1898182c6d
* Removed some tests that no longer apply and/or are redundant * Only set OS facts when testing OS-specific behaviors. This simplifies the facts that must be set in the specs and saves running the same tests several times when the results wouldn't differ by OS anyway.
399 lines
14 KiB
Ruby
399 lines
14 KiB
Ruby
require 'spec_helper'
|
|
|
|
describe 'nginx::resource::mailhost' do
|
|
let :title do
|
|
'www.rspec.example.com'
|
|
end
|
|
let :facts do
|
|
{
|
|
:ipaddress6 => '::',
|
|
}
|
|
end
|
|
let :default_params do
|
|
{
|
|
:listen_port => 25,
|
|
:ipv6_enable => true,
|
|
}
|
|
end
|
|
let :pre_condition do
|
|
[
|
|
'include ::nginx::config',
|
|
]
|
|
end
|
|
|
|
describe 'os-independent items' do
|
|
|
|
describe 'basic assumptions' do
|
|
let :params do default_params end
|
|
it { is_expected.to contain_class("nginx::config") }
|
|
it { is_expected.to contain_concat("/etc/nginx/conf.mail.d/#{title}.conf").with({
|
|
'owner' => 'root',
|
|
'group' => 'root',
|
|
'mode' => '0644',
|
|
})}
|
|
it { is_expected.to contain_concat__fragment("#{title}-header") }
|
|
it { is_expected.not_to contain_concat__fragment("#{title}-ssl") }
|
|
end
|
|
|
|
describe "mailhost template content" do
|
|
[
|
|
{
|
|
:title => 'should set the IPv4 listen IP',
|
|
:attr => 'listen_ip',
|
|
:value => '127.0.0.1',
|
|
:match => ' listen 127.0.0.1:25;',
|
|
},
|
|
{
|
|
:title => 'should set the IPv4 listen port',
|
|
:attr => 'listen_port',
|
|
:value => 45,
|
|
:match => ' listen *:45;',
|
|
},
|
|
{
|
|
:title => 'should set the IPv4 listen options',
|
|
:attr => 'listen_options',
|
|
:value => 'spdy default',
|
|
:match => ' listen *:25 spdy default;',
|
|
},
|
|
{
|
|
:title => 'should enable IPv6',
|
|
:attr => 'ipv6_enable',
|
|
:value => true,
|
|
:match => ' listen [::]:80 default ipv6only=on;',
|
|
},
|
|
{
|
|
:title => 'should not enable IPv6',
|
|
:attr => 'ipv6_enable',
|
|
:value => false,
|
|
:notmatch => / listen \[::\]:80 default ipv6only=on;/,
|
|
},
|
|
{
|
|
:title => 'should set the IPv6 listen IP',
|
|
:attr => 'ipv6_listen_ip',
|
|
:value => '2001:0db8:85a3:0000:0000:8a2e:0370:7334',
|
|
:match => ' listen [2001:0db8:85a3:0000:0000:8a2e:0370:7334]:80 default ipv6only=on;',
|
|
},
|
|
{
|
|
:title => 'should set the IPv6 listen port',
|
|
:attr => 'ipv6_listen_port',
|
|
:value => 45,
|
|
:match => ' listen [::]:45 default ipv6only=on;',
|
|
},
|
|
{
|
|
:title => 'should set the IPv6 listen options',
|
|
:attr => 'ipv6_listen_options',
|
|
:value => 'spdy',
|
|
:match => ' listen [::]:80 spdy;',
|
|
},
|
|
{
|
|
:title => 'should set servername(s)',
|
|
:attr => 'server_name',
|
|
:value => ['name1','name2'],
|
|
:match => ' server_name name1 name2;',
|
|
},
|
|
{
|
|
:title => 'should set protocol',
|
|
:attr => 'protocol',
|
|
:value => 'test-protocol',
|
|
:match => ' protocol test-protocol;',
|
|
},
|
|
{
|
|
:title => 'should set xclient',
|
|
:attr => 'xclient',
|
|
:value => 'test-xclient',
|
|
:match => ' xclient test-xclient;',
|
|
},
|
|
{
|
|
:title => 'should set auth_http',
|
|
:attr => 'auth_http',
|
|
:value => 'test-auth_http',
|
|
:match => ' auth_http test-auth_http;',
|
|
},
|
|
{
|
|
:title => 'should set starttls',
|
|
:attr => 'starttls',
|
|
:value => 'on',
|
|
:match => ' starttls on;',
|
|
},
|
|
{
|
|
:title => 'should set starttls',
|
|
:attr => 'starttls',
|
|
:value => 'only',
|
|
:match => ' starttls only;',
|
|
},
|
|
{
|
|
:title => 'should not enable SSL',
|
|
:attr => 'starttls',
|
|
:value => 'off',
|
|
:notmatch => / ssl_session_timeout 5m;/,
|
|
},
|
|
].each do |param|
|
|
context "when #{param[:attr]} is #{param[:value]}" do
|
|
let :default_params do {
|
|
:listen_port => 25,
|
|
:ipv6_enable => true,
|
|
:ssl_cert => 'dummy.crt',
|
|
:ssl_key => 'dummy.key',
|
|
} end
|
|
let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
|
|
|
|
it { is_expected.to contain_concat__fragment("#{title}-header") }
|
|
it param[:title] do
|
|
lines = subject.resource('concat::fragment', "#{title}-header").send(:parameters)[:content].split("\n")
|
|
expect(lines & Array(param[:match])).to eq(Array(param[:match]))
|
|
Array(param[:notmatch]).each do |item|
|
|
is_expected.to contain_concat__fragment("#{title}-header").without_content(item)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "mailhost template content (SSL enabled)" do
|
|
[
|
|
{
|
|
:title => 'should enable SSL',
|
|
:attr => 'starttls',
|
|
:value => 'on',
|
|
:match => ' ssl_session_timeout 5m;',
|
|
},
|
|
{
|
|
:title => 'should enable SSL',
|
|
:attr => 'starttls',
|
|
:value => 'only',
|
|
:match => ' ssl_session_timeout 5m;',
|
|
},
|
|
{
|
|
:title => 'should not enable SSL',
|
|
:attr => 'starttls',
|
|
:value => 'off',
|
|
:notmatch => / ssl_session_timeout 5m;/,
|
|
},
|
|
{
|
|
:title => 'should set ssl_certificate',
|
|
:attr => 'ssl_cert',
|
|
:value => 'test-ssl-cert',
|
|
:match => ' ssl_certificate test-ssl-cert;',
|
|
},
|
|
{
|
|
:title => 'should set ssl_certificate_key',
|
|
:attr => 'ssl_key',
|
|
:value => 'test-ssl-cert-key',
|
|
:match => ' ssl_certificate_key test-ssl-cert-key;',
|
|
},
|
|
].each do |param|
|
|
context "when #{param[:attr]} is #{param[:value]}" do
|
|
let :default_params do {
|
|
:listen_port => 25,
|
|
:starttls => 'on',
|
|
:ssl_cert => 'dummy.crt',
|
|
:ssl_key => 'dummy.key',
|
|
} end
|
|
let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
|
|
|
|
it { is_expected.to contain_concat__fragment("#{title}-header") }
|
|
it param[:title] do
|
|
lines = subject.resource('concat::fragment', "#{title}-header").send(:parameters)[:content].split("\n")
|
|
expect(lines & Array(param[:match])).to eq(Array(param[:match]))
|
|
Array(param[:notmatch]).each do |item|
|
|
is_expected.to contain_concat__fragment("#{title}-header").without_content(item)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "mailhost_ssl template content" do
|
|
[
|
|
{
|
|
:title => 'should set the IPv4 SSL listen port',
|
|
:attr => 'ssl_port',
|
|
:value => '45',
|
|
:match => ' listen 45;',
|
|
},
|
|
{
|
|
:title => 'should enable IPv6',
|
|
:attr => 'ipv6_enable',
|
|
:value => true,
|
|
:match => ' listen [::]:80 default ipv6only=on;',
|
|
},
|
|
{
|
|
:title => 'should not enable IPv6',
|
|
:attr => 'ipv6_enable',
|
|
:value => false,
|
|
:notmatch => / listen \[::\]:80 default ipv6only=on;/,
|
|
},
|
|
{
|
|
:title => 'should set the IPv6 listen IP',
|
|
:attr => 'ipv6_listen_ip',
|
|
:value => '2001:0db8:85a3:0000:0000:8a2e:0370:7334',
|
|
:match => ' listen [2001:0db8:85a3:0000:0000:8a2e:0370:7334]:80 default ipv6only=on;',
|
|
},
|
|
{
|
|
:title => 'should set the IPv6 listen port',
|
|
:attr => 'ipv6_listen_port',
|
|
:value => 45,
|
|
:match => ' listen [::]:45 default ipv6only=on;',
|
|
},
|
|
{
|
|
:title => 'should set the IPv6 listen options',
|
|
:attr => 'ipv6_listen_options',
|
|
:value => 'spdy',
|
|
:match => ' listen [::]:80 spdy;',
|
|
},
|
|
{
|
|
:title => 'should set servername(s)',
|
|
:attr => 'server_name',
|
|
:value => ['name1','name2'],
|
|
:match => ' server_name name1 name2;',
|
|
},
|
|
{
|
|
:title => 'should set protocol',
|
|
:attr => 'protocol',
|
|
:value => 'test-protocol',
|
|
:match => ' protocol test-protocol;',
|
|
},
|
|
{
|
|
:title => 'should set xclient',
|
|
:attr => 'xclient',
|
|
:value => 'test-xclient',
|
|
:match => ' xclient test-xclient;',
|
|
},
|
|
{
|
|
:title => 'should set auth_http',
|
|
:attr => 'auth_http',
|
|
:value => 'test-auth_http',
|
|
:match => ' auth_http test-auth_http;',
|
|
},
|
|
{
|
|
:title => 'should set ssl_certificate',
|
|
:attr => 'ssl_cert',
|
|
:value => 'test-ssl-cert',
|
|
:match => ' ssl_certificate test-ssl-cert;',
|
|
},
|
|
{
|
|
:title => 'should set ssl_certificate_key',
|
|
:attr => 'ssl_key',
|
|
:value => 'test-ssl-cert-key',
|
|
:match => ' ssl_certificate_key test-ssl-cert-key;',
|
|
},
|
|
].each do |param|
|
|
context "when #{param[:attr]} is #{param[:value]}" do
|
|
let :default_params do {
|
|
:listen_port => 25,
|
|
:ipv6_enable => true,
|
|
:ssl => true,
|
|
:ssl_cert => 'dummy.crt',
|
|
:ssl_key => 'dummy.key',
|
|
} end
|
|
let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
|
|
|
|
it { is_expected.to contain_concat__fragment("#{title}-ssl") }
|
|
it param[:title] do
|
|
lines = subject.resource('concat::fragment', "#{title}-ssl").send(:parameters)[:content].split("\n")
|
|
expect(lines & Array(param[:match])).to eq(Array(param[:match]))
|
|
Array(param[:notmatch]).each do |item|
|
|
is_expected.to contain_concat__fragment("#{title}-ssl").without_content(item)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'attribute resources' do
|
|
context "SSL cert missing and ssl => true" do
|
|
let :params do default_params.merge({
|
|
:ssl => true,
|
|
:ssl_key => 'key',
|
|
}) end
|
|
|
|
it { expect { is_expected.to contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
|
|
end
|
|
|
|
context "SSL key missing and ssl => true" do
|
|
let :params do default_params.merge({
|
|
:ssl => true,
|
|
:ssl_cert => 'cert',
|
|
}) end
|
|
|
|
it { expect { is_expected.to contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
|
|
end
|
|
|
|
context "SSL cert missing and starttls => 'on'" do
|
|
let :params do default_params.merge({
|
|
:starttls => 'on',
|
|
:ssl_key => 'key',
|
|
}) end
|
|
|
|
it { expect { is_expected.to contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
|
|
end
|
|
|
|
context "SSL key missing and starttls => 'on'" do
|
|
let :params do default_params.merge({
|
|
:starttls => 'on',
|
|
:ssl_cert => 'cert',
|
|
}) end
|
|
|
|
it { expect { is_expected.to contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
|
|
end
|
|
|
|
context "SSL cert missing and starttls => 'only'" do
|
|
let :params do default_params.merge({
|
|
:starttls => 'only',
|
|
:ssl_key => 'key',
|
|
}) end
|
|
|
|
it { expect { is_expected.to contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
|
|
end
|
|
|
|
context "SSL key missing and starttls => 'only'" do
|
|
let :params do default_params.merge({
|
|
:starttls => 'only',
|
|
:ssl_cert => 'cert',
|
|
}) end
|
|
|
|
it { expect { is_expected.to contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
|
|
end
|
|
|
|
context 'when listen_port != ssl_port' do
|
|
let :params do default_params.merge({
|
|
:listen_port => 80,
|
|
:ssl_port => 443,
|
|
}) end
|
|
|
|
it { is_expected.to contain_concat__fragment("#{title}-header") }
|
|
end
|
|
|
|
context 'when listen_port == ssl_port' do
|
|
let :params do default_params.merge({
|
|
:listen_port => 80,
|
|
:ssl_port => 80,
|
|
}) end
|
|
|
|
it { is_expected.not_to contain_concat__fragment("#{title}-header") }
|
|
end
|
|
|
|
context 'when ssl => true' do
|
|
let :params do default_params.merge({
|
|
:ensure => 'absent',
|
|
:ssl => true,
|
|
:ssl_key => 'dummy.key',
|
|
:ssl_cert => 'dummy.cert',
|
|
}) end
|
|
|
|
it { is_expected.to contain_concat__fragment("#{title}-header") }
|
|
it { is_expected.to contain_concat__fragment("#{title}-ssl") }
|
|
end
|
|
|
|
context 'when ssl => false' do
|
|
let :params do default_params.merge({
|
|
:ensure => 'absent',
|
|
:ssl => false,
|
|
}) end
|
|
|
|
it { is_expected.to contain_concat__fragment("#{title}-header") }
|
|
it { is_expected.not_to contain_concat__fragment("#{title}-ssl") }
|
|
end
|
|
end
|
|
end
|
|
end
|