diff --git a/README.md b/README.md index 68fa02e..b2332e1 100644 --- a/README.md +++ b/README.md @@ -11,6 +11,7 @@ - [Usage](#usage) - [Installation](#installation) - [Resource management](#resource-management) + - [SSL](#ssl) - [Limitations](#limitations) - [Supporting Content](#supporting-content) - [Articles](#articles) @@ -192,6 +193,22 @@ class my_profile::my_class{ ) ``` +### SSL + +#### Defaults + +The InfluxDB application and Puppet resources can be configured to use SSL. The [use_ssl](https://forge.puppet.com/modules/puppetlabs/influxdb/reference#use_ssl) parameter of the main class and all resources defaults to `true`, meaning SSL will be used in all communications. If you wish to disable it, setting `influxdb::use_ssl` to `false` will do so for the application. Passing `use_ssl` to resources will cause them to query the application without using SSL. + +The certificates used in SSL communication default to those issued by the Puppet CA. The application will use the [ssl certificate](https://forge.puppet.com/modules/puppetlabs/influxdb/reference#ssl_cert_file) and [private key](https://forge.puppet.com/modules/puppetlabs/influxdb/reference#ssl_key_file) used by the Puppet agent on the local machine running InfluxDB. Applications that query InfluxDB, such as Telegraf and the resources in this module, need to provide a CA certificate issued by the same CA to be trusted. See the [puppet_operational_dashboards](https://forge.puppet.com/modules/puppetlabs/puppet_operational_dashboards/reference#puppet_operational_dashboardstelegrafagent) module for an example. + +#### Configuration + +If you wish to manage the certificate files yourself, you can set [manage_ssl](https://forge.puppet.com/modules/puppetlabs/influxdb/reference#manage_ssl). SSL will still be enabled and used by the resources, but the module will not manage the contents of the certificate files. + +If you need to use certificates issued by a CA other than the Puppet CA, you can do so by using the [ssl_trust_store](https://www.puppet.com/docs/puppet/8/configuration.html#ssl-trust-store) option of the Puppet agent. First, set the [use_system_store](https://forge.puppet.com/modules/puppetlabs/influxdb/reference#use_system_store) parameter to `true` in the main class and all resources of this module. + +Next, save your CA bundle to disk on the node managing your InfluxDB server. Set the `ssl_trust_store` option in its `puppet.conf` to contain the path to this file. This will cause all of the api calls made by this module to include your CA bundle. + ## Limitations This module is incompatible with InfluxDB 1.x. Migrating data from 1.x to 2.x must be done manually. For more information see [here](https://docs.influxdata.com/influxdb/v2.1/upgrade/v1-to-v2/). diff --git a/lib/puppet/functions/influxdb/retrieve_token.rb b/lib/puppet/functions/influxdb/retrieve_token.rb index 92625c1..bf2b5c7 100644 --- a/lib/puppet/functions/influxdb/retrieve_token.rb +++ b/lib/puppet/functions/influxdb/retrieve_token.rb @@ -6,30 +6,38 @@ param 'String', :uri param 'String', :token_name param 'String', :admin_token_file + param 'Boolean', :use_system_store end dispatch :retrieve_token do param 'String', :uri param 'String', :token_name param 'Sensitive', :admin_token + param 'Boolean', :use_system_store end - def retrieve_token_file(uri, token_name, admin_token_file) + def retrieve_token_file(uri, token_name, admin_token_file, use_system_store) admin_token = File.read(admin_token_file) - retrieve_token(uri, token_name, admin_token) + retrieve_token(uri, token_name, admin_token, use_system_store) rescue Errno::EISDIR, Errno::EACCES, Errno::ENOENT => e Puppet.err("Unable to retrieve #{token_name}": e.message) nil end - def retrieve_token(uri, token_name, admin_token) + def retrieve_token(uri, token_name, admin_token, use_system_store) if admin_token.is_a?(Puppet::Pops::Types::PSensitiveType::Sensitive) admin_token = admin_token.unwrap end client = Puppet.runtime[:http] + client_options = if use_system_store + { include_system_store: true } + else + {} + end + response = client.get(URI(uri + '/api/v2/authorizations'), - headers: { 'Authorization' => "Token #{admin_token}" }) + headers: { 'Authorization' => "Token #{admin_token}", options: client_options }) if response.success? body = JSON.parse(response.body) diff --git a/lib/puppet/provider/influxdb_bucket/influxdb_bucket.rb b/lib/puppet/provider/influxdb_bucket/influxdb_bucket.rb index 44a0db8..590ee13 100644 --- a/lib/puppet/provider/influxdb_bucket/influxdb_bucket.rb +++ b/lib/puppet/provider/influxdb_bucket/influxdb_bucket.rb @@ -11,7 +11,7 @@ def initialize super end - def canonicalize(_context, resources) + def canonicalize(context, resources) init_attrs(resources) resources rescue StandardError => e diff --git a/lib/puppet/provider/influxdb_dbrp/influxdb_dbrp.rb b/lib/puppet/provider/influxdb_dbrp/influxdb_dbrp.rb index 55fe9cc..396a040 100644 --- a/lib/puppet/provider/influxdb_dbrp/influxdb_dbrp.rb +++ b/lib/puppet/provider/influxdb_dbrp/influxdb_dbrp.rb @@ -13,7 +13,7 @@ def initialize super end - def canonicalize(_context, resources) + def canonicalize(context, resources) init_attrs(resources) resources rescue StandardError => e @@ -22,7 +22,7 @@ def canonicalize(_context, resources) nil end - def get(_context, names = nil) + def get(context, names = nil) init_auth if @auth.empty? get_org_info if @org_hash.empty? get_bucket_info if @bucket_hash.empty? diff --git a/lib/puppet/provider/influxdb_label/influxdb_label.rb b/lib/puppet/provider/influxdb_label/influxdb_label.rb index 95b3383..667c5b2 100644 --- a/lib/puppet/provider/influxdb_label/influxdb_label.rb +++ b/lib/puppet/provider/influxdb_label/influxdb_label.rb @@ -11,7 +11,7 @@ def initialize super end - def canonicalize(_context, resources) + def canonicalize(context, resources) init_attrs(resources) resources rescue StandardError => e @@ -20,7 +20,7 @@ def canonicalize(_context, resources) nil end - def get(_context, names = nil) + def get(context, names = nil) init_auth if @auth.empty? get_org_info if @org_hash.empty? get_label_info if @label_hash.empty? diff --git a/lib/puppet/provider/influxdb_setup/influxdb_setup.rb b/lib/puppet/provider/influxdb_setup/influxdb_setup.rb index 6977c45..900e996 100644 --- a/lib/puppet/provider/influxdb_setup/influxdb_setup.rb +++ b/lib/puppet/provider/influxdb_setup/influxdb_setup.rb @@ -11,7 +11,7 @@ def initialize super end - def canonicalize(_context, resources) + def canonicalize(context, resources) init_attrs(resources) resources rescue StandardError => e @@ -20,7 +20,7 @@ def canonicalize(_context, resources) nil end - def get(_context) + def get(context) response = influx_get('/api/v2/setup')[0] [ { @@ -29,7 +29,7 @@ def get(_context) port: @port, token: @token, token_file: @token_file, - ensure: (response['allowed'] == true) ? 'absent' : 'present', + ensure: (response && response['allowed'] == true) ? 'absent' : 'present', }, ] rescue StandardError => e diff --git a/lib/puppet/provider/influxdb_user/influxdb_user.rb b/lib/puppet/provider/influxdb_user/influxdb_user.rb index 0ef7e3a..55db14f 100644 --- a/lib/puppet/provider/influxdb_user/influxdb_user.rb +++ b/lib/puppet/provider/influxdb_user/influxdb_user.rb @@ -11,7 +11,7 @@ def initialize super end - def canonicalize(_context, resources) + def canonicalize(context, resources) init_attrs(resources) resources rescue StandardError => e @@ -20,7 +20,7 @@ def canonicalize(_context, resources) nil end - def get(_context, names = nil) + def get(context, names = nil) init_auth if @auth.empty? get_user_info if @user_map.empty? diff --git a/lib/puppet/type/influxdb_auth.rb b/lib/puppet/type/influxdb_auth.rb index 0448fba..52c68ff 100644 --- a/lib/puppet/type/influxdb_auth.rb +++ b/lib/puppet/type/influxdb_auth.rb @@ -76,6 +76,12 @@ default: true, behavior: :parameter, }, + use_system_store: { + type: 'Boolean', + desc: 'Whether to use the system store for SSL connections', + default: false, + behavior: :parameter, + }, force: { type: 'Boolean', desc: 'Recreate resource if immutable property changes', diff --git a/lib/puppet/type/influxdb_bucket.rb b/lib/puppet/type/influxdb_bucket.rb index 6c15d45..18a5235 100644 --- a/lib/puppet/type/influxdb_bucket.rb +++ b/lib/puppet/type/influxdb_bucket.rb @@ -78,6 +78,12 @@ desc: 'Whether to enable SSL for the InfluxDB service', default: true, behavior: :parameter, - } + }, + use_system_store: { + type: 'Boolean', + desc: 'Whether to use the system store for SSL connections', + default: false, + behavior: :parameter, + }, }, ) diff --git a/lib/puppet/type/influxdb_dbrp.rb b/lib/puppet/type/influxdb_dbrp.rb index 1907b7b..da2bc1a 100644 --- a/lib/puppet/type/influxdb_dbrp.rb +++ b/lib/puppet/type/influxdb_dbrp.rb @@ -74,6 +74,12 @@ desc: 'Whether to enable SSL for the InfluxDB service', default: true, behavior: :parameter, - } + }, + use_system_store: { + type: 'Boolean', + desc: 'Whether to use the system store for SSL connections', + default: false, + behavior: :parameter, + }, }, ) diff --git a/lib/puppet/type/influxdb_label.rb b/lib/puppet/type/influxdb_label.rb index cec4968..b0a4149 100644 --- a/lib/puppet/type/influxdb_label.rb +++ b/lib/puppet/type/influxdb_label.rb @@ -58,6 +58,12 @@ desc: 'Whether to enable SSL for the InfluxDB service', default: true, behavior: :parameter, - } + }, + use_system_store: { + type: 'Boolean', + desc: 'Whether to use the system store for SSL connections', + default: false, + behavior: :parameter, + }, }, ) diff --git a/lib/puppet/type/influxdb_org.rb b/lib/puppet/type/influxdb_org.rb index 56c4f54..a973abc 100644 --- a/lib/puppet/type/influxdb_org.rb +++ b/lib/puppet/type/influxdb_org.rb @@ -57,6 +57,12 @@ desc: 'Whether to enable SSL for the InfluxDB service', default: true, behavior: :parameter, - } + }, + use_system_store: { + type: 'Boolean', + desc: 'Whether to use the system store for SSL connections', + default: false, + behavior: :parameter, + }, }, ) diff --git a/lib/puppet/type/influxdb_setup.rb b/lib/puppet/type/influxdb_setup.rb index b054f66..ba81506 100644 --- a/lib/puppet/type/influxdb_setup.rb +++ b/lib/puppet/type/influxdb_setup.rb @@ -74,6 +74,12 @@ desc: 'Whether to enable SSL for the InfluxDB service', default: true, behavior: :parameter, - } + }, + use_system_store: { + type: 'Boolean', + desc: 'Whether to use the system store for SSL connections', + default: false, + behavior: :parameter, + }, }, ) diff --git a/lib/puppet/type/influxdb_user.rb b/lib/puppet/type/influxdb_user.rb index 4eac0a9..bc4d178 100644 --- a/lib/puppet/type/influxdb_user.rb +++ b/lib/puppet/type/influxdb_user.rb @@ -65,6 +65,12 @@ desc: 'Whether to enable SSL for the InfluxDB service', default: true, behavior: :parameter, - } + }, + use_system_store: { + type: 'Boolean', + desc: 'Whether to use the system store for SSL connections', + default: false, + behavior: :parameter, + }, }, ) diff --git a/lib/puppet_x/puppetlabs/influxdb/influxdb.rb b/lib/puppet_x/puppetlabs/influxdb/influxdb.rb index df1b96f..5013dba 100644 --- a/lib/puppet_x/puppetlabs/influxdb/influxdb.rb +++ b/lib/puppet_x/puppetlabs/influxdb/influxdb.rb @@ -8,12 +8,13 @@ module Puppetlabs # Mixin module to provide constants and instance methods for the providers module PuppetlabsInfluxdb class << self - attr_accessor :host, :port, :token_file, :use_ssl + attr_accessor :host, :port, :token_file, :use_ssl, :use_system_store, :cert_store, :ssl_context, :client_options end self.host = Facter.value(:networking)['fqdn'] self.port = 8086 self.use_ssl = true + self.use_system_store = false self.token_file = if Facter.value('identity')['user'] == 'root' '/root/.influxdb_token' else @@ -24,6 +25,7 @@ class << self def initialize @client ||= Puppet.runtime[:http] + @cert_store ||= OpenSSL::X509::Store.new @org_hash = [] @telegraf_hash = [] @label_hash = [] @@ -37,17 +39,24 @@ def initialize # Make class instance variables available as instance variables to whichever object calls this method # For subclasses which call super, the instance variables will be part of their scope def init_attrs(resources) - # TODO: Only one uri per resource type + # TODO: this can probably be refactored into a proper cache of resources resources.each do |resource| @host ||= resource[:host] ? resource[:host] : PuppetlabsInfluxdb.host @port ||= resource[:port] ? resource[:port] : PuppetlabsInfluxdb.port @use_ssl ||= (!resource[:use_ssl].nil?) ? resource[:use_ssl] : PuppetlabsInfluxdb.use_ssl + @use_system_store ||= resource[:use_system_store] ? resource[:use_system_store] : PuppetlabsInfluxdb.use_system_store @token ||= resource[:token] @token_file ||= resource[:token_file] ? resource[:token_file] : PuppetlabsInfluxdb.token_file end protocol = @use_ssl ? 'https' : 'http' @influxdb_uri = "#{protocol}://#{@host}:#{@port}" + + @client_options = if @use_system_store + { include_system_store: true } + else + {} + end end def init_auth @@ -75,7 +84,7 @@ def influx_get(name, results = []) # Return the current data if there is no 'next' object return results if name.nil? - response = @client.get(URI(@influxdb_uri + name), headers: @auth) + response = @client.get(URI(@influxdb_uri + name), headers: @auth, options: @client_options) if response.success? # Recursively append the results of calling the URL in the 'next' object to our array body = JSON.parse(response.body) @@ -99,14 +108,14 @@ def influx_get(name, results = []) # end def influx_post(name, body) - response = @client.post(URI(@influxdb_uri + name), body, headers: @auth.merge({ 'Content-Type' => 'application/json' })) + response = @client.post(URI(@influxdb_uri + name), body, headers: @auth.merge({ 'Content-Type' => 'application/json' }), options: @client_options) raise Puppet::DevError, "Received HTTP code '#{response.code}' for post #{name} with message '#{response.reason}' '#{body}" unless response.success? JSON.parse(response.body ? response.body : '{}') end def influx_put(name, body) - response = @client.put(URI(@influxdb_uri + name), body, headers: @auth.merge({ 'Content-Type' => 'application/json' })) + response = @client.put(URI(@influxdb_uri + name), body, headers: @auth.merge({ 'Content-Type' => 'application/json' }), options: @client_options) raise Puppet::DevError, "Received HTTP code #{response.code} for put #{name} with message #{response.reason}" unless response.success? JSON.parse(response.body ? response.body : '{}') @@ -114,13 +123,12 @@ def influx_put(name, body) # Our HTTP class doesn't have a patch method, so we create the connection and use Net::HTTP manually def influx_patch(name, body) - @client.connect(URI(@influxdb_uri)) do |conn| + @client.connect(URI(@influxdb_uri), options: @client_options) do |conn| request = Net::HTTP::Patch.new(@influxdb_uri + name) request['Content-Type'] = 'application/json' - request['Authorization'] = @auth[:Authorization] - request.body = body + response = conn.request(request) raise Puppet::DevError, "Received HTTP code #{response.code} for patch #{name} with message #{response.reason}" unless response.is_a?(Net::HTTPSuccess) @@ -129,7 +137,7 @@ def influx_patch(name, body) end def influx_delete(name) - response = @client.delete(URI(@influxdb_uri + name), headers: @auth) + response = @client.delete(URI(@influxdb_uri + name), headers: @auth, options: @client_options) raise Puppet::DevError, "Received HTTP code #{response.code} for delete #{name} with message #{response.reason}" unless response.success? JSON.parse(response.body ? response.body : '{}') diff --git a/manifests/init.pp b/manifests/init.pp index 76af80e..cadb1dc 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -21,6 +21,8 @@ # Whether to use http or https connections. Defaults to true (https). # @param manage_ssl # Whether to manage the SSL bundle for https connections. Defaults to true. +# @param use_system_store +# Whether to use the system store for SSL connections. Defaults to false. # @param ssl_cert_file # SSL certificate to be used by the influxdb service. Defaults to the agent certificate issued by the Puppet CA for the local machine. # @param ssl_key_file @@ -68,6 +70,7 @@ Boolean $use_ssl = true, Boolean $manage_ssl = true, + Boolean $use_system_store = false, String $ssl_cert_file = "/etc/puppetlabs/puppet/ssl/certs/${trusted['certname']}.pem", String $ssl_key_file ="/etc/puppetlabs/puppet/ssl/private_keys/${trusted['certname']}.pem", String $ssl_ca_file ='/etc/puppetlabs/puppet/ssl/certs/ca.pem', @@ -256,15 +259,16 @@ if $manage_setup { influxdb_setup { $host: - ensure => 'present', - port => $port, - use_ssl => $use_ssl, - token_file => $token_file, - bucket => $initial_bucket, - org => $initial_org, - username => $admin_user, - password => $admin_pass, - require => Service['influxdb'], + ensure => 'present', + port => $port, + use_ssl => $use_ssl, + use_system_store => $use_system_store, + token_file => $token_file, + bucket => $initial_bucket, + org => $initial_org, + username => $admin_user, + password => $admin_pass, + require => Service['influxdb'], } } } diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index 7f441e4..630c902 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -128,4 +128,20 @@ is_expected.not_to contain_archive('/tmp/influxdb.tar.gz') } end + + context 'when using the system store' do + let(:params) { { host: 'localhost', use_system_store: true } } + + it { + is_expected.to contain_influxdb_setup('localhost').with( + ensure: 'present', + token_file: '/root/.influxdb_token', + bucket: 'puppet_data', + org: 'puppetlabs', + username: 'admin', + password: RSpec::Puppet::Sensitive.new('puppetlabs'), + use_system_store: true, + ) + } + end end diff --git a/spec/unit/puppet/provider/influxdb_auth/influxdb_auth_spec.rb b/spec/unit/puppet/provider/influxdb_auth/influxdb_auth_spec.rb index ef245dd..456746e 100644 --- a/spec/unit/puppet/provider/influxdb_auth/influxdb_auth_spec.rb +++ b/spec/unit/puppet/provider/influxdb_auth/influxdb_auth_spec.rb @@ -52,28 +52,28 @@ 'links' => { 'self' => '/api/v2/authorizations' }, - 'authorizations' => [ - { - 'id' => '123', - 'user' => 'admin', - 'token' => '321', - 'status' => 'active', - 'description' => 'token_1', - 'orgID' => '123', - 'org' => 'puppetlabs', - 'permissions' => [ - { - 'action' => 'read', - 'resource' => { - 'type' => 'telegrafs' - } - }, - ], - 'links' => { - 'self' => '/api/v2/authorizations/123', - } - }, - ] + 'authorizations' => [ + { + 'id' => '123', + 'user' => 'admin', + 'token' => '321', + 'status' => 'active', + 'description' => 'token_1', + 'orgID' => '123', + 'org' => 'puppetlabs', + 'permissions' => [ + { + 'action' => 'read', + 'resource' => { + 'type' => 'telegrafs' + } + }, + ], + 'links' => { + 'self' => '/api/v2/authorizations/123', + } + }, + ] }] end @@ -113,6 +113,69 @@ allow(provider).to receive(:influx_get).with('/api/v2/authorizations').and_return(auth_response) expect(provider.get(context)).to eq should_hash end + + context 'when using the system store' do + it 'configures and uses the ssl context' do + resources = [ + { + ensure: 'present', + use_ssl: true, + use_system_store: true, + host: 'foo.bar.com', + port: 8086, + token: RSpec::Puppet::Sensitive.new('puppetlabs'), + token_file: '/root/.influxdb_token', + user: 'admin', + name: 'token_1', + status: 'active', + org: 'puppetlabs', + permissions: [ + { + 'action' => 'read', + 'resource' => { + 'type' => 'telegrafs' + } + }, + ] + }, + ] + + # canonicalize will set up the include_system_store and add it to the @client_options hash + provider.canonicalize(context, resources) + expect(provider.instance_variable_get('@client_options').key?(:include_system_store)).to eq true + end + end + + context 'when not using the system store' do + it 'does not configure and uses the ssl context' do + resources = [ + { + ensure: 'present', + use_ssl: true, + use_system_store: false, + host: 'foo.bar.com', + port: 8086, + token: RSpec::Puppet::Sensitive.new('puppetlabs'), + token_file: '/root/.influxdb_token', + user: 'admin', + name: 'token_1', + status: 'active', + org: 'puppetlabs', + permissions: [ + { + 'action' => 'read', + 'resource' => { + 'type' => 'telegrafs' + } + }, + ] + }, + ] + + provider.canonicalize(context, resources) + expect(provider.instance_variable_get('@client_options').key?(:include_system_store)).to eq false + end + end end describe '#create' do diff --git a/spec/unit/puppet/provider/influxdb_bucket/influxdb_bucket_spec.rb b/spec/unit/puppet/provider/influxdb_bucket/influxdb_bucket_spec.rb index 1a16916..acda782 100644 --- a/spec/unit/puppet/provider/influxdb_bucket/influxdb_bucket_spec.rb +++ b/spec/unit/puppet/provider/influxdb_bucket/influxdb_bucket_spec.rb @@ -166,6 +166,53 @@ expect(provider.get(context)).to eq should_hash end end + + context 'when using the system store' do + it 'configures and uses the ssl context' do + resources = [ + { name: 'puppet_data', + ensure: 'present', + use_ssl: true, + use_system_store: true, + host: 'foo.bar.com', + port: 8086, + token: RSpec::Puppet::Sensitive.new('puppetlabs'), + token_file: '/root/.influxdb_token', + org: 'puppetlabs', + retention_rules: [{ 'type' => 'expire', 'everySeconds' => 2_592_000, 'shardGroupDurationSeconds' => 604_800 }], + members: [], + labels: [], + create_dbrp: true }, + ] + + # canonicalize will set up the include_system_store and add it to the @client_options hash + provider.canonicalize(context, resources) + expect(provider.instance_variable_get('@client_options').key?(:include_system_store)).to eq true + end + end + + context 'when not using the system store' do + it 'does not configure and uses the ssl context' do + resources = [ + { name: 'puppet_data', + ensure: 'present', + use_ssl: true, + use_system_store: false, + host: 'foo.bar.com', + port: 8086, + token: RSpec::Puppet::Sensitive.new('puppetlabs'), + token_file: '/root/.influxdb_token', + org: 'puppetlabs', + retention_rules: [{ 'type' => 'expire', 'everySeconds' => 2_592_000, 'shardGroupDurationSeconds' => 604_800 }], + members: [], + labels: [], + create_dbrp: true }, + ] + + provider.canonicalize(context, resources) + expect(provider.instance_variable_get('@client_options').key?(:include_system_store)).to eq false + end + end end describe '#create' do @@ -221,7 +268,7 @@ 'links' => { 'self' => '/api/v2/buckets/12345/members' }, - 'users' => [] + 'users' => [] }] }] }, diff --git a/spec/unit/puppet/provider/influxdb_dbrp/influxdb_dbrp_spec.rb b/spec/unit/puppet/provider/influxdb_dbrp/influxdb_dbrp_spec.rb index 48e8cef..c8f22f5 100644 --- a/spec/unit/puppet/provider/influxdb_dbrp/influxdb_dbrp_spec.rb +++ b/spec/unit/puppet/provider/influxdb_dbrp/influxdb_dbrp_spec.rb @@ -123,6 +123,51 @@ expect(provider.get(context)).to eq should_hash end end + + context 'when using the system store' do + it 'configures and uses the ssl context' do + resources = [{ + bucket: 'puppet_data', + ensure: 'present', + use_ssl: true, + use_system_store: true, + host: 'foo.bar.com', + port: 8086, + token: RSpec::Puppet::Sensitive.new('puppetlabs'), + token_file: '/root/.influxdb_token', + is_default: true, + name: 'puppet_data', + org: 'puppetlabs', + rp: 'Forever', + }] + + # canonicalize will set up the include_system_store and add it to the @client_options hash + provider.canonicalize(context, resources) + expect(provider.instance_variable_get('@client_options').key?(:include_system_store)).to eq true + end + end + + context 'when not using the system store' do + it 'does not configure and uses the ssl context' do + resources = [{ + bucket: 'puppet_data', + ensure: 'present', + use_ssl: true, + use_system_store: false, + host: 'foo.bar.com', + port: 8086, + token: RSpec::Puppet::Sensitive.new('puppetlabs'), + token_file: '/root/.influxdb_token', + is_default: true, + name: 'puppet_data', + org: 'puppetlabs', + rp: 'Forever', + }] + + provider.canonicalize(context, resources) + expect(provider.instance_variable_get('@client_options').key?(:include_system_store)).to eq false + end + end end describe '#create' do diff --git a/spec/unit/puppet/provider/influxdb_label/influxdb_label_spec.rb b/spec/unit/puppet/provider/influxdb_label/influxdb_label_spec.rb index 19e95ed..e3d211c 100644 --- a/spec/unit/puppet/provider/influxdb_label/influxdb_label_spec.rb +++ b/spec/unit/puppet/provider/influxdb_label/influxdb_label_spec.rb @@ -108,6 +108,52 @@ expect(provider.get(context)).to eq should_hash end + + context 'when using the system store' do + it 'configures and uses the ssl context' do + resources = [ + { + name: 'puppetlabs/influxdb', + ensure: 'present', + use_ssl: true, + use_system_store: true, + host: 'foo.bar.com', + port: 8086, + token: RSpec::Puppet::Sensitive.new('puppetlabs'), + token_file: '/root/.influxdb_token', + org: 'puppetlabs', + properties: nil, + }, + ] + + # canonicalize will set up the include_system_store and add it to the @client_options hash + provider.canonicalize(context, resources) + expect(provider.instance_variable_get('@client_options').key?(:include_system_store)).to eq true + end + end + + context 'when not using the system store' do + it 'does not configure and uses the ssl context' do + resources = [ + { + name: 'puppetlabs/influxdb', + ensure: 'present', + use_ssl: true, + use_system_store: false, + ca_bundle: '/not/a/file', + host: 'foo.bar.com', + port: 8086, + token: RSpec::Puppet::Sensitive.new('puppetlabs'), + token_file: '/root/.influxdb_token', + org: 'puppetlabs', + properties: nil, + }, + ] + + provider.canonicalize(context, resources) + expect(provider.instance_variable_get('@client_options').key?(:include_system_store)).to eq false + end + end end describe '#create' do diff --git a/spec/unit/puppet/provider/influxdb_org/influxdb_org_spec.rb b/spec/unit/puppet/provider/influxdb_org/influxdb_org_spec.rb index 3347b53..f4375cb 100644 --- a/spec/unit/puppet/provider/influxdb_org/influxdb_org_spec.rb +++ b/spec/unit/puppet/provider/influxdb_org/influxdb_org_spec.rb @@ -90,6 +90,52 @@ expect(provider.get(context)).to eq should_hash end + + context 'when using the system store' do + it 'configures and uses the ssl context' do + resources = [ + { + name: 'puppetlabs', + ensure: 'present', + use_ssl: true, + use_system_store: true, + host: 'foo.bar.com', + port: 8086, + token: RSpec::Puppet::Sensitive.new('puppetlabs'), + token_file: '/root/.influxdb_token', + description: nil, + members: [], + }, + ] + + # canonicalize will set up the include_system_store and add it to the @client_options hash + provider.canonicalize(context, resources) + expect(provider.instance_variable_get('@client_options').key?(:include_system_store)).to eq true + end + end + + context 'when not using the system store' do + it 'does not configure and uses the ssl context' do + resources = [ + { + name: 'puppetlabs', + ensure: 'present', + use_ssl: true, + use_system_store: false, + ca_bundle: '/not/a/file', + host: 'foo.bar.com', + port: 8086, + token: RSpec::Puppet::Sensitive.new('puppetlabs'), + token_file: '/root/.influxdb_token', + description: nil, + members: [], + }, + ] + + provider.canonicalize(context, resources) + expect(provider.instance_variable_get('@client_options').key?(:include_system_store)).to eq false + end + end end describe '#create' do @@ -198,21 +244,21 @@ provider.update(context, should_hash[:name], should_hash) end end + end - describe '#delete' do - it 'deletes resources' do - provider.instance_variable_set('@org_hash', [{ 'name' => 'puppetlabs', 'id' => 123 }]) + describe '#delete' do + it 'deletes resources' do + provider.instance_variable_set('@org_hash', [{ 'name' => 'puppetlabs', 'id' => 123 }]) - should_hash = { - ensure: 'absent', - name: 'puppetlabs', - } + should_hash = { + ensure: 'absent', + name: 'puppetlabs', + } - expect(context).to receive(:debug).with("Deleting '#{should_hash[:name]}'") - expect(provider).to receive(:influx_delete).with('/api/v2/orgs/123') + expect(context).to receive(:debug).with("Deleting '#{should_hash[:name]}'") + expect(provider).to receive(:influx_delete).with('/api/v2/orgs/123') - provider.delete(context, should_hash[:name]) - end + provider.delete(context, should_hash[:name]) end end end diff --git a/spec/unit/puppet/provider/influxdb_setup/influxdb_setup_spec.rb b/spec/unit/puppet/provider/influxdb_setup/influxdb_setup_spec.rb index 8fb7c3f..1d65922 100644 --- a/spec/unit/puppet/provider/influxdb_setup/influxdb_setup_spec.rb +++ b/spec/unit/puppet/provider/influxdb_setup/influxdb_setup_spec.rb @@ -34,12 +34,55 @@ allow(provider).to receive(:influx_get).with('/api/v2/setup').and_return([{ 'allowed' => true }]) expect(provider.get(context)[0][:ensure]).to eq 'absent' end + end + + context 'when setup' do + it 'processes resources' do + allow(provider).to receive(:influx_get).with('/api/v2/setup').and_return([{ 'allowed' => false }]) + expect(provider.get(context)[0][:ensure]).to eq 'present' + end + end + + context 'when using the system store' do + it 'configures and uses the ssl context' do + resources = [{ + use_ssl: true, + use_system_store: true, + host: 'foo.bar.com', + port: 8086, + token: RSpec::Puppet::Sensitive.new('puppetlabs'), + bucket: 'puppet', + org: 'puppetlabs', + username: 'admin', + password: RSpec::Puppet::Sensitive.new('puppetlabs'), + token_file: '/tmp/foo', + ensure: 'present' + }] + + # canonicalize will set up the include_system_store and add it to the @client_options hash + provider.canonicalize(context, resources) + expect(provider.instance_variable_get('@client_options').key?(:include_system_store)).to eq true + end + end + + context 'when not using the system store' do + it 'does not configure and uses the ssl context' do + resources = [{ + use_ssl: true, + use_system_store: false, + host: 'foo.bar.com', + port: 8086, + token: RSpec::Puppet::Sensitive.new('puppetlabs'), + bucket: 'puppet', + org: 'puppetlabs', + username: 'admin', + password: RSpec::Puppet::Sensitive.new('puppetlabs'), + token_file: '/tmp/foo', + ensure: 'present' + }] - context 'when setup' do - it 'processes resources' do - allow(provider).to receive(:influx_get).with('/api/v2/setup').and_return([{ 'allowed' => false }]) - expect(provider.get(context)[0][:ensure]).to eq 'present' - end + provider.canonicalize(context, resources) + expect(provider.instance_variable_get('@client_options').key?(:include_system_store)).to eq false end end end diff --git a/spec/unit/puppet/provider/influxdb_user/influxdb_user_spec.rb b/spec/unit/puppet/provider/influxdb_user/influxdb_user_spec.rb index e5c05c4..6face2d 100644 --- a/spec/unit/puppet/provider/influxdb_user/influxdb_user_spec.rb +++ b/spec/unit/puppet/provider/influxdb_user/influxdb_user_spec.rb @@ -71,6 +71,49 @@ expect(provider.get(context)).to eq should_hash end + + context 'when using the system store' do + it 'configures and uses the ssl context' do + resources = [ + { + use_ssl: true, + use_system_store: true, + host: 'foo.bar.com', + port: 8086, + token: RSpec::Puppet::Sensitive.new('puppetlabs'), + token_file: '/root/.influxdb_token', + name: 'Bob', + ensure: 'present', + status: 'active', + }, + ] + + # canonicalize will set up the include_system_store and add it to the @client_options hash + provider.canonicalize(context, resources) + expect(provider.instance_variable_get('@client_options').key?(:include_system_store)).to eq true + end + end + + context 'when not using the system store' do + it 'does not configure and uses the ssl context' do + resources = [ + { + use_ssl: true, + use_system_store: false, + host: 'foo.bar.com', + port: 8086, + token: RSpec::Puppet::Sensitive.new('puppetlabs'), + token_file: '/root/.influxdb_token', + name: 'Bob', + ensure: 'present', + status: 'active', + }, + ] + + provider.canonicalize(context, resources) + expect(provider.instance_variable_get('@client_options').key?(:include_system_store)).to eq false + end + end end describe '#create' do