Merge pull request #48 from zilchms/fixtures

Clean up fixtures and codebase hardening

.fixtures.yml

@@ -1,10 +1,4 @@
 fixtures:
   repositories:
-    'stdlib':
-      repo: 'https://github.com/puppetlabs/puppetlabs-stdlib.git'
-      ref: '4.6.0'
-    'firewall':
-      repo: 'https://github.com/puppetlabs/puppetlabs-firewall.git'
-      ref: '1.7.1'
-  symlinks:
-    'monit': "#{source_dir}"
+    'stdlib': 'https://github.com/puppetlabs/puppetlabs-stdlib.git'
+    'firewall': 'https://github.com/puppetlabs/puppetlabs-firewall.git'

REFERENCE.md

@@ -87,31 +87,31 @@ Default value: `$monit::params::check_interval`
 
 ##### <a name="-monit--config_file"></a>`config_file`
 
-Data type: `String`
+Data type: `Stdlib::Absolutepath`
 
 Specifies a path to the main config file. Default value: varies with operating system
 
 Default value: `$monit::params::config_file`
 
 ##### <a name="-monit--config_dir"></a>`config_dir`
 
-Data type: `String`
+Data type: `Stdlib::Absolutepath`
 
 Specifies a path to the config directory. Default value: varies with operating system
 
 Default value: `$monit::params::config_dir`
 
 ##### <a name="-monit--config_dir_purge"></a>`config_dir_purge`
 
-Data type: `Variant[Boolean, Enum['true', 'false']]`
+Data type: `Boolean`
 
 Specifies if unmanaged files in the config directory should be purged. Default value: 'false'
 
 Default value: `$monit::params::config_dir_purge`
 
 ##### <a name="-monit--httpd"></a>`httpd`
 
-Data type: `Variant[Boolean, Enum['true', 'false']]`
+Data type: `Boolean`
 
 Specifies whether to enable the Monit Dashboard. Default value: 'false'
 
@@ -186,7 +186,7 @@ Default value: `$monit::params::mailformat`
 
 ##### <a name="-monit--manage_firewall"></a>`manage_firewall`
 
-Data type: `Variant[Boolean, Enum['true', 'false']]`
+Data type: `Boolean`
 
 If true and if puppetlabs-firewall module is present, Puppet manages firewall to allow HTTP access for Monit Dashboard.
 Default value: 'false'
@@ -205,7 +205,7 @@ Default value: `$monit::params::mmonit_address`
 
 ##### <a name="-monit--mmonit_https"></a>`mmonit_https`
 
-Data type: `Variant[Boolean, Enum['true', 'false']]`
+Data type: `Boolean`
 
 *Requires at least Monit 5.0*<br />
 Specifies wheither the protocol of the M/Monit server is HTTPs. Default value: 'true'
@@ -243,7 +243,7 @@ Default value: `$monit::params::mmonit_password`
 
 ##### <a name="-monit--mmonit_without_credential"></a>`mmonit_without_credential`
 
-Data type: `Variant[Boolean, Enum['true', 'false']]`
+Data type: `Boolean`
 
 *Requires at least Monit 5.0*<br />
 By default Monit registers credentials with M/Monit so M/Monit can smoothly communicate back to Monit and you don't have to register
@@ -280,7 +280,7 @@ Default value: `$monit::params::service_ensure`
 
 ##### <a name="-monit--service_manage"></a>`service_manage`
 
-Data type: `Variant[Boolean, Enum['true', 'false']]`
+Data type: `Boolean`
 
 Tells Puppet whether to manage the Monit service. Default value: 'true'
 
@@ -305,7 +305,7 @@ Default value: `$monit::params::start_delay`
 
 ##### <a name="-monit--service_enable"></a>`service_enable`
 
-Data type: `Variant[Boolean, Enum['true', 'false']]`
+Data type: `Boolean`
 
 
 

manifests/config.pp

@@ -21,8 +21,8 @@
     owner   => 'root',
     group   => 'root',
     mode    => '0755',
-    purge   => $monit::config_dir_purge_bool,
-    recurse => $monit::config_dir_purge_bool,
+    purge   => $monit::config_dir_purge,
+    recurse => $monit::config_dir_purge,
     require => Package['monit'],
   }
 

manifests/firewall.pp

@@ -8,12 +8,12 @@
     fail("Use of private class ${name} by ${caller_module_name}")
   }
 
-  if $monit::httpd_bool and $monit::manage_firewall_bool {
+  if $monit::httpd and $monit::manage_firewall {
     if defined('::firewall') {
       firewall { "${monit::httpd_port} allow Monit inbound traffic":
-        action => 'accept',
-        dport  => $monit::httpd_port,
-        proto  => 'tcp',
+        jump  => 'accept',
+        dport => $monit::httpd_port,
+        proto => 'tcp',
       }
     }
   }

manifests/init.pp

@@ -105,10 +105,10 @@
 class monit (
   Array[String]                           $alert_emails              = $monit::params::alert_emails,
   Integer[1]                              $check_interval            = $monit::params::check_interval,
-  String                                  $config_file               = $monit::params::config_file,
-  String                                  $config_dir                = $monit::params::config_dir,
-  Variant[Boolean, Enum['true', 'false']] $config_dir_purge          = $monit::params::config_dir_purge,
-  Variant[Boolean, Enum['true', 'false']] $httpd                     = $monit::params::httpd,
+  Stdlib::Absolutepath                    $config_file               = $monit::params::config_file,
+  Stdlib::Absolutepath                    $config_dir                = $monit::params::config_dir,
+  Boolean                                 $config_dir_purge          = $monit::params::config_dir_purge,
+  Boolean                                 $httpd                     = $monit::params::httpd,
   Integer[1, 65535]                       $httpd_port                = $monit::params::httpd_port,
   String                                  $httpd_address             = $monit::params::httpd_address,
   String                                  $httpd_allow               = $monit::params::httpd_allow,
@@ -117,73 +117,24 @@
   Optional[String]                        $logfile                   = $monit::params::logfile,
   Optional[String]                        $mailserver                = $monit::params::mailserver,
   Optional[Hash]                          $mailformat                = $monit::params::mailformat,
-  Variant[Boolean, Enum['true', 'false']] $manage_firewall           = $monit::params::manage_firewall,
+  Boolean                                 $manage_firewall           = $monit::params::manage_firewall,
   Optional[String]                        $mmonit_address            = $monit::params::mmonit_address,
-  Variant[Boolean, Enum['true', 'false']] $mmonit_https              = $monit::params::mmonit_https,
+  Boolean                                 $mmonit_https              = $monit::params::mmonit_https,
   Integer[1, 65535]                       $mmonit_port               = $monit::params::mmonit_port,
   String                                  $mmonit_user               = $monit::params::mmonit_user,
   String                                  $mmonit_password           = $monit::params::mmonit_password,
-  Variant[Boolean, Enum['true', 'false']] $mmonit_without_credential = $monit::params::mmonit_without_credential,
+  Boolean                                 $mmonit_without_credential = $monit::params::mmonit_without_credential,
   String                                  $package_ensure            = $monit::params::package_ensure,
   String                                  $package_name              = $monit::params::package_name,
-  Variant[Boolean, Enum['true', 'false']] $service_enable            = $monit::params::service_enable,
+  Boolean                                 $service_enable            = $monit::params::service_enable,
   Enum['running', 'stopped']              $service_ensure            = $monit::params::service_ensure,
-  Variant[Boolean, Enum['true', 'false']] $service_manage            = $monit::params::service_manage,
+  Boolean                                 $service_manage            = $monit::params::service_manage,
   String                                  $service_name              = $monit::params::service_name,
   Optional[Integer[1]]                    $start_delay               = $monit::params::start_delay,
 ) inherits monit::params {
-  # <stringified variable handling>
-  if is_string($httpd) == true {
-    $httpd_bool = str2bool($httpd)
-  } else {
-    $httpd_bool = $httpd
-  }
-
-  if is_string($manage_firewall) == true {
-    $manage_firewall_bool = str2bool($manage_firewall)
-  } else {
-    $manage_firewall_bool = $manage_firewall
-  }
-
-  if is_string($service_enable) == true {
-    $service_enable_bool = str2bool($service_enable)
-  } else {
-    $service_enable_bool = $service_enable
-  }
-
-  if is_string($service_manage) == true {
-    $service_manage_bool = str2bool($service_manage)
-  } else {
-    $service_manage_bool = $service_manage
-  }
-
-  if is_string($mmonit_https) == true {
-    $mmonit_https_bool = str2bool($mmonit_https)
-  } else {
-    $mmonit_https_bool = $mmonit_https
-  }
-
-  if is_string($mmonit_without_credential) == true {
-    $mmonit_without_credential_bool = str2bool($mmonit_without_credential)
-  } else {
-    $mmonit_without_credential_bool = $mmonit_without_credential
-  }
-
-  if is_string($config_dir_purge) == true {
-    $config_dir_purge_bool = str2bool($config_dir_purge)
-  } else {
-    $config_dir_purge_bool = $config_dir_purge
-  }
-  # </stringified variable handling>
-
-  # <variable validations>
-  validate_absolute_path($config_file)
-  validate_absolute_path($config_dir)
-
   if $logfile and !($logfile =~ /^syslog(\s+facility\s+log_(local[0-7]|daemon))?/) {
-    validate_absolute_path($logfile)
+    assert_type(Stdlib::Absolutepath, $logfile)
   }
-  # </variable validations>
 
   # Use the monit_version fact if available, else use the default for the
   # platform.

manifests/service.pp

@@ -8,7 +8,7 @@
     fail("Use of private class ${name} by ${caller_module_name}")
   }
 
-  if $monit::service_manage_bool {
+  if $monit::service_manage {
     if $facts['osfamily'] == 'Debian' {
       file { '/etc/default/monit':
         content => $monit::default_file_content,

spec/classes/init_spec.rb

@@ -159,9 +159,9 @@
             end
 
             it do
-              is_expected.to contain_firewall('2812 allow Monit inbound traffic').with('action' => 'accept',
-                                                                                       'dport'  => '2812',
-                                                                                       'proto'  => 'tcp')
+              is_expected.to contain_firewall('2812 allow Monit inbound traffic').with('jump' => 'accept',
+                                                                                       'dport' => '2812',
+                                                                                       'proto' => 'tcp')
             end
           end
 
@@ -316,153 +316,4 @@
       end
     end
   end
-
-  describe 'failures' do
-    let(:facts) do
-      {
-        osfamily:        'Debian',
-        lsbdistcodename: 'squeeze',
-        monit_version:   '5',
-      }
-    end
-
-    [-1, 65_536].each do |value|
-      context "when httpd_port is set to invalid value <#{value}>" do
-        let(:params) do
-          {
-            httpd:          true,
-            httpd_port:     value,
-            httpd_address:  'otherhost',
-            httpd_user:     'tester',
-            httpd_password: 'Passw0rd',
-          }
-        end
-
-        it 'fails' do
-          is_expected.to compile.and_raise_error(%r{expects an Integer\[1, 65535\] value})
-        end
-      end
-    end
-
-    context 'when check_interval is set to invalid value <0>' do
-      let(:params) { { check_interval: 0 } }
-
-      it 'fails' do
-        is_expected.to compile.and_raise_error(%r{expects an Integer\[1})
-      end
-    end
-
-    context 'when start_delay is set to invalid value <0>' do
-      let(:params) { { start_delay: 0 } }
-
-      it 'fails' do
-        is_expected.to compile.and_raise_error(%r{expects a value of type Undef or Integer\[1})
-      end
-    end
-  end
-
-  describe 'variable type and content validations' do
-    # set needed custom facts and variables
-    let(:facts) do
-      {
-        osfamily:                  'Debian',
-        operatingsystemrelease:    '6.0',
-        operatingsystemmajrelease: '6',
-        lsbdistcodename:           'squeeze',
-        monit_version:             '5',
-      }
-    end
-    let(:validation_params) do
-      {
-        # :param => 'value',
-      }
-    end
-
-    validations = {
-      'absolute_path' => {
-        name: %w[config_file config_dir],
-        valid: ['/absolute/filepath', '/absolute/directory/'],
-        invalid: ['invalid', 3, 2.42, ['array'], { 'ha' => 'sh' }],
-        message: '(expects a String value|is not an absolute path)',
-      },
-      'array' => {
-        name: ['alert_emails'],
-        valid: [%w[valid array]],
-        invalid: ['string', { 'ha' => 'sh' }, 3, 2.42, true],
-        message: 'expects an Array value',
-      },
-      'bool_stringified' => {
-        name: %w[httpd manage_firewall service_enable service_manage mmonit_https mmonit_without_credential config_dir_purge],
-        valid: [true, 'true', false, 'false'],
-        invalid: ['invalid', 3, 2.42, ['array'], { 'ha' => 'sh' }, nil],
-        message: 'expects a value of type Boolean or Enum',
-      },
-      'integer' => {
-        name: %w[check_interval httpd_port mmonit_port],
-        valid: [242],
-        invalid: [2.42, 'invalid', ['array'], { 'ha' => 'sh ' }, true, false, nil],
-        message: 'expects an Integer',
-      },
-      'optional_integer' => {
-        name: ['start_delay'],
-        valid: [242],
-        invalid: [2.42, 'invalid', ['array'], { 'ha' => 'sh ' }, true, false, nil],
-        message: 'expects a value of type Undef or Integer',
-      },
-      'optional_logfile' => {
-        name: ['logfile'],
-        valid: ['/absolute/filepath', '/absolute/directory/', 'syslog', 'syslog facility log_local0'],
-        invalid: ['invalid', 3, 2.42, ['array'], { 'ha' => 'sh' }],
-        message: '(expects a value of type Undef or String|is not an absolute path)',
-      },
-      'optional_hash' => {
-        name: ['mailformat'],
-        valid: [{ 'ha' => 'sh' }],
-        invalid: ['string', 3, 2.42, ['array'], true, false, nil],
-        message: 'expects a value of type Undef or Hash',
-      },
-      'optional_string' => {
-        name: %w[mailserver mmonit_address],
-        valid: ['present'],
-        invalid: [['array'], { 'ha' => 'sh' }],
-        message: 'expects a value of type Undef or String',
-      },
-      'string' => {
-        name: %w[httpd_address httpd_allow httpd_user httpd_password
-                 package_ensure package_name service_name mmonit_user
-                 mmonit_password],
-        valid: ['present'],
-        invalid: [['array'], { 'ha' => 'sh' }],
-        message: 'expects a String value',
-      },
-      'service_ensure_string' => {
-        name: ['service_ensure'],
-        valid: ['running'],
-        invalid: [['array'], { 'ha' => 'sh' }],
-        message: 'expects a match for Enum\[\'running\', \'stopped\'\]',
-      },
-    }
-
-    validations.sort.each do |type, var|
-      var[:name].each do |var_name|
-        var[:valid].each do |valid|
-          context "with #{var_name} (#{type}) set to valid #{valid} (as #{valid.class})" do
-            let(:params) { validation_params.merge("#{var_name}": valid) }
-
-            it { is_expected.to compile }
-          end
-        end
-
-        var[:invalid].each do |invalid|
-          context "with #{var_name} (#{type}) set to invalid #{invalid} (as #{invalid.class})" do
-            let(:params) { validation_params.merge("#{var_name}": invalid) }
-
-            it 'fails' do
-              is_expected.to compile.and_raise_error(%r{#{var[:message]}})
-            end
-          end
-        end
-      end # var[:name].each
-    end # validations.sort.each
-  end # describe 'variable type and content validations'
 end