2013-11-22 04:10:53 +01:00
require 'spec_helper'
describe 'nginx::resource::vhost' do
let :title do
'www.rspec.example.com'
end
let :default_params do
{
:www_root = > '/' ,
:ipv6_enable = > 'true' ,
}
end
let :facts do
{
:osfamily = > 'Debian' ,
:operatingsystem = > 'debian' ,
:kernel = > 'Linux' ,
:ipaddress6 = > '::' ,
}
end
let :pre_condition do
[
'include ::nginx::params' ,
'include ::nginx::config' ,
]
end
describe 'os-independent items' do
describe 'basic assumptions' do
let :params do default_params end
it { should include_class ( " nginx::params " ) }
it { should include_class ( " nginx::config " ) }
it { should contain_file ( " /tmp/nginx.d/ #{ title } -001 " ) . with_content ( %r{ access_log[ ]+/var/log/nginx/www \ .rspec \ .example \ .com \ .access \ .log } ) }
it { should contain_file ( " /tmp/nginx.d/ #{ title } -001 " ) . with_content ( %r{ error_log[ ]+/var/log/nginx/www \ .rspec \ .example \ .com \ .error \ .log } ) }
it { should contain_nginx__resource__location ( " #{ title } -default " ) }
it { should contain_file ( " /tmp/nginx.d/ #{ title } -699 " ) }
it { should_not contain_file ( " /etc/nginx/fastcgi_params " ) }
end
describe " vhost_header template content " do
[
{
:title = > 'should set the IPv4 listen IP' ,
:attr = > 'listen_ip' ,
:value = > '127.0.0.1' ,
:match = > ' listen 127.0.0.1:80;' ,
} ,
{
:title = > 'should set the IPv4 listen port' ,
:attr = > 'listen_port' ,
:value = > '45' ,
:match = > ' listen *:45;' ,
} ,
{
:title = > 'should set the IPv4 listen options' ,
:attr = > 'listen_options' ,
:value = > 'spdy default' ,
:match = > ' listen *:80 spdy default;' ,
} ,
{
:title = > 'should enable IPv6' ,
:attr = > 'ipv6_enable' ,
:value = > 'true' ,
:match = > ' listen [::]:80 default ipv6only=on;' ,
} ,
#{
# :title => 'should enable IPv6',
# :attr => 'ipv6_enable',
# :value => true,
# :match => ' listen [::]:80 default ipv6only=on;',
#},
{
:title = > 'should not enable IPv6' ,
:attr = > 'ipv6_enable' ,
:value = > false ,
:notmatch = > ' listen [::]:80 default ipv6only=on;' ,
} ,
{
:title = > 'should set the IPv6 listen IP' ,
:attr = > 'ipv6_listen_ip' ,
:value = > '2001:0db8:85a3:0000:0000:8a2e:0370:7334' ,
:match = > ' listen [2001:0db8:85a3:0000:0000:8a2e:0370:7334]:80 default ipv6only=on;' ,
} ,
{
:title = > 'should set the IPv6 listen port' ,
:attr = > 'ipv6_listen_port' ,
:value = > '45' ,
:match = > ' listen [::]:45 default ipv6only=on;' ,
} ,
{
:title = > 'should set the IPv6 listen options' ,
:attr = > 'ipv6_listen_options' ,
:value = > 'spdy' ,
:match = > ' listen [::]:80 spdy ipv6only=on;' ,
} ,
{
:title = > 'should set servername(s)' ,
:attr = > 'server_name' ,
:value = > [ 'name1' , 'name2' ] ,
:match = > ' server_name name1 name2;' ,
} ,
{
:title = > 'should rewrite www servername to non-www' ,
:attr = > 'rewrite_www_to_non_www' ,
:value = > true ,
:match = > ' server_name rspec.example.com;' ,
} ,
{
:title = > 'should not rewrite www servername to non-www' ,
:attr = > 'rewrite_www_to_non_www' ,
:value = > false ,
:match = > ' server_name www.rspec.example.com;' ,
} ,
{
:title = > 'should set auth_basic' ,
:attr = > 'auth_basic' ,
:value = > 'value' ,
:match = > ' auth_basic "value";' ,
} ,
{
:title = > 'should set auth_basic_user_file' ,
:attr = > 'auth_basic_user_file' ,
:value = > 'value' ,
:match = > ' auth_basic_user_file value;' ,
} ,
{
:title = > 'should contain ordered prepended directives' ,
:attr = > 'vhost_cfg_prepend' ,
:value = > { 'test1' = > 'test value 1' , 'test2' = > 'test value 2' , 'allow' = > 'test value 3' } ,
:match = > [
' allow test value 3;' ,
' test1 test value 1;' ,
' test2 test value 2;' ,
] ,
} ,
#{
# :title => 'should set root',
# :attr => 'use_default_location',
# :value => false,
# :match => ' root /;',
#},
{
:title = > 'should not set root' ,
:attr = > 'use_default_location' ,
:value = > true ,
:notmatch = > ' root /;' ,
} ,
{
:title = > 'should set proxy_set_header' ,
:attr = > 'proxy_set_header' ,
:value = > [ 'header1' , 'header2' ] ,
:match = > [
' proxy_set_header header1;' ,
' proxy_set_header header2;' ,
] ,
} ,
{
:title = > 'should rewrite to HTTPS' ,
:attr = > 'rewrite_to_https' ,
:value = > true ,
:match = > [
' if ($ssl_protocol = "") {' ,
' return 301 https://$host$request_uri;' ,
] ,
} ,
{
:title = > 'should not rewrite to HTTPS' ,
:attr = > 'rewrite_to_https' ,
:value = > false ,
:notmatch = > [
' if ($ssl_protocol = "") {' ,
' return 301 https://$host$request_uri;' ,
] ,
} ,
{
:title = > 'should set access_log' ,
:attr = > 'access_log' ,
:value = > '/path/to/access.log' ,
:match = > ' access_log /path/to/access.log;' ,
} ,
{
:title = > 'should set error_log' ,
:attr = > 'error_log' ,
:value = > '/path/to/error.log' ,
:match = > ' error_log /path/to/error.log;' ,
} ,
] . each do | param |
context " when #{ param [ :attr ] } is #{ param [ :value ] } " do
let :params do default_params . merge ( { param [ :attr ] . to_sym = > param [ :value ] } ) end
it { should contain_file ( " /tmp/nginx.d/ #{ title } -001 " ) . with_mode ( '0644' ) }
it param [ :title ] do
verify_contents ( subject , " /tmp/nginx.d/ #{ title } -001 " , Array ( param [ :match ] ) )
lines = subject . resource ( 'file' , " /tmp/nginx.d/ #{ title } -001 " ) . send ( :parameters ) [ :content ] . split ( " \n " )
( Array ( param [ :notmatch ] ) . collect { | x | lines . grep x } . flatten ) . should be_empty
end
end
end
end
describe " vhost_footer template content " do
[
{
:title = > 'should contain include directives' ,
:attr = > 'include_files' ,
:value = > [ '/file1' , '/file2' ] ,
:match = > [
'include /file1;' ,
'include /file2;' ,
] ,
} ,
{
:title = > 'should contain ordered appended directives' ,
:attr = > 'vhost_cfg_append' ,
:value = > { 'test1' = > 'test value 1' , 'test2' = > 'test value 2' , 'allow' = > 'test value 3' } ,
:match = > [
' allow test value 3;' ,
' test1 test value 1;' ,
' test2 test value 2;' ,
] ,
} ,
{
:title = > 'should contain www to non-www rewrite' ,
:attr = > 'rewrite_www_to_non_www' ,
:value = > true ,
:match = > [
' listen *:80;' ,
' server_name www.rspec.example.com;' ,
' rewrite ^ http://rspec.example.com$uri permanent;' ,
] ,
} ,
{
:title = > 'should not contain www to non-www rewrite' ,
:attr = > 'rewrite_www_to_non_www' ,
:value = > false ,
:notmatch = > [
' listen *:80;' ,
' server_name www.rspec.example.com;' ,
' rewrite ^ http://rspec.example.com$uri permanent;' ,
] ,
} ,
] . each do | param |
context " when #{ param [ :attr ] } is #{ param [ :value ] } " do
let :params do default_params . merge ( { param [ :attr ] . to_sym = > param [ :value ] } ) end
it { should contain_file ( " /tmp/nginx.d/ #{ title } -699 " ) . with_mode ( '0644' ) }
it param [ :title ] do
verify_contents ( subject , " /tmp/nginx.d/ #{ title } -699 " , Array ( param [ :match ] ) )
lines = subject . resource ( 'file' , " /tmp/nginx.d/ #{ title } -699 " ) . send ( :parameters ) [ :content ] . split ( " \n " )
( Array ( param [ :notmatch ] ) . collect { | x | lines . grep x } . flatten ) . should be_empty
end
end
end
end
describe " vhost_ssl_header template content " do
[
{
:title = > 'should set the IPv4 listen IP' ,
:attr = > 'listen_ip' ,
:value = > '127.0.0.1' ,
:match = > ' listen 127.0.0.1:443 ssl;' ,
} ,
{
:title = > 'should set the IPv4 SSL listen port' ,
:attr = > 'ssl_port' ,
:value = > '45' ,
:match = > ' listen *:45 ssl;' ,
} ,
{
:title = > 'should set SPDY' ,
:attr = > 'spdy' ,
:value = > 'on' ,
:match = > ' listen *:443 ssl spdy;' ,
} ,
{
:title = > 'should not set SPDY' ,
:attr = > 'spdy' ,
:value = > 'off' ,
:match = > ' listen *:443 ssl;' ,
} ,
{
:title = > 'should set the IPv4 listen options' ,
:attr = > 'listen_options' ,
:value = > 'default' ,
#TODO: fix me in template
:match = > ' listen *:443 ssldefault;' ,
} ,
# {
# :title => 'should enable IPv6',
# :attr => 'ipv6_enable',
# :value => true,
# :match => ' listen [::]:80 default ipv6only=on;',
# },
2013-11-22 04:32:23 +01:00
{
:title = > 'should enable IPv6' ,
:attr = > 'ipv6_enable' ,
:value = > 'true' ,
:match = > ' listen [::]:80 default ipv6only=on;' ,
} ,
2013-11-22 04:10:53 +01:00
{
:title = > 'should disable IPv6' ,
:attr = > 'ipv6_enable' ,
:value = > 'false' ,
:notmatch = > ' listen [::]:80 default ipv6only=on;' ,
} ,
2013-11-22 04:32:23 +01:00
{
:title = > 'should set the IPv6 listen IP' ,
:attr = > 'ipv6_listen_ip' ,
:value = > '2001:0db8:85a3:0000:0000:8a2e:0370:7334' ,
:match = > ' listen [2001:0db8:85a3:0000:0000:8a2e:0370:7334]:80 default ipv6only=on;' ,
} ,
{
:title = > 'should set the IPv6 listen port' ,
:attr = > 'ipv6_listen_port' ,
:value = > '45' ,
:match = > ' listen [::]:45 default ipv6only=on;' ,
} ,
{
:title = > 'should set the IPv6 listen options' ,
:attr = > 'ipv6_listen_options' ,
:value = > 'spdy default' ,
:match = > ' listen [::]:80 spdy default ipv6only=on;' ,
} ,
2013-11-22 04:10:53 +01:00
{
:title = > 'should set servername(s)' ,
:attr = > 'server_name' ,
:value = > [ 'name1' , 'name2' ] ,
:match = > ' server_name name1 name2;' ,
} ,
{
:title = > 'should rewrite www servername to non-www' ,
:attr = > 'rewrite_www_to_non_www' ,
:value = > true ,
:match = > ' server_name rspec.example.com;' ,
} ,
{
:title = > 'should not rewrite www servername to non-www' ,
:attr = > 'rewrite_www_to_non_www' ,
:value = > false ,
:match = > ' server_name www.rspec.example.com;' ,
} ,
{
:title = > 'should set the SSL cache' ,
:attr = > 'ssl_cache' ,
:value = > 'shared:SSL:1m' ,
:match = > ' ssl_session_cache shared:SSL:1m;' ,
} ,
{
:title = > 'should set the SSL protocols' ,
:attr = > 'ssl_protocols' ,
:value = > 'SSLv3' ,
:match = > ' ssl_protocols SSLv3;' ,
} ,
{
:title = > 'should set the SSL ciphers' ,
:attr = > 'ssl_ciphers' ,
:value = > 'HIGH' ,
:match = > ' ssl_ciphers HIGH;' ,
} ,
{
:title = > 'should set auth_basic' ,
:attr = > 'auth_basic' ,
:value = > 'value' ,
:match = > ' auth_basic "value";' ,
} ,
{
:title = > 'should set auth_basic_user_file' ,
:attr = > 'auth_basic_user_file' ,
:value = > 'value' ,
:match = > ' auth_basic_user_file "value";' ,
} ,
{
:title = > 'should set access_log' ,
:attr = > 'access_log' ,
:value = > '/path/to/access.log' ,
:match = > ' access_log /path/to/access.log;' ,
} ,
{
:title = > 'should set error_log' ,
:attr = > 'error_log' ,
:value = > '/path/to/error.log' ,
:match = > ' error_log /path/to/error.log;' ,
} ,
{
:title = > 'should set root' ,
:attr = > 'use_default_location' ,
:value = > false ,
:match = > ' root /;' ,
} ,
{
:title = > 'should not set root' ,
:attr = > 'use_default_location' ,
:value = > true ,
:notmatch = > ' root /;' ,
} ,
] . each do | param |
context " when #{ param [ :attr ] } is #{ param [ :value ] } " do
let :params do default_params . merge ( {
param [ :attr ] . to_sym = > param [ :value ] ,
:ssl = > true ,
:ssl_key = > 'dummy.key' ,
:ssl_cert = > 'dummy.crt' ,
} ) end
2013-11-22 04:23:44 +01:00
it { should contain_file ( " /tmp/nginx.d/ #{ title } -700-ssl " ) . with_mode ( '0644' ) }
2013-11-22 04:10:53 +01:00
it param [ :title ] do
2013-11-22 04:23:44 +01:00
verify_contents ( subject , " /tmp/nginx.d/ #{ title } -700-ssl " , Array ( param [ :match ] ) )
lines = subject . resource ( 'file' , " /tmp/nginx.d/ #{ title } -700-ssl " ) . send ( :parameters ) [ :content ] . split ( " \n " )
2013-11-22 04:10:53 +01:00
( Array ( param [ :notmatch ] ) . collect { | x | lines . grep x } . flatten ) . should be_empty
end
end
end
end
describe " vhost_ssl_footer template content " do
[
{
:title = > 'should contain include directives' ,
:attr = > 'include_files' ,
:value = > [ '/file1' , '/file2' ] ,
:match = > [
'include /file1;' ,
'include /file2;' ,
] ,
} ,
#{
# :title => 'should contain ordered appended directives',
# :attr => 'vhost_cfg_append',
# :value => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' },
# :match => [
# ' allow test value 3;',
# ' test1 test value 1;',
# ' test2 test value 2;',
# ]
#},
{
:title = > 'should contain www to non-www rewrite' ,
:attr = > 'rewrite_www_to_non_www' ,
:value = > true ,
:match = > [
' listen *:443 ssl;' ,
' server_name www.rspec.example.com;' ,
' rewrite ^ https://rspec.example.com$uri permanent;' ,
] ,
} ,
{
:title = > 'should not contain www to non-www rewrite' ,
:attr = > 'rewrite_www_to_non_www' ,
:value = > false ,
:notmatch = > [
' listen *:443 ssl;' ,
' server_name www.rspec.example.com;' ,
' rewrite ^ https://rspec.example.com$uri permanent;' ,
] ,
} ,
] . each do | param |
context " when #{ param [ :attr ] } is #{ param [ :value ] } " do
let :params do default_params . merge ( {
param [ :attr ] . to_sym = > param [ :value ] ,
:ssl = > true ,
:ssl_key = > 'dummy.key' ,
:ssl_cert = > 'dummy.crt' ,
} ) end
it { should contain_file ( " /tmp/nginx.d/ #{ title } -999-ssl " ) . with_mode ( '0644' ) }
it param [ :title ] do
verify_contents ( subject , " /tmp/nginx.d/ #{ title } -999-ssl " , Array ( param [ :match ] ) )
lines = subject . resource ( 'file' , " /tmp/nginx.d/ #{ title } -999-ssl " ) . send ( :parameters ) [ :content ] . split ( " \n " )
( Array ( param [ :notmatch ] ) . collect { | x | lines . grep x } . flatten ) . should be_empty
end
end
end
end
context 'attribute resources' do
context " SSL cert missing " do
let ( :params ) { { :ssl = > true , :ssl_key = > 'key' } }
it { expect { should contain_class ( 'nginx::resource::vhost' ) } . to raise_error ( Puppet :: Error , %r{ nginx: SSL certificate/key \ (ssl_cert/ssl_cert \ ) and/or SSL Private must be defined and exist on the target system \ (s \ ) } ) }
end
context " SSL key missing " do
let ( :params ) { { :ssl = > true , :ssl_cert = > 'cert' } }
it { expect { should contain_class ( 'nginx::resource::vhost' ) } . to raise_error ( Puppet :: Error , %r{ nginx: SSL certificate/key \ (ssl_cert/ssl_cert \ ) and/or SSL Private must be defined and exist on the target system \ (s \ ) } ) }
end
context 'when use_default_location => true' do
let :params do default_params . merge ( {
:use_default_location = > true ,
} ) end
it { should contain_nginx__resource__location ( " #{ title } -default " ) }
end
context 'when use_default_location => false' do
let :params do default_params . merge ( {
:use_default_location = > false ,
} ) end
it { should_not contain_nginx__resource__location ( " #{ title } -default " ) }
end
context 'when location_cfg_prepend => { key => value }' do
let :params do default_params . merge ( {
:location_cfg_prepend = > { 'key' = > 'value' } ,
} ) end
it { should contain_nginx__resource__location ( " #{ title } -default " ) . with_location_cfg_prepend ( { 'key' = > 'value' } ) }
end
context 'when location_cfg_append => { key => value }' do
let :params do default_params . merge ( {
:location_cfg_append = > { 'key' = > 'value' } ,
} ) end
it { should contain_nginx__resource__location ( " #{ title } -default " ) . with_location_cfg_append ( { 'key' = > 'value' } ) }
end
context 'when fastcgi => true' do
let :params do default_params . merge ( {
:fastcgi = > true ,
} ) end
it { should contain_file ( '/etc/nginx/fastcgi_params' ) . with_mode ( '0770' ) }
end
context 'when listen_port == ssl_port' do
let :params do default_params . merge ( {
:listen_port = > 80 ,
:ssl_port = > 80 ,
} ) end
it { should_not contain_file ( " /tmp/nginx.d/ #{ title } -001 " ) }
it { should_not contain_file ( " /tmp/nginx.d/ #{ title } -699 " ) }
end
context 'when listen_port != ssl_port' do
let :params do default_params . merge ( {
:listen_port = > 80 ,
:ssl_port = > 443 ,
} ) end
it { should contain_file ( " /tmp/nginx.d/ #{ title } -001 " ) }
it { should contain_file ( " /tmp/nginx.d/ #{ title } -699 " ) }
end
context 'when ensure => absent' do
let :params do default_params . merge ( {
:ensure = > 'absent' ,
:ssl = > true ,
:ssl_key = > 'dummy.key' ,
:ssl_cert = > 'dummy.cert' ,
} ) end
it { should contain_file ( " /tmp/nginx.d/ #{ title } -001 " ) . with_ensure ( 'absent' ) }
it { should contain_file ( " /tmp/nginx.d/ #{ title } -699 " ) . with_ensure ( 'absent' ) }
2013-11-22 04:23:44 +01:00
it { should contain_file ( " /tmp/nginx.d/ #{ title } -700-ssl " ) . with_ensure ( 'absent' ) }
2013-11-22 04:10:53 +01:00
it { should contain_file ( " /tmp/nginx.d/ #{ title } -999-ssl " ) . with_ensure ( 'absent' ) }
it { should contain_nginx__resource__location ( " #{ title } -default " ) . with_ensure ( 'absent' ) }
end
context 'when ssl => true and ssl_port == listen_port' do
let :params do default_params . merge ( {
:ssl = > true ,
:listen_port = > 80 ,
:ssl_port = > 80 ,
:ssl_key = > 'dummy.key' ,
:ssl_cert = > 'dummy.cert' ,
} ) end
it { should contain_nginx__resource__location ( " #{ title } -default " ) . with_ssl_only ( true ) }
2013-11-22 04:23:44 +01:00
it { should contain_file ( " /tmp/nginx.d/ #{ title } -700-ssl " ) . with_content ( %r{ access_log[ ]+/var/log/nginx/ssl-www \ .rspec \ .example \ .com \ .access \ .log } ) }
it { should contain_file ( " /tmp/nginx.d/ #{ title } -700-ssl " ) . with_content ( %r{ error_log[ ]+/var/log/nginx/ssl-www \ .rspec \ .example \ .com \ .error \ .log } ) }
2013-11-22 04:10:53 +01:00
it { should contain_file ( " /tmp/nginx.d/ #{ title } -999-ssl " ) }
it { should contain_file ( " /etc/nginx/ #{ title } .crt " ) }
it { should contain_file ( " /etc/nginx/ #{ title } .key " ) }
end
context 'when passenger_cgi_param is set' do
let :params do default_params . merge ( {
:passenger_cgi_param = > { 'test1' = > 'test value 1' , 'test2' = > 'test value 2' , 'test3' = > 'test value 3' }
} ) end
it { should contain_file ( " /tmp/nginx.d/ #{ title } -001 " ) . with_content ( / passenger_set_cgi_param test1 test value 1; / ) }
it { should contain_file ( " /tmp/nginx.d/ #{ title } -001 " ) . with_content ( / passenger_set_cgi_param test2 test value 2; / ) }
it { should contain_file ( " /tmp/nginx.d/ #{ title } -001 " ) . with_content ( / passenger_set_cgi_param test3 test value 3; / ) }
end
context 'when passenger_cgi_param is set and ssl => true' do
let :params do default_params . merge ( {
:passenger_cgi_param = > { 'test1' = > 'test value 1' , 'test2' = > 'test value 2' , 'test3' = > 'test value 3' } ,
:ssl = > true ,
:ssl_key = > 'dummy.key' ,
:ssl_cert = > 'dummy.cert' ,
} ) end
2013-11-22 04:23:44 +01:00
it { should contain_file ( " /tmp/nginx.d/ #{ title } -700-ssl " ) . with_content ( / passenger_set_cgi_param test1 test value 1; / ) }
it { should contain_file ( " /tmp/nginx.d/ #{ title } -700-ssl " ) . with_content ( / passenger_set_cgi_param test2 test value 2; / ) }
it { should contain_file ( " /tmp/nginx.d/ #{ title } -700-ssl " ) . with_content ( / passenger_set_cgi_param test3 test value 3; / ) }
2013-11-22 04:10:53 +01:00
end
context 'when vhost_cfg_append is set and ssl => true' do
let :params do default_params . merge ( {
:vhost_cfg_append = > { 'test1' = > 'test value 1' , 'test2' = > 'test value 2' , 'allow' = > 'test value 3' } ,
:ssl = > true ,
:ssl_key = > 'dummy.key' ,
:ssl_cert = > 'dummy.cert' ,
} ) end
#TODO: reenable disabled test above and remove this block entirely if template is updated to order
#these as for the other templates
it { should contain_file ( " /tmp/nginx.d/ #{ title } -999-ssl " ) . with_content ( / test1 test value 1; / ) }
it { should contain_file ( " /tmp/nginx.d/ #{ title } -999-ssl " ) . with_content ( / test2 test value 2; / ) }
it { should contain_file ( " /tmp/nginx.d/ #{ title } -999-ssl " ) . with_content ( / allow test value 3; / ) }
end
end
end
end