From: Josh Farwell Date: Tue, 23 Jun 2015 19:49:40 +0000 (-0700) Subject: Added CAS support X-Git-Url: https://gerrit.linuxfoundation.org/infra/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F16%2F216%2F3;p=puppet%2Fmodules%2Fmailman3.git Added CAS support Added a new boolean, use_cas, for mailman3::web. Created a second set of installation files with needed changes for enabling CAS, which are installed instead of the stock files when the boolean is turned on. Change-Id: I38f09ffeb289efba5edc3fd041bd063ed1a5616c Signed-off-by: Josh Farwell --- diff --git a/files/djangoproject_cas/lf_mailman/__init__.py b/files/djangoproject_cas/lf_mailman/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/files/djangoproject_cas/lf_mailman/admin.py b/files/djangoproject_cas/lf_mailman/admin.py new file mode 100644 index 0000000..8c38f3f --- /dev/null +++ b/files/djangoproject_cas/lf_mailman/admin.py @@ -0,0 +1,3 @@ +from django.contrib import admin + +# Register your models here. diff --git a/files/djangoproject_cas/lf_mailman/migrations/__init__.py b/files/djangoproject_cas/lf_mailman/migrations/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/files/djangoproject_cas/lf_mailman/models.py b/files/djangoproject_cas/lf_mailman/models.py new file mode 100644 index 0000000..71a8362 --- /dev/null +++ b/files/djangoproject_cas/lf_mailman/models.py @@ -0,0 +1,3 @@ +from django.db import models + +# Create your models here. diff --git a/files/djangoproject_cas/lf_mailman/tests.py b/files/djangoproject_cas/lf_mailman/tests.py new file mode 100644 index 0000000..7ce503c --- /dev/null +++ b/files/djangoproject_cas/lf_mailman/tests.py @@ -0,0 +1,3 @@ +from django.test import TestCase + +# Create your tests here. diff --git a/files/djangoproject_cas/lf_mailman/views.py b/files/djangoproject_cas/lf_mailman/views.py new file mode 100644 index 0000000..1b75169 --- /dev/null +++ b/files/djangoproject_cas/lf_mailman/views.py @@ -0,0 +1,36 @@ +from django.shortcuts import render +from django.contrib.auth import get_user_model +from django.conf import settings + +from xml.etree import ElementTree + +def callbackfunction(tree): + """ + Retrieve the user data from the CAS auth tree + """ + ElementTree.register_namespace('cas', 'http://www.yale.edu/tp/cas') + ns = { 'cas': 'http://www.yale.edu/tp/cas' } + + username = tree[0].find('cas:user', ns).text + + attribs = tree[0].find('cas:attributes', ns) + + email = attribs.find('cas:mail', ns).text + first_name = attribs.find('cas:profile_name_first', ns).text + last_name = attribs.find('cas:profile_name_last', ns).text + #timezone = attribs.find('cas:timezone', ns).text + groups = [group.text for group in attribs.findall('cas:drupal_roles', ns)] + + User = get_user_model() + user, _ = User.objects.get_or_create(username=username, password='') + + if settings.CAS_SUPERUSER_GROUP in groups: + user.is_superuser = True + else: + user.is_superuser = False + + user.email = email + user.first_name = first_name + user.last_name = last_name + #user.hyperkitty_profile.timezone = timezone + user.save() diff --git a/files/djangoproject_cas/mailman_web/__init__.py b/files/djangoproject_cas/mailman_web/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/files/djangoproject_cas/mailman_web/settings.py b/files/djangoproject_cas/mailman_web/settings.py new file mode 100644 index 0000000..7e48ada --- /dev/null +++ b/files/djangoproject_cas/mailman_web/settings.py @@ -0,0 +1,396 @@ +#-*- coding: utf-8 -*- +""" +Django settings for HyperKitty + Postorius +""" + +import os +BASE_DIR = os.path.dirname(os.path.abspath(__file__)) +VAR_DIR = "/var/spool" + +# SECURITY WARNING: keep the secret key used in production secret! +SECRET_KEY = 'change-that-at-install-time' + +# SECURITY WARNING: don't run with debug turned on in production! +DEBUG = False + +TEMPLATE_DEBUG = DEBUG + +ADMINS = ( + ('Mailman Admin', 'root@localhost'), +) + +# CAS Settings +CAS_SERVER_URL = "" +CAS_LOGOUT_COMPLETELY = True +CAS_PROVIDE_URL_TO_LOGOUT = True +CAS_FORCE_SSL_SERVICE_URL = False +CAS_GATEWAY = False +# Users are created in the response callback because they don't exists +# beforhand and don't need to be re-created afterwards. +CAS_AUTO_CREATE_USER = False +#CAS_CUSTOM_FORBIDDEN = path.to.some_view + +CAS_RESPONSE_CALLBACKS = ( + 'lf_mailman.views.callbackfunction', + ) + +#CAS_SUPERUSER_GROUP = ( ) + +# Hosts/domain names that are valid for this site; required if DEBUG is False +# See https://docs.djangoproject.com/en/1.5/ref/settings/#allowed-hosts +ALLOWED_HOSTS = ["localhost"] +# And for BrowserID too, see +# http://django-browserid.rtfd.org/page/user/settings.html#django.conf.settings.BROWSERID_AUDIENCES +BROWSERID_AUDIENCES = [ "http://localhost", "http://localhost:8000" ] + +# Mailman API credentials +MAILMAN_REST_SERVER = MAILMAN_API_URL = 'http://localhost:8001' +MAILMAN_API_USER = MAILMAN_USER = 'restadmin' +MAILMAN_API_PASS = MAILMAN_PASS = 'restpass' +MAILMAN_ARCHIVER_KEY = 'SecretArchiverAPIKey' +MAILMAN_ARCHIVER_FROM = ('127.0.0.1', '::1', '::ffff:127.0.0.1') + +# Application definition + +INSTALLED_APPS = ( + 'django.contrib.auth', + 'django.contrib.contenttypes', + 'django.contrib.sessions', + #'django.contrib.sites', + 'django.contrib.messages', + 'django.contrib.staticfiles', + # Uncomment the next line to enable the admin: + 'django.contrib.admin', + # Uncomment the next line to enable admin documentation: + # 'django.contrib.admindocs', + 'cas', + 'lf_mailman', + 'hyperkitty', + 'social.apps.django_app.default', + 'rest_framework', + 'django_gravatar', + 'crispy_forms', + 'paintstore', + 'compressor', + 'django_browserid', + 'haystack', + 'django_extensions', + 'postorius', +) + + +MIDDLEWARE_CLASSES = ( + 'django.middleware.common.CommonMiddleware', + 'django.contrib.sessions.middleware.SessionMiddleware', + 'django.middleware.csrf.CsrfViewMiddleware', + 'django.contrib.auth.middleware.AuthenticationMiddleware', + 'django.contrib.messages.middleware.MessageMiddleware', + # Uncomment the next line for simple clickjacking protection: + # 'django.middleware.clickjacking.XFrameOptionsMiddleware', + # Uncomment the next line, and set PROXY_DOMAIN to proxy requests + # through CAS + #'cas.middleware.ProxyMiddleware', + 'cas.middleware.CASMiddleware', + 'hyperkitty.middleware.SSLRedirect', + 'hyperkitty.middleware.TimezoneMiddleware', +) + +ROOT_URLCONF = 'mailman_web.urls' + +# CSS theme for postorius +MAILMAN_THEME = "default" + + +# Database +# https://docs.djangoproject.com/en/1.6/ref/settings/#databases + +DATABASES = { + 'default': { + 'ENGINE': 'django.db.backends.postgresql_psycopg2', # Last part is one of 'postgresql_psycopg2', 'mysql', 'sqlite3' or 'oracle'. + 'NAME': 'mailmanweb', # Example, change as needed + 'USER': 'mailmanweb', # Example, change as needed + 'PASSWORD': 'change-this-password', # Example, obviously + 'HOST': '127.0.0.1', # Empty for localhost through domain sockets or '127.0.0.1' for localhost through TCP. + 'PORT': '', # Set to empty string for default. + } +} + + +# If you're behind a proxy, use the X-Forwarded-Host header +# See https://docs.djangoproject.com/en/1.5/ref/settings/#use-x-forwarded-host +#USE_X_FORWARDED_HOST = True +# And if your proxy does your SSL encoding for you, set SECURE_PROXY_SSL_HEADER +# see https://docs.djangoproject.com/en/1.5/ref/settings/#secure-proxy-ssl-header +#SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') + +# Internationalization +# https://docs.djangoproject.com/en/1.6/topics/i18n/ + +LANGUAGE_CODE = 'en-us' + +TIME_ZONE = 'America/Chicago' + +USE_I18N = True + +USE_L10N = True + +USE_TZ = True + + +# Static files (CSS, JavaScript, Images) +# https://docs.djangoproject.com/en/1.6/howto/static-files/ + +# Absolute filesystem path to the directory that will hold user-uploaded files. +# Example: "/var/www/example.com/media/" +MEDIA_ROOT = '' + +# URL that handles the media served from MEDIA_ROOT. Make sure to use a +# trailing slash. +# Examples: "http://example.com/media/", "http://media.example.com/" +MEDIA_URL = '' + +# Absolute path to the directory static files should be collected to. +# Don't put anything in this directory yourself; store your static files +# in apps' "static/" subdirectories and in STATICFILES_DIRS. +# Example: "/var/www/example.com/static/" +#STATIC_ROOT = '' +STATIC_ROOT = os.path.join(VAR_DIR, "mailman-web", "static") + +# URL prefix for static files. +# Example: "http://example.com/static/", "http://static.example.com/" +STATIC_URL = '/static/' + +# Additional locations of static files +STATICFILES_DIRS = ( + # Put strings here, like "/home/html/static" or "C:/www/django/static". + # Always use forward slashes, even on Windows. + # Don't forget to use absolute paths, not relative paths. +) + +# List of finder classes that know how to find static files in +# various locations. +STATICFILES_FINDERS = ( + 'django.contrib.staticfiles.finders.FileSystemFinder', + 'django.contrib.staticfiles.finders.AppDirectoriesFinder', +# 'django.contrib.staticfiles.finders.DefaultStorageFinder', + 'compressor.finders.CompressorFinder', +) + + +TEMPLATE_CONTEXT_PROCESSORS = ( + "django.contrib.auth.context_processors.auth", + "django.contrib.messages.context_processors.messages", + "django.core.context_processors.debug", + "django.core.context_processors.i18n", + "django.core.context_processors.media", + "django.core.context_processors.static", + "django.core.context_processors.csrf", + "django.core.context_processors.request", + "django.core.context_processors.tz", + "django.contrib.messages.context_processors.messages", + "social.apps.django_app.context_processors.backends", + "social.apps.django_app.context_processors.login_redirect", + "hyperkitty.context_processors.export_settings", + "hyperkitty.context_processors.postorius_info", + "postorius.context_processors.postorius", +) + +TEMPLATE_DIRS = ( + # Put strings here, like "/home/html/django_templates" or "C:/www/django/templates". + # Always use forward slashes, even on Windows. + # Don't forget to use absolute paths, not relative paths. +) + +# Django 1.6+ defaults to a JSON serializer, but it won't work with django-openid, see +# https://bugs.launchpad.net/django-openid-auth/+bug/1252826 +SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer' + + +LOGIN_URL = '/archives/accounts/login/' +LOGIN_REDIRECT_URL = '/archives/' +LOGIN_ERROR_URL = '/archives/accounts/login/' + +BROWSERID_USERNAME_ALGO = lambda email: email # Use the email as identifier +BROWSERID_VERIFY_CLASS = "django_browserid.views.Verify" + + + +# +# Social auth +# + +AUTHENTICATION_BACKENDS = ( + #'social.backends.open_id.OpenIdAuth', + # http://python-social-auth.readthedocs.org/en/latest/backends/google.html + 'social.backends.google.GoogleOpenId', + 'cas.backends.CASBackend', + #'social.backends.google.GoogleOAuth2', + #'social.backends.twitter.TwitterOAuth', + 'social.backends.yahoo.YahooOpenId', + 'django_browserid.auth.BrowserIDBackend', + 'django.contrib.auth.backends.ModelBackend', +) + +SOCIAL_AUTH_USERNAME_IS_FULL_EMAIL = True + +# http://python-social-auth.readthedocs.org/en/latest/pipeline.html#authentication-pipeline +SOCIAL_AUTH_PIPELINE = ( + 'social.pipeline.social_auth.social_details', + 'social.pipeline.social_auth.social_uid', + 'social.pipeline.social_auth.auth_allowed', + 'social.pipeline.social_auth.social_user', + 'social.pipeline.user.get_username', + # Associates the current social details with another user account with + # a similar email address. Disabled by default, enable with care: + # http://python-social-auth.readthedocs.org/en/latest/use_cases.html#associate-users-by-email + #'social.pipeline.social_auth.associate_by_email', + 'social.pipeline.user.create_user', + 'social.pipeline.social_auth.associate_user', + 'social.pipeline.social_auth.load_extra_data', + 'social.pipeline.user.user_details', +) + + + +# +# Gravatar +# https://github.com/twaddington/django-gravatar +# +# Gravatar base url. +#GRAVATAR_URL = 'http://cdn.libravatar.org/' +# Gravatar base secure https url. +#GRAVATAR_SECURE_URL = 'https://seccdn.libravatar.org/' +# Gravatar size in pixels. +#GRAVATAR_DEFAULT_SIZE = '80' +# An image url or one of the following: 'mm', 'identicon', 'monsterid', 'wavatar', 'retro'. +#GRAVATAR_DEFAULT_IMAGE = 'mm' +# One of the following: 'g', 'pg', 'r', 'x'. +#GRAVATAR_DEFAULT_RATING = 'g' +# True to use https by default, False for plain http. +#GRAVATAR_DEFAULT_SECURE = True + +# +# django-compressor +# https://pypi.python.org/pypi/django_compressor +# +COMPRESS_PRECOMPILERS = ( + ('text/less', 'lessc {infile} {outfile}'), +) +COMPRESS_OFFLINE = True +# needed for debug mode +#INTERNAL_IPS = ('127.0.0.1',) + +# Django Crispy Forms +CRISPY_TEMPLATE_PACK = 'bootstrap3' +CRISPY_FAIL_SILENTLY = not DEBUG + + +# +# Full-text search engine +# +HAYSTACK_CONNECTIONS = { + 'default': { + 'ENGINE': 'haystack.backends.whoosh_backend.WhooshEngine', + 'PATH': os.path.join(VAR_DIR, "mailman-web", "fulltext_index"), + }, +} + + +# A sample logging configuration. The only tangible logging +# performed by this configuration is to send an email to +# the site admins on every HTTP 500 error when DEBUG=False. +# See http://docs.djangoproject.com/en/dev/topics/logging for +# more details on how to customize your logging configuration. +LOGGING = { + 'version': 1, + 'disable_existing_loggers': False, + 'filters': { + 'require_debug_false': { + '()': 'django.utils.log.RequireDebugFalse' + } + }, + 'handlers': { + 'mail_admins': { + 'level': 'ERROR', + 'filters': ['require_debug_false'], + 'class': 'django.utils.log.AdminEmailHandler' + }, + 'file':{ + 'level': 'INFO', + #'class': 'logging.handlers.RotatingFileHandler', + 'class': 'logging.handlers.WatchedFileHandler', + 'filename': '/var/log/mailman-web/mailman-web.log', + 'formatter': 'verbose', + }, + }, + 'loggers': { + #'django.request': { + # 'handlers': ['mail_admins'], + # 'level': 'ERROR', + # 'propagate': True, + #}, + 'django.request': { + 'handlers': ['file'], + 'level': 'ERROR', + 'propagate': True, + }, + 'django': { + 'handlers': ['file'], + 'level': 'ERROR', + 'propagate': True, + }, + 'hyperkitty': { + 'handlers': ['file'], + 'level': 'INFO', + 'propagate': True, + }, + }, + 'formatters': { + 'verbose': { + 'format': '%(levelname)s %(asctime)s %(module)s %(process)d %(thread)d %(message)s' + }, + 'simple': { + 'format': '%(levelname)s %(message)s' + }, + }, + 'root': { + 'handlers': ['file'], + 'level': 'INFO', + }, +} + + +## Cache: use the local memcached server +#CACHES = { +# 'default': { +# 'BACKEND': 'django.core.cache.backends.memcached.PyLibMCCache', +# 'LOCATION': '127.0.0.1:11211', +# } +#} + + + +# +# HyperKitty-specific +# + +APP_NAME = 'Mailing-list archives' + +# Allow authentication with the internal user database? +# By default, only a login through Persona or your email provider is allowed. +USE_INTERNAL_AUTH = False + +# Use SSL when logged in +USE_SSL = True + +# Only display mailing-lists from the same virtual host as the webserver +FILTER_VHOST = False + +# This is for development purposes +USE_MOCKUPS = False + + +try: + from settings_local import * +except ImportError: + pass diff --git a/files/djangoproject_cas/mailman_web/urls.py b/files/djangoproject_cas/mailman_web/urls.py new file mode 100644 index 0000000..5da3b10 --- /dev/null +++ b/files/djangoproject_cas/mailman_web/urls.py @@ -0,0 +1,18 @@ +from django.conf.urls import patterns, include, url +from django.core.urlresolvers import reverse_lazy +from django.views.generic import RedirectView + +# Comment the next two lines to disable the admin: +from django.contrib import admin +admin.autodiscover() + +urlpatterns = patterns('', + url(r'^$', RedirectView.as_view(url=reverse_lazy('hyperkitty.views.index.index'))), + # CAS Login/Logout URLs + url(r'accounts/login/$', 'cas.views.login', name='login'), + url(r'accounts/logout/$', 'cas.views.logout', name='logout'), + url(r'^mailman3/', include('postorius.urls')), + url(r'^archives/', include('hyperkitty.urls')), + url(r'', include('social.apps.django_app.urls', namespace='social'), {"SSL": True}), + url(r'', include('django_browserid.urls'), {"SSL": True}), +) diff --git a/files/djangoproject_cas/mailman_web/wsgi.py b/files/djangoproject_cas/mailman_web/wsgi.py new file mode 100644 index 0000000..dbb21d7 --- /dev/null +++ b/files/djangoproject_cas/mailman_web/wsgi.py @@ -0,0 +1,14 @@ +""" +WSGI config for mailman-web project. + +It exposes the WSGI callable as a module-level variable named ``application``. + +For more information on this file, see +https://docs.djangoproject.com/en/1.6/howto/deployment/wsgi/ +""" + +# Set the DJANGO_SETTINGS_MODULE environnement variable to the python path to +# your settings module (development or production) + +from django.core.wsgi import get_wsgi_application +application = get_wsgi_application() diff --git a/files/djangoproject_cas/manage.py b/files/djangoproject_cas/manage.py new file mode 100755 index 0000000..170285d --- /dev/null +++ b/files/djangoproject_cas/manage.py @@ -0,0 +1,10 @@ +#!/usr/bin/env python +import os +import sys + +if __name__ == "__main__": + os.environ.setdefault("DJANGO_SETTINGS_MODULE", "mailman_web.settings") + + from django.core.management import execute_from_command_line + + execute_from_command_line(sys.argv) diff --git a/manifests/params.pp b/manifests/params.pp index f9c9fee..968dbc6 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -55,6 +55,7 @@ class mailman3::params { $web_manage_webserver = true $web_refresh_service = true $web_service_enabled = true + $web_use_cas = true # Shared values $hyperkitty_apikey = 'SecretArchiverAPIKey' diff --git a/manifests/web.pp b/manifests/web.pp index 2b72e07..5b4b326 100644 --- a/manifests/web.pp +++ b/manifests/web.pp @@ -54,6 +54,7 @@ class mailman3::web ( $refresh_service = $mailman3::params::web_refresh_service, $searchengine_tag = $mailman3::params::web_searchengine_tag, $service_enabled = $mailman3::params::web_service_enabled, + $use_cas = $mailman3::params::web_use_cas, $web_homedir = $mailman3::params::web_homedir, $web_user = $mailman3::params::web_user, ) inherits mailman3::params { @@ -76,6 +77,7 @@ class mailman3::web ( validate_bool($refresh_service) validate_string($searchengine_tag) validate_bool($service_enabled) + validate_bool($use_cas) validate_absolute_path($web_homedir) validate_hash($override_options) validate_string($web_user) @@ -94,6 +96,7 @@ class mailman3::web ( manage_webserver => $manage_webserver, options => $options, postorius_version => $postorius_version, + use_cas => $use_cas, web_homedir => $web_homedir, web_user => $web_user, } diff --git a/manifests/web/install.pp b/manifests/web/install.pp index d5e8bbd..c3d4887 100644 --- a/manifests/web/install.pp +++ b/manifests/web/install.pp @@ -43,6 +43,7 @@ class mailman3::web::install ( $manage_webserver, $options, $postorius_version, + $use_cas, $web_homedir, $web_user, ) { @@ -53,6 +54,7 @@ class mailman3::web::install ( validate_bool($manage_webserver) validate_hash($options) validate_string($postorius_version) + validate_bool($use_cas) validate_absolute_path($web_homedir) validate_string($web_user) @@ -122,13 +124,26 @@ class mailman3::web::install ( } # install django production project files from mailman-bundler - file { "${web_homedir}/djangoproject": - ensure => directory, - owner => $web_user, - group => $web_user, - source => 'puppet:///modules/mailman3/djangoproject', - recurse => remote, - require => User[$web_user], + # we have two sets of files, one for CAS and one for not CAS. + unless ($use_cas) { + file { "${web_homedir}/djangoproject": + ensure => directory, + owner => $web_user, + group => $web_user, + source => 'puppet:///modules/mailman3/djangoproject', + recurse => remote, + require => User[$web_user], + } + } + else { + file { "${web_homedir}/djangoproject": + ensure => directory, + owner => $web_user, + group => $web_user, + source => 'puppet:///modules/mailman3/djangoproject_cas', + recurse => remote, + require => User[$web_user], + } } # create virtualenv @@ -161,6 +176,13 @@ class mailman3::web::install ( Pip will install it as a dependency automatically." } + if ($use_cas) { + python::pip { 'django-cas-client': + ensure => '1.2.0', + virtualenv => "${web_homedir}/virtualenv", + } + } + # install mailman3-web packages # pip resources autorequire their virtualenvs python::pip { 'postorius': diff --git a/spec/classes/web__install_spec.rb b/spec/classes/web__install_spec.rb index 2c72e6d..852835b 100644 --- a/spec/classes/web__install_spec.rb +++ b/spec/classes/web__install_spec.rb @@ -35,6 +35,7 @@ describe 'mailman3::web::install', :type => :class do 'manage_django_packages' => true, 'manage_webserver' => true, 'postorius_version' => 'present', + 'use_cas' => true, 'web_homedir' => '/opt/mailman3-web', 'web_user' => 'mailman3-web', 'options' => { @@ -73,6 +74,7 @@ describe 'mailman3::web::install', :type => :class do it { is_expected.to contain_file('/opt/mailman3-web/djangoproject').with( 'owner' => 'mailman3-web', 'group' => 'mailman3-web', + 'source' => 'puppet:///modules/mailman3/djangoproject_cas' ).that_requires('User[mailman3-web]') } it { is_expected.to contain_python__virtualenv('/opt/mailman3-web/virtualenv').with( @@ -106,12 +108,58 @@ describe 'mailman3::web::install', :type => :class do 'virtualenv' => '/opt/mailman3-web/virtualenv', ) } + it { is_expected.to contain_python__pip('django-cas-client').with( + 'ensure' => '1.2.0', + 'virtualenv' => '/opt/mailman3-web/virtualenv', + ) } + it { is_expected.to contain_class('mailman3::repo') } it { is_expected.to contain_package('nodejs-less') } end + context 'with use_cas set to false' do + + let(:params) { + { + 'django_version' => '1.7', + 'hyperkitty_version' => 'present', + 'install_web' => true, + 'manage_django_packages' => true, + 'manage_webserver' => true, + 'postorius_version' => 'present', + 'use_cas' => false, + 'web_homedir' => '/opt/mailman3-web', + 'web_user' => 'mailman3-web', + 'options' => { + 'paths' => { + 'var_dir' => '/opt/mailman3-web/data', + 'static_dir' => '/opt/mailman3-web/static', + 'log_file' => '/opt/mailman3-web/mailman3-web.log', + }, + }, + } + } + + it { is_expected.to contain_file('/opt/mailman3-web/djangoproject').with( + 'owner' => 'mailman3-web', + 'group' => 'mailman3-web', + 'source' => 'puppet:///modules/mailman3/djangoproject' + ).that_requires('User[mailman3-web]') } + + it { is_expected.to_not contain_file('/opt/mailman3-web/djangoproject').with( + 'owner' => 'mailman3-web', + 'group' => 'mailman3-web', + 'source' => 'puppet:///modules/mailman3/djangoproject_cas' + ).that_requires('User[mailman3-web]') } + + it { is_expected.to_not contain_python__pip('django-cas-client').with( + 'ensure' => '1.2.0', + 'virtualenv' => '/opt/mailman3-web/virtualenv', + ) } + end + context 'with install_web flag set to false' do let(:params) { @@ -122,6 +170,7 @@ describe 'mailman3::web::install', :type => :class do 'manage_django_packages' => true, 'manage_webserver' => true, 'postorius_version' => '', + 'use_cas' => true, 'web_homedir' => '/', 'web_user' => 'test', 'options' => { @@ -160,6 +209,7 @@ describe 'mailman3::web::install', :type => :class do 'manage_django_packages' => false, 'manage_webserver' => false, 'postorius_version' => 'present', + 'use_cas' => false, 'web_homedir' => '/opt/mailman3-web', 'web_user' => 'mailman3-web', 'options' => { @@ -189,6 +239,7 @@ describe 'mailman3::web::install', :type => :class do 'manage_django_packages' => false, 'manage_webserver' => false, 'postorius_version' => 'present', + 'use_cas' => false, 'web_homedir' => '/opt/mailman3-web', 'web_user' => 'mailman3-web', 'options' => { @@ -218,6 +269,7 @@ describe 'mailman3::web::install', :type => :class do 'manage_django_packages' => false, 'manage_webserver' => false, 'postorius_version' => 'present', + 'use_cas' => false, 'web_homedir' => '/opt/mailman3-web', 'web_user' => 'mailman3-web', 'options' => { @@ -243,6 +295,7 @@ describe 'mailman3::web::install', :type => :class do 'manage_django_packages' => false, 'manage_webserver' => false, 'postorius_version' => 'present', + 'use_cas' => false, 'web_homedir' => '/opt/mailman3-web', 'web_user' => 'mailman3-web', 'options' => {},