faa974b745
The big win is that it's now possible to test the future parser with the latest Puppet release. In the past it wasn't possible to test future parser with anything higher than 3.5.x.
400 lines
14 KiB
Ruby
400 lines
14 KiB
Ruby
require 'spec_helper'
|
|
|
|
describe 'nginx::resource::mailhost' do
|
|
let :title do
|
|
'www.rspec.example.com'
|
|
end
|
|
let :facts do
|
|
{
|
|
:ipaddress6 => '::',
|
|
}
|
|
end
|
|
let :default_params do
|
|
{
|
|
:listen_port => 25,
|
|
:ipv6_enable => true,
|
|
}
|
|
end
|
|
let :pre_condition do
|
|
[
|
|
'include ::nginx::config',
|
|
]
|
|
end
|
|
|
|
describe 'os-independent items' do
|
|
|
|
describe 'basic assumptions' do
|
|
let :params do default_params end
|
|
it { is_expected.to contain_class("nginx::config") }
|
|
it { is_expected.to contain_concat("/etc/nginx/conf.mail.d/#{title}.conf").with({
|
|
'owner' => 'root',
|
|
'group' => 'root',
|
|
'mode' => '0644',
|
|
})}
|
|
it { is_expected.to contain_concat__fragment("#{title}-header") }
|
|
it { is_expected.not_to contain_concat__fragment("#{title}-ssl") }
|
|
end
|
|
|
|
describe "mailhost template content" do
|
|
[
|
|
{
|
|
:title => 'should set the IPv4 listen IP',
|
|
:attr => 'listen_ip',
|
|
:value => '127.0.0.1',
|
|
:match => ' listen 127.0.0.1:25;',
|
|
},
|
|
{
|
|
:title => 'should set the IPv4 listen port',
|
|
:attr => 'listen_port',
|
|
:value => 45,
|
|
:match => ' listen *:45;',
|
|
},
|
|
{
|
|
:title => 'should set the IPv4 listen options',
|
|
:attr => 'listen_options',
|
|
:value => 'spdy default',
|
|
:match => ' listen *:25 spdy default;',
|
|
},
|
|
{
|
|
:title => 'should enable IPv6',
|
|
:attr => 'ipv6_enable',
|
|
:value => true,
|
|
:match => ' listen [::]:80 default ipv6only=on;',
|
|
},
|
|
{
|
|
:title => 'should not enable IPv6',
|
|
:attr => 'ipv6_enable',
|
|
:value => false,
|
|
:notmatch => / listen \[::\]:80 default ipv6only=on;/,
|
|
},
|
|
{
|
|
:title => 'should set the IPv6 listen IP',
|
|
:attr => 'ipv6_listen_ip',
|
|
:value => '2001:0db8:85a3:0000:0000:8a2e:0370:7334',
|
|
:match => ' listen [2001:0db8:85a3:0000:0000:8a2e:0370:7334]:80 default ipv6only=on;',
|
|
},
|
|
{
|
|
:title => 'should set the IPv6 listen port',
|
|
:attr => 'ipv6_listen_port',
|
|
:value => 45,
|
|
:match => ' listen [::]:45 default ipv6only=on;',
|
|
},
|
|
{
|
|
:title => 'should set the IPv6 listen options',
|
|
:attr => 'ipv6_listen_options',
|
|
:value => 'spdy',
|
|
:match => ' listen [::]:80 spdy;',
|
|
},
|
|
{
|
|
:title => 'should set servername(s)',
|
|
:attr => 'server_name',
|
|
:value => ['name1','name2'],
|
|
:match => ' server_name name1 name2;',
|
|
},
|
|
{
|
|
:title => 'should set protocol',
|
|
:attr => 'protocol',
|
|
:value => 'test-protocol',
|
|
:match => ' protocol test-protocol;',
|
|
},
|
|
{
|
|
:title => 'should set xclient',
|
|
:attr => 'xclient',
|
|
:value => 'test-xclient',
|
|
:match => ' xclient test-xclient;',
|
|
},
|
|
{
|
|
:title => 'should set auth_http',
|
|
:attr => 'auth_http',
|
|
:value => 'test-auth_http',
|
|
:match => ' auth_http test-auth_http;',
|
|
},
|
|
{
|
|
:title => 'should set starttls',
|
|
:attr => 'starttls',
|
|
:value => 'on',
|
|
:match => ' starttls on;',
|
|
},
|
|
{
|
|
:title => 'should set starttls',
|
|
:attr => 'starttls',
|
|
:value => 'only',
|
|
:match => ' starttls only;',
|
|
},
|
|
{
|
|
:title => 'should not enable SSL',
|
|
:attr => 'starttls',
|
|
:value => 'off',
|
|
:notmatch => / ssl_session_timeout 5m;/,
|
|
},
|
|
].each do |param|
|
|
context "when #{param[:attr]} is #{param[:value]}" do
|
|
let :default_params do {
|
|
:listen_port => 25,
|
|
:ipv6_enable => true,
|
|
:ssl_cert => 'dummy.crt',
|
|
:ssl_key => 'dummy.key',
|
|
} end
|
|
let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
|
|
|
|
it { is_expected.to contain_concat__fragment("#{title}-header") }
|
|
it param[:title] do
|
|
lines = catalogue.resource('concat::fragment', "#{title}-header").send(:parameters)[:content].split("\n")
|
|
expect(lines & Array(param[:match])).to eq(Array(param[:match]))
|
|
Array(param[:notmatch]).each do |item|
|
|
is_expected.to contain_concat__fragment("#{title}-header").without_content(item)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "mailhost template content (SSL enabled)" do
|
|
[
|
|
{
|
|
:title => 'should enable SSL',
|
|
:attr => 'starttls',
|
|
:value => 'on',
|
|
:match => ' ssl_session_timeout 5m;',
|
|
},
|
|
{
|
|
:title => 'should enable SSL',
|
|
:attr => 'starttls',
|
|
:value => 'only',
|
|
:match => ' ssl_session_timeout 5m;',
|
|
},
|
|
{
|
|
:title => 'should not enable SSL',
|
|
:attr => 'starttls',
|
|
:value => 'off',
|
|
:notmatch => / ssl_session_timeout 5m;/,
|
|
},
|
|
{
|
|
:title => 'should set ssl_certificate',
|
|
:attr => 'ssl_cert',
|
|
:value => 'test-ssl-cert',
|
|
:match => ' ssl_certificate test-ssl-cert;',
|
|
},
|
|
{
|
|
:title => 'should set ssl_certificate_key',
|
|
:attr => 'ssl_key',
|
|
:value => 'test-ssl-cert-key',
|
|
:match => ' ssl_certificate_key test-ssl-cert-key;',
|
|
},
|
|
].each do |param|
|
|
context "when #{param[:attr]} is #{param[:value]}" do
|
|
let :default_params do {
|
|
:listen_port => 25,
|
|
:starttls => 'on',
|
|
:ssl_cert => 'dummy.crt',
|
|
:ssl_key => 'dummy.key',
|
|
} end
|
|
let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
|
|
|
|
it { is_expected.to contain_concat__fragment("#{title}-header") }
|
|
it param[:title] do
|
|
lines = catalogue.resource('concat::fragment', "#{title}-header").send(:parameters)[:content].split("\n")
|
|
expect(lines & Array(param[:match])).to eq(Array(param[:match]))
|
|
Array(param[:notmatch]).each do |item|
|
|
is_expected.to contain_concat__fragment("#{title}-header").without_content(item)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "mailhost_ssl template content" do
|
|
[
|
|
{
|
|
:title => 'should set the IPv4 SSL listen port',
|
|
:attr => 'ssl_port',
|
|
:value => '45',
|
|
:match => ' listen *:45;',
|
|
},
|
|
{
|
|
:title => 'should enable IPv6',
|
|
:attr => 'ipv6_enable',
|
|
:value => true,
|
|
:match => ' listen [::]:587 default ipv6only=on;',
|
|
},
|
|
{
|
|
:title => 'should not enable IPv6',
|
|
:attr => 'ipv6_enable',
|
|
:value => false,
|
|
:notmatch => / listen \[::\]:587 default ipv6only=on;/,
|
|
},
|
|
{
|
|
:title => 'should set the IPv6 listen IP',
|
|
:attr => 'ipv6_listen_ip',
|
|
:value => '2001:0db8:85a3:0000:0000:8a2e:0370:7334',
|
|
:match => ' listen [2001:0db8:85a3:0000:0000:8a2e:0370:7334]:587 default ipv6only=on;',
|
|
},
|
|
{
|
|
:title => 'should set the IPv6 ssl port',
|
|
:attr => 'ssl_port',
|
|
:value => 45,
|
|
:match => ' listen [::]:45 default ipv6only=on;',
|
|
},
|
|
{
|
|
:title => 'should set the IPv6 listen options',
|
|
:attr => 'ipv6_listen_options',
|
|
:value => 'spdy',
|
|
:match => ' listen [::]:587 spdy;',
|
|
},
|
|
{
|
|
:title => 'should set servername(s)',
|
|
:attr => 'server_name',
|
|
:value => ['name1','name2'],
|
|
:match => ' server_name name1 name2;',
|
|
},
|
|
{
|
|
:title => 'should set protocol',
|
|
:attr => 'protocol',
|
|
:value => 'test-protocol',
|
|
:match => ' protocol test-protocol;',
|
|
},
|
|
{
|
|
:title => 'should set xclient',
|
|
:attr => 'xclient',
|
|
:value => 'test-xclient',
|
|
:match => ' xclient test-xclient;',
|
|
},
|
|
{
|
|
:title => 'should set auth_http',
|
|
:attr => 'auth_http',
|
|
:value => 'test-auth_http',
|
|
:match => ' auth_http test-auth_http;',
|
|
},
|
|
{
|
|
:title => 'should set ssl_certificate',
|
|
:attr => 'ssl_cert',
|
|
:value => 'test-ssl-cert',
|
|
:match => ' ssl_certificate test-ssl-cert;',
|
|
},
|
|
{
|
|
:title => 'should set ssl_certificate_key',
|
|
:attr => 'ssl_key',
|
|
:value => 'test-ssl-cert-key',
|
|
:match => ' ssl_certificate_key test-ssl-cert-key;',
|
|
},
|
|
].each do |param|
|
|
context "when #{param[:attr]} is #{param[:value]}" do
|
|
let :default_params do {
|
|
:listen_port => 25,
|
|
:ssl_port => 587,
|
|
:ipv6_enable => true,
|
|
:ssl => true,
|
|
:ssl_cert => 'dummy.crt',
|
|
:ssl_key => 'dummy.key',
|
|
} end
|
|
let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
|
|
|
|
it { is_expected.to contain_concat__fragment("#{title}-ssl") }
|
|
it param[:title] do
|
|
lines = catalogue.resource('concat::fragment', "#{title}-ssl").send(:parameters)[:content].split("\n")
|
|
expect(lines & Array(param[:match])).to eq(Array(param[:match]))
|
|
Array(param[:notmatch]).each do |item|
|
|
is_expected.to contain_concat__fragment("#{title}-ssl").without_content(item)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'attribute resources' do
|
|
context "SSL cert missing and ssl => true" do
|
|
let :params do default_params.merge({
|
|
:ssl => true,
|
|
:ssl_key => 'key',
|
|
}) end
|
|
|
|
it { expect { is_expected.to contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
|
|
end
|
|
|
|
context "SSL key missing and ssl => true" do
|
|
let :params do default_params.merge({
|
|
:ssl => true,
|
|
:ssl_cert => 'cert',
|
|
}) end
|
|
|
|
it { expect { is_expected.to contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
|
|
end
|
|
|
|
context "SSL cert missing and starttls => 'on'" do
|
|
let :params do default_params.merge({
|
|
:starttls => 'on',
|
|
:ssl_key => 'key',
|
|
}) end
|
|
|
|
it { expect { is_expected.to contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
|
|
end
|
|
|
|
context "SSL key missing and starttls => 'on'" do
|
|
let :params do default_params.merge({
|
|
:starttls => 'on',
|
|
:ssl_cert => 'cert',
|
|
}) end
|
|
|
|
it { expect { is_expected.to contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
|
|
end
|
|
|
|
context "SSL cert missing and starttls => 'only'" do
|
|
let :params do default_params.merge({
|
|
:starttls => 'only',
|
|
:ssl_key => 'key',
|
|
}) end
|
|
|
|
it { expect { is_expected.to contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
|
|
end
|
|
|
|
context "SSL key missing and starttls => 'only'" do
|
|
let :params do default_params.merge({
|
|
:starttls => 'only',
|
|
:ssl_cert => 'cert',
|
|
}) end
|
|
|
|
it { expect { is_expected.to contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
|
|
end
|
|
|
|
context 'when listen_port != ssl_port' do
|
|
let :params do default_params.merge({
|
|
:listen_port => 80,
|
|
:ssl_port => 443,
|
|
}) end
|
|
|
|
it { is_expected.to contain_concat__fragment("#{title}-header") }
|
|
end
|
|
|
|
context 'when listen_port == ssl_port' do
|
|
let :params do default_params.merge({
|
|
:listen_port => 80,
|
|
:ssl_port => 80,
|
|
}) end
|
|
|
|
it { is_expected.not_to contain_concat__fragment("#{title}-header") }
|
|
end
|
|
|
|
context 'when ssl => true' do
|
|
let :params do default_params.merge({
|
|
:ensure => 'absent',
|
|
:ssl => true,
|
|
:ssl_key => 'dummy.key',
|
|
:ssl_cert => 'dummy.cert',
|
|
}) end
|
|
|
|
it { is_expected.to contain_concat__fragment("#{title}-header") }
|
|
it { is_expected.to contain_concat__fragment("#{title}-ssl") }
|
|
end
|
|
|
|
context 'when ssl => false' do
|
|
let :params do default_params.merge({
|
|
:ensure => 'absent',
|
|
:ssl => false,
|
|
}) end
|
|
|
|
it { is_expected.to contain_concat__fragment("#{title}-header") }
|
|
it { is_expected.not_to contain_concat__fragment("#{title}-ssl") }
|
|
end
|
|
end
|
|
end
|
|
end
|