diff --git a/kitchen.yml b/kitchen.yml index f5fec4b..2756a47 100644 --- a/kitchen.yml +++ b/kitchen.yml @@ -373,9 +373,13 @@ verifier: suites: - name: default provisioner: + dependencies: + - name: test_dep + path: test/salt/default/states state_top: base: '*': + - test_dep.create_dependency_file - nginx._mapdata - nginx pillars: diff --git a/nginx/config.sls b/nginx/config.sls index 82b181f..3cd00b5 100644 --- a/nginx/config.sls +++ b/nginx/config.sls @@ -31,6 +31,3 @@ nginx_config: - context: config: {{ nginx.server.config|json(sort_keys=False) }} {% endif %} -{% if nginx.check_config_before_apply %} - - check_cmd: /usr/sbin/nginx -t -c -{% endif %} diff --git a/nginx/servers_config.sls b/nginx/servers_config.sls index 09aec68..5dd11a9 100644 --- a/nginx/servers_config.sls +++ b/nginx/servers_config.sls @@ -123,6 +123,12 @@ nginx_server_available_dir: }} - makedirs: True - template: jinja + {%- if 'requires' in settings %} + - require: + {%- for k, v in settings.requires.items() %} + - {{ k }}: {{ v }} + {%- endfor %} + {%- endif %} {% if 'source_path' not in settings.config %} - context: config: {{ settings.config|json(sort_keys=False) }} diff --git a/nginx/service.sls b/nginx/service.sls index 9cbc5cc..61defa3 100644 --- a/nginx/service.sls +++ b/nginx/service.sls @@ -42,3 +42,6 @@ nginx_service: {% else %} - pkg: nginx_install {% endif %} +{% if nginx.check_config_before_apply %} + - only_if: /usr/sbin/nginx -t +{% endif %} diff --git a/pillar.example b/pillar.example index ce6109b..7b610ef 100644 --- a/pillar.example +++ b/pillar.example @@ -202,6 +202,18 @@ nginx: # and None indicates no action enabled: true + # This let's you add dependencies on other resources being applied for a + # particular vhost + # A common case is when you use this formula together with letsencrypt's, + # validating through nginx: you need nginx running (to validate the vhost) but + # can't have the ssl vhost up until the certificate is created (because it + # won't exist and will make nginx fail to load the configuration) + # + # An example, when using LE to create the cert for 'some.host.domain': + # requires: + # cmd: create-initial-cert-some.host.domain + requires: {} + # Remove the site config file shipped by nginx # (i.e. '/etc/nginx/sites-available/default' by default) # It also remove the symlink (if it is exists). diff --git a/test/integration/default/controls/config.rb b/test/integration/default/controls/config.rb index 6d7c999..c2845eb 100644 --- a/test/integration/default/controls/config.rb +++ b/test/integration/default/controls/config.rb @@ -71,5 +71,16 @@ control 'Nginx configuration' do its('content') { should include 'try_files $uri $uri/ =404;' } its('content') { should include 'include snippets/letsencrypt.conf;' } end + describe file "#{dir}/mysite_with_require" do + it { should be_file } + it { should be_owned_by file_owner } + it { should be_grouped_into file_group } + its('mode') { should cmp '0644' } + its('content') { should include 'server_name with-deps;' } + its('content') { should include 'listen 80;' } + its('content') { should include 'index index.html index.htm;' } + its('content') { should include 'location ~ .htm {' } + its('content') { should include 'try_files $uri $uri/ =404;' } + end end end diff --git a/test/integration/default/controls/file.rb b/test/integration/default/controls/file.rb new file mode 100644 index 0000000..57151af --- /dev/null +++ b/test/integration/default/controls/file.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +control 'Dependency test file' do + title 'should exist' + + describe file('/tmp/created_to_test_dependencies') do + it { should be_file } + end +end diff --git a/test/salt/default/pillar/nginx.sls b/test/salt/default/pillar/nginx.sls index ef6ccfa..84afe98 100644 --- a/test/salt/default/pillar/nginx.sls +++ b/test/salt/default/pillar/nginx.sls @@ -37,6 +37,19 @@ nginx: - location ~ .htm: - try_files: '$uri $uri/ =404' - include: 'snippets/letsencrypt.conf' + mysite_with_require: + enabled: true + config: + - server: + - server_name: with-deps + - listen: + - '80' + - index: 'index.html index.htm' + - location ~ .htm: + - try_files: '$uri $uri/ =404' + requires: + file: created_to_test_dependencies + dh_param: 'mydhparam2.pem': keysize: 2048 diff --git a/test/salt/default/states/test_dep/create_dependency_file.sls b/test/salt/default/states/test_dep/create_dependency_file.sls new file mode 100644 index 0000000..e242927 --- /dev/null +++ b/test/salt/default/states/test_dep/create_dependency_file.sls @@ -0,0 +1,6 @@ +## this state creates a file that is used to test vhosts dependencies +# (see https://github.com/saltstack-formulas/nginx-formula/pull/278) + +created_to_test_dependencies: + file.managed: + - name: /tmp/created_to_test_dependencies diff --git a/test/salt/passenger/pillar/nginx.sls b/test/salt/passenger/pillar/nginx.sls index 95edc52..63a9f54 100644 --- a/test/salt/passenger/pillar/nginx.sls +++ b/test/salt/passenger/pillar/nginx.sls @@ -26,7 +26,6 @@ nginx: - location ^~ /.well-known/acme-challenge/: - proxy_pass: http://localhost:9999 server: - config: # This is required to get the passenger module loaded # In Debian it can be done with this @@ -64,5 +63,4 @@ nginx: - index: 'index.html index.htm' - location ~ .htm: - try_files: '$uri $uri/ =404' - # - include: '/etc/nginx/snippets/letsencrypt.conf' - - include: 'snippets/letsencrypt.conf' + - include: '/etc/nginx/snippets/letsencrypt.conf'