opendev/puppet-cgit
Code Issues Proposed changes
puppet-cgit/spec/acceptance/basic_spec.rb
Ian Wienand ff79f6a790 Replace openstack.org git:// URLs with https:// 
This is a mechanically generated change to replace openstack.org
git:// URLs with https:// equivalents.

This is in aid of a planned future move of the git hosting
infrastructure to a self-hosted instance of gitea (https://gitea.io),
which does not support the git wire protocol at this stage.

This update should result in no functional change.

For more information see the thread at

 http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003825.html

Change-Id: I8f5c94b34373cb0cc7696e0a19168db186e8164e
2019-03-24 20:35:37 +00:00

280 lines
7.8 KiB
Ruby
Raw Blame History

require 'puppet-openstack_infra_spec_helper/spec_helper_acceptance'
describe 'puppet-cgit module', :if => ['fedora', 'redhat'].include?(os[:family]) do
def pp_path
base_path = File.dirname(__FILE__)
File.join(base_path, 'fixtures')
end
def preconditions_puppet_module
module_path = File.join(pp_path, 'preconditions.pp')
File.read(module_path)
end
def default_puppet_module
module_path = File.join(pp_path, 'default.pp')
File.read(module_path)
end
before(:all) do
apply_manifest(preconditions_puppet_module, catch_failures: true)
end
it 'should work with no errors' do
apply_manifest(default_puppet_module, catch_failures: true)
end
it 'should be idempotent' do
apply_manifest(default_puppet_module, catch_changes: true)
end
describe 'cgit server' do
describe 'running web server' do
describe command('curl http://localhost/cgit') do
its(:stdout) { should include 'OpenStack git repository browser' }
end
describe command('curl --insecure https://localhost/cgit') do
its(:stdout) { should include 'OpenStack git repository browser' }
end
describe port(80) do
it { should be_listening }
end
describe port(443) do
it { should be_listening }
end
describe port(9418) do
it { should be_listening }
end
describe service('httpd') do
it { should be_enabled }
it { should be_running }
end
end
describe service('git-daemon.socket'), :if => ['fedora', 'redhat'].include?(os[:family]) && os[:release] >= '7' do
it { should be_enabled }
it { should be_running }
end
describe service('git-daemon'), :if => ['fedora', 'redhat'].include?(os[:family]) && os[:release] < '7' do
it { should be_enabled }
it { should be_running }
end
end
describe 'required users and groups' do
describe user('cgit') do
it { should exist }
it { should belong_to_group 'cgit' }
end
describe group('cgit') do
it { should exist }
end
describe user('git') do
it { should exist }
it { should belong_to_group 'git' }
end
describe group('git') do
it { should exist }
end
end
describe 'required os packages' do
required_packages = [
package('mod_ldap'),
package('cgit'),
package('git-daemon'),
package('highlight'),
]
required_packages.each do |package|
describe package do
it { should be_installed }
end
end
end
describe 'required files' do
required_directories = [
file('/home/cgit'),
file('/var/lib/git'),
]
required_directories.each do |directory|
describe directory do
it { should be_directory }
it { should be_owned_by 'cgit' }
it { should be_grouped_into 'cgit' }
end
end
required_directories = [
file('/var/www/cgit'),
file('/var/www/cgit/static'),
]
required_directories.each do |directory|
describe directory do
it { should be_directory }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
end
end
describe file('/var/lib/git/p') do
it { should be_linked_to '/var/lib/git' }
end
describe file('/usr/lib/systemd/system/git-daemon.socket'), :if => ['fedora', 'redhat'].include?(os[:family]) && os[:release] >= '7' do
it { should be_file }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
its(:content) { should include 'ListenStream=9418' }
end
describe file('/usr/lib/systemd/system/git-daemon@.service'), :if => ['fedora', 'redhat'].include?(os[:family]) && os[:release] >= '7' do
it { should be_file }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
its(:content) { should include 'Wants=git-daemon.socket' }
end
describe file('/etc/init.d/git-daemon'), :if => ['fedora', 'redhat'].include?(os[:family]) && os[:release] < '7' do
it { should be_file }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
its(:content) { should include 'DAEMON=/usr/libexec/git-core/git-daemon' }
its(:content) { should include 'PORT=9418' }
end
describe file('/etc/pki/tls/certs/localhost.pem') do
it { should be_file }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
end
describe file('/etc/pki/tls/private/localhost.key') do
it { should be_file }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
end
describe file('/etc/cgitrc') do
it { should be_file }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
its(:content) { should include 'clone-prefix=https://git.openstack.org https://git.openstack.org' }
end
describe file('/var/lib/git/.ssh/authorized_keys') do
it { should be_file }
it { should be_owned_by 'git' }
it { should be_mode '640' } # Authorized keys file should have a restrict permission
its(:content) { should include 'ssh-key 1a2b3c4d5e' }
end
describe file('/etc/httpd/conf/httpd.conf') do
it { should be_file }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
its(:content) { should include 'Listen 80' }
end
describe file('/etc/httpd/conf.d/ssl.conf') do
it { should be_file }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
its(:content) { should include 'Listen 443' }
end
vhost_content = '<VirtualHost *:80>
ServerName localhost
ServerAdmin webmaster@localhost
Alias /cgit-data /usr/share/cgit
ScriptAlias /cgit /var/www/cgi-bin/cgit
Alias /static /var/www/cgit/static
RewriteEngine On
RewriteRule ^/$ /cgit [R]
SetEnv GIT_PROJECT_ROOT /var/lib/git
SetEnv GIT_HTTP_EXPORT_ALL
SetEnv GIT_NOTES_DISPLAY_REF refs/notes/*
SetEnv CGIT_CONFIG /etc/cgitrc
AliasMatch ^/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ /var/lib/git/$1
AliasMatch ^/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /var/lib/git/$1
ScriptAlias / /usr/libexec/git-core/git-http-backend/
ErrorLog /var/log/httpd/localhost-error.log
LogLevel warn
CustomLog /var/log/httpd/localhost-access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerName localhost
ServerAdmin webmaster@localhost
Alias /cgit-data /usr/share/cgit
ScriptAlias /cgit /var/www/cgi-bin/cgit
Alias /static /var/www/cgit/static
RewriteEngine On
RewriteRule ^/$ /cgit [R]
SetEnv GIT_PROJECT_ROOT /var/lib/git
SetEnv GIT_HTTP_EXPORT_ALL
SetEnv GIT_NOTES_DISPLAY_REF refs/notes/*
SetEnv CGIT_CONFIG /etc/cgitrc
AliasMatch ^/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ /var/lib/git/$1
AliasMatch ^/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /var/lib/git/$1
ScriptAlias / /usr/libexec/git-core/git-http-backend/
ErrorLog /var/log/httpd/localhost-ssl-error.log
LogLevel warn
CustomLog /var/log/httpd/localhost-ssl-access.log combined
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
SSLCertificateFile /etc/pki/tls/certs/localhost.pem
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
</VirtualHost>
'
describe file('/etc/httpd/conf.d/25-localhost.conf') do
its(:content) { should eq vhost_content }
end
end
describe 'selinux' do
describe command("semanage boolean -l | grep '^httpd_enable_cgi'") do
its(:stdout) { should match(/^httpd_enable_cgi.*\(on , on\)/) }
end
describe command("semanage port -l | grep '^http_port_t'") do
its (:stdout) { should match(/^http_port_t.*\b80/) }
its (:stdout) { should match(/^http_port_t.*\b443/) }
end
describe command("semanage port -l | grep '^git_port_t'") do
its(:stdout) { should match(/^git_port_t.*\b9418/) }
end
end
end
View Git Blame Copy Permalink