test(inspec): more tests on nginx config

2019-04-12 23:32:53 +02:00 · 2019-04-12 23:32:53 +02:00 · 7e737c1863
commit 7e737c1863
parent 072a113454
2 changed files with 77 additions and 0 deletions
--- a/test/integration/default/controls/config.rb
+++ b/test/integration/default/controls/config.rb
@ -1,10 +1,56 @@
+# Set defaults, use debian as base
+
+server_available = '/etc/nginx/sites-available'
+server_enabled	 = '/etc/nginx/sites-enabled'
+
+# Override by OS
+case os[:name]
+when 'redhat', 'centos', 'fedora'
+  server_available = '/etc/nginx/conf.d'
+  server_enabled   = '/etc/nginx/conf.d'
+end
+
 control 'Nginx configuration' do
  title 'should match desired lines'

+  # main configuration
  describe file('/etc/nginx/nginx.conf') do
    it { should be_file }
    it { should be_owned_by 'root' }
    it { should be_grouped_into 'root' }
    its('mode') { should cmp '0644' }
  end
+
+  # snippets configuration
+  describe file('/etc/nginx/snippets/letsencrypt.conf') do
+    it { should be_file }
+    it { should be_owned_by 'root' }
+    it { should be_grouped_into 'root' }
+    its('mode') { should cmp '0644' }
+    its('content') { should include 'location ^~ /.well-known/acme-challenge/ {' }
+    its('content') { should include 'proxy_pass http://localhost:9999;' }
+    its('content') { should include '{' }
+  end
+
+  # sites configuration
+  [server_available, server_enabled].each do |dir|
+
+    describe file ("#{dir}/default") do
+     it { should_not exist }
+    end
+
+    describe file ("#{dir}/mysite") do
+      it { should be_file }
+      it { should be_owned_by 'root' }
+      it { should be_grouped_into 'root' }
+      its('mode') { should cmp '0644' }
+      its('content') { should include 'server_name localhost;' }
+      its('content') { should include 'listen 80 default_server;' }
+      its('content') { should include 'index index.html index.htm;' }
+      its('content') { should include 'location ~ .htm {' }
+      its('content') { should include 'try_files $uri $uri/ =404;' }
+      its('content') { should include 'include snippets/letsencrypt.conf;' }
+    end
+
+  end
 end
--- a/test/salt/default/pillar/nginx.sls
+++ b/test/salt/default/pillar/nginx.sls
@ -0,0 +1,31 @@
+
+# Simple pillar setup
+# - snippet letsencrypt
+# - remove 'default' site
+# - create 'mysite' site
+
+nginx:
+  ng:
+    snippets:
+      letsencrypt:
+        - location ^~ /.well-known/acme-challenge/:
+          - proxy_pass: http://localhost:9999
+    servers:
+      managed:
+        default:
+          deleted: True
+          enabled: False
+          config: {}
+
+        mysite:
+          enabled: True
+          config:
+            - server:
+              - server_name: localhost
+              - listen:
+                - '80 default_server'
+              - index: 'index.html index.htm'
+              - location ~ .htm:
+                - try_files: '$uri $uri/ =404'
+              - include: 'snippets/letsencrypt.conf'
+