From 632802a5a946d2f05c40d9038d6f2ad596fafc58 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20B=C3=A9rtoli?= Date: Sat, 18 Jul 2020 13:26:39 -0300 Subject: [PATCH] fix(server-status): enable module in Debian family --- apache/files/server-status.conf.jinja | 4 ++++ apache/server_status.sls | 12 +++------- kitchen.yml | 20 +++++++++++++++- .../default/controls/config_spec.rb | 24 ++++++++++++++++++- .../default/controls/packages_spec.rb | 13 ++++------ .../default/controls/services_spec.rb | 12 ++++++---- .../modules/controls/mod_security_spec.rb | 2 ++ .../modules/controls/packages_spec.rb | 8 +++---- .../modules/controls/server_status_spec.rb | 19 ++++++++------- .../modules/controls/services_spec.rb | 12 ++++++---- 10 files changed, 86 insertions(+), 40 deletions(-) diff --git a/apache/files/server-status.conf.jinja b/apache/files/server-status.conf.jinja index 34984f8..aabddfc 100644 --- a/apache/files/server-status.conf.jinja +++ b/apache/files/server-status.conf.jinja @@ -1,3 +1,7 @@ +######################################################################## +# File managed by Salt at <{{ source }}>. +# Your changes will be overwritten. +######################################################################## SetHandler server-status {%- if apache.version == '2.4' %} diff --git a/apache/server_status.sls b/apache/server_status.sls index 989100f..df757ce 100644 --- a/apache/server_status.sls +++ b/apache/server_status.sls @@ -19,16 +19,10 @@ include: - module: apache-reload - service: apache -{% if grains['os_family']=="Debian" %} -a2endisconf server-status: +{%- if grains['os_family'] == "Debian" %} +a2enconf server-status: cmd.run: -{% if apache.get('server_status_require') is defined %} - - name: a2enconf server-status - - unless: test -L /etc/apache2/conf-enabled/server-status.conf -{% else %} - - name: a2disconf server-status - - onlyif: test -L /etc/apache2/conf-enabled/server-status.conf -{% endif %} + - unless: 'test -L /etc/apache2/conf-enabled/server-status.conf' - order: 225 - require: - pkg: apache diff --git a/kitchen.yml b/kitchen.yml index b06c77a..dbde110 100644 --- a/kitchen.yml +++ b/kitchen.yml @@ -157,7 +157,7 @@ suites: base: '*': - apache - - apache.mod_security + - apache.config pillars: top.sls: base: @@ -168,3 +168,21 @@ suites: verifier: inspec_tests: - path: test/integration/default + - name: modules + provisioner: + state_top: + base: + '*': + - apache + - apache.mod_security + - apache.server_status + pillars: + top.sls: + base: + '*': + - apache + pillars_from_files: + apache.sls: test/salt/pillar/modules.sls + verifier: + inspec_tests: + - path: test/integration/modules diff --git a/test/integration/default/controls/config_spec.rb b/test/integration/default/controls/config_spec.rb index dd04579..cd291b6 100644 --- a/test/integration/default/controls/config_spec.rb +++ b/test/integration/default/controls/config_spec.rb @@ -3,7 +3,19 @@ control 'apache configuration' do title 'should match desired lines' - describe file('/etc/apache2/apache2.conf') do + config_file = + case platform[:family] + when 'debian' + '/etc/apache2/apache2.conf' + when 'redhat', 'fedora' + '/etc/httpd/conf/httpd.conf' + when 'suse' + '/etc/apache2/httpd.conf' + # `linux` here is sufficient for `arch` + when 'linux' + '/etc/httpd/conf/httpd.conf' + end + describe file(config_file) do it { should be_file } it { should be_owned_by 'root' } it { should be_grouped_into 'root' } @@ -15,3 +27,13 @@ control 'apache configuration' do end end end +control 'apache configuration' do + title 'should be valid' + + describe command('apachectl -t') do + its('stdout') { should eq '' } + its('stderr') { should include 'Syntax OK' } + + its('exit_status') { should eq 0 } + end +end diff --git a/test/integration/default/controls/packages_spec.rb b/test/integration/default/controls/packages_spec.rb index 92d7d5b..6e23746 100644 --- a/test/integration/default/controls/packages_spec.rb +++ b/test/integration/default/controls/packages_spec.rb @@ -1,20 +1,17 @@ # frozen_string_literal: true -# Overide by OS -package_name = 'bash' -package_name = 'cronie' if (os[:name] == 'centos') && os[:release].start_with?('6') - control 'apache package' do title 'should be installed' package_name = case platform[:family] when 'debian', 'suse' - 'apache2' + 'apache2' when 'redhat', 'fedora' - 'httpd' - when 'arch' - 'apache' + 'httpd' + # `linux` here is sufficient for `arch` + when 'linux' + 'apache' end describe package(package_name) do diff --git a/test/integration/default/controls/services_spec.rb b/test/integration/default/controls/services_spec.rb index 11b5381..a8657e0 100644 --- a/test/integration/default/controls/services_spec.rb +++ b/test/integration/default/controls/services_spec.rb @@ -1,13 +1,17 @@ # frozen_string_literal: true -# Overide by OS -service_name = 'apache2' -service_name = 'httpd' if (os[:name] == 'centos') - control 'apache service' do impact 0.5 title 'should be running and enabled' + service_name = + case platform[:family] + when 'debian', 'suse' + 'apache2' + when 'redhat', 'fedora', 'linux' + 'httpd' + end + describe service(service_name) do it { should be_enabled } it { should be_running } diff --git a/test/integration/modules/controls/mod_security_spec.rb b/test/integration/modules/controls/mod_security_spec.rb index a585fd8..4c0f22d 100644 --- a/test/integration/modules/controls/mod_security_spec.rb +++ b/test/integration/modules/controls/mod_security_spec.rb @@ -9,6 +9,8 @@ control 'apache mod_security configuration' do '/etc/httpd/conf.d/mod_security.conf' when 'debian' '/etc/modsecurity/modsecurity.conf-recommended' + when 'suse' + '/etc/apache2/conf.d/mod_security2.conf' end describe file(modspec_file) do diff --git a/test/integration/modules/controls/packages_spec.rb b/test/integration/modules/controls/packages_spec.rb index f73dceb..ecea095 100644 --- a/test/integration/modules/controls/packages_spec.rb +++ b/test/integration/modules/controls/packages_spec.rb @@ -5,12 +5,12 @@ control 'apache mod_security package' do package_name = case platform[:family] - when 'debian', 'suse' - 'libapache2-mod-security2' + when 'debian' + 'libapache2-mod-security2' when 'redhat', 'fedora' - 'mod_security' + 'mod_security' when 'suse' - 'apache2-mod_security2' + 'apache2-mod_security2' end describe package(package_name) do diff --git a/test/integration/modules/controls/server_status_spec.rb b/test/integration/modules/controls/server_status_spec.rb index c851f6e..51f6802 100644 --- a/test/integration/modules/controls/server_status_spec.rb +++ b/test/integration/modules/controls/server_status_spec.rb @@ -3,14 +3,14 @@ control 'apache server_status configuration' do title 'should match desired lines' - server_status_stanza = <<-SS_STANZA - - SetHandler server-status - Require local - Require host foo.example.com - Require ip 10.8.8.0/24 - -SS_STANZA + server_status_stanza = <<~SS_STANZA + + SetHandler server-status + Require local + Require host foo.example.com + Require ip 10.8.8.0/24 + + SS_STANZA confdir = case platform[:family] @@ -20,7 +20,8 @@ SS_STANZA '/etc/httpd/conf.d' when 'suse' '/etc/apache2/conf.d' - when 'arch' + # `linux` here is sufficient for `arch` + when 'linux' '/etc/httpd/conf/extra' end diff --git a/test/integration/modules/controls/services_spec.rb b/test/integration/modules/controls/services_spec.rb index 9a97d7f..3f468e1 100644 --- a/test/integration/modules/controls/services_spec.rb +++ b/test/integration/modules/controls/services_spec.rb @@ -1,13 +1,17 @@ # frozen_string_literal: true -# Overide by OS -service_name = 'apache2' -service_name = 'httpd' if (os[:name] == 'centos') - control 'apache service' do impact 0.5 title 'should be running and enabled' + service_name = + case platform[:family] + when 'debian', 'suse' + 'apache2' + when 'redhat', 'fedora', 'linux' + 'httpd' + end + describe service(service_name) do it { should be_enabled } it { should_not be_running }