From 962fa6672a1c251156570166d15362bb72434cc7 Mon Sep 17 00:00:00 2001 From: Matthew Haughton Date: Thu, 21 Nov 2013 22:10:53 -0500 Subject: [PATCH 01/10] rspec tests for v0.0.6 Resolves #65 --- spec/classes/config_spec.rb | 296 ++++++++++ spec/classes/nginx_spec.rb | 76 ++- spec/classes/package_spec.rb | 118 +++- spec/classes/params_spec.rb | 20 + spec/classes/service_spec.rb | 54 ++ spec/defines/nginx__resource__vhost_spec.rb | 25 - spec/defines/resource_location_spec.rb | 493 ++++++++++++++++ spec/defines/resource_mailhost_spec.rb | 385 ++++++++++++ spec/defines/resource_upstream_spec.rb | 86 +++ spec/defines/resource_vhost_spec.rb | 619 ++++++++++++++++++++ 10 files changed, 2113 insertions(+), 59 deletions(-) create mode 100644 spec/classes/config_spec.rb create mode 100644 spec/classes/params_spec.rb create mode 100644 spec/classes/service_spec.rb delete mode 100644 spec/defines/nginx__resource__vhost_spec.rb create mode 100644 spec/defines/resource_location_spec.rb create mode 100644 spec/defines/resource_mailhost_spec.rb create mode 100644 spec/defines/resource_upstream_spec.rb create mode 100644 spec/defines/resource_vhost_spec.rb diff --git a/spec/classes/config_spec.rb b/spec/classes/config_spec.rb new file mode 100644 index 000000000..197251cda --- /dev/null +++ b/spec/classes/config_spec.rb @@ -0,0 +1,296 @@ +require 'spec_helper' +describe 'nginx::config' do + + describe 'with defaults' do + [ + { :osfamily => 'debian', :operatingsystem => 'debian', }, + { :osfamily => 'debian', :operatingsystem => 'ubuntu', }, + { :osfamily => 'redhat', :operatingsystem => 'fedora', }, + { :osfamily => 'redhat', :operatingsystem => 'rhel', }, + { :osfamily => 'redhat', :operatingsystem => 'redhat', }, + { :osfamily => 'redhat', :operatingsystem => 'centos', }, + { :osfamily => 'redhat', :operatingsystem => 'scientific', }, + { :osfamily => 'redhat', :operatingsystem => 'amazon', }, + { :osfamily => 'suse', :operatingsystem => 'suse', }, + { :osfamily => 'suse', :operatingsystem => 'opensuse', }, + { :osfamily => 'gentoo', :operatingsystem => 'gentoo', }, + { :osfamily => 'linux', :operatingsystem => 'gentoo', }, + ].each do |facts| + + context "when osfamily/operatingsystem is #{facts[:osfamily]}/#{facts[:operatingsystem]}" do + + let :facts do + { + :osfamily => facts[:osfamily], + :operatingsystem => facts[:operatingsystem], + :kernel => 'linux', + } + end + + it { should include_class("nginx::params") } + + it { should contain_file("/etc/nginx").with( + :ensure => 'directory', + :owner => 'root', + :group => 'root', + :mode => '0644' + )} + it { should contain_file("/etc/nginx/conf.d").with( + :ensure => 'directory', + :owner => 'root', + :group => 'root', + :mode => '0644' + )} + it { should contain_file("/etc/nginx/conf.mail.d").with( + :ensure => 'directory', + :owner => 'root', + :group => 'root', + :mode => '0644' + )} + it { should contain_file("/var/nginx").with( + :ensure => 'directory', + :owner => 'root', + :group => 'root', + :mode => '0644' + )} + it { should contain_file("/var/nginx/client_body_temp").with( + :ensure => 'directory', + :group => 'root', + :mode => '0644' + )} + it { should contain_file("/var/nginx/proxy_temp").with( + :ensure => 'directory', + :group => 'root', + :mode => '0644' + )} + it { should contain_file('/etc/nginx/sites-enabled/default').with_ensure('absent') } + it { should contain_file("/etc/nginx/nginx.conf").with( + :ensure => 'file', + :owner => 'root', + :group => 'root', + :mode => '0644' + )} + it { should contain_file("/etc/nginx/conf.d/proxy.conf").with( + :ensure => 'file', + :owner => 'root', + :group => 'root', + :mode => '0644' + )} + it { should contain_file("/tmp/nginx.d").with( + :ensure => 'directory', + :purge => true, + :recurse => true, + :owner => 'root', + :group => 'root', + :mode => '0644' + )} + it { should contain_file("/tmp/nginx.mail.d").with( + :ensure => 'directory', + :purge => true, + :recurse => true, + :owner => 'root', + :group => 'root', + :mode => '0644' + )} + end + end + end + + describe 'with defaults' do + [ + { :osfamily => 'debian', :operatingsystem => 'debian', }, + { :osfamily => 'debian', :operatingsystem => 'ubuntu', }, + ].each do |facts| + + context "when osfamily/operatingsystem is #{facts[:osfamily]}/#{facts[:operatingsystem]}" do + + let :facts do + { + :osfamily => facts[:osfamily], + :operatingsystem => facts[:operatingsystem], + :kernel => 'linux', + } + end + it { should contain_file("/var/nginx/client_body_temp").with(:owner => 'www-data')} + it { should contain_file("/var/nginx/proxy_temp").with(:owner => 'www-data')} + it { should contain_file("/etc/nginx/nginx.conf").with_content %r{^user www-data;}} + end + end + end + + describe 'with defaults' do + [ + { :osfamily => 'redhat', :operatingsystem => 'fedora', }, + { :osfamily => 'redhat', :operatingsystem => 'rhel', }, + { :osfamily => 'redhat', :operatingsystem => 'redhat', }, + { :osfamily => 'redhat', :operatingsystem => 'centos', }, + { :osfamily => 'redhat', :operatingsystem => 'scientific', }, + { :osfamily => 'redhat', :operatingsystem => 'amazon', }, + { :osfamily => 'suse', :operatingsystem => 'suse', }, + { :osfamily => 'suse', :operatingsystem => 'opensuse', }, + { :osfamily => 'gentoo', :operatingsystem => 'gentoo', }, + { :osfamily => 'linux', :operatingsystem => 'gentoo', }, + ].each do |facts| + + context "when osfamily/operatingsystem is #{facts[:osfamily]}/#{facts[:operatingsystem]}" do + + let :facts do + { + :osfamily => facts[:osfamily], + :operatingsystem => facts[:operatingsystem], + :kernel => 'linux', + } + end + it { should contain_file("/var/nginx/client_body_temp").with(:owner => 'nginx')} + it { should contain_file("/var/nginx/proxy_temp").with(:owner => 'nginx')} + it { should contain_file("/etc/nginx/nginx.conf").with_content %r{^user nginx;}} + end + end + end + + describe 'os-independent items' do + + let :facts do + { + :osfamily => 'debian', + :operatingsystem => 'debian', + :kernel => 'linux', + } + end + + describe "nginx.conf template content" do + [ + { + :title => 'should set worker_processes', + :attr => 'worker_processes', + :value => '4', + :match => 'worker_processes 4;', + }, + { + :title => 'should set error_log', + :attr => 'nginx_error_log', + :value => '/path/to/error.log', + :match => 'error_log /path/to/error.log;', + }, + { + :title => 'should set worker_connections', + :attr => 'worker_connections', + :value => '100', + :match => ' worker_connections 100;', + }, + { + :title => 'should set access_log', + :attr => 'http_access_log', + :value => '/path/to/access.log', + :match => ' access_log /path/to/access.log;', + }, + { + :title => 'should set server_tokens', + :attr => 'server_tokens', + :value => 'on', + :match => ' server_tokens on;', + }, + { + :title => 'should set proxy_cache_path', + :attr => 'proxy_cache_path', + :value => '/path/to/proxy.cache', + :match => ' proxy_cache_path /path/to/proxy.cache levels=1 keys_zone=d2:100m max_size=500m inactive=20m;', + }, + { + :title => 'should not set proxy_cache_path', + :attr => 'proxy_cache_path', + :value => false, + :notmatch => ' proxy_cache_path /path/to/proxy.cache levels=1 keys_zone=d2:100m max_size=500m inactive=20m;', + }, + { + :title => 'should contain ordered appended directives', + :attr => 'http_cfg_append', + :value => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' }, + :match => [ + ' allow test value 3;', + ' test1 test value 1;', + ' test2 test value 2;', + ], + }, + ].each do |param| + context "when #{param[:attr]} is #{param[:value]}" do + let :params do { param[:attr].to_sym => param[:value] } end + + it { should contain_file("/etc/nginx/nginx.conf").with_mode('0644') } + it param[:title] do + verify_contents(subject, "/etc/nginx/nginx.conf", Array(param[:match])) + lines = subject.resource('file', "/etc/nginx/nginx.conf").send(:parameters)[:content].split("\n") + (Array(param[:notmatch]).collect { |x| lines.grep x }.flatten).should be_empty + end + end + end + end + + describe "proxy.conf template content" do + [ + { + :title => 'should set client_max_body_size', + :attr => 'client_max_body_size', + :value => '5m', + :match => 'client_max_body_size 5m;', + }, + { + :title => 'should set proxy_buffers', + :attr => 'proxy_buffers', + :value => '50 5k', + :match => 'proxy_buffers 50 5k;', + }, + { + :title => 'should set proxy_buffer_size', + :attr => 'proxy_buffer_size', + :value => '2k', + :match => 'proxy_buffer_size 2k;', + }, + { + :title => 'should set proxy_http_version', + :attr => 'proxy_http_version', + :value => '1.1', + :match => 'proxy_http_version 1.1;', + }, + { + :title => 'should contain ordered appended directives', + :attr => 'proxy_set_header', + :value => ['header1','header2'], + :match => [ + 'proxy_set_header header1;', + 'proxy_set_header header2;', + ], + }, + ].each do |param| + context "when #{param[:attr]} is #{param[:value]}" do + let :params do { param[:attr].to_sym => param[:value] } end + + it { should contain_file("/etc/nginx/conf.d/proxy.conf").with_mode('0644') } + it param[:title] do + verify_contents(subject, "/etc/nginx/conf.d/proxy.conf", Array(param[:match])) + lines = subject.resource('file', "/etc/nginx/conf.d/proxy.conf").send(:parameters)[:content].split("\n") + (Array(param[:notmatch]).collect { |x| lines.grep x }.flatten).should be_empty + end + end + end + end + + context "when confd_purge true" do + let(:params) {{:confd_purge => true}} + it { should contain_file('/etc/nginx/conf.d').with( + :ignore => 'vhost_autogen.conf', + :purge => true, + :recurse => true + )} + end + + context "when confd_purge false" do + let(:params) {{:confd_purge => false}} + it { should contain_file('/etc/nginx/conf.d').without([ + 'ignore', + 'purge', + 'recurse' + ])} + end + end +end diff --git a/spec/classes/nginx_spec.rb b/spec/classes/nginx_spec.rb index 2580b88a0..44ccf3a38 100644 --- a/spec/classes/nginx_spec.rb +++ b/spec/classes/nginx_spec.rb @@ -1,36 +1,66 @@ require 'spec_helper' describe 'nginx' do - - shared_examples 'linux' do |operatingsystem, user| - let(:facts) {{ :kernel => 'linux', :operatingsystem => operatingsystem, :osfamily => operatingsystem, :lsbdistcodename => 'precise' }} - - it { should contain_service('nginx').with( - :ensure => 'running', - :enable => true - ) } - - it { should contain_file('/var/nginx/client_body_temp').with_owner(user) } + let :params do + { + :nginx_upstreams => { 'upstream1' => { 'members' => ['localhost:3000']} }, + :nginx_vhosts => { 'test2.local' => { 'www_root' => '/' } }, + :nginx_locations => { 'test2.local' => { 'vhost' => 'test2.local', 'www_root' => '/'} } + } end + context "on a Debian OS" do + let :facts do + { + :kernel => 'linux', + :operatingsystem => 'Debian', + :osfamily => 'Debian', + :lsbdistcodename => 'precise', + } + end - context 'redhat' do - it_behaves_like 'linux', 'redhat', 'nginx' + it { should contain_nginx__package } + it { should contain_nginx__config } + it { should contain_nginx__service } + it { should include_class("nginx::params") } + it { should contain_nginx__resource__upstream("upstream1") } + it { should contain_nginx__resource__vhost("test2.local") } + it { should contain_nginx__resource__location("test2.local") } end - context 'debian' do - it_behaves_like 'linux', 'debian', 'www-data' - end + context "on a RedHat OS" do + let :facts do + { + :kernel => 'linux', + :operatingsystem => 'RedHat', + :osfamily => 'RedHat', + } + end - describe 'installs the requested package version' do - let(:facts) {{ :kernel => 'linux', :operatingsystem => 'redhat', :osfamily => 'redhat' }} - let(:params) {{ :package_ensure => '3.0.0' }} + it { should contain_nginx__package } + it { should contain_nginx__config } + it { should contain_nginx__service } + it { should include_class("nginx::params") } + it { should contain_nginx__resource__upstream("upstream1") } + it { should contain_nginx__resource__vhost("test2.local") } + it { should contain_nginx__resource__location("test2.local") } + end - it 'installs 3.0.0 exactly' do - should contain_package('nginx').with({ - 'ensure' => '3.0.0' - }) + context "on a Suse OS" do + let :facts do + { + :kernel => 'linux', + :operatingsystem => 'SuSE', + :osfamily => 'Suse', + } end - end + it { should contain_nginx__package } + it { should contain_nginx__config } + it { should contain_nginx__service } + it { should include_class("nginx::params") } + it { should contain_nginx__resource__upstream("upstream1") } + it { should contain_nginx__resource__vhost("test2.local") } + it { should contain_nginx__resource__location("test2.local") } + end end diff --git a/spec/classes/package_spec.rb b/spec/classes/package_spec.rb index 6b2d7f8ac..0278d7df9 100644 --- a/spec/classes/package_spec.rb +++ b/spec/classes/package_spec.rb @@ -4,22 +4,106 @@ shared_examples 'redhat' do |operatingsystem| let(:facts) {{ :operatingsystem => operatingsystem, :osfamily => 'RedHat' }} - it { should contain_package('nginx') } - it { should contain_yumrepo('nginx-release').with_enabled('1') } + + context "using defaults" do + it { should contain_package('nginx') } + it { should contain_yumrepo('nginx-release').with( + 'baseurl' => 'http://nginx.org/packages/rhel/6/$basearch/', + 'descr' => 'nginx repo', + 'enabled' => '1', + 'gpgcheck' => '1', + 'priority' => '1', + 'gpgkey' => 'http://nginx.org/keys/nginx_signing.key' + )} + it { should contain_file('/etc/yum.repos.d/nginx-release.repo') } + end + + context "manage_repo => false" do + let(:params) {{ :manage_repo => false }} + it { should contain_package('nginx') } + it { should_not contain_yumrepo('nginx-release') } + it { should_not contain_file('/etc/yum.repos.d/nginx-release.repo') } + end + + context "lsbmajdistrelease = 5" do + let(:facts) {{ :operatingsystem => operatingsystem, :osfamily => 'RedHat', :lsbmajdistrelease => 5 }} + it { should contain_package('nginx') } + it { should contain_yumrepo('nginx-release').with( + 'baseurl' => 'http://nginx.org/packages/rhel/5/$basearch/' + )} + it { should contain_file('/etc/yum.repos.d/nginx-release.repo') } + end + + describe 'installs the requested package version' do + let(:facts) {{ :kernel => 'linux', :operatingsystem => 'redhat', :osfamily => 'redhat' }} + let(:params) {{ :package_ensure => '3.0.0' }} + + it 'installs 3.0.0 exactly' do + should contain_package('nginx').with({ + 'ensure' => '3.0.0' + }) + end + end end shared_examples 'debian' do |operatingsystem, lsbdistcodename| let(:facts) {{ :operatingsystem => operatingsystem, :osfamily => 'Debian', :lsbdistcodename => lsbdistcodename }} - it { should contain_apt__source('nginx') } + + context "using defaults" do + it { should contain_package('nginx') } + it { should_not contain_package('passenger') } + it { should contain_apt__source('nginx').with( + 'location' => "http://nginx.org/packages/#{operatingsystem}", + 'repos' => 'nginx', + 'key' => '7BD9BF62', + 'key_source' => 'http://nginx.org/keys/nginx_signing.key' + )} + end + + context "package_source => 'passenger'" do + let(:params) {{ :package_source => 'passenger' }} + it { should contain_package('nginx') } + it { should contain_package('passenger') } + it { should contain_apt__source('nginx').with( + 'location' => 'https://oss-binaries.phusionpassenger.com/apt/passenger', + 'repos' => "main", + 'key' => '561F9B9CAC40B2F7', + 'key_source' => 'https://oss-binaries.phusionpassenger.com/auto-software-signing-gpg-key.txt' + )} + end + + context "manage_repo => false" do + let(:params) {{ :manage_repo => false }} + it { should contain_package('nginx') } + it { should_not contain_apt__source('nginx') } + it { should_not contain_package('passenger') } + end end shared_examples 'suse' do |operatingsystem| let(:facts) {{ :operatingsystem => operatingsystem, :osfamily => 'Suse'}} - it { should contain_package('nginx-0.8') } - it { should contain_package('apache2') } - it { should contain_package('apache2-itk') } - it { should contain_package('apache2-utils') } - it { should contain_package('gd') } + [ + 'nginx-0.8', + 'apache2', + 'apache2-itk', + 'apache2-utils', + 'gd', + 'libapr1', + 'libapr-util1', + 'libjpeg62', + 'libpng14-14', + 'libxslt', + 'rubygem-daemon_controller', + 'rubygem-fastthread', + 'rubygem-file-tail', + 'rubygem-passenger', + 'rubygem-passenger-nginx', + 'rubygem-rack', + 'rubygem-rake', + 'rubygem-spruz', + ].each do |package| + it { should contain_package("#{package}") } + end end @@ -43,19 +127,31 @@ context 'amazon with facter < 1.7.2' do let(:facts) {{ :operatingsystem => 'Amazon', :osfamily => 'Linux' }} - it { should contain_class('nginx::package::redhat') } + it { should contain_package('nginx') } + it { should contain_yumrepo('nginx-release').with( + 'baseurl' => 'http://nginx.org/packages/rhel/6/$basearch/', + 'descr' => 'nginx repo', + 'enabled' => '1', + 'gpgcheck' => '1', + 'priority' => '1', + 'gpgkey' => 'http://nginx.org/keys/nginx_signing.key' + )} + it { should contain_file('/etc/yum.repos.d/nginx-release.repo') } end context 'fedora' do # fedora is identical to the rest of osfamily RedHat except for not # including nginx-release - let(:facts) {{ :operatingsystem => 'Fedora', :osfamily => 'RedHat' }} + let(:facts) {{ :operatingsystem => 'Fedora', :osfamily => 'RedHat', :lsbmajdistrelease => 6 }} it { should contain_package('nginx') } it { should_not contain_yumrepo('nginx-release') } + # TODO: reenable this once the manifest is fixed - right now it's always being created on redhat + # when manage_repo => true + # it { should_not contain_file('/etc/yum.repos.d/nginx-release.repo') } end context 'other' do - let(:facts) {{ :operatingsystem => 'xxx' }} + let(:facts) {{ :operatingsystem => 'xxx', :osfamily => 'linux' }} it { expect { subject }.to raise_error(Puppet::Error, /Module nginx is not supported on xxx/) } end end diff --git a/spec/classes/params_spec.rb b/spec/classes/params_spec.rb new file mode 100644 index 000000000..dd67d82b8 --- /dev/null +++ b/spec/classes/params_spec.rb @@ -0,0 +1,20 @@ +require 'spec_helper' + +describe 'nginx::params' do + context "On a Debian OS" do + let :facts do { + :osfamily => 'debian', + :operatingsystem => 'debian', + :kernel => 'Linux', + } end + + it { should contain_nginx__params } + + # There are 4 resources in this class currently + # there should not be any more resources because it is a params class + # The resources are class[nginx::params], class[main], class[settings], stage[main] + it "Should not contain any resources" do + subject.resources.size.should == 4 + end + end +end diff --git a/spec/classes/service_spec.rb b/spec/classes/service_spec.rb new file mode 100644 index 000000000..1b5108cef --- /dev/null +++ b/spec/classes/service_spec.rb @@ -0,0 +1,54 @@ +require 'spec_helper' +describe 'nginx::service' do + + let :facts do { + :osfamily => 'Debian', + :operatingsystem => 'debian', + :kernel => 'Linux', + } end + + let :pre_condition do + [ + 'include ::nginx::params', + ] + end + + context "using default parameters" do + + it { should contain_exec('rebuild-nginx-vhosts').with( + :command => "/bin/cat /tmp/nginx.d/* > /etc/nginx/conf.d/vhost_autogen.conf", + :refreshonly => true, + :unless => "/usr/bin/test ! -f /tmp/nginx.d/*", + :subscribe => "File[/tmp/nginx.d]" + )} + + it { should contain_exec('rebuild-nginx-mailhosts').with( + :command => "/bin/cat /tmp/nginx.mail.d/* > /etc/nginx/conf.mail.d/vhost_autogen.conf", + :refreshonly => true, + :unless => "/usr/bin/test ! -f /tmp/nginx.mail.d/*", + :subscribe => "File[/tmp/nginx.mail.d]" + )} + + it { should contain_service('nginx').with( + :ensure => 'running', + :enable => true, + :hasstatus => true, + :hasrestart => true, + :subscribe => ['Exec[rebuild-nginx-vhosts]','Exec[rebuild-nginx-mailhosts]'] + )} + + it { should contain_service('nginx').without_restart } + + end + + describe "when configtest_enable => true" do + let(:params) {{ :configtest_enable => true }} + it { should contain_service('nginx').with_restart('/etc/init.d/nginx configtest && /etc/init.d/nginx restart') } + + context "when service_restart => 'a restart command'" do + let(:params) {{ :configtest_enable => true, :service_restart => 'a restart command' }} + it { should contain_service('nginx').with_restart('a restart command') } + end + end + +end diff --git a/spec/defines/nginx__resource__vhost_spec.rb b/spec/defines/nginx__resource__vhost_spec.rb deleted file mode 100644 index 315694cc9..000000000 --- a/spec/defines/nginx__resource__vhost_spec.rb +++ /dev/null @@ -1,25 +0,0 @@ -require 'spec_helper' - -describe 'nginx::resource::vhost' do - - describe 'applies allow and deny rules' do - let (:title) { 'test' } - let (:params) {{ - :www_root => '/var/www/nginx', - :location_allow => ['10.0.0.1', 'host1'], - :location_deny => ['host2', '10.0.0.2'] - }} - - it 'applies location_allow rules' do - should contain_file('/nginx.d/test-500-_').with({ - 'content' => /allow 10.0.0.1\n allow host1/ - }) - end - it 'applies location_deny rules' do - should contain_file('/nginx.d/test-500-_').with({ - 'content' => /deny host2\n deny 10.0.0.2/ - }) - end - end - -end diff --git a/spec/defines/resource_location_spec.rb b/spec/defines/resource_location_spec.rb new file mode 100644 index 000000000..6d98fd7e0 --- /dev/null +++ b/spec/defines/resource_location_spec.rb @@ -0,0 +1,493 @@ +require 'spec_helper' + +describe 'nginx::resource::location' do + let :title do + 'rspec-test' + end + let :facts do + { + :osfamily => 'Debian', + :operatingsystem => 'debian', + :kernel => 'Linux', + } + end + let :pre_condition do + [ + 'include ::nginx::params', + 'include ::nginx::config', + ] + end + + describe 'os-independent items' do + + describe 'basic assumptions' do + let :params do { + :www_root => "/var/www/rspec", + :vhost => 'vhost1', + } end + + it { should include_class("nginx::params") } + it { should include_class("nginx::config") } + it { should contain_file("/tmp/nginx.d/vhost1-500-rspec-test").with_content(/location rspec-test/) } + it { should_not contain_file('/etc/nginx/fastcgi_params') } + it { should_not contain_file("/tmp/nginx.d/vhost1-800-rspec-test-ssl") } + it { should_not contain_file("/etc/nginx/rspec-test_htpasswd") } + end + + describe "vhost_location_proxy template content" do + [ + { + :title => 'should set the location', + :attr => 'location', + :value => 'my_location', + :match => ' location my_location {', + }, + { + :title => 'should contain ordered prepended directives', + :attr => 'location_cfg_prepend', + :value => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' }, + :match => [ + ' allow test value 3;', + ' test1 test value 1;', + ' test2 test value 2;', + ], + }, + { + :title => 'should set proxy_cache', + :attr => 'proxy_cache', + :value => 'value', + :match => ' proxy_cache value;', + }, + { + :title => 'should not set proxy_cache', + :attr => 'proxy_cache', + :value => false, + :notmatch => /proxy_cache/ + }, + { + :title => 'should set proxy_pass', + :attr => 'proxy', + :value => 'value', + :match => ' proxy_pass value;', + }, + { + :title => 'should set proxy_read_timeout', + :attr => 'proxy_read_timeout', + :value => 'value', + :match => ' proxy_read_timeout value;', + }, + { + :title => 'should contain ordered appended directives', + :attr => 'location_cfg_append', + :value => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' }, + :match => [ + ' allow test value 3;', + ' test1 test value 1;', + ' test2 test value 2;', + ], + }, + ].each do |param| + context "when #{param[:attr]} is #{param[:value]}" do + let :default_params do { :location => 'location', :proxy => 'proxy_value', :vhost => 'vhost1' } end + let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end + + it { should contain_file("/tmp/nginx.d/vhost1-500-#{params[:location]}") } + it param[:title] do + verify_contents(subject, "/tmp/nginx.d/vhost1-500-#{params[:location]}", Array(param[:match])) + lines = subject.resource('file', "/tmp/nginx.d/vhost1-500-#{params[:location]}").send(:parameters)[:content].split("\n") + (Array(param[:notmatch]).collect { |x| lines.grep x }.flatten).should be_empty + end + end + end + + context "when proxy_cache_valid is 10m" do + let :params do { + :location => 'location', + :proxy => 'proxy_value', + :vhost => 'vhost1', + :proxy_cache => true, + :proxy_cache_valid => '10m', + } end + + it { should contain_file("/tmp/nginx.d/vhost1-500-location").with_content(/proxy_cache_valid 10m;/) } + end + end + + describe "vhost_location_alias template content" do + [ + { + :title => 'should set the location', + :attr => 'location', + :value => 'my_location', + :match => ' location my_location {', + }, + # TODO: fix in template so following matches + #{ + # :title => 'should contain ordered prepended directives', + # :attr => 'location_cfg_prepend', + # :value => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' }, + # :match => [ + # ' allow test value 3;', + # ' test1 test value 1;', + # ' test2 test value 2;', + # ], + #}, + { + :title => 'should set alias', + :attr => 'location_alias', + :value => 'value', + :match => ' alias value;', + }, + #TODO: fix in template so following matches + #{ + # :title => 'should contain ordered appended directives', + # :attr => 'location_cfg_append', + # :value => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' }, + # :match => [ + # ' allow test value 3; ', + # ' test1 test value 1; ', + # ' test2 test value 2; ', + # ], + #}, + ].each do |param| + context "when #{param[:attr]} is #{param[:value]}" do + let :default_params do { :location => 'location', :location_alias => 'location_alias_value', :vhost => 'vhost1' } end + let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end + + it { should contain_file("/tmp/nginx.d/vhost1-500-#{params[:location]}") } + it param[:title] do + verify_contents(subject, "/tmp/nginx.d/vhost1-500-#{params[:location]}", Array(param[:match])) + lines = subject.resource('file', "/tmp/nginx.d/vhost1-500-#{params[:location]}").send(:parameters)[:content].split("\n") + (Array(param[:notmatch]).collect { |x| lines.grep x }.flatten).should be_empty + end + end + end + end + + describe "vhost_location_stub_status template content" do + [ + { + :title => 'should set the location', + :attr => 'location', + :value => 'my_location', + :match => ' location my_location {', + }, + { + :title => 'should contain ordered prepended directives', + :attr => 'location_cfg_prepend', + :value => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' }, + :match => [ + ' allow test value 3;', + ' test1 test value 1;', + ' test2 test value 2;', + ], + }, + { + :title => 'should contain ordered appended directives', + :attr => 'location_cfg_append', + :value => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' }, + :match => [ + ' allow test value 3;', + ' test1 test value 1;', + ' test2 test value 2;', + ], + }, + ].each do |param| + context "when #{param[:attr]} is #{param[:value]}" do + let :default_params do { :location => 'location', :stub_status => true, :vhost => 'vhost1' } end + let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end + + it { should contain_file("/tmp/nginx.d/vhost1-500-#{params[:location]}").with_content(/stub_status on;/) } + it param[:title] do + verify_contents(subject, "/tmp/nginx.d/vhost1-500-#{params[:location]}", Array(param[:match])) + lines = subject.resource('file', "/tmp/nginx.d/vhost1-500-#{params[:location]}").send(:parameters)[:content].split("\n") + (Array(param[:notmatch]).collect { |x| lines.grep x }.flatten).should be_empty + end + end + end + end + + describe "vhost_location_fastcgi template content" do + [ + { + :title => 'should set the location', + :attr => 'location', + :value => 'my_location', + :match => ' location my_location {', + }, + { + :title => 'should contain ordered prepended directives', + :attr => 'location_cfg_prepend', + :value => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' }, + :match => [ + ' allow test value 3;', + ' test1 test value 1;', + ' test2 test value 2;', + ], + }, + { + :title => 'should set www_root', + :attr => 'www_root', + :value => '/', + :match => ' root /;' + }, + { + :title => 'should set fastcgi_split_path', + :attr => 'fastcgi_split_path', + :value => 'value', + :match => ' fastcgi_split_path_info value;' + }, + { + :title => 'should not set fastcgi_split_path', + :attr => 'fastcgi_split_path', + :value => false, + :notmatch => /fastcgi_split_path_info/ + }, + { + :title => 'should set try_file(s)', + :attr => 'try_files', + :value => ['name1','name2'], + :match => ' try_files name1 name2 ;', #TODO + }, + { + :title => 'should set fastcgi_params', + :attr => 'fastcgi_params', + :value => 'value', + :match => ' include value;' + }, + { + :title => 'should set fastcgi_pass', + :attr => 'fastcgi', + :value => 'value', + :match => ' fastcgi_pass value;' + }, + { + :title => 'should set fastcgi_param', + :attr => 'fastcgi_script', + :value => 'value', + :match => ' fastcgi_param SCRIPT_FILENAME value;', + }, + { + :title => 'should contain ordered appended directives', + :attr => 'location_cfg_append', + :value => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' }, + :match => [ + ' allow test value 3;', + ' test1 test value 1;', + ' test2 test value 2;', + ], + }, + ].each do |param| + context "when #{param[:attr]} is #{param[:value]}" do + let :default_params do { :location => 'location', :fastcgi => true, :vhost => 'vhost1' } end + let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end + + it { should contain_file("/tmp/nginx.d/vhost1-500-#{params[:location]}") } + it param[:title] do + verify_contents(subject, "/tmp/nginx.d/vhost1-500-#{params[:location]}", Array(param[:match])) + lines = subject.resource('file', "/tmp/nginx.d/vhost1-500-#{params[:location]}").send(:parameters)[:content].split("\n") + (Array(param[:notmatch]).collect { |x| lines.grep x }.flatten).should be_empty + end + end + end + end + + describe "vhost_location_directory template content" do + [ + { + :title => 'should set the location', + :attr => 'location', + :value => 'my_location', + :match => ' location my_location {', + }, + { + :title => 'should set the allow directive', + :attr => 'location_allow', + :value => ['rule1','rule2'], +#TODO: should have trailing ';' but template is faulty + :match => [' allow rule1', ' allow rule2'], + }, + { + :title => 'should set the deny directive', + :attr => 'location_deny', + :value => ['rule1','rule2'], +#TODO: should have trailing ';' but template is faulty + :match => [' deny rule1', ' deny rule2'], + }, + { + :title => 'should contain ordered prepended directives', + :attr => 'location_cfg_prepend', + :value => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' }, + :match => [ + ' allow test value 3;', + ' test1 test value 1;', + ' test2 test value 2;', + ], + }, + { + :title => 'should set www_root', + :attr => 'www_root', + :value => '/', + :match => ' root /;' + }, + { + :title => 'should set try_file(s)', + :attr => 'try_files', + :value => ['name1','name2'], + :match => ' try_files name1 name2 ;', #TODO + }, + { + :title => 'should set index_file(s)', + :attr => 'index_files', + :value => ['name1','name2'], + :match => ' index name1 name2;', + }, + #TODO: fix template + #{ + # :title => 'should set auth_basic', + # :attr => 'auth_basic', + # :value => 'value', + # :match => ' auth_basic "value";', + #}, + #{ + # :title => 'should set auth_basic_user_file', + # :attr => 'auth_basic_user_file', + # :value => 'value', + # :match => ' auth_basic_user_file value;', + #}, + { + :title => 'should contain ordered appended directives', + :attr => 'location_cfg_append', + :value => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' }, + :match => [ + ' allow test value 3;', + ' test1 test value 1;', + ' test2 test value 2;', + ], + }, + ].each do |param| + context "when #{param[:attr]} is #{param[:value]}" do + let :default_params do { :location => 'location', :www_root => '/var/www/root', :vhost => 'vhost1' } end + let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end + + it { should contain_file("/tmp/nginx.d/vhost1-500-#{params[:location]}") } + it param[:title] do + verify_contents(subject, "/tmp/nginx.d/vhost1-500-#{params[:location]}", Array(param[:match])) + lines = subject.resource('file', "/tmp/nginx.d/vhost1-500-#{params[:location]}").send(:parameters)[:content].split("\n") + (Array(param[:notmatch]).collect { |x| lines.grep x }.flatten).should be_empty + end + end + end + end + + describe "vhost_location_empty template content" do + [ + { + :title => 'should set the location', + :attr => 'location', + :value => 'my_location', + :match => ' location my_location {', + }, + { + :title => 'should contain ordered config directives', + :attr => 'location_custom_cfg', + :value => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' }, + :match => [ + ' allow test value 3;', + ' test1 test value 1;', + ' test2 test value 2;', + ], + }, + ].each do |param| + context "when #{param[:attr]} is #{param[:value]}" do + let :default_params do { :location => 'location', :location_custom_cfg => {'test1'=>'value1'}, :vhost => 'vhost1' } end + let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end + + it { should contain_file("/tmp/nginx.d/vhost1-500-#{params[:location]}") } + it param[:title] do + verify_contents(subject, "/tmp/nginx.d/vhost1-500-#{params[:location]}", Array(param[:match])) + lines = subject.resource('file', "/tmp/nginx.d/vhost1-500-#{params[:location]}").send(:parameters)[:content].split("\n") + (Array(param[:notmatch]).collect { |x| lines.grep x }.flatten).should be_empty + end + end + end + end + + context 'attribute resources' do + context 'when fastcgi => true' do + let :params do { :fastcgi => true, :vhost => 'vhost1' } end + + it { should contain_file('/etc/nginx/fastcgi_params').with_mode('0770') } + end + + context 'when ssl_only => true' do + let :params do { :ssl_only => true, :vhost => 'vhost1', :www_root => '/', } end + it { should_not contain_file("/tmp/nginx.d/vhost1-500-rspec-test") } + end + + context 'when ssl_only => false' do + let :params do { :ssl_only => false, :vhost => 'vhost1', :www_root => '/', } end + + it { should contain_file("/tmp/nginx.d/vhost1-500-rspec-test") } + end + + context 'when ssl => true' do + let :params do { :ssl => true, :vhost => 'vhost1', :www_root => '/', } end + + it { should contain_file("/tmp/nginx.d/vhost1-800-rspec-test-ssl") } + end + + context 'when ssl => false' do + let :params do { :ssl => false, :vhost => 'vhost1', :www_root => '/', } end + + it { should_not contain_file("/tmp/nginx.d/vhost1-800-rspec-test-ssl") } + end + + context 'when auth_basic_user_file => true' do + let :params do { :auth_basic_user_file => true, :vhost => 'vhost1', :www_root => '/', } end + + it { should contain_file("/etc/nginx/rspec-test_htpasswd") } + end + + context 'when ensure => absent' do + let :params do { + :www_root => true, + :vhost => 'vhost1', + :ensure => 'absent', + :ssl => true, + :auth_basic_user_file => true, + } end + + it { should contain_file("/tmp/nginx.d/vhost1-500-rspec-test").with_ensure('absent') } + it { should contain_file("/tmp/nginx.d/vhost1-800-rspec-test-ssl").with_ensure('absent') } + it { should contain_file("/etc/nginx/rspec-test_htpasswd").with_ensure('absent') } + end + + context "vhost missing" do + let :params do { + :www_root => '/', + } end + + it { expect { should contain_class('nginx::resource::location') }.to raise_error(Puppet::Error, /Cannot create a location reference without attaching to a virtual host/) } + end + + context "location type missing" do + let :params do { + :vhost => 'vhost1', + } end + + it { expect { should contain_class('nginx::resource::location') }.to raise_error(Puppet::Error, /Cannot create a location reference without a www_root, proxy, location_alias, fastcgi, stub_status, or location_custom_cfg defined/) } + end + + context "www_root and proxy are set" do + let :params do { + :vhost => 'vhost1', + :www_root => '/', + :proxy => true, + } end + + it { expect { should contain_class('nginx::resource::location') }.to raise_error(Puppet::Error, /Cannot define both directory and proxy in a virtual host/) } + end + end + end +end diff --git a/spec/defines/resource_mailhost_spec.rb b/spec/defines/resource_mailhost_spec.rb new file mode 100644 index 000000000..69fd0ea70 --- /dev/null +++ b/spec/defines/resource_mailhost_spec.rb @@ -0,0 +1,385 @@ +require 'spec_helper' + +describe 'nginx::resource::mailhost' do + let :title do + 'www.rspec.example.com' + end + let :facts do + { + :osfamily => 'debian', + :operatingsystem => 'debian', + :kernel => 'Linux', + :ipaddress6 => '::', + } + end + let :default_params do + { + :listen_port => 25, + :ipv6_enable => true, + } + end + let :pre_condition do + [ + 'include ::nginx::config', + ] + end + + describe 'os-independent items' do + + describe 'basic assumptions' do + let :params do default_params end + it { should include_class("nginx::config") } + it { should contain_file("/tmp/nginx.mail.d/#{title}-001") } + it { should_not contain_file("/tmp/nginx.mail.d/#{title}-700-ssl") } + end + + describe "mailhost template content" do + [ + { + :title => 'should set the IPv4 listen IP', + :attr => 'listen_ip', + :value => '127.0.0.1', + :match => ' listen 127.0.0.1:25 ;', #TODO + }, + { + :title => 'should set the IPv4 listen port', + :attr => 'listen_port', + :value => '45', + :match => ' listen *:45 ;', #TODO + }, + { + :title => 'should set the IPv4 listen options', + :attr => 'listen_options', + :value => 'spdy default', + :match => ' listen *:25 spdy default;', + }, + { + :title => 'should enable IPv6', + :attr => 'ipv6_enable', + :value => true, + :match => ' listen [::]:80 default ipv6only=on;', + }, + { + :title => 'should not enable IPv6', + :attr => 'ipv6_enable', + :value => false, + :notmatch => ' listen [::]:80 default ipv6only=on;', + }, + { + :title => 'should set the IPv6 listen IP', + :attr => 'ipv6_listen_ip', + :value => '2001:0db8:85a3:0000:0000:8a2e:0370:7334', + :match => ' listen [2001:0db8:85a3:0000:0000:8a2e:0370:7334]:80 default ipv6only=on;', + }, + { + :title => 'should set the IPv6 listen port', + :attr => 'ipv6_listen_port', + :value => '45', + :match => ' listen [::]:45 default ipv6only=on;', + }, + { + :title => 'should set the IPv6 listen options', + :attr => 'ipv6_listen_options', + :value => 'spdy', + :match => ' listen [::]:80 spdy ipv6only=on;', + }, + { + :title => 'should set servername(s)', + :attr => 'server_name', + :value => ['name1','name2'], + :match => ' server_name name1 name2;', + }, + { + :title => 'should set protocol', + :attr => 'protocol', + :value => 'test-protocol', + :match => ' protocol test-protocol;', + }, + { + :title => 'should set xclient', + :attr => 'xclient', + :value => 'test-xclient', + :match => ' xclient test-xclient;', + }, + { + :title => 'should set auth_http', + :attr => 'auth_http', + :value => 'test-auth_http', + :match => ' auth_http test-auth_http;', + }, + { + :title => 'should set starttls', + :attr => 'starttls', + :value => 'test-starttls', + :match => ' starttls test-starttls;', + }, + ].each do |param| + context "when #{param[:attr]} is #{param[:value]}" do + let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end + + it { should contain_file("/tmp/nginx.mail.d/#{title}-001").with_mode('0644') } + it param[:title] do + verify_contents(subject, "/tmp/nginx.mail.d/#{title}-001", Array(param[:match])) + lines = subject.resource('file', "/tmp/nginx.mail.d/#{title}-001").send(:parameters)[:content].split("\n") + (Array(param[:notmatch]).collect { |x| lines.grep x }.flatten).should be_empty + end + end + end + end + + describe "mailhost template content (SSL enabled)" do + [ + { + :title => 'should enable SSL', + :attr => 'starttls', + :value => 'on', + :match => ' ssl_session_timeout 5m;', + }, + { + :title => 'should enable SSL', + :attr => 'starttls', + :value => 'only', + :match => ' ssl_session_timeout 5m;', + }, + { + :title => 'should not enable SSL', + :attr => 'starttls', + :value => false, + :notmatch => ' ssl_session_timeout 5m;', + }, + { + :title => 'should set ssl_certificate', + :attr => 'ssl_cert', + :value => 'test-ssl-cert', + :match => ' ssl_certificate test-ssl-cert;', + }, + { + :title => 'should set ssl_certificate_key', + :attr => 'ssl_key', + :value => 'test-ssl-cert-key', + :match => ' ssl_certificate_key test-ssl-cert-key;', + }, + ].each do |param| + context "when #{param[:attr]} is #{param[:value]}" do + let :default_params do { + :listen_port => 25, + :starttls => 'on', + :ssl_cert => 'dummy.crt', + :ssl_key => 'dummy.key', + } end + let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end + + it { should contain_file("/tmp/nginx.mail.d/#{title}-001").with_mode('0644') } + it param[:title] do + verify_contents(subject, "/tmp/nginx.mail.d/#{title}-001", Array(param[:match])) + lines = subject.resource('file', "/tmp/nginx.mail.d/#{title}-001").send(:parameters)[:content].split("\n") + (Array(param[:notmatch]).collect { |x| lines.grep x }.flatten).should be_empty + end + end + end + end + + describe "mailhost_ssl template content" do + [ + { + :title => 'should set the IPv4 SSL listen port', + :attr => 'ssl_port', + :value => '45', + :match => ' listen 45;', + }, + { + :title => 'should enable IPv6', + :attr => 'ipv6_enable', + :value => true, + :match => ' listen [::]:80 default ipv6only=on;', + }, + { + :title => 'should not enable IPv6', + :attr => 'ipv6_enable', + :value => false, + :notmatch => ' listen [::]:80 default ipv6only=on;', + }, + { + :title => 'should set the IPv6 listen IP', + :attr => 'ipv6_listen_ip', + :value => '2001:0db8:85a3:0000:0000:8a2e:0370:7334', + :match => ' listen [2001:0db8:85a3:0000:0000:8a2e:0370:7334]:80 default ipv6only=on;', + }, + { + :title => 'should set the IPv6 listen port', + :attr => 'ipv6_listen_port', + :value => '45', + :match => ' listen [::]:45 default ipv6only=on;', + }, + { + :title => 'should set the IPv6 listen options', + :attr => 'ipv6_listen_options', + :value => 'spdy', + :match => ' listen [::]:80 spdy ipv6only=on;', + }, + { + :title => 'should set servername(s)', + :attr => 'server_name', + :value => ['name1','name2'], + :match => ' server_name name1 name2;', + }, + { + :title => 'should set protocol', + :attr => 'protocol', + :value => 'test-protocol', + :match => ' protocol test-protocol;', + }, + { + :title => 'should set xclient', + :attr => 'xclient', + :value => 'test-xclient', + :match => ' xclient test-xclient;', + }, + { + :title => 'should set auth_http', + :attr => 'auth_http', + :value => 'test-auth_http', + :match => ' auth_http test-auth_http;', + }, + { + :title => 'should set ssl_certificate', + :attr => 'ssl_cert', + :value => 'test-ssl-cert', + :match => ' ssl_certificate test-ssl-cert;', + }, + { + :title => 'should set ssl_certificate_key', + :attr => 'ssl_key', + :value => 'test-ssl-cert-key', + :match => ' ssl_certificate_key test-ssl-cert-key;', + }, + ].each do |param| + context "when #{param[:attr]} is #{param[:value]}" do + let :default_params do { + :listen_port => 25, + :ipv6_enable => true, + :ssl => true, + :ssl_cert => 'dummy.crt', + :ssl_key => 'dummy.key', + } end + let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end + + it { should contain_file("/tmp/nginx.mail.d/#{title}-700-ssl").with_mode('0644') } + it param[:title] do + verify_contents(subject, "/tmp/nginx.mail.d/#{title}-700-ssl", Array(param[:match])) + lines = subject.resource('file', "/tmp/nginx.mail.d/#{title}-001").send(:parameters)[:content].split("\n") + (Array(param[:notmatch]).collect { |x| lines.grep x }.flatten).should be_empty + end + end + end + end + + context 'attribute resources' do + context "SSL cert missing and ssl => true" do + let :params do default_params.merge({ + :ssl => true, + :ssl_key => 'key', + }) end + + it { expect { should contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) } + end + + context "SSL key missing and ssl => true" do + let :params do default_params.merge({ + :ssl => true, + :ssl_cert => 'cert', + }) end + + it { expect { should contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) } + end + + context "SSL cert missing and starttls => 'on'" do + let :params do default_params.merge({ + :starttls => 'on', + :ssl_key => 'key', + }) end + + it { expect { should contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) } + end + + context "SSL key missing and starttls => 'on'" do + let :params do default_params.merge({ + :starttls => 'on', + :ssl_cert => 'cert', + }) end + + it { expect { should contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) } + end + + context "SSL cert missing and starttls => 'only'" do + let :params do default_params.merge({ + :starttls => 'only', + :ssl_key => 'key', + }) end + + it { expect { should contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) } + end + + context "SSL key missing and starttls => 'only'" do + let :params do default_params.merge({ + :starttls => 'only', + :ssl_cert => 'cert', + }) end + + it { expect { should contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) } + end + + context 'when listen_port != ssl_port' do + let :params do default_params.merge({ + :listen_port => 80, + :ssl_port => 443, + }) end + + it { should contain_file("/tmp/nginx.mail.d/#{title}-001") } + end + + context 'when listen_port == ssl_port' do + let :params do default_params.merge({ + :listen_port => 80, + :ssl_port => 80, + }) end + + it { should_not contain_file("/tmp/nginx.mail.d/#{title}-001") } + end + + context 'when ensure => absent' do + let :params do default_params.merge({ + :ensure => 'absent', + :ssl => true, + :ssl_key => 'dummy.key', + :ssl_cert => 'dummy.cert', + }) end + + it { should contain_file("/tmp/nginx.mail.d/#{title}-001").with_ensure('absent') } + it { should contain_file("/tmp/nginx.mail.d/#{title}-700-ssl").with_ensure('absent') } + end + + context 'when ssl => true' do + let :params do default_params.merge({ + :ensure => 'absent', + :ssl => true, + :ssl_key => 'dummy.key', + :ssl_cert => 'dummy.cert', + }) end + + it { should contain_file("/tmp/nginx.mail.d/#{title}-001") } + it { should contain_file("/tmp/nginx.mail.d/#{title}-700-ssl") } + end + + context 'when ssl => false' do + let :params do default_params.merge({ + :ensure => 'absent', + :ssl => false, + }) end + + it { should contain_file("/tmp/nginx.mail.d/#{title}-001") } + it { should_not contain_file("/tmp/nginx.mail.d/#{title}-700-ssl") } + end + end + end +end diff --git a/spec/defines/resource_upstream_spec.rb b/spec/defines/resource_upstream_spec.rb new file mode 100644 index 000000000..5e0a6ca6f --- /dev/null +++ b/spec/defines/resource_upstream_spec.rb @@ -0,0 +1,86 @@ +require 'spec_helper' + +describe 'nginx::resource::upstream' do + let :title do + 'upstream-test' + end + + let :default_params do + { + :members => ['test'], + } + end + + describe 'os-independent items' do + + describe 'basic assumptions' do + let :params do default_params end + + it { should contain_file("/etc/nginx/conf.d/#{title}-upstream.conf").with( + { + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644', + 'ensure' => 'file', + 'content' => /upstream #{title}/, + } + )} + end + + describe "upstream.conf template content" do + [ + { + :title => 'should contain ordered prepended directives', + :attr => 'upstream_cfg_prepend', + :value => { + 'test3' => 'test value 3', + 'test1' => 'test value 1', + 'test2' => 'test value 2', + }, + :match => [ + ' test1 test value 1;', + ' test2 test value 2;', + #TODO: fix this output in the template; should be no trailing + #spaces + ' test3 test value 3; ', + ], + }, + { + :title => 'should set server', + :attr => 'members', + :value => [ + 'test3', + 'test1', + 'test2', + ], + :match => [ + ' server test3;', + ' server test1;', + ' server test2;', + ], + }, + ].each do |param| + context "when #{param[:attr]} is #{param[:value]}" do + let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end + + it { should contain_file("/etc/nginx/conf.d/#{title}-upstream.conf").with_mode('0644') } + it param[:title] do + verify_contents(subject, "/etc/nginx/conf.d/#{title}-upstream.conf", Array(param[:match])) + lines = subject.resource('file', "/etc/nginx/conf.d/#{title}-upstream.conf").send(:parameters)[:content].split("\n") + (Array(param[:notmatch]).collect { |x| lines.grep x }.flatten).should be_empty + end + end + end + + context 'when ensure => absent' do + let :params do default_params.merge( + { + :ensure => 'absent' + } + ) end + + it { should contain_file("/etc/nginx/conf.d/#{title}-upstream.conf").with_ensure('absent') } + end + end + end +end diff --git a/spec/defines/resource_vhost_spec.rb b/spec/defines/resource_vhost_spec.rb new file mode 100644 index 000000000..f2703fe8e --- /dev/null +++ b/spec/defines/resource_vhost_spec.rb @@ -0,0 +1,619 @@ +require 'spec_helper' + +describe 'nginx::resource::vhost' do + let :title do + 'www.rspec.example.com' + end + let :default_params do + { + :www_root => '/', + :ipv6_enable => 'true', + } + end + let :facts do + { + :osfamily => 'Debian', + :operatingsystem => 'debian', + :kernel => 'Linux', + :ipaddress6 => '::', + } + end + let :pre_condition do + [ + 'include ::nginx::params', + 'include ::nginx::config', + ] + end + + describe 'os-independent items' do + + describe 'basic assumptions' do + let :params do default_params end + it { should include_class("nginx::params") } + it { should include_class("nginx::config") } + it { should contain_file("/tmp/nginx.d/#{title}-001").with_content(%r{access_log[ ]+/var/log/nginx/www\.rspec\.example\.com\.access\.log}) } + it { should contain_file("/tmp/nginx.d/#{title}-001").with_content(%r{error_log[ ]+/var/log/nginx/www\.rspec\.example\.com\.error\.log}) } + it { should contain_nginx__resource__location("#{title}-default") } + it { should contain_file("/tmp/nginx.d/#{title}-699") } + it { should_not contain_file("/etc/nginx/fastcgi_params") } + end + + describe "vhost_header template content" do + [ + { + :title => 'should set the IPv4 listen IP', + :attr => 'listen_ip', + :value => '127.0.0.1', + :match => ' listen 127.0.0.1:80;', + }, + { + :title => 'should set the IPv4 listen port', + :attr => 'listen_port', + :value => '45', + :match => ' listen *:45;', + }, + { + :title => 'should set the IPv4 listen options', + :attr => 'listen_options', + :value => 'spdy default', + :match => ' listen *:80 spdy default;', + }, + { + :title => 'should enable IPv6', + :attr => 'ipv6_enable', + :value => 'true', + :match => ' listen [::]:80 default ipv6only=on;', + }, + #{ + # :title => 'should enable IPv6', + # :attr => 'ipv6_enable', + # :value => true, + # :match => ' listen [::]:80 default ipv6only=on;', + #}, + { + :title => 'should not enable IPv6', + :attr => 'ipv6_enable', + :value => false, + :notmatch => ' listen [::]:80 default ipv6only=on;', + }, + { + :title => 'should set the IPv6 listen IP', + :attr => 'ipv6_listen_ip', + :value => '2001:0db8:85a3:0000:0000:8a2e:0370:7334', + :match => ' listen [2001:0db8:85a3:0000:0000:8a2e:0370:7334]:80 default ipv6only=on;', + }, + { + :title => 'should set the IPv6 listen port', + :attr => 'ipv6_listen_port', + :value => '45', + :match => ' listen [::]:45 default ipv6only=on;', + }, + { + :title => 'should set the IPv6 listen options', + :attr => 'ipv6_listen_options', + :value => 'spdy', + :match => ' listen [::]:80 spdy ipv6only=on;', + }, + { + :title => 'should set servername(s)', + :attr => 'server_name', + :value => ['name1','name2'], + :match => ' server_name name1 name2;', + }, + { + :title => 'should rewrite www servername to non-www', + :attr => 'rewrite_www_to_non_www', + :value => true, + :match => ' server_name rspec.example.com;', + }, + { + :title => 'should not rewrite www servername to non-www', + :attr => 'rewrite_www_to_non_www', + :value => false, + :match => ' server_name www.rspec.example.com;', + }, + { + :title => 'should set auth_basic', + :attr => 'auth_basic', + :value => 'value', + :match => ' auth_basic "value";', + }, + { + :title => 'should set auth_basic_user_file', + :attr => 'auth_basic_user_file', + :value => 'value', + :match => ' auth_basic_user_file value;', + }, + { + :title => 'should contain ordered prepended directives', + :attr => 'vhost_cfg_prepend', + :value => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' }, + :match => [ + ' allow test value 3;', + ' test1 test value 1;', + ' test2 test value 2;', + ], + }, + #{ + # :title => 'should set root', + # :attr => 'use_default_location', + # :value => false, + # :match => ' root /;', + #}, + { + :title => 'should not set root', + :attr => 'use_default_location', + :value => true, + :notmatch => ' root /;', + }, + { + :title => 'should set proxy_set_header', + :attr => 'proxy_set_header', + :value => ['header1','header2'], + :match => [ + ' proxy_set_header header1;', + ' proxy_set_header header2;', + ], + }, + { + :title => 'should rewrite to HTTPS', + :attr => 'rewrite_to_https', + :value => true, + :match => [ + ' if ($ssl_protocol = "") {', + ' return 301 https://$host$request_uri;', + ], + }, + { + :title => 'should not rewrite to HTTPS', + :attr => 'rewrite_to_https', + :value => false, + :notmatch => [ + ' if ($ssl_protocol = "") {', + ' return 301 https://$host$request_uri;', + ], + }, + { + :title => 'should set access_log', + :attr => 'access_log', + :value => '/path/to/access.log', + :match => ' access_log /path/to/access.log;', + }, + { + :title => 'should set error_log', + :attr => 'error_log', + :value => '/path/to/error.log', + :match => ' error_log /path/to/error.log;', + }, + ].each do |param| + context "when #{param[:attr]} is #{param[:value]}" do + let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end + + it { should contain_file("/tmp/nginx.d/#{title}-001").with_mode('0644') } + it param[:title] do + verify_contents(subject, "/tmp/nginx.d/#{title}-001", Array(param[:match])) + lines = subject.resource('file', "/tmp/nginx.d/#{title}-001").send(:parameters)[:content].split("\n") + (Array(param[:notmatch]).collect { |x| lines.grep x }.flatten).should be_empty + end + end + end + end + + describe "vhost_footer template content" do + [ + { + :title => 'should contain include directives', + :attr => 'include_files', + :value => [ '/file1', '/file2' ], + :match => [ + 'include /file1;', + 'include /file2;', + ], + }, + { + :title => 'should contain ordered appended directives', + :attr => 'vhost_cfg_append', + :value => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' }, + :match => [ + ' allow test value 3;', + ' test1 test value 1;', + ' test2 test value 2;', + ], + }, + { + :title => 'should contain www to non-www rewrite', + :attr => 'rewrite_www_to_non_www', + :value => true, + :match => [ + ' listen *:80;', + ' server_name www.rspec.example.com;', + ' rewrite ^ http://rspec.example.com$uri permanent;', + ], + }, + { + :title => 'should not contain www to non-www rewrite', + :attr => 'rewrite_www_to_non_www', + :value => false, + :notmatch => [ + ' listen *:80;', + ' server_name www.rspec.example.com;', + ' rewrite ^ http://rspec.example.com$uri permanent;', + ], + }, + ].each do |param| + context "when #{param[:attr]} is #{param[:value]}" do + let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end + + it { should contain_file("/tmp/nginx.d/#{title}-699").with_mode('0644') } + it param[:title] do + verify_contents(subject, "/tmp/nginx.d/#{title}-699", Array(param[:match])) + lines = subject.resource('file', "/tmp/nginx.d/#{title}-699").send(:parameters)[:content].split("\n") + (Array(param[:notmatch]).collect { |x| lines.grep x }.flatten).should be_empty + end + end + end + end + + describe "vhost_ssl_header template content" do + [ + { + :title => 'should set the IPv4 listen IP', + :attr => 'listen_ip', + :value => '127.0.0.1', + :match => ' listen 127.0.0.1:443 ssl;', + }, + { + :title => 'should set the IPv4 SSL listen port', + :attr => 'ssl_port', + :value => '45', + :match => ' listen *:45 ssl;', + }, + { + :title => 'should set SPDY', + :attr => 'spdy', + :value => 'on', + :match => ' listen *:443 ssl spdy;', + }, + { + :title => 'should not set SPDY', + :attr => 'spdy', + :value => 'off', + :match => ' listen *:443 ssl;', + }, + { + :title => 'should set the IPv4 listen options', + :attr => 'listen_options', + :value => 'default', +#TODO: fix me in template + :match => ' listen *:443 ssldefault;', + }, +# { +# :title => 'should enable IPv6', +# :attr => 'ipv6_enable', +# :value => 'true', +# :match => ' listen [::]:80 default ipv6only=on;', +# }, +# { +# :title => 'should enable IPv6', +# :attr => 'ipv6_enable', +# :value => true, +# :match => ' listen [::]:80 default ipv6only=on;', +# }, + { + :title => 'should disable IPv6', + :attr => 'ipv6_enable', + :value => 'false', + :notmatch => ' listen [::]:80 default ipv6only=on;', + }, +# { +# :title => 'should set the IPv6 listen IP', +# :attr => 'ipv6_listen_ip', +# :value => '2001:0db8:85a3:0000:0000:8a2e:0370:7334', +# :match => ' listen [2001:0db8:85a3:0000:0000:8a2e:0370:7334]:80 default ipv6only=on;', +# }, +# { +# :title => 'should set the IPv6 listen port', +# :attr => 'ipv6_listen_port', +# :value => '45', +# :match => ' listen [::]:45 default ipv6only=on;', +# }, +# { +# :title => 'should set the IPv6 listen options', +# :attr => 'ipv6_listen_options', +# :value => 'spdy default', +# :match => ' listen [::]:80 spdy default ipv6only=on;', +# }, + { + :title => 'should set servername(s)', + :attr => 'server_name', + :value => ['name1','name2'], + :match => ' server_name name1 name2;', + }, + { + :title => 'should rewrite www servername to non-www', + :attr => 'rewrite_www_to_non_www', + :value => true, + :match => ' server_name rspec.example.com;', + }, + { + :title => 'should not rewrite www servername to non-www', + :attr => 'rewrite_www_to_non_www', + :value => false, + :match => ' server_name www.rspec.example.com;', + }, + { + :title => 'should set the SSL cache', + :attr => 'ssl_cache', + :value => 'shared:SSL:1m', + :match => ' ssl_session_cache shared:SSL:1m;', + }, + { + :title => 'should set the SSL protocols', + :attr => 'ssl_protocols', + :value => 'SSLv3', + :match => ' ssl_protocols SSLv3;', + }, + { + :title => 'should set the SSL ciphers', + :attr => 'ssl_ciphers', + :value => 'HIGH', + :match => ' ssl_ciphers HIGH;', + }, + { + :title => 'should set auth_basic', + :attr => 'auth_basic', + :value => 'value', + :match => ' auth_basic "value";', + }, + { + :title => 'should set auth_basic_user_file', + :attr => 'auth_basic_user_file', + :value => 'value', + :match => ' auth_basic_user_file "value";', + }, + { + :title => 'should set access_log', + :attr => 'access_log', + :value => '/path/to/access.log', + :match => ' access_log /path/to/access.log;', + }, + { + :title => 'should set error_log', + :attr => 'error_log', + :value => '/path/to/error.log', + :match => ' error_log /path/to/error.log;', + }, + { + :title => 'should set root', + :attr => 'use_default_location', + :value => false, + :match => ' root /;', + }, + { + :title => 'should not set root', + :attr => 'use_default_location', + :value => true, + :notmatch => ' root /;', + }, + ].each do |param| + context "when #{param[:attr]} is #{param[:value]}" do + let :params do default_params.merge({ + param[:attr].to_sym => param[:value], + :ssl => true, + :ssl_key => 'dummy.key', + :ssl_cert => 'dummy.crt', + }) end + it { should contain_file("/tmp/nginx.d/#{title}-300-ssl").with_mode('0644') } + it param[:title] do + verify_contents(subject, "/tmp/nginx.d/#{title}-300-ssl", Array(param[:match])) + lines = subject.resource('file', "/tmp/nginx.d/#{title}-300-ssl").send(:parameters)[:content].split("\n") + (Array(param[:notmatch]).collect { |x| lines.grep x }.flatten).should be_empty + end + end + end + end + + describe "vhost_ssl_footer template content" do + [ + { + :title => 'should contain include directives', + :attr => 'include_files', + :value => [ '/file1', '/file2' ], + :match => [ + 'include /file1;', + 'include /file2;', + ], + }, + #{ + # :title => 'should contain ordered appended directives', + # :attr => 'vhost_cfg_append', + # :value => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' }, + # :match => [ + # ' allow test value 3;', + # ' test1 test value 1;', + # ' test2 test value 2;', + # ] + #}, + { + :title => 'should contain www to non-www rewrite', + :attr => 'rewrite_www_to_non_www', + :value => true, + :match => [ + ' listen *:443 ssl;', + ' server_name www.rspec.example.com;', + ' rewrite ^ https://rspec.example.com$uri permanent;', + ], + }, + { + :title => 'should not contain www to non-www rewrite', + :attr => 'rewrite_www_to_non_www', + :value => false, + :notmatch => [ + ' listen *:443 ssl;', + ' server_name www.rspec.example.com;', + ' rewrite ^ https://rspec.example.com$uri permanent;', + ], + }, + ].each do |param| + context "when #{param[:attr]} is #{param[:value]}" do + let :params do default_params.merge({ + param[:attr].to_sym => param[:value], + :ssl => true, + :ssl_key => 'dummy.key', + :ssl_cert => 'dummy.crt', + }) end + + it { should contain_file("/tmp/nginx.d/#{title}-999-ssl").with_mode('0644') } + it param[:title] do + verify_contents(subject, "/tmp/nginx.d/#{title}-999-ssl", Array(param[:match])) + lines = subject.resource('file', "/tmp/nginx.d/#{title}-999-ssl").send(:parameters)[:content].split("\n") + (Array(param[:notmatch]).collect { |x| lines.grep x }.flatten).should be_empty + end + end + end + end + context 'attribute resources' do + context "SSL cert missing" do + let(:params) {{ :ssl => true, :ssl_key => 'key' }} + + it { expect { should contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) } + end + + context "SSL key missing" do + let(:params) {{ :ssl => true, :ssl_cert => 'cert' }} + + it { expect { should contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) } + end + + context 'when use_default_location => true' do + let :params do default_params.merge({ + :use_default_location => true, + }) end + + it { should contain_nginx__resource__location("#{title}-default") } + end + + context 'when use_default_location => false' do + let :params do default_params.merge({ + :use_default_location => false, + }) end + + it { should_not contain_nginx__resource__location("#{title}-default") } + end + + context 'when location_cfg_prepend => { key => value }' do + let :params do default_params.merge({ + :location_cfg_prepend => { 'key' => 'value' }, + }) end + + it { should contain_nginx__resource__location("#{title}-default").with_location_cfg_prepend({ 'key' => 'value' }) } + end + + context 'when location_cfg_append => { key => value }' do + let :params do default_params.merge({ + :location_cfg_append => { 'key' => 'value' }, + }) end + + it { should contain_nginx__resource__location("#{title}-default").with_location_cfg_append({ 'key' => 'value' }) } + end + + context 'when fastcgi => true' do + let :params do default_params.merge({ + :fastcgi => true, + }) end + + it { should contain_file('/etc/nginx/fastcgi_params').with_mode('0770') } + end + + context 'when listen_port == ssl_port' do + let :params do default_params.merge({ + :listen_port => 80, + :ssl_port => 80, + }) end + + it { should_not contain_file("/tmp/nginx.d/#{title}-001") } + it { should_not contain_file("/tmp/nginx.d/#{title}-699") } + end + + context 'when listen_port != ssl_port' do + let :params do default_params.merge({ + :listen_port => 80, + :ssl_port => 443, + }) end + + it { should contain_file("/tmp/nginx.d/#{title}-001") } + it { should contain_file("/tmp/nginx.d/#{title}-699") } + end + + context 'when ensure => absent' do + let :params do default_params.merge({ + :ensure => 'absent', + :ssl => true, + :ssl_key => 'dummy.key', + :ssl_cert => 'dummy.cert', + }) end + + it { should contain_file("/tmp/nginx.d/#{title}-001").with_ensure('absent') } + it { should contain_file("/tmp/nginx.d/#{title}-699").with_ensure('absent') } + it { should contain_file("/tmp/nginx.d/#{title}-300-ssl").with_ensure('absent') } + it { should contain_file("/tmp/nginx.d/#{title}-999-ssl").with_ensure('absent') } + it { should contain_nginx__resource__location("#{title}-default").with_ensure('absent') } + end + + context 'when ssl => true and ssl_port == listen_port' do + let :params do default_params.merge({ + :ssl => true, + :listen_port => 80, + :ssl_port => 80, + :ssl_key => 'dummy.key', + :ssl_cert => 'dummy.cert', + }) end + + it { should contain_nginx__resource__location("#{title}-default").with_ssl_only(true) } + it { should contain_file("/tmp/nginx.d/#{title}-300-ssl").with_content(%r{access_log[ ]+/var/log/nginx/ssl-www\.rspec\.example\.com\.access\.log}) } + it { should contain_file("/tmp/nginx.d/#{title}-300-ssl").with_content(%r{error_log[ ]+/var/log/nginx/ssl-www\.rspec\.example\.com\.error\.log}) } + it { should contain_file("/tmp/nginx.d/#{title}-999-ssl") } + it { should contain_file("/etc/nginx/#{title}.crt") } + it { should contain_file("/etc/nginx/#{title}.key") } + end + + context 'when passenger_cgi_param is set' do + let :params do default_params.merge({ + :passenger_cgi_param => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'test3' => 'test value 3' } + }) end + + it { should contain_file("/tmp/nginx.d/#{title}-001").with_content( /passenger_set_cgi_param test1 test value 1;/ ) } + it { should contain_file("/tmp/nginx.d/#{title}-001").with_content( /passenger_set_cgi_param test2 test value 2;/ ) } + it { should contain_file("/tmp/nginx.d/#{title}-001").with_content( /passenger_set_cgi_param test3 test value 3;/ ) } + end + + context 'when passenger_cgi_param is set and ssl => true' do + let :params do default_params.merge({ + :passenger_cgi_param => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'test3' => 'test value 3' }, + :ssl => true, + :ssl_key => 'dummy.key', + :ssl_cert => 'dummy.cert', + }) end + + it { should contain_file("/tmp/nginx.d/#{title}-300-ssl").with_content( /passenger_set_cgi_param test1 test value 1;/ ) } + it { should contain_file("/tmp/nginx.d/#{title}-300-ssl").with_content( /passenger_set_cgi_param test2 test value 2;/ ) } + it { should contain_file("/tmp/nginx.d/#{title}-300-ssl").with_content( /passenger_set_cgi_param test3 test value 3;/ ) } + end + + context 'when vhost_cfg_append is set and ssl => true' do + let :params do default_params.merge({ + :vhost_cfg_append => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' }, + :ssl => true, + :ssl_key => 'dummy.key', + :ssl_cert => 'dummy.cert', + }) end + + #TODO: reenable disabled test above and remove this block entirely if template is updated to order + #these as for the other templates + it { should contain_file("/tmp/nginx.d/#{title}-999-ssl").with_content( /test1 test value 1;/ ) } + it { should contain_file("/tmp/nginx.d/#{title}-999-ssl").with_content( /test2 test value 2;/ ) } + it { should contain_file("/tmp/nginx.d/#{title}-999-ssl").with_content( /allow test value 3;/ ) } + end + end + end +end From 4204dc908b5da871db69b41a58dba66905823262 Mon Sep 17 00:00:00 2001 From: Matthew Haughton Date: Thu, 21 Nov 2013 22:23:44 -0500 Subject: [PATCH 02/10] Revert "Update vhost.pp" This reverts commit 5ee2f65. Fixes #186 --- manifests/resource/vhost.pp | 2 +- spec/defines/resource_vhost_spec.rb | 18 +++++++++--------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/manifests/resource/vhost.pp b/manifests/resource/vhost.pp index 2b1ae83e2..15f167f41 100644 --- a/manifests/resource/vhost.pp +++ b/manifests/resource/vhost.pp @@ -260,7 +260,7 @@ undef => "${nginx::params::nx_logdir}/ssl-${domain_log_name}.error.log", default => $error_log, } - file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-300-ssl": + file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-700-ssl": ensure => $ensure ? { 'absent' => absent, default => 'file', diff --git a/spec/defines/resource_vhost_spec.rb b/spec/defines/resource_vhost_spec.rb index f2703fe8e..4b8441588 100644 --- a/spec/defines/resource_vhost_spec.rb +++ b/spec/defines/resource_vhost_spec.rb @@ -403,10 +403,10 @@ :ssl_key => 'dummy.key', :ssl_cert => 'dummy.crt', }) end - it { should contain_file("/tmp/nginx.d/#{title}-300-ssl").with_mode('0644') } + it { should contain_file("/tmp/nginx.d/#{title}-700-ssl").with_mode('0644') } it param[:title] do - verify_contents(subject, "/tmp/nginx.d/#{title}-300-ssl", Array(param[:match])) - lines = subject.resource('file', "/tmp/nginx.d/#{title}-300-ssl").send(:parameters)[:content].split("\n") + verify_contents(subject, "/tmp/nginx.d/#{title}-700-ssl", Array(param[:match])) + lines = subject.resource('file', "/tmp/nginx.d/#{title}-700-ssl").send(:parameters)[:content].split("\n") (Array(param[:notmatch]).collect { |x| lines.grep x }.flatten).should be_empty end end @@ -555,7 +555,7 @@ it { should contain_file("/tmp/nginx.d/#{title}-001").with_ensure('absent') } it { should contain_file("/tmp/nginx.d/#{title}-699").with_ensure('absent') } - it { should contain_file("/tmp/nginx.d/#{title}-300-ssl").with_ensure('absent') } + it { should contain_file("/tmp/nginx.d/#{title}-700-ssl").with_ensure('absent') } it { should contain_file("/tmp/nginx.d/#{title}-999-ssl").with_ensure('absent') } it { should contain_nginx__resource__location("#{title}-default").with_ensure('absent') } end @@ -570,8 +570,8 @@ }) end it { should contain_nginx__resource__location("#{title}-default").with_ssl_only(true) } - it { should contain_file("/tmp/nginx.d/#{title}-300-ssl").with_content(%r{access_log[ ]+/var/log/nginx/ssl-www\.rspec\.example\.com\.access\.log}) } - it { should contain_file("/tmp/nginx.d/#{title}-300-ssl").with_content(%r{error_log[ ]+/var/log/nginx/ssl-www\.rspec\.example\.com\.error\.log}) } + it { should contain_file("/tmp/nginx.d/#{title}-700-ssl").with_content(%r{access_log[ ]+/var/log/nginx/ssl-www\.rspec\.example\.com\.access\.log}) } + it { should contain_file("/tmp/nginx.d/#{title}-700-ssl").with_content(%r{error_log[ ]+/var/log/nginx/ssl-www\.rspec\.example\.com\.error\.log}) } it { should contain_file("/tmp/nginx.d/#{title}-999-ssl") } it { should contain_file("/etc/nginx/#{title}.crt") } it { should contain_file("/etc/nginx/#{title}.key") } @@ -595,9 +595,9 @@ :ssl_cert => 'dummy.cert', }) end - it { should contain_file("/tmp/nginx.d/#{title}-300-ssl").with_content( /passenger_set_cgi_param test1 test value 1;/ ) } - it { should contain_file("/tmp/nginx.d/#{title}-300-ssl").with_content( /passenger_set_cgi_param test2 test value 2;/ ) } - it { should contain_file("/tmp/nginx.d/#{title}-300-ssl").with_content( /passenger_set_cgi_param test3 test value 3;/ ) } + it { should contain_file("/tmp/nginx.d/#{title}-700-ssl").with_content( /passenger_set_cgi_param test1 test value 1;/ ) } + it { should contain_file("/tmp/nginx.d/#{title}-700-ssl").with_content( /passenger_set_cgi_param test2 test value 2;/ ) } + it { should contain_file("/tmp/nginx.d/#{title}-700-ssl").with_content( /passenger_set_cgi_param test3 test value 3;/ ) } end context 'when vhost_cfg_append is set and ssl => true' do From 3024f2927d10dcfbd7d7b8239b1559514f5f2a4d Mon Sep 17 00:00:00 2001 From: Matthew Haughton Date: Thu, 21 Nov 2013 22:32:23 -0500 Subject: [PATCH 03/10] fix IPv6 address fact detection --- spec/defines/resource_vhost_spec.rb | 48 ++++++++++++++-------------- templates/vhost/vhost_ssl_header.erb | 2 +- 2 files changed, 25 insertions(+), 25 deletions(-) diff --git a/spec/defines/resource_vhost_spec.rb b/spec/defines/resource_vhost_spec.rb index 4b8441588..303e2d6fa 100644 --- a/spec/defines/resource_vhost_spec.rb +++ b/spec/defines/resource_vhost_spec.rb @@ -290,39 +290,39 @@ # { # :title => 'should enable IPv6', # :attr => 'ipv6_enable', -# :value => 'true', -# :match => ' listen [::]:80 default ipv6only=on;', -# }, -# { -# :title => 'should enable IPv6', -# :attr => 'ipv6_enable', # :value => true, # :match => ' listen [::]:80 default ipv6only=on;', # }, + { + :title => 'should enable IPv6', + :attr => 'ipv6_enable', + :value => 'true', + :match => ' listen [::]:80 default ipv6only=on;', + }, { :title => 'should disable IPv6', :attr => 'ipv6_enable', :value => 'false', :notmatch => ' listen [::]:80 default ipv6only=on;', }, -# { -# :title => 'should set the IPv6 listen IP', -# :attr => 'ipv6_listen_ip', -# :value => '2001:0db8:85a3:0000:0000:8a2e:0370:7334', -# :match => ' listen [2001:0db8:85a3:0000:0000:8a2e:0370:7334]:80 default ipv6only=on;', -# }, -# { -# :title => 'should set the IPv6 listen port', -# :attr => 'ipv6_listen_port', -# :value => '45', -# :match => ' listen [::]:45 default ipv6only=on;', -# }, -# { -# :title => 'should set the IPv6 listen options', -# :attr => 'ipv6_listen_options', -# :value => 'spdy default', -# :match => ' listen [::]:80 spdy default ipv6only=on;', -# }, + { + :title => 'should set the IPv6 listen IP', + :attr => 'ipv6_listen_ip', + :value => '2001:0db8:85a3:0000:0000:8a2e:0370:7334', + :match => ' listen [2001:0db8:85a3:0000:0000:8a2e:0370:7334]:80 default ipv6only=on;', + }, + { + :title => 'should set the IPv6 listen port', + :attr => 'ipv6_listen_port', + :value => '45', + :match => ' listen [::]:45 default ipv6only=on;', + }, + { + :title => 'should set the IPv6 listen options', + :attr => 'ipv6_listen_options', + :value => 'spdy default', + :match => ' listen [::]:80 spdy default ipv6only=on;', + }, { :title => 'should set servername(s)', :attr => 'server_name', diff --git a/templates/vhost/vhost_ssl_header.erb b/templates/vhost/vhost_ssl_header.erb index 2de8b1e4c..258748c04 100644 --- a/templates/vhost/vhost_ssl_header.erb +++ b/templates/vhost/vhost_ssl_header.erb @@ -1,6 +1,6 @@ server { listen <%= @listen_ip %>:<%= @ssl_port %> ssl<% if @spdy == 'on' %> spdy<% end %><% if @listen_options %><%= @listen_options %><% end %>; - <% if @ipv6_enable == 'true' && (defined? ipaddress6) %> + <% if @ipv6_enable == 'true' && (defined? @ipaddress6) %> listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %> ipv6only=on; <% end %> server_name <%= @rewrite_www_to_non_www ? @name.gsub(/^www\./, '') : @server_name.join(" ") %>; From ef2a5e4f15162308d0aec393e39791d85eec97bd Mon Sep 17 00:00:00 2001 From: Matthew Haughton Date: Thu, 21 Nov 2013 22:35:44 -0500 Subject: [PATCH 04/10] fix syntax of allow/deny directives --- spec/defines/resource_location_spec.rb | 6 ++---- templates/vhost/vhost_location_directory.erb | 4 ++-- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/spec/defines/resource_location_spec.rb b/spec/defines/resource_location_spec.rb index 6d98fd7e0..a50f3e8e1 100644 --- a/spec/defines/resource_location_spec.rb +++ b/spec/defines/resource_location_spec.rb @@ -304,15 +304,13 @@ :title => 'should set the allow directive', :attr => 'location_allow', :value => ['rule1','rule2'], -#TODO: should have trailing ';' but template is faulty - :match => [' allow rule1', ' allow rule2'], + :match => [' allow rule1;', ' allow rule2;'], }, { :title => 'should set the deny directive', :attr => 'location_deny', :value => ['rule1','rule2'], -#TODO: should have trailing ';' but template is faulty - :match => [' deny rule1', ' deny rule2'], + :match => [' deny rule1;', ' deny rule2;'], }, { :title => 'should contain ordered prepended directives', diff --git a/templates/vhost/vhost_location_directory.erb b/templates/vhost/vhost_location_directory.erb index 09aa209b3..a47f444b6 100644 --- a/templates/vhost/vhost_location_directory.erb +++ b/templates/vhost/vhost_location_directory.erb @@ -1,9 +1,9 @@ location <%= @location %> { <% if @location_allow -%><% @location_allow.each do |allow_rule| -%> - allow <%= allow_rule %> + allow <%= allow_rule %>; <% end -%><% end -%> <% if @location_deny -%><% @location_deny.each do |deny_rule| -%> - deny <%= deny_rule %> + deny <%= deny_rule %>; <% end -%><% end -%> <% if @location_cfg_prepend -%><% @location_cfg_prepend.sort_by {|k,v| k}.each do |key,value| -%> <%= key %> <%= value %>; From c8d9ad5680c185839c865b0960f7bf9e53a976a8 Mon Sep 17 00:00:00 2001 From: Matthew Haughton Date: Thu, 21 Nov 2013 22:40:05 -0500 Subject: [PATCH 05/10] only ensure yum repo file when yum repo created --- manifests/package/redhat.pp | 13 +++++-------- spec/classes/package_spec.rb | 4 +--- 2 files changed, 6 insertions(+), 11 deletions(-) diff --git a/manifests/package/redhat.pp b/manifests/package/redhat.pp index ad4dcb37f..dcf49f46f 100644 --- a/manifests/package/redhat.pp +++ b/manifests/package/redhat.pp @@ -55,15 +55,12 @@ gpgkey => 'http://nginx.org/keys/nginx_signing.key', before => Package[$package_name], } - } - } - } - if $manage_repo { - #Define file for nginx-repo so puppet doesn't delete it - file { '/etc/yum.repos.d/nginx-release.repo': - ensure => present, - require => Yumrepo['nginx-release'], + file { '/etc/yum.repos.d/nginx-release.repo': + ensure => present, + require => Yumrepo['nginx-release'], + } + } } } diff --git a/spec/classes/package_spec.rb b/spec/classes/package_spec.rb index 0278d7df9..b8d2924a7 100644 --- a/spec/classes/package_spec.rb +++ b/spec/classes/package_spec.rb @@ -145,9 +145,7 @@ let(:facts) {{ :operatingsystem => 'Fedora', :osfamily => 'RedHat', :lsbmajdistrelease => 6 }} it { should contain_package('nginx') } it { should_not contain_yumrepo('nginx-release') } - # TODO: reenable this once the manifest is fixed - right now it's always being created on redhat - # when manage_repo => true - # it { should_not contain_file('/etc/yum.repos.d/nginx-release.repo') } + it { should_not contain_file('/etc/yum.repos.d/nginx-release.repo') } end context 'other' do From 4af2087867f0d8a7a027c0252ba0d4748680c386 Mon Sep 17 00:00:00 2001 From: Matthew Haughton Date: Thu, 21 Nov 2013 23:04:39 -0500 Subject: [PATCH 06/10] fix spacing issues in various templates Before this change, vhost_ssl_header would merge "ssl" with any listen options, e.g.: listen *:443 ssldefault; when listen_options => 'default'. --- spec/defines/resource_location_spec.rb | 46 ++++++++++---------- spec/defines/resource_mailhost_spec.rb | 10 ++++- spec/defines/resource_upstream_spec.rb | 4 +- spec/defines/resource_vhost_spec.rb | 9 +++- templates/conf.d/upstream.erb | 3 +- templates/mailhost/mailhost.erb | 4 +- templates/vhost/vhost_location_alias.erb | 6 ++- templates/vhost/vhost_location_directory.erb | 2 +- templates/vhost/vhost_location_fastcgi.erb | 2 +- templates/vhost/vhost_ssl_header.erb | 4 +- 10 files changed, 50 insertions(+), 40 deletions(-) diff --git a/spec/defines/resource_location_spec.rb b/spec/defines/resource_location_spec.rb index a50f3e8e1..e420007d4 100644 --- a/spec/defines/resource_location_spec.rb +++ b/spec/defines/resource_location_spec.rb @@ -121,34 +121,32 @@ :value => 'my_location', :match => ' location my_location {', }, - # TODO: fix in template so following matches - #{ - # :title => 'should contain ordered prepended directives', - # :attr => 'location_cfg_prepend', - # :value => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' }, - # :match => [ - # ' allow test value 3;', - # ' test1 test value 1;', - # ' test2 test value 2;', - # ], - #}, + { + :title => 'should contain ordered prepended directives', + :attr => 'location_cfg_prepend', + :value => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' }, + :match => [ + ' allow test value 3;', + ' test1 test value 1;', + ' test2 test value 2;', + ], + }, { :title => 'should set alias', :attr => 'location_alias', :value => 'value', :match => ' alias value;', }, - #TODO: fix in template so following matches - #{ - # :title => 'should contain ordered appended directives', - # :attr => 'location_cfg_append', - # :value => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' }, - # :match => [ - # ' allow test value 3; ', - # ' test1 test value 1; ', - # ' test2 test value 2; ', - # ], - #}, + { + :title => 'should contain ordered appended directives', + :attr => 'location_cfg_append', + :value => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' }, + :match => [ + ' allow test value 3;', + ' test1 test value 1;', + ' test2 test value 2;', + ], + }, ].each do |param| context "when #{param[:attr]} is #{param[:value]}" do let :default_params do { :location => 'location', :location_alias => 'location_alias_value', :vhost => 'vhost1' } end @@ -247,7 +245,7 @@ :title => 'should set try_file(s)', :attr => 'try_files', :value => ['name1','name2'], - :match => ' try_files name1 name2 ;', #TODO + :match => ' try_files name1 name2;', }, { :title => 'should set fastcgi_params', @@ -332,7 +330,7 @@ :title => 'should set try_file(s)', :attr => 'try_files', :value => ['name1','name2'], - :match => ' try_files name1 name2 ;', #TODO + :match => ' try_files name1 name2;', }, { :title => 'should set index_file(s)', diff --git a/spec/defines/resource_mailhost_spec.rb b/spec/defines/resource_mailhost_spec.rb index 69fd0ea70..943e26a87 100644 --- a/spec/defines/resource_mailhost_spec.rb +++ b/spec/defines/resource_mailhost_spec.rb @@ -39,13 +39,13 @@ :title => 'should set the IPv4 listen IP', :attr => 'listen_ip', :value => '127.0.0.1', - :match => ' listen 127.0.0.1:25 ;', #TODO + :match => ' listen 127.0.0.1:25;', }, { :title => 'should set the IPv4 listen port', :attr => 'listen_port', :value => '45', - :match => ' listen *:45 ;', #TODO + :match => ' listen *:45;', }, { :title => 'should set the IPv4 listen options', @@ -83,6 +83,12 @@ :value => 'spdy', :match => ' listen [::]:80 spdy ipv6only=on;', }, + { + :title => 'should not set the IPv6 listen options', + :attr => 'ipv6_listen_options', + :value => false, + :match => ' listen [::]:80 ipv6only=on;', + }, { :title => 'should set servername(s)', :attr => 'server_name', diff --git a/spec/defines/resource_upstream_spec.rb b/spec/defines/resource_upstream_spec.rb index 5e0a6ca6f..d12a9ccb5 100644 --- a/spec/defines/resource_upstream_spec.rb +++ b/spec/defines/resource_upstream_spec.rb @@ -40,9 +40,7 @@ :match => [ ' test1 test value 1;', ' test2 test value 2;', - #TODO: fix this output in the template; should be no trailing - #spaces - ' test3 test value 3; ', + ' test3 test value 3;', ], }, { diff --git a/spec/defines/resource_vhost_spec.rb b/spec/defines/resource_vhost_spec.rb index 303e2d6fa..07f205b0d 100644 --- a/spec/defines/resource_vhost_spec.rb +++ b/spec/defines/resource_vhost_spec.rb @@ -284,8 +284,13 @@ :title => 'should set the IPv4 listen options', :attr => 'listen_options', :value => 'default', -#TODO: fix me in template - :match => ' listen *:443 ssldefault;', + :match => ' listen *:443 ssl default;', + }, + { + :title => 'should not set the IPv4 listen options', + :attr => 'listen_options', + :value => false, + :match => ' listen *:443 ssl;', }, # { # :title => 'should enable IPv6', diff --git a/templates/conf.d/upstream.erb b/templates/conf.d/upstream.erb index fb0d7e889..c5220588c 100644 --- a/templates/conf.d/upstream.erb +++ b/templates/conf.d/upstream.erb @@ -1,6 +1,7 @@ upstream <%= @name %> { <% if @upstream_cfg_prepend -%><% upstream_cfg_prepend.sort_by{|k,v| k}.each do |key,value| %> - <%= key %> <%= value %>;<% end -%><% end -%> + <%= key %> <%= value %>; +<% end -%><% end -%> <% @members.each do |i| %> server <%= i %>;<% end %> } diff --git a/templates/mailhost/mailhost.erb b/templates/mailhost/mailhost.erb index 8b3d75390..66a8a20c2 100644 --- a/templates/mailhost/mailhost.erb +++ b/templates/mailhost/mailhost.erb @@ -1,9 +1,9 @@ server { - listen <%= listen_ip %>:<%= listen_port %> <% if @listen_options %><%= listen_options %><% end %>; + listen <%= listen_ip %>:<%= listen_port %><% if @listen_options %> <%= listen_options %><% end %>; <% # check to see if ipv6 support exists in the kernel before applying %> <% if ipv6_enable && (defined? @ipaddress6) %> - listen [<%= ipv6_listen_ip %>]:<%= ipv6_listen_port %> <% if @ipv6_listen_options %><%= ipv6_listen_options %><% end %> ipv6only=on; + listen [<%= ipv6_listen_ip %>]:<%= ipv6_listen_port %><% if @ipv6_listen_options %> <%= ipv6_listen_options %><% end %> ipv6only=on; <% end %> server_name <%= server_name.join(" ") %>; protocol <%= protocol %>; diff --git a/templates/vhost/vhost_location_alias.erb b/templates/vhost/vhost_location_alias.erb index e2ddbdd28..23d102ba0 100644 --- a/templates/vhost/vhost_location_alias.erb +++ b/templates/vhost/vhost_location_alias.erb @@ -1,8 +1,10 @@ location <%= @location %> { <% if @location_cfg_prepend -%><% @location_cfg_prepend.sort_by {|k,v| k}.each do |key,value| -%> - <%= key %> <%= value %>;<% end -%><% end -%> + <%= key %> <%= value %>; +<% end -%><% end -%> alias <%= @location_alias %>; <% if @location_cfg_append -%><% @location_cfg_append.sort_by {|k,v| k}.each do |key,value| -%> - <%= key %> <%= value %>;<% end -%><% end -%> + <%= key %> <%= value %>; +<% end -%><% end -%> } diff --git a/templates/vhost/vhost_location_directory.erb b/templates/vhost/vhost_location_directory.erb index a47f444b6..a2731fa93 100644 --- a/templates/vhost/vhost_location_directory.erb +++ b/templates/vhost/vhost_location_directory.erb @@ -12,7 +12,7 @@ root <%= @www_root %>; <% end -%> <% if @try_files -%> - try_files <% @try_files.each do |try| -%> <%= try %> <% end -%>; + try_files<% @try_files.each do |try| -%> <%= try %><% end -%>; <% end -%> <% if @index_files -%> index <% @index_files.each do |i| %> <%= i %><% end %>; diff --git a/templates/vhost/vhost_location_fastcgi.erb b/templates/vhost/vhost_location_fastcgi.erb index 1306729a8..5718cdd30 100644 --- a/templates/vhost/vhost_location_fastcgi.erb +++ b/templates/vhost/vhost_location_fastcgi.erb @@ -9,7 +9,7 @@ fastcgi_split_path_info <%= @fastcgi_split_path %>; <% end -%> <% if @try_files -%> - try_files <% @try_files.each do |try| -%> <%= try %> <% end -%>; + try_files<% @try_files.each do |try| -%> <%= try %><% end -%>; <% end -%> include <%= @fastcgi_params %>; fastcgi_pass <%= @fastcgi %>; diff --git a/templates/vhost/vhost_ssl_header.erb b/templates/vhost/vhost_ssl_header.erb index 258748c04..1e2647784 100644 --- a/templates/vhost/vhost_ssl_header.erb +++ b/templates/vhost/vhost_ssl_header.erb @@ -1,7 +1,7 @@ server { - listen <%= @listen_ip %>:<%= @ssl_port %> ssl<% if @spdy == 'on' %> spdy<% end %><% if @listen_options %><%= @listen_options %><% end %>; + listen <%= @listen_ip %>:<%= @ssl_port %> ssl<% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>; <% if @ipv6_enable == 'true' && (defined? @ipaddress6) %> - listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %> ipv6only=on; + listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_listen_port %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %> ipv6only=on; <% end %> server_name <%= @rewrite_www_to_non_www ? @name.gsub(/^www\./, '') : @server_name.join(" ") %>; From e1c4c7470b942a83561b55ff7fa66e545c7dc0ff Mon Sep 17 00:00:00 2001 From: Matthew Haughton Date: Thu, 21 Nov 2013 23:08:36 -0500 Subject: [PATCH 07/10] sort vhost_cfg_append in vhost_ssl_footer --- spec/defines/resource_vhost_spec.rb | 35 ++++++++-------------------- templates/vhost/vhost_ssl_footer.erb | 2 +- 2 files changed, 11 insertions(+), 26 deletions(-) diff --git a/spec/defines/resource_vhost_spec.rb b/spec/defines/resource_vhost_spec.rb index 07f205b0d..2eedbfc3b 100644 --- a/spec/defines/resource_vhost_spec.rb +++ b/spec/defines/resource_vhost_spec.rb @@ -429,16 +429,16 @@ 'include /file2;', ], }, - #{ - # :title => 'should contain ordered appended directives', - # :attr => 'vhost_cfg_append', - # :value => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' }, - # :match => [ - # ' allow test value 3;', - # ' test1 test value 1;', - # ' test2 test value 2;', - # ] - #}, + { + :title => 'should contain ordered appended directives', + :attr => 'vhost_cfg_append', + :value => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' }, + :match => [ + ' allow test value 3;', + ' test1 test value 1;', + ' test2 test value 2;', + ] + }, { :title => 'should contain www to non-www rewrite', :attr => 'rewrite_www_to_non_www', @@ -604,21 +604,6 @@ it { should contain_file("/tmp/nginx.d/#{title}-700-ssl").with_content( /passenger_set_cgi_param test2 test value 2;/ ) } it { should contain_file("/tmp/nginx.d/#{title}-700-ssl").with_content( /passenger_set_cgi_param test3 test value 3;/ ) } end - - context 'when vhost_cfg_append is set and ssl => true' do - let :params do default_params.merge({ - :vhost_cfg_append => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' }, - :ssl => true, - :ssl_key => 'dummy.key', - :ssl_cert => 'dummy.cert', - }) end - - #TODO: reenable disabled test above and remove this block entirely if template is updated to order - #these as for the other templates - it { should contain_file("/tmp/nginx.d/#{title}-999-ssl").with_content( /test1 test value 1;/ ) } - it { should contain_file("/tmp/nginx.d/#{title}-999-ssl").with_content( /test2 test value 2;/ ) } - it { should contain_file("/tmp/nginx.d/#{title}-999-ssl").with_content( /allow test value 3;/ ) } - end end end end diff --git a/templates/vhost/vhost_ssl_footer.erb b/templates/vhost/vhost_ssl_footer.erb index 8e1946200..70c409889 100644 --- a/templates/vhost/vhost_ssl_footer.erb +++ b/templates/vhost/vhost_ssl_footer.erb @@ -1,7 +1,7 @@ <% if @include_files %><% @include_files.each do |file| -%> include <%= file %>; <% end -%><% end -%> -<% if @vhost_cfg_append -%><% @vhost_cfg_append.each do |key,value| -%> +<% if @vhost_cfg_append -%><% @vhost_cfg_append.sort_by{ |k, v| k.to_s == 'allow' ? '' : k.to_s }.each do |key,value| -%> <%= key %> <%= value %>; <% end -%> <% end -%> From 99e9d82f12489ca1609dbb546ce66bbf6fe6b5fb Mon Sep 17 00:00:00 2001 From: Matthew Haughton Date: Thu, 21 Nov 2013 23:18:04 -0500 Subject: [PATCH 08/10] accept boolean for ipv6_enable as documented --- spec/defines/resource_vhost_spec.rb | 26 +++++++++++++------------- templates/vhost/vhost_header.erb | 2 +- templates/vhost/vhost_ssl_header.erb | 2 +- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/spec/defines/resource_vhost_spec.rb b/spec/defines/resource_vhost_spec.rb index 2eedbfc3b..28154eba3 100644 --- a/spec/defines/resource_vhost_spec.rb +++ b/spec/defines/resource_vhost_spec.rb @@ -64,12 +64,12 @@ :value => 'true', :match => ' listen [::]:80 default ipv6only=on;', }, - #{ - # :title => 'should enable IPv6', - # :attr => 'ipv6_enable', - # :value => true, - # :match => ' listen [::]:80 default ipv6only=on;', - #}, + { + :title => 'should enable IPv6', + :attr => 'ipv6_enable', + :value => true, + :match => ' listen [::]:80 default ipv6only=on;', + }, { :title => 'should not enable IPv6', :attr => 'ipv6_enable', @@ -292,22 +292,22 @@ :value => false, :match => ' listen *:443 ssl;', }, -# { -# :title => 'should enable IPv6', -# :attr => 'ipv6_enable', -# :value => true, -# :match => ' listen [::]:80 default ipv6only=on;', -# }, { :title => 'should enable IPv6', :attr => 'ipv6_enable', :value => 'true', :match => ' listen [::]:80 default ipv6only=on;', }, + { + :title => 'should enable IPv6', + :attr => 'ipv6_enable', + :value => true, + :match => ' listen [::]:80 default ipv6only=on;', + }, { :title => 'should disable IPv6', :attr => 'ipv6_enable', - :value => 'false', + :value => false, :notmatch => ' listen [::]:80 default ipv6only=on;', }, { diff --git a/templates/vhost/vhost_header.erb b/templates/vhost/vhost_header.erb index ae0217dba..1a19ee7e5 100644 --- a/templates/vhost/vhost_header.erb +++ b/templates/vhost/vhost_header.erb @@ -1,7 +1,7 @@ server { listen <%= @listen_ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>; <% # check to see if ipv6 support exists in the kernel before applying %> -<% if @ipv6_enable == 'true' && (defined? @ipaddress6) %> +<% if @ipv6_enable && (defined? @ipaddress6) %> listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %> ipv6only=on; <% end %> server_name <%= @rewrite_www_to_non_www ? @name.gsub(/^www\./, '') : @server_name.join(" ") %>; diff --git a/templates/vhost/vhost_ssl_header.erb b/templates/vhost/vhost_ssl_header.erb index 1e2647784..213b2c559 100644 --- a/templates/vhost/vhost_ssl_header.erb +++ b/templates/vhost/vhost_ssl_header.erb @@ -1,6 +1,6 @@ server { listen <%= @listen_ip %>:<%= @ssl_port %> ssl<% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>; - <% if @ipv6_enable == 'true' && (defined? @ipaddress6) %> + <% if @ipv6_enable && (defined? @ipaddress6) %> listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_listen_port %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %> ipv6only=on; <% end %> server_name <%= @rewrite_www_to_non_www ? @name.gsub(/^www\./, '') : @server_name.join(" ") %>; From 43d628d4f0e3954fcd8be9a1371c6dc8674ea1ae Mon Sep 17 00:00:00 2001 From: Matthew Haughton Date: Thu, 21 Nov 2013 23:22:01 -0500 Subject: [PATCH 09/10] fix auth_basic/auth_basic_user_file variable detection --- spec/defines/resource_location_spec.rb | 25 ++++++++++---------- templates/vhost/vhost_location_directory.erb | 4 ++-- 2 files changed, 14 insertions(+), 15 deletions(-) diff --git a/spec/defines/resource_location_spec.rb b/spec/defines/resource_location_spec.rb index e420007d4..8d6e3470d 100644 --- a/spec/defines/resource_location_spec.rb +++ b/spec/defines/resource_location_spec.rb @@ -338,19 +338,18 @@ :value => ['name1','name2'], :match => ' index name1 name2;', }, - #TODO: fix template - #{ - # :title => 'should set auth_basic', - # :attr => 'auth_basic', - # :value => 'value', - # :match => ' auth_basic "value";', - #}, - #{ - # :title => 'should set auth_basic_user_file', - # :attr => 'auth_basic_user_file', - # :value => 'value', - # :match => ' auth_basic_user_file value;', - #}, + { + :title => 'should set auth_basic', + :attr => 'auth_basic', + :value => 'value', + :match => ' auth_basic "value";', + }, + { + :title => 'should set auth_basic_user_file', + :attr => 'auth_basic_user_file', + :value => 'value', + :match => ' auth_basic_user_file value;', + }, { :title => 'should contain ordered appended directives', :attr => 'location_cfg_append', diff --git a/templates/vhost/vhost_location_directory.erb b/templates/vhost/vhost_location_directory.erb index a2731fa93..be43f66b2 100644 --- a/templates/vhost/vhost_location_directory.erb +++ b/templates/vhost/vhost_location_directory.erb @@ -17,10 +17,10 @@ <% if @index_files -%> index <% @index_files.each do |i| %> <%= i %><% end %>; <% end -%> -<% if defined? auth_basic -%> +<% if defined? @auth_basic -%> auth_basic "<%= @auth_basic %>"; <% end -%> -<% if defined? auth_basic_user_file -%> +<% if defined? @auth_basic_user_file -%> auth_basic_user_file <%= @auth_basic_user_file %>; <% end -%> <% if @location_cfg_append -%><% @location_cfg_append.sort_by {|k,v| k}.each do |key,value| -%> From 8292be0748cf2daacaff44086ada6b2eee1a5ef5 Mon Sep 17 00:00:00 2001 From: Matthew Haughton Date: Thu, 21 Nov 2013 23:23:45 -0500 Subject: [PATCH 10/10] set required variables before template declared correctly sets www_root in the vhost_header template --- manifests/resource/vhost.pp | 26 +++++++++++++------------- spec/defines/resource_vhost_spec.rb | 12 ++++++------ 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/manifests/resource/vhost.pp b/manifests/resource/vhost.pp index 15f167f41..b1d7f956a 100644 --- a/manifests/resource/vhost.pp +++ b/manifests/resource/vhost.pp @@ -181,19 +181,6 @@ default => $error_log, } - # Use the File Fragment Pattern to construct the configuration files. - # Create the base configuration file reference. - if ($listen_port != $ssl_port) { - file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-001": - ensure => $ensure ? { - 'absent' => absent, - default => 'file', - }, - content => template('nginx/vhost/vhost_header.erb'), - notify => Class['nginx::service'], - } - } - if ($ssl == true) and ($ssl_port == $listen_port) { $ssl_only = true } @@ -244,6 +231,19 @@ } } + # Use the File Fragment Pattern to construct the configuration files. + # Create the base configuration file reference. + if ($listen_port != $ssl_port) { + file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-001": + ensure => $ensure ? { + 'absent' => absent, + default => 'file', + }, + content => template('nginx/vhost/vhost_header.erb'), + notify => Class['nginx::service'], + } + } + # Create a proper file close stub. if ($listen_port != $ssl_port) { file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-699": content => template('nginx/vhost/vhost_footer.erb'), } diff --git a/spec/defines/resource_vhost_spec.rb b/spec/defines/resource_vhost_spec.rb index 28154eba3..ccf75fc52 100644 --- a/spec/defines/resource_vhost_spec.rb +++ b/spec/defines/resource_vhost_spec.rb @@ -134,12 +134,12 @@ ' test2 test value 2;', ], }, - #{ - # :title => 'should set root', - # :attr => 'use_default_location', - # :value => false, - # :match => ' root /;', - #}, + { + :title => 'should set root', + :attr => 'use_default_location', + :value => false, + :match => ' root /;', + }, { :title => 'should not set root', :attr => 'use_default_location',