require 'spec_helper' describe 'nginx::resource::vhost' do let :title do 'www.rspec.example.com' end let :default_params do { :www_root => '/', :ipv6_enable => 'true', } end let :facts do { :osfamily => 'Debian', :operatingsystem => 'debian', :kernel => 'Linux', :ipaddress6 => '::', } end let :pre_condition do [ 'include ::nginx::params', 'include ::nginx::config', ] end describe 'os-independent items' do describe 'basic assumptions' do let :params do default_params end it { should include_class("nginx::params") } it { should include_class("nginx::config") } it { should contain_file("/tmp/nginx.d/#{title}-001").with_content(%r{access_log[ ]+/var/log/nginx/www\.rspec\.example\.com\.access\.log}) } it { should contain_file("/tmp/nginx.d/#{title}-001").with_content(%r{error_log[ ]+/var/log/nginx/www\.rspec\.example\.com\.error\.log}) } it { should contain_nginx__resource__location("#{title}-default") } it { should contain_file("/tmp/nginx.d/#{title}-699") } it { should_not contain_file("/etc/nginx/fastcgi_params") } end describe "vhost_header template content" do [ { :title => 'should set the IPv4 listen IP', :attr => 'listen_ip', :value => '127.0.0.1', :match => ' listen 127.0.0.1:80;', }, { :title => 'should set the IPv4 listen port', :attr => 'listen_port', :value => '45', :match => ' listen *:45;', }, { :title => 'should set the IPv4 listen options', :attr => 'listen_options', :value => 'spdy default', :match => ' listen *:80 spdy default;', }, { :title => 'should enable IPv6', :attr => 'ipv6_enable', :value => 'true', :match => ' listen [::]:80 default ipv6only=on;', }, #{ # :title => 'should enable IPv6', # :attr => 'ipv6_enable', # :value => true, # :match => ' listen [::]:80 default ipv6only=on;', #}, { :title => 'should not enable IPv6', :attr => 'ipv6_enable', :value => false, :notmatch => ' listen [::]:80 default ipv6only=on;', }, { :title => 'should set the IPv6 listen IP', :attr => 'ipv6_listen_ip', :value => '2001:0db8:85a3:0000:0000:8a2e:0370:7334', :match => ' listen [2001:0db8:85a3:0000:0000:8a2e:0370:7334]:80 default ipv6only=on;', }, { :title => 'should set the IPv6 listen port', :attr => 'ipv6_listen_port', :value => '45', :match => ' listen [::]:45 default ipv6only=on;', }, { :title => 'should set the IPv6 listen options', :attr => 'ipv6_listen_options', :value => 'spdy', :match => ' listen [::]:80 spdy ipv6only=on;', }, { :title => 'should set servername(s)', :attr => 'server_name', :value => ['name1','name2'], :match => ' server_name name1 name2;', }, { :title => 'should rewrite www servername to non-www', :attr => 'rewrite_www_to_non_www', :value => true, :match => ' server_name rspec.example.com;', }, { :title => 'should not rewrite www servername to non-www', :attr => 'rewrite_www_to_non_www', :value => false, :match => ' server_name www.rspec.example.com;', }, { :title => 'should set auth_basic', :attr => 'auth_basic', :value => 'value', :match => ' auth_basic "value";', }, { :title => 'should set auth_basic_user_file', :attr => 'auth_basic_user_file', :value => 'value', :match => ' auth_basic_user_file value;', }, { :title => 'should contain ordered prepended directives', :attr => 'vhost_cfg_prepend', :value => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' }, :match => [ ' allow test value 3;', ' test1 test value 1;', ' test2 test value 2;', ], }, #{ # :title => 'should set root', # :attr => 'use_default_location', # :value => false, # :match => ' root /;', #}, { :title => 'should not set root', :attr => 'use_default_location', :value => true, :notmatch => ' root /;', }, { :title => 'should set proxy_set_header', :attr => 'proxy_set_header', :value => ['header1','header2'], :match => [ ' proxy_set_header header1;', ' proxy_set_header header2;', ], }, { :title => 'should rewrite to HTTPS', :attr => 'rewrite_to_https', :value => true, :match => [ ' if ($ssl_protocol = "") {', ' return 301 https://$host$request_uri;', ], }, { :title => 'should not rewrite to HTTPS', :attr => 'rewrite_to_https', :value => false, :notmatch => [ ' if ($ssl_protocol = "") {', ' return 301 https://$host$request_uri;', ], }, { :title => 'should set access_log', :attr => 'access_log', :value => '/path/to/access.log', :match => ' access_log /path/to/access.log;', }, { :title => 'should set error_log', :attr => 'error_log', :value => '/path/to/error.log', :match => ' error_log /path/to/error.log;', }, ].each do |param| context "when #{param[:attr]} is #{param[:value]}" do let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end it { should contain_file("/tmp/nginx.d/#{title}-001").with_mode('0644') } it param[:title] do verify_contents(subject, "/tmp/nginx.d/#{title}-001", Array(param[:match])) lines = subject.resource('file', "/tmp/nginx.d/#{title}-001").send(:parameters)[:content].split("\n") (Array(param[:notmatch]).collect { |x| lines.grep x }.flatten).should be_empty end end end end describe "vhost_footer template content" do [ { :title => 'should contain include directives', :attr => 'include_files', :value => [ '/file1', '/file2' ], :match => [ 'include /file1;', 'include /file2;', ], }, { :title => 'should contain ordered appended directives', :attr => 'vhost_cfg_append', :value => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' }, :match => [ ' allow test value 3;', ' test1 test value 1;', ' test2 test value 2;', ], }, { :title => 'should contain www to non-www rewrite', :attr => 'rewrite_www_to_non_www', :value => true, :match => [ ' listen *:80;', ' server_name www.rspec.example.com;', ' rewrite ^ http://rspec.example.com$uri permanent;', ], }, { :title => 'should not contain www to non-www rewrite', :attr => 'rewrite_www_to_non_www', :value => false, :notmatch => [ ' listen *:80;', ' server_name www.rspec.example.com;', ' rewrite ^ http://rspec.example.com$uri permanent;', ], }, ].each do |param| context "when #{param[:attr]} is #{param[:value]}" do let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end it { should contain_file("/tmp/nginx.d/#{title}-699").with_mode('0644') } it param[:title] do verify_contents(subject, "/tmp/nginx.d/#{title}-699", Array(param[:match])) lines = subject.resource('file', "/tmp/nginx.d/#{title}-699").send(:parameters)[:content].split("\n") (Array(param[:notmatch]).collect { |x| lines.grep x }.flatten).should be_empty end end end end describe "vhost_ssl_header template content" do [ { :title => 'should set the IPv4 listen IP', :attr => 'listen_ip', :value => '127.0.0.1', :match => ' listen 127.0.0.1:443 ssl;', }, { :title => 'should set the IPv4 SSL listen port', :attr => 'ssl_port', :value => '45', :match => ' listen *:45 ssl;', }, { :title => 'should set SPDY', :attr => 'spdy', :value => 'on', :match => ' listen *:443 ssl spdy;', }, { :title => 'should not set SPDY', :attr => 'spdy', :value => 'off', :match => ' listen *:443 ssl;', }, { :title => 'should set the IPv4 listen options', :attr => 'listen_options', :value => 'default', :match => ' listen *:443 ssl default;', }, { :title => 'should not set the IPv4 listen options', :attr => 'listen_options', :value => false, :match => ' listen *:443 ssl;', }, # { # :title => 'should enable IPv6', # :attr => 'ipv6_enable', # :value => true, # :match => ' listen [::]:80 default ipv6only=on;', # }, { :title => 'should enable IPv6', :attr => 'ipv6_enable', :value => 'true', :match => ' listen [::]:80 default ipv6only=on;', }, { :title => 'should disable IPv6', :attr => 'ipv6_enable', :value => 'false', :notmatch => ' listen [::]:80 default ipv6only=on;', }, { :title => 'should set the IPv6 listen IP', :attr => 'ipv6_listen_ip', :value => '2001:0db8:85a3:0000:0000:8a2e:0370:7334', :match => ' listen [2001:0db8:85a3:0000:0000:8a2e:0370:7334]:80 default ipv6only=on;', }, { :title => 'should set the IPv6 listen port', :attr => 'ipv6_listen_port', :value => '45', :match => ' listen [::]:45 default ipv6only=on;', }, { :title => 'should set the IPv6 listen options', :attr => 'ipv6_listen_options', :value => 'spdy default', :match => ' listen [::]:80 spdy default ipv6only=on;', }, { :title => 'should set servername(s)', :attr => 'server_name', :value => ['name1','name2'], :match => ' server_name name1 name2;', }, { :title => 'should rewrite www servername to non-www', :attr => 'rewrite_www_to_non_www', :value => true, :match => ' server_name rspec.example.com;', }, { :title => 'should not rewrite www servername to non-www', :attr => 'rewrite_www_to_non_www', :value => false, :match => ' server_name www.rspec.example.com;', }, { :title => 'should set the SSL cache', :attr => 'ssl_cache', :value => 'shared:SSL:1m', :match => ' ssl_session_cache shared:SSL:1m;', }, { :title => 'should set the SSL protocols', :attr => 'ssl_protocols', :value => 'SSLv3', :match => ' ssl_protocols SSLv3;', }, { :title => 'should set the SSL ciphers', :attr => 'ssl_ciphers', :value => 'HIGH', :match => ' ssl_ciphers HIGH;', }, { :title => 'should set auth_basic', :attr => 'auth_basic', :value => 'value', :match => ' auth_basic "value";', }, { :title => 'should set auth_basic_user_file', :attr => 'auth_basic_user_file', :value => 'value', :match => ' auth_basic_user_file "value";', }, { :title => 'should set access_log', :attr => 'access_log', :value => '/path/to/access.log', :match => ' access_log /path/to/access.log;', }, { :title => 'should set error_log', :attr => 'error_log', :value => '/path/to/error.log', :match => ' error_log /path/to/error.log;', }, { :title => 'should set root', :attr => 'use_default_location', :value => false, :match => ' root /;', }, { :title => 'should not set root', :attr => 'use_default_location', :value => true, :notmatch => ' root /;', }, ].each do |param| context "when #{param[:attr]} is #{param[:value]}" do let :params do default_params.merge({ param[:attr].to_sym => param[:value], :ssl => true, :ssl_key => 'dummy.key', :ssl_cert => 'dummy.crt', }) end it { should contain_file("/tmp/nginx.d/#{title}-700-ssl").with_mode('0644') } it param[:title] do verify_contents(subject, "/tmp/nginx.d/#{title}-700-ssl", Array(param[:match])) lines = subject.resource('file', "/tmp/nginx.d/#{title}-700-ssl").send(:parameters)[:content].split("\n") (Array(param[:notmatch]).collect { |x| lines.grep x }.flatten).should be_empty end end end end describe "vhost_ssl_footer template content" do [ { :title => 'should contain include directives', :attr => 'include_files', :value => [ '/file1', '/file2' ], :match => [ 'include /file1;', 'include /file2;', ], }, #{ # :title => 'should contain ordered appended directives', # :attr => 'vhost_cfg_append', # :value => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' }, # :match => [ # ' allow test value 3;', # ' test1 test value 1;', # ' test2 test value 2;', # ] #}, { :title => 'should contain www to non-www rewrite', :attr => 'rewrite_www_to_non_www', :value => true, :match => [ ' listen *:443 ssl;', ' server_name www.rspec.example.com;', ' rewrite ^ https://rspec.example.com$uri permanent;', ], }, { :title => 'should not contain www to non-www rewrite', :attr => 'rewrite_www_to_non_www', :value => false, :notmatch => [ ' listen *:443 ssl;', ' server_name www.rspec.example.com;', ' rewrite ^ https://rspec.example.com$uri permanent;', ], }, ].each do |param| context "when #{param[:attr]} is #{param[:value]}" do let :params do default_params.merge({ param[:attr].to_sym => param[:value], :ssl => true, :ssl_key => 'dummy.key', :ssl_cert => 'dummy.crt', }) end it { should contain_file("/tmp/nginx.d/#{title}-999-ssl").with_mode('0644') } it param[:title] do verify_contents(subject, "/tmp/nginx.d/#{title}-999-ssl", Array(param[:match])) lines = subject.resource('file', "/tmp/nginx.d/#{title}-999-ssl").send(:parameters)[:content].split("\n") (Array(param[:notmatch]).collect { |x| lines.grep x }.flatten).should be_empty end end end end context 'attribute resources' do context "SSL cert missing" do let(:params) {{ :ssl => true, :ssl_key => 'key' }} it { expect { should contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) } end context "SSL key missing" do let(:params) {{ :ssl => true, :ssl_cert => 'cert' }} it { expect { should contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) } end context 'when use_default_location => true' do let :params do default_params.merge({ :use_default_location => true, }) end it { should contain_nginx__resource__location("#{title}-default") } end context 'when use_default_location => false' do let :params do default_params.merge({ :use_default_location => false, }) end it { should_not contain_nginx__resource__location("#{title}-default") } end context 'when location_cfg_prepend => { key => value }' do let :params do default_params.merge({ :location_cfg_prepend => { 'key' => 'value' }, }) end it { should contain_nginx__resource__location("#{title}-default").with_location_cfg_prepend({ 'key' => 'value' }) } end context 'when location_cfg_append => { key => value }' do let :params do default_params.merge({ :location_cfg_append => { 'key' => 'value' }, }) end it { should contain_nginx__resource__location("#{title}-default").with_location_cfg_append({ 'key' => 'value' }) } end context 'when fastcgi => true' do let :params do default_params.merge({ :fastcgi => true, }) end it { should contain_file('/etc/nginx/fastcgi_params').with_mode('0770') } end context 'when listen_port == ssl_port' do let :params do default_params.merge({ :listen_port => 80, :ssl_port => 80, }) end it { should_not contain_file("/tmp/nginx.d/#{title}-001") } it { should_not contain_file("/tmp/nginx.d/#{title}-699") } end context 'when listen_port != ssl_port' do let :params do default_params.merge({ :listen_port => 80, :ssl_port => 443, }) end it { should contain_file("/tmp/nginx.d/#{title}-001") } it { should contain_file("/tmp/nginx.d/#{title}-699") } end context 'when ensure => absent' do let :params do default_params.merge({ :ensure => 'absent', :ssl => true, :ssl_key => 'dummy.key', :ssl_cert => 'dummy.cert', }) end it { should contain_file("/tmp/nginx.d/#{title}-001").with_ensure('absent') } it { should contain_file("/tmp/nginx.d/#{title}-699").with_ensure('absent') } it { should contain_file("/tmp/nginx.d/#{title}-700-ssl").with_ensure('absent') } it { should contain_file("/tmp/nginx.d/#{title}-999-ssl").with_ensure('absent') } it { should contain_nginx__resource__location("#{title}-default").with_ensure('absent') } end context 'when ssl => true and ssl_port == listen_port' do let :params do default_params.merge({ :ssl => true, :listen_port => 80, :ssl_port => 80, :ssl_key => 'dummy.key', :ssl_cert => 'dummy.cert', }) end it { should contain_nginx__resource__location("#{title}-default").with_ssl_only(true) } it { should contain_file("/tmp/nginx.d/#{title}-700-ssl").with_content(%r{access_log[ ]+/var/log/nginx/ssl-www\.rspec\.example\.com\.access\.log}) } it { should contain_file("/tmp/nginx.d/#{title}-700-ssl").with_content(%r{error_log[ ]+/var/log/nginx/ssl-www\.rspec\.example\.com\.error\.log}) } it { should contain_file("/tmp/nginx.d/#{title}-999-ssl") } it { should contain_file("/etc/nginx/#{title}.crt") } it { should contain_file("/etc/nginx/#{title}.key") } end context 'when passenger_cgi_param is set' do let :params do default_params.merge({ :passenger_cgi_param => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'test3' => 'test value 3' } }) end it { should contain_file("/tmp/nginx.d/#{title}-001").with_content( /passenger_set_cgi_param test1 test value 1;/ ) } it { should contain_file("/tmp/nginx.d/#{title}-001").with_content( /passenger_set_cgi_param test2 test value 2;/ ) } it { should contain_file("/tmp/nginx.d/#{title}-001").with_content( /passenger_set_cgi_param test3 test value 3;/ ) } end context 'when passenger_cgi_param is set and ssl => true' do let :params do default_params.merge({ :passenger_cgi_param => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'test3' => 'test value 3' }, :ssl => true, :ssl_key => 'dummy.key', :ssl_cert => 'dummy.cert', }) end it { should contain_file("/tmp/nginx.d/#{title}-700-ssl").with_content( /passenger_set_cgi_param test1 test value 1;/ ) } it { should contain_file("/tmp/nginx.d/#{title}-700-ssl").with_content( /passenger_set_cgi_param test2 test value 2;/ ) } it { should contain_file("/tmp/nginx.d/#{title}-700-ssl").with_content( /passenger_set_cgi_param test3 test value 3;/ ) } end context 'when vhost_cfg_append is set and ssl => true' do let :params do default_params.merge({ :vhost_cfg_append => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' }, :ssl => true, :ssl_key => 'dummy.key', :ssl_cert => 'dummy.cert', }) end #TODO: reenable disabled test above and remove this block entirely if template is updated to order #these as for the other templates it { should contain_file("/tmp/nginx.d/#{title}-999-ssl").with_content( /test1 test value 1;/ ) } it { should contain_file("/tmp/nginx.d/#{title}-999-ssl").with_content( /test2 test value 2;/ ) } it { should contain_file("/tmp/nginx.d/#{title}-999-ssl").with_content( /allow test value 3;/ ) } end end end end