123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418 |
- require 'spec_helper'
- describe 'nginx::resource::mailhost' do
- let :title do
- 'www.rspec.example.com'
- end
- let :facts do
- {
- :ipaddress6 => '::',
- }
- end
- let :default_params do
- {
- :listen_port => 25,
- :ipv6_enable => true,
- }
- end
- let :pre_condition do
- [
- 'include ::nginx::config',
- ]
- end
- describe 'os-independent items' do
- describe 'basic assumptions' do
- let :params do default_params end
- it { is_expected.to contain_class("nginx::config") }
- it { is_expected.to contain_concat("/etc/nginx/conf.mail.d/#{title}.conf").with({
- 'owner' => 'root',
- 'group' => 'root',
- 'mode' => '0644',
- })}
- it { is_expected.to contain_concat__fragment("#{title}-header") }
- it { is_expected.not_to contain_concat__fragment("#{title}-ssl") }
- end
- describe "mailhost template content" do
- [
- {
- :title => 'should set the IPv4 listen IP',
- :attr => 'listen_ip',
- :value => '127.0.0.1',
- :match => ' listen 127.0.0.1:25;',
- },
- {
- :title => 'should set the IPv4 listen port',
- :attr => 'listen_port',
- :value => 45,
- :match => ' listen *:45;',
- },
- {
- :title => 'should set the IPv4 listen options',
- :attr => 'listen_options',
- :value => 'spdy default',
- :match => ' listen *:25 spdy default;',
- },
- {
- :title => 'should enable IPv6',
- :attr => 'ipv6_enable',
- :value => true,
- :match => ' listen [::]:80 default ipv6only=on;',
- },
- {
- :title => 'should not enable IPv6',
- :attr => 'ipv6_enable',
- :value => false,
- :notmatch => / listen \[::\]:80 default ipv6only=on;/,
- },
- {
- :title => 'should set the IPv6 listen IP',
- :attr => 'ipv6_listen_ip',
- :value => '2001:0db8:85a3:0000:0000:8a2e:0370:7334',
- :match => ' listen [2001:0db8:85a3:0000:0000:8a2e:0370:7334]:80 default ipv6only=on;',
- },
- {
- :title => 'should set the IPv6 listen port',
- :attr => 'ipv6_listen_port',
- :value => 45,
- :match => ' listen [::]:45 default ipv6only=on;',
- },
- {
- :title => 'should set the IPv6 listen options',
- :attr => 'ipv6_listen_options',
- :value => 'spdy',
- :match => ' listen [::]:80 spdy;',
- },
- {
- :title => 'should set servername(s)',
- :attr => 'server_name',
- :value => ['name1','name2'],
- :match => ' server_name name1 name2;',
- },
- {
- :title => 'should set protocol',
- :attr => 'protocol',
- :value => 'test-protocol',
- :match => ' protocol test-protocol;',
- },
- {
- :title => 'should set xclient',
- :attr => 'xclient',
- :value => 'test-xclient',
- :match => ' xclient test-xclient;',
- },
- {
- :title => 'should set auth_http',
- :attr => 'auth_http',
- :value => 'test-auth_http',
- :match => ' auth_http test-auth_http;',
- },
- {
- :title => 'should set starttls',
- :attr => 'starttls',
- :value => 'on',
- :match => ' starttls on;',
- },
- {
- :title => 'should set starttls',
- :attr => 'starttls',
- :value => 'only',
- :match => ' starttls only;',
- },
- {
- :title => 'should not enable SSL',
- :attr => 'starttls',
- :value => 'off',
- :notmatch => / ssl_session_timeout 5m;/,
- },
- ].each do |param|
- context "when #{param[:attr]} is #{param[:value]}" do
- let :default_params do {
- :listen_port => 25,
- :ipv6_enable => true,
- :ssl_cert => 'dummy.crt',
- :ssl_key => 'dummy.key',
- } end
- let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
- it { is_expected.to contain_concat__fragment("#{title}-header") }
- it param[:title] do
- lines = catalogue.resource('concat::fragment', "#{title}-header").send(:parameters)[:content].split("\n")
- expect(lines & Array(param[:match])).to eq(Array(param[:match]))
- Array(param[:notmatch]).each do |item|
- is_expected.to contain_concat__fragment("#{title}-header").without_content(item)
- end
- end
- end
- end
- end
- describe "mailhost template content (SSL enabled)" do
- [
- {
- :title => 'should enable SSL',
- :attr => 'starttls',
- :value => 'on',
- :match => ' ssl_session_timeout 5m;',
- },
- {
- :title => 'should enable SSL',
- :attr => 'starttls',
- :value => 'only',
- :match => ' ssl_session_timeout 5m;',
- },
- {
- :title => 'should not enable SSL',
- :attr => 'starttls',
- :value => 'off',
- :notmatch => / ssl_session_timeout 5m;/,
- },
- {
- :title => 'should set ssl_certificate',
- :attr => 'ssl_cert',
- :value => 'test-ssl-cert',
- :match => ' ssl_certificate test-ssl-cert;',
- },
- {
- :title => 'should set ssl_certificate_key',
- :attr => 'ssl_key',
- :value => 'test-ssl-cert-key',
- :match => ' ssl_certificate_key test-ssl-cert-key;',
- },
- ].each do |param|
- context "when #{param[:attr]} is #{param[:value]}" do
- let :default_params do {
- :listen_port => 25,
- :starttls => 'on',
- :ssl_cert => 'dummy.crt',
- :ssl_key => 'dummy.key',
- } end
- let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
- it { is_expected.to contain_concat__fragment("#{title}-header") }
- it param[:title] do
- lines = catalogue.resource('concat::fragment', "#{title}-header").send(:parameters)[:content].split("\n")
- expect(lines & Array(param[:match])).to eq(Array(param[:match]))
- Array(param[:notmatch]).each do |item|
- is_expected.to contain_concat__fragment("#{title}-header").without_content(item)
- end
- end
- end
- end
- end
- describe "mailhost_ssl template content" do
- [
- {
- :title => 'should set the IPv4 SSL listen port',
- :attr => 'ssl_port',
- :value => '45',
- :match => ' listen *:45;',
- },
- {
- :title => 'should enable IPv6',
- :attr => 'ipv6_enable',
- :value => true,
- :match => ' listen [::]:587 default ipv6only=on;',
- },
- {
- :title => 'should not enable IPv6',
- :attr => 'ipv6_enable',
- :value => false,
- :notmatch => / listen \[::\]:587 default ipv6only=on;/,
- },
- {
- :title => 'should set the IPv6 listen IP',
- :attr => 'ipv6_listen_ip',
- :value => '2001:0db8:85a3:0000:0000:8a2e:0370:7334',
- :match => ' listen [2001:0db8:85a3:0000:0000:8a2e:0370:7334]:587 default ipv6only=on;',
- },
- {
- :title => 'should set the IPv6 ssl port',
- :attr => 'ssl_port',
- :value => 45,
- :match => ' listen [::]:45 default ipv6only=on;',
- },
- {
- :title => 'should set the IPv6 listen options',
- :attr => 'ipv6_listen_options',
- :value => 'spdy',
- :match => ' listen [::]:587 spdy;',
- },
- {
- :title => 'should set servername(s)',
- :attr => 'server_name',
- :value => ['name1','name2'],
- :match => ' server_name name1 name2;',
- },
- {
- :title => 'should set protocol',
- :attr => 'protocol',
- :value => 'test-protocol',
- :match => ' protocol test-protocol;',
- },
- {
- :title => 'should set xclient',
- :attr => 'xclient',
- :value => 'test-xclient',
- :match => ' xclient test-xclient;',
- },
- {
- :title => 'should set auth_http',
- :attr => 'auth_http',
- :value => 'test-auth_http',
- :match => ' auth_http test-auth_http;',
- },
- {
- :title => 'should set ssl_certificate',
- :attr => 'ssl_cert',
- :value => 'test-ssl-cert',
- :match => ' ssl_certificate test-ssl-cert;',
- },
- {
- :title => 'should set ssl_certificate_key',
- :attr => 'ssl_key',
- :value => 'test-ssl-cert-key',
- :match => ' ssl_certificate_key test-ssl-cert-key;',
- },
- ].each do |param|
- context "when #{param[:attr]} is #{param[:value]}" do
- let :default_params do {
- :listen_port => 25,
- :ssl_port => 587,
- :ipv6_enable => true,
- :ssl => true,
- :ssl_cert => 'dummy.crt',
- :ssl_key => 'dummy.key',
- } end
- let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
- it { is_expected.to contain_concat__fragment("#{title}-ssl") }
- it param[:title] do
- lines = catalogue.resource('concat::fragment', "#{title}-ssl").send(:parameters)[:content].split("\n")
- expect(lines & Array(param[:match])).to eq(Array(param[:match]))
- Array(param[:notmatch]).each do |item|
- is_expected.to contain_concat__fragment("#{title}-ssl").without_content(item)
- end
- end
- end
- end
- end
- context 'attribute resources' do
- context "SSL cert missing and ssl => true" do
- let :params do default_params.merge({
- :ssl => true,
- :ssl_key => 'key',
- }) end
- it { expect { is_expected.to contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
- end
- context "SSL key missing and ssl => true" do
- let :params do default_params.merge({
- :ssl => true,
- :ssl_cert => 'cert',
- }) end
- it { expect { is_expected.to contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
- end
- context "SSL cert missing and starttls => 'on'" do
- let :params do default_params.merge({
- :starttls => 'on',
- :ssl_key => 'key',
- }) end
- it { expect { is_expected.to contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
- end
- context "SSL key missing and starttls => 'on'" do
- let :params do default_params.merge({
- :starttls => 'on',
- :ssl_cert => 'cert',
- }) end
- it { expect { is_expected.to contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
- end
- context "SSL cert missing and starttls => 'only'" do
- let :params do default_params.merge({
- :starttls => 'only',
- :ssl_key => 'key',
- }) end
- it { expect { is_expected.to contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
- end
- context "SSL key missing and starttls => 'only'" do
- let :params do default_params.merge({
- :starttls => 'only',
- :ssl_cert => 'cert',
- }) end
- it { expect { is_expected.to contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
- end
- context 'when listen_port != ssl_port' do
- let :params do default_params.merge({
- :listen_port => 80,
- :ssl_port => 443,
- }) end
- it { is_expected.to contain_concat__fragment("#{title}-header") }
- end
- context 'when listen_port != "ssl_port"' do
- let :params do default_params.merge({
- :listen_port => 80,
- :ssl_port => '443',
- }) end
- it { is_expected.to contain_concat__fragment("#{title}-header") }
- end
- context 'when listen_port == ssl_port' do
- let :params do default_params.merge({
- :listen_port => 80,
- :ssl_port => 80,
- }) end
- it { is_expected.not_to contain_concat__fragment("#{title}-header") }
- end
- context 'when listen_port == "ssl_port"' do
- let :params do default_params.merge({
- :listen_port => 80,
- :ssl_port => '80',
- }) end
- it { is_expected.not_to contain_concat__fragment("#{title}-header") }
- end
- context 'when ssl => true' do
- let :params do default_params.merge({
- :ensure => 'absent',
- :ssl => true,
- :ssl_key => 'dummy.key',
- :ssl_cert => 'dummy.cert',
- }) end
- it { is_expected.to contain_concat__fragment("#{title}-header") }
- it { is_expected.to contain_concat__fragment("#{title}-ssl") }
- end
- context 'when ssl => false' do
- let :params do default_params.merge({
- :ensure => 'absent',
- :ssl => false,
- }) end
- it { is_expected.to contain_concat__fragment("#{title}-header") }
- it { is_expected.not_to contain_concat__fragment("#{title}-ssl") }
- end
- end
- end
- end
|