(FM-7115) return device certficate with task results

Refactor acceptance tests. Move acceptance 'run' tests out of configure_spec.rb. Test the fingerprint in the run task results.
puppetlabs · Jun 27, 2018 · ced4738 · ced4738
1 parent 5f2d29f
commit ced4738
Show file tree

Hide file tree

Showing 4 changed files with 122 additions and 83 deletions.
diff --git a/spec/acceptance/configure_spec.rb b/spec/acceptance/configure_spec.rb
@@ -1,11 +1,18 @@
 require 'spec_helper_acceptance'
 
 describe 'configure' do
-  context 'basic setup' do
-    it 'edit site.pp and run the agent' do
+  context 'device management' do
+    it 'define device management in site.pp on the master' do
       fqdn = fact('fqdn')
-      pp = <<-EOS
+
+      manifest = <<-EOS
   node '#{fqdn}' {
+    device_manager {'bigip.example.com':
+      type         => 'f5',
+      url          => 'https://admin:[email protected]/',
+      run_interval => 30,
+    }
+
     device_manager {'cisco.example.com':
       type        => 'cisco_ios',
       credentials => {
@@ -16,49 +23,42 @@
         enable_password => 'eq3e2jM6m8AVvT9',
       },
     }
-    device_manager {'bigip.example.com':
-      type         => 'f5',
-      url          => 'https://admin:[email protected]/',
-      run_interval => 30,
-    }
   }
   node default {}
       EOS
-      make_site_pp(pp)
-      run_agent(allow_changes: true)
-      run_agent(allow_changes: false)
+
+      define_site_pp(manifest)
+    end
+
+    it 'define device management on the proxy agent' do
+      run_puppet_agent(allow_changes: true)
+      run_puppet_agent(allow_changes: false)
     end
 
-    # check device.conf is created
     describe file('/etc/puppetlabs/puppet/device.conf') do
       it { is_expected.to be_file }
-      it { is_expected.to contain %r{[cisco.example.com]} }
-      it { is_expected.to contain %r{type cisco_ios} }
       it { is_expected.to contain %r{[bigip.example.com]} }
       it { is_expected.to contain %r{type f5} }
+      it { is_expected.to contain %r{[cisco.example.com]} }
+      it { is_expected.to contain %r{type cisco_ios} }
     end
-  end
 
-  context 'puppet device' do
-    it 'generate and sign a certificate request' do
-      run_cert_reset('cisco.example.com')
-      run_device_generate_csr('cisco.example.com')
-      run_cert_sign('cisco.example.com')
+    describe file('/etc/puppetlabs/puppet/devices/cisco.example.com.conf') do
+      it { is_expected.to be_file }
+      it { is_expected.to contain %r{address} }
     end
-    it 'runs puppet device' do
-      run_device('cisco.example.com', allow_changes: false)
+
+    it 'cron for device with run_interval on the proxy agent' do
+      result = on(default, 'crontab -l').stdout
+      expect(result).to match(%r{puppet device})
+      expect(result).to match(%r{bigip.example.com})
     end
   end
 
-  context 'puppet device tasks' do
-    it 'puppet task run' do
-      # PE vs FOSS
-      ENV['PUPPET_INSTALL_TYPE'] = 'pe'
-      run_puppet_access_login(user: 'admin')
-      proxy_cert_name = fact('fqdn')
-      device_cert_name = 'cisco.example.com'
-      # TODO: Read the default certificate fingerprint and add to regex below.
-      run_and_expect(proxy_cert_name, device_cert_name, [%r{status : success}, %r{fingerprint :}])
+  context 'device certificate' do
+    it 'purge device on the master and the proxy agent' do
+      run_puppet_node_purge('cisco.example.com')
+      reset_agent_device_cache('cisco.example.com')
     end
   end
 end
diff --git a/spec/acceptance/nodesets/vmpooler.yml b/spec/acceptance/nodesets/vmpooler.yml
@@ -7,7 +7,7 @@ HOSTS:
     pe_upgrade_ver:
     hypervisor: vmpooler
 #    hypervisor: none
-#    ip: yxmxcyvku5wpcnc.delivery.puppetlabs.net
+#    ip: xxxxxxxxxxxxxxx.delivery.puppetlabs.net
     platform: el-7-x86_64
     template: centos-7-x86_64
     roles:
@@ -20,4 +20,4 @@ CONFIG:
   consoleport: 443
   pooling_api: http://vmpooler.delivery.puppetlabs.net/
   ssh:
-    keys: "~/.ssh/id_rsa-acceptance"
+    keys: "~/.ssh/id_rsa-acceptance"
diff --git a/spec/acceptance/run_spec.rb b/spec/acceptance/run_spec.rb
@@ -0,0 +1,27 @@
+require 'spec_helper_acceptance'
+
+describe 'run' do
+  context 'puppet device' do
+    it 'generate certificate request for device on the proxy agent' do
+      run_puppet_device_generate_csr('cisco.example.com')
+    end
+    it 'sign certificate request on the master' do
+      run_puppet_cert_sign('cisco.example.com')
+    end
+    it 'run puppet device on the proxy agent' do
+      run_puppet_device('cisco.example.com', allow_changes: false)
+    end
+  end
+
+  context 'puppet task' do
+    it 'run_puppet_device' do
+      host_cert_name = fact('fqdn')
+      device_cert_name = 'cisco.example.com'
+      params = "target=#{device_cert_name}"
+      device_cert_fingerprint = run_puppet_cert_fingerprint(device_cert_name)
+      result = run_puppet_task(task_name: 'device_manager::run_puppet_device', host: host_cert_name, params: params)
+      expect(result).to match(%r{status : success})
+      expect(result).to match(%r{fingerprint : #{device_cert_fingerprint}})
+    end
+  end
+end
diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb
@@ -5,51 +5,80 @@
 require 'beaker/module_install_helper'
 require 'pry'
 
-run_puppet_install_helper
-install_module_on(hosts)
-install_module_dependencies_on(hosts)
+unless ENV['BEAKER_provision'] == 'no'
+  run_puppet_install_helper
+  install_module_on(hosts)
+  install_module_dependencies_on(hosts)
+end
 
-def make_site_pp(pp)
-  base_path = '/etc/puppetlabs/code/environments/production/'
-  path = File.join(base_path, 'manifests')
+RSpec.configure do |c|
+  c.before :suite do
+    run_puppet_access_login(user: 'admin')
+    unless ENV['BEAKER_TESTMODE'] == 'local'
+      unless ENV['BEAKER_provision'] == 'no'
+        install_module_from_forge('puppetlabs-cisco_ios', '0.2.0')
+        install_module_from_forge('f5-f5', '1.8.0')
+      end
+      hosts.each do |host|
+      end
+    end
+  end
+end
+
+def define_site_pp(manifest)
+  path = '/etc/puppetlabs/code/environments/production/manifests'
   on master, "mkdir -p #{path}"
-  create_remote_file(master, File.join(path, 'site.pp'), pp)
-  return if ENV['PUPPET_INSTALL_TYPE'] != 'foss'
-  on master, "chown -R #{master['user']}:#{master['group']} #{path}"
-  on master, "chmod -R 0755 #{path}"
-  on master, "service #{master['puppetservice']} restart"
-  wait_for_master(3)
+  create_remote_file(master, File.join(path, 'site.pp'), manifest)
+  if ENV['PUPPET_INSTALL_TYPE'] == 'foss'
+    on master, "chown -R #{master['user']}:#{master['group']} #{path}"
+    on master, "chmod -R 0755 #{path}"
+    on master, "service #{master['puppetservice']} restart"
+    wait_for_master(3)
+  end
 end
 
-def run_agent(options = { allow_changes: true })
-  acceptable_exit_codes = (options[:allow_changes] == false) ? 0 : [0, 2]
-  on(default, puppet('agent', '-t'), acceptable_exit_codes: acceptable_exit_codes)
+def run_puppet_node_purge(cert_name)
+  on(master, puppet('node', 'purge', cert_name), acceptable_exit_codes: [0, 1]).stdout
 end
 
-def run_device_generate_csr(cert_name)
-  acceptable_exit_codes = 1
-  on(default, puppet('device', '--verbose', '--trace', '--waitforcert=0', '--target', cert_name), acceptable_exit_codes: acceptable_exit_codes) do |result|
-    expect(result.stdout).to match(%r{Exiting; no certificate found and waitforcert is disabled})
+def run_puppet_cert_sign(cert_name = nil)
+  if cert_name
+    on(master, puppet('cert', 'sign', cert_name), acceptable_exit_codes: [0, 1]).stdout
+  else
+    on(master, puppet('cert', 'sign', '--all'), acceptable_exit_codes: [0, 1]).stdout
+  end
+end
+
+def run_puppet_cert_fingerprint(cert_name)
+  fingerprint = nil
+  result = on(master, puppet('cert', 'fingerprint', cert_name), acceptable_exit_codes: 0).stdout
+  if (matched = result.chomp.match(%r{\(\w+\) (?<fingerprint>.*)$}))
+    fingerprint = matched[:fingerprint]
   end
+  fingerprint
 end
 
-def run_cert_reset(cert_name)
-  on master, "puppet node purge #{cert_name}"
+def reset_agent_device_cache(cert_name)
   on default, "rm -rf /opt/puppetlabs/puppet/cache/devices/#{cert_name}"
 end
 
-def run_cert_sign(cert_name = nil)
-  if cert_name
-    on(master, puppet('cert', 'sign', '--debug', cert_name), acceptable_exit_codes: [0, 1]).stdout
-  else
-    on(master, puppet('cert', 'sign', '--all', '--debug'), acceptable_exit_codes: [0, 1]).stdout
+def run_puppet_agent(options = { allow_changes: true })
+  acceptable_exit_codes = (options[:allow_changes] == false) ? 0 : [0, 2]
+  on(default, puppet('agent', '-t'), acceptable_exit_codes: acceptable_exit_codes)
+end
+
+def run_puppet_device_generate_csr(cert_name)
+  acceptable_exit_codes = 1
+  on(default, puppet('device', '--verbose', '--waitforcert=0', '--target', cert_name), acceptable_exit_codes: acceptable_exit_codes) do |result|
+    expect(result.stdout).to match(%r{Exiting; no certificate found and waitforcert is disabled})
   end
 end
 
-def run_device(cert_name, options = { allow_changes: true })
+# Use '--trace', '--color', 'false' for more information.
+
+def run_puppet_device(cert_name, options = { allow_changes: true })
   acceptable_exit_codes = (options[:allow_changes] == false) ? 0 : [0, 2]
-  on(default, puppet('device', '--verbose', '--trace', '--waitforcert=0', '--target', cert_name), acceptable_exit_codes: acceptable_exit_codes) do |result|
-    # on(default, puppet('device','--verbose','--color','false','--user','root','--trace','--server',master.to_s), { :acceptable_exit_codes => acceptable_exit_codes }) do |result|
+  on(default, puppet('device', '--verbose', '--waitforcert=0', '--target', cert_name), acceptable_exit_codes: acceptable_exit_codes) do |result|
     if options[:allow_changes] == false
       expect(result.stdout).not_to match(%r{^Notice: /Stage\[main\]})
     end
@@ -58,27 +87,10 @@ def run_device(cert_name, options = { allow_changes: true })
   end
 end
 
-def run_and_expect(proxy_cert_name, device_cert_name, regexes)
-  expect_multiple_regexes(result: run_task(task_name: 'device_manager::run_puppet_device', host: proxy_cert_name, params: "target=#{device_cert_name}"), regexes: regexes)
-end
-
-def run_resource(cert_name, resource_type, resource_title = nil)
+def run_puppet_device_resource(cert_name, resource_type, resource_title = nil)
   if resource_title
-    on(master, puppet('device', '--target', cert_name, '--resource', resource_type, resource_title, '--trace'), acceptable_exit_codes: [0, 1]).stdout
+    on(default, puppet('device', '--trace', '--target', cert_name, '--resource', resource_type, resource_title), acceptable_exit_codes: [0, 1]).stdout
   else
-    on(master, puppet('device', '--target', cert_name, '--resource', resource_type, '--trace'), acceptable_exit_codes: [0, 1]).stdout
-  end
-end
-
-RSpec.configure do |c|
-  c.before :suite do
-    unless ENV['BEAKER_TESTMODE'] == 'local'
-      unless ENV['BEAKER_provision'] == 'no'
-        install_module_from_forge('puppetlabs-cisco_ios', '0.2.0')
-        install_module_from_forge('f5-f5', '1.8.0')
-      end
-      hosts.each do |host|
-      end
-    end
+    on(default, puppet('device', '--trace', '--target', cert_name, '--resource', resource_type), acceptable_exit_codes: [0, 1]).stdout
   end
-end
+end