Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • cleanup_fixtures
  • add-openvox
  • freebsd-14
  • remove-legacy-top-scope-syntax
  • rel430
  • tests
  • revert-363-augeas-module-cleanup
  • release-4.1.0
  • puppet8
  • relax-dependencies
  • rel400
  • mode
  • puppet7
  • release-3.1.0
  • freebsd13
  • freebsd11
  • stdlib
  • centos
  • fedora
  • v5.1.0
  • v5.0.0
  • v4.5.0
  • v4.4.0
  • v4.3.0
  • v4.2.1
  • v4.2.0
  • v4.1.0
  • v4.0.0
  • v3.1.0
  • v3.0.0
  • v2.0.0
  • 1.12.0
  • 1.11.0
  • 1.10.0
  • 1.9.0
  • 1.8.0
  • 1.7.0
  • 1.6.0
  • 1.5.0
40 results

HISTORY.md

Blame
  • Code owners
    Assign users and groups as approvers for specific file changes. Learn more.
    To find the state of this project's repository at the time of any of these versions, check out the tags.
    freeradius_spec.rb 14.18 KiB
    require 'spec_helper'
    
    describe 'freeradius' do
      on_supported_os.each do |os, os_facts|
        context "on #{os}" do
          include_context 'redhat_params'
    
          let(:facts) { os_facts }
    
          # Empty params hash by default so we can super().merge
          let(:params) { {} }
    
          it do
            is_expected.to contain_file('radiusd.conf')
              .with(
                'group'  => 'radiusd',
                'mode'   => '0644',
                'path'   => '/etc/raddb/radiusd.conf',
                'notify' => 'Service[radiusd]',
                'owner'  => 'root',
              )
              .that_requires('Package[freeradius]')
              .that_requires('Group[radiusd]')
          end
    
          it do
            [
              '/etc/raddb/statusclients.d',
              '/etc/raddb',
              '/etc/raddb/conf.d',
              '/etc/raddb/attr.d',
              '/etc/raddb/users.d',
              '/etc/raddb/policy.d',
              '/etc/raddb/dictionary.d',
              '/etc/raddb/scripts',
              '/etc/raddb/mods-config',
              '/etc/raddb/mods-config/attr_filter',
              '/etc/raddb/mods-config/preprocess',
              '/etc/raddb/mods-config/sql',
              '/etc/raddb/sites-available',
              '/etc/raddb/mods-available',
            ].each do |file|
              is_expected.to contain_file(file)
                .with(
                  'ensure'  => 'directory',
                  'group'   => 'radiusd',
                  'mode'    => '0755',
                  'notify'  => 'Service[radiusd]',
                  'owner'   => 'root',
                )
                .that_requires('Package[freeradius]')
                .that_requires('Group[radiusd]')
            end
          end
    
          it do
            [
              '/etc/raddb/certs',
              '/etc/raddb/clients.d',
              '/etc/raddb/listen.d',
              '/etc/raddb/sites-enabled',
              '/etc/raddb/instantiate',
            ].each do |file|
              is_expected.to contain_file(file)
                .with(
                  'ensure'  => 'directory',
                  'group'   => 'radiusd',
                  'mode'    => '0755',
                  'notify'  => 'Service[radiusd]',
                  'owner'   => 'root',
                  'purge'   => 'true',
                  'recurse' => 'true',
                )
                .that_requires('Package[freeradius]')
                .that_requires('Group[radiusd]')
            end
          end
    
          it do
            is_expected.to contain_concat('/etc/raddb/policy.conf')
              .with(
                'group'   => 'radiusd',
                'mode'    => '0640',
                'notify'  => 'Service[radiusd]',
                'owner'   => 'root',
              )
              .that_requires('Package[freeradius]')
              .that_requires('Group[radiusd]')
          end
    
          it do
            is_expected.to contain_concat__fragment('policy_header')
              .with(
                'content' => 'policy {',
                'order'   => '10',
                'target'  => '/etc/raddb/policy.conf',
              )
          end
    
          it do
            is_expected.to contain_concat__fragment('policy_footer')
              .with(
                'content' => '}',
                'order'   => '99',
                'target'  => '/etc/raddb/policy.conf',
              )
          end
    
          it do
            is_expected.to contain_concat('/etc/raddb/proxy.conf')
              .with(
                'group'   => 'radiusd',
                'mode'    => '0640',
                'notify'  => 'Service[radiusd]',
                'owner'   => 'root',
              )
              .that_requires('Package[freeradius]')
              .that_requires('Group[radiusd]')
          end
    
          it do
            is_expected.to contain_concat__fragment('proxy_header')
              .with(
                'content' => "# Proxy config\n",
                'order'   => '05',
                'target'  => '/etc/raddb/proxy.conf',
              )
          end
    
          it do
            is_expected.to contain_concat('/etc/raddb/mods-available/attr_filter')
              .with(
                'group'   => 'radiusd',
                'mode'    => '0640',
                'notify'  => 'Service[radiusd]',
                'owner'   => 'root',
              )
              .that_requires('Package[freeradius]')
              .that_requires('Group[radiusd]')
          end
    
          it do
            is_expected.to contain_concat__fragment('attr-default')
              .with(
                'order'   => '10',
                'target'  => '/etc/raddb/mods-available/attr_filter',
              )
          end
    
          it do
            is_expected.to contain_concat('/etc/raddb/dictionary')
              .with(
                'group'   => 'radiusd',
                'mode'    => '0644',
                'owner'   => 'root',
              )
              .that_requires('Package[freeradius]')
              .that_requires('Group[radiusd]')
          end
    
          it do
            is_expected.to contain_concat__fragment('dictionary_header')
              .with(
                'order'  => '10',
                'source' => 'puppet:///modules/freeradius/dictionary.header',
                'target' => '/etc/raddb/dictionary',
              )
          end
    
          it do
            is_expected.to contain_concat__fragment('dictionary_footer')
              .with(
                'order'  => '90',
                'source' => 'puppet:///modules/freeradius/dictionary.footer',
                'target' => '/etc/raddb/dictionary',
              )
          end
    
          it do
            is_expected.to contain_package('freeradius')
              .with(
                'ensure' => 'installed',
                'name'   => 'freeradius',
              )
          end
    
          it do
            is_expected.to contain_service('radiusd')
              .with(
                'enable'     => 'true',
                'ensure'     => 'running',
                'hasrestart' => 'true',
                'hasstatus'  => 'true',
                'name'       => 'radiusd',
              )
              .that_requires('Package[freeradius]')
              .that_requires('User[radiusd]')
              .that_requires('Exec[radiusd-config-test]')
              .that_requires('File[radiusd.conf]')
          end
    
          it do
            is_expected.to contain_user('radiusd')
              .with(
                'ensure'  => 'present',
                'groups'  => nil,
              )
              .that_requires('Package[freeradius]')
          end
    
          context 'with winbind support' do
            let(:params) do
              {
                winbind_support: true,
              }
            end
    
            it do
              is_expected.to contain_user('radiusd')
                .with(
                  'groups'  => 'wbpriv',
                )
            end
          end
    
          it do
            is_expected.to contain_group('radiusd')
              .with(
                'ensure' => 'present',
              )
              .that_requires('Package[freeradius]')
          end
    
          it do
            is_expected.to contain_freeradius__module('always')
              .with_preserve(true)
          end
    
          it do
            is_expected.to contain_freeradius__module('detail')
              .with_preserve(true)
          end
    
          it do
            is_expected.to contain_freeradius__module('detail.log')
              .with_preserve(true)
          end
    
          it do
            [
              '/var/log/radius',
              '/var/log/radius/radacct',
            ].each do |file|
              is_expected.to contain_file(file)
                .with(
                  'mode'    => '0750',
                  'owner' => 'radiusd',
                  'group' => 'radiusd',
                )
                .that_requires('Package[freeradius]')
            end
          end
    
          it do
            is_expected.to contain_file('/var/log/radius/radius.log')
              .with(
                'group'   => 'radiusd',
                'owner'   => 'radiusd',
                'seltype' => 'radiusd_log_t',
              )
              .that_requires('Package[freeradius]')
              .that_requires('User[radiusd]')
              .that_requires('Group[radiusd]')
          end
    
          it do
            is_expected.to contain_logrotate__rule('radacct')
              .with(
                'compress'      => 'true',
                'create'        => 'false',
                'missingok'     => 'true',
                'path'          => '/var/log/radius/radacct/*/*.log',
                'postrotate'    => 'kill -HUP `cat /var/run/radiusd/radiusd.pid`',
                'rotate'        => '7',
                'rotate_every'  => 'day',
                'sharedscripts' => 'true',
              )
          end
    
          it do
            is_expected.to contain_logrotate__rule('checkrad')
              .with(
                'compress'      => 'true',
                'create'        => 'true',
                'missingok'     => 'true',
                'path'          => '/var/log/radius/checkrad.log',
                'postrotate'    => 'kill -HUP `cat /var/run/radiusd/radiusd.pid`',
                'rotate'        => '1',
                'rotate_every'  => 'week',
                'sharedscripts' => 'true',
              )
          end
    
          it do
            is_expected.to contain_logrotate__rule('radiusd')
              .with(
                'compress'      => 'true',
                'create'        => 'true',
                'missingok'     => 'true',
                'path'          => '/var/log/radius/radius*.log',
                'postrotate'    => 'kill -HUP `cat /var/run/radiusd/radiusd.pid`',
                'rotate'        => '26',
                'rotate_every'  => 'week',
                'sharedscripts' => 'true',
              )
          end
    
          it do
            [
              '/etc/raddb/certs/dh',
              '/etc/raddb/certs/random',
            ].each do |file|
              is_expected.to contain_file(file)
                .that_requires('Exec[dh]')
                .that_requires('Exec[random]')
            end
          end
    
          it do
            is_expected.to contain_exec('dh')
              .with(
                'command' => 'openssl dhparam -out /etc/raddb/certs/dh 1024',
                'creates' => '/etc/raddb/certs/dh',
                'path'    => '/usr/bin',
              )
              .that_requires('File[/etc/raddb/certs]')
          end
    
          it do
            is_expected.to contain_exec('random')
              .with(
                'command' => 'dd if=/dev/urandom of=/etc/raddb/certs/random count=10 >/dev/null 2>&1',
                'creates' => '/etc/raddb/certs/random',
                'path'    => '/bin',
              )
              .that_requires('File[/etc/raddb/certs]')
          end
    
          it do
            is_expected.to contain_exec('radiusd-config-test')
              .with(
                'command'     => 'sudo radiusd -XC | grep \'Configuration appears to be OK.\' | wc -l',
                'logoutput'   => 'on_failure',
                'path'        => ['/bin/', '/sbin/', '/usr/bin/', '/usr/sbin/'],
                'refreshonly' => 'true',
                'returns'     => '0',
              )
          end
    
          it do
            [
              '/etc/raddb/clients.conf',
              '/etc/raddb/sql.conf',
            ].each do |file|
              is_expected.to contain_file(file)
                .with(
                  'content' => "# FILE INTENTIONALLY BLANK\n",
                  'group'   => 'radiusd',
                  'mode'    => '0644',
                  'notify'  => 'Service[radiusd]',
                  'owner'   => 'root',
                )
                .that_requires('Package[freeradius]')
                .that_requires('Group[radiusd]')
            end
          end
    
          context 'with mysql' do
            let(:params) do
              super().merge(
                'mysql_support' => true,
              )
            end
    
            it do
              is_expected.to contain_package('freeradius-mysql')
                .with(
                  'ensure' => 'installed',
                )
            end
          end
    
          context 'with pgsql' do
            let(:params) do
              super().merge(
                'pgsql_support' => true,
              )
            end
    
            it do
              is_expected.to contain_package('freeradius-postgresql')
                .with(
                  'ensure' => 'installed',
                )
            end
          end
    
          context 'with perl' do
            let(:params) do
              super().merge(
                'perl_support' => true,
              )
            end
    
            it do
              is_expected.to contain_package('freeradius-perl')
                .with(
                  'ensure' => 'installed',
                )
            end
          end
    
          context 'with utils' do
            let(:params) do
              super().merge(
                'utils_support' => true,
              )
            end
    
            it do
              is_expected.to contain_package('freeradius-utils')
                .with(
                  'ensure' => 'installed',
                )
            end
          end
    
          context 'with ldap' do
            let(:params) do
              super().merge(
                'ldap_support' => true,
              )
            end
    
            it do
              is_expected.to contain_package('freeradius-ldap')
                .with(
                  'ensure' => 'installed',
                )
            end
          end
    
          context 'with dhcp' do
            let(:params) do
              super().merge(
                'dhcp_support' => true,
              )
            end
    
            it do
              is_expected.to contain_package('freeradius-dhcp')
                .with(
                  'ensure' => 'installed',
                )
            end
          end
    
          context 'with krb5' do
            let(:params) do
              super().merge(
                'krb5_support' => true,
              )
            end
    
            it do
              is_expected.to contain_package('freeradius-krb5')
                .with(
                  'ensure' => 'installed',
                )
            end
          end
    
          context 'with wpa_supplicant' do
            let(:params) do
              super().merge(
                'wpa_supplicant' => true,
              )
            end
    
            it do
              is_expected.to contain_package('wpa_supplicant')
                .with(
                  'ensure' => 'installed',
                  'name'   => 'wpa_supplicant',
                )
            end
          end
    
          context 'with syslog' do
            let(:params) do
              super().merge(
                'syslog' => true,
              )
            end
    
            it do
              is_expected.to contain_rsyslog__snippet('12-radiusd-log')
                .with(
                  'content' => %r{^if \$programname == \'radiusd\' then /var/log/radius/radius.log},
                )
            end
          end
    
          case os_facts[:osfamily]
          when 'Redhat'
            it do
              is_expected.to contain_exec('delete-radius-rpmnew')
                .with(
                  'command' => 'find /etc/raddb -name *.rpmnew -delete',
                  'onlyif'  => 'find /etc/raddb -name *.rpmnew | grep rpmnew',
                  'path'    => ['/bin/', '/sbin/', '/usr/bin/', '/usr/sbin/'],
                )
            end
    
            it do
              is_expected.to contain_exec('delete-radius-rpmsave')
                .with(
                  'command' => 'find /etc/raddb -name *.rpmsave -delete',
                  'onlyif'  => 'find /etc/raddb -name *.rpmsave | grep rpmsave',
                  'path'    => ['/bin/', '/sbin/', '/usr/bin/', '/usr/sbin/'],
                )
            end
          end
        end
      end
    end