Rudimentary system for full integration test (puppet + puppet-decrypt…

… + hiera)
maxlinc · Jul 11, 2013 · 165ad94 · 165ad94
1 parent 8c724c8
commit 165ad94
Show file tree

Hide file tree

Showing 12 changed files with 96 additions and 2 deletions.
diff --git a/Rakefile b/Rakefile
@@ -1,7 +1,12 @@
 require 'bundler/gem_tasks'
 require 'rspec/core/rake_task'
+require 'cucumber'
+require 'cucumber/rake/task'
 
 RSpec::Core::RakeTask.new(:spec)
 
-task :default => :spec
+task :default => [:spec, :integration]
 
+Cucumber::Rake::Task.new(:integration) do |t|
+  t.cucumber_opts = "features --format pretty"
+end
diff --git a/features/fixtures/data/overridden_secret_key.yaml b/features/fixtures/data/overridden_secret_key.yaml
@@ -0,0 +1,4 @@
+---
+db_password:
+  value: 'ENC[blablabla==]'
+  secretkey: '/etc/some_other_key'
diff --git a/features/fixtures/data/simple.yaml b/features/fixtures/data/simple.yaml
@@ -0,0 +1,2 @@
+---
+db_password: 'ENC[okoNBVDGyHQaQQPKnTTJvA==]'
diff --git a/features/fixtures/hiera.yaml b/features/fixtures/hiera.yaml
@@ -0,0 +1,8 @@
+---
+:backends: yaml
+:yaml:
+  :datadir: features/fixtures/data
+:hierarchy:
+  - '%{::hiera_file}'
+  - common
+:logger: console
diff --git a/features/fixtures/manifests/overridden_secret_key.pp.bak b/features/fixtures/manifests/overridden_secret_key.pp.bak
@@ -0,0 +1,5 @@
+$decrypted = decrypt(hiera('db_password'))
+notice($decrypted)
+unless($decrypted == 'expected') {
+  fail("Expected 'expected', found $unexpected")
+}
diff --git a/features/fixtures/manifests/simple.pp b/features/fixtures/manifests/simple.pp
@@ -0,0 +1,6 @@
+$decrypted = decrypt(hiera('db_password'))
+notice($decrypted)
+$expected = 'blablabla'
+unless($decrypted == $expected) {
+  fail("Expected '$expected', found $unexpected")
+}
diff --git a/features/fixtures/secretkeys/encryptor_secret_key b/features/fixtures/secretkeys/encryptor_secret_key
@@ -0,0 +1,11 @@
+idZdWf3d7s97FVG0iytPj03c2LhrumdUqk4T+aa1VVzp8vFmtQb7Vyy7SbjV4v4y
+CLEat8x8jFb7IBl2yjW3KmC0TW1q1cKaeP8eHuYeqm9ZIQoUtDH+q+8KM5xso358
+PAkDtxJcFmcRvD2SL47WYTd+xFjYEW5VxWhGCcNi/FRlmRSLL29sBcRGfJNhPBit
+j3PiXxPrNIu4E1Ikm94C911x4YD/PO5yNOuhDQW5rs1z8G8TGmzXV64Vxg7rYcXc
+8XK0auzDm+qTdSpP6vaLhFROcGgFVzFu5WWHZ0dpRL1UfDdjlQbHojRCfb4jZB+I
+bXTS5BQFzClttcPYSwf44am3zwYCuLeZ5oWif2sxPBwUIubzPIoBObcdj/uIjljx
+BBPcoPDW+zIbghVWxjoHkLinRdqtXQzMCS0pp8znRsT7v5mp7FZvzMLDO6belz+Q
+LEd3YefLkOFU6B7kJq7XDrVP18G691SwhY08rSq0LyNlwEZ4E9ZD6hrUduHd3Bs7
+yGNhGjvAEItfDv7MBcavkLZSO/q1QElbz5B7/3aiu2HPRfUmS/hiywJ3S1cxZp8Y
+wVr0kqIxRxMoNfl4IqCaRsvlwGBeTHmpXqkcviQsQOuddMStGXKKptrXKxvhn4ca
+72SUKYg7mvyCWD44mAxJyTfTso93Pkn95klRtyBunu0=
diff --git a/features/hiera.feature b/features/hiera.feature
@@ -0,0 +1,14 @@
+Feature: Puppet works
+
+Scenario: Simple test
+  Given I have the following hiera data:
+    """
+    ---
+      db_password: ENC[wx0qTorBqPrTrgkbzYirlA==]
+    """
+  When I execute this puppet manifest:
+    """
+    $password = decrypt(hiera('db_password'))
+    notice($password)
+    """
+  Then the output should include "Notice: Scope(Class[main]): max"
diff --git a/features/step_definitions/puppet_steps.rb b/features/step_definitions/puppet_steps.rb
@@ -0,0 +1,27 @@
+require 'tempfile'
+
+Given /^I have the following hiera data:$/ do |hieradata|
+  hierafile = Thread.current[:hierafile]
+  hierafile.write(hieradata)
+  hierafile.close
+end
+
+When /^I execute this puppet manifest:$/ do |manifest|
+  hierafile = Thread.current[:hierafile]
+  file = Tempfile.new('test_manifest')
+  begin
+    file.write(manifest)
+    file.close
+    ENV['FACTER_HIERA_FILE'] = File.basename(hierafile, '.yaml')
+    ENV['PUPPET_DECRYPT_KEYDIR'] = 'features/fixtures/secretkeys'
+    @output = `puppet apply --noop #{file.path} --hiera_config=features/fixtures/hiera.yaml`
+    puts @output
+  ensure
+    file.unlink
+  end
+  $?.success?
+end
+
+Then /^the output should include "([^"]*)"$/ do |content|
+  @output.should include content
+end
diff --git a/features/support/env.rb b/features/support/env.rb
@@ -0,0 +1,10 @@
+Around do | scenario, block |
+  hierafile = Tempfile.new(['hierafile', '.yaml'], 'features/fixtures/data')
+  Thread.current[:hierafile] = hierafile
+  begin
+    block.call
+  ensure
+    hierafile.close
+    hierafile.unlink
+  end
+end
diff --git a/lib/puppet-decrypt/decryptor.rb b/lib/puppet-decrypt/decryptor.rb
@@ -3,7 +3,7 @@ module Decrypt
 
     class Decryptor
       ENCRYPTED_PATTERN = /^ENC:?(?<key>\w*)\[(?<value>.*)\]$/
-      KEY_DIR = '/etc/puppet-decrypt'
+      KEY_DIR = ENV['PUPPET_DECRYPT_KEYDIR'] || '/etc/puppet-decrypt'
       DEFAULT_KEY = 'encryptor_secret_key'
       DEFAULT_FILE = File.join(KEY_DIR, DEFAULT_KEY)
 

diff --git a/puppet-decrypt.gemspec b/puppet-decrypt.gemspec
@@ -20,6 +20,8 @@ Gem::Specification.new do |gem|
 
   gem.add_dependency('encryptor')
   gem.add_development_dependency('rake')
+  gem.add_development_dependency('cucumber')
+  gem.add_development_dependency('relish')
   gem.add_development_dependency('rspec')
   gem.add_development_dependency('rspec-puppet')
   gem.add_development_dependency('puppetlabs_spec_helper')