400 lines
14 KiB
Ruby
400 lines
14 KiB
Ruby
require 'spec_helper'
|
|
|
|
describe 'nginx::resource::mailhost' do
|
|
let :title do
|
|
'www.rspec.example.com'
|
|
end
|
|
let :facts do
|
|
{
|
|
:ipaddress6 => '::',
|
|
}
|
|
end
|
|
let :default_params do
|
|
{
|
|
:listen_port => 25,
|
|
:ipv6_enable => true,
|
|
}
|
|
end
|
|
let :pre_condition do
|
|
[
|
|
'include ::nginx::config',
|
|
]
|
|
end
|
|
|
|
describe 'os-independent items' do
|
|
|
|
describe 'basic assumptions' do
|
|
let :params do default_params end
|
|
it { is_expected.to contain_class("nginx::config") }
|
|
it { is_expected.to contain_concat("/etc/nginx/conf.mail.d/#{title}.conf").with({
|
|
'owner' => 'root',
|
|
'group' => 'root',
|
|
'mode' => '0644',
|
|
})}
|
|
it { is_expected.to contain_concat__fragment("#{title}-header") }
|
|
it { is_expected.not_to contain_concat__fragment("#{title}-ssl") }
|
|
end
|
|
|
|
describe "mailhost template content" do
|
|
[
|
|
{
|
|
:title => 'should set the IPv4 listen IP',
|
|
:attr => 'listen_ip',
|
|
:value => '127.0.0.1',
|
|
:match => ' listen 127.0.0.1:25;',
|
|
},
|
|
{
|
|
:title => 'should set the IPv4 listen port',
|
|
:attr => 'listen_port',
|
|
:value => 45,
|
|
:match => ' listen *:45;',
|
|
},
|
|
{
|
|
:title => 'should set the IPv4 listen options',
|
|
:attr => 'listen_options',
|
|
:value => 'spdy default',
|
|
:match => ' listen *:25 spdy default;',
|
|
},
|
|
{
|
|
:title => 'should enable IPv6',
|
|
:attr => 'ipv6_enable',
|
|
:value => true,
|
|
:match => ' listen [::]:80 default ipv6only=on;',
|
|
},
|
|
{
|
|
:title => 'should not enable IPv6',
|
|
:attr => 'ipv6_enable',
|
|
:value => false,
|
|
:notmatch => / listen \[::\]:80 default ipv6only=on;/,
|
|
},
|
|
{
|
|
:title => 'should set the IPv6 listen IP',
|
|
:attr => 'ipv6_listen_ip',
|
|
:value => '2001:0db8:85a3:0000:0000:8a2e:0370:7334',
|
|
:match => ' listen [2001:0db8:85a3:0000:0000:8a2e:0370:7334]:80 default ipv6only=on;',
|
|
},
|
|
{
|
|
:title => 'should set the IPv6 listen port',
|
|
:attr => 'ipv6_listen_port',
|
|
:value => 45,
|
|
:match => ' listen [::]:45 default ipv6only=on;',
|
|
},
|
|
{
|
|
:title => 'should set the IPv6 listen options',
|
|
:attr => 'ipv6_listen_options',
|
|
:value => 'spdy',
|
|
:match => ' listen [::]:80 spdy;',
|
|
},
|
|
{
|
|
:title => 'should set servername(s)',
|
|
:attr => 'server_name',
|
|
:value => ['name1','name2'],
|
|
:match => ' server_name name1 name2;',
|
|
},
|
|
{
|
|
:title => 'should set protocol',
|
|
:attr => 'protocol',
|
|
:value => 'test-protocol',
|
|
:match => ' protocol test-protocol;',
|
|
},
|
|
{
|
|
:title => 'should set xclient',
|
|
:attr => 'xclient',
|
|
:value => 'test-xclient',
|
|
:match => ' xclient test-xclient;',
|
|
},
|
|
{
|
|
:title => 'should set auth_http',
|
|
:attr => 'auth_http',
|
|
:value => 'test-auth_http',
|
|
:match => ' auth_http test-auth_http;',
|
|
},
|
|
{
|
|
:title => 'should set starttls',
|
|
:attr => 'starttls',
|
|
:value => 'on',
|
|
:match => ' starttls on;',
|
|
},
|
|
{
|
|
:title => 'should set starttls',
|
|
:attr => 'starttls',
|
|
:value => 'only',
|
|
:match => ' starttls only;',
|
|
},
|
|
{
|
|
:title => 'should not enable SSL',
|
|
:attr => 'starttls',
|
|
:value => 'off',
|
|
:notmatch => / ssl_session_timeout 5m;/,
|
|
},
|
|
].each do |param|
|
|
context "when #{param[:attr]} is #{param[:value]}" do
|
|
let :default_params do {
|
|
:listen_port => 25,
|
|
:ipv6_enable => true,
|
|
:ssl_cert => 'dummy.crt',
|
|
:ssl_key => 'dummy.key',
|
|
} end
|
|
let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
|
|
|
|
it { is_expected.to contain_concat__fragment("#{title}-header") }
|
|
it param[:title] do
|
|
lines = subject.resource('concat::fragment', "#{title}-header").send(:parameters)[:content].split("\n")
|
|
expect(lines & Array(param[:match])).to eq(Array(param[:match]))
|
|
Array(param[:notmatch]).each do |item|
|
|
is_expected.to contain_concat__fragment("#{title}-header").without_content(item)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "mailhost template content (SSL enabled)" do
|
|
[
|
|
{
|
|
:title => 'should enable SSL',
|
|
:attr => 'starttls',
|
|
:value => 'on',
|
|
:match => ' ssl_session_timeout 5m;',
|
|
},
|
|
{
|
|
:title => 'should enable SSL',
|
|
:attr => 'starttls',
|
|
:value => 'only',
|
|
:match => ' ssl_session_timeout 5m;',
|
|
},
|
|
{
|
|
:title => 'should not enable SSL',
|
|
:attr => 'starttls',
|
|
:value => 'off',
|
|
:notmatch => / ssl_session_timeout 5m;/,
|
|
},
|
|
{
|
|
:title => 'should set ssl_certificate',
|
|
:attr => 'ssl_cert',
|
|
:value => 'test-ssl-cert',
|
|
:match => ' ssl_certificate test-ssl-cert;',
|
|
},
|
|
{
|
|
:title => 'should set ssl_certificate_key',
|
|
:attr => 'ssl_key',
|
|
:value => 'test-ssl-cert-key',
|
|
:match => ' ssl_certificate_key test-ssl-cert-key;',
|
|
},
|
|
].each do |param|
|
|
context "when #{param[:attr]} is #{param[:value]}" do
|
|
let :default_params do {
|
|
:listen_port => 25,
|
|
:starttls => 'on',
|
|
:ssl_cert => 'dummy.crt',
|
|
:ssl_key => 'dummy.key',
|
|
} end
|
|
let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
|
|
|
|
it { is_expected.to contain_concat__fragment("#{title}-header") }
|
|
it param[:title] do
|
|
lines = subject.resource('concat::fragment', "#{title}-header").send(:parameters)[:content].split("\n")
|
|
expect(lines & Array(param[:match])).to eq(Array(param[:match]))
|
|
Array(param[:notmatch]).each do |item|
|
|
is_expected.to contain_concat__fragment("#{title}-header").without_content(item)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "mailhost_ssl template content" do
|
|
[
|
|
{
|
|
:title => 'should set the IPv4 SSL listen port',
|
|
:attr => 'ssl_port',
|
|
:value => '45',
|
|
:match => ' listen *:45;',
|
|
},
|
|
{
|
|
:title => 'should enable IPv6',
|
|
:attr => 'ipv6_enable',
|
|
:value => true,
|
|
:match => ' listen [::]:587 default ipv6only=on;',
|
|
},
|
|
{
|
|
:title => 'should not enable IPv6',
|
|
:attr => 'ipv6_enable',
|
|
:value => false,
|
|
:notmatch => / listen \[::\]:587 default ipv6only=on;/,
|
|
},
|
|
{
|
|
:title => 'should set the IPv6 listen IP',
|
|
:attr => 'ipv6_listen_ip',
|
|
:value => '2001:0db8:85a3:0000:0000:8a2e:0370:7334',
|
|
:match => ' listen [2001:0db8:85a3:0000:0000:8a2e:0370:7334]:587 default ipv6only=on;',
|
|
},
|
|
{
|
|
:title => 'should set the IPv6 ssl port',
|
|
:attr => 'ssl_port',
|
|
:value => 45,
|
|
:match => ' listen [::]:45 default ipv6only=on;',
|
|
},
|
|
{
|
|
:title => 'should set the IPv6 listen options',
|
|
:attr => 'ipv6_listen_options',
|
|
:value => 'spdy',
|
|
:match => ' listen [::]:587 spdy;',
|
|
},
|
|
{
|
|
:title => 'should set servername(s)',
|
|
:attr => 'server_name',
|
|
:value => ['name1','name2'],
|
|
:match => ' server_name name1 name2;',
|
|
},
|
|
{
|
|
:title => 'should set protocol',
|
|
:attr => 'protocol',
|
|
:value => 'test-protocol',
|
|
:match => ' protocol test-protocol;',
|
|
},
|
|
{
|
|
:title => 'should set xclient',
|
|
:attr => 'xclient',
|
|
:value => 'test-xclient',
|
|
:match => ' xclient test-xclient;',
|
|
},
|
|
{
|
|
:title => 'should set auth_http',
|
|
:attr => 'auth_http',
|
|
:value => 'test-auth_http',
|
|
:match => ' auth_http test-auth_http;',
|
|
},
|
|
{
|
|
:title => 'should set ssl_certificate',
|
|
:attr => 'ssl_cert',
|
|
:value => 'test-ssl-cert',
|
|
:match => ' ssl_certificate test-ssl-cert;',
|
|
},
|
|
{
|
|
:title => 'should set ssl_certificate_key',
|
|
:attr => 'ssl_key',
|
|
:value => 'test-ssl-cert-key',
|
|
:match => ' ssl_certificate_key test-ssl-cert-key;',
|
|
},
|
|
].each do |param|
|
|
context "when #{param[:attr]} is #{param[:value]}" do
|
|
let :default_params do {
|
|
:listen_port => 25,
|
|
:ssl_port => 587,
|
|
:ipv6_enable => true,
|
|
:ssl => true,
|
|
:ssl_cert => 'dummy.crt',
|
|
:ssl_key => 'dummy.key',
|
|
} end
|
|
let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
|
|
|
|
it { is_expected.to contain_concat__fragment("#{title}-ssl") }
|
|
it param[:title] do
|
|
lines = subject.resource('concat::fragment', "#{title}-ssl").send(:parameters)[:content].split("\n")
|
|
expect(lines & Array(param[:match])).to eq(Array(param[:match]))
|
|
Array(param[:notmatch]).each do |item|
|
|
is_expected.to contain_concat__fragment("#{title}-ssl").without_content(item)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'attribute resources' do
|
|
context "SSL cert missing and ssl => true" do
|
|
let :params do default_params.merge({
|
|
:ssl => true,
|
|
:ssl_key => 'key',
|
|
}) end
|
|
|
|
it { expect { is_expected.to contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
|
|
end
|
|
|
|
context "SSL key missing and ssl => true" do
|
|
let :params do default_params.merge({
|
|
:ssl => true,
|
|
:ssl_cert => 'cert',
|
|
}) end
|
|
|
|
it { expect { is_expected.to contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
|
|
end
|
|
|
|
context "SSL cert missing and starttls => 'on'" do
|
|
let :params do default_params.merge({
|
|
:starttls => 'on',
|
|
:ssl_key => 'key',
|
|
}) end
|
|
|
|
it { expect { is_expected.to contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
|
|
end
|
|
|
|
context "SSL key missing and starttls => 'on'" do
|
|
let :params do default_params.merge({
|
|
:starttls => 'on',
|
|
:ssl_cert => 'cert',
|
|
}) end
|
|
|
|
it { expect { is_expected.to contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
|
|
end
|
|
|
|
context "SSL cert missing and starttls => 'only'" do
|
|
let :params do default_params.merge({
|
|
:starttls => 'only',
|
|
:ssl_key => 'key',
|
|
}) end
|
|
|
|
it { expect { is_expected.to contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
|
|
end
|
|
|
|
context "SSL key missing and starttls => 'only'" do
|
|
let :params do default_params.merge({
|
|
:starttls => 'only',
|
|
:ssl_cert => 'cert',
|
|
}) end
|
|
|
|
it { expect { is_expected.to contain_class('nginx::resource::vhost') }.to raise_error(Puppet::Error, %r{nginx: SSL certificate/key \(ssl_cert/ssl_cert\) and/or SSL Private must be defined and exist on the target system\(s\)}) }
|
|
end
|
|
|
|
context 'when listen_port != ssl_port' do
|
|
let :params do default_params.merge({
|
|
:listen_port => 80,
|
|
:ssl_port => 443,
|
|
}) end
|
|
|
|
it { is_expected.to contain_concat__fragment("#{title}-header") }
|
|
end
|
|
|
|
context 'when listen_port == ssl_port' do
|
|
let :params do default_params.merge({
|
|
:listen_port => 80,
|
|
:ssl_port => 80,
|
|
}) end
|
|
|
|
it { is_expected.not_to contain_concat__fragment("#{title}-header") }
|
|
end
|
|
|
|
context 'when ssl => true' do
|
|
let :params do default_params.merge({
|
|
:ensure => 'absent',
|
|
:ssl => true,
|
|
:ssl_key => 'dummy.key',
|
|
:ssl_cert => 'dummy.cert',
|
|
}) end
|
|
|
|
it { is_expected.to contain_concat__fragment("#{title}-header") }
|
|
it { is_expected.to contain_concat__fragment("#{title}-ssl") }
|
|
end
|
|
|
|
context 'when ssl => false' do
|
|
let :params do default_params.merge({
|
|
:ensure => 'absent',
|
|
:ssl => false,
|
|
}) end
|
|
|
|
it { is_expected.to contain_concat__fragment("#{title}-header") }
|
|
it { is_expected.not_to contain_concat__fragment("#{title}-ssl") }
|
|
end
|
|
end
|
|
end
|
|
end
|