opuppet
/
module-nginx


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418
							require 'spec_helper'

describe 'nginx::resource::mailhost' do
  let :title do
    'www.rspec.example.com'
  end
  let :facts do
    {
      :ipaddress6      => '::',
    }
  end
  let :default_params do
    {
      :listen_port => 25,
      :ipv6_enable => true,
    }
  end
  let :pre_condition do
    [
      'include ::nginx::config',
    ]
  end

  describe 'os-independent items' do

    describe 'basic assumptions' do
      let :params do default_params end
      it { is_expected.to contain_class("nginx::config") }
      it { is_expected.to contain_concat("/etc/nginx/conf.mail.d/#{title}.conf").with({
        'owner' => 'root',
        'group' => 'root',
        'mode'  => '0644',
      })}
      it { is_expected.to contain_concat__fragment("#{title}-header") }
      it { is_expected.not_to contain_concat__fragment("#{title}-ssl") }
    end

    describe "mailhost template content" do
      [
        {
          :title => 'should set the IPv4 listen IP',
          :attr  => 'listen_ip',
          :value => '127.0.0.1',
          :match => '  listen                127.0.0.1:25;',
        },
        {
          :title => 'should set the IPv4 listen port',
          :attr  => 'listen_port',
          :value => 45,
          :match => '  listen                *:45;',
        },
        {
          :title => 'should set the IPv4 listen options',
          :attr  => 'listen_options',
          :value => 'spdy default',
          :match => '  listen                *:25 spdy default;',
        },
        {
          :title => 'should enable IPv6',
          :attr  => 'ipv6_enable',
          :value => true,
          :match => '  listen [::]:80 default ipv6only=on;',
        },
        {
          :title    => 'should not enable IPv6',
          :attr     => 'ipv6_enable',
          :value    => false,
          :notmatch => /  listen \[::\]:80 default ipv6only=on;/,
        },
        {
          :title => 'should set the IPv6 listen IP',
          :attr  => 'ipv6_listen_ip',
          :value => '2001:0db8:85a3:0000:0000:8a2e:0370:7334',
          :match => '  listen [2001:0db8:85a3:0000:0000:8a2e:0370:7334]:80 default ipv6only=on;',
        },
        {
          :title => 'should set the IPv6 listen port',
          :attr  => 'ipv6_listen_port',
          :value => 45,
          :match => '  listen [::]:45 default ipv6only=on;',
        },
        {
          :title => 'should set the IPv6 listen options',
          :attr  => 'ipv6_listen_options',
          :value => 'spdy',
          :match => '  listen [::]:80 spdy;',
        },
        {
          :title => 'should set servername(s)',
          :attr  => 'server_name',
          :value => ['name1','name2'],
          :match => '  server_name           name1 name2;',
        },
        {
          :title => 'should set protocol',
          :attr  => 'protocol',
          :value => 'test-protocol',
          :match => '  protocol              test-protocol;',
        },
        {
          :title => 'should set xclient',
          :attr  => 'xclient',
          :value => 'test-xclient',
          :match => '  xclient               test-xclient;',
        },
        {
          :title => 'should set auth_http',
          :attr  => 'auth_http',
          :value => 'test-auth_http',
          :match => '  auth_http             test-auth_http;',
        },
        {
          :title => 'should set starttls',
          :attr  => 'starttls',
          :value => 'on',
          :match => '  starttls              on;',
        },
        {
          :title => 'should set starttls',
          :attr  => 'starttls',
          :value => 'only',
          :match => '  starttls              only;',
        },
        {
          :title    => 'should not enable SSL',
          :attr     => 'starttls',
          :value    => 'off',
          :notmatch => /  ssl_session_timeout  5m;/,
        },
      ].each do |param|
        context "when #{param[:attr]} is #{param[:value]}" do
          let :default_params do {
            :listen_port => 25,
            :ipv6_enable => true,
            :ssl_cert    => 'dummy.crt',
            :ssl_key     => 'dummy.key',
          } end
          let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end

          it { is_expected.to contain_concat__fragment("#{title}-header") }
          it param[:title] do
            lines = catalogue.resource('concat::fragment', "#{title}-header").send(:parameters)[:content].split("\n")
            expect(lines & Array(param[:match])).to eq(Array(param[:match]))
            Array(param[:notmatch]).each do |item|
              is_expected.to contain_concat__fragment("#{title}-header").without_content(item)
            end
          end
        end
      end
    end

    describe "mailhost template content (SSL enabled)" do
      [
        {
          :title => 'should enable SSL',
          :attr  => 'starttls',
          :value => 'on',
          :match => '  ssl_session_timeout  5m;',
        },
        {
          :title => 'should enable SSL',
          :attr  => 'starttls',
          :value => 'only',
          :match => '  ssl_session_timeout  5m;',
        },
        {
          :title    => 'should not enable SSL',
          :attr     => 'starttls',
          :value    => 'off',
          :notmatch => /  ssl_session_timeout  5m;/,
        },
        {
          :title => 'should set ssl_certificate',
          :attr  => 'ssl_cert',
          :value => 'test-ssl-cert',
          :match => '  ssl_certificate      test-ssl-cert;',
        },
        {
          :title => 'should set ssl_certificate_key',
          :attr  => 'ssl_key',
          :value => 'test-ssl-cert-key',
          :match => '  ssl_certificate_key  test-ssl-cert-key;',
        },
      ].each do |param|
        context "when #{param[:attr]} is #{param[:value]}" do
          let :default_params do {
            :listen_port => 25,
            :starttls    => 'on',
            :ssl_cert    => 'dummy.crt',
            :ssl_key     => 'dummy.key',
          } end
          let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end

          it { is_expected.to contain_concat__fragment("#{title}-header") }
          it param[:title] do
            lines = catalogue.resource('concat::fragment', "#{title}-header").send(:parameters)[:content].split("\n")
            expect(lines & Array(param[:match])).to eq(Array(param[:match]))
            Array(param[:notmatch]).each do |item|
              is_expected.to contain_concat__fragment("#{title}-header").without_content(item)
            end
          end
        end
      end
    end

    describe "mailhost_ssl template content" do
      [
        {
          :title => 'should set the IPv4 SSL listen port',
          :attr  => 'ssl_port',
          :value => '45',
          :match => '  listen       *:45;',
        },
        {
          :title => 'should enable IPv6',
          :attr  => 'ipv6_enable',
          :value => true,
          :match => '  listen [::]:587 default ipv6only=on;',
        },
        {
          :title    => 'should not enable IPv6',
          :attr     => 'ipv6_enable',
          :value    => false,
          :notmatch => /  listen \[::\]:587 default ipv6only=on;/,
        },
        {
          :title => 'should set the IPv6 listen IP',
          :attr  => 'ipv6_listen_ip',
          :value => '2001:0db8:85a3:0000:0000:8a2e:0370:7334',
          :match => '  listen [2001:0db8:85a3:0000:0000:8a2e:0370:7334]:587 default ipv6only=on;',
        },
        {
          :title => 'should set the IPv6 ssl port',
          :attr  => 'ssl_port',
          :value => 45,
          :match => '  listen [::]:45 default ipv6only=on;',
        },
        {
          :title => 'should set the IPv6 listen options',
          :attr  => 'ipv6_listen_options',
          :value => 'spdy',
          :match => '  listen [::]:587 spdy;',
        },
        {
          :title => 'should set servername(s)',
          :attr  => 'server_name',
          :value => ['name1','name2'],
          :match => '  server_name           name1 name2;',
        },
        {
          :title => 'should set protocol',
          :attr  => 'protocol',
          :value => 'test-protocol',
          :match => '  protocol              test-protocol;',
        },
        {
          :title => 'should set xclient',
          :attr  => 'xclient',
          :value => 'test-xclient',
          :match => '  xclient               test-xclient;',
        },
        {
          :title => 'should set auth_http',
          :attr  => 'auth_http',
          :value => 'test-auth_http',
          :match => '  auth_http             test-auth_http;',
        },
        {
          :title => 'should set ssl_certificate',
          :attr  => 'ssl_cert',
          :value => 'test-ssl-cert',
          :match => '  ssl_certificate      test-ssl-cert;',
        },
        {
          :title => 'should set ssl_certificate_key',
          :attr  => 'ssl_key',
          :value => 'test-ssl-cert-key',
          :match => '  ssl_certificate_key  test-ssl-cert-key;',
        },
      ].each do |param|
        context "when #{param[:attr]} is #{param[:value]}" do
          let :default_params do {
            :listen_port => 25,
            :ssl_port    => 587,
            :ipv6_enable => true,
            :ssl         => true,
            :ssl_cert    => 'dummy.crt',
            :ssl_key     => 'dummy.key',
          } end
          let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end

          it { is_expected.to contain_concat__fragment("#{title}-ssl") }
          it param[:title] do
            lines = catalogue.resource('concat::fragment', "#{title}-ssl").send(:parameters)[:content].split("\n")
            expect(lines & Array(param[:match])).to eq(Array(param[:match]))
            Array(param[:notmatch]).each do |item|
              is_expected.to contain_concat__fragment("#{title}-ssl").without_content(item)
            end
          end
        end
      end
    end

    context 'attribute resources' do
      context "SSL cert missing and ssl => true" do
        let :params do default_params.merge({
          :ssl     => true,
          :ssl_key => 'key',
        }) end

        it { expect { is_expected.to contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
      end

      context "SSL key missing and ssl => true" do
        let :params do default_params.merge({
          :ssl      => true,
          :ssl_cert => 'cert',
        }) end

        it { expect { is_expected.to contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
      end

      context "SSL cert missing and starttls => 'on'" do
        let :params do default_params.merge({
          :starttls => 'on',
          :ssl_key  => 'key',
        }) end

        it { expect { is_expected.to contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
      end

      context "SSL key missing and starttls => 'on'" do
        let :params do default_params.merge({
          :starttls => 'on',
          :ssl_cert => 'cert',
        }) end

        it { expect { is_expected.to contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
      end

      context "SSL cert missing and starttls => 'only'" do
        let :params do default_params.merge({
          :starttls => 'only',
          :ssl_key  => 'key',
        }) end

        it { expect { is_expected.to contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
      end

      context "SSL key missing and starttls => 'only'" do
        let :params do default_params.merge({
          :starttls => 'only',
          :ssl_cert => 'cert',
        }) end

        it { expect { is_expected.to contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
      end

      context 'when listen_port != ssl_port' do
        let :params do default_params.merge({
          :listen_port => 80,
          :ssl_port    => 443,
        }) end

        it { is_expected.to contain_concat__fragment("#{title}-header") }
      end

      context 'when listen_port != "ssl_port"' do
        let :params do default_params.merge({
          :listen_port => 80,
          :ssl_port    => '443',
        }) end

        it { is_expected.to contain_concat__fragment("#{title}-header") }
      end

      context 'when listen_port == ssl_port' do
        let :params do default_params.merge({
          :listen_port => 80,
          :ssl_port    => 80,
        }) end

        it { is_expected.not_to contain_concat__fragment("#{title}-header") }
      end

      context 'when listen_port == "ssl_port"' do
        let :params do default_params.merge({
          :listen_port => 80,
          :ssl_port    => '80',
        }) end

        it { is_expected.not_to contain_concat__fragment("#{title}-header") }
      end

      context 'when ssl => true' do
        let :params do default_params.merge({
          :ensure   => 'absent',
          :ssl      => true,
          :ssl_key  => 'dummy.key',
          :ssl_cert => 'dummy.cert',
        }) end

        it { is_expected.to contain_concat__fragment("#{title}-header") }
        it { is_expected.to contain_concat__fragment("#{title}-ssl") }
      end

      context 'when ssl => false' do
        let :params do default_params.merge({
          :ensure => 'absent',
          :ssl    => false,
        }) end

        it { is_expected.to contain_concat__fragment("#{title}-header") }
        it { is_expected.not_to contain_concat__fragment("#{title}-ssl") }
      end
    end
  end
end