Skip to content

GitLab

P
puppet-freeipa
Commit 7681745f authored by Scott Barthelemy's avatar Scott Barthelemy
Browse files
Options

Changed few parameters type to use more precise ones. Updated test unit and module accordingly

parent 3eb9883e
Hide whitespace changes
Inline Side-by-side
Showing with 57 additions and 130 deletions
REFERENCE.md
View file @ 7681745f
......@@ -54,7 +54,7 @@ The following parameters are available in the `freeipa` class.
##### `domain`
Data type: `String`
Data type: `Stdlib::Fqdn`
The name of the IPA domain to create or join.
......@@ -246,15 +246,15 @@ Default value: `true`
##### `ip_address`
Data type: `String`
Data type: `Stdlib::IP::Address::V4`
IP address to pass to the IPA installer.
Default value: ''
Default value: '0.0.0.0'
##### `ipa_server_fqdn`
Data type: `String`
Data type: `Stdlib::Fqdn`
Actual fqdn of the IPA server or client.
......@@ -278,11 +278,11 @@ Default value: $::osfamily
##### `ipa_master_fqdn`
Data type: `String`
Data type: `Stdlib::Fqdn`
FQDN of the server to use for a client or replica domain join.
Default value: ''
Default value: 'default'
##### `manage_host_entry`
......@@ -310,11 +310,11 @@ Default value: `false`
##### `realm`
Data type: `String`
Data type: `Stdlib::Fqdn`
The name of the IPA realm to create or join.
Default value: ''
Default value: 'default'
##### `server_install_ldaputils`
......@@ -366,7 +366,7 @@ Default value: `false`
##### `webui_proxy_external_fqdn`
Data type: `String`
Data type: `Stdlib::Fqdn`
The public or external FQDN used to access the IPA Web UI behind the reverse proxy.
......
manifests/init.pp
View file @ 7681745f
......@@ -58,60 +58,60 @@
#
#
class freeipa (
String $domain = 'default',
String $ipa_role = 'default',
String $admin_password = '',
String $directory_services_password = '',
String $autofs_package_name = 'autofs',
Boolean $client_install_ldaputils = false,
Boolean $configure_dns_server = true,
Boolean $configure_ntp = true,
Array[String] $custom_dns_forwarders = [],
String $domain_join_principal = '',
String $domain_join_password = '',
Boolean $enable_hostname = true,
Boolean $enable_ip_address = false,
Boolean $fixed_primary = false,
Integer $idstart = 10000,
Boolean $install_autofs = false,
Boolean $install_epel = true,
Boolean $install_kstart = true,
Boolean $install_sssdtools = true,
String $ipa_client_package_name = $::osfamily ? {
Stdlib::Fqdn $domain = 'default',
String $ipa_role = 'default',
String $admin_password = '',
String $directory_services_password = '',
String $autofs_package_name = 'autofs',
Boolean $client_install_ldaputils = false,
Boolean $configure_dns_server = true,
Boolean $configure_ntp = true,
Array[String] $custom_dns_forwarders = [],
String $domain_join_principal = '',
String $domain_join_password = '',
Boolean $enable_hostname = true,
Boolean $enable_ip_address = false,
Boolean $fixed_primary = false,
Integer $idstart = 10000,
Boolean $install_autofs = false,
Boolean $install_epel = true,
Boolean $install_kstart = true,
Boolean $install_sssdtools = true,
String $ipa_client_package_name = $::osfamily ? {
'Debian' => 'freeipa-client',
default => 'ipa-client',
},
String $ipa_server_package_name = 'ipa-server',
Boolean $install_ipa_client = true,
Boolean $install_ipa_server = true,
Boolean $install_sssd = true,
String $ip_address = '',
String $ipa_server_fqdn = $::fqdn,
String $kstart_package_name = 'kstart',
String $ldaputils_package_name = $::osfamily ? {
String $ipa_server_package_name = 'ipa-server',
Boolean $install_ipa_client = true,
Boolean $install_ipa_server = true,
Boolean $install_sssd = true,
Stdlib::IP::Address::V4 $ip_address = '0.0.0.0',
Stdlib::Fqdn $ipa_server_fqdn = $::fqdn,
String $kstart_package_name = 'kstart',
String $ldaputils_package_name = $::osfamily ? {
'Debian' => 'ldap-utils',
default => 'openldap-clients',
},
String $ipa_master_fqdn = '',
Boolean $manage_host_entry = false,
Boolean $mkhomedir = true,
Boolean $no_ui_redirect = false,
String $realm = '',
Boolean $server_install_ldaputils = true,
String $sssd_package_name = 'sssd-common',
String $sssdtools_package_name = 'sssd-tools',
Boolean $webui_disable_kerberos = false,
Boolean $webui_enable_proxy = false,
Boolean $webui_force_https = false,
String $webui_proxy_external_fqdn = 'localhost',
String $webui_proxy_https_port = '8440',
Stdlib::Fqdn $ipa_master_fqdn = 'default',
Boolean $manage_host_entry = false,
Boolean $mkhomedir = true,
Boolean $no_ui_redirect = false,
Stdlib::Fqdn $realm = 'default',
Boolean $server_install_ldaputils = true,
String $sssd_package_name = 'sssd-common',
String $sssdtools_package_name = 'sssd-tools',
Boolean $webui_disable_kerberos = false,
Boolean $webui_enable_proxy = false,
Boolean $webui_force_https = false,
Stdlib::Fqdn $webui_proxy_external_fqdn = 'localhost',
String $webui_proxy_https_port = '8440',
) {
if $facts['kernel'] != 'Linux' or $facts['osfamily'] == 'Windows' {
fail('This module is only supported on Linux.')
}
if $realm != '' {
if $realm != 'default'{
$final_realm = $realm
} else {
$final_realm = upcase($domain)
......
manifests/validate_params.pp
View file @ 7681745f
......@@ -14,33 +14,17 @@ class freeipa::validate_params {
default: {fail('The parameter ipa_role must be set to client, master, or replica.')}
}
if $freeipa::ip_address != '' {
# TODO: validate_legacy
if !is_ipv4_address($freeipa::ip_address) {
fail('The parameter ip_address must pass validation as an IPv4 address.')
}
}
if $freeipa::manage_host_entry {
if $freeipa::ip_address == '' {
if $freeipa::ip_address == '0.0.0.0' {
fail('When using the parameter manage_host_entry, the parameter ip_address is mandatory.')
}
}
if $freeipa::idstart < 10000 {
fail('Parameter "idstart" must be an integer greater than 10000.')
}
# TODO: validate_legacy
if ! is_domain_name($freeipa::domain) {
fail('The parameter \'domain\' must pass validation as a domain name.')
}
# TODO: validate_legacy
if ! is_domain_name($freeipa::final_realm) {
fail('The parameter \'realm\' must pass validation as a domain name.')
}
if $freeipa::ipa_role == 'master' {
if length($freeipa::admin_password) < 8 {
fail('When ipa_role is set to master, the parameter admin_password must be populated and at least of length 8.')
......@@ -56,11 +40,8 @@ must be populated and at least of length 8."
if $freeipa::ipa_role != 'master' { # if replica or client
# TODO: validate_legacy
if $freeipa::ipa_master_fqdn == ''{
fail("When creating a ${freeipa::ipa_role} the parameter named ipa_master_fqdn cannot be empty.")
} elsif !is_domain_name($freeipa::ipa_master_fqdn) {
fail('The parameter \'ipa_master_fqdn\' must pass validation as a domain name.')
if $freeipa::ipa_master_fqdn == 'default'{
fail("When creating a ${freeipa::ipa_role} the parameter named ipa_master_fqdn must be set.")
}
if $freeipa::final_domain_join_password == '' {
......
spec/classes/init_spec.rb
View file @ 7681745f
......@@ -105,47 +105,6 @@ describe 'freeipa', type: :class do
it { is_expected.to raise_error(Puppet::Error, %r{populated and at least of length 8}) }
end
context 'with bad ip_address' do
let :params do
{
ipa_role: 'master',
domain: 'rspec.example.lan',
admin_password: 'rspecrspec123',
directory_services_password: 'rspecrspec123',
ip_address: 'not_an_ip'
}
end
it { is_expected.to raise_error(Puppet::Error, %r{parameter ip_address must pass validation}) }
end
context 'with bad domain' do
let :params do
{
ipa_role: 'master',
domain: 'not_a_domain',
admin_password: 'rspecrspec123',
directory_services_password: 'rspecrspec123'
}
end
it { is_expected.to raise_error(Puppet::Error, %r{must pass validation as a domain name}) }
end
context 'with bad realm' do
let :params do
{
ipa_role: 'master',
domain: 'rspec.example.lan',
realm: 'not_a_realm',
admin_password: 'rspecrspec123',
directory_services_password: 'rspecrspec123'
}
end
it { is_expected.to raise_error(Puppet::Error, %r{must pass validation as a domain name}) }
end
end
context 'as replica' do
......@@ -191,20 +150,7 @@ describe 'freeipa', type: :class do
}
end
it { is_expected.to raise_error(Puppet::Error, %r{parameter named ipa_master_fqdn cannot be empty}) }
end
context 'with bad ipa_master_fqdn' do
let :params do
{
ipa_role: 'replica',
domain: 'rspec.example.lan',
ipa_master_fqdn: 'not_an_fqdn',
domain_join_password: 'rspecrspec123'
}
end
it { is_expected.to raise_error(Puppet::Error, %r{pass validation as a domain name}) }
it { is_expected.to raise_error(Puppet::Error, %r{parameter named ipa_master_fqdn must be set}) }
end
context 'missing domain_join_password' do
......@@ -271,7 +217,7 @@ describe 'freeipa', type: :class do
}
end
it { is_expected.to raise_error(Puppet::Error, %r{parameter named ipa_master_fqdn cannot be empty}) }
it { is_expected.to raise_error(Puppet::Error, %r{parameter named ipa_master_fqdn must be set}) }
end
context 'missing domain_join_password' do
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment