diff --git a/manifests/core_host_inventory.pp b/manifests/core_host_inventory.pp index 4a63e32..aac198e 100644 --- a/manifests/core_host_inventory.pp +++ b/manifests/core_host_inventory.pp @@ -28,7 +28,7 @@ Stdlib::Port $database_port = 5432, ) inherits iop::params { include podman - include iop::core_network + require iop::core_network include iop::core_kafka include iop::database diff --git a/manifests/core_kafka.pp b/manifests/core_kafka.pp index f2639c9..992fd92 100644 --- a/manifests/core_kafka.pp +++ b/manifests/core_kafka.pp @@ -31,7 +31,7 @@ } podman::volume { 'iop-core-kafka-data': - ensure => $ensure, + ensure => 'present', } podman::quadlet { 'iop-core-kafka': @@ -75,14 +75,16 @@ }, } - exec { 'kafka-init': - command => "podman run --network=iop-core-network --secret iop-core-kafka-init,target=/opt/kafka/init.sh,mode=0755 ${image} /opt/kafka/init.sh --create", - unless => "podman run --network=iop-core-network --secret iop-core-kafka-init,target=/opt/kafka/init.sh,mode=0755 ${image} /opt/kafka/init.sh --check", - require => [ - Podman::Quadlet['iop-core-kafka'], - Podman::Network['iop-core-network'], - Podman::Secret['iop-core-kafka-init'] - ], - path => ['/usr/bin', '/usr/sbin'], + if $ensure == 'present' { + exec { 'kafka-init': + command => "podman run --network=iop-core-network --secret iop-core-kafka-init,target=/opt/kafka/init.sh,mode=0755 ${image} /opt/kafka/init.sh --create", + unless => "podman run --network=iop-core-network --secret iop-core-kafka-init,target=/opt/kafka/init.sh,mode=0755 ${image} /opt/kafka/init.sh --check", + require => [ + Podman::Quadlet['iop-core-kafka'], + Podman::Network['iop-core-network'], + Podman::Secret['iop-core-kafka-init'] + ], + path => ['/usr/bin', '/usr/sbin'], + } } } diff --git a/manifests/init.pp b/manifests/init.pp index 2c1f2b9..60cbb6c 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -2,16 +2,16 @@ # # Install and configure IOP services # +# === Parameters: +# # === Advanced parameters: # # $register_as_smartproxy:: Whether to register as a smart proxy # -# $enable_vulnerability:: Enable vulnerability services -# -# $enable_advisor:: Enable advisor services -# # $foreman_base_url:: Base URL for Foreman connection # +# $ensure:: Whether services should be present or absent +# # === Database parameters: # # $database_host:: Shared database host for all services @@ -49,9 +49,8 @@ # $remediations_database_password:: Database password for remediations service # class iop ( + Enum['present', 'absent'] $ensure = 'present', Boolean $register_as_smartproxy = true, - Boolean $enable_vulnerability = true, - Boolean $enable_advisor = true, Optional[Stdlib::HTTPUrl] $foreman_base_url = undef, String[1] $database_host = '/var/run/postgresql/', Stdlib::Port $database_port = 5432, @@ -71,54 +70,56 @@ String[1] $remediations_database_user = 'remediations_user', String[1] $remediations_database_password = extlib::cache_data('iop_cache_data', 'remediations_db_password', extlib::random_password(32)), ) inherits iop::params { - include iop::core_ingress - include iop::core_puptoo - include iop::core_yuptoo - include iop::core_engine - include iop::core_gateway + class { 'iop::core_kafka': ensure => $ensure } + class { 'iop::core_ingress': ensure => $ensure } + class { 'iop::core_puptoo': ensure => $ensure } + class { 'iop::core_yuptoo': ensure => $ensure } + class { 'iop::core_engine': ensure => $ensure } + class { 'iop::core_gateway': ensure => $ensure } class { 'iop::core_host_inventory': + ensure => $ensure, database_host => $database_host, database_port => $database_port, database_name => $inventory_database_name, database_user => $inventory_database_user, database_password => $inventory_database_password, } - include iop::core_host_inventory_frontend + class { 'iop::core_host_inventory_frontend': ensure => $ensure } - if $enable_vulnerability { - class { 'iop::service_vmaas': - database_host => $database_host, - database_port => $database_port, - database_name => $vmaas_database_name, - database_user => $vmaas_database_user, - database_password => $vmaas_database_password, - } - include iop::service_vulnerability_frontend - class { 'iop::service_vulnerability': - database_host => $database_host, - database_port => $database_port, - database_name => $vulnerability_database_name, - database_user => $vulnerability_database_user, - database_password => $vulnerability_database_password, - } + class { 'iop::service_vmaas': + ensure => $ensure, + database_host => $database_host, + database_port => $database_port, + database_name => $vmaas_database_name, + database_user => $vmaas_database_user, + database_password => $vmaas_database_password, + } + class { 'iop::service_vulnerability_frontend': ensure => $ensure } + class { 'iop::service_vulnerability': + ensure => $ensure, + database_host => $database_host, + database_port => $database_port, + database_name => $vulnerability_database_name, + database_user => $vulnerability_database_user, + database_password => $vulnerability_database_password, } - if $enable_advisor { - include iop::service_advisor_frontend - class { 'iop::service_advisor': - database_host => $database_host, - database_port => $database_port, - database_name => $advisor_database_name, - database_user => $advisor_database_user, - database_password => $advisor_database_password, - } - class { 'iop::service_remediations': - database_host => $database_host, - database_port => $database_port, - database_name => $remediations_database_name, - database_user => $remediations_database_user, - database_password => $remediations_database_password, - } + class { 'iop::service_advisor_frontend': ensure => $ensure } + class { 'iop::service_advisor': + ensure => $ensure, + database_host => $database_host, + database_port => $database_port, + database_name => $advisor_database_name, + database_user => $advisor_database_user, + database_password => $advisor_database_password, + } + class { 'iop::service_remediations': + ensure => $ensure, + database_host => $database_host, + database_port => $database_port, + database_name => $remediations_database_name, + database_user => $remediations_database_user, + database_password => $remediations_database_password, } if $register_as_smartproxy { @@ -128,7 +129,7 @@ $_foreman_base_url_real = pick($foreman_base_url, "https://${facts['networking']['fqdn']}") foreman_smartproxy { 'iop-gateway': - ensure => present, + ensure => $ensure, base_url => $_foreman_base_url_real, consumer_key => $oauth_consumer_key, consumer_secret => $oauth_consumer_secret, diff --git a/manifests/service_advisor.pp b/manifests/service_advisor.pp index 5c74456..f7a8999 100644 --- a/manifests/service_advisor.pp +++ b/manifests/service_advisor.pp @@ -30,7 +30,7 @@ include podman include iop::database include iop::core_kafka - include iop::core_network + require iop::core_network include iop::core_host_inventory $service_name = 'iop-service-advisor-backend' diff --git a/manifests/service_remediations.pp b/manifests/service_remediations.pp index 8922de6..2959fa3 100644 --- a/manifests/service_remediations.pp +++ b/manifests/service_remediations.pp @@ -30,7 +30,7 @@ include podman include iop::database include iop::core_kafka - include iop::core_network + require iop::core_network include iop::core_host_inventory include iop::service_advisor diff --git a/manifests/service_vmaas.pp b/manifests/service_vmaas.pp index 0933695..38469b5 100644 --- a/manifests/service_vmaas.pp +++ b/manifests/service_vmaas.pp @@ -28,7 +28,7 @@ Stdlib::Port $database_port = 5432, ) { include podman - include iop::core_network + require iop::core_network include iop::core_kafka include iop::core_gateway include iop::database @@ -94,7 +94,7 @@ } podman::volume { 'iop-service-vmaas-data': - ensure => $ensure, + ensure => 'present', } podman::quadlet { 'iop-service-vmaas-reposcan': diff --git a/manifests/service_vulnerability.pp b/manifests/service_vulnerability.pp index dc2ade0..149b6bd 100644 --- a/manifests/service_vulnerability.pp +++ b/manifests/service_vulnerability.pp @@ -36,7 +36,7 @@ include podman include iop::database include iop::core_kafka - include iop::core_network + require iop::core_network include iop::core_host_inventory include iop::service_vmaas diff --git a/spec/acceptance/core_engine_spec.rb b/spec/acceptance/core_engine_spec.rb index a41c1e2..8dd5058 100644 --- a/spec/acceptance/core_engine_spec.rb +++ b/spec/acceptance/core_engine_spec.rb @@ -31,4 +31,30 @@ class { 'iop::core_engine': } its(:exit_status) { should eq 0 } end end + + context 'with ensure => absent' do + it_behaves_like 'an idempotent resource' do + let(:manifest) do + <<-PUPPET + class { 'iop::core_engine': + ensure => 'absent', + } + PUPPET + end + end + + describe service('iop-core-engine') do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + + describe file('/etc/containers/systemd/iop-core-engine.container') do + it { is_expected.not_to exist } + end + + describe command('podman secret ls --format "{{.Name}}" | grep "^iop-core-engine-"') do + its(:exit_status) { should eq 1 } + its(:stdout) { should be_empty } + end + end end diff --git a/spec/acceptance/core_gateway_spec.rb b/spec/acceptance/core_gateway_spec.rb index a950711..36cbfdc 100644 --- a/spec/acceptance/core_gateway_spec.rb +++ b/spec/acceptance/core_gateway_spec.rb @@ -31,4 +31,30 @@ class { 'iop::core_gateway': } its(:stdout) { should match /200/ } end end + + context 'with ensure => absent' do + it_behaves_like 'an idempotent resource' do + let(:manifest) do + <<-PUPPET + class { 'iop::core_gateway': + ensure => 'absent', + } + PUPPET + end + end + + describe service('iop-core-gateway') do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + + describe file('/etc/containers/systemd/iop-core-gateway.container') do + it { is_expected.not_to exist } + end + + describe command('podman secret ls --format "{{.Name}}" | grep "^iop-core-gateway-"') do + its(:exit_status) { should eq 1 } + its(:stdout) { should be_empty } + end + end end diff --git a/spec/acceptance/core_host_inventory_frontend_spec.rb b/spec/acceptance/core_host_inventory_frontend_spec.rb index 2b2be25..eb0353f 100644 --- a/spec/acceptance/core_host_inventory_frontend_spec.rb +++ b/spec/acceptance/core_host_inventory_frontend_spec.rb @@ -56,4 +56,24 @@ class { 'iop::core_host_inventory_frontend': } it { should be_mode 755 } end end + + context 'with ensure => absent' do + it_behaves_like 'an idempotent resource' do + let(:manifest) do + <<-PUPPET + class { 'iop::core_host_inventory_frontend': + ensure => 'absent', + } + PUPPET + end + end + + describe file("/var/lib/foreman/public/assets/apps/inventory") do + it { is_expected.not_to exist } + end + + describe file("/var/lib/foreman/public/assets/apps/inventory/app.info.json") do + it { is_expected.not_to exist } + end + end end diff --git a/spec/acceptance/core_host_inventory_spec.rb b/spec/acceptance/core_host_inventory_spec.rb index 26cefcd..bd83e1f 100644 --- a/spec/acceptance/core_host_inventory_spec.rb +++ b/spec/acceptance/core_host_inventory_spec.rb @@ -57,4 +57,57 @@ class { 'iop::core_host_inventory': } its(:content) { should match /WantedBy=timers.target/ } end end + + context 'with ensure => absent' do + it_behaves_like 'an idempotent resource' do + let(:manifest) do + <<-PUPPET + class { 'iop::core_host_inventory': + ensure => 'absent', + } + PUPPET + end + end + + describe service('iop-core-host-inventory') do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + + describe service('iop-core-host-inventory-api') do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + + describe service('iop-core-host-inventory-cleanup') do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + + describe service('iop-core-host-inventory-cleanup.timer') do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + + describe file('/etc/containers/systemd/iop-core-host-inventory.container') do + it { is_expected.not_to exist } + end + + describe file('/etc/containers/systemd/iop-core-host-inventory-api.container') do + it { is_expected.not_to exist } + end + + describe file('/etc/containers/systemd/iop-core-host-inventory-cleanup.container') do + it { is_expected.not_to exist } + end + + describe file('/etc/systemd/system/iop-core-host-inventory-cleanup.timer') do + it { is_expected.not_to exist } + end + + describe command('podman secret ls --format "{{.Name}}" | grep "^iop-core-host-inventory-"') do + its(:exit_status) { should eq 1 } + its(:stdout) { should be_empty } + end + end end diff --git a/spec/acceptance/core_ingress_spec.rb b/spec/acceptance/core_ingress_spec.rb index 1d2c235..2eb2f50 100644 --- a/spec/acceptance/core_ingress_spec.rb +++ b/spec/acceptance/core_ingress_spec.rb @@ -30,4 +30,25 @@ its(:stdout) { should match /200/ } end end + + context 'with ensure => absent' do + it_behaves_like 'an idempotent resource' do + let(:manifest) do + <<-PUPPET + class { 'iop::core_ingress': + ensure => 'absent', + } + PUPPET + end + end + + describe service('iop-core-ingress') do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + + describe file('/etc/containers/systemd/iop-core-ingress.container') do + it { is_expected.not_to exist } + end + end end diff --git a/spec/acceptance/core_kafka_spec.rb b/spec/acceptance/core_kafka_spec.rb index 760bf14..457cda6 100644 --- a/spec/acceptance/core_kafka_spec.rb +++ b/spec/acceptance/core_kafka_spec.rb @@ -25,10 +25,26 @@ it { is_expected.to be_running } it { is_expected.to be_enabled } end + end + + context 'with ensure => absent' do + it_behaves_like 'an idempotent resource' do + let(:manifest) do + <<-PUPPET + class { 'iop::core_kafka': + ensure => 'absent', + } + PUPPET + end + end + + describe service('iop-core-kafka') do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end - it 'should have iop-core-kafka-data volume' do - result = shell('podman volume ls --format "{{.Name}}"') - expect(result.stdout).to match(/iop-core-kafka-data/) + describe file('/etc/containers/systemd/iop-core-kafka.container') do + it { is_expected.not_to exist } end end end diff --git a/spec/acceptance/core_puptoo_spec.rb b/spec/acceptance/core_puptoo_spec.rb index e68547f..b21fe91 100644 --- a/spec/acceptance/core_puptoo_spec.rb +++ b/spec/acceptance/core_puptoo_spec.rb @@ -30,4 +30,25 @@ its(:stdout) { should match /200/ } end end + + context 'with ensure => absent' do + it_behaves_like 'an idempotent resource' do + let(:manifest) do + <<-PUPPET + class { 'iop::core_puptoo': + ensure => 'absent', + } + PUPPET + end + end + + describe service('iop-core-puptoo') do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + + describe file('/etc/containers/systemd/iop-core-puptoo.container') do + it { is_expected.not_to exist } + end + end end diff --git a/spec/acceptance/core_yuptoo_spec.rb b/spec/acceptance/core_yuptoo_spec.rb index d810c81..701c1d2 100644 --- a/spec/acceptance/core_yuptoo_spec.rb +++ b/spec/acceptance/core_yuptoo_spec.rb @@ -30,4 +30,25 @@ its(:stdout) { should match /200/ } end end + + context 'with ensure => absent' do + it_behaves_like 'an idempotent resource' do + let(:manifest) do + <<-PUPPET + class { 'iop::core_yuptoo': + ensure => 'absent', + } + PUPPET + end + end + + describe service('iop-core-yuptoo') do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + + describe file('/etc/containers/systemd/iop-core-yuptoo.container') do + it { is_expected.not_to exist } + end + end end diff --git a/spec/acceptance/cvemap_downloader_spec.rb b/spec/acceptance/cvemap_downloader_spec.rb index 7c51534..0aaa84c 100644 --- a/spec/acceptance/cvemap_downloader_spec.rb +++ b/spec/acceptance/cvemap_downloader_spec.rb @@ -72,4 +72,47 @@ class { 'iop::cvemap_downloader': } it { should be_readable } end end + + context 'with ensure => absent' do + it_behaves_like 'an idempotent resource' do + let(:manifest) do + <<-PUPPET + class { 'iop::cvemap_downloader': + ensure => 'absent', + } + PUPPET + end + end + + describe file('/usr/local/bin/iop-cvemap-download.sh') do + it { is_expected.not_to exist } + end + + describe file('/etc/systemd/system/iop-cvemap-download.service') do + it { is_expected.not_to exist } + end + + describe file('/etc/systemd/system/iop-cvemap-download.timer') do + it { is_expected.not_to exist } + end + + describe file('/etc/systemd/system/iop-cvemap-download.path') do + it { is_expected.not_to exist } + end + + describe service('iop-cvemap-download.timer') do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + + describe service('iop-cvemap-download.service') do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + + describe service('iop-cvemap-download.path') do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + end end diff --git a/spec/acceptance/iop_spec.rb b/spec/acceptance/iop_spec.rb index 3bf05b3..4a15dd6 100644 --- a/spec/acceptance/iop_spec.rb +++ b/spec/acceptance/iop_spec.rb @@ -160,4 +160,107 @@ class { 'iop': it { is_expected.to be_enabled } end end + + context 'with ensure => absent' do + it_behaves_like 'an idempotent resource' do + let(:manifest) do + <<-PUPPET + class { 'iop': + ensure => 'absent', + } + PUPPET + end + end + + # Core services + describe service('iop-core-gateway') do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + + describe service('iop-core-ingress') do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + + describe service('iop-core-puptoo') do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + + describe service('iop-core-yuptoo') do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + + describe service('iop-core-engine') do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + + describe service('iop-core-host-inventory') do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + + describe service('iop-core-host-inventory-api') do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + + # Vulnerability services + describe service('iop-service-vuln-manager') do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + + describe service('iop-service-vmaas-reposcan') do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + + describe service('iop-service-vmaas-webapp-go') do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + + # Advisor services + describe service('iop-service-advisor-backend-service') do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + + describe service('iop-service-advisor-backend-api') do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + + describe service('iop-service-remediations-api') do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + + # Container files should be removed + describe command('find /etc/containers/systemd/ -name "iop-*.container" 2>/dev/null | wc -l') do + its(:stdout) { should match /^0$/ } + end + + # Secrets should be cleaned up + describe command('podman secret ls --format "{{.Name}}" | grep "^iop-" | wc -l') do + its(:stdout) { should match /^0$/ } + end + + # Frontend assets should be removed + describe file('/var/lib/foreman/public/assets/apps/inventory') do + it { is_expected.not_to exist } + end + + describe file('/var/lib/foreman/public/assets/apps/advisor') do + it { is_expected.not_to exist } + end + + describe file('/var/lib/foreman/public/assets/apps/vulnerability') do + it { is_expected.not_to exist } + end + end end diff --git a/spec/acceptance/service_advisor_frontend_spec.rb b/spec/acceptance/service_advisor_frontend_spec.rb index 43d6edd..1f5f0cb 100644 --- a/spec/acceptance/service_advisor_frontend_spec.rb +++ b/spec/acceptance/service_advisor_frontend_spec.rb @@ -56,4 +56,24 @@ class { 'iop::service_advisor_frontend': } it { should be_mode 755 } end end + + context 'with ensure => absent' do + it_behaves_like 'an idempotent resource' do + let(:manifest) do + <<-PUPPET + class { 'iop::service_advisor_frontend': + ensure => 'absent', + } + PUPPET + end + end + + describe file("/var/lib/foreman/public/assets/apps/advisor") do + it { is_expected.not_to exist } + end + + describe file("/var/lib/foreman/public/assets/apps/advisor/app.info.json") do + it { is_expected.not_to exist } + end + end end diff --git a/spec/acceptance/service_advisor_spec.rb b/spec/acceptance/service_advisor_spec.rb index 18ca416..8c912f9 100644 --- a/spec/acceptance/service_advisor_spec.rb +++ b/spec/acceptance/service_advisor_spec.rb @@ -61,4 +61,39 @@ class { 'iop::service_advisor': } end end end + + context 'with ensure => absent' do + it_behaves_like 'an idempotent resource' do + let(:manifest) do + <<-PUPPET + class { 'iop::service_advisor': + ensure => 'absent', + } + PUPPET + end + end + + describe service('iop-service-advisor-backend-service') do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + + describe service('iop-service-advisor-backend-api') do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + + describe file('/etc/containers/systemd/iop-service-advisor-backend-service.container') do + it { is_expected.not_to exist } + end + + describe file('/etc/containers/systemd/iop-service-advisor-backend-api.container') do + it { is_expected.not_to exist } + end + + describe command('podman secret ls --format "{{.Name}}" | grep "^iop-service-advisor-"') do + its(:exit_status) { should eq 1 } + its(:stdout) { should be_empty } + end + end end diff --git a/spec/acceptance/service_remediations_spec.rb b/spec/acceptance/service_remediations_spec.rb index a890c76..784f8ea 100644 --- a/spec/acceptance/service_remediations_spec.rb +++ b/spec/acceptance/service_remediations_spec.rb @@ -30,4 +30,30 @@ class { 'iop::service_remediations': } its(:stdout) { should match /200/ } end end + + context 'with ensure => absent' do + it_behaves_like 'an idempotent resource' do + let(:manifest) do + <<-PUPPET + class { 'iop::service_remediations': + ensure => 'absent', + } + PUPPET + end + end + + describe service('iop-service-remediations-api') do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + + describe file('/etc/containers/systemd/iop-service-remediations-api.container') do + it { is_expected.not_to exist } + end + + describe command('podman secret ls --format "{{.Name}}" | grep "^iop-service-remediations-"') do + its(:exit_status) { should eq 1 } + its(:stdout) { should be_empty } + end + end end diff --git a/spec/acceptance/service_vmaas_spec.rb b/spec/acceptance/service_vmaas_spec.rb index 4403c50..ea80d50 100644 --- a/spec/acceptance/service_vmaas_spec.rb +++ b/spec/acceptance/service_vmaas_spec.rb @@ -35,4 +35,39 @@ class { 'iop::service_vmaas': } its(:stdout) { should match /200/ } end end + + context 'with ensure => absent' do + it_behaves_like 'an idempotent resource' do + let(:manifest) do + <<-PUPPET + class { 'iop::service_vmaas': + ensure => 'absent', + } + PUPPET + end + end + + describe service('iop-service-vmaas-reposcan') do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + + describe service('iop-service-vmaas-webapp-go') do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + + describe file('/etc/containers/systemd/iop-service-vmaas-reposcan.container') do + it { is_expected.not_to exist } + end + + describe file('/etc/containers/systemd/iop-service-vmaas-webapp-go.container') do + it { is_expected.not_to exist } + end + + describe command('podman secret ls --format "{{.Name}}" | grep "^iop-service-vmaas-"') do + its(:exit_status) { should eq 1 } + its(:stdout) { should be_empty } + end + end end diff --git a/spec/acceptance/service_vulnerability_frontend_spec.rb b/spec/acceptance/service_vulnerability_frontend_spec.rb index 4029433..5ac3794 100644 --- a/spec/acceptance/service_vulnerability_frontend_spec.rb +++ b/spec/acceptance/service_vulnerability_frontend_spec.rb @@ -60,4 +60,24 @@ class { 'iop::service_vulnerability_frontend': } its(:stdout) { should match /200/ } end end + + context 'with ensure => absent' do + it_behaves_like 'an idempotent resource' do + let(:manifest) do + <<-PUPPET + class { 'iop::service_vulnerability_frontend': + ensure => 'absent', + } + PUPPET + end + end + + describe file("/var/lib/foreman/public/assets/apps/vulnerability") do + it { is_expected.not_to exist } + end + + describe file("/var/lib/foreman/public/assets/apps/vulnerability/app.info.json") do + it { is_expected.not_to exist } + end + end end diff --git a/spec/acceptance/service_vulnerability_spec.rb b/spec/acceptance/service_vulnerability_spec.rb index 3f6e452..fba0881 100644 --- a/spec/acceptance/service_vulnerability_spec.rb +++ b/spec/acceptance/service_vulnerability_spec.rb @@ -107,4 +107,101 @@ class { 'iop::service_vulnerability': } end end end + + context 'with ensure => absent' do + it_behaves_like 'an idempotent resource' do + let(:manifest) do + <<-PUPPET + class { 'iop::service_vulnerability': + ensure => 'absent', + } + PUPPET + end + end + + describe service('iop-service-vuln-dbupgrade') do + it { is_expected.not_to be_enabled } + end + + describe service('iop-service-vuln-manager') do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + + describe service('iop-service-vuln-taskomatic') do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + + describe service('iop-service-vuln-grouper') do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + + describe service('iop-service-vuln-listener') do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + + describe service('iop-service-vuln-evaluator-recalc') do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + + describe service('iop-service-vuln-evaluator-upload') do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + + describe service('iop-service-vuln-vmaas-sync') do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + + describe service('iop-service-vuln-vmaas-sync.timer') do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + + describe file('/etc/containers/systemd/iop-service-vuln-dbupgrade.container') do + it { is_expected.not_to exist } + end + + describe file('/etc/containers/systemd/iop-service-vuln-manager.container') do + it { is_expected.not_to exist } + end + + describe file('/etc/containers/systemd/iop-service-vuln-taskomatic.container') do + it { is_expected.not_to exist } + end + + describe file('/etc/containers/systemd/iop-service-vuln-grouper.container') do + it { is_expected.not_to exist } + end + + describe file('/etc/containers/systemd/iop-service-vuln-listener.container') do + it { is_expected.not_to exist } + end + + describe file('/etc/containers/systemd/iop-service-vuln-evaluator-recalc.container') do + it { is_expected.not_to exist } + end + + describe file('/etc/containers/systemd/iop-service-vuln-evaluator-upload.container') do + it { is_expected.not_to exist } + end + + describe file('/etc/containers/systemd/iop-service-vuln-vmaas-sync.container') do + it { is_expected.not_to exist } + end + + describe file('/etc/systemd/system/iop-service-vuln-vmaas-sync.timer') do + it { is_expected.not_to exist } + end + + describe command('podman secret ls --format "{{.Name}}" | grep "^iop-service-vuln-"') do + its(:exit_status) { should eq 1 } + its(:stdout) { should be_empty } + end + end end diff --git a/spec/classes/iop_spec.rb b/spec/classes/iop_spec.rb index 5230711..2c57907 100644 --- a/spec/classes/iop_spec.rb +++ b/spec/classes/iop_spec.rb @@ -9,9 +9,12 @@ describe 'with default parameters' do it { should compile.with_all_deps } + it { should contain_class('iop::core_network') } + it { should contain_class('iop::core_kafka') } it { should contain_class('iop::core_ingress') } it { should contain_class('iop::core_puptoo') } it { should contain_class('iop::core_yuptoo') } + it { should contain_class('iop::core_engine') } it { should contain_class('iop::core_gateway') } it { should contain_class('iop::core_host_inventory') } it { should contain_class('iop::core_host_inventory_frontend') } @@ -24,74 +27,55 @@ it { should contain_foreman_smartproxy('iop-gateway') } end - describe 'with enable_vulnerability => false' do + describe 'with ensure => absent' do let :params do { - enable_vulnerability: false, + ensure: 'absent', register_as_smartproxy: false } end it { should compile.with_all_deps } - it { should contain_class('iop::core_ingress') } - it { should contain_class('iop::core_puptoo') } - it { should contain_class('iop::core_yuptoo') } - it { should contain_class('iop::core_gateway') } - it { should contain_class('iop::core_host_inventory') } - it { should contain_class('iop::core_host_inventory_frontend') } - it { should_not contain_class('iop::service_vmaas') } - it { should_not contain_class('iop::service_vulnerability_frontend') } - it { should_not contain_class('iop::service_vulnerability') } - it { should contain_class('iop::service_advisor_frontend') } - it { should contain_class('iop::service_advisor') } - it { should contain_class('iop::service_remediations') } + it { should contain_class('iop::core_kafka').with_ensure('absent') } + it { should contain_class('iop::core_ingress').with_ensure('absent') } + it { should contain_class('iop::core_puptoo').with_ensure('absent') } + it { should contain_class('iop::core_yuptoo').with_ensure('absent') } + it { should contain_class('iop::core_engine').with_ensure('absent') } + it { should contain_class('iop::core_gateway').with_ensure('absent') } + it { should contain_class('iop::core_host_inventory').with_ensure('absent') } + it { should contain_class('iop::core_host_inventory_frontend').with_ensure('absent') } + it { should contain_class('iop::service_vmaas').with_ensure('absent') } + it { should contain_class('iop::service_vulnerability_frontend').with_ensure('absent') } + it { should contain_class('iop::service_vulnerability').with_ensure('absent') } + it { should contain_class('iop::service_advisor_frontend').with_ensure('absent') } + it { should contain_class('iop::service_advisor').with_ensure('absent') } + it { should contain_class('iop::service_remediations').with_ensure('absent') } end - describe 'with enable_advisor => false' do + describe 'with register_as_smartproxy => false' do let :params do { - enable_advisor: false, register_as_smartproxy: false } end it { should compile.with_all_deps } + it { should contain_class('iop::core_network') } + it { should contain_class('iop::core_kafka') } it { should contain_class('iop::core_ingress') } it { should contain_class('iop::core_puptoo') } it { should contain_class('iop::core_yuptoo') } + it { should contain_class('iop::core_engine') } it { should contain_class('iop::core_gateway') } it { should contain_class('iop::core_host_inventory') } it { should contain_class('iop::core_host_inventory_frontend') } it { should contain_class('iop::service_vmaas') } it { should contain_class('iop::service_vulnerability_frontend') } it { should contain_class('iop::service_vulnerability') } - it { should_not contain_class('iop::service_advisor_frontend') } - it { should_not contain_class('iop::service_advisor') } - it { should_not contain_class('iop::service_remediations') } - end - - describe 'with both enable_vulnerability => false and enable_advisor => false' do - let :params do - { - enable_vulnerability: false, - enable_advisor: false, - register_as_smartproxy: false - } - end - - it { should compile.with_all_deps } - it { should contain_class('iop::core_ingress') } - it { should contain_class('iop::core_puptoo') } - it { should contain_class('iop::core_yuptoo') } - it { should contain_class('iop::core_gateway') } - it { should contain_class('iop::core_host_inventory') } - it { should contain_class('iop::core_host_inventory_frontend') } - it { should_not contain_class('iop::service_vmaas') } - it { should_not contain_class('iop::service_vulnerability_frontend') } - it { should_not contain_class('iop::service_vulnerability') } - it { should_not contain_class('iop::service_advisor_frontend') } - it { should_not contain_class('iop::service_advisor') } - it { should_not contain_class('iop::service_remediations') } + it { should contain_class('iop::service_advisor_frontend') } + it { should contain_class('iop::service_advisor') } + it { should contain_class('iop::service_remediations') } + it { should_not contain_foreman_smartproxy('iop-gateway') } end end end