From 622d22f9711085aeca19f3907e22e87c6b21b8d0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Javier=20B=C3=A9rtoli?= <javier@netmanagers.com.ar>
Date: Fri, 12 Mar 2021 10:02:43 -0300
Subject: [PATCH 1/2] feat(servers_config): add require statement to manage
 dependencies

Also, check config before applying
---
 nginx/config.sls                     |  3 ---
 nginx/servers_config.sls             |  6 ++++++
 nginx/service.sls                    |  3 +++
 pillar.example                       | 12 ++++++++++++
 test/salt/passenger/pillar/nginx.sls |  4 +---
 5 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/nginx/config.sls b/nginx/config.sls
index 82b181f..3cd00b5 100644
--- a/nginx/config.sls
+++ b/nginx/config.sls
@@ -31,6 +31,3 @@ nginx_config:
     - context:
         config: {{ nginx.server.config|json(sort_keys=False) }}
 {% endif %}
-{% if nginx.check_config_before_apply %}
-    - check_cmd: /usr/sbin/nginx -t -c
-{% endif %}
diff --git a/nginx/servers_config.sls b/nginx/servers_config.sls
index 09aec68..5dd11a9 100644
--- a/nginx/servers_config.sls
+++ b/nginx/servers_config.sls
@@ -123,6 +123,12 @@ nginx_server_available_dir:
       }}
     - makedirs: True
     - template: jinja
+      {%- if 'requires' in settings %}
+    - require:
+        {%- for k, v in settings.requires.items() %}
+      - {{ k }}: {{ v }}
+        {%- endfor %}
+      {%- endif %}
 {% if 'source_path' not in settings.config %}
     - context:
         config: {{ settings.config|json(sort_keys=False) }}
diff --git a/nginx/service.sls b/nginx/service.sls
index 9cbc5cc..61defa3 100644
--- a/nginx/service.sls
+++ b/nginx/service.sls
@@ -42,3 +42,6 @@ nginx_service:
       {% else %}
       - pkg: nginx_install
       {% endif %}
+{% if nginx.check_config_before_apply %}
+    - only_if: /usr/sbin/nginx -t
+{% endif %}
diff --git a/pillar.example b/pillar.example
index ce6109b..7b610ef 100644
--- a/pillar.example
+++ b/pillar.example
@@ -202,6 +202,18 @@ nginx:
         # and None indicates no action
         enabled: true
 
+        # This let's you add dependencies on other resources being applied for a
+        # particular vhost
+        # A common case is when you use this formula together with letsencrypt's,
+        # validating through nginx: you need nginx running (to validate the vhost) but
+        # can't have the ssl vhost up until the certificate is created (because it
+        # won't exist and will make nginx fail to load the configuration)
+        #
+        # An example, when using LE to create the cert for 'some.host.domain':
+        # requires:
+        #   cmd: create-initial-cert-some.host.domain
+        requires: {}
+
         # Remove the site config file shipped by nginx
         # (i.e. '/etc/nginx/sites-available/default' by default)
         # It also remove the symlink (if it is exists).
diff --git a/test/salt/passenger/pillar/nginx.sls b/test/salt/passenger/pillar/nginx.sls
index 95edc52..63a9f54 100644
--- a/test/salt/passenger/pillar/nginx.sls
+++ b/test/salt/passenger/pillar/nginx.sls
@@ -26,7 +26,6 @@ nginx:
       - location ^~ /.well-known/acme-challenge/:
           - proxy_pass: http://localhost:9999
   server:
-
     config:
       # This is required to get the passenger module loaded
       # In Debian it can be done with this
@@ -64,5 +63,4 @@ nginx:
               - index: 'index.html index.htm'
               - location ~ .htm:
                   - try_files: '$uri $uri/ =404'
-              # - include: '/etc/nginx/snippets/letsencrypt.conf'
-              - include: 'snippets/letsencrypt.conf'
+              - include: '/etc/nginx/snippets/letsencrypt.conf'

From 64781431b9187d392f56ce5461c3b1a9c2944f90 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Javier=20B=C3=A9rtoli?= <javier@netmanagers.com.ar>
Date: Wed, 28 Apr 2021 10:56:22 -0300
Subject: [PATCH 2/2] test(requires): verify dependencies in vhosts

---
 kitchen.yml                                         |  4 ++++
 test/integration/default/controls/config.rb         | 11 +++++++++++
 test/integration/default/controls/file.rb           |  9 +++++++++
 test/salt/default/pillar/nginx.sls                  | 13 +++++++++++++
 .../states/test_dep/create_dependency_file.sls      |  6 ++++++
 5 files changed, 43 insertions(+)
 create mode 100644 test/integration/default/controls/file.rb
 create mode 100644 test/salt/default/states/test_dep/create_dependency_file.sls

diff --git a/kitchen.yml b/kitchen.yml
index b505c9b..db344af 100644
--- a/kitchen.yml
+++ b/kitchen.yml
@@ -309,9 +309,13 @@ verifier:
 suites:
   - name: default
     provisioner:
+      dependencies:
+        - name: test_dep
+          path: test/salt/default/states
       state_top:
         base:
           '*':
+            - test_dep.create_dependency_file
             - nginx._mapdata
             - nginx
       pillars:
diff --git a/test/integration/default/controls/config.rb b/test/integration/default/controls/config.rb
index 6d7c999..c2845eb 100644
--- a/test/integration/default/controls/config.rb
+++ b/test/integration/default/controls/config.rb
@@ -71,5 +71,16 @@ control 'Nginx configuration' do
       its('content') { should include 'try_files $uri $uri/ =404;' }
       its('content') { should include 'include snippets/letsencrypt.conf;' }
     end
+    describe file "#{dir}/mysite_with_require" do
+      it { should be_file }
+      it { should be_owned_by file_owner }
+      it { should be_grouped_into file_group }
+      its('mode') { should cmp '0644' }
+      its('content') { should include 'server_name with-deps;' }
+      its('content') { should include 'listen 80;' }
+      its('content') { should include 'index index.html index.htm;' }
+      its('content') { should include 'location ~ .htm {' }
+      its('content') { should include 'try_files $uri $uri/ =404;' }
+    end
   end
 end
diff --git a/test/integration/default/controls/file.rb b/test/integration/default/controls/file.rb
new file mode 100644
index 0000000..57151af
--- /dev/null
+++ b/test/integration/default/controls/file.rb
@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+control 'Dependency test file' do
+  title 'should exist'
+
+  describe file('/tmp/created_to_test_dependencies') do
+    it { should be_file }
+  end
+end
diff --git a/test/salt/default/pillar/nginx.sls b/test/salt/default/pillar/nginx.sls
index ef6ccfa..84afe98 100644
--- a/test/salt/default/pillar/nginx.sls
+++ b/test/salt/default/pillar/nginx.sls
@@ -37,6 +37,19 @@ nginx:
               - location ~ .htm:
                   - try_files: '$uri $uri/ =404'
               - include: 'snippets/letsencrypt.conf'
+      mysite_with_require:
+        enabled: true
+        config:
+          - server:
+              - server_name: with-deps
+              - listen:
+                  - '80'
+              - index: 'index.html index.htm'
+              - location ~ .htm:
+                  - try_files: '$uri $uri/ =404'
+        requires:
+          file: created_to_test_dependencies
+
   dh_param:
     'mydhparam2.pem':
       keysize: 2048
diff --git a/test/salt/default/states/test_dep/create_dependency_file.sls b/test/salt/default/states/test_dep/create_dependency_file.sls
new file mode 100644
index 0000000..e242927
--- /dev/null
+++ b/test/salt/default/states/test_dep/create_dependency_file.sls
@@ -0,0 +1,6 @@
+## this state creates a file that is used to test vhosts dependencies
+# (see https://github.com/saltstack-formulas/nginx-formula/pull/278)
+
+created_to_test_dependencies:
+  file.managed:
+    - name: /tmp/created_to_test_dependencies