + }, + }, } end it { is_expected.to compile } - it "exports an ssh_known_hosts line for its ecdsa key" do - expect(exported_resources).to contain_concat_fragment("known host example.invalid ecdsa") - .with_target("/etc/ssh/ssh_known_hosts") - .with_tag("known_host_public_keys") + it 'exports an ssh_known_hosts line for its ecdsa key' do + expect(exported_resources).to contain_concat_fragment('known host example.invalid ecdsa') + .with_target('/etc/ssh/ssh_known_hosts') + .with_tag('known_host_public_keys') .with_content("example.invalid ecdsa-sha2-nistp256 ecdsa_key\n") end - it "exports an ssh_known_hosts line for its rsa key" do - expect(exported_resources).to contain_concat_fragment("known host example.invalid rsa") - .with_target("/etc/ssh/ssh_known_hosts") - .with_tag("known_host_public_keys") + it 'exports an ssh_known_hosts line for its rsa key' do + expect(exported_resources).to contain_concat_fragment('known host example.invalid rsa') + .with_target('/etc/ssh/ssh_known_hosts') + .with_tag('known_host_public_keys') .with_content("example.invalid ssh-rsa rsa_key\n") end end diff --git a/spec/classes/profile/krb5_spec.rb b/spec/classes/profile/krb5_spec.rb index 8df0ec13c..f985b7fd5 100644 --- a/spec/classes/profile/krb5_spec.rb +++ b/spec/classes/profile/krb5_spec.rb @@ -15,16 +15,16 @@ it { is_expected.to contain_class('nebula::profile::networking::keytab') } it do - is_expected.to contain_debconf('krb5-config/default_realm') + expect(subject).to contain_debconf('krb5-config/default_realm') .with_type('string') .with_value('REALM.DEFAULT.INVALID') end - context 'given a realm of EXAMPLE.COM' do + context 'with a realm of EXAMPLE.COM' do let(:params) { { realm: 'EXAMPLE.COM' } } it do - is_expected.to contain_debconf('krb5-config/default_realm') + expect(subject).to contain_debconf('krb5-config/default_realm') .with_type('string') .with_value('EXAMPLE.COM') end diff --git a/spec/classes/profile/kubelet_spec.rb b/spec/classes/profile/kubelet_spec.rb index e691e5167..224853ee2 100644 --- a/spec/classes/profile/kubelet_spec.rb +++ b/spec/classes/profile/kubelet_spec.rb @@ -9,132 +9,133 @@ on_supported_os.each do |os, os_facts| context "on #{os}" do let(:facts) { os_facts } - let(:params) { { kubelet_version: "invalid-example-version" } } + let(:params) { { kubelet_version: 'invalid-example-version' } } it { is_expected.to compile } # Prerequisites according to kubernetes documentation: # https://kubernetes.io/docs/setup/production-environment/container-runtimes/ - it { is_expected.to contain_kmod__load("overlay") } - it { is_expected.to contain_kmod__load("br_netfilter") } - it { is_expected.to contain_file("/etc/sysctl.d/kubelet.conf").that_notifies("Service[procps]") } - ["net.bridge.bridge-nf-call-iptables", - "net.bridge.bridge-nf-call-ip6tables", - "net.ipv4.ip_forward"].each do |param| + it { is_expected.to contain_kmod__load('overlay') } + it { is_expected.to contain_kmod__load('br_netfilter') } + it { is_expected.to contain_file('/etc/sysctl.d/kubelet.conf').that_notifies('Service[procps]') } + + ['net.bridge.bridge-nf-call-iptables', + 'net.bridge.bridge-nf-call-ip6tables', + 'net.ipv4.ip_forward'].each do |param| it do - is_expected.to contain_file("/etc/sysctl.d/kubelet.conf") - .with_content(/^#{param} *= *1$/) + expect(subject).to contain_file('/etc/sysctl.d/kubelet.conf') + .with_content(%r{^#{param} *= *1$}) end end - it { is_expected.to contain_service("containerd") } + it { is_expected.to contain_service('containerd') } it do - is_expected.to contain_apt__source("kubernetes") - .with_location("https://pkgs.k8s.io/core:/stable:/vX.YZ/deb/") - .with_release("/") + expect(subject).to contain_apt__source('kubernetes') + .with_location('https://pkgs.k8s.io/core:/stable:/vX.YZ/deb/') + .with_release('/') end it do - is_expected.to contain_package("kubelet") - .with_ensure("invalid-example-version") - .that_requires("Apt::Source[kubernetes]") + expect(subject).to contain_package('kubelet') + .with_ensure('invalid-example-version') + .that_requires('Apt::Source[kubernetes]') end it do - is_expected.to contain_apt__pin("kubelet") - .with_packages(["kubelet"]) - .with_version("invalid-example-version") + expect(subject).to contain_apt__pin('kubelet') + .with_packages(['kubelet']) + .with_version('invalid-example-version') .with_priority(999) end it do - is_expected.to contain_service("kubelet") - .with_ensure("running") + expect(subject).to contain_service('kubelet') + .with_ensure('running') .with_enable(true) - .that_requires("Package[kubelet]") + .that_requires('Package[kubelet]') end - context "with kubelet_version set to 1.2.3-00" do - let(:params) { { kubelet_version: "1.2.3-00" } } + context 'with kubelet_version set to 1.2.3-00' do + let(:params) { { kubelet_version: '1.2.3-00' } } - it { is_expected.to contain_package("kubelet").with_ensure("1.2.3-00") } - it { is_expected.to contain_apt__pin("kubelet").with_version("1.2.3-00") } + it { is_expected.to contain_package('kubelet').with_ensure('1.2.3-00') } + it { is_expected.to contain_apt__pin('kubelet').with_version('1.2.3-00') } end it do - is_expected.to contain_exec("kubelet reload daemon") - .that_notifies("Service[kubelet]") + expect(subject).to contain_exec('kubelet reload daemon') + .that_notifies('Service[kubelet]') .with_refreshonly(true) - .with_command("/bin/systemctl daemon-reload") + .with_command('/bin/systemctl daemon-reload') end it do - is_expected.to contain_file("/etc/kubernetes/manifests") - .with_ensure("directory") + expect(subject).to contain_file('/etc/kubernetes/manifests') + .with_ensure('directory') .with_recurse(true) .with_purge(true) - .that_requires("Package[kubelet]") + .that_requires('Package[kubelet]') end it do - is_expected.to contain_file("/etc/systemd/system/kubelet.service.d") - .with_ensure("directory") - .that_requires("Package[kubelet]") + expect(subject).to contain_file('/etc/systemd/system/kubelet.service.d') + .with_ensure('directory') + .that_requires('Package[kubelet]') end it do - is_expected.to contain_file("/etc/systemd/system/kubelet.service.d/20-containerd-and-manifest-dir.conf") - .that_requires("File[/etc/systemd/system/kubelet.service.d]") - .that_requires("Package[kubelet]") - .that_notifies("Exec[kubelet reload daemon]") + expect(subject).to contain_file('/etc/systemd/system/kubelet.service.d/20-containerd-and-manifest-dir.conf') + .that_requires('File[/etc/systemd/system/kubelet.service.d]') + .that_requires('Package[kubelet]') + .that_notifies('Exec[kubelet reload daemon]') end it do - is_expected.to contain_file("/etc/systemd/system/kubelet.service.d/20-containerd-and-manifest-dir.conf") - .with_content(/^Restart=always$/) + expect(subject).to contain_file('/etc/systemd/system/kubelet.service.d/20-containerd-and-manifest-dir.conf') + .with_content(%r{^Restart=always$}) end it do # This is important because we're using this file to override # the contents of the original systemd file. Without this empty # line, systemd might ignore our preferred ExecStart. - is_expected.to contain_file("/etc/systemd/system/kubelet.service.d/20-containerd-and-manifest-dir.conf") - .with_content(/^ExecStart=$/) + expect(subject).to contain_file('/etc/systemd/system/kubelet.service.d/20-containerd-and-manifest-dir.conf') + .with_content(%r{^ExecStart=$}) end it do - is_expected.to contain_file("/etc/systemd/system/kubelet.service.d/20-containerd-and-manifest-dir.conf") - .with_content(/^ExecStart=\/usr\/bin\/kubelet --config=\/etc\/kubernetes\/kubelet\.yaml$/) + expect(subject).to contain_file('/etc/systemd/system/kubelet.service.d/20-containerd-and-manifest-dir.conf') + .with_content(%r{^ExecStart=/usr/bin/kubelet --config=/etc/kubernetes/kubelet\.yaml$}) end it do - is_expected.to contain_file("/etc/kubernetes/kubelet.yaml") - .with_content(/address:.*127.0.0.1/) - .with_content(/staticPodPath:.*\/etc\/kubernetes\/manifests/) - .with_content(/cgroupDriver:.*systemd/) - .with_content(/containerRuntimeEndpoint:.*unix:\/\/\/run\/containerd\/containerd.sock/) + expect(subject).to contain_file('/etc/kubernetes/kubelet.yaml') + .with_content(%r{address:.*127.0.0.1}) + .with_content(%r{staticPodPath:.*/etc/kubernetes/manifests}) + .with_content(%r{cgroupDriver:.*systemd}) + .with_content(%r{containerRuntimeEndpoint:.*unix:///run/containerd/containerd.sock}) end - context "with pod_manifest_path set to /tmp/kubelet" do - let(:params) { { kubelet_version: "123", pod_manifest_path: "/tmp/kubelet" } } + context 'with pod_manifest_path set to /tmp/kubelet' do + let(:params) { { kubelet_version: '123', pod_manifest_path: '/tmp/kubelet' } } - it { is_expected.not_to contain_file("/etc/kubernetes/manifests") } - it { is_expected.to contain_file("/tmp/kubelet") } + it { is_expected.not_to contain_file('/etc/kubernetes/manifests') } + it { is_expected.to contain_file('/tmp/kubelet') } it do - is_expected.to contain_file("/etc/kubernetes/kubelet.yaml") - .with_content(/staticPodPath:.*\/tmp\/kubelet/) + expect(subject).to contain_file('/etc/kubernetes/kubelet.yaml') + .with_content(%r{staticPodPath:.*/tmp/kubelet}) end end - context "with manage_pods_with_puppet set to false" do - let(:params) { { kubelet_version: "123", manage_pods_with_puppet: false } } + context 'with manage_pods_with_puppet set to false' do + let(:params) { { kubelet_version: '123', manage_pods_with_puppet: false } } - it { is_expected.not_to contain_file("/etc/kubernetes/manifests") } - it { is_expected.not_to contain_file("/etc/systemd/system/kubelet.service.d") } - it { is_expected.not_to contain_file("/etc/systemd/system/kubelet.service.d/20-containerd-and-manifest-dir.conf") } - it { is_expected.not_to contain_exec("kubelet reload daemon") } + it { is_expected.not_to contain_file('/etc/kubernetes/manifests') } + it { is_expected.not_to contain_file('/etc/systemd/system/kubelet.service.d') } + it { is_expected.not_to contain_file('/etc/systemd/system/kubelet.service.d/20-containerd-and-manifest-dir.conf') } + it { is_expected.not_to contain_exec('kubelet reload daemon') } end end end diff --git a/spec/classes/profile/kubernetes/apt_spec.rb b/spec/classes/profile/kubernetes/apt_spec.rb index dc1d8f416..fb33771e8 100644 --- a/spec/classes/profile/kubernetes/apt_spec.rb +++ b/spec/classes/profile/kubernetes/apt_spec.rb @@ -5,25 +5,25 @@ describe 'nebula::profile::kubernetes::apt' do on_supported_os.each do |os, os_facts| context "on #{os}" do - #let(:hiera_config) { 'spec/fixtures/hiera/kubernetes/first_cluster_config.yaml' } let(:facts) { os_facts } it { is_expected.to compile } - context "with default hiera config" do + context 'with no kubernetes hiera config' do it do - is_expected.to contain_apt__source("kubernetes") - .with_location("https://pkgs.k8s.io/core:/stable:/vX.YZ/deb/") - .with_release("/") + expect(subject).to contain_apt__source('kubernetes') + .with_location('https://pkgs.k8s.io/core:/stable:/vX.YZ/deb/') + .with_release('/') end end - context "with default hiera config" do + context 'with a kubernetes hiera config' do let(:hiera_config) { 'spec/fixtures/hiera/kubernetes/first_cluster_config.yaml' } + it do - is_expected.to contain_apt__source("kubernetes") - .with_location("https://pkgs.k8s.io/core:/stable:/v1.29/deb/") - .with_release("/") + expect(subject).to contain_apt__source('kubernetes') + .with_location('https://pkgs.k8s.io/core:/stable:/v1.29/deb/') + .with_release('/') end end end diff --git a/spec/classes/profile/kubernetes/bootstrap/destination_spec.rb b/spec/classes/profile/kubernetes/bootstrap/destination_spec.rb index 64a5594ef..7f21611f2 100644 --- a/spec/classes/profile/kubernetes/bootstrap/destination_spec.rb +++ b/spec/classes/profile/kubernetes/bootstrap/destination_spec.rb @@ -14,7 +14,7 @@ it { is_expected.to compile } it do - is_expected.to contain_file('/var/lib/kubeadm_bootstrap/.ssh/authorized_keys') + expect(subject).to contain_file('/var/lib/kubeadm_bootstrap/.ssh/authorized_keys') .with_owner('kubeadm_bootstrap') .with_content("first cluster public key value\n") .that_requires('File[/var/lib/kubeadm_bootstrap/.ssh]') @@ -24,7 +24,7 @@ let(:hiera_config) { 'spec/fixtures/hiera/kubernetes/second_cluster_config.yaml' } it do - is_expected.to contain_file('/var/lib/kubeadm_bootstrap/.ssh/authorized_keys') + expect(subject).to contain_file('/var/lib/kubeadm_bootstrap/.ssh/authorized_keys') .with_content("general public key value\n") end end diff --git a/spec/classes/profile/kubernetes/bootstrap/etcd_config_spec.rb b/spec/classes/profile/kubernetes/bootstrap/etcd_config_spec.rb index 104cd2163..2d5d7e835 100644 --- a/spec/classes/profile/kubernetes/bootstrap/etcd_config_spec.rb +++ b/spec/classes/profile/kubernetes/bootstrap/etcd_config_spec.rb @@ -14,7 +14,7 @@ it { is_expected.to compile } it do - is_expected.to contain_file('/etc/systemd/system/kubelet.service.d/20-etcd-service-manager.conf') + expect(subject).to contain_file('/etc/systemd/system/kubelet.service.d/20-etcd-service-manager.conf') .with_content(%r{^ExecStart=/usr/bin/kubelet --config=/etc/kubernetes/kubelet\.yaml$}) .that_notifies('Exec[kubelet reload daemon]') .that_requires('Package[kubelet]') @@ -22,17 +22,17 @@ end it do - is_expected.to contain_file("/etc/kubernetes/kubelet.yaml") - .with_content(/address:.*127.0.0.1/) - .with_content(/staticPodPath:.*\/etc\/kubernetes\/manifests/) - .with_content(/cgroupDriver:.*systemd/) - .with_content(/containerRuntimeEndpoint:.*unix:\/\/\/run\/containerd\/containerd.sock/) + expect(subject).to contain_file('/etc/kubernetes/kubelet.yaml') + .with_content(%r{address:.*127.0.0.1}) + .with_content(%r{staticPodPath:.*/etc/kubernetes/manifests}) + .with_content(%r{cgroupDriver:.*systemd}) + .with_content(%r{containerRuntimeEndpoint:.*unix:///run/containerd/containerd.sock}) end it { is_expected.to contain_file('/etc/systemd/system/kubelet.service.d').with_ensure('directory') } it do - is_expected.to contain_exec('kubelet reload daemon') + expect(subject).to contain_exec('kubelet reload daemon') .with_command('/bin/systemctl daemon-reload') .with_refreshonly(true) .that_notifies('Service[kubelet]') diff --git a/spec/classes/profile/kubernetes/bootstrap/source_spec.rb b/spec/classes/profile/kubernetes/bootstrap/source_spec.rb index 2e31e472e..ac9f7a9b9 100644 --- a/spec/classes/profile/kubernetes/bootstrap/source_spec.rb +++ b/spec/classes/profile/kubernetes/bootstrap/source_spec.rb @@ -14,14 +14,14 @@ it { is_expected.to compile } it do - is_expected.to contain_file('/var/lib/kubeadm_bootstrap/.ssh/id_rsa.pub') + expect(subject).to contain_file('/var/lib/kubeadm_bootstrap/.ssh/id_rsa.pub') .with_owner('kubeadm_bootstrap') .with_content("first cluster public key value\n") .that_requires('File[/var/lib/kubeadm_bootstrap/.ssh]') end it do - is_expected.to contain_file('/var/lib/kubeadm_bootstrap/.ssh/id_rsa') + expect(subject).to contain_file('/var/lib/kubeadm_bootstrap/.ssh/id_rsa') .with_owner('kubeadm_bootstrap') .with_mode('0600') .with_content("first cluster private key value\n") @@ -32,12 +32,12 @@ let(:hiera_config) { 'spec/fixtures/hiera/kubernetes/second_cluster_config.yaml' } it do - is_expected.to contain_file('/var/lib/kubeadm_bootstrap/.ssh/id_rsa.pub') + expect(subject).to contain_file('/var/lib/kubeadm_bootstrap/.ssh/id_rsa.pub') .with_content("general public key value\n") end it do - is_expected.to contain_file('/var/lib/kubeadm_bootstrap/.ssh/id_rsa') + expect(subject).to contain_file('/var/lib/kubeadm_bootstrap/.ssh/id_rsa') .with_content("general private key value\n") end end diff --git a/spec/classes/profile/kubernetes/bootstrap/user_spec.rb b/spec/classes/profile/kubernetes/bootstrap/user_spec.rb index 0049044c4..aad8c4de7 100644 --- a/spec/classes/profile/kubernetes/bootstrap/user_spec.rb +++ b/spec/classes/profile/kubernetes/bootstrap/user_spec.rb @@ -13,19 +13,19 @@ it { is_expected.to compile } it do - is_expected.to contain_user('kubeadm_bootstrap') + expect(subject).to contain_user('kubeadm_bootstrap') .with_home('/var/lib/kubeadm_bootstrap') end it do - is_expected.to contain_file('/var/lib/kubeadm_bootstrap') + expect(subject).to contain_file('/var/lib/kubeadm_bootstrap') .with_ensure('directory') .with_owner('kubeadm_bootstrap') .that_requires('User[kubeadm_bootstrap]') end it do - is_expected.to contain_file('/var/lib/kubeadm_bootstrap/.ssh') + expect(subject).to contain_file('/var/lib/kubeadm_bootstrap/.ssh') .with_ensure('directory') .with_owner('kubeadm_bootstrap') .with_mode('0700') diff --git a/spec/classes/profile/kubernetes/destination_port_spec.rb b/spec/classes/profile/kubernetes/destination_port_spec.rb index 285e1553a..484f4f47e 100644 --- a/spec/classes/profile/kubernetes/destination_port_spec.rb +++ b/spec/classes/profile/kubernetes/destination_port_spec.rb @@ -25,7 +25,7 @@ subject { exported_resources } it do - is_expected.to contain_concat_fragment("haproxy kubernetes #{service.tr('_', ' ')} #{facts[:hostname]}") + expect(subject).to contain_concat_fragment("haproxy kubernetes #{service.tr('_', ' ')} #{facts[:hostname]}") .with_target("/etc/haproxy/services.d/#{service}.cfg") .with_order('02') .with_content(" server #{facts[:hostname]} #{facts[:ipaddress]}:#{port} #{options}\n") @@ -34,9 +34,9 @@ if service == 'etcd' it do - is_expected.to contain_concat_fragment("prometheus #{service.tr('_', ' ')} service #{facts[:hostname]}") + expect(subject).to contain_concat_fragment("prometheus #{service.tr('_', ' ')} service #{facts[:hostname]}") .with_target("/etc/prometheus/#{service}.yml") - .with_tag("mydatacenter_prometheus_etcd_service_list") + .with_tag('mydatacenter_prometheus_etcd_service_list') end end end diff --git a/spec/classes/profile/kubernetes/dns_client_spec.rb b/spec/classes/profile/kubernetes/dns_client_spec.rb index f9045d789..d62d2da88 100644 --- a/spec/classes/profile/kubernetes/dns_client_spec.rb +++ b/spec/classes/profile/kubernetes/dns_client_spec.rb @@ -11,10 +11,10 @@ let(:hiera_config) { 'spec/fixtures/hiera/kubernetes/first_cluster_config.yaml' } let(:facts) do os_facts.merge( - 'networking' => { + 'networking' => { 'interfaces' => { - 'ens4' => { - 'ip' => '10.123.234.5', + 'ens4' => { + 'ip' => '10.123.234.5', }, }, }, @@ -31,29 +31,29 @@ end it do - is_expected.to contain_file('/etc/resolv.conf') + expect(subject).to contain_file('/etc/resolv.conf') .with_content("search first.cluster\nnameserver 172.16.0.1\n") end context 'with fqdn of default.invalid and an ssh-rsa public key' do - let(:node) { "default.invalid" } + let(:node) { 'default.invalid' } let(:facts) do { - "ssh" => { - "rsa" => { - "type" => "ssh-rsa", - "key" => "abc123" - } - } + 'ssh' => { + 'rsa' => { + 'type' => 'ssh-rsa', + 'key' => 'abc123', + }, + }, } end it { is_expected.to compile } - it "exports an ssh_known_hosts line for its rsa key" do - expect(exported_resources).to contain_concat_fragment("known first_cluster host default rsa") - .with_target("/etc/ssh/ssh_known_hosts") - .with_tag("first_cluster_known_host_public_keys") + it 'exports an ssh_known_hosts line for its rsa key' do + expect(exported_resources).to contain_concat_fragment('known first_cluster host default rsa') + .with_target('/etc/ssh/ssh_known_hosts') + .with_tag('first_cluster_known_host_public_keys') .with_content("default ssh-rsa abc123\n") end end diff --git a/spec/classes/profile/kubernetes/dns_server_spec.rb b/spec/classes/profile/kubernetes/dns_server_spec.rb index bd5f3f910..f318fdcc4 100644 --- a/spec/classes/profile/kubernetes/dns_server_spec.rb +++ b/spec/classes/profile/kubernetes/dns_server_spec.rb @@ -12,10 +12,10 @@ let(:hiera_config) { 'spec/fixtures/hiera/kubernetes/first_cluster_config.yaml' } let(:facts) do os_facts.merge( - 'networking' => { + 'networking' => { 'interfaces' => { - 'ens4' => { - 'ip' => '10.123.234.5', + 'ens4' => { + 'ip' => '10.123.234.5', }, }, }, @@ -32,7 +32,7 @@ %w[TCP UDP].each do |proto| it do - is_expected.to contain_firewall("200 Nameserver (#{proto})") + expect(subject).to contain_firewall("200 Nameserver (#{proto})") .with_dport(53) .with_source('172.28.0.0/14') .with_state('NEW') @@ -43,45 +43,45 @@ it { is_expected.to contain_concat('/etc/hosts').that_notifies('Service[dnsmasq]') } it do - is_expected.to contain_concat_fragment('/etc/hosts ipv4 localhost') + expect(subject).to contain_concat_fragment('/etc/hosts ipv4 localhost') .with_target('/etc/hosts') .with_order('01') .with_content("127.0.0.1 localhost\n") end it do - is_expected.to contain_concat_fragment('/etc/hosts ipv4 etcd-all') + expect(subject).to contain_concat_fragment('/etc/hosts ipv4 etcd-all') .with_target('/etc/hosts') .with_order('02') .with_content("172.16.0.6 etcd.first.cluster etcd\n") end it do - is_expected.to contain_concat_fragment('/etc/hosts ipv4 kube-api') + expect(subject).to contain_concat_fragment('/etc/hosts ipv4 kube-api') .with_target('/etc/hosts') .with_order('03') .with_content("172.16.0.7 kube-api.first.cluster kube-api\n") end it do - is_expected.to contain_concat_fragment('/etc/hosts ipv6 localhost') + expect(subject).to contain_concat_fragment('/etc/hosts ipv6 localhost') .with_target('/etc/hosts') .with_order('05') .with_content("::1 localhost ip6-localhost ip6-loopback\n") end it do - is_expected.to contain_file('/etc/dnsmasq.d/smartconnect') + expect(subject).to contain_file('/etc/dnsmasq.d/smartconnect') .with_content("server=/sc.default.invalid/192.0.2.7\n") end it do - is_expected.to contain_file('/etc/dnsmasq.d/local_domain') + expect(subject).to contain_file('/etc/dnsmasq.d/local_domain') .with_content("local=/first.cluster/\n") end it do - is_expected.to contain_concat_fragment('/etc/hosts ipv6 debian') + expect(subject).to contain_concat_fragment('/etc/hosts ipv6 debian') .with_target('/etc/hosts') .with_order('06') .with_content("ff02::1 ip6-allnodes\nff02::2 ip6-allrouters\n") @@ -97,7 +97,7 @@ it { is_expected.not_to contain_file('/etc/dnsmasq.d/smartconnect') } it do - is_expected.to contain_file('/etc/dnsmasq.d/local_domain') + expect(subject).to contain_file('/etc/dnsmasq.d/local_domain') .with_content("local=/second.cluster/\n") end end diff --git a/spec/classes/profile/kubernetes/etcdctl_spec.rb b/spec/classes/profile/kubernetes/etcdctl_spec.rb index 46f975d98..b445e0685 100644 --- a/spec/classes/profile/kubernetes/etcdctl_spec.rb +++ b/spec/classes/profile/kubernetes/etcdctl_spec.rb @@ -12,21 +12,21 @@ let(:facts) { os_facts } it { is_expected.to compile } - it { is_expected.to contain_package("etcd-client") } - it { is_expected.to contain_file("/etc/etcd").with_ensure("directory") } - it { is_expected.to contain_file("/etc/etcd/README") } + it { is_expected.to contain_package('etcd-client') } + it { is_expected.to contain_file('/etc/etcd').with_ensure('directory') } + it { is_expected.to contain_file('/etc/etcd/README') } it do - is_expected.to contain_file("/etc/profile.d/etcdctl.sh") - .with_content(/ETCDCTL_ENDPOINTS="10.1.2.3:2379,10.2.4.6:2379,10.3.6.9:2379"/) + expect(subject).to contain_file('/etc/profile.d/etcdctl.sh') + .with_content(%r{ETCDCTL_ENDPOINTS="10.1.2.3:2379,10.2.4.6:2379,10.3.6.9:2379"}) end - context "in the second cluster" do + context 'when in the second cluster' do let(:hiera_config) { 'spec/fixtures/hiera/kubernetes/second_cluster_config.yaml' } it do - is_expected.to contain_file("/etc/profile.d/etcdctl.sh") - .with_content(/ETCDCTL_ENDPOINTS="192.168.2.3:2379,192.168.4.6:2379,192.168.6.9:2379"/) + expect(subject).to contain_file('/etc/profile.d/etcdctl.sh') + .with_content(%r{ETCDCTL_ENDPOINTS="192.168.2.3:2379,192.168.4.6:2379,192.168.6.9:2379"}) end end end diff --git a/spec/classes/profile/kubernetes/filesystems_spec.rb b/spec/classes/profile/kubernetes/filesystems_spec.rb index 0e1f4c530..74b1f95a9 100644 --- a/spec/classes/profile/kubernetes/filesystems_spec.rb +++ b/spec/classes/profile/kubernetes/filesystems_spec.rb @@ -18,11 +18,11 @@ let(:params) do { cifs_mounts: { - 'bad_thing' => { + 'bad_thing' => { 'remote_target' => '//kubernetes.default.invalid/kubernetes', - 'uid' => 'default', - 'gid' => 'default', - 'user' => 'kubernetes', + 'uid' => 'default', + 'gid' => 'default', + 'user' => 'kubernetes', }, }, } diff --git a/spec/classes/profile/kubernetes/haproxy_spec.rb b/spec/classes/profile/kubernetes/haproxy_spec.rb index 421a33eec..feb513fb5 100644 --- a/spec/classes/profile/kubernetes/haproxy_spec.rb +++ b/spec/classes/profile/kubernetes/haproxy_spec.rb @@ -17,14 +17,14 @@ it { is_expected.to contain_package('haproxyctl') } it do - is_expected.to contain_service('haproxy') + expect(subject).to contain_service('haproxy') .with_ensure('running') .with_enable(true) .that_requires('Package[haproxy]') end it do - is_expected.to contain_nebula__authzd_user('haproxyctl') + expect(subject).to contain_nebula__authzd_user('haproxyctl') .with_gid('haproxy') .with_home('/var/haproxyctl') end @@ -33,7 +33,7 @@ let(:file) { '/etc/default/haproxy' } it do - is_expected.to contain_file(file) + expect(subject).to contain_file(file) .with_content(%r{^CONFIG="/etc/haproxy/haproxy\.cfg"$}) .with_content(%r{^EXTRAOPTS="-f /etc/haproxy/services\.d"$}) .that_notifies('Service[haproxy]') @@ -60,25 +60,21 @@ [:private, 12201, 'gelf_tcp'], ].each do |ip, port, service| describe 'the firewall' do - case ip - when :public - it do - is_expected.to contain_firewall("200 public #{service}") + it do + case ip + when :public + expect(subject).to contain_firewall("200 public #{service}") .with_proto('tcp') .with_state('NEW') .with_action('accept') .with_dport(port) .without_source - end - when :private - it do - is_expected.to contain_nebula__exposed_port("200 private #{service}") + when :private + expect(subject).to contain_nebula__exposed_port("200 private #{service}") .with_port(port) .with_block('umich::networks::datacenter') - end - else - it do - is_expected.to contain_firewall("200 private #{service}") + else + expect(subject).to contain_firewall("200 private #{service}") .with_proto('tcp') .with_state('NEW') .with_action('accept') @@ -113,7 +109,7 @@ end it do - is_expected.to contain_concat_fragment(fragment) + expect(subject).to contain_concat_fragment(fragment) .with_content(%r{^ bind #{ip_address}:#{port}$}) end @@ -129,7 +125,7 @@ end it do - is_expected.to contain_concat_fragment(fragment) + expect(subject).to contain_concat_fragment(fragment) .with_content(%r{^ bind #{ip_address}:#{port}$}) end end diff --git a/spec/classes/profile/kubernetes/keepalived_spec.rb b/spec/classes/profile/kubernetes/keepalived_spec.rb index 77bb2c64e..95f2b93a8 100644 --- a/spec/classes/profile/kubernetes/keepalived_spec.rb +++ b/spec/classes/profile/kubernetes/keepalived_spec.rb @@ -18,7 +18,7 @@ it { is_expected.to contain_package('ipset') } it do - is_expected.to contain_service('keepalived') + expect(subject).to contain_service('keepalived') .with_ensure('running') .with_enable(true) .that_requires(['Package[keepalived]', 'Package[ipset]']) @@ -28,12 +28,12 @@ let(:file) { '/etc/keepalived/keepalived.conf' } it do - is_expected.to contain_concat(file) + expect(subject).to contain_concat(file) .that_notifies('Service[keepalived]') end it do - is_expected.to contain_concat_fragment('keepalived preamble') + expect(subject).to contain_concat_fragment('keepalived preamble') .with_target(file) .with_order('01') end @@ -47,7 +47,7 @@ end it do - is_expected.to contain_concat_fragment('keepalived postamble') + expect(subject).to contain_concat_fragment('keepalived postamble') .with_target(file) .with_order('99') end @@ -75,7 +75,7 @@ end it do - is_expected.to contain_concat_fragment('keepalived preamble') + expect(subject).to contain_concat_fragment('keepalived preamble') .with_content(%r{virtual_ipaddress \{[^\}]*10\.0\.0\.2[^\}]*\}}m) .with_content(%r{virtual_ipaddress \{[^\}]*172\.16\.1\.1 dev ens4[^\}]*\}}m) .with_content(%r{virtual_ipaddress \{[^\}]*172\.16\.1\.6 dev ens4[^\}]*\}}m) @@ -99,7 +99,7 @@ let(:file) { '/etc/sysctl.d/keepalived.conf' } it do - is_expected.to contain_file(file) + expect(subject).to contain_file(file) .with_content(%r{^net.ipv4.ip_nonlocal_bind = 1$}) .that_notifies(['Service[keepalived]', 'Service[procps]']) end @@ -108,22 +108,22 @@ context 'with fqdn of default.invalid and an ssh-rsa public key' do let(:facts) do { - 'fqdn' => "default.invalid", - "ssh" => { - "rsa" => { - "type" => "ssh-rsa", - "key" => "abc123" - } - } + 'fqdn' => 'default.invalid', + 'ssh' => { + 'rsa' => { + 'type' => 'ssh-rsa', + 'key' => 'abc123', + }, + }, } end it { is_expected.to compile } - it "exports an ssh_known_hosts line for its rsa key" do - expect(exported_resources).to contain_concat_fragment("known host public.first.cluster default.invalid rsa") - .with_target("/etc/ssh/ssh_known_hosts") - .with_tag("known_host_public_keys") + it 'exports an ssh_known_hosts line for its rsa key' do + expect(exported_resources).to contain_concat_fragment('known host public.first.cluster default.invalid rsa') + .with_target('/etc/ssh/ssh_known_hosts') + .with_tag('known_host_public_keys') .with_content("public.first.cluster ssh-rsa abc123\n") end end diff --git a/spec/classes/profile/kubernetes/kubeadm_spec.rb b/spec/classes/profile/kubernetes/kubeadm_spec.rb index b3be83b29..1918cbc1b 100644 --- a/spec/classes/profile/kubernetes/kubeadm_spec.rb +++ b/spec/classes/profile/kubernetes/kubeadm_spec.rb @@ -19,7 +19,7 @@ it { is_expected.to contain_package('kubeadm').that_requires('Apt::Source[kubernetes]') } it do - is_expected.to contain_apt__pin('kubeadm').with( + expect(subject).to contain_apt__pin('kubeadm').with( packages: ['kubeadm'], version: '1.14.2-1.1', priority: 999, @@ -34,13 +34,13 @@ it { is_expected.to contain_apt__pin('kubeadm').with_version('1.11.9-1.2') } it do - is_expected.to contain_file('/etc/sysctl.d/kubernetes_cluster.conf') + expect(subject).to contain_file('/etc/sysctl.d/kubernetes_cluster.conf') .with_content(%r{^fs\.inotify\.max_user_instances *= *8192$}) .that_notifies('Service[procps]') end it do - is_expected.to contain_file('/etc/sysctl.d/kubernetes_cluster.conf') + expect(subject).to contain_file('/etc/sysctl.d/kubernetes_cluster.conf') .with_content(%r{^fs\.inotify\.max_user_watches *= *524288$}) .that_notifies('Service[procps]') end diff --git a/spec/classes/profile/kubernetes/kubectl_spec.rb b/spec/classes/profile/kubernetes/kubectl_spec.rb index cecdfda2e..730652f00 100644 --- a/spec/classes/profile/kubernetes/kubectl_spec.rb +++ b/spec/classes/profile/kubernetes/kubectl_spec.rb @@ -18,14 +18,14 @@ it { is_expected.to contain_concat('/var/local/generate_pki.sh') } it do - is_expected.to contain_concat_fragment('cluster pki preamble') + expect(subject).to contain_concat_fragment('cluster pki preamble') .with_target('/var/local/generate_pki.sh') .with_order('01') .with_content(%r{^KUBE_INTERNAL_IP='172\.16\.0\.1'$}) end it do - is_expected.to contain_concat_fragment('cluster pki functions') + expect(subject).to contain_concat_fragment('cluster pki functions') .with_target('/var/local/generate_pki.sh') .with_order('03') end @@ -34,7 +34,7 @@ let(:hiera_config) { 'spec/fixtures/hiera/kubernetes/second_cluster_config.yaml' } it do - is_expected.to contain_concat_fragment('cluster pki preamble') + expect(subject).to contain_concat_fragment('cluster pki preamble') .with_content(%r{^KUBE_INTERNAL_IP='192\.168\.0\.1'$}) end end diff --git a/spec/classes/profile/kubernetes/kubelet_spec.rb b/spec/classes/profile/kubernetes/kubelet_spec.rb index 0ca8c0df5..ccf5deb78 100644 --- a/spec/classes/profile/kubernetes/kubelet_spec.rb +++ b/spec/classes/profile/kubernetes/kubelet_spec.rb @@ -15,8 +15,8 @@ it { is_expected.to contain_kmod__load('br_netfilter') } it do - is_expected.to contain_file('/etc/sysctl.d/kubelet.conf') - .with_content(/^net.bridge.bridge-nf-call-ip6tables = 1\nnet.bridge.bridge-nf-call-iptables = 1\nnet.ipv4.ip_forward = 1/) + expect(subject).to contain_file('/etc/sysctl.d/kubelet.conf') + .with_content(%r{^net.bridge.bridge-nf-call-ip6tables = 1\nnet.bridge.bridge-nf-call-iptables = 1\nnet.ipv4.ip_forward = 1}) .that_notifies('Service[procps]') end @@ -67,7 +67,7 @@ it { is_expected.to contain_package('kubelet').that_requires('Apt::Source[kubernetes]') } it do - is_expected.to contain_apt__pin('kubelet').with( + expect(subject).to contain_apt__pin('kubelet').with( packages: ['kubelet'], version: '1.14.2-1.1', priority: 999, @@ -75,12 +75,12 @@ end it do - is_expected.to contain_apt__source('kubernetes').with( + expect(subject).to contain_apt__source('kubernetes').with( location: 'https://pkgs.k8s.io/core:/stable:/v1.29/deb/', release: '/', repos: '', key: { - 'name' => 'k8s.io.asc', + 'name' => 'k8s.io.asc', 'source' => 'https://pkgs.k8s.io/core:/stable:/v1.29/deb/Release.key', }, ) @@ -93,11 +93,11 @@ [%w[2379 2380 2381], 'etcd', 'tcp'], [10250, 'kubelet', 'tcp'], [6443, 'kubernetes API', 'tcp'], - ['30000-32767', 'NodePorts', 'tcp'], - [9100, 'Prometheus', 'tcp'], + %w[30000-32767 NodePorts tcp], + [9100, 'Prometheus', 'tcp'], ].each do |ports, purpose, proto| it do - is_expected.to contain_firewall("200 Cluster #{purpose}") + expect(subject).to contain_firewall("200 Cluster #{purpose}") .with_proto(proto) .with_dport(ports) .with_source('172.28.0.0/14') diff --git a/spec/classes/profile/kubernetes/prometheus_spec.rb b/spec/classes/profile/kubernetes/prometheus_spec.rb index 33d158224..215dc585a 100644 --- a/spec/classes/profile/kubernetes/prometheus_spec.rb +++ b/spec/classes/profile/kubernetes/prometheus_spec.rb @@ -16,7 +16,7 @@ it { is_expected.to contain_file('/var/local/prometheus').with_ensure('directory') } it do - is_expected.to contain_concat_file('/etc/prometheus/nodes.yml') + expect(subject).to contain_concat_file('/etc/prometheus/nodes.yml') .with_path('/var/local/prometheus/nodes.yml') .with_require('File[/var/local/prometheus]') end diff --git a/spec/classes/profile/kubernetes/router_spec.rb b/spec/classes/profile/kubernetes/router_spec.rb index 330bb02b6..909a4f937 100644 --- a/spec/classes/profile/kubernetes/router_spec.rb +++ b/spec/classes/profile/kubernetes/router_spec.rb @@ -14,13 +14,13 @@ it { is_expected.to compile } it do - is_expected.to contain_file('/etc/sysctl.d/router.conf') + expect(subject).to contain_file('/etc/sysctl.d/router.conf') .with_content(%r{^net\.ipv4\.ip_forward *= *1$}) .that_notifies('Service[procps]') end it do - is_expected.to contain_firewall('001 Do not NAT internal requests') + expect(subject).to contain_firewall('001 Do not NAT internal requests') .with_table('nat') .with_chain('POSTROUTING') .with_action('accept') @@ -30,7 +30,7 @@ end it do - is_expected.to contain_firewall('002 Give internal requests our private IP') + expect(subject).to contain_firewall('002 Give internal requests our private IP') .with_table('nat') .with_chain('POSTROUTING') .with_jump('SNAT') @@ -41,7 +41,7 @@ end it do - is_expected.to contain_firewall('003 Give external requests our public IP') + expect(subject).to contain_firewall('003 Give external requests our public IP') .with_table('nat') .with_chain('POSTROUTING') .with_jump('SNAT') @@ -54,7 +54,7 @@ let(:hiera_config) { 'spec/fixtures/hiera/kubernetes/second_cluster_config.yaml' } it do - is_expected.to contain_firewall('001 Do not NAT internal requests') + expect(subject).to contain_firewall('001 Do not NAT internal requests') .with_source('10.123.234.0/24') .with_destination('10.123.234.0/24') end @@ -62,7 +62,7 @@ it { is_expected.not_to contain_firewall('002 Give internal requests our private IP') } it do - is_expected.to contain_firewall('003 Give external requests our public IP') + expect(subject).to contain_firewall('003 Give external requests our public IP') .with_source('10.123.234.0/24') .with_tosource('10.0.0.2') end diff --git a/spec/classes/profile/logrotate_spec.rb b/spec/classes/profile/logrotate_spec.rb index 19a8e5b0e..60702587e 100644 --- a/spec/classes/profile/logrotate_spec.rb +++ b/spec/classes/profile/logrotate_spec.rb @@ -13,7 +13,7 @@ it { is_expected.to compile } it 'sets debian defaults in /etc/logrotate.conf' do - is_expected.to contain_logrotate__conf('/etc/logrotate.conf').with( + expect(subject).to contain_logrotate__conf('/etc/logrotate.conf').with( create: true, rotate_every: 'weekly', rotate: 4, @@ -24,7 +24,7 @@ # reason to stop doing that, although we switched them from # monthly to weekly, as they can get very large otherwise. it "contains debian's wtmp logrotate config" do - is_expected.to contain_logrotate__rule('wtmp').with( + expect(subject).to contain_logrotate__rule('wtmp').with( path: '/var/log/wtmp', missingok: true, rotate_every: 'week', @@ -36,7 +36,7 @@ end it "contains debian's btmp logrotate config" do - is_expected.to contain_logrotate__rule('btmp').with( + expect(subject).to contain_logrotate__rule('btmp').with( path: '/var/log/btmp', missingok: true, rotate_every: 'week', diff --git a/spec/classes/profile/loki_spec.rb b/spec/classes/profile/loki_spec.rb index c07d4a31f..60bd14765 100644 --- a/spec/classes/profile/loki_spec.rb +++ b/spec/classes/profile/loki_spec.rb @@ -15,27 +15,27 @@ it { is_expected.to contain_file('/var/lib/alloy/crt.pem') } it { is_expected.to contain_file('/var/lib/alloy/crt.key').with_mode('0600').with_owner('alloy') } - it "writes /etc/default/alloy to set up /etc/alloy/ as a drop-in config dir" do - is_expected.to contain_file('/etc/default/alloy') - .with_content(%r|CONFIG_FILE="/etc/alloy/"|) - .with_content(%r|managed by Puppet|) + it 'writes /etc/default/alloy to set up /etc/alloy/ as a drop-in config dir' do + expect(subject).to contain_file('/etc/default/alloy') + .with_content(%r{CONFIG_FILE="/etc/alloy/"}) + .with_content(%r{managed by Puppet}) end - it "writes grafana alloy config" do - is_expected.to contain_file('/etc/alloy/config.alloy') - .with_content(/managed by Puppet/) - .with_content(/stage.static_labels {values = {"hostname" = "/) - .with_content(%r|url = "https://loki-gateway.loki/loki/api/v1/push"|) + it 'writes grafana alloy config' do + expect(subject).to contain_file('/etc/alloy/config.alloy') + .with_content(%r{managed by Puppet}) + .with_content(%r{stage.static_labels \{values = \{"hostname" = "}) + .with_content(%r{url = "https://loki-gateway.loki/loki/api/v1/push"}) end - context("with loki url set") do - let(:params) { {endpoint_url: "https://loki.example.com/loki/api/v1/push"} } - it "writes loki url to config.alloy" do - is_expected.to contain_file('/etc/alloy/config.alloy') - .with_content(%r|url = "https://loki.example.com/loki/api/v1/push"|) + context('with loki url set') do + let(:params) { { endpoint_url: 'https://loki.example.com/loki/api/v1/push' } } + + it 'writes loki url to config.alloy' do + expect(subject).to contain_file('/etc/alloy/config.alloy') + .with_content(%r{url = "https://loki.example.com/loki/api/v1/push"}) end end - end end end diff --git a/spec/classes/profile/managed_known_hosts_spec.rb b/spec/classes/profile/managed_known_hosts_spec.rb index 0d6c5ef55..84055b685 100644 --- a/spec/classes/profile/managed_known_hosts_spec.rb +++ b/spec/classes/profile/managed_known_hosts_spec.rb @@ -17,7 +17,7 @@ let(:params) { { static_host_keys: { 'myhost' => { 'ssh-ed25519' => 'abc123==' } } } } it do - is_expected.to contain_concat_fragment('static known host myhost ssh-ed25519') + expect(subject).to contain_concat_fragment('static known host myhost ssh-ed25519') .with_tag('known_host_public_keys') .with_target('/etc/ssh/ssh_known_hosts') .with_content("myhost ssh-ed25519 abc123==\n") diff --git a/spec/classes/profile/monitor_pl_spec.rb b/spec/classes/profile/monitor_pl_spec.rb index d64852490..5937fae78 100644 --- a/spec/classes/profile/monitor_pl_spec.rb +++ b/spec/classes/profile/monitor_pl_spec.rb @@ -1,4 +1,3 @@ - # frozen_string_literal: true # Copyright (c) 2018 The Regents of the University of Michigan. @@ -17,19 +16,22 @@ context 'with default parameters' do it { - is_expected.to contain_concat_fragment('monitor nfs mounts') + expect(subject).to contain_concat_fragment('monitor nfs mounts') .with(tag: 'monitor_config', content: %r{nfs: \[\]}) } + it { - is_expected.to contain_concat_fragment('monitor solr cores') + expect(subject).to contain_concat_fragment('monitor solr cores') .with(tag: 'monitor_config', content: %r{solr: \[\]}) } + it { - is_expected.to contain_concat_fragment('monitor mysql') + expect(subject).to contain_concat_fragment('monitor mysql') .with(tag: 'monitor_config', content: %r{mysql:}) } + it { - is_expected.to contain_concat_fragment('monitor shibboleth') + expect(subject).to contain_concat_fragment('monitor shibboleth') .with(tag: 'monitor_config', content: %r{shibd: false}) } end @@ -47,19 +49,22 @@ end it { - is_expected.to contain_concat_fragment('monitor nfs mounts') + expect(subject).to contain_concat_fragment('monitor nfs mounts') .with(tag: 'monitor_config', content: YAML.dump('nfs' => params[:nfs_mounts])) } + it { - is_expected.to contain_concat_fragment('monitor solr cores') + expect(subject).to contain_concat_fragment('monitor solr cores') .with(tag: 'monitor_config', content: YAML.dump('solr' => params[:solr_cores])) } + it { - is_expected.to contain_concat_fragment('monitor mysql') + expect(subject).to contain_concat_fragment('monitor mysql') .with(tag: 'monitor_config', content: YAML.dump('mysql' => params[:mysql])) } + it { - is_expected.to contain_concat_fragment('monitor shibboleth') + expect(subject).to contain_concat_fragment('monitor shibboleth') .with(tag: 'monitor_config', content: YAML.dump('shibd' => params[:shibboleth])) } end diff --git a/spec/classes/profile/networking/firewall/ssh_spec.rb b/spec/classes/profile/networking/firewall/ssh_spec.rb index d16421b5b..c78cbfba9 100644 --- a/spec/classes/profile/networking/firewall/ssh_spec.rb +++ b/spec/classes/profile/networking/firewall/ssh_spec.rb @@ -22,7 +22,7 @@ it { is_expected.to compile } it do - is_expected.to contain_nebula__exposed_port('100 SSH').with( + expect(subject).to contain_nebula__exposed_port('100 SSH').with( port: 22, block: 'umich::networks::all_trusted_machines', ) @@ -41,14 +41,14 @@ it { is_expected.to compile } it do - is_expected.to contain_nebula__exposed_port('100 SSH').with( + expect(subject).to contain_nebula__exposed_port('100 SSH').with( port: 22, block: 'umich::networks::all_trusted_machines', ) end it do - is_expected.to contain_nebula__exposed_port('100 Private SSH').with( + expect(subject).to contain_nebula__exposed_port('100 Private SSH').with( port: 22, block: 'umich::networks::private_bastion_hosts', ) diff --git a/spec/classes/profile/networking/firewall_spec.rb b/spec/classes/profile/networking/firewall_spec.rb index f21775131..2ad502f24 100644 --- a/spec/classes/profile/networking/firewall_spec.rb +++ b/spec/classes/profile/networking/firewall_spec.rb @@ -13,7 +13,7 @@ let(:hiera_config) { 'spec/fixtures/hiera/firewall_config.yaml' } it do - is_expected.to contain_firewall('001 accept related established rules').with( + expect(subject).to contain_firewall('001 accept related established rules').with( proto: 'all', state: %w[RELATED ESTABLISHED], action: 'accept', @@ -21,7 +21,7 @@ end it do - is_expected.to contain_firewall('001 accept related established rules (v6)').with( + expect(subject).to contain_firewall('001 accept related established rules (v6)').with( proto: 'all', state: %w[RELATED ESTABLISHED], action: 'accept', @@ -30,7 +30,7 @@ end it do - is_expected.to contain_firewall('001 accept all to lo interface').with( + expect(subject).to contain_firewall('001 accept all to lo interface').with( proto: 'all', iniface: 'lo', action: 'accept', @@ -38,7 +38,7 @@ end it do - is_expected.to contain_firewall('001 accept all to lo interface (v6)').with( + expect(subject).to contain_firewall('001 accept all to lo interface (v6)').with( proto: 'all', iniface: 'lo', action: 'accept', @@ -48,7 +48,7 @@ it do # from hiera - is_expected.to contain_firewall('200 HTTP: custom rule').with( + expect(subject).to contain_firewall('200 HTTP: custom rule').with( proto: 'tcp', dport: %w[8081 8082], source: '10.2.3.4', @@ -58,7 +58,7 @@ end it do - is_expected.to contain_firewall('200 NTP: custom rule').with( + expect(subject).to contain_firewall('200 NTP: custom rule').with( proto: 'udp', dport: 123, source: '10.4.5.6', @@ -68,7 +68,7 @@ end it do - is_expected.to contain_firewall('900 port forwarding: an advanced rule').with( + expect(subject).to contain_firewall('900 port forwarding: an advanced rule').with( table: 'nat', proto: 'tcp', dport: '4657', @@ -76,21 +76,21 @@ chain: 'PREROUTING', toports: '1234', ) - is_expected.not_to contain_firewall('900 port forwarding: an advanced rule').with( + expect(subject).not_to contain_firewall('900 port forwarding: an advanced rule').with( action: 'accept', state: 'NEW', ) end it do - is_expected.to contain_firewall('999 drop all').with( + expect(subject).to contain_firewall('999 drop all').with( proto: 'all', action: 'drop', ) end it do - is_expected.to contain_firewall('999 drop all (v6)').with( + expect(subject).to contain_firewall('999 drop all (v6)').with( proto: 'all', action: 'drop', provider: 'ip6tables', @@ -111,13 +111,13 @@ %w[INPUT OUTPUT FORWARD].each do |chain| it do - is_expected.to contain_firewallchain("#{chain}:filter:IPv4") + expect(subject).to contain_firewallchain("#{chain}:filter:IPv4") .with_ensure('present') .with_purge(true) end it do - is_expected.to contain_firewallchain("#{chain}:filter:IPv6") + expect(subject).to contain_firewallchain("#{chain}:filter:IPv6") .with_ensure('present') .with_purge(true) end diff --git a/spec/classes/profile/networking/keytab_spec.rb b/spec/classes/profile/networking/keytab_spec.rb index 64c5b6110..9566cece0 100644 --- a/spec/classes/profile/networking/keytab_spec.rb +++ b/spec/classes/profile/networking/keytab_spec.rb @@ -16,7 +16,7 @@ let(:params) { { keytab: 'nebula/keytab.fake' } } it do - is_expected.to contain_file('/etc/krb5.keytab').with( + expect(subject).to contain_file('/etc/krb5.keytab').with( mode: '0600', content: %r{^This is not a real keytab.}, ) @@ -55,7 +55,7 @@ end it do - is_expected.to contain_file('/etc/krb5.keytab').with( + expect(subject).to contain_file('/etc/krb5.keytab').with( mode: '0600', source: 'alternate source', ) diff --git a/spec/classes/profile/networking/private_spec.rb b/spec/classes/profile/networking/private_spec.rb index 4b96e61ee..22bed2a59 100644 --- a/spec/classes/profile/networking/private_spec.rb +++ b/spec/classes/profile/networking/private_spec.rb @@ -24,14 +24,14 @@ end it do - is_expected.to contain_file('/etc/network/interfaces.d/private').with_content(<<~EOT) + expect(subject).to contain_file('/etc/network/interfaces.d/private').with_content(<<~IFACE) auto eth1 iface eth1 inet static address 10.0.2.123 netmask 255.255.0.0 network 10.0.0.0 broadcast 10.0.255.255 - EOT + IFACE end end @@ -52,7 +52,7 @@ end it do - is_expected.to contain_file('/etc/network/interfaces.d/private') + expect(subject).to contain_file('/etc/network/interfaces.d/private') .with_content(%r{auto ens4\niface ens4 inet static}m) end end diff --git a/spec/classes/profile/networking/sshd_group_mask_spec.rb b/spec/classes/profile/networking/sshd_group_mask_spec.rb index 48b921c3b..553ab9203 100644 --- a/spec/classes/profile/networking/sshd_group_mask_spec.rb +++ b/spec/classes/profile/networking/sshd_group_mask_spec.rb @@ -11,7 +11,7 @@ let(:facts) { os_facts } it do - is_expected.to contain_concat_fragment('/etc/pam.d/sshd: group umask') + expect(subject).to contain_concat_fragment('/etc/pam.d/sshd: group umask') .with_target('/etc/pam.d/sshd') .with_content(%r{session optional pam_umask.so umask=0002}) end diff --git a/spec/classes/profile/networking/sshd_spec.rb b/spec/classes/profile/networking/sshd_spec.rb index bfebbf666..215d21eb3 100644 --- a/spec/classes/profile/networking/sshd_spec.rb +++ b/spec/classes/profile/networking/sshd_spec.rb @@ -17,7 +17,7 @@ def contain_sshd it { is_expected.to contain_sshd.that_notifies('Service[sshd]') } it do - is_expected.to contain_service('sshd').only_with( + expect(subject).to contain_service('sshd').only_with( ensure: 'running', enable: true, hasrestart: true, @@ -44,7 +44,7 @@ def contain_sshd end it "doesn't contain whitelist settings other than pubkey" do - is_expected.to contain_sshd.without_content( + expect(subject).to contain_sshd.without_content( %r{^Match Address [0-9.,/!]+\n\s*PubkeyAuthentication yes\n.}m, ) end @@ -53,7 +53,7 @@ def contain_sshd let(:params) { { whitelist: [] } } it do - is_expected.to contain_sshd.without_content( + expect(subject).to contain_sshd.without_content( %r{^Match Address}, ) end @@ -61,7 +61,7 @@ def contain_sshd context 'with no keytab' do it do - is_expected.not_to contain_sshd.with_content( + expect(subject).not_to contain_sshd.with_content( %r{^GSSAPIAuthentication yes$}m, ) end @@ -69,24 +69,24 @@ def contain_sshd context 'with a keytab' do let(:pre_condition) do - <<~EOT + <<~KEYTAB class { 'nebula::profile::networking::keytab': keytab => 'nebula/keytab.fake', keytab_source => 'alternate source' } - EOT + KEYTAB end it do - is_expected.to contain_sshd.with_content( + expect(subject).to contain_sshd.with_content( %r{^Match Address [0-9.,/!]+\n\s*PubkeyAuthentication yes\n\s*GSSAPIAuthentication yes$}m, ) end end it do - is_expected.to contain_concat('/etc/ssh/ssh_config') - is_expected.to contain_concat_fragment('main ssh client config') + expect(subject).to contain_concat('/etc/ssh/ssh_config') + expect(subject).to contain_concat_fragment('main ssh client config') .with_target('/etc/ssh/ssh_config') .with_content(%r{^\s*SendEnv LANG LC_\*$}) end @@ -96,7 +96,7 @@ class { 'nebula::profile::networking::keytab': it { is_expected.to contain_concat_file('/etc/pam.d/sshd').with_path('/etc/pam.d/sshd') } it do - is_expected.to contain_concat_fragment('/etc/pam.d/sshd: base') + expect(subject).to contain_concat_fragment('/etc/pam.d/sshd: base') .with_target('/etc/pam.d/sshd') .with_content(%r{@include sshd-defaults}) end diff --git a/spec/classes/profile/networking/sysctl_spec.rb b/spec/classes/profile/networking/sysctl_spec.rb index 0a256c315..5e4f2df7d 100644 --- a/spec/classes/profile/networking/sysctl_spec.rb +++ b/spec/classes/profile/networking/sysctl_spec.rb @@ -17,7 +17,7 @@ def contain_sysctl it { is_expected.to contain_sysctl.that_notifies('Service[procps]') } it do - is_expected.to contain_service('procps').only_with( + expect(subject).to contain_service('procps').only_with( ensure: 'running', enable: true, hasrestart: true, diff --git a/spec/classes/profile/networking_spec.rb b/spec/classes/profile/networking_spec.rb index a9a5ef563..1ad92c438 100644 --- a/spec/classes/profile/networking_spec.rb +++ b/spec/classes/profile/networking_spec.rb @@ -30,7 +30,7 @@ def contain_network_class(name) # more details about when it might be safe to remove this. %w[procps sshd].each do |service| it do - is_expected.to contain_exec("/bin/systemctl status #{service}") + expect(subject).to contain_exec("/bin/systemctl status #{service}") .that_subscribes_to(['Service[procps]', 'Service[sshd]']) .with_refreshonly(true) end diff --git a/spec/classes/profile/ntp_spec.rb b/spec/classes/profile/ntp_spec.rb index 10354b38d..2df7c7ac4 100644 --- a/spec/classes/profile/ntp_spec.rb +++ b/spec/classes/profile/ntp_spec.rb @@ -11,7 +11,7 @@ let(:facts) { os_facts } it do - is_expected.to contain_service('ntp').with( + expect(subject).to contain_service('ntp').with( enable: true, ensure: 'running', ) @@ -24,7 +24,7 @@ it { is_expected.to contain_file('/etc/ntp.conf').that_notifies('Service[ntp]') } - context 'given ntp[123].realdomain.com' do + context 'with ntp[123].realdomain.com' do let(:params) do { servers: [ diff --git a/spec/classes/profile/prometheus/exporter/haproxy_spec.rb b/spec/classes/profile/prometheus/exporter/haproxy_spec.rb index 7d037d83b..4aeefcc12 100644 --- a/spec/classes/profile/prometheus/exporter/haproxy_spec.rb +++ b/spec/classes/profile/prometheus/exporter/haproxy_spec.rb @@ -15,19 +15,19 @@ it { is_expected.to contain_package('prometheus-haproxy-exporter') } it do - is_expected.to contain_service('prometheus-haproxy-exporter') + expect(subject).to contain_service('prometheus-haproxy-exporter') .with_ensure('running') .with_enable(true) end it 'defines a systemd service' do - is_expected.to contain_file('/etc/systemd/system/prometheus-haproxy-exporter.service') + expect(subject).to contain_file('/etc/systemd/system/prometheus-haproxy-exporter.service') .that_requires('Package[prometheus-haproxy-exporter]') .that_notifies('Service[prometheus-haproxy-exporter]') end it 'defines default file' do - is_expected.to contain_file('/etc/default/prometheus-haproxy-exporter') + expect(subject).to contain_file('/etc/default/prometheus-haproxy-exporter') .that_requires('Package[prometheus-haproxy-exporter]') .that_notifies('Service[prometheus-haproxy-exporter]') end @@ -62,7 +62,7 @@ it { is_expected.not_to compile } end - context 'at datacenter fakedatacenter' do + context 'when at datacenter fakedatacenter' do let(:facts) { os_facts.merge(datacenter: 'fakedatacenter') } it do diff --git a/spec/classes/profile/prometheus/exporter/ipmi_spec.rb b/spec/classes/profile/prometheus/exporter/ipmi_spec.rb index ce0081707..09b95a346 100644 --- a/spec/classes/profile/prometheus/exporter/ipmi_spec.rb +++ b/spec/classes/profile/prometheus/exporter/ipmi_spec.rb @@ -10,263 +10,263 @@ context "on #{os}" do let(:facts) do os_facts.merge(mlibrary_ip_addresses: { - "public" => [os_facts[:ipaddress]], - "private" => [] - }) + 'public' => [os_facts[:ipaddress]], + 'private' => [], + }) end it { is_expected.to compile } - it { is_expected.not_to contain_service("kubelet") } - it { is_expected.not_to contain_file("/etc/prometheus") } - it { is_expected.not_to contain_file("/etc/prometheus/ipmi.yaml") } + it { is_expected.not_to contain_service('kubelet') } + it { is_expected.not_to contain_file('/etc/prometheus') } + it { is_expected.not_to contain_file('/etc/prometheus/ipmi.yaml') } it { expect(exported_resources).not_to contain_concat_fragment("prometheus ipmi scrape config #{facts[:hostname]}") } - context "with an account set" do + context 'with an account set' do let(:params) do { accounts: { - "remote-ipmi.example" => { - "username" => "myuser123", - "password" => "!!secret!!" - } - }} + 'remote-ipmi.example' => { + 'username' => 'myuser123', + 'password' => '!!secret!!', + }, + } } end it { is_expected.to compile } - it { is_expected.to contain_service("kubelet") } - it { is_expected.to contain_file("/etc/kubernetes/manifests/ipmi_exporter.yaml") } + it { is_expected.to contain_service('kubelet') } + it { is_expected.to contain_file('/etc/kubernetes/manifests/ipmi_exporter.yaml') } - it { is_expected.to contain_file("/etc/prometheus").with_ensure("directory") } + it { is_expected.to contain_file('/etc/prometheus').with_ensure('directory') } it do - is_expected.to contain_file("/etc/prometheus/ipmi.yaml") - .that_requires("File[/etc/prometheus]") - .with_content(/remote-ipmi.example:\n *user: "myuser123"\n *pass: "!!secret!!"/m) - .with_content(/^ *privilege: "user"$/) - .with_content(/^ *timeout: 20000$/) - .with_content(/^ *driver: "LAN_2_0"$/) - .with_content(/collectors:\n *- "bmc"\n *- "ipmi"\n *- "chassis"/m) - .without_content(/exclude_sensor_ids/) + expect(subject).to contain_file('/etc/prometheus/ipmi.yaml') + .that_requires('File[/etc/prometheus]') + .with_content(%r{remote-ipmi.example:\n *user: "myuser123"\n *pass: "!!secret!!"}m) + .with_content(%r{^ *privilege: "user"$}) + .with_content(%r{^ *timeout: 20000$}) + .with_content(%r{^ *driver: "LAN_2_0"$}) + .with_content(%r{collectors:\n *- "bmc"\n *- "ipmi"\n *- "chassis"}m) + .without_content(%r{exclude_sensor_ids}) end it do expect(exported_resources).to contain_concat_fragment("prometheus ipmi scrape config #{facts[:hostname]}") - .with_tag("mydatacenter_prometheus_ipmi_exporter") - .with_target("/etc/prometheus/ipmi.yml") - .with_order("02") - .with_content(/^ +- +"remote-ipmi.example"$/) - .with_content(/^ +datacenter: "mydatacenter"$/) - .with_content(/^ +via: "#{facts[:hostname]}"$/) - .with_content(/^ +replacement: "#{facts[:ipaddress]}:9290"$/) + .with_tag('mydatacenter_prometheus_ipmi_exporter') + .with_target('/etc/prometheus/ipmi.yml') + .with_order('02') + .with_content(%r{^ +- +"remote-ipmi.example"$}) + .with_content(%r{^ +datacenter: "mydatacenter"$}) + .with_content(%r{^ +via: "#{facts[:hostname]}"$}) + .with_content(%r{^ +replacement: "#{facts[:ipaddress]}:9290"$}) end end - context "with two accounts set" do + context 'with two accounts set' do let(:params) do { accounts: { - "ipmi-1.example" => { - "username" => "myuser1", - "password" => "mysecret1" + 'ipmi-1.example' => { + 'username' => 'myuser1', + 'password' => 'mysecret1', + }, + 'ipmi-2.example' => { + 'username' => 'myuser2', + 'password' => 'mysecret2', }, - "ipmi-2.example" => { - "username" => "myuser2", - "password" => "mysecret2" - } - }} + } } end it do - is_expected.to contain_file("/etc/prometheus/ipmi.yaml") - .with_content(/ipmi-1.example:\n *user: "myuser1"\n *pass: "mysecret1"/m) + expect(subject).to contain_file('/etc/prometheus/ipmi.yaml') + .with_content(%r{ipmi-1.example:\n *user: "myuser1"\n *pass: "mysecret1"}m) end it do - is_expected.to contain_file("/etc/prometheus/ipmi.yaml") - .with_content(/ipmi-2.example:\n *user: "myuser2"\n *pass: "mysecret2"/m) + expect(subject).to contain_file('/etc/prometheus/ipmi.yaml') + .with_content(%r{ipmi-2.example:\n *user: "myuser2"\n *pass: "mysecret2"}m) end it do expect(exported_resources).to contain_concat_fragment("prometheus ipmi scrape config #{facts[:hostname]}") - .with_content(/^ +- +"ipmi-1.example"$/) - .with_content(/^ +- +"ipmi-2.example"$/) + .with_content(%r{^ +- +"ipmi-1.example"$}) + .with_content(%r{^ +- +"ipmi-2.example"$}) end end - context "with overridden privilege" do + context 'with overridden privilege' do let(:params) do { accounts: { - "ipmi.example" => { - "username" => "abc123", - "password" => "!!secret!!", - "privilege" => "admin" - } - }} + 'ipmi.example' => { + 'username' => 'abc123', + 'password' => '!!secret!!', + 'privilege' => 'admin', + }, + } } end it do - is_expected.to contain_file("/etc/prometheus/ipmi.yaml") - .with_content(/^ *privilege: "admin"$/) + expect(subject).to contain_file('/etc/prometheus/ipmi.yaml') + .with_content(%r{^ *privilege: "admin"$}) end it do expect(exported_resources).to contain_concat_fragment("prometheus ipmi scrape config #{facts[:hostname]}") - .with_content(/^ +- +"ipmi.example"$/) + .with_content(%r{^ +- +"ipmi.example"$}) end end - context "with overridden timeout" do + context 'with overridden timeout' do let(:params) do { accounts: { - "ipmi.example" => { - "username" => "abc123", - "password" => "!!secret!!", - "timeout" => 60_000 - } - }} + 'ipmi.example' => { + 'username' => 'abc123', + 'password' => '!!secret!!', + 'timeout' => 60_000, + }, + } } end it do - is_expected.to contain_file("/etc/prometheus/ipmi.yaml") - .with_content(/^ *timeout: 60000$/) + expect(subject).to contain_file('/etc/prometheus/ipmi.yaml') + .with_content(%r{^ *timeout: 60000$}) end end - context "with overridden driver" do + context 'with overridden driver' do let(:params) do { accounts: { - "ipmi.example" => { - "username" => "abc123", - "password" => "!!secret!!", - "driver" => "LAN" - } - }} + 'ipmi.example' => { + 'username' => 'abc123', + 'password' => '!!secret!!', + 'driver' => 'LAN', + }, + } } end it do - is_expected.to contain_file("/etc/prometheus/ipmi.yaml") - .with_content(/^ *driver: "LAN"$/) + expect(subject).to contain_file('/etc/prometheus/ipmi.yaml') + .with_content(%r{^ *driver: "LAN"$}) end end - context "with overridden collectors" do + context 'with overridden collectors' do let(:params) do { accounts: { - "ipmi.example" => { - "username" => "abc123", - "password" => "!!secret!!", - "collectors" => %w[ipmi sel dcmi] - } - }} + 'ipmi.example' => { + 'username' => 'abc123', + 'password' => '!!secret!!', + 'collectors' => %w[ipmi sel dcmi], + }, + } } end it do - is_expected.to contain_file("/etc/prometheus/ipmi.yaml") - .with_content(/collectors:\n *- "ipmi"\n *- "sel"\n *- "dcmi"/m) + expect(subject).to contain_file('/etc/prometheus/ipmi.yaml') + .with_content(%r{collectors:\n *- "ipmi"\n *- "sel"\n *- "dcmi"}m) end end - context "with no collectors" do + context 'with no collectors' do let(:params) do { accounts: { - "ipmi.example" => { - "username" => "abc123", - "password" => "!!secret!!", - "collectors" => [] - } - }} + 'ipmi.example' => { + 'username' => 'abc123', + 'password' => '!!secret!!', + 'collectors' => [], + }, + } } end it do - is_expected.to contain_file("/etc/prometheus/ipmi.yaml") - .with_content(/^ *collectors: \[]$/) + expect(subject).to contain_file('/etc/prometheus/ipmi.yaml') + .with_content(%r{^ *collectors: \[\]$}) end end - context "with some sensor ids excluded" do + context 'with some sensor ids excluded' do let(:params) do { accounts: { - "ipmi.example" => { - "username" => "abc123", - "password" => "!!secret!!", - "exclude_sensor_ids" => [2, 32, 29] - } - }} + 'ipmi.example' => { + 'username' => 'abc123', + 'password' => '!!secret!!', + 'exclude_sensor_ids' => [2, 32, 29], + }, + } } end it do - is_expected.to contain_file("/etc/prometheus/ipmi.yaml") - .with_content(/ +exclude_sensor_ids:\n +- +2\n +- +32\n +- +29/m) + expect(subject).to contain_file('/etc/prometheus/ipmi.yaml') + .with_content(%r{ +exclude_sensor_ids:\n +- +2\n +- +32\n +- +29}m) end end - context "with an empty list of sensor ids excluded" do + context 'with an empty list of sensor ids excluded' do let(:params) do { accounts: { - "ipmi.example" => { - "username" => "abc123", - "password" => "!!secret!!", - "exclude_sensor_ids" => [] - } - }} + 'ipmi.example' => { + 'username' => 'abc123', + 'password' => '!!secret!!', + 'exclude_sensor_ids' => [], + }, + } } end it do - is_expected.to contain_file("/etc/prometheus/ipmi.yaml") - .without_content(/exclude_sensor_ids/) + expect(subject).to contain_file('/etc/prometheus/ipmi.yaml') + .without_content(%r{exclude_sensor_ids}) end end - context "with a basic LOM set" do + context 'with a basic LOM set' do let(:params) do { accounts: { - "ipmi.example" => { - "username" => "abc123", - "password" => "!!secret!!" - } - }} + 'ipmi.example' => { + 'username' => 'abc123', + 'password' => '!!secret!!', + }, + } } end - context "with a public IP address of 100.100.100.100" do + context 'with a public IP address of 100.100.100.100' do let(:facts) do os_facts.merge(mlibrary_ip_addresses: { - "public" => ["100.100.100.100"], - "private" => [], - }) + 'public' => ['100.100.100.100'], + 'private' => [], + }) end it do expect(exported_resources).to contain_concat_fragment("prometheus ipmi scrape config #{facts[:hostname]}") - .with_content(/^ +replacement: "100.100.100.100:9290"$/) + .with_content(%r{^ +replacement: "100.100.100.100:9290"$}) end - context "and a private IP address of 10.23.45.67" do + context 'with a private IP address of 10.23.45.67' do let(:facts) do os_facts.merge(mlibrary_ip_addresses: { - "public" => ["100.100.100.100"], - "private" => ["10.23.45.67"], - }) + 'public' => ['100.100.100.100'], + 'private' => ['10.23.45.67'], + }) end it do expect(exported_resources).to contain_concat_fragment("prometheus ipmi scrape config #{facts[:hostname]}") - .with_content(/^ +replacement: "10.23.45.67:9290"$/) + .with_content(%r{^ +replacement: "10.23.45.67:9290"$}) end end end - context "with multiple public and private IP addresses" do + context 'with multiple public and private IP addresses' do let(:facts) do os_facts.merge(mlibrary_ip_addresses: { - "public" => ["100.100.100.100", "100.200.200.200"], - "private" => ["192.168.0.100", "10.23.45.67"], - }) + 'public' => ['100.100.100.100', '100.200.200.200'], + 'private' => ['192.168.0.100', '10.23.45.67'], + }) end - it "chooses the first private IP address" do + it 'chooses the first private IP address' do expect(exported_resources).to contain_concat_fragment("prometheus ipmi scrape config #{facts[:hostname]}") - .with_content(/^ +replacement: "192.168.0.100:9290"$/) - .without_content(/100.100.100.100/) - .without_content(/100.200.200.200/) - .without_content(/10.23.45.67/) + .with_content(%r{^ +replacement: "192.168.0.100:9290"$}) + .without_content(%r{100.100.100.100}) + .without_content(%r{100.200.200.200}) + .without_content(%r{10.23.45.67}) end end end diff --git a/spec/classes/profile/prometheus/exporter/mysql_spec.rb b/spec/classes/profile/prometheus/exporter/mysql_spec.rb index 756dd9d51..25138c087 100644 --- a/spec/classes/profile/prometheus/exporter/mysql_spec.rb +++ b/spec/classes/profile/prometheus/exporter/mysql_spec.rb @@ -14,19 +14,19 @@ it { is_expected.to contain_package('prometheus-mysqld-exporter') } it do - is_expected.to contain_service('prometheus-mysqld-exporter') + expect(subject).to contain_service('prometheus-mysqld-exporter') .with_ensure('running') .with_enable(true) end it 'defines a systemd service' do - is_expected.to contain_file('/etc/systemd/system/prometheus-mysqld-exporter.service') + expect(subject).to contain_file('/etc/systemd/system/prometheus-mysqld-exporter.service') .that_requires('Package[prometheus-mysqld-exporter]') .that_notifies('Service[prometheus-mysqld-exporter]') end it 'defines default file' do - is_expected.to contain_file('/etc/default/prometheus-mysqld-exporter') + expect(subject).to contain_file('/etc/default/prometheus-mysqld-exporter') .that_requires('Package[prometheus-mysqld-exporter]') .that_notifies('Service[prometheus-mysqld-exporter]') end diff --git a/spec/classes/profile/prometheus/exporter/node_spec.rb b/spec/classes/profile/prometheus/exporter/node_spec.rb index 643aee8f4..15c214291 100644 --- a/spec/classes/profile/prometheus/exporter/node_spec.rb +++ b/spec/classes/profile/prometheus/exporter/node_spec.rb @@ -11,25 +11,25 @@ let(:facts) { os_facts } it do - is_expected.to contain_file('/etc/default/prometheus-node-exporter') + expect(subject).to contain_file('/etc/default/prometheus-node-exporter') .that_notifies('Service[prometheus-node-exporter]') .that_requires('Package[prometheus-node-exporter]') end it do - is_expected.to contain_file('/etc/systemd/system/prometheus-node-exporter.service') + expect(subject).to contain_file('/etc/systemd/system/prometheus-node-exporter.service') .that_notifies('Service[prometheus-node-exporter]') .that_requires('Package[prometheus-node-exporter]') end it do - is_expected.to contain_file('/etc/rsyslog.d/prometheus-node-exporter.conf') + expect(subject).to contain_file('/etc/rsyslog.d/prometheus-node-exporter.conf') .that_notifies('Service[prometheus-node-exporter]') .that_notifies('Service[rsyslog]') end it do - is_expected.to contain_file('/var/log/prometheus-node-exporter.log') + expect(subject).to contain_file('/var/log/prometheus-node-exporter.log') .with_owner('root') .with_group('adm') .with_mode('0640') @@ -39,38 +39,38 @@ it { is_expected.to contain_service('prometheus-node-exporter') } it do - is_expected.to contain_package('prometheus-node-exporter') + expect(subject).to contain_package('prometheus-node-exporter') .that_requires('User[prometheus]') .that_requires('File[/var/lib/prometheus/node-exporter]') end - context "with no version set" do + context 'with no version set' do it { is_expected.not_to contain_apt__pin('prometheus-node-exporter') } it do - is_expected.to contain_package('prometheus-node-exporter') - .with_ensure("installed") + expect(subject).to contain_package('prometheus-node-exporter') + .with_ensure('installed') end end - context "with version set to v1.2.3" do - let(:params) { { version: "v1.2.3" } } + context 'with version set to v1.2.3' do + let(:params) { { version: 'v1.2.3' } } it do - is_expected.to contain_package('prometheus-node-exporter') - .with_ensure("v1.2.3") + expect(subject).to contain_package('prometheus-node-exporter') + .with_ensure('v1.2.3') end it do - is_expected.to contain_apt__pin('prometheus-node-exporter') - .with_packages(["prometheus-node-exporter"]) - .with_version("v1.2.3") + expect(subject).to contain_apt__pin('prometheus-node-exporter') + .with_packages(['prometheus-node-exporter']) + .with_version('v1.2.3') .with_priority(999) end end it do - is_expected.to contain_file('/var/lib/prometheus/node-exporter') + expect(subject).to contain_file('/var/lib/prometheus/node-exporter') .with_ensure('directory') .with_mode('2775') .with_owner('prometheus') @@ -87,7 +87,7 @@ end it do - is_expected.to contain_file('/var/lib/prometheus') + expect(subject).to contain_file('/var/lib/prometheus') .with_ensure('directory') .with_mode('2775') .with_owner('prometheus') @@ -99,7 +99,7 @@ it { is_expected.to contain_package('jq') } it do - is_expected.to contain_file('/usr/local/bin/pushgateway') + expect(subject).to contain_file('/usr/local/bin/pushgateway') .with_mode('0755') end @@ -123,9 +123,9 @@ context 'with both public and private mlibrary_ip_addresses' do let(:facts) do os_facts.merge(mlibrary_ip_addresses: { - "public": ["100.100.100.100", "200.200.200.200"], - "private": ["10.1.2.3", "10.4.5.6"] - }) + "public": ['100.100.100.100', '200.200.200.200'], + "private": ['10.1.2.3', '10.4.5.6'], + }) end it "exports itself to the default datacenter's service discovery" do @@ -138,22 +138,22 @@ it "exports itself[0] to the default datacenter's pushgateway" do expect(exported_resources).to contain_firewall("300 pushgateway #{facts[:hostname]} 100.100.100.100") .with_tag('default_pushgateway_node') - .with_source("100.100.100.100") + .with_source('100.100.100.100') end it "exports itself[1] to the default datacenter's pushgateway" do expect(exported_resources).to contain_firewall("300 pushgateway #{facts[:hostname]} 200.200.200.200") .with_tag('default_pushgateway_node') - .with_source("200.200.200.200") + .with_source('200.200.200.200') end end context 'with only private ip addresses' do let(:facts) do os_facts.merge(mlibrary_ip_addresses: { - "public": [], - "private": ["10.1.2.3", "10.4.5.6"] - }) + "public": [], + "private": ['10.1.2.3', '10.4.5.6'], + }) end it { is_expected.not_to compile } @@ -176,9 +176,9 @@ context 'with both public and private mlibrary_ip_addresses' do let(:facts) do os_facts.merge(mlibrary_ip_addresses: { - "public": ["100.100.100.100", "200.200.200.200"], - "private": ["10.1.2.3", "10.4.5.6"] - }) + "public": ['100.100.100.100', '200.200.200.200'], + "private": ['10.1.2.3', '10.4.5.6'], + }) end it "exports itself to the default datacenter's service discovery" do @@ -191,22 +191,22 @@ it "exports itself[0] to its datacenter's pushgateway" do expect(exported_resources).to contain_firewall("300 pushgateway #{facts[:hostname]} 10.1.2.3") .with_tag('mydatacenter_pushgateway_node') - .with_source("10.1.2.3") + .with_source('10.1.2.3') end it "exports itself[1] to its datacenter's pushgateway" do expect(exported_resources).to contain_firewall("300 pushgateway #{facts[:hostname]} 10.4.5.6") .with_tag('mydatacenter_pushgateway_node') - .with_source("10.4.5.6") + .with_source('10.4.5.6') end end context 'with only public ip addresses' do let(:facts) do os_facts.merge(mlibrary_ip_addresses: { - "public": ["100.100.100.100", "200.200.200.200"], - "private": [] - }) + "public": ['100.100.100.100', '200.200.200.200'], + "private": [], + }) end it "exports itself to the default datacenter's service discovery" do @@ -219,56 +219,56 @@ it "exports itself[0] to the default datacenter's pushgateway" do expect(exported_resources).to contain_firewall("300 pushgateway #{facts[:hostname]} 100.100.100.100") .with_tag('mydatacenter_pushgateway_node') - .with_source("100.100.100.100") + .with_source('100.100.100.100') end it "exports itself[1] to the default datacenter's pushgateway" do expect(exported_resources).to contain_firewall("300 pushgateway #{facts[:hostname]} 200.200.200.200") .with_tag('mydatacenter_pushgateway_node') - .with_source("200.200.200.200") + .with_source('200.200.200.200') end end end it do - is_expected.to contain_concat_file('/usr/local/bin/pushgateway_advanced') + expect(subject).to contain_concat_file('/usr/local/bin/pushgateway_advanced') .with_mode('0755') end it do - is_expected.to contain_concat_fragment('01 pushgateway advanced shebang') + expect(subject).to contain_concat_fragment('01 pushgateway advanced shebang') .with_target('/usr/local/bin/pushgateway_advanced') .with_content("#!/usr/bin/env bash\nset -eo pipefail\n\n") end it do - is_expected.to contain_concat_fragment('03 main pushgateway advanced content') + expect(subject).to contain_concat_fragment('03 main pushgateway advanced content') .with_target('/usr/local/bin/pushgateway_advanced') end - context "with the default domain" do - let(:node) { "dogbone.default.invalid" } + context 'with the default domain' do + let(:node) { 'dogbone.default.invalid' } - it "exports only its hostname to prometheus service discovery" do - expect(exported_resources).to contain_concat_fragment("prometheus node service dogbone") + it 'exports only its hostname to prometheus service discovery' do + expect(exported_resources).to contain_concat_fragment('prometheus node service dogbone') .with_content(%r{hostname: 'dogbone'}) end end - context "with a subdomain of the default domain" do - let(:node) { "dogbone.doghouse.default.invalid" } + context 'with a subdomain of the default domain' do + let(:node) { 'dogbone.doghouse.default.invalid' } - it "exports its full fqdn to prometheus service discovery" do - expect(exported_resources).to contain_concat_fragment("prometheus node service dogbone") + it 'exports its full fqdn to prometheus service discovery' do + expect(exported_resources).to contain_concat_fragment('prometheus node service dogbone') .with_content(%r{hostname: 'dogbone\.doghouse\.default\.invalid'}) end end - context "with a nondefault domain" do - let(:node) { "world.of.dogs" } + context 'with a nondefault domain' do + let(:node) { 'world.of.dogs' } - it "exports its full fqdn to prometheus service discovery" do - expect(exported_resources).to contain_concat_fragment("prometheus node service world") + it 'exports its full fqdn to prometheus service discovery' do + expect(exported_resources).to contain_concat_fragment('prometheus node service world') .with_content(%r{hostname: 'world\.of\.dogs'}) end end diff --git a/spec/classes/profile/prometheus_spec.rb b/spec/classes/profile/prometheus_spec.rb index 99143f941..a8855fd1f 100644 --- a/spec/classes/profile/prometheus_spec.rb +++ b/spec/classes/profile/prometheus_spec.rb @@ -13,7 +13,7 @@ it { is_expected.to compile } it do - is_expected.to contain_docker__run('prometheus') + expect(subject).to contain_docker__run('prometheus') .with_image('prom/prometheus:latest') .with_net('host') .with_extra_parameters(%w[--restart=always]) @@ -33,13 +33,13 @@ let(:params) { { version: 'v2.11.1' } } it do - is_expected.to contain_docker__run('prometheus') + expect(subject).to contain_docker__run('prometheus') .with_image('prom/prometheus:v2.11.1') end end it do - is_expected.to contain_docker__run('pushgateway') + expect(subject).to contain_docker__run('pushgateway') .with_image('prom/pushgateway:latest') .with_command('--persistence.file=/archive/pushgateway') .with_net('host') @@ -52,13 +52,13 @@ let(:params) { { pushgateway_version: 'v2.11.1' } } it do - is_expected.to contain_docker__run('pushgateway') + expect(subject).to contain_docker__run('pushgateway') .with_image('prom/pushgateway:v2.11.1') end end it do - is_expected.to contain_file('/etc/prometheus/prometheus.yml') + expect(subject).to contain_file('/etc/prometheus/prometheus.yml') .that_notifies('Docker::Run[prometheus]') .that_requires('File[/etc/prometheus]') end @@ -73,7 +73,7 @@ end it do - is_expected.to contain_file('/etc/prometheus/rules.yml') + expect(subject).to contain_file('/etc/prometheus/rules.yml') .that_notifies('Docker::Run[prometheus]') .that_requires('File[/etc/prometheus]') .with_content(%r{device="//storage.invalid/volume"}) @@ -81,107 +81,107 @@ end it do - is_expected.to contain_concat_file('/etc/prometheus/nodes.yml') + expect(subject).to contain_concat_file('/etc/prometheus/nodes.yml') .that_notifies('Docker::Run[prometheus]') .that_requires('File[/etc/prometheus]') end it do - is_expected.to contain_concat_file('/etc/prometheus/haproxy.yml') + expect(subject).to contain_concat_file('/etc/prometheus/haproxy.yml') .that_notifies('Docker::Run[prometheus]') .that_requires('File[/etc/prometheus]') end it do - is_expected.to contain_concat_file('/etc/prometheus/mysql.yml') + expect(subject).to contain_concat_file('/etc/prometheus/mysql.yml') .that_notifies('Docker::Run[prometheus]') .that_requires('File[/etc/prometheus]') end it do - is_expected.to contain_concat_file('/etc/prometheus/ipmi.yml') + expect(subject).to contain_concat_file('/etc/prometheus/ipmi.yml') .that_notifies('Docker::Run[prometheus]') .that_requires('File[/etc/prometheus]') end it do - is_expected.to contain_concat_fragment("prometheus ipmi scrape config first line") + expect(subject).to contain_concat_fragment('prometheus ipmi scrape config first line') .with_target('/etc/prometheus/ipmi.yml') - .with_order("01") + .with_order('01') .with_content("scrape_configs:\n") end it do - is_expected.to contain_file('/etc/prometheus') + expect(subject).to contain_file('/etc/prometheus') .with_ensure('directory') end it do - is_expected.to contain_file('/etc/prometheus/tls') + expect(subject).to contain_file('/etc/prometheus/tls') .with_ensure('directory') .that_requires('File[/etc/prometheus]') end it do - is_expected.to contain_file('/etc/prometheus/tls/ca.crt') + expect(subject).to contain_file('/etc/prometheus/tls/ca.crt') .with_source('puppet:///ssl-certs/prometheus-pki/ca.crt') .that_requires('File[/etc/prometheus/tls]') end it do - is_expected.to contain_file('/etc/prometheus/tls/client.crt') + expect(subject).to contain_file('/etc/prometheus/tls/client.crt') .with_source("puppet:///ssl-certs/prometheus-pki/#{facts[:fqdn]}.crt") .that_requires('File[/etc/prometheus/tls]') end it do - is_expected.to contain_file('/etc/prometheus/tls/client.key') + expect(subject).to contain_file('/etc/prometheus/tls/client.key') .with_source("puppet:///ssl-certs/prometheus-pki/#{facts[:fqdn]}.key") .that_requires('File[/etc/prometheus/tls]') end %w[ca.crt client.crt client.key].each do |filename| it do - is_expected.to contain_docker__run('prometheus') + expect(subject).to contain_docker__run('prometheus') .that_requires("File[/etc/prometheus/tls/#{filename}]") end end it do - is_expected.to contain_file('/opt/prometheus') + expect(subject).to contain_file('/opt/prometheus') .with_ensure('directory') .with_owner(65_534) .with_group(65_534) end it do - is_expected.to contain_file('/opt/pushgateway') + expect(subject).to contain_file('/opt/pushgateway') .with_ensure('directory') .with_owner(65_534) .with_group(65_534) end it do - is_expected.to contain_class('nebula::profile::https_to_port') + expect(subject).to contain_class('nebula::profile::https_to_port') .with_port(9090) end - - context 'manage_https = false' do - let(:params) { { manage_https: false } } + + context 'with manage_https = false' do + let(:params) { { manage_https: false } } it do - is_expected.not_to contain_class('nebula::profile::https_to_port') + expect(subject).not_to contain_class('nebula::profile::https_to_port') end end it do - is_expected.to contain_nebula__exposed_port('010 Prometheus HTTPS') + expect(subject).to contain_nebula__exposed_port('010 Prometheus HTTPS') .with_port(443) .with_block('umich::networks::all_trusted_machines') end - [["haproxy", 9101], - ["mysql", 9104]].each do |exporter, port| + [['haproxy', 9101], + ['mysql', 9104]].each do |exporter, port| it "exports a firewall so that #{exporter} exporters can open #{port}" do expect(exported_resources).to contain_firewall("010 prometheus #{exporter} exporter #{facts[:hostname]}") .with_tag("mydatacenter_prometheus_#{exporter}_exporter") @@ -230,14 +230,14 @@ context 'with a single public ip address in mlibrary_ip_addresses' do let(:facts) do os_facts.merge(mlibrary_ip_addresses: { - "public" => ["100.100.100.100"], - "private" => [] - }) + 'public' => ['100.100.100.100'], + 'private' => [], + }) end it do expect(exported_resources).to contain_firewall("010 prometheus public node exporter #{facts[:hostname]} 100.100.100.100") - .with_source("100.100.100.100") + .with_source('100.100.100.100') .with_tag('mydatacenter_prometheus_public_node_exporter') end @@ -261,20 +261,20 @@ context 'with two public ip addresses in mlibrary_ip_addresses' do let(:facts) do os_facts.merge(mlibrary_ip_addresses: { - "public" => ["100.100.100.100", "200.200.200.200"], - "private" => [] - }) + 'public' => ['100.100.100.100', '200.200.200.200'], + 'private' => [], + }) end it do expect(exported_resources).to contain_firewall("010 prometheus public node exporter #{facts[:hostname]} 100.100.100.100") - .with_source("100.100.100.100") + .with_source('100.100.100.100') .with_tag('mydatacenter_prometheus_public_node_exporter') end it do expect(exported_resources).to contain_firewall("010 prometheus public node exporter #{facts[:hostname]} 200.200.200.200") - .with_source("200.200.200.200") + .with_source('200.200.200.200') .with_tag('mydatacenter_prometheus_public_node_exporter') end @@ -298,14 +298,14 @@ context 'with a single private ip address in mlibrary_ip_addresses' do let(:facts) do os_facts.merge(mlibrary_ip_addresses: { - "public" => [], - "private" => ["10.1.2.3"] - }) + 'public' => [], + 'private' => ['10.1.2.3'], + }) end it do expect(exported_resources).to contain_firewall("010 prometheus private node exporter #{facts[:hostname]} 10.1.2.3") - .with_source("10.1.2.3") + .with_source('10.1.2.3') .with_tag('mydatacenter_prometheus_private_node_exporter') end @@ -327,9 +327,9 @@ context 'with too many ip addresses in mlibrary_ip_addresses' do let(:facts) do os_facts.merge(mlibrary_ip_addresses: { - "public" => ["100.100.100.100", "200.200.200.200"], - "private" => ["10.1.2.3", "10.2.3.4", "10.3.4.5"] - }) + 'public' => ['100.100.100.100', '200.200.200.200'], + 'private' => ['10.1.2.3', '10.2.3.4', '10.3.4.5'], + }) end [%w[public 100.100.100.100], @@ -337,8 +337,8 @@ %w[private 10.1.2.3], %w[private 10.2.3.4], %w[private 10.3.4.5]].each do |network, ip_address| - [["node", 9100], - ["ipmi", 9290]].each do |exporter, port| + [['node', 9100], + ['ipmi', 9290]].each do |exporter, port| it "exports a firewall so that #{exporter} exporters can open #{network} #{port} to #{ip_address}" do expect(exported_resources).to contain_firewall("010 prometheus #{network} #{exporter} exporter #{facts[:hostname]} #{ip_address}") .with_tag("mydatacenter_prometheus_#{network}_#{exporter}_exporter") @@ -376,11 +376,11 @@ { static_nodes: [ { - 'targets' => ['10.9.9.99:1234'], - 'labels' => { + 'targets' => ['10.9.9.99:1234'], + 'labels' => { 'datacenter' => 'static_datacenter', - 'hostname' => 'static_host', - 'role' => 'static::role', + 'hostname' => 'static_host', + 'role' => 'static::role', }, }, ], @@ -388,7 +388,7 @@ end it do - is_expected.to contain_concat_fragment(fragment) + expect(subject).to contain_concat_fragment(fragment) .with_tag('mydatacenter_prometheus_node_service_list') .with_target('/etc/prometheus/nodes.yml') end @@ -405,7 +405,7 @@ end it do - is_expected.to contain_file('/etc/prometheus/prometheus.yml') + expect(subject).to contain_file('/etc/prometheus/prometheus.yml') .without_content(%r{job_name: wmi}) end @@ -431,7 +431,7 @@ "role: 'windows::role'", ].each do |label| it do - is_expected.to contain_file('/etc/prometheus/prometheus.yml') + expect(subject).to contain_file('/etc/prometheus/prometheus.yml') .with_content(%r{job_name: wmi\n.*labels:\n.*#{label}}m) end end diff --git a/spec/classes/profile/puppet/db_spec.rb b/spec/classes/profile/puppet/db_spec.rb index 0e1eab7d5..fb66f5447 100644 --- a/spec/classes/profile/puppet/db_spec.rb +++ b/spec/classes/profile/puppet/db_spec.rb @@ -11,7 +11,7 @@ let(:facts) { os_facts } xit do - is_expected.to contain_class('puppetdb').with( + expect(subject).to contain_class('puppetdb').with( disable_cleartext: true, manage_firewall: false, ) diff --git a/spec/classes/profile/puppet/master_spec.rb b/spec/classes/profile/puppet/master_spec.rb index e251d81f5..ffb7c1e3f 100644 --- a/spec/classes/profile/puppet/master_spec.rb +++ b/spec/classes/profile/puppet/master_spec.rb @@ -11,7 +11,7 @@ let(:facts) { os_facts } it do - is_expected.to contain_service('puppetserver').with( + expect(subject).to contain_service('puppetserver').with( ensure: 'running', enable: true, hasrestart: true, @@ -20,7 +20,7 @@ end it do - is_expected.to contain_exec( + expect(subject).to contain_exec( '/opt/rbenv/shims/r10k deploy environment production', ).with_creates('/etc/puppetlabs/code/environments/production') .that_requires('File[/etc/puppetlabs/r10k/r10k.yaml]') @@ -28,32 +28,32 @@ end it do - is_expected.to contain_exec('/opt/rbenv/shims/librarian-puppet update') + expect(subject).to contain_exec('/opt/rbenv/shims/librarian-puppet update') .with_refreshonly(true) .with_cwd('/etc/puppetlabs/code/environments/production') end it do - is_expected.to contain_file('/etc/puppetlabs/r10k/r10k.yaml') + expect(subject).to contain_file('/etc/puppetlabs/r10k/r10k.yaml') .that_requires('File[/etc/puppetlabs/r10k]') .with_content(%r{^cachedir: /var/cache/r10k$}) end it do - is_expected.to contain_file('/etc/puppetlabs/r10k') + expect(subject).to contain_file('/etc/puppetlabs/r10k') .with_ensure('directory') .that_requires('Package[puppetserver]') end it do - is_expected.to contain_file('/etc/puppetlabs/puppet/fileserver.conf') + expect(subject).to contain_file('/etc/puppetlabs/puppet/fileserver.conf') .with_content(%r{\[ssl-certs\]\n *path /default_invalid/etc/ssl}m) .with_content(%r{\[repos\]\n *path /default_invalid/opt/repos}m) .that_requires('Package[puppetserver]') end it do - is_expected.to contain_file('/etc/puppetlabs/puppet/autosign.conf') + expect(subject).to contain_file('/etc/puppetlabs/puppet/autosign.conf') .that_requires('Package[puppetserver]') .without_content(%r{^[^#]}) end @@ -62,19 +62,19 @@ let(:params) { { autosign_whitelist: %w[aaa bbb] } } it do - is_expected.to contain_file('/etc/puppetlabs/puppet/autosign.conf') + expect(subject).to contain_file('/etc/puppetlabs/puppet/autosign.conf') .with_content(%r{^aaa$}) .with_content(%r{^bbb$}) end end it do - is_expected.to contain_package('puppetserver') + expect(subject).to contain_package('puppetserver') .that_requires(['Rbenv::Gem[r10k]', 'Rbenv::Gem[librarian-puppet]']) end it do - is_expected.to contain_rbenv__gem('r10k').with( + expect(subject).to contain_rbenv__gem('r10k').with( ruby_version: '2.4.3', require: [ 'Class[Nebula::Profile::Ruby]', @@ -84,7 +84,7 @@ end it do - is_expected.to contain_rbenv__gem('librarian-puppet').with( + expect(subject).to contain_rbenv__gem('librarian-puppet').with( ruby_version: '2.4.3', require: [ 'Class[Nebula::Profile::Ruby]', @@ -94,7 +94,7 @@ end it do - is_expected.to contain_tidy( + expect(subject).to contain_tidy( '/opt/puppetlabs/server/data/puppetserver/reports', ).with( age: '1h', diff --git a/spec/classes/profile/puppet/master_with_db_spec.rb b/spec/classes/profile/puppet/master_with_db_spec.rb index 7e0d10aa8..4e89d0ced 100644 --- a/spec/classes/profile/puppet/master_with_db_spec.rb +++ b/spec/classes/profile/puppet/master_with_db_spec.rb @@ -11,7 +11,7 @@ let(:facts) { os_facts } xit do - is_expected.to contain_class('puppetdb::master::config').with( + expect(subject).to contain_class('puppetdb::master::config').with( puppetdb_server: 'puppetdb.default.invalid', manage_report_processor: true, enable_reports: true, @@ -22,7 +22,7 @@ let(:params) { { puppetdb_server: 'db.puppet.gov' } } xit do - is_expected.to contain_class('puppetdb::master::config') + expect(subject).to contain_class('puppetdb::master::config') .with_puppetdb_server('db.puppet.gov') end end diff --git a/spec/classes/profile/root_ssh_private_keys_spec.rb b/spec/classes/profile/root_ssh_private_keys_spec.rb index 5ae66772b..8895503aa 100644 --- a/spec/classes/profile/root_ssh_private_keys_spec.rb +++ b/spec/classes/profile/root_ssh_private_keys_spec.rb @@ -12,12 +12,12 @@ let(:facts) { os_facts } it do - is_expected.to contain_file('/var/local/ssh') + expect(subject).to contain_file('/var/local/ssh') .with_ensure('directory') end it do - is_expected.to contain_file('/var/local/ssh/invalid_normal_admin') + expect(subject).to contain_file('/var/local/ssh/invalid_normal_admin') .with_ensure('directory') .with_mode('0700') .with_owner('invalid_normal_admin') @@ -25,7 +25,7 @@ end it do - is_expected.to contain_file('/var/local/ssh/invalid_normal_admin/id_ecdsa') + expect(subject).to contain_file('/var/local/ssh/invalid_normal_admin/id_ecdsa') .with_mode('0600') .with_owner('invalid_normal_admin') .with_source('puppet:///root-ssh-private-keys/invalid_normal_admin/id_ecdsa') @@ -33,7 +33,7 @@ end it do - is_expected.to contain_file('/var/local/ssh/invalid_normal_admin/id_ecdsa.pub') + expect(subject).to contain_file('/var/local/ssh/invalid_normal_admin/id_ecdsa.pub') .with_mode('0644') .with_owner('invalid_normal_admin') .with_source('puppet:///root-ssh-private-keys/invalid_normal_admin/id_ecdsa.pub') @@ -41,7 +41,7 @@ end it do - is_expected.to contain_file('/var/local/ssh/invalid_special_admin') + expect(subject).to contain_file('/var/local/ssh/invalid_special_admin') .with_ensure('directory') .with_mode('0700') .with_owner('invalid_special_admin') @@ -49,7 +49,7 @@ end it do - is_expected.to contain_file('/var/local/ssh/invalid_special_admin/id_ecdsa') + expect(subject).to contain_file('/var/local/ssh/invalid_special_admin/id_ecdsa') .with_mode('0600') .with_owner('invalid_special_admin') .with_source('puppet:///root-ssh-private-keys/invalid_special_admin/id_ecdsa') @@ -57,7 +57,7 @@ end it do - is_expected.to contain_file('/var/local/ssh/invalid_special_admin/id_ecdsa.pub') + expect(subject).to contain_file('/var/local/ssh/invalid_special_admin/id_ecdsa.pub') .with_mode('0644') .with_owner('invalid_special_admin') .with_source('puppet:///root-ssh-private-keys/invalid_special_admin/id_ecdsa.pub') diff --git a/spec/classes/profile/ruby_spec.rb b/spec/classes/profile/ruby_spec.rb index d2757e187..d42521b4d 100644 --- a/spec/classes/profile/ruby_spec.rb +++ b/spec/classes/profile/ruby_spec.rb @@ -11,7 +11,7 @@ let(:facts) { os_facts } it do - is_expected.to contain_class('rbenv').with( + expect(subject).to contain_class('rbenv').with( install_dir: '/opt/rbenv', ) end @@ -27,12 +27,12 @@ ['2.4.3', '2.5.0'].each do |version| it do - is_expected.to contain_rbenv__build(version) + expect(subject).to contain_rbenv__build(version) end %w[puma rspec].each do |gem| it do - is_expected.to contain_rbenv__gem("#{gem} #{version}").with( + expect(subject).to contain_rbenv__gem("#{gem} #{version}").with( gem: gem, ruby_version: version, require: "Rbenv::Build[#{version}]", @@ -42,7 +42,7 @@ end it do - is_expected.to contain_exec('rbenv uninstall 2.4.2') + expect(subject).to contain_exec('rbenv uninstall 2.4.2') .with_command('rbenv uninstall -f 2.4.2') .with_environment(['RBENV_ROOT=/opt/rbenv']) .with_path('/opt/rbenv/shims:/opt/rbenv/bin:/usr/bin:/bin') @@ -67,7 +67,7 @@ let(:params) { { install_dir: '/usr/local/rbenv' } } it do - is_expected.to contain_class('rbenv').with( + expect(subject).to contain_class('rbenv').with( install_dir: '/usr/local/rbenv', ) end @@ -109,7 +109,7 @@ let(:params) { { global_version: '2.4.1', bundler_version: '~>1.14' } } it do - is_expected.to contain_rbenv__build('2.4.1').with( + expect(subject).to contain_rbenv__build('2.4.1').with( bundler_version: '~>1.14', global: true, ) diff --git a/spec/classes/profile/solr_spec.rb b/spec/classes/profile/solr_spec.rb index a69946c28..0f408244c 100644 --- a/spec/classes/profile/solr_spec.rb +++ b/spec/classes/profile/solr_spec.rb @@ -23,7 +23,7 @@ # Service it do - is_expected.to contain_service('solr').with( + expect(subject).to contain_service('solr').with( enable: true, ensure: 'running', ) @@ -37,7 +37,7 @@ '/var/lib/solr/logs', ].each do |path| it do - is_expected.to contain_file(path).with( + expect(subject).to contain_file(path).with( owner: 'solr', group: 'solr', ensure: 'directory', @@ -53,7 +53,7 @@ '/var/lib/solr/home/solr.xml', ].each do |path| it do - is_expected.to contain_file(path).with( + expect(subject).to contain_file(path).with( owner: 'solr', group: 'solr', ensure: 'file', diff --git a/spec/classes/profile/tsm_spec.rb b/spec/classes/profile/tsm_spec.rb index 9235e0cbb..5d707dbe6 100644 --- a/spec/classes/profile/tsm_spec.rb +++ b/spec/classes/profile/tsm_spec.rb @@ -24,7 +24,7 @@ it { is_expected.to contain_package('tivsm-ba') } it do - is_expected.to contain_file(dsm_sys) + expect(subject).to contain_file(dsm_sys) .with_content(%r{Servername\s+tsmserver1$}i) .with_content(%r{VIRTUALMOUNTPOINT /etc}) .with_content(%r{EXCLUDE.DIR "/afs/"}) @@ -34,7 +34,7 @@ end it do - is_expected.to contain_file(dsm_opt) + expect(subject).to contain_file(dsm_opt) .with_content(%r{DOMAIN "/etc"}) .with_content(%r{\* No custom settings}) end @@ -42,7 +42,7 @@ it { is_expected.to contain_service('tsm') } it do - is_expected.to contain_service('dsmcad') + expect(subject).to contain_service('dsmcad') .with_ensure('stopped') .with_enable(false) end @@ -70,19 +70,19 @@ end it 'adds domain settings to dsm.opt config file' do - is_expected.to contain_file(dsm_opt) + expect(subject).to contain_file(dsm_opt) .with_content(%r{^DOMAIN "/baz"$}) .with_content(%r{^DOMAIN "/quux"$}) end it 'adds custom settings to dsm.opt config file' do - is_expected.to contain_file(dsm_opt) + expect(subject).to contain_file(dsm_opt) .with_content(%r{^first_setting first_value$}) .with_content(%r{^second_setting "second_value"$}) end it 'adds custom settings to dsm.sys config file' do - is_expected.to contain_file(dsm_sys) + expect(subject).to contain_file(dsm_sys) .with_content(%r{^Servername otherserver}i) .with_content(%r{VIRTUALMOUNTPOINT /vmount}) .with_content(%r{encryptiontype}) @@ -92,7 +92,7 @@ end it 'adds custom settings to inclexcl config file' do - is_expected.to contain_file(inclexcl) + expect(subject).to contain_file(inclexcl) .with_content(%r{^exclude.dir /foo$}) .with_content(%r{^include /bar otherpolicy$}) end diff --git a/spec/classes/profile/unattended_upgrades_spec.rb b/spec/classes/profile/unattended_upgrades_spec.rb index 9ddbe6e6e..6e79c21d0 100644 --- a/spec/classes/profile/unattended_upgrades_spec.rb +++ b/spec/classes/profile/unattended_upgrades_spec.rb @@ -11,8 +11,8 @@ let(:facts) { os_facts } it { is_expected.to compile } - it { is_expected.to contain_class("apt") } - it { is_expected.to contain_class("unattended_upgrades") } + it { is_expected.to contain_class('apt') } + it { is_expected.to contain_class('unattended_upgrades') } end end end diff --git a/spec/classes/profile/unison_spec.rb b/spec/classes/profile/unison_spec.rb index 09ba7c40a..20f30d4e3 100644 --- a/spec/classes/profile/unison_spec.rb +++ b/spec/classes/profile/unison_spec.rb @@ -13,7 +13,7 @@ shared_examples_for 'logrotated unison' do it do - is_expected.to contain_logrotate__rule('unison').with( + expect(subject).to contain_logrotate__rule('unison').with( path: '/var/log/unison*.log', rotate: 7, rotate_every: 'day', @@ -27,15 +27,16 @@ it { is_expected.to contain_class('nebula::profile::logrotate') } end - context 'server' do + context 'when on server' do let(:params) { { servers: %w[instance1 instance2] } } it { is_expected.to compile } + it_behaves_like 'logrotated unison' # both instances are configured via hiera it do - is_expected.to contain_nebula__unison__server('instance1').with( + expect(subject).to contain_nebula__unison__server('instance1').with( port: 2647, root: '/somewhere', paths: %w[something somethingelse], @@ -44,7 +45,7 @@ end it do - is_expected.to contain_nebula__unison__server('instance2').with( + expect(subject).to contain_nebula__unison__server('instance2').with( port: 2648, root: '/elsewhere', paths: %w[otherthing yetanotherthing], @@ -53,10 +54,11 @@ end end - context 'client' do + context 'when on client' do let(:params) { { clients: %w[instance1 instance2] } } it { is_expected.to compile } + it_behaves_like 'logrotated unison' # can't test importing exported resources diff --git a/spec/classes/profile/users_spec.rb b/spec/classes/profile/users_spec.rb index 81cea3164..06f9e7e48 100644 --- a/spec/classes/profile/users_spec.rb +++ b/spec/classes/profile/users_spec.rb @@ -15,7 +15,7 @@ it { is_expected.to contain_group('invalid_special_group').with_gid(2468) } it do - is_expected.to contain_user('invalid_normal_admin').with( + expect(subject).to contain_user('invalid_normal_admin').with( comment: 'Invalid normal admin', gid: 'invalid_default_group', uid: 123_456, @@ -27,7 +27,7 @@ end it do - is_expected.to contain_user('invalid_special_admin').with( + expect(subject).to contain_user('invalid_special_admin').with( comment: 'Invalid special admin', gid: 'invalid_special_group', uid: 123_457, @@ -39,7 +39,7 @@ end it do - is_expected.to contain_user('invalid_noauth_admin').with( + expect(subject).to contain_user('invalid_noauth_admin').with( comment: 'Invalid no-authorization admin', gid: 'invalid_default_group', uid: 123_458, diff --git a/spec/classes/profile/vim_spec.rb b/spec/classes/profile/vim_spec.rb index ad57017cd..e9a383ffc 100644 --- a/spec/classes/profile/vim_spec.rb +++ b/spec/classes/profile/vim_spec.rb @@ -13,7 +13,7 @@ it { is_expected.to contain_package('vim') } it do - is_expected.to contain_file('/etc/vim/vimrc') + expect(subject).to contain_file('/etc/vim/vimrc') .that_requires('Package[vim]') end @@ -24,7 +24,7 @@ end it 'never enables any mouse usage of any kind' do - is_expected.to contain_file('/etc/vim/vimrc').without_content( + expect(subject).to contain_file('/etc/vim/vimrc').without_content( %r{^set mouse=.+$}, ) end diff --git a/spec/classes/profile/vmhost/host_spec.rb b/spec/classes/profile/vmhost/host_spec.rb index f8db9ee9c..6b88b7b1b 100644 --- a/spec/classes/profile/vmhost/host_spec.rb +++ b/spec/classes/profile/vmhost/host_spec.rb @@ -15,7 +15,7 @@ def contain_vm(name) let(:facts) { os_facts } it do - is_expected.to contain_file('/etc/default/libvirt-guests') + expect(subject).to contain_file('/etc/default/libvirt-guests') end context 'when given nothing' do @@ -64,74 +64,74 @@ def contain_vm(name) it { is_expected.to contain_vm('vmname').with_gateway('10.1.2.3') } it { is_expected.to contain_vm('vmname').with_nameservers(['5.5.5.5', '4.4.4.4']) } - context 'and given a random number of cpus' do + context 'with a random number of cpus' do let(:cpus) { Faker::Number.between(from: 1, to: 12).to_i } let(:params) { super().merge(cpus: cpus) } it { is_expected.to contain_vm('vmname').with_cpus(cpus) } end - context 'and given a random amount of disk space' do + context 'with a random amount of disk space' do let(:disk) { Faker::Number.between(from: 8, to: 200).to_i } let(:params) { super().merge(disk: disk) } it { is_expected.to contain_vm('vmname').with_disk(disk) } end - context 'and given a random amount of ram' do + context 'with a random amount of ram' do let(:ram) { Faker::Number.between(from: 1, to: 64).to_i } let(:params) { super().merge(ram: ram) } it { is_expected.to contain_vm('vmname').with_ram(ram) } end - context 'and given a random domain' do + context 'with a random domain' do let(:domain) { Faker::Internet.domain_name } let(:params) { super().merge(domain: domain) } it { is_expected.to contain_vm('vmname').with_domain(domain) } end - context 'and given a random filehost' do + context 'with a random filehost' do let(:domain) { Faker::Internet.domain_name } let(:params) { super().merge(filehost: domain) } it { is_expected.to contain_vm('vmname').with_filehost(domain) } end - context 'and given a net_interface of eth3' do + context 'with a net_interface of eth3' do let(:params) { super().merge(net_interface: 'eth3') } it { is_expected.to contain_vm('vmname').with_net_interface('eth3') } end - context 'and given a random netmask' do + context 'with a random netmask' do let(:ip) { Faker::Internet.ip_v4_address } let(:params) { super().merge(netmask: ip) } it { is_expected.to contain_vm('vmname').with_netmask(ip) } end - context 'and given a random gateway' do + context 'with a random gateway' do let(:ip) { Faker::Internet.ip_v4_address } let(:params) { super().merge(gateway: ip) } it { is_expected.to contain_vm('vmname').with_gateway(ip) } end - context 'and given some random nameservers' do + context 'with some random nameservers' do let(:nameservers) { Array.new(Faker::Number.between(from: 2, to: 4)) { Faker::Internet.ip_v4_address } } let(:params) { super().merge(nameservers: nameservers) } it { is_expected.to contain_vm('vmname').with_nameservers(nameservers) } end - context 'and given an image_dir of /virt_imgs' do + context 'with an image_dir of /virt_imgs' do let(:params) { super().merge(image_dir: '/virt_imgs') } it { is_expected.to contain_vm('vmname').with_image_dir('/virt_imgs') } - context 'and given a vm with an image_dir of /special_img' do + context 'with a vm with an image_dir of /special_img' do let(:params) do super().merge( vms: { @@ -139,7 +139,7 @@ def contain_vm(name) 'addr' => '1.2.3.2', }, 'specialvm' => { - 'addr' => '1.2.3.3', + 'addr' => '1.2.3.3', 'image_dir' => '/special_img', }, }, diff --git a/spec/classes/profile/www_lib/cron_spec.rb b/spec/classes/profile/www_lib/cron_spec.rb index dd9703c32..d03ba91c9 100644 --- a/spec/classes/profile/www_lib/cron_spec.rb +++ b/spec/classes/profile/www_lib/cron_spec.rb @@ -28,9 +28,9 @@ let(:params) { { extra_jobs: extra_jobs } } let(:extra_jobs) do { - 'my_title' => { - 'hour' => 1, - 'minute' => 23, + 'my_title' => { + 'hour' => 1, + 'minute' => 23, 'command' => 'echo hello', }, } diff --git a/spec/classes/profile/www_lib/register_for_load_balancing_spec.rb b/spec/classes/profile/www_lib/register_for_load_balancing_spec.rb index 53dc4c474..4fbfa7cd2 100644 --- a/spec/classes/profile/www_lib/register_for_load_balancing_spec.rb +++ b/spec/classes/profile/www_lib/register_for_load_balancing_spec.rb @@ -18,7 +18,7 @@ let(:params) { { services: ['www-lib'] } } it do - is_expected.to contain_nebula__haproxy__binding("#{facts[:hostname]} www-lib") + expect(subject).to contain_nebula__haproxy__binding("#{facts[:hostname]} www-lib") .with_service('www-lib') end diff --git a/spec/classes/resolv_conf_spec.rb b/spec/classes/resolv_conf_spec.rb index 4ae86b25e..254c26b1c 100644 --- a/spec/classes/resolv_conf_spec.rb +++ b/spec/classes/resolv_conf_spec.rb @@ -10,51 +10,50 @@ it { is_expected.to compile } it 'removes resolvconf package if present' do - is_expected.to contain_package('resolvconf').with_ensure('absent') + expect(subject).to contain_package('resolvconf').with_ensure('absent') end it 'contains expected resolv.conf file' do - is_expected.to contain_file('/etc/resolv.conf') + expect(subject).to contain_file('/etc/resolv.conf') .with_owner('root') .with_group('root') .with_mode('0644') - .with_content(/^#.*puppet/) - .with_content(/^search searchpath\.default\.invalid$/) - .with_content(/^nameserver 5.5.5.5\nnameserver 4.4.4.4$/) + .with_content(%r{^#.*puppet}) + .with_content(%r{^search searchpath\.default\.invalid$}) + .with_content(%r{^nameserver 5.5.5.5\nnameserver 4.4.4.4$}) end - context 'different nameservers' do + context 'with different nameservers' do let(:params) { { nameservers: ['3.3.3.3', '2.2.2.2', '1.1.1.1'] } } it do - is_expected.to contain_file('/etc/resolv.conf') - .with_content(/^#.*puppet/) - .with_content(/^search searchpath\.default\.invalid$/) - .with_content(/^nameserver 3.3.3.3\nnameserver 2.2.2.2\nnameserver 1.1.1.1$/) + expect(subject).to contain_file('/etc/resolv.conf') + .with_content(%r{^#.*puppet}) + .with_content(%r{^search searchpath\.default\.invalid$}) + .with_content(%r{^nameserver 3.3.3.3\nnameserver 2.2.2.2\nnameserver 1.1.1.1$}) end end - context 'searchpath set to []' do + context 'with searchpath set to []' do let(:params) { { searchpath: [] } } it do - is_expected.to contain_file('/etc/resolv.conf') - .with_content(/^#.*puppet/) - .without_content(/^search/) - .with_content(/^nameserver 5.5.5.5\nnameserver 4.4.4.4$/) + expect(subject).to contain_file('/etc/resolv.conf') + .with_content(%r{^#.*puppet}) + .without_content(%r{^search}) + .with_content(%r{^nameserver 5.5.5.5\nnameserver 4.4.4.4$}) end end - context 'custom file mode' do + context 'with custom file mode' do let(:params) { { mode: '0664' } } it do - is_expected.to contain_file('/etc/resolv.conf') - .with_content(/^#.*puppet/) + expect(subject).to contain_file('/etc/resolv.conf') + .with_content(%r{^#.*puppet}) .with_mode('0664') end end - end end end diff --git a/spec/classes/role/fulcrum_www_and_app_spec.rb b/spec/classes/role/fulcrum_www_and_app_spec.rb index 3691d3453..4b43747f5 100644 --- a/spec/classes/role/fulcrum_www_and_app_spec.rb +++ b/spec/classes/role/fulcrum_www_and_app_spec.rb @@ -27,18 +27,18 @@ it { is_expected.to contain_class('nebula::profile::apache') } it 'configures shibboleth' do - is_expected.to contain_class('nebula::profile::shibboleth') + expect(subject).to contain_class('nebula::profile::shibboleth') .with(startup_timeout: 900) .with(watchdog_minutes: '*/30') end it do - is_expected.to contain_file('/etc/apache2/mods-available/shib2.conf') + expect(subject).to contain_file('/etc/apache2/mods-available/shib2.conf') .with_content(%r{SetHandler shib-handler}) end it do - is_expected.to contain_file('/etc/apache2/mods-enabled/shib2.conf') + expect(subject).to contain_file('/etc/apache2/mods-enabled/shib2.conf') .with_ensure('link') .with_target('/etc/apache2/mods-available/shib2.conf') end diff --git a/spec/classes/role/hathitrust/solr/catalog_spec.rb b/spec/classes/role/hathitrust/solr/catalog_spec.rb index fd154c818..58c88a421 100644 --- a/spec/classes/role/hathitrust/solr/catalog_spec.rb +++ b/spec/classes/role/hathitrust/solr/catalog_spec.rb @@ -1,4 +1,5 @@ # frozen_string_literal: true + require 'spec_helper' describe 'nebula::role::hathitrust::solr::catalog' do diff --git a/spec/classes/role/hathitrust/solr/lss_spec.rb b/spec/classes/role/hathitrust/solr/lss_spec.rb index 0df753acd..694e07344 100644 --- a/spec/classes/role/hathitrust/solr/lss_spec.rb +++ b/spec/classes/role/hathitrust/solr/lss_spec.rb @@ -1,4 +1,5 @@ # frozen_string_literal: true + require 'spec_helper' describe 'nebula::role::hathitrust::solr::lss' do diff --git a/spec/classes/role/hathitrust_spec.rb b/spec/classes/role/hathitrust_spec.rb index 492c06eb6..f1af1bf9a 100644 --- a/spec/classes/role/hathitrust_spec.rb +++ b/spec/classes/role/hathitrust_spec.rb @@ -1,4 +1,5 @@ # frozen_string_literal: true + require 'spec_helper' describe 'nebula::role::hathitrust' do @@ -14,7 +15,7 @@ let(:params) { { afs: false } } it { is_expected.not_to contain_package('openafs-client') } - end + end end end end diff --git a/spec/classes/role/htvm_global_primary_webhost_spec.rb b/spec/classes/role/htvm_global_primary_webhost_spec.rb index a3f18a543..e2cae2eb9 100644 --- a/spec/classes/role/htvm_global_primary_webhost_spec.rb +++ b/spec/classes/role/htvm_global_primary_webhost_spec.rb @@ -18,7 +18,7 @@ it { is_expected.to contain_class('nebula::role::webhost::htvm::site_primary') } it do - is_expected.to contain_cron('wordpress cron') + expect(subject).to contain_cron('wordpress cron') .with(user: 'nobody', command: %r{.*wp-cron.php.*}, minute: 0) diff --git a/spec/classes/role/htvm_webhost_spec.rb b/spec/classes/role/htvm_webhost_spec.rb index a5e6a0150..b79116cb4 100644 --- a/spec/classes/role/htvm_webhost_spec.rb +++ b/spec/classes/role/htvm_webhost_spec.rb @@ -15,26 +15,26 @@ it { is_expected.to compile } it do - is_expected.to contain_class('nebula::profile::shibboleth') + expect(subject).to contain_class('nebula::profile::shibboleth') .with(startup_timeout: 1800) .with(watchdog_minutes: '*/30') end it do - is_expected.to contain_class('nebula::profile::hathitrust::dependencies') - is_expected.to contain_class('nebula::profile::hathitrust::hosts') - is_expected.to contain_class('nebula::profile::hathitrust::mounts') - is_expected.to contain_class('nebula::profile::hathitrust::perl') - is_expected.to contain_class('nebula::profile::hathitrust::php') + expect(subject).to contain_class('nebula::profile::hathitrust::dependencies') + expect(subject).to contain_class('nebula::profile::hathitrust::hosts') + expect(subject).to contain_class('nebula::profile::hathitrust::mounts') + expect(subject).to contain_class('nebula::profile::hathitrust::perl') + expect(subject).to contain_class('nebula::profile::hathitrust::php') end it do - is_expected.to contain_concat_fragment('monitor nfs /sdr1') + expect(subject).to contain_concat_fragment('monitor nfs /sdr1') .with(tag: 'monitor_config', content: { 'nfs' => ['/sdr1'] }.to_yaml) end it do - is_expected.to contain_concat_fragment('monitor nfs /htapps') + expect(subject).to contain_concat_fragment('monitor nfs /htapps') .with(tag: 'monitor_config', content: { 'nfs' => ['/htapps'] }.to_yaml) end diff --git a/spec/classes/role/kubernetes_spec.rb b/spec/classes/role/kubernetes_spec.rb index c3fe83742..2dba6d6e5 100644 --- a/spec/classes/role/kubernetes_spec.rb +++ b/spec/classes/role/kubernetes_spec.rb @@ -14,10 +14,10 @@ let(:hiera_config) { 'spec/fixtures/hiera/kubernetes/first_cluster_config.yaml' } let(:facts) do os_facts.merge( - 'networking' => { + 'networking' => { 'interfaces' => { - 'ens4' => { - 'ip' => '10.123.234.5', + 'ens4' => { + 'ip' => '10.123.234.5', }, }, }, @@ -41,10 +41,10 @@ let(:hiera_config) { 'spec/fixtures/hiera/kubernetes/first_cluster_config.yaml' } let(:facts) do os_facts.merge( - 'networking' => { + 'networking' => { 'interfaces' => { - 'ens4' => { - 'ip' => '10.123.234.5', + 'ens4' => { + 'ip' => '10.123.234.5', }, }, }, @@ -56,7 +56,7 @@ it { is_expected.not_to contain_resources('firewall').with_purge(true) } it do - is_expected.to contain_firewallchain('INPUT:filter:IPv4').with( + expect(subject).to contain_firewallchain('INPUT:filter:IPv4').with( ensure: 'present', purge: true, ignore: ['-j cali-INPUT', @@ -67,7 +67,7 @@ end it do - is_expected.to contain_firewallchain('OUTPUT:filter:IPv4').with( + expect(subject).to contain_firewallchain('OUTPUT:filter:IPv4').with( ensure: 'present', purge: true, ignore: ['-j cali-OUTPUT', @@ -77,7 +77,7 @@ end it do - is_expected.to contain_firewallchain('FORWARD:filter:IPv4').with( + expect(subject).to contain_firewallchain('FORWARD:filter:IPv4').with( ensure: 'present', purge: true, ignore: ['-j cali-FORWARD', diff --git a/spec/classes/role/load_balancer_spec.rb b/spec/classes/role/load_balancer_spec.rb index 0293a0f31..7978e0d7a 100644 --- a/spec/classes/role/load_balancer_spec.rb +++ b/spec/classes/role/load_balancer_spec.rb @@ -28,12 +28,12 @@ let(:service) { 'keepalived' } let(:thisnode) { { 'ip' => facts[:networking][:ip], 'hostname' => facts[:hostname] } } - let(:haproxy2) { { 'ip' => Faker::Internet.ip_v4_address, 'hostname' => 'haproxy2' } } + let(:haproxy_2) { { 'ip' => Faker::Internet.ip_v4_address, 'hostname' => 'haproxy2' } } let(:scotch) { { 'ip' => '111.111.111.123', 'hostname' => 'scotch' } } let(:soda) { { 'ip' => '222.222.222.234', 'hostname' => 'soda' } } let(:third_server) { { 'ip' => '333.333.333.345', 'hostname' => 'third_server' } } - include_context 'with mocked puppetdb functions', 'somedc', %w[thisnode haproxy2 scotch soda third_server], 'nebula::profile::haproxy' => %w[thisnode haproxy2] + include_context 'with mocked puppetdb functions', 'somedc', %w[thisnode haproxy_2 scotch soda third_server], 'nebula::profile::haproxy' => %w[thisnode haproxy2] before(:each) do stub('balanced_frontends') do |d| diff --git a/spec/classes/role/www_lib_vm_spec.rb b/spec/classes/role/www_lib_vm_spec.rb index 9d2c8af21..de3eda064 100644 --- a/spec/classes/role/www_lib_vm_spec.rb +++ b/spec/classes/role/www_lib_vm_spec.rb @@ -28,24 +28,24 @@ it { is_expected.to contain_apache__vhost('000-default-ssl').with(ssl: true, ssl_cert: '/etc/ssl/certs/www.lib.umich.edu.crt') } it 'configures shibboleth' do - is_expected.to contain_class('nebula::profile::shibboleth') + expect(subject).to contain_class('nebula::profile::shibboleth') .with(startup_timeout: 900) .with(watchdog_minutes: '*/30') end it do - is_expected.to contain_file('/etc/apache2/mods-available/shib2.conf') + expect(subject).to contain_file('/etc/apache2/mods-available/shib2.conf') .with_content(%r{SetHandler shib-handler}) end it do - is_expected.to contain_file('/etc/apache2/mods-enabled/shib2.conf') + expect(subject).to contain_file('/etc/apache2/mods-enabled/shib2.conf') .with_ensure('link') .with_target('/etc/apache2/mods-available/shib2.conf') end it do - is_expected.to contain_apache__vhost('www.lib-ssl') + expect(subject).to contain_apache__vhost('www.lib-ssl') .with(servername: 'www.lib.umich.edu', port: 443, ssl: true, @@ -63,25 +63,25 @@ end it do - is_expected.to contain_concat_fragment('www.lib-ssl-ssl') + expect(subject).to contain_concat_fragment('www.lib-ssl-ssl') .with_content(%r{^\s*SSLCertificateFile\s*"/etc/ssl/certs/www.lib.umich.edu.crt"$}) end it do - is_expected.to contain_concat_file('/usr/local/lib/cgi-bin/monitor/monitor_config.yaml') + expect(subject).to contain_concat_file('/usr/local/lib/cgi-bin/monitor/monitor_config.yaml') end # from hiera it { is_expected.to contain_host('mysql-web').with_ip('10.0.0.123') } it do - is_expected.to contain_apache__vhost('000-default-ssl') + expect(subject).to contain_apache__vhost('000-default-ssl') .with_aliases([{ 'scriptalias' => '/monitor', 'path' => '/usr/local/lib/cgi-bin/monitor' }]) end it do - is_expected.to contain_apache__vhost('datamart-https') + expect(subject).to contain_apache__vhost('datamart-https') .with_servername('datamart.lib.umich.edu') .with_error_log_file('datamart.lib/error.log') end @@ -92,19 +92,19 @@ end it do - is_expected.to contain_apache__vhost('mediaindustriesjournal.org-redirect-http') + expect(subject).to contain_apache__vhost('mediaindustriesjournal.org-redirect-http') .with_redirect_dest('http://www.mediaindustriesjournal.org/') .with_serveraliases([]) end it do - is_expected.to contain_apache__vhost('michiganelt.org-redirect-https') + expect(subject).to contain_apache__vhost('michiganelt.org-redirect-https') .with_redirect_dest('https://www.press.umich.edu/elt') .with_serveraliases(['www.michiganelt.org']) end it do - is_expected.to contain_apache__vhost('lib.umich.edu-redirect-https') + expect(subject).to contain_apache__vhost('lib.umich.edu-redirect-https') .with_redirect_dest('https://www.lib.umich.edu/') .with_serveraliases(%w[lib library.umich.edu @@ -112,7 +112,7 @@ end it do - is_expected.to contain_apache__vhost('theater-historiography.org-redirect-https') + expect(subject).to contain_apache__vhost('theater-historiography.org-redirect-https') .with_ssl_cert('/etc/ssl/certs/theater-historiography.org.crt') .with_redirect_dest('https://www.theater-historiography.org/') .with_serveraliases(%w[www.theater-historiography.com @@ -124,36 +124,36 @@ end it do - is_expected.to contain_apache__vhost('deepblue-https') + expect(subject).to contain_apache__vhost('deepblue-https') .with_ssl_cert('/etc/ssl/certs/deepblue.lib.umich.edu.crt') .with_servername('deepblue.lib.umich.edu') .with_ssl_proxyengine(true) end it do - is_expected.to contain_apache__vhost('openmich-https') + expect(subject).to contain_apache__vhost('openmich-https') .with_ssl_cert('/etc/ssl/certs/open.umich.edu.crt') .with_servername('open.umich.edu') end it do - is_expected.to contain_apache__vhost('apps.staff.lib http redirect') + expect(subject).to contain_apache__vhost('apps.staff.lib http redirect') .with_servername('apps.staff.lib.umich.edu') end it do - is_expected.to contain_apache__vhost('apps.staff.lib ssl') + expect(subject).to contain_apache__vhost('apps.staff.lib ssl') .with_servername('apps.staff.lib.umich.edu') .with_ssl_cert('/etc/ssl/certs/apps.staff.lib.umich.edu.crt') end it do - is_expected.to contain_apache__vhost('www.publishing-http') + expect(subject).to contain_apache__vhost('www.publishing-http') end it do # SSL offloading - is_expected.to contain_apache__vhost('www.publishing-https') + expect(subject).to contain_apache__vhost('www.publishing-https') .with_servername('https://www.publishing.umich.edu') .with_ssl(false) .with_port(443) @@ -161,7 +161,7 @@ it do # Name-based multi-site Wordpress - is_expected.to contain_apache__vhost('publishing-partners-http') + expect(subject).to contain_apache__vhost('publishing-partners-http') .with_servername('blog.press.umich.edu') .with_serveraliases([ 'www.theater-historiography.org', @@ -173,7 +173,7 @@ it do # SSL offloading # Name-based multi-site Wordpress - is_expected.to contain_apache__vhost('publishing-partners-https') + expect(subject).to contain_apache__vhost('publishing-partners-https') .with_servername('https://blog.press.umich.edu') .with_ssl(false) .with_port(443) @@ -185,19 +185,19 @@ end it do - is_expected.to contain_apache__vhost('press-http') + expect(subject).to contain_apache__vhost('press-http') .with_servername('www.press.umich.edu') end it do - is_expected.to contain_apache__vhost('press-https') + expect(subject).to contain_apache__vhost('press-https') .with_servername('www.press.umich.edu') .with_ssl_cert('/etc/ssl/certs/www.press.umich.edu.crt') .with_setenv(['HTTPS on', 'PERL_USE_UNSAFE_INC 1']) end it do - is_expected.to contain_apache__vhost('apps.lib-https') + expect(subject).to contain_apache__vhost('apps.lib-https') .with(servername: 'apps.lib.umich.edu', port: 443, ssl: true, @@ -210,12 +210,12 @@ it { is_expected.to contain_file('sqlnet.ora') } it 'adds custom params to file authz_umichlib.conf' do - is_expected.to contain_file('authz_umichlib.conf') + expect(subject).to contain_file('authz_umichlib.conf') .with_content(%r{DBDParams\s*user=somebody}) end it 'adds custom params to file tnsnames.ora' do - is_expected.to contain_file('tnsnames.ora') + expect(subject).to contain_file('tnsnames.ora') .with_content(%r{^ORCL.MYSERVER1_ALIAS1\s+=}) .with_content(%r{^ORCL.MYSERVER1_ALIAS2\s+=}) .with_content(%r{^ORCL.MYSERVER2_ALIAS1\s+=}) diff --git a/spec/defines/authzd_user_spec.rb b/spec/defines/authzd_user_spec.rb index 4c1973cfb..2caa194ba 100644 --- a/spec/defines/authzd_user_spec.rb +++ b/spec/defines/authzd_user_spec.rb @@ -27,11 +27,11 @@ describe 'users' do it { - is_expected.to contain_user(title).with(name: title, - gid: params[:gid], - home: home, - shell: '/bin/bash', - managehome: true) + expect(subject).to contain_user(title).with(name: title, + gid: params[:gid], + home: home, + shell: '/bin/bash', + managehome: true) } it { is_expected.to contain_file("#{home}/.ssh").with(ensure: 'directory', mode: '0700') } @@ -39,7 +39,7 @@ it { is_expected.to contain_file("#{home}/.ssh/authorized_keys").with(owner: title, group: params[:gid]) } it 'creates authorized_keys with the given key' do - is_expected.to contain_file("#{home}/.ssh/authorized_keys") + expect(subject).to contain_file("#{home}/.ssh/authorized_keys") .with_content(%r{^#{params[:key][:type]} #{params[:key][:data]} #{params[:key][:comment]}$}) end end diff --git a/spec/defines/cert_spec.rb b/spec/defines/cert_spec.rb index 061d11e53..d7022372f 100644 --- a/spec/defines/cert_spec.rb +++ b/spec/defines/cert_spec.rb @@ -16,7 +16,7 @@ it { is_expected.to contain_class('letsencrypt').with_email('contact@default.invalid') } it do - is_expected.to contain_letsencrypt__certonly('example.invalid') + expect(subject).to contain_letsencrypt__certonly('example.invalid') .with_domains(['example.invalid']) .with_plugin('standalone') .with_manage_cron(true) @@ -24,28 +24,28 @@ end it do - is_expected.to contain_firewall('200 HTTP') + expect(subject).to contain_firewall('200 HTTP') .with_proto('tcp') .with_dport(80) .with_state('NEW') .with_action('accept') end - context 'and with additional_domains set to sub.example.invalid' do + context 'with additional_domains set to sub.example.invalid' do let(:params) { { additional_domains: ['sub.example.invalid'] } } it do - is_expected.to contain_letsencrypt__certonly('example.invalid') + expect(subject).to contain_letsencrypt__certonly('example.invalid') .with_domains(%w[example.invalid sub.example.invalid]) .with_plugin('standalone') end end - context 'and with webroot set to /var/www' do + context 'with webroot set to /var/www' do let(:params) { { webroot: '/var/www' } } it do - is_expected.to contain_letsencrypt__certonly('example.invalid') + expect(subject).to contain_letsencrypt__certonly('example.invalid') .with_plugin('webroot') .with_webroot_paths(['/var/www']) .with_manage_cron(true) @@ -53,11 +53,11 @@ end end - context 'and with webroot set to [/var/www]' do + context 'with webroot set to [/var/www]' do let(:params) { { webroot: ['/var/www'] } } it do - is_expected.to contain_letsencrypt__certonly('example.invalid') + expect(subject).to contain_letsencrypt__certonly('example.invalid') .with_plugin('webroot') .with_webroot_paths(['/var/www']) end diff --git a/spec/defines/cifs_mount_spec.rb b/spec/defines/cifs_mount_spec.rb index d3b4f8576..7ede9ad0e 100644 --- a/spec/defines/cifs_mount_spec.rb +++ b/spec/defines/cifs_mount_spec.rb @@ -22,12 +22,12 @@ it { is_expected.to compile } - it { is_expected.to contain_package('cifs-utils').with_ensure(/(present|installed)/) } + it { is_expected.to contain_package('cifs-utils').with_ensure(%r{(present|installed)}) } it { is_expected.to contain_file(title).with_ensure('directory') } it { is_expected.not_to contain_file('/etc/default/an_unused_user-credentials') } it do - is_expected.to contain_file('/etc/default/default_cifs_user-credentials') + expect(subject).to contain_file('/etc/default/default_cifs_user-credentials') .with_source('puppet:///cifs-credentials/default_cifs_user-credentials') .with_mode('0400') .with_owner('root') @@ -35,7 +35,7 @@ end it do - is_expected.to contain_mount(title) + expect(subject).to contain_mount(title) .with_ensure('mounted') .with_device('//default.invalid/path') .with_fstype('cifs') @@ -86,14 +86,14 @@ context 'when another cifs_mount is defined with the same user' do let(:pre_condition) do - <<~EOF + <<~RESOURCES nebula::cifs_mount { '/mnt/another_mount': remote_target => '//another.invalid/another', uid => 'root', gid => 'root', user => 'default_cifs_user', } - EOF + RESOURCES end it { is_expected.to compile } diff --git a/spec/defines/exposed_port_spec.rb b/spec/defines/exposed_port_spec.rb index 1e0f53c3b..2ac2c36a3 100644 --- a/spec/defines/exposed_port_spec.rb +++ b/spec/defines/exposed_port_spec.rb @@ -18,7 +18,7 @@ it { is_expected.to compile } it do - is_expected.to contain_firewall('100 SSH: Developers').with( + expect(subject).to contain_firewall('100 SSH: Developers').with( proto: 'tcp', dport: 22, source: '10.0.0.0/16', @@ -43,14 +43,14 @@ it { is_expected.to compile } it do - is_expected.to contain_firewall('200 HTTP: VPN users').with( + expect(subject).to contain_firewall('200 HTTP: VPN users').with( dport: 80, source: '10.10.10.0/24', ) end it do - is_expected.to contain_firewall('200 HTTP: On-site users') + expect(subject).to contain_firewall('200 HTTP: On-site users') .with_source('10.10.11.0/24') end end @@ -92,7 +92,7 @@ end it do - is_expected.to contain_firewall('400 Who knows: Developers') + expect(subject).to contain_firewall('400 Who knows: Developers') .with_dport('30000-32967') end end @@ -103,7 +103,7 @@ end it do - is_expected.to contain_firewall('400 Who knows: Developers') + expect(subject).to contain_firewall('400 Who knows: Developers') .with_dport([80, 443]) end end diff --git a/spec/defines/file/ssh_keys_spec.rb b/spec/defines/file/ssh_keys_spec.rb index 00956104a..a1db27d39 100644 --- a/spec/defines/file/ssh_keys_spec.rb +++ b/spec/defines/file/ssh_keys_spec.rb @@ -17,7 +17,7 @@ context 'when called /opt/keys' do it do - is_expected.to contain_file('/opt/keys') + expect(subject).to contain_file('/opt/keys') .without_content(%r{^[^#]}) end @@ -35,8 +35,8 @@ { keys: [ { - type: 'ssh-rsa', - data: 'AAAAAAAAAAAA', + type: 'ssh-rsa', + data: 'AAAAAAAAAAAA', comment: 'name', }, ], @@ -44,7 +44,7 @@ end it do - is_expected.to contain_file('/opt/keys') + expect(subject).to contain_file('/opt/keys') .with_content(%r{^ssh-rsa AAAAAAAAAAAA name$}) end end @@ -64,7 +64,7 @@ end it do - is_expected.to contain_file('/opt/keys') + expect(subject).to contain_file('/opt/keys') .with_content(%r{^command="/usr/bin/whatever" ssh-rsa AAAAAAAAAAAA name$}) end end @@ -74,14 +74,14 @@ let(:params) { { secret: true } } it do - is_expected.to contain_file('/etc/secret').with( + expect(subject).to contain_file('/etc/secret').with( ensure: 'directory', - mode: '0700', + mode: '0700', ) end it do - is_expected.to contain_file('/etc/secret/keys') + expect(subject).to contain_file('/etc/secret/keys') .that_requires('File[/etc/secret]') end end diff --git a/spec/defines/firewall_allow_spec.rb b/spec/defines/firewall_allow_spec.rb index 0814166e6..02181d876 100644 --- a/spec/defines/firewall_allow_spec.rb +++ b/spec/defines/firewall_allow_spec.rb @@ -18,7 +18,7 @@ let(:params) { { source: 'lowest', port: 1234 } } it do - is_expected.to contain_firewall("300 #{title} 0").with( + expect(subject).to contain_firewall("300 #{title} 0").with( proto: 'tcp', dport: 1234, source: '10.0.0.0/32', @@ -27,13 +27,13 @@ ) end - context 'and the title is set to "Cool Firewall"' do + context 'when title is set to "Cool Firewall"' do let(:title) { 'Cool Firewall' } it { is_expected.to contain_firewall('300 Cool Firewall 0') } end - context 'and order is set to 500' do + context 'when order is set to 500' do let(:params) do super().merge(order: 500) end @@ -41,7 +41,7 @@ it { is_expected.to contain_firewall("500 #{title} 0") } end - context 'and proto is set to "udp"' do + context 'when proto is set to "udp"' do let(:params) do super().merge(proto: 'udp') end @@ -54,7 +54,7 @@ let(:params) { { source: 'highest', port: [123, 456, 789] } } it do - is_expected.to contain_firewall("300 #{title} 0").with( + expect(subject).to contain_firewall("300 #{title} 0").with( proto: 'tcp', dport: [123, 456, 789], source: '10.255.255.255/32', diff --git a/spec/defines/haproxy_binding_spec.rb b/spec/defines/haproxy_binding_spec.rb index 87d3835c6..05f070f8b 100644 --- a/spec/defines/haproxy_binding_spec.rb +++ b/spec/defines/haproxy_binding_spec.rb @@ -22,16 +22,16 @@ # needs to exist so binding can realize it let(:pre_condition) do - <<~EOT + <<~RESOURCES @nebula::haproxy::service { "myservice": floating_ip => '10.2.3.124' } Concat_Fragment <| |> - EOT + RESOURCES end it do - is_expected.to contain_concat_fragment('myservice-dc-http thishost binding').with( + expect(subject).to contain_concat_fragment('myservice-dc-http thishost binding').with( target: '/etc/haproxy/services.d/myservice-http.cfg', order: '04', content: "server thishost 10.1.2.123:80 track myservice-dc-https-back/thishost cookie s123\n", @@ -40,7 +40,7 @@ end it do - is_expected.to contain_concat_fragment('myservice-dc-https thishost binding').with( + expect(subject).to contain_concat_fragment('myservice-dc-https thishost binding').with( target: '/etc/haproxy/services.d/myservice-https.cfg', order: '04', content: "server thishost 10.1.2.123:443 check cookie s123\n", @@ -49,7 +49,7 @@ end it do - is_expected.to contain_concat_fragment('myservice-dc-http thishost exempt binding').with( + expect(subject).to contain_concat_fragment('myservice-dc-http thishost exempt binding').with( target: '/etc/haproxy/services.d/myservice-http.cfg', order: '06', content: "server thishost 10.1.2.123:80 track myservice-dc-https-back/thishost cookie s123\n", @@ -58,7 +58,7 @@ end it do - is_expected.to contain_concat_fragment('myservice-dc-https thishost exempt binding').with( + expect(subject).to contain_concat_fragment('myservice-dc-https thishost exempt binding').with( target: '/etc/haproxy/services.d/myservice-https.cfg', order: '06', content: "server thishost 10.1.2.123:443 track myservice-dc-https-back/thishost cookie s123\n", @@ -68,16 +68,16 @@ it { is_expected.to contain_nebula__haproxy__service('myservice') } - context 'no https offload' do + context 'without https offload' do let(:params) { super().merge(https_offload: false) } it do - is_expected.to contain_concat_fragment('myservice-dc-https thishost binding') + expect(subject).to contain_concat_fragment('myservice-dc-https thishost binding') .with_content("server thishost 10.1.2.123:443 ssl verify required ca-file /etc/ssl/certs/ca-certificates.crt check cookie s123\n") end it do - is_expected.to contain_concat_fragment('myservice-dc-https thishost exempt binding') + expect(subject).to contain_concat_fragment('myservice-dc-https thishost exempt binding') .with_content("server thishost 10.1.2.123:443 ssl verify required ca-file /etc/ssl/certs/ca-certificates.crt track myservice-dc-https-back/thishost cookie s123\n") end end diff --git a/spec/defines/haproxy_service_spec.rb b/spec/defines/haproxy_service_spec.rb index c2725cac2..44fa999c5 100644 --- a/spec/defines/haproxy_service_spec.rb +++ b/spec/defines/haproxy_service_spec.rb @@ -25,7 +25,7 @@ end let :pre_condition do - <<~EOT + <<~RESOURCES nebula::haproxy::binding { 'scotch svc1': service => 'svc1', datacenter => 'dc1', @@ -39,7 +39,7 @@ hostname => 'soda', ipaddress => '222.222.222.234' } - EOT + RESOURCES end describe 'https service config' do @@ -47,7 +47,7 @@ let(:service_config) { '/etc/haproxy/services.d/svc1-https.cfg' } it do - is_expected.to contain_concat(service_config).with( + expect(subject).to contain_concat(service_config).with( ensure: 'present', notify: 'Service[haproxy]', mode: '0644', @@ -55,7 +55,7 @@ end it do - is_expected.to contain_concat_fragment('svc1-dc1-https backend').with( + expect(subject).to contain_concat_fragment('svc1-dc1-https backend').with( target: service_config, content: "backend svc1-dc1-https-back\n", ) @@ -64,9 +64,9 @@ it { is_expected.to contain_concat_fragment('svc1-dc1-https check').with_target(service_config) } it do - is_expected.to contain_concat_fragment('svc1-dc1-https frontend').with( + expect(subject).to contain_concat_fragment('svc1-dc1-https frontend').with( target: service_config, - content: <<~EOT + content: <<~HAPROXY, frontend svc1-dc1-https-front bind 1.2.3.4:443 ssl crt /etc/ssl/private/svc1 stats uri /haproxy?stats @@ -77,7 +77,7 @@ default_backend svc1-dc1-https-back acl blocked-ip src -f /etc/haproxy/global_badrobots.txt http-request deny if blocked-ip - EOT + HAPROXY ) end @@ -87,7 +87,7 @@ end it do - is_expected.to contain_concat_fragment('svc1-dc1-https frontend').with( + expect(subject).to contain_concat_fragment('svc1-dc1-https frontend').with( target: service_config, content: %r{^maxconn 999$}, ) @@ -95,7 +95,7 @@ end it do - is_expected.not_to contain_file('/etc/haproxy/errors/svc1503.http') + expect(subject).not_to contain_file('/etc/haproxy/errors/svc1503.http') end describe 'with custom 503' do @@ -104,16 +104,16 @@ end it do - is_expected.to contain_file('/etc/haproxy/errors/svc1503.http') + expect(subject).to contain_file('/etc/haproxy/errors/svc1503.http') .with_source('https://default.http_files.invalid/errorfiles/svc1503.http') end it do - is_expected.to contain_concat_fragment('svc1-dc1-https custom 503').with( + expect(subject).to contain_concat_fragment('svc1-dc1-https custom 503').with( target: service_config, - content: <<~EOT + content: <<~HAPROXY, errorfile 503 /etc/haproxy/errors/svc1503.http - EOT + HAPROXY ) end end @@ -127,9 +127,9 @@ end it do - is_expected.to contain_concat_fragment('svc1-dc1-https throttling').with( + expect(subject).to contain_concat_fragment('svc1-dc1-https throttling').with( target: service_config, - content: <<~EOT + content: <<~HAPROXY, stick-table type ip size 200k expire 200s store http_req_rate(200s),bytes_out_rate(200s) tcp-request content track-sc2 src http-request set-var(req.http_rate) src_http_req_rate(svc1-dc1-http-back) @@ -137,12 +137,12 @@ acl http_req_rate_abuse var(req.http_rate),add(req.https_rate) gt 400 errorfile 403 /etc/haproxy/errors/svc1429.http http-request deny deny_status 403 if http_req_rate_abuse - EOT + HAPROXY ) end it do - is_expected.to contain_file('/etc/haproxy/errors/svc1429.http') + expect(subject).to contain_file('/etc/haproxy/errors/svc1429.http') .with_source('https://default.http_files.invalid/errorfiles/svc1429.http') end @@ -152,10 +152,11 @@ it { is_expected.not_to contain_file('/etc/haproxy/svc1_whitelist_path_end.txt') } it 'does not reference any whitelists' do - is_expected.to contain_concat_fragment('svc1-dc1-https frontend').with_content(%r{(?!whitelist)}) + expect(subject).to contain_concat_fragment('svc1-dc1-https frontend').with_content(%r{(?!whitelist)}) end + it 'does not reference the exemption backend' do - is_expected.to contain_concat_fragment('svc1-dc1-https frontend').with_content(%r{(?!svc1-dc1-https?-back-exempt)}) + expect(subject).to contain_concat_fragment('svc1-dc1-https frontend').with_content(%r{(?!svc1-dc1-https?-back-exempt)}) end end @@ -167,24 +168,25 @@ it { is_expected.to contain_file('/etc/haproxy/svc1_whitelist_src.txt').with_content("10.0.0.1\n10.2.32.0/24\n") } it do - is_expected.to contain_concat_fragment('svc1-dc1-https frontend').with_content(%r{#{<<~EOT}}m) + expect(subject).to contain_concat_fragment('svc1-dc1-https frontend').with_content(%r{#{<<~HAPROXY}}m) acl whitelist_src src -n -f /etc/haproxy/svc1_whitelist_src.txt use_backend svc1-dc1-https-back-exempt if whitelist_src default_backend svc1-dc1-https-back - EOT + HAPROXY end it do - is_expected.to contain_concat_fragment('svc1-dc1-https back-exempt') + expect(subject).to contain_concat_fragment('svc1-dc1-https back-exempt') .with_content("backend svc1-dc1-https-back-exempt\n") end it do - is_expected.to contain_concat_fragment('svc1-dc1-https scotch binding') + expect(subject).to contain_concat_fragment('svc1-dc1-https scotch binding') .with_content("server scotch 111.111.111.123:443 check cookie s123\n") end + it do - is_expected.to contain_concat_fragment('svc1-dc1-https soda binding') + expect(subject).to contain_concat_fragment('svc1-dc1-https soda binding') .with_content("server soda 222.222.222.234:443 check cookie s234\n") end end @@ -200,23 +202,23 @@ 'use_backend svc1-dc1-https-back-exempt if whitelist_path_beg OR whitelist_path_end'] .each do |fragment| it do - is_expected.to contain_concat_fragment('svc1-dc1-https frontend') + expect(subject).to contain_concat_fragment('svc1-dc1-https frontend') .with_content(%r{#{fragment}}) end end it do - is_expected.to contain_file('/etc/haproxy/svc1_whitelist_path_beg.txt').with_content(<<~EOT) + expect(subject).to contain_file('/etc/haproxy/svc1_whitelist_path_beg.txt').with_content(<<~PATHS) /some/where /another/path - EOT + PATHS end it do - is_expected.to contain_file('/etc/haproxy/svc1_whitelist_path_end.txt').with_content(<<~EOT) + expect(subject).to contain_file('/etc/haproxy/svc1_whitelist_path_end.txt').with_content(<<~PATHS) .abc .def - EOT + PATHS end end @@ -228,17 +230,18 @@ ['acl throttle_condition path_beg /whatever', 'use_backend svc1-dc1-https-back-exempt if !throttle_condition'].each do |fragment| it do - is_expected.to contain_concat_fragment('svc1-dc1-https frontend') + expect(subject).to contain_concat_fragment('svc1-dc1-https frontend') .with_content(%r{#{fragment}}) end end it do - is_expected.to contain_concat_fragment('svc1-dc1-https scotch exempt binding') + expect(subject).to contain_concat_fragment('svc1-dc1-https scotch exempt binding') .with_content("server scotch 111.111.111.123:443 track svc1-dc1-https-back/scotch cookie s123\n") end + it do - is_expected.to contain_concat_fragment('svc1-dc1-https soda exempt binding') + expect(subject).to contain_concat_fragment('svc1-dc1-https soda exempt binding') .with_content("server soda 222.222.222.234:443 track svc1-dc1-https-back/soda cookie s234\n") end end @@ -250,7 +253,7 @@ end it do - is_expected.to contain_cron('dynamic weighting for svc1') + expect(subject).to contain_cron('dynamic weighting for svc1') .with_command('/usr/bin/ruby /usr/local/bin/set_weights.rb dc1 svc1 > /dev/null 2>&1') .with_user('haproxyctl') .with_environment(['HAPROXY_SMOOTHING_FACTOR=2']) @@ -265,7 +268,7 @@ end it do - is_expected.to contain_concat_fragment('svc1-dc1-https check_timeout') + expect(subject).to contain_concat_fragment('svc1-dc1-https check_timeout') .with_target(service_config) .with_content("timeout connect 15000\n") end @@ -281,9 +284,9 @@ it { is_expected.to contain_concat(service_config).with(mode: '0644') } it do - is_expected.to contain_concat_fragment('svc1-dc1-http frontend').with( + expect(subject).to contain_concat_fragment('svc1-dc1-http frontend').with( target: service_config, - content: <<~EOT + content: <<~HAPROXY, frontend svc1-dc1-http-front bind 1.2.3.4:80 stats uri /haproxy?stats @@ -292,23 +295,24 @@ default_backend svc1-dc1-http-back acl blocked-ip src -f /etc/haproxy/global_badrobots.txt http-request deny if blocked-ip - EOT + HAPROXY ) end it do - is_expected.to contain_concat_fragment('svc1-dc1-http backend').with( + expect(subject).to contain_concat_fragment('svc1-dc1-http backend').with( target: service_config, content: "backend svc1-dc1-http-back\n", ) end it do - is_expected.to contain_concat_fragment('svc1-dc1-http scotch binding') + expect(subject).to contain_concat_fragment('svc1-dc1-http scotch binding') .with_content("server scotch 111.111.111.123:80 track svc1-dc1-https-back/scotch cookie s123\n") end + it do - is_expected.to contain_concat_fragment('svc1-dc1-http soda binding') + expect(subject).to contain_concat_fragment('svc1-dc1-http soda binding') .with_content("server soda 222.222.222.234:80 track svc1-dc1-https-back/soda cookie s234\n") end end @@ -329,7 +333,7 @@ end it do - is_expected.to contain_file(dest).with( + expect(subject).to contain_file(dest).with( ensure: 'directory', notify: 'Service[haproxy]', require: 'Package[haproxy]', diff --git a/spec/defines/log_spec.rb b/spec/defines/log_spec.rb index 74b63ee37..cd7a6694c 100644 --- a/spec/defines/log_spec.rb +++ b/spec/defines/log_spec.rb @@ -4,11 +4,11 @@ describe 'nebula::log' do let(:title) { 'solr' } - let(:params) { + let(:params) do { - files: ["/var/log/solr.log"], + files: ['/var/log/solr.log'], } - } + end on_supported_os.each do |os, os_facts| context "on #{os}" do @@ -16,37 +16,36 @@ it { is_expected.to compile } - it "writes solr log config to solr.alloy" do - is_expected.to contain_file('/etc/alloy/solr.alloy') + it 'writes solr log config to solr.alloy' do + expect(subject).to contain_file('/etc/alloy/solr.alloy') .with_content(%r|loki.source.file "solr_0" {\s+targets\s+= \[{"__path__" = "/var/log/solr.log"}\]\s+forward_to = \[loki.process.service__solr.receiver\]\n}|) .with_content(%r|loki.process "service__solr" {\s+stage.static_labels {values = {"service" = "solr"}}\s+forward_to = \[loki.process.hostname.receiver\]\n}|) end context 'when creating apache log' do let(:title) { 'apache' } - let(:params) { + let(:params) do { - files: ["/var/log/apache.log","/var/log/apache.err"], + files: ['/var/log/apache.log', '/var/log/apache.err'], } - } + end it { is_expected.to compile } it "writes config for 'apache.log' source file to apache.alloy" do - is_expected.to contain_file('/etc/alloy/apache.alloy') + expect(subject).to contain_file('/etc/alloy/apache.alloy') .with_content(%r|loki.source.file "apache_0" {\s+targets\s+= \[{"__path__" = "/var/log/apache.log"}\]\s+forward_to = \[loki.process.service__apache.receiver\]\n}|) end it "writes config for 'apache.err' source file to apache.alloy" do - is_expected.to contain_file('/etc/alloy/apache.alloy') + expect(subject).to contain_file('/etc/alloy/apache.alloy') .with_content(%r|loki.source.file "apache_1" {\s+targets\s+= \[{"__path__" = "/var/log/apache.err"}\]\s+forward_to = \[loki.process.service__apache.receiver\]\n}|) end - it "writes config for apache label to apache.alloy" do - is_expected.to contain_file('/etc/alloy/apache.alloy') + it 'writes config for apache label to apache.alloy' do + expect(subject).to contain_file('/etc/alloy/apache.alloy') .with_content(%r|loki.process "service__apache" {\s+stage.static_labels {values = {"service" = "apache"}}\s+forward_to = \[loki.process.hostname.receiver\]\n}|) end - end end end diff --git a/spec/defines/unison_client_spec.rb b/spec/defines/unison_client_spec.rb index 7130bda0b..55ac5671a 100644 --- a/spec/defines/unison_client_spec.rb +++ b/spec/defines/unison_client_spec.rb @@ -28,13 +28,13 @@ 'ExecStart=/usr/local/bin/unisonsync myinstance', ].each do |line| it do - is_expected.to contain_file('/etc/systemd/system/unison-client-myinstance.service') + expect(subject).to contain_file('/etc/systemd/system/unison-client-myinstance.service') .with_content(%r{^#{line}$}m) end end it 'generates a prf file for unison clients' do - is_expected.to contain_file('/root/.unison/myinstance.prf') + expect(subject).to contain_file('/root/.unison/myinstance.prf') .with_content(%r{root\s+=\s+/myroot}) .with_content(%r{root\s+=\s+socket://somehost.default.invalid:12345/myroot}) .with_content(%r{path\s+=\s+path1}) @@ -51,7 +51,7 @@ end it do - is_expected.to contain_service('unison-client-myinstance') + expect(subject).to contain_service('unison-client-myinstance') .with(enable: true, ensure: 'running') .that_requires('Package[unison]') end @@ -78,7 +78,7 @@ end it 'generates a prf file for unison clients' do - is_expected.to contain_file('/root/.unison/myinstance.prf') + expect(subject).to contain_file('/root/.unison/myinstance.prf') .with_content(%r{root\s+=\s+/myroot}) .with_content(%r{root\s+=\s+socket://somehost.default.invalid:12345/myroot}) .with_content(%r{path\s+=\s+path1}) diff --git a/spec/defines/unison_server_spec.rb b/spec/defines/unison_server_spec.rb index 575741a9b..f8823a087 100644 --- a/spec/defines/unison_server_spec.rb +++ b/spec/defines/unison_server_spec.rb @@ -28,13 +28,13 @@ 'ExecStart=/usr/bin/unison -socket 12345', ].each do |line| it do - is_expected.to contain_file('/etc/systemd/system/unison-myinstance.service') + expect(subject).to contain_file('/etc/systemd/system/unison-myinstance.service') .with_content(%r{^#{line}$}m) end end it do - is_expected.to contain_service('unison-myinstance') + expect(subject).to contain_service('unison-myinstance') .with(enable: true, ensure: 'running') .that_requires('Package[unison]') end diff --git a/spec/defines/virtual_machine_spec.rb b/spec/defines/virtual_machine_spec.rb index 8f99e3e3e..82f4e2d13 100644 --- a/spec/defines/virtual_machine_spec.rb +++ b/spec/defines/virtual_machine_spec.rb @@ -27,13 +27,13 @@ def contain_preseed context 'with nothing but the title "vmname"' do it do - is_expected.to contain_file('/tmp/.virtual.vmname').with( + expect(subject).to contain_file('/tmp/.virtual.vmname').with( ensure: 'directory', ) end it do - is_expected.to contain_preseed.that_requires( + expect(subject).to contain_preseed.that_requires( 'File[/tmp/.virtual.vmname]', ) end @@ -54,25 +54,25 @@ def contain_preseed end it do - is_expected.to contain_package('virtinst').with( + expect(subject).to contain_package('virtinst').with( ensure: 'installed', ) end it do - is_expected.to contain_package('libvirt-clients').with( + expect(subject).to contain_package('libvirt-clients').with( ensure: 'installed', ) end it do - is_expected.to contain_install.that_requires( + expect(subject).to contain_install.that_requires( ['Package[virtinst]', 'Package[libvirt-clients]'], ).with( creates: '/var/lib/libvirt/images/vmname.img', timeout: 600, - path: [ + path: [ '/usr/bin', '/usr/sbin', '/bin', @@ -100,7 +100,7 @@ def contain_preseed end it do - is_expected.to contain_autostart.that_requires( + expect(subject).to contain_autostart.that_requires( 'Exec[nebula::virtual_machine::vmname::virt-install]', ).with( creates: '/etc/libvirt/qemu/autostart/vmname.xml', @@ -128,25 +128,25 @@ def contain_preseed let(:title) { 'secondvm' } it do - is_expected.to contain_file('/tmp/.virtual.secondvm').with( + expect(subject).to contain_file('/tmp/.virtual.secondvm').with( ensure: 'directory', ) end it do - is_expected.to contain_preseed.that_requires( + expect(subject).to contain_preseed.that_requires( 'File[/tmp/.virtual.secondvm]', ) end it do - is_expected.to contain_preseed.with_content( + expect(subject).to contain_preseed.with_content( %r{^d-i netcfg/get_hostname string secondvm\.default\.invalid$}, ) end it do - is_expected.to contain_preseed.with_content( + expect(subject).to contain_preseed.with_content( %r{^d-i netcfg/hostname string secondvm\.default\.invalid$}, ) end @@ -155,37 +155,37 @@ def contain_preseed it { is_expected.to contain_package('libvirt-clients') } it do - is_expected.to contain_install.with_creates( + expect(subject).to contain_install.with_creates( '/var/lib/libvirt/images/secondvm.img', ) end it do - is_expected.to contain_install.with_command( + expect(subject).to contain_install.with_command( %r{ -n 'secondvm'}, ) end it do - is_expected.to contain_install.with_command( + expect(subject).to contain_install.with_command( %r{ --disk '/var/lib/libvirt/images/secondvm\.img,size=[0-9]+'}, ) end it do - is_expected.to contain_install.with_command( + expect(subject).to contain_install.with_command( %r{ --initrd-inject '/tmp/\.virtual\.secondvm/preseed\.cfg'}, ) end it do - is_expected.to contain_autostart.with_creates( + expect(subject).to contain_autostart.with_creates( '/etc/libvirt/qemu/autostart/secondvm.xml', ) end it do - is_expected.to contain_autostart.with_command( + expect(subject).to contain_autostart.with_command( '/usr/bin/virsh autostart secondvm', ) end @@ -195,7 +195,7 @@ def contain_preseed let(:params) { { cpus: 8 } } it do - is_expected.to contain_install.with_command(%r{ --vcpus 8}) + expect(subject).to contain_install.with_command(%r{ --vcpus 8}) end end @@ -209,13 +209,13 @@ def contain_preseed let(:params) { { image_dir: '/libvirt-images' } } it do - is_expected.to contain_install.with_command( + expect(subject).to contain_install.with_command( %r{ --disk '/libvirt-images/vmname.img,size=[0-9]+'}, ) end it do - is_expected.to contain_install.with_creates( + expect(subject).to contain_install.with_creates( '/libvirt-images/vmname.img', ) end @@ -225,13 +225,13 @@ def contain_preseed let(:params) { { image_path: '/mnt/custom.img' } } it do - is_expected.to contain_install.with_command( + expect(subject).to contain_install.with_command( %r{ --disk '/mnt/custom.img,size=[0-9]+'}, ) end it do - is_expected.to contain_install.with_creates( + expect(subject).to contain_install.with_creates( '/mnt/custom.img', ) end @@ -240,11 +240,11 @@ def contain_preseed context 'with image_path and image_dir both set' do let(:params) do { image_path: 'image_path', - image_dir: 'image_dir' } + image_dir: 'image_dir' } end it do - is_expected.to contain_install.with_command( + expect(subject).to contain_install.with_command( %r{ --disk 'image_path,size=[0-9]+'}, ) end @@ -256,7 +256,7 @@ def contain_preseed let(:params) { { disk: 64 } } it do - is_expected.to contain_install.with_command( + expect(subject).to contain_install.with_command( %r{ --disk '[^,']+,size=64'}, ) end @@ -272,7 +272,7 @@ def contain_preseed let(:params) { { autostart_path: '/etc/autostart' } } it do - is_expected.to contain_autostart.with_creates( + expect(subject).to contain_autostart.with_creates( '/etc/autostart/vmname.xml', ) end @@ -332,7 +332,7 @@ def contain_preseed let(:params) { { netmask: '0.0.0.0' } } it do - is_expected.to contain_preseed.with_content( + expect(subject).to contain_preseed.with_content( %r{^d-i netcfg/get_netmask string 0\.0\.0\.0$}, ) end @@ -342,7 +342,7 @@ def contain_preseed let(:params) { { gateway: '10.0.0.1' } } it do - is_expected.to contain_preseed.with_content( + expect(subject).to contain_preseed.with_content( %r{^d-i netcfg/get_gateway string 10\.0\.0\.1$}, ) end @@ -352,7 +352,7 @@ def contain_preseed let(:params) { { nameservers: ['1.2.3.4', '4.3.2.1'] } } it do - is_expected.to contain_preseed.with_content( + expect(subject).to contain_preseed.with_content( %r{^d-i netcfg/get_nameservers string 1\.2\.3\.4 4\.3\.2\.1$}, ) end @@ -375,19 +375,19 @@ def contain_preseed let(:title) { 'myhost.mysub' } it do - is_expected.to contain_preseed.with_content( + expect(subject).to contain_preseed.with_content( %r{^d-i netcfg/get_hostname string myhost\.mysub$}, ) end it do - is_expected.to contain_preseed.with_content( + expect(subject).to contain_preseed.with_content( %r{^d-i netcfg/get_domain string mysub$}, ) end it do - is_expected.to contain_preseed.with_content( + expect(subject).to contain_preseed.with_content( %r{^d-i netcfg/hostname string myhost\.mysub$}, ) end diff --git a/spec/functions/fact_for_spec.rb b/spec/functions/fact_for_spec.rb index 3ae6a7f14..c9d2b9209 100644 --- a/spec/functions/fact_for_spec.rb +++ b/spec/functions/fact_for_spec.rb @@ -24,8 +24,8 @@ let(:fact_value) { 'my_datacenter' } it do - is_expected.to run.with_params('my_node', 'datacenter') - .and_return('my_datacenter') + expect(subject).to run.with_params('my_node', 'datacenter') + .and_return('my_datacenter') end end @@ -35,8 +35,8 @@ let(:fact_value) { { 'ip' => '10.1.2.3' } } it do - is_expected.to run.with_params('node_a', 'networking.ip') - .and_return('10.1.2.3') + expect(subject).to run.with_params('node_a', 'networking.ip') + .and_return('10.1.2.3') end end end diff --git a/spec/functions/is_publicly_accessible_spec.rb b/spec/functions/is_publicly_accessible_spec.rb index 93fa511f0..2444ed96c 100644 --- a/spec/functions/is_publicly_accessible_spec.rb +++ b/spec/functions/is_publicly_accessible_spec.rb @@ -20,7 +20,7 @@ it { is_expected.to run.and_return(false) } - context 'and with a nil ip address' do + context 'with a nil ip address' do let :interfaces do super().merge('hfdlksajh' => { 'ip' => nil }) end @@ -28,14 +28,14 @@ it { is_expected.to run.and_return(false) } end - context 'and with the ip address 12.34.56.78' do + context 'with the ip address 12.34.56.78' do let :interfaces do super().merge('eth1' => { 'ip' => '12.34.56.78' }) end it { is_expected.to run.and_return(true) } - context 'and with a nil ip address' do + context 'with a nil ip address' do let :interfaces do super().merge('hfdlksajh' => { 'ip' => nil }) end @@ -44,7 +44,7 @@ end end - context 'and with the ip address 21.43.65.87' do + context 'with the ip address 21.43.65.87' do let :interfaces do super().merge('eth1' => { 'ip' => '21.43.65.87' }) end diff --git a/spec/functions/nodes_for_class_spec.rb b/spec/functions/nodes_for_class_spec.rb index 5886d31f9..ac5205392 100644 --- a/spec/functions/nodes_for_class_spec.rb +++ b/spec/functions/nodes_for_class_spec.rb @@ -21,8 +21,8 @@ let(:nodes) { %w[node_a node_b] } it do - is_expected.to run.with_params('my_role') - .and_return(%w[node_a node_b]) + expect(subject).to run.with_params('my_role') + .and_return(%w[node_a node_b]) end end @@ -31,18 +31,18 @@ let(:nodes) { %w[node_1 node_2 node_3] } it do - is_expected.to run.with_params('nebula::default') - .and_return(%w[node_1 node_2 node_3]) + expect(subject).to run.with_params('nebula::default') + .and_return(%w[node_1 node_2 node_3]) end end - context 'it returns the nodes sorted by name' do + context 'when nodes node_b, node_a, and node_z have the role My_role' do let(:class_title) { 'My_role' } let(:nodes) { %w[node_b node_a node_z] } - it do - is_expected.to run.with_params('my_role') - .and_return(%w[node_a node_b node_z]) + it 'returns the nodes sorted by name' do + expect(subject).to run.with_params('my_role') + .and_return(%w[node_a node_b node_z]) end end end