diff --git a/manifests/mod/dav_svn.pp b/manifests/mod/dav_svn.pp index c8b05f4a9e..6cb5af560c 100644 --- a/manifests/mod/dav_svn.pp +++ b/manifests/mod/dav_svn.pp @@ -13,7 +13,7 @@ ::apache::mod { 'dav_svn': } - if $::osfamily == 'Debian' and ! ($::operatingsystemmajrelease in ['6', '16.04', '9']) { + if $::osfamily == 'Debian' and ! ($::operatingsystemmajrelease in ['6', '9', '16.04', '18.04']) { $loadfile_name = undef } else { $loadfile_name = 'dav_svn_authz_svn.load' diff --git a/manifests/mod/fastcgi.pp b/manifests/mod/fastcgi.pp index 399d93aa7c..ef4f8f259c 100644 --- a/manifests/mod/fastcgi.pp +++ b/manifests/mod/fastcgi.pp @@ -3,6 +3,9 @@ if ($::osfamily == 'Redhat' and versioncmp($::operatingsystemrelease, '7.0') >= 0) { fail('mod_fastcgi is no longer supported on el7 and above.') } + if ($facts['os']['name'] == 'Ubuntu' and versioncmp($facts['os']['release']['major'], '18.04') >= 0) { + fail('mod_fastcgi is no longer supported on Ubuntu 18.04 and above. Please use mod_proxy_fcgi') + } # Debian specifies it's fastcgi lib path, but RedHat uses the default value # with no config file $fastcgi_lib_path = $::apache::params::fastcgi_lib_path diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp index 89a166261f..68d90b4e90 100644 --- a/manifests/mod/security.pp +++ b/manifests/mod/security.pp @@ -129,8 +129,7 @@ } # Debian 9 has a different rule setup - unless $::operatingsystem == 'SLES' or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9') >= 0) { + unless $::operatingsystem == 'SLES' or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9') >= 0) or ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '18.04') >= 0) { apache::security::rule_link { $activated_rules: } } - } diff --git a/manifests/mod/suphp.pp b/manifests/mod/suphp.pp index 955bba302c..52b8b3de94 100644 --- a/manifests/mod/suphp.pp +++ b/manifests/mod/suphp.pp @@ -1,5 +1,9 @@ class apache::mod::suphp ( ){ + if ($facts['os']['name'] == 'Ubuntu' and versioncmp($facts['os']['release']['major'], '15.10') >= 0) or + ($facts['os']['name'] == 'Debian' and versioncmp($::operatingsystemrelease, '8') >= 0) { + fail("suphp was declared EOL by it's creators as of 2013 and so is no longer supported on Ubuntu 15.10/Debian 8 and above. Please use php-fpm") + } include ::apache ::apache::mod { 'suphp': } diff --git a/manifests/mpm.pp b/manifests/mpm.pp index 1e27597f25..7f3585c42f 100644 --- a/manifests/mpm.pp +++ b/manifests/mpm.pp @@ -82,7 +82,6 @@ } if $mpm == 'itk' { - if ( ( $::operatingsystem == 'Ubuntu' ) or ( ($::operatingsystem == 'Debian') and ( versioncmp($::operatingsystemrelease, '8.0.0') >= 0 ) ) ) { ensure_resource('exec', '/usr/sbin/a2dismod mpm_event', { onlyif => "/usr/bin/test -e ${apache::mod_enable_dir}/mpm_event.load", @@ -98,7 +97,6 @@ File[$::apache::mod_enable_dir], ], } - } if $mpm == 'prefork' { diff --git a/manifests/params.pp b/manifests/params.pp index 68162cc77e..b80eb86fb3 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -291,6 +291,33 @@ 'wsgi' => 'libapache2-mod-wsgi', 'xsendfile' => 'libapache2-mod-xsendfile', } + } elsif ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '18.04') >= 0) { + # major.minor version used since Debian stretch and Ubuntu Xenial + $php_version = '7.2' # different to Ubuntu 16.04 + # fastcgi and suphp got removed from #mod_packages, they aren't supported anymore + $mod_packages = { + 'auth_cas' => 'libapache2-mod-auth-cas', + 'auth_kerb' => 'libapache2-mod-auth-kerb', + 'auth_gssapi' => 'libapache2-mod-auth-gssapi', + 'auth_mellon' => 'libapache2-mod-auth-mellon', + 'authnz_pam' => 'libapache2-mod-authnz-pam', + 'dav_svn' => 'libapache2-mod-svn', # different to Ubuntu16.04 + 'fcgid' => 'libapache2-mod-fcgid', + 'geoip' => 'libapache2-mod-geoip', + 'intercept_form_submit' => 'libapache2-mod-intercept-form-submit', + 'lookup_identity' => 'libapache2-mod-lookup-identity', + 'nss' => 'libapache2-mod-nss', + 'pagespeed' => 'mod-pagespeed-stable', + 'passenger' => 'libapache2-mod-passenger', + 'perl' => 'libapache2-mod-perl2', + 'phpXXX' => 'libapache2-mod-phpXXX', + 'python' => 'libapache2-mod-python', + 'rpaf' => 'libapache2-mod-rpaf', + 'security' => 'libapache2-mod-security2', + 'shib2' => 'libapache2-mod-shib2', + 'wsgi' => 'libapache2-mod-wsgi', + 'xsendfile' => 'libapache2-mod-xsendfile', + } } else { # major.minor version used since Debian stretch and Ubuntu Xenial $php_version = '7.0' @@ -354,7 +381,7 @@ $secpcrematchlimit = 1500 $secpcrematchlimitrecursion = 1500 $modsec_secruleengine = 'On' - if $::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9') >= 0 { + if ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9') >= 0) or ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '18.04') >= 0) { $modsec_default_rules = [ 'crawlers-user-agents.data', 'iis-errors.data', diff --git a/metadata.json b/metadata.json index e31fc1b1c3..6b81698407 100644 --- a/metadata.json +++ b/metadata.json @@ -65,8 +65,8 @@ { "operatingsystem": "Ubuntu", "operatingsystemrelease": [ - "14.04", - "16.04" + "16.04", + "18.04" ] } ], diff --git a/spec/acceptance/mod_passenger_spec.rb b/spec/acceptance/mod_passenger_spec.rb index 67cfd8313b..8fbed8f80f 100644 --- a/spec/acceptance/mod_passenger_spec.rb +++ b/spec/acceptance/mod_passenger_spec.rb @@ -1,56 +1,16 @@ require 'spec_helper_acceptance' require_relative './version.rb' -describe 'apache::mod::passenger class' do - case fact('osfamily') - when 'Debian' - conf_file = "#{$mod_dir}/passenger.conf" - load_file = "#{$mod_dir}/zpassenger.load" +describe 'apache::mod::passenger class', if: fact('osfamily') == 'Debian' do + conf_file = "#{$mod_dir}/passenger.conf" + load_file = "#{$mod_dir}/zpassenger.load" - case fact('operatingsystem') - when 'Ubuntu' - case fact('lsbdistrelease') - when '14.04' - passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini' - passenger_default_ruby = '/usr/bin/ruby' - when '16.04' - passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini' - passenger_default_ruby = '/usr/bin/ruby' - else - # Includes 10.04 and 12.04 - # This may or may not work on Ubuntu releases other than the above - passenger_root = '/usr' - passenger_ruby = '/usr/bin/ruby' - end - when 'Debian' - case fact('operatingsystemmajrelease') - when '8' - passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini' - passenger_default_ruby = '/usr/bin/ruby' - when '9' - passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini' - passenger_default_ruby = '/usr/bin/ruby' - else - # Includes wheezy - # This may or may not work on Debian releases other than the above - passenger_root = '/usr' - passenger_ruby = '/usr/bin/ruby' - end - end + passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini' + passenger_default_ruby = '/usr/bin/ruby' - passenger_module_path = '/usr/lib/apache2/modules/mod_passenger.so' - rackapp_user = 'www-data' - rackapp_group = 'www-data' - when 'RedHat' - conf_file = "#{$mod_dir}/passenger.conf" - load_file = "#{$mod_dir}/zpassenger.load" - # sometimes installs as 3.0.12, sometimes as 3.0.19 - so just check for the stable part - passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini' - passenger_ruby = '/usr/bin/ruby' - passenger_module_path = 'modules/mod_passenger.so' - rackapp_user = 'apache' - rackapp_group = 'apache' - end + passenger_module_path = '/usr/lib/apache2/modules/mod_passenger.so' + rackapp_user = 'www-data' + rackapp_group = 'www-data' pp_rackapp = <<-MANIFEST /* a simple ruby rack 'hello world' app */ @@ -75,178 +35,134 @@ host { 'passenger.example.com': ip => '127.0.0.1', } MANIFEST - case fact('osfamily') - when 'Debian' - context 'passenger config with passenger_installed_version set' do - pp_one = <<-MANIFEST - class { 'apache': } - class { 'apache::mod::passenger': - passenger_installed_version => '4.0.0', - passenger_instance_registry_dir => '/some/path/to/nowhere' - } - MANIFEST - it 'fails when an option is not valid for $passenger_installed_version' do - apply_manifest(pp_one, expect_failures: true) do |r| - expect(r.stderr).to match(%r{passenger_instance_registry_dir is not introduced until version 5.0.0}) - end - end - pp_two = <<-MANIFEST - class { 'apache': } - class { 'apache::mod::passenger': - passenger_installed_version => '5.0.0', - rails_autodetect => 'on' - } - MANIFEST - it 'fails when an option is removed' do - apply_manifest(pp_two, expect_failures: true) do |r| - expect(r.stderr).to match(%r{REMOVED PASSENGER OPTION}) - end - end - pp_three = <<-MANIFEST - class { 'apache': } - class { 'apache::mod::passenger': - passenger_installed_version => '5.0.0', - rails_ruby => '/some/path/to/ruby' - } - MANIFEST - it 'warns when an option is deprecated' do - apply_manifest(pp_three, catch_failures: true) do |r| - expect(r.stderr).to match(%r{DEPRECATED PASSENGER OPTION}) - end + context 'passenger config with passenger_installed_version set' do + pp_one = <<-MANIFEST + class { 'apache': } + class { 'apache::mod::passenger': + passenger_installed_version => '4.0.0', + passenger_instance_registry_dir => '/some/path/to/nowhere' + } + MANIFEST + it 'fails when an option is not valid for $passenger_installed_version' do + apply_manifest(pp_one, expect_failures: true) do |r| + expect(r.stderr).to match(%r{passenger_instance_registry_dir is not introduced until version 5.0.0}) end end - context 'default passenger config' do - pp = if ['7', '9', '16.04', '18.04'].include?(fact('operatingsystemmajrelease')) - <<-MANIFEST - /* stock apache and mod_passenger */ - class { 'apache': } - class { 'apache::mod::passenger': - passenger_instance_registry_dir => '/var/run', - } - #{pp_rackapp} - MANIFEST - else - <<-MANIFEST - /* stock apache and mod_passenger */ - class { 'apache': } - class { 'apache::mod::passenger': } - #{pp_rackapp} - MANIFEST - end - it 'succeeds in puppeting passenger' do - apply_manifest(pp, catch_failures: true) + pp_two = <<-MANIFEST + class { 'apache': } + class { 'apache::mod::passenger': + passenger_installed_version => '5.0.0', + rails_autodetect => 'on' + } + MANIFEST + it 'fails when an option is removed' do + apply_manifest(pp_two, expect_failures: true) do |r| + expect(r.stderr).to match(%r{REMOVED PASSENGER OPTION}) end - - describe service($service_name) do - if fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8' - pending 'Should be enabled - Bug 760616 on Debian 8' - else - it { is_expected.to be_enabled } - end - it { is_expected.to be_running } + end + pp_three = <<-MANIFEST + class { 'apache': } + class { 'apache::mod::passenger': + passenger_installed_version => '5.0.0', + rails_ruby => '/some/path/to/ruby' + } + MANIFEST + it 'warns when an option is deprecated' do + apply_manifest(pp_three, catch_failures: true) do |r| + expect(r.stderr).to match(%r{DEPRECATED PASSENGER OPTION}) end - - describe file(conf_file) do - it { is_expected.to contain %(PassengerRoot "#{passenger_root}") } - case fact('operatingsystem') - when 'Ubuntu' - case fact('lsbdistrelease') - when '14.04' - it { is_expected.to contain %(PassengerDefaultRuby "#{passenger_default_ruby}") } - it { is_expected.not_to contain '/PassengerRuby/' } - when '16.04' - it { is_expected.to contain %(PassengerDefaultRuby "#{passenger_default_ruby}") } - it { is_expected.not_to contain '/PassengerRuby/' } - else - # Includes 10.04 and 12.04 - # This may or may not work on Ubuntu releases other than the above - it { is_expected.to contain %(PassengerRuby "#{passenger_ruby}) } - it { is_expected.not_to contain '/PassengerDefaultRuby/' } - end - when 'Debian' - case fact('operatingsystemmajrelease') - when '8' - it { is_expected.to contain %(PassengerDefaultRuby "#{passenger_default_ruby}") } - it { is_expected.not_to contain '/PassengerRuby/' } - when '9' - it { is_expected.to contain %(PassengerDefaultRuby "#{passenger_default_ruby}") } - it { is_expected.not_to contain '/PassengerRuby/' } + end + end + context 'default passenger config' do + # We need to set passenger_instance_registry_dir on every sane distro + # with systemd. Systemd can force processes into a seperate/private + # tmpdir. This is the default for apache on Ubuntu 18.04. As a result, + # passenger CLI tools can't find the config/socket, which defaults to /tmp + # we enable it for ubuntu 16.04/18.04, centos7 and debian 9 + pp = if ['7', '9', '16.04', '18.04'].include?(fact('operatingsystemmajrelease')) + <<-MANIFEST + /* stock apache and mod_passenger */ + class { 'apache': } + class { 'apache::mod::passenger': + passenger_instance_registry_dir => '/var/run', + } + #{pp_rackapp} + MANIFEST else - # Includes wheezy - # This may or may not work on Debian releases other than the above - it { is_expected.to contain %(PassengerRuby "#{passenger_ruby}) } - it { is_expected.not_to contain '/PassengerDefaultRuby/' } + <<-MANIFEST + /* stock apache and mod_passenger */ + class { 'apache': } + class { 'apache::mod::passenger': } + #{pp_rackapp} + MANIFEST end - end - end - # rubocop:enable RSpec/RepeatedExample + it 'succeeds in puppeting passenger' do + apply_manifest(pp, catch_failures: true) + end - describe file(load_file) do - it { is_expected.to contain "LoadModule passenger_module #{passenger_module_path}" } + describe service($service_name) do + if fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8' + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { is_expected.to be_enabled } end + it { is_expected.to be_running } + end - expected_one = [%r{Apache processes}, %r{Nginx processes}, %r{Passenger processes}] - # passenger-memory-stats output on newer Debian/Ubuntu verions do not contain - # these two lines - unless (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '14.04') || - (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '16.04') || - (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') || - (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9') - expected_one << [%r{### Processes: [0-9]+}, %r{### Total private dirty RSS: [0-9\.]+ MB}] - end - it 'outputs status via passenger-memory-stats #stdout' do - expected_one.each do |expect| - shell('PATH=/usr/bin:$PATH /usr/sbin/passenger-memory-stats') do |r| - expect(r.stdout).to match(expect) - end - end - end - it 'outputs status via passenger-memory-stats #exit_code' do + describe file(conf_file) do + it { is_expected.to contain %(PassengerRoot "#{passenger_root}") } + it { is_expected.to contain %(PassengerDefaultRuby "#{passenger_default_ruby}") } + it { is_expected.not_to contain '/PassengerRuby/' } + end + # rubocop:enable RSpec/RepeatedExample + + describe file(load_file) do + it { is_expected.to contain "LoadModule passenger_module #{passenger_module_path}" } + end + + expected_one = [%r{Apache processes}, %r{Nginx processes}, %r{Passenger processes}] + it 'outputs status via passenger-memory-stats #stdout' do + expected_one.each do |expect| shell('PATH=/usr/bin:$PATH /usr/sbin/passenger-memory-stats') do |r| - expect(r.exit_code).to eq(0) + expect(r.stdout).to match(expect) end end + end + it 'outputs status via passenger-memory-stats #exit_code' do + shell('PATH=/usr/bin:$PATH /usr/sbin/passenger-memory-stats') do |r| + expect(r.exit_code).to eq(0) + end + end - # passenger-status fails under stock ubuntu-server-12042-x64 + mod_passenger, - # even when the passenger process is successfully installed and running - unless fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '12.04' - it 'outputs status via passenger-status #General information' do - shell('PATH=/usr/bin:$PATH PASSENGER_INSTANCE_REGISTRY_DIR=/var/run /usr/sbin/passenger-status') do |r| - # spacing may vary - expect(r.stdout).to match(%r{[\-]+ General information [\-]+}) - end - end - expected_two = if (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '14.04') || - (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '16.04') || - (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') || - (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9') - [%r{Max pool size[ ]+: [0-9]+}, %r{Processes[ ]+: [0-9]+}, %r{Requests in top-level queue[ ]+: [0-9]+}] - else - [%r{max[ ]+= [0-9]+}, %r{count[ ]+= [0-9]+}, %r{active[ ]+= [0-9]+}, %r{inactive[ ]+= [0-9]+}, %r{Waiting on global queue: [0-9]+}] - end - it 'outputs status via passenger-status #stdout' do - shell('PATH=/usr/bin:$PATH PASSENGER_INSTANCE_REGISTRY_DIR=/var/run /usr/sbin/passenger-status') do |r| - expected_two.each do |expect| - expect(r.stdout).to match(expect) - end - end - end - it 'outputs status via passenger-status #exit_code' do - shell('PATH=/usr/bin:$PATH PASSENGER_INSTANCE_REGISTRY_DIR=/var/run /usr/sbin/passenger-status') do |r| - expect(r.exit_code).to eq(0) - end - end + it 'outputs status via passenger-status #General information' do + shell('PATH=/usr/bin:$PATH PASSENGER_INSTANCE_REGISTRY_DIR=/var/run /usr/sbin/passenger-status') do |r| + # spacing may vary + expect(r.stdout).to match(%r{[\-]+ General information [\-]+}) end + end - it 'answers to passenger.example.com #stdout' do - shell('/usr/bin/curl passenger.example.com:80') do |r| - expect(r.stdout).to match(%r{^hello world<\/b>$}) + expected_two = [%r{Max pool size[ ]+: [0-9]+}, %r{Processes[ ]+: [0-9]+}, %r{Requests in top-level queue[ ]+: [0-9]+}] + it 'outputs status via passenger-status #stdout' do + shell('PATH=/usr/bin:$PATH PASSENGER_INSTANCE_REGISTRY_DIR=/var/run /usr/sbin/passenger-status') do |r| + expected_two.each do |expect| + expect(r.stdout).to match(expect) end end - it 'answers to passenger.example.com #exit_code' do - shell('/usr/bin/curl passenger.example.com:80') do |r| - expect(r.exit_code).to eq(0) - end + end + it 'outputs status via passenger-status #exit_code' do + shell('PATH=/usr/bin:$PATH PASSENGER_INSTANCE_REGISTRY_DIR=/var/run /usr/sbin/passenger-status') do |r| + expect(r.exit_code).to eq(0) + end + end + + it 'answers to passenger.example.com #stdout' do + shell('/usr/bin/curl passenger.example.com:80') do |r| + expect(r.stdout).to match(%r{^hello world<\/b>$}) + end + end + it 'answers to passenger.example.com #exit_code' do + shell('/usr/bin/curl passenger.example.com:80') do |r| + expect(r.exit_code).to eq(0) end end end diff --git a/spec/acceptance/mod_php_spec.rb b/spec/acceptance/mod_php_spec.rb index fa9e5d8195..8d5df588bf 100644 --- a/spec/acceptance/mod_php_spec.rb +++ b/spec/acceptance/mod_php_spec.rb @@ -4,6 +4,28 @@ unless fact('operatingsystem') == 'SLES' && fact('operatingsystemmajrelease') == '12' describe 'apache::mod::php class' do context 'default php config' do + if ['16.04', '18.04'].include?(fact('operatingsystemmajrelease')) + # this policy defaults to 101. it prevents newly installed services from starting + # it is useful for containers, it prevents new processes during 'docker build' + # but we actually want to test the services and this should not behave like docker + # but like a normal operating system + + # without this apache fails to start -> installation of mod-php-something fails because it reloads apache to enable the module + # exit codes are documented at https://askubuntu.com/a/365912. Default for docker images is 101 + shell("if [ -a '/usr/sbin/policy-rc.d' ]; then sed -i 's/^exit.*/exit 0/' /usr/sbin/policy-rc.d; fi") + end + if fact('operatingsystemmajrelease') == '18.04' + # apache helper script has a bug which prevents the installation of certain apache modules + # https://bugs.launchpad.net/ubuntu/+source/php7.2/+bug/1771934 + # https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1782806 + pp1 = "class { 'apache': mpm_module => 'prefork',}" + it 'succeeds in installing apache' do + apply_manifest(pp1, catch_failures: true) + end + it 'fixes the broken apache2 helper from Ubuntu 18.04' do + shell("sed -i 's|a2query -m \"$mpm_$MPM\"|a2query -m \"mpm_$MPM\"|' /usr/share/apache2/apache2-maintscript-helper") + end + end pp = <<-MANIFEST class { 'apache': mpm_module => 'prefork', @@ -37,6 +59,10 @@ class { 'apache::mod::php': } describe file("#{$mod_dir}/php7.0.conf") do it { is_expected.to contain 'DirectoryIndex index.php' } end + elsif fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') == '18.04' + describe file("#{$mod_dir}/php7.2.conf") do + it { is_expected.to contain 'DirectoryIndex index.php' } + end else describe file("#{$mod_dir}/php5.conf") do it { is_expected.to contain 'DirectoryIndex index.php' } @@ -126,30 +152,8 @@ class {'apache::mod::php': describe file("#{$mod_dir}/php7.0.conf") do it { is_expected.to contain '# somecontent' } end - else - describe file("#{$mod_dir}/php5.conf") do - it { is_expected.to contain '# somecontent' } - end - end - end - - context 'provide content and template config file' do - pp = <<-MANIFEST - class {'apache': - mpm_module => 'prefork', - } - class {'apache::mod::php': - content => '# somecontent', - template => 'apache/mod/php5.conf.erb', - } - MANIFEST - it 'succeeds in puppeting php' do - apply_manifest(pp, catch_failures: true) - end - - if (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') == '16.04') || - (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9') - describe file("#{$mod_dir}/php7.0.conf") do + elsif fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') == '18.04' + describe file("#{$mod_dir}/php7.2.conf") do it { is_expected.to contain '# somecontent' } end else diff --git a/spec/acceptance/mod_security_spec.rb b/spec/acceptance/mod_security_spec.rb index bc25b742c4..265f6aaf04 100644 --- a/spec/acceptance/mod_security_spec.rb +++ b/spec/acceptance/mod_security_spec.rb @@ -76,7 +76,8 @@ class { 'apache::mod::security': } end unless fact('operatingsystem') == 'SLES' || - (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9') + (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9') || + (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') == '18.04') it 'blocks query with SQL' do shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', acceptable_exit_codes: [22] end @@ -116,7 +117,8 @@ class { 'apache::mod::security': } end unless fact('operatingsystem') == 'SLES' || - (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9') + (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9') || + (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') == '18.04') it 'blocks query with SQL' do shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', acceptable_exit_codes: [22] end @@ -179,7 +181,8 @@ class { 'apache::mod::security': } end unless fact('operatingsystem') == 'SLES' || - (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9') + (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9') || + (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') == '18.04') it 'blocks query with SQL' do shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', acceptable_exit_codes: [22] end @@ -246,7 +249,8 @@ class { 'apache::mod::security': } end unless fact('operatingsystem') == 'SLES' || - (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9') + (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9') || + (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') == '18.04') it 'blocks query with SQL' do shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', acceptable_exit_codes: [22] end @@ -313,7 +317,8 @@ class { 'apache::mod::security': } end unless fact('operatingsystem') == 'SLES' || - (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9') + (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9') || + (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') == '18.04') it 'blocks query with SQL' do shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', acceptable_exit_codes: [22] end @@ -380,7 +385,8 @@ class { 'apache::mod::security': } end unless fact('operatingsystem') == 'SLES' || - (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9') + (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9') || + (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') == '18.04') it 'blocks query with SQL' do shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', acceptable_exit_codes: [22] end diff --git a/spec/acceptance/mod_suphp_spec.rb b/spec/acceptance/mod_suphp_spec.rb deleted file mode 100644 index 6950202900..0000000000 --- a/spec/acceptance/mod_suphp_spec.rb +++ /dev/null @@ -1,60 +0,0 @@ -require 'spec_helper_acceptance' - -describe 'apache::mod::suphp class', if: (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') != '16.04') do - context 'default suphp config' do - pp = <<-MANIFEST -class { 'apache': - mpm_module => 'prefork', -} -host { 'suphp.example.com': ip => '127.0.0.1', } -apache::vhost { 'suphp.example.com': - port => '80', - docroot => '/var/www/suphp', -} -file { '/var/www/suphp/index.php': - ensure => file, - owner => 'daemon', - group => 'daemon', - content => "\\n", - require => File['/var/www/suphp'], - before => Class['apache::mod::php'], -} -class { 'apache::mod::php': } -class { 'apache::mod::suphp': } - MANIFEST - # rubocop:enable Layout/IndentHeredoc - it 'succeeds in puppeting suphp' do - apply_manifest(pp, catch_failures: true) - end - - describe service('apache2') do - if fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8' - pending 'Should be enabled - Bug 760616 on Debian 8' - else - it { is_expected.to be_enabled } - end - it { is_expected.to be_running } - end - - it 'answers to suphp.example.com #timeout' do - timeout = 0 - loop do - r = shell('curl suphp.example.com:80') - timeout += 1 - break if r.stdout =~ %r{^daemon$} - break expect(timeout < 40).to be true if timeout > 40 - sleep(1) - end - end - it 'answers to suphp.example.com #stdout' do - shell('/usr/bin/curl suphp.example.com:80') do |r| - expect(r.stdout).to match(%r{^daemon$}) - end - end - it 'answers to suphp.example.com #exit_code' do - shell('/usr/bin/curl suphp.example.com:80') do |r| - expect(r.exit_code).to eq(0) - end - end - end -end diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 49b554aa2a..dc97bfa2b8 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -964,9 +964,7 @@ class { 'apache': } describe file($ports_file) do it { is_expected.to be_file } if fact('osfamily') == 'RedHat' && fact('operatingsystemmajrelease') == '7' || - fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') =~ %r{(14\.04|16\.04)} || - fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8' || - fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9' || + fact('osfamily') == 'Debian' || fact('operatingsystem') == 'SLES' && fact('operatingsystemrelease') >= '12' it { is_expected.not_to contain 'NameVirtualHost test.server' } else @@ -1566,9 +1564,8 @@ class { 'apache': } end # Limit testing to Debian, since Centos does not have fastcgi package. - case fact('osfamily') - when 'Debian' - next if fact('operatingsystemmajrelease') == '9' # Debian 9 does not support this fastcgi + # In addition Debian 9/Ubuntu 18.04 no longer support this fastcgi + if fact('osfamily') == 'Debian' && !['9', '18.04'].include?(fact('operatingsystemmajrelease')) describe 'fastcgi' do pp_one = <<-MANIFEST $_os = $::operatingsystem diff --git a/spec/classes/dev_spec.rb b/spec/classes/dev_spec.rb index a94844cf54..7ef4281f84 100644 --- a/spec/classes/dev_spec.rb +++ b/spec/classes/dev_spec.rb @@ -1,92 +1,34 @@ require 'spec_helper' -describe 'apache::dev', type: :class do - let(:pre_condition) do - [ - 'include apache', - ] - end +describe 'apache::dev' do + on_supported_os.each do |os, facts| + context "on #{os} " do + let :facts do + facts + end - context 'on a Debian OS' do - let :facts do - { - lsbdistcodename: 'jessie', - osfamily: 'Debian', - operatingsystem: 'Debian', - operatingsystemrelease: '6', - is_pe: false, - id: 'root', - path: '/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin', - kernel: 'Linux', - } - end + context 'with all defaults' do + let(:pre_condition) do + [ + 'include apache', + ] + end - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_package('libaprutil1-dev') } - it { is_expected.to contain_package('libapr1-dev') } - it { is_expected.to contain_package('apache2-prefork-dev') } - end - context 'on an Ubuntu 16 OS' do - let :facts do - { - lsbdistrelease: '16.04', - lsbdistcodename: 'xenial', - osfamily: 'Debian', - operatingsystem: 'Ubuntu', - operatingsystemrelease: '16.04', - is_pe: false, - id: 'root', - path: '/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin', - kernel: 'Linux', - } + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_class('apache::params') } + case facts[:os]['name'] + when 'Debian' + it { is_expected.to contain_package('libaprutil1-dev') } + it { is_expected.to contain_package('libapr1-dev') } + if facts[:os]['release']['major'].to_i < 8 + it { is_expected.to contain_package('apache2-prefork-dev') } + end + when 'Ubuntu' + it { is_expected.to contain_package('apache2-dev') } + when 'RedHat' + it { is_expected.to contain_package('httpd-devel') } + end + end end - - it { is_expected.to contain_package('apache2-dev') } - end - context 'on a RedHat OS' do - let :facts do - { - osfamily: 'RedHat', - operatingsystem: 'RedHat', - operatingsystemrelease: '6', - is_pe: false, - id: 'root', - path: '/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin', - kernel: 'Linux', - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_package('httpd-devel') } - end - context 'on a FreeBSD OS' do - let :facts do - { - osfamily: 'FreeBSD', - operatingsystem: 'FreeBSD', - operatingsystemrelease: '9', - is_pe: false, - id: 'root', - path: '/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin', - kernel: 'FreeBSD', - } - end - - it { is_expected.to contain_class('apache::params') } - end - context 'on a Gentoo OS' do - let :facts do - { - osfamily: 'Gentoo', - operatingsystem: 'Gentoo', - operatingsystemrelease: '3.16.1-gentoo', - is_pe: false, - id: 'root', - path: '/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin', - kernel: 'Linux', - } - end - - it { is_expected.to contain_class('apache::params') } end end diff --git a/spec/classes/mod/fastcgi_spec.rb b/spec/classes/mod/fastcgi_spec.rb index d60da277e0..1e054a9f86 100644 --- a/spec/classes/mod/fastcgi_spec.rb +++ b/spec/classes/mod/fastcgi_spec.rb @@ -1,43 +1,40 @@ require 'spec_helper' describe 'apache::mod::fastcgi', type: :class do - it_behaves_like 'a mod class, without including apache' - context 'on a Debian OS' do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '8', - lsbdistcodename: 'squeze', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('fastcgi') } - it { is_expected.to contain_package('libapache2-mod-fastcgi') } - it { is_expected.to contain_file('fastcgi.conf') } - end + on_supported_os.each do |os, facts| + context "on #{os} " do + let :facts do + facts + end - context 'on a RedHat OS' do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '6', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } + context 'with all defaults' do + case facts[:os]['name'] + when 'Debian' + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_class('apache::params') } + it { is_expected.to contain_apache__mod('fastcgi') } + it { is_expected.to contain_package('libapache2-mod-fastcgi') } + it { is_expected.to contain_file('fastcgi.conf') } + when 'RedHat', 'CentOS', 'OracleLinux', 'Scientific' + if facts[:os]['release']['major'].to_i < 7 + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_class('apache::params') } + it { is_expected.to contain_apache__mod('fastcgi') } + it { is_expected.to contain_package('mod_fastcgi') } + it { is_expected.not_to contain_file('fastcgi.conf') } + else + it { is_expected.not_to compile } + end + when 'Ubuntu' + if facts[:os]['release']['major'].to_i < 18 + it { is_expected.to compile.with_all_deps } + else + it { is_expected.not_to compile } + end + else + it { is_expected.to compile.with_all_deps } + end + end end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('fastcgi') } - it { is_expected.to contain_package('mod_fastcgi') } - it { is_expected.not_to contain_file('fastcgi.conf') } end end diff --git a/spec/classes/mod/passenger_spec.rb b/spec/classes/mod/passenger_spec.rb index e0136ec891..5ef80738b2 100644 --- a/spec/classes/mod/passenger_spec.rb +++ b/spec/classes/mod/passenger_spec.rb @@ -1,479 +1,405 @@ require 'spec_helper' describe 'apache::mod::passenger', type: :class do - it_behaves_like 'a mod class, without including apache' - context 'validating all passenger params - using Debian' do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '8', - kernel: 'Linux', - lsbdistcodename: 'jessie', - operatingsystem: 'Debian', - id: 'root', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end + on_supported_os.each do |os, facts| + context "on #{os} " do + let :facts do + facts + end - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('passenger') } - it { is_expected.to contain_package('libapache2-mod-passenger') } - it { - is_expected.to contain_file('zpassenger.load').with('path' => '/etc/apache2/mods-available/zpassenger.load') - } - it { - is_expected.to contain_file('passenger.conf').with('path' => '/etc/apache2/mods-available/passenger.conf') - } - - passenger_config_options = { - 'passenger_allow_encoded_slashes' => { type: 'OnOff', pass_opt: :PassengerAllowEncodedSlashes }, - 'passenger_app_env' => { type: 'String', pass_opt: :PassengerAppEnv }, - 'passenger_app_group_name' => { type: 'String', pass_opt: :PassengerAppGroupName }, - 'passenger_app_root' => { type: 'FullPath', pass_opt: :PassengerAppRoot }, - 'passenger_app_type' => { type: 'String', pass_opt: :PassengerAppType }, - 'passenger_base_uri' => { type: 'URI', pass_opt: :PassengerBaseURI }, - 'passenger_buffer_response' => { type: 'OnOff', pass_opt: :PassengerBufferResponse }, - 'passenger_buffer_upload' => { type: 'OnOff', pass_opt: :PassengerBufferUpload }, - 'passenger_concurrency_model' => { type: ['process', 'thread'], pass_opt: :PassengerConcurrencyModel }, - 'passenger_data_buffer_dir' => { type: 'FullPath', pass_opt: :PassengerDataBufferDir }, - 'passenger_debug_log_file' => { type: 'String', pass_opt: :PassengerDebugLogFile }, - 'passenger_debugger' => { type: 'OnOff', pass_opt: :PassengerDebugger }, - 'passenger_default_group' => { type: 'String', pass_opt: :PassengerDefaultGroup }, - 'passenger_default_ruby' => { type: 'FullPath', pass_opt: :PassengerDefaultRuby }, - 'passenger_default_user' => { type: 'String', pass_opt: :PassengerDefaultUser }, - 'passenger_disable_security_update_check' => { type: 'OnOff', pass_opt: :PassengerDisableSecurityUpdateCheck }, - 'passenger_enabled' => { type: 'OnOff', pass_opt: :PassengerEnabled }, - 'passenger_error_override' => { type: 'OnOff', pass_opt: :PassengerErrorOverride }, - 'passenger_file_descriptor_log_file' => { type: 'FullPath', pass_opt: :PassengerFileDescriptorLogFile }, - 'passenger_fly_with' => { type: 'FullPath', pass_opt: :PassengerFlyWith }, - 'passenger_force_max_concurrent_requests_per_process' => { type: 'Integer', pass_opt: :PassengerForceMaxConcurrentRequestsPerProcess }, - 'passenger_friendly_error_pages' => { type: 'OnOff', pass_opt: :PassengerFriendlyErrorPages }, - 'passenger_group' => { type: 'String', pass_opt: :PassengerGroup }, - 'passenger_high_performance' => { type: 'OnOff', pass_opt: :PassengerHighPerformance }, - 'passenger_instance_registry_dir' => { type: 'FullPath', pass_opt: :PassengerInstanceRegistryDir }, - 'passenger_load_shell_envvars' => { type: 'OnOff', pass_opt: :PassengerLoadShellEnvvars }, - 'passenger_log_file' => { type: 'FullPath', pass_opt: :PassengerLogFile }, - 'passenger_log_level' => { type: 'Integer', pass_opt: :PassengerLogLevel }, - 'passenger_lve_min_uid' => { type: 'Integer', pass_opt: :PassengerLveMinUid }, - 'passenger_max_instances' => { type: 'Integer', pass_opt: :PassengerMaxInstances }, - 'passenger_max_instances_per_app' => { type: 'Integer', pass_opt: :PassengerMaxInstancesPerApp }, - 'passenger_max_pool_size' => { type: 'Integer', pass_opt: :PassengerMaxPoolSize }, - 'passenger_max_preloader_idle_time' => { type: 'Integer', pass_opt: :PassengerMaxPreloaderIdleTime }, - 'passenger_max_request_queue_size' => { type: 'Integer', pass_opt: :PassengerMaxRequestQueueSize }, - 'passenger_max_request_time' => { type: 'Integer', pass_opt: :PassengerMaxRequestTime }, - 'passenger_max_requests' => { type: 'Integer', pass_opt: :PassengerMaxRequests }, - 'passenger_memory_limit' => { type: 'Integer', pass_opt: :PassengerMemoryLimit }, - 'passenger_meteor_app_settings' => { type: 'FullPath', pass_opt: :PassengerMeteorAppSettings }, - 'passenger_min_instances' => { type: 'Integer', pass_opt: :PassengerMinInstances }, - 'passenger_nodejs' => { type: 'FullPath', pass_opt: :PassengerNodejs }, - 'passenger_pool_idle_time' => { type: 'Integer', pass_opt: :PassengerPoolIdleTime }, - 'passenger_pre_start' => { type: 'URI', pass_opt: :PassengerPreStart }, - 'passenger_python' => { type: 'FullPath', pass_opt: :PassengerPython }, - 'passenger_resist_deployment_errors' => { type: 'OnOff', pass_opt: :PassengerResistDeploymentErrors }, - 'passenger_resolve_symlinks_in_document_root' => { type: 'OnOff', pass_opt: :PassengerResolveSymlinksInDocumentRoot }, - 'passenger_response_buffer_high_watermark' => { type: 'Integer', pass_opt: :PassengerResponseBufferHighWatermark }, - 'passenger_restart_dir' => { type: 'Path', pass_opt: :PassengerRestartDir }, - 'passenger_rolling_restarts' => { type: 'OnOff', pass_opt: :PassengerRollingRestarts }, - 'passenger_root' => { type: 'FullPath', pass_opt: :PassengerRoot }, - 'passenger_ruby' => { type: 'FullPath', pass_opt: :PassengerRuby }, - 'passenger_security_update_check_proxy' => { type: 'URI', pass_opt: :PassengerSecurityUpdateCheckProxy }, - 'passenger_show_version_in_header' => { type: 'OnOff', pass_opt: :PassengerShowVersionInHeader }, - 'passenger_socket_backlog' => { type: 'Integer', pass_opt: :PassengerSocketBacklog }, - 'passenger_spawn_method' => { type: ['smart', 'direct'], pass_opt: :PassengerSpawnMethod }, - 'passenger_start_timeout' => { type: 'Integer', pass_opt: :PassengerStartTimeout }, - 'passenger_startup_file' => { type: 'RelPath', pass_opt: :PassengerStartupFile }, - 'passenger_stat_throttle_rate' => { type: 'Integer', pass_opt: :PassengerStatThrottleRate }, - 'passenger_sticky_sessions' => { type: 'OnOff', pass_opt: :PassengerStickySessions }, - 'passenger_sticky_sessions_cookie_name' => { type: 'String', pass_opt: :PassengerStickySessionsCookieName }, - 'passenger_thread_count' => { type: 'Integer', pass_opt: :PassengerThreadCount }, - 'passenger_use_global_queue' => { type: 'String', pass_opt: :PassengerUseGlobalQueue }, - 'passenger_user' => { type: 'String', pass_opt: :PassengerUser }, - 'passenger_user_switching' => { type: 'OnOff', pass_opt: :PassengerUserSwitching }, - 'rack_auto_detect' => { type: 'String', pass_opt: :RackAutoDetect }, - 'rack_autodetect' => { type: 'String', pass_opt: :RackAutoDetect }, - 'rack_base_uri' => { type: 'String', pass_opt: :RackBaseURI }, - 'rack_env' => { type: 'String', pass_opt: :RackEnv }, - 'rails_allow_mod_rewrite' => { type: 'String', pass_opt: :RailsAllowModRewrite }, - 'rails_app_spawner_idle_time' => { type: 'String', pass_opt: :RailsAppSpawnerIdleTime }, - 'rails_auto_detect' => { type: 'String', pass_opt: :RailsAutoDetect }, - 'rails_autodetect' => { type: 'String', pass_opt: :RailsAutoDetect }, - 'rails_base_uri' => { type: 'String', pass_opt: :RailsBaseURI }, - 'rails_default_user' => { type: 'String', pass_opt: :RailsDefaultUser }, - 'rails_env' => { type: 'String', pass_opt: :RailsEnv }, - 'rails_framework_spawner_idle_time' => { type: 'String', pass_opt: :RailsFrameworkSpawnerIdleTime }, - 'rails_ruby' => { type: 'String', pass_opt: :RailsRuby }, - 'rails_spawn_method' => { type: 'String', pass_opt: :RailsSpawnMethod }, - 'rails_user_switching' => { type: 'String', pass_opt: :RailsUserSwitching }, - 'wsgi_auto_detect' => { type: 'String', pass_opt: :WsgiAutoDetect }, - } - passenger_config_options.each do |config_option, config_hash| - puppetized_config_option = config_option - case config_hash[:type] - # UnionStationFilter values are quoted strings - when 'QuotedString' - valid_config_values = ['"a quoted string"'] - valid_config_values.each do |valid_value| - describe "with #{puppetized_config_option} => '#{valid_value.delete('"')}'" do - let :params do - { puppetized_config_option.to_sym => valid_value } + case facts[:os]['family'] + when 'Debian' + context 'validating all passenger params - using Debian' do + it { is_expected.to contain_class('apache::params') } + it { is_expected.to contain_apache__mod('passenger') } + it { is_expected.to contain_package('libapache2-mod-passenger') } + it { + is_expected.to contain_file('zpassenger.load').with('path' => '/etc/apache2/mods-available/zpassenger.load') + } + it { + is_expected.to contain_file('passenger.conf').with('path' => '/etc/apache2/mods-available/passenger.conf') + } + + passenger_config_options = { + 'passenger_allow_encoded_slashes' => { type: 'OnOff', pass_opt: :PassengerAllowEncodedSlashes }, + 'passenger_app_env' => { type: 'String', pass_opt: :PassengerAppEnv }, + 'passenger_app_group_name' => { type: 'String', pass_opt: :PassengerAppGroupName }, + 'passenger_app_root' => { type: 'FullPath', pass_opt: :PassengerAppRoot }, + 'passenger_app_type' => { type: 'String', pass_opt: :PassengerAppType }, + 'passenger_base_uri' => { type: 'URI', pass_opt: :PassengerBaseURI }, + 'passenger_buffer_response' => { type: 'OnOff', pass_opt: :PassengerBufferResponse }, + 'passenger_buffer_upload' => { type: 'OnOff', pass_opt: :PassengerBufferUpload }, + 'passenger_concurrency_model' => { type: ['process', 'thread'], pass_opt: :PassengerConcurrencyModel }, + 'passenger_data_buffer_dir' => { type: 'FullPath', pass_opt: :PassengerDataBufferDir }, + 'passenger_debug_log_file' => { type: 'String', pass_opt: :PassengerDebugLogFile }, + 'passenger_debugger' => { type: 'OnOff', pass_opt: :PassengerDebugger }, + 'passenger_default_group' => { type: 'String', pass_opt: :PassengerDefaultGroup }, + 'passenger_default_ruby' => { type: 'FullPath', pass_opt: :PassengerDefaultRuby }, + 'passenger_default_user' => { type: 'String', pass_opt: :PassengerDefaultUser }, + 'passenger_disable_security_update_check' => { type: 'OnOff', pass_opt: :PassengerDisableSecurityUpdateCheck }, + 'passenger_enabled' => { type: 'OnOff', pass_opt: :PassengerEnabled }, + 'passenger_error_override' => { type: 'OnOff', pass_opt: :PassengerErrorOverride }, + 'passenger_file_descriptor_log_file' => { type: 'FullPath', pass_opt: :PassengerFileDescriptorLogFile }, + 'passenger_fly_with' => { type: 'FullPath', pass_opt: :PassengerFlyWith }, + 'passenger_force_max_concurrent_requests_per_process' => { type: 'Integer', pass_opt: :PassengerForceMaxConcurrentRequestsPerProcess }, + 'passenger_friendly_error_pages' => { type: 'OnOff', pass_opt: :PassengerFriendlyErrorPages }, + 'passenger_group' => { type: 'String', pass_opt: :PassengerGroup }, + 'passenger_high_performance' => { type: 'OnOff', pass_opt: :PassengerHighPerformance }, + 'passenger_instance_registry_dir' => { type: 'FullPath', pass_opt: :PassengerInstanceRegistryDir }, + 'passenger_load_shell_envvars' => { type: 'OnOff', pass_opt: :PassengerLoadShellEnvvars }, + 'passenger_log_file' => { type: 'FullPath', pass_opt: :PassengerLogFile }, + 'passenger_log_level' => { type: 'Integer', pass_opt: :PassengerLogLevel }, + 'passenger_lve_min_uid' => { type: 'Integer', pass_opt: :PassengerLveMinUid }, + 'passenger_max_instances' => { type: 'Integer', pass_opt: :PassengerMaxInstances }, + 'passenger_max_instances_per_app' => { type: 'Integer', pass_opt: :PassengerMaxInstancesPerApp }, + 'passenger_max_pool_size' => { type: 'Integer', pass_opt: :PassengerMaxPoolSize }, + 'passenger_max_preloader_idle_time' => { type: 'Integer', pass_opt: :PassengerMaxPreloaderIdleTime }, + 'passenger_max_request_queue_size' => { type: 'Integer', pass_opt: :PassengerMaxRequestQueueSize }, + 'passenger_max_request_time' => { type: 'Integer', pass_opt: :PassengerMaxRequestTime }, + 'passenger_max_requests' => { type: 'Integer', pass_opt: :PassengerMaxRequests }, + 'passenger_memory_limit' => { type: 'Integer', pass_opt: :PassengerMemoryLimit }, + 'passenger_meteor_app_settings' => { type: 'FullPath', pass_opt: :PassengerMeteorAppSettings }, + 'passenger_min_instances' => { type: 'Integer', pass_opt: :PassengerMinInstances }, + 'passenger_nodejs' => { type: 'FullPath', pass_opt: :PassengerNodejs }, + 'passenger_pool_idle_time' => { type: 'Integer', pass_opt: :PassengerPoolIdleTime }, + 'passenger_pre_start' => { type: 'URI', pass_opt: :PassengerPreStart }, + 'passenger_python' => { type: 'FullPath', pass_opt: :PassengerPython }, + 'passenger_resist_deployment_errors' => { type: 'OnOff', pass_opt: :PassengerResistDeploymentErrors }, + 'passenger_resolve_symlinks_in_document_root' => { type: 'OnOff', pass_opt: :PassengerResolveSymlinksInDocumentRoot }, + 'passenger_response_buffer_high_watermark' => { type: 'Integer', pass_opt: :PassengerResponseBufferHighWatermark }, + 'passenger_restart_dir' => { type: 'Path', pass_opt: :PassengerRestartDir }, + 'passenger_rolling_restarts' => { type: 'OnOff', pass_opt: :PassengerRollingRestarts }, + 'passenger_root' => { type: 'FullPath', pass_opt: :PassengerRoot }, + 'passenger_ruby' => { type: 'FullPath', pass_opt: :PassengerRuby }, + 'passenger_security_update_check_proxy' => { type: 'URI', pass_opt: :PassengerSecurityUpdateCheckProxy }, + 'passenger_show_version_in_header' => { type: 'OnOff', pass_opt: :PassengerShowVersionInHeader }, + 'passenger_socket_backlog' => { type: 'Integer', pass_opt: :PassengerSocketBacklog }, + 'passenger_spawn_method' => { type: ['smart', 'direct'], pass_opt: :PassengerSpawnMethod }, + 'passenger_start_timeout' => { type: 'Integer', pass_opt: :PassengerStartTimeout }, + 'passenger_startup_file' => { type: 'RelPath', pass_opt: :PassengerStartupFile }, + 'passenger_stat_throttle_rate' => { type: 'Integer', pass_opt: :PassengerStatThrottleRate }, + 'passenger_sticky_sessions' => { type: 'OnOff', pass_opt: :PassengerStickySessions }, + 'passenger_sticky_sessions_cookie_name' => { type: 'String', pass_opt: :PassengerStickySessionsCookieName }, + 'passenger_thread_count' => { type: 'Integer', pass_opt: :PassengerThreadCount }, + 'passenger_use_global_queue' => { type: 'String', pass_opt: :PassengerUseGlobalQueue }, + 'passenger_user' => { type: 'String', pass_opt: :PassengerUser }, + 'passenger_user_switching' => { type: 'OnOff', pass_opt: :PassengerUserSwitching }, + 'rack_auto_detect' => { type: 'String', pass_opt: :RackAutoDetect }, + 'rack_autodetect' => { type: 'String', pass_opt: :RackAutoDetect }, + 'rack_base_uri' => { type: 'String', pass_opt: :RackBaseURI }, + 'rack_env' => { type: 'String', pass_opt: :RackEnv }, + 'rails_allow_mod_rewrite' => { type: 'String', pass_opt: :RailsAllowModRewrite }, + 'rails_app_spawner_idle_time' => { type: 'String', pass_opt: :RailsAppSpawnerIdleTime }, + 'rails_auto_detect' => { type: 'String', pass_opt: :RailsAutoDetect }, + 'rails_autodetect' => { type: 'String', pass_opt: :RailsAutoDetect }, + 'rails_base_uri' => { type: 'String', pass_opt: :RailsBaseURI }, + 'rails_default_user' => { type: 'String', pass_opt: :RailsDefaultUser }, + 'rails_env' => { type: 'String', pass_opt: :RailsEnv }, + 'rails_framework_spawner_idle_time' => { type: 'String', pass_opt: :RailsFrameworkSpawnerIdleTime }, + 'rails_ruby' => { type: 'String', pass_opt: :RailsRuby }, + 'rails_spawn_method' => { type: 'String', pass_opt: :RailsSpawnMethod }, + 'rails_user_switching' => { type: 'String', pass_opt: :RailsUserSwitching }, + 'wsgi_auto_detect' => { type: 'String', pass_opt: :WsgiAutoDetect }, + } + passenger_config_options.each do |config_option, config_hash| + puppetized_config_option = config_option + case config_hash[:type] + # UnionStationFilter values are quoted strings + when 'QuotedString' + valid_config_values = ['"a quoted string"'] + valid_config_values.each do |valid_value| + describe "with #{puppetized_config_option} => '#{valid_value.delete('"')}'" do + let :params do + { puppetized_config_option.to_sym => valid_value } + end + + it { is_expected.to contain_file('passenger.conf').with_content(%r{^ #{config_hash[:pass_opt]} "#{valid_value}"$}) } + end + end + when 'FullPath', 'RelPath', 'Path' + valid_config_values = ['/some/path/to/somewhere'] + valid_config_values.each do |valid_value| + describe "with #{puppetized_config_option} => #{valid_value}" do + let :params do + { puppetized_config_option.to_sym => valid_value } + end + + it { is_expected.to contain_file('passenger.conf').with_content(%r{^ #{config_hash[:pass_opt]} "#{valid_value}"$}) } + end + end + when 'URI', 'String', 'Integer' + valid_config_values = ['some_value_for_you'] + valid_config_values.each do |valid_value| + describe "with #{puppetized_config_option} => #{valid_value}" do + let :params do + { puppetized_config_option.to_sym => valid_value } + end + + it { is_expected.to contain_file('passenger.conf').with_content(%r{^ #{config_hash[:pass_opt]} #{valid_value}$}) } + end + end + when 'OnOff' + valid_config_values = ['on', 'off'] + valid_config_values.each do |valid_value| + describe "with #{puppetized_config_option} => '#{valid_value}'" do + let :params do + { puppetized_config_option.to_sym => valid_value } + end + + it { is_expected.to contain_file('passenger.conf').with_content(%r{^ #{config_hash[:pass_opt]} #{valid_value}$}) } + end + end + else + valid_config_values = config_hash[:type] + valid_config_values.each do |valid_value| + describe "with #{puppetized_config_option} => '#{valid_value}'" do + let :params do + { puppetized_config_option.to_sym => valid_value } + end + + it { is_expected.to contain_file('passenger.conf').with_content(%r{^ #{config_hash[:pass_opt]} #{valid_value}$}) } + end + end end - - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ #{config_hash[:pass_opt]} "#{valid_value}"$}) } end end - when 'FullPath', 'RelPath', 'Path' - valid_config_values = ['/some/path/to/somewhere'] - valid_config_values.each do |valid_value| - describe "with #{puppetized_config_option} => #{valid_value}" do - let :params do - { puppetized_config_option.to_sym => valid_value } - end - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ #{config_hash[:pass_opt]} "#{valid_value}"$}) } + it { is_expected.to contain_class('apache::params') } + it { is_expected.to contain_apache__mod('passenger') } + it { is_expected.to contain_package('libapache2-mod-passenger') } + it { + is_expected.to contain_file('zpassenger.load').with('path' => '/etc/apache2/mods-available/zpassenger.load') + } + it { + is_expected.to contain_file('passenger.conf').with('path' => '/etc/apache2/mods-available/passenger.conf') + } + describe "with passenger_root => '/usr/lib/example'" do + let :params do + { passenger_root: '/usr/lib/example' } end - end - when 'URI', 'String', 'Integer' - valid_config_values = ['some_value_for_you'] - valid_config_values.each do |valid_value| - describe "with #{puppetized_config_option} => #{valid_value}" do - let :params do - { puppetized_config_option.to_sym => valid_value } - end - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ #{config_hash[:pass_opt]} #{valid_value}$}) } - end + it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRoot "/usr/lib/example"}) } end - when 'OnOff' - valid_config_values = ['on', 'off'] - valid_config_values.each do |valid_value| - describe "with #{puppetized_config_option} => '#{valid_value}'" do - let :params do - { puppetized_config_option.to_sym => valid_value } - end - - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ #{config_hash[:pass_opt]} #{valid_value}$}) } + describe 'with passenger_ruby => /usr/lib/example/ruby' do + let :params do + { passenger_ruby: '/usr/lib/example/ruby' } end - end - else - valid_config_values = config_hash[:type] - valid_config_values.each do |valid_value| - describe "with #{puppetized_config_option} => '#{valid_value}'" do - let :params do - { puppetized_config_option.to_sym => valid_value } - end - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ #{config_hash[:pass_opt]} #{valid_value}$}) } - end + it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRuby "/usr/lib/example/ruby"}) } end - end - end - end - context 'on a Debian OS' do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '6', - kernel: 'Linux', - lsbdistcodename: 'jessie', - operatingsystem: 'Debian', - id: 'root', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('passenger') } - it { is_expected.to contain_package('libapache2-mod-passenger') } - it { - is_expected.to contain_file('zpassenger.load').with('path' => '/etc/apache2/mods-available/zpassenger.load') - } - it { - is_expected.to contain_file('passenger.conf').with('path' => '/etc/apache2/mods-available/passenger.conf') - } - describe "with passenger_root => '/usr/lib/example'" do - let :params do - { passenger_root: '/usr/lib/example' } - end - - it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRoot "/usr/lib/example"}) } - end - describe 'with passenger_ruby => /usr/lib/example/ruby' do - let :params do - { passenger_ruby: '/usr/lib/example/ruby' } - end - - it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRuby "/usr/lib/example/ruby"}) } - end - describe 'with passenger_default_ruby => /usr/lib/example/ruby1.9.3' do - let :params do - { passenger_ruby: '/usr/lib/example/ruby1.9.3' } - end - - it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRuby "/usr/lib/example/ruby1.9.3"}) } - end - describe 'with passenger_high_performance => on' do - let :params do - { passenger_high_performance: 'on' } - end - - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerHighPerformance on$}) } - end - describe 'with passenger_pool_idle_time => 1200' do - let :params do - { passenger_pool_idle_time: 1200 } - end - - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerPoolIdleTime 1200$}) } - end - describe 'with passenger_max_request_queue_size => 100' do - let :params do - { passenger_max_request_queue_size: 100 } - end - - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerMaxRequestQueueSize 100$}) } - end - - describe 'with passenger_max_requests => 20' do - let :params do - { passenger_max_requests: 20 } - end - - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerMaxRequests 20$}) } - end - describe 'with passenger_spawn_method => direct' do - let :params do - { passenger_spawn_method: 'direct' } - end + describe 'with passenger_default_ruby => /usr/lib/example/ruby1.9.3' do + let :params do + { passenger_ruby: '/usr/lib/example/ruby1.9.3' } + end - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerSpawnMethod direct$}) } - end - describe 'with passenger_stat_throttle_rate => 10' do - let :params do - { passenger_stat_throttle_rate: 10 } - end + it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRuby "/usr/lib/example/ruby1.9.3"}) } + end + describe 'with passenger_high_performance => on' do + let :params do + { passenger_high_performance: 'on' } + end - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerStatThrottleRate 10$}) } - end - describe 'with passenger_max_pool_size => 16' do - let :params do - { passenger_max_pool_size: 16 } - end + it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerHighPerformance on$}) } + end + describe 'with passenger_pool_idle_time => 1200' do + let :params do + { passenger_pool_idle_time: 1200 } + end - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerMaxPoolSize 16$}) } - end - describe 'with passenger_min_instances => 5' do - let :params do - { passenger_min_instances: 5 } - end + it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerPoolIdleTime 1200$}) } + end + describe 'with passenger_max_request_queue_size => 100' do + let :params do + { passenger_max_request_queue_size: 100 } + end - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerMinInstances 5$}) } - end - describe 'with passenger_max_instances_per_app => 8' do - let :params do - { passenger_max_instances_per_app: 8 } - end + it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerMaxRequestQueueSize 100$}) } + end - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerMaxInstancesPerApp 8$}) } - end - describe 'with rack_autodetect => on' do - let :params do - { rack_autodetect: 'on' } - end + describe 'with passenger_max_requests => 20' do + let :params do + { passenger_max_requests: 20 } + end - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ RackAutoDetect on$}) } - end - describe 'with rails_autodetect => on' do - let :params do - { rails_autodetect: 'on' } - end + it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerMaxRequests 20$}) } + end + describe 'with passenger_spawn_method => direct' do + let :params do + { passenger_spawn_method: 'direct' } + end - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ RailsAutoDetect on$}) } - end - describe 'with passenger_use_global_queue => on' do - let :params do - { passenger_use_global_queue: 'on' } - end + it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerSpawnMethod direct$}) } + end + describe 'with passenger_stat_throttle_rate => 10' do + let :params do + { passenger_stat_throttle_rate: 10 } + end - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerUseGlobalQueue on$}) } - end - describe "with passenger_app_env => 'foo'" do - let :params do - { passenger_app_env: 'foo' } - end + it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerStatThrottleRate 10$}) } + end + describe 'with passenger_max_pool_size => 16' do + let :params do + { passenger_max_pool_size: 16 } + end - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerAppEnv foo$}) } - end - describe "with passenger_log_file => '/var/log/apache2/passenger.log'" do - let :params do - { passenger_log_file: '/var/log/apache2/passenger.log' } - end + it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerMaxPoolSize 16$}) } + end + describe 'with passenger_min_instances => 5' do + let :params do + { passenger_min_instances: 5 } + end - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerLogFile "/var/log/apache2/passenger.log"$}) } - end - describe 'with passenger_log_level => 3' do - let :params do - { passenger_log_level: 3 } - end + it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerMinInstances 5$}) } + end + describe 'with passenger_max_instances_per_app => 8' do + let :params do + { passenger_max_instances_per_app: 8 } + end - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerLogLevel 3$}) } - end - describe "with mod_path => '/usr/lib/foo/mod_foo.so'" do - let :params do - { mod_path: '/usr/lib/foo/mod_foo.so' } - end + it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerMaxInstancesPerApp 8$}) } + end + describe 'with rack_autodetect => on' do + let :params do + { rack_autodetect: 'on' } + end - it { is_expected.to contain_file('zpassenger.load').with_content(%r{^LoadModule passenger_module \/usr\/lib\/foo\/mod_foo\.so$}) } - end - describe "with mod_lib_path => '/usr/lib/foo'" do - let :params do - { mod_lib_path: '/usr/lib/foo' } - end + it { is_expected.to contain_file('passenger.conf').with_content(%r{^ RackAutoDetect on$}) } + end + describe 'with rails_autodetect => on' do + let :params do + { rails_autodetect: 'on' } + end - it { is_expected.to contain_file('zpassenger.load').with_content(%r{^LoadModule passenger_module \/usr\/lib\/foo\/mod_passenger\.so$}) } - end - describe "with mod_lib => 'mod_foo.so'" do - let :params do - { mod_lib: 'mod_foo.so' } - end + it { is_expected.to contain_file('passenger.conf').with_content(%r{^ RailsAutoDetect on$}) } + end + describe 'with passenger_use_global_queue => on' do + let :params do + { passenger_use_global_queue: 'on' } + end - it { is_expected.to contain_file('zpassenger.load').with_content(%r{^LoadModule passenger_module \/usr\/lib\/apache2\/modules\/mod_foo\.so$}) } - end - describe "with mod_id => 'mod_foo'" do - let :params do - { mod_id: 'mod_foo' } - end + it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerUseGlobalQueue on$}) } + end + describe "with passenger_app_env => 'foo'" do + let :params do + { passenger_app_env: 'foo' } + end - it { is_expected.to contain_file('zpassenger.load').with_content(%r{^LoadModule mod_foo \/usr\/lib\/apache2\/modules\/mod_passenger\.so$}) } - end + it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerAppEnv foo$}) } + end + describe "with passenger_log_file => '/var/log/apache2/passenger.log'" do + let :params do + { passenger_log_file: '/var/log/apache2/passenger.log' } + end - context 'with Ubuntu 16.04 defaults' do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '16.04', - operatingsystem: 'Ubuntu', - kernel: 'Linux', - lsbdistrelease: '16.04', - id: 'root', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end + it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerLogFile "/var/log/apache2/passenger.log"$}) } + end + describe 'with passenger_log_level => 3' do + let :params do + { passenger_log_level: 3 } + end - it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRoot "/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini"}) } - it { is_expected.to contain_file('passenger.conf').without_content(%r{PassengerRuby}) } - it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerDefaultRuby "/usr/bin/ruby"}) } - end + it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerLogLevel 3$}) } + end + describe "with mod_path => '/usr/lib/foo/mod_foo.so'" do + let :params do + { mod_path: '/usr/lib/foo/mod_foo.so' } + end - context 'with Debian 8 defaults' do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '8.0', - operatingsystem: 'Debian', - kernel: 'Linux', - lsbdistcodename: 'jessie', - id: 'root', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end + it { is_expected.to contain_file('zpassenger.load').with_content(%r{^LoadModule passenger_module \/usr\/lib\/foo\/mod_foo\.so$}) } + end + describe "with mod_lib_path => '/usr/lib/foo'" do + let :params do + { mod_lib_path: '/usr/lib/foo' } + end - it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRoot "/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini"}) } - it { is_expected.to contain_file('passenger.conf').without_content(%r{PassengerRuby}) } - it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerDefaultRuby "/usr/bin/ruby"}) } - end - end + it { is_expected.to contain_file('zpassenger.load').with_content(%r{^LoadModule passenger_module \/usr\/lib\/foo\/mod_passenger\.so$}) } + end + describe "with mod_lib => 'mod_foo.so'" do + let :params do + { mod_lib: 'mod_foo.so' } + end - context 'on a RedHat OS' do - let :rh_facts do - { - osfamily: 'RedHat', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end + it { is_expected.to contain_file('zpassenger.load').with_content(%r{^LoadModule passenger_module \/usr\/lib\/apache2\/modules\/mod_foo\.so$}) } + end + describe "with mod_id => 'mod_foo'" do + let :params do + { mod_id: 'mod_foo' } + end - context 'on EL6' do - let(:facts) { rh_facts.merge(operatingsystemrelease: '6') } - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('passenger') } - it { is_expected.to contain_package('mod_passenger') } - it { - is_expected.to contain_file('passenger_package.conf').with('path' => '/etc/httpd/conf.d/passenger.conf') - } - it { is_expected.to contain_file('passenger_package.conf').without_content } - it { is_expected.to contain_file('passenger_package.conf').without_source } - it { - is_expected.to contain_file('zpassenger.load').with('path' => '/etc/httpd/conf.d/zpassenger.load') - } - it { is_expected.to contain_file('passenger.conf').without_content(%r{PassengerRoot}) } - it { is_expected.to contain_file('passenger.conf').without_content(%r{PassengerRuby}) } - describe "with passenger_root => '/usr/lib/example'" do - let :params do - { passenger_root: '/usr/lib/example' } + it { is_expected.to contain_file('zpassenger.load').with_content(%r{^LoadModule mod_foo \/usr\/lib\/apache2\/modules\/mod_passenger\.so$}) } end - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerRoot "\/usr\/lib\/example"$}) } - end - describe 'with passenger_ruby => /usr/lib/example/ruby' do - let :params do - { passenger_ruby: '/usr/lib/example/ruby' } + context 'with Ubuntu 16.04 defaults' do + it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRoot "/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini"}) } + it { is_expected.to contain_file('passenger.conf').without_content(%r{PassengerRuby}) } + it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerDefaultRuby "/usr/bin/ruby"}) } end - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerRuby "\/usr\/lib\/example\/ruby"$}) } + if facts[:os]['release']['major'].to_i == 8 + context 'with Debian 8 defaults' do + it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRoot "/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini"}) } + it { is_expected.to contain_file('passenger.conf').without_content(%r{PassengerRuby}) } + it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerDefaultRuby "/usr/bin/ruby"}) } + end + end + when 'RedHat' + context 'on a RedHat OS' do + case facts[:os]['release']['major'] + when '6' + context 'on EL6' do + it { is_expected.to contain_class('apache::params') } + it { is_expected.to contain_apache__mod('passenger') } + it { is_expected.to contain_package('mod_passenger') } + it { + is_expected.to contain_file('passenger_package.conf').with('path' => '/etc/httpd/conf.d/passenger.conf') + } + it { is_expected.to contain_file('passenger_package.conf').without_content } + it { is_expected.to contain_file('passenger_package.conf').without_source } + it { + is_expected.to contain_file('zpassenger.load').with('path' => '/etc/httpd/conf.d/zpassenger.load') + } + it { is_expected.to contain_file('passenger.conf').without_content(%r{PassengerRoot}) } + it { is_expected.to contain_file('passenger.conf').without_content(%r{PassengerRuby}) } + describe "with passenger_root => '/usr/lib/example'" do + let :params do + { passenger_root: '/usr/lib/example' } + end + + it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerRoot "\/usr\/lib\/example"$}) } + end + describe 'with passenger_ruby => /usr/lib/example/ruby' do + let :params do + { passenger_ruby: '/usr/lib/example/ruby' } + end + + it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerRuby "\/usr\/lib\/example\/ruby"$}) } + end + end + when '7' + + context 'on EL7' do + it { + is_expected.to contain_file('passenger_package.conf').with('path' => '/etc/httpd/conf.d/passenger.conf') + } + it { + is_expected.to contain_file('zpassenger.load').with('path' => '/etc/httpd/conf.modules.d/zpassenger.load') + } + end + end + end + when 'FreeBSD' + context 'on a FreeBSD OS' do + it { is_expected.to contain_class('apache::params') } + it { is_expected.to contain_apache__mod('passenger') } + it { is_expected.to contain_package('www/rubygem-passenger') } + end + when 'Gentoo' + context 'on a Gentoo OS' do + it { is_expected.to contain_class('apache::params') } + it { is_expected.to contain_apache__mod('passenger') } + it { is_expected.to contain_package('www-apache/passenger') } + end end end - - context 'on EL7' do - let(:facts) { rh_facts.merge(operatingsystemrelease: '7') } - - it { - is_expected.to contain_file('passenger_package.conf').with('path' => '/etc/httpd/conf.d/passenger.conf') - } - it { - is_expected.to contain_file('zpassenger.load').with('path' => '/etc/httpd/conf.modules.d/zpassenger.load') - } - end - end - context 'on a FreeBSD OS' do - let :facts do - { - osfamily: 'FreeBSD', - operatingsystemrelease: '9', - operatingsystem: 'FreeBSD', - id: 'root', - kernel: 'FreeBSD', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('passenger') } - it { is_expected.to contain_package('www/rubygem-passenger') } - end - context 'on a Gentoo OS' do - let :facts do - { - osfamily: 'Gentoo', - operatingsystem: 'Gentoo', - operatingsystemrelease: '3.16.1-gentoo', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('passenger') } - it { is_expected.to contain_package('www-apache/passenger') } end end diff --git a/spec/classes/mod/php_spec.rb b/spec/classes/mod/php_spec.rb index 6ccd1363df..0555e57afd 100644 --- a/spec/classes/mod/php_spec.rb +++ b/spec/classes/mod/php_spec.rb @@ -1,373 +1,321 @@ require 'spec_helper' describe 'apache::mod::php', type: :class do - describe 'on a Debian OS' do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '8', - lsbdistcodename: 'jessie', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - context 'with mpm_module => prefork' do - let :pre_condition do - 'class { "apache": mpm_module => prefork, }' - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_class('apache::mod::prefork') } - it { is_expected.to contain_apache__mod('php5') } - it { is_expected.to contain_package('libapache2-mod-php5') } - it { - is_expected.to contain_file('php5.load').with( - content: "LoadModule php5_module /usr/lib/apache2/modules/libphp5.so\n", - ) - } - end - context 'with mpm_module => itk' do - let :pre_condition do - 'class { "apache": mpm_module => itk, }' + on_supported_os.each do |os, facts| + context "on #{os} " do + let :facts do + facts end - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_class('apache::mod::itk') } - it { is_expected.to contain_apache__mod('php5') } - it { is_expected.to contain_package('libapache2-mod-php5') } - it { - is_expected.to contain_file('php5.load').with( - content: "LoadModule php5_module /usr/lib/apache2/modules/libphp5.so\n", - ) - } - end - context 'on jessie' do - let :pre_condition do - 'class { "apache": mpm_module => prefork, }' - end - let(:facts) do - super().merge(operatingsystemrelease: '8', - lsbdistcodename: 'jessie') - end + case facts[:os]['family'] + when 'Debian' + describe 'on a Debian OS' do + context 'with mpm_module => prefork' do + let :pre_condition do + 'class { "apache": mpm_module => prefork, }' + end - it { - is_expected.to contain_file('php5.load').with( - content: "LoadModule php5_module /usr/lib/apache2/modules/libphp5.so\n", - ) - } - end - context 'on stretch' do - let :pre_condition do - 'class { "apache": mpm_module => prefork, }' - end - let(:facts) do - super().merge(operatingsystemrelease: '9', - lsbdistcodename: 'stretch') - end + it { is_expected.to contain_class('apache::params') } + it { is_expected.to contain_class('apache::mod::prefork') } + end + case facts[:os]['release']['major'] + when '8' + context 'on jessie' do + let :pre_condition do + 'class { "apache": mpm_module => prefork, }' + end - it { is_expected.to contain_apache__mod('php7.0') } - it { is_expected.to contain_package('libapache2-mod-php7.0') } - it { - is_expected.to contain_file('php7.0.load').with( - content: "LoadModule php7_module /usr/lib/apache2/modules/libphp7.0.so\n", - ) - } - end - end - describe 'on a RedHat OS' do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '6', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end + it { + is_expected.to contain_file('php5.load').with( + content: "LoadModule php5_module /usr/lib/apache2/modules/libphp5.so\n", + ) + } + context 'with mpm_module => itk on jessie' do + let :pre_condition do + 'class { "apache": mpm_module => itk, }' + end - context 'with default params' do - let :pre_condition do - 'class { "apache": }' - end + it { is_expected.to contain_class('apache::params') } + it { is_expected.to contain_class('apache::mod::itk') } + it { is_expected.to contain_apache__mod('php5') } + it { is_expected.to contain_package('libapache2-mod-php5') } + it { + is_expected.to contain_file('php5.load').with( + content: "LoadModule php5_module /usr/lib/apache2/modules/libphp5.so\n", + ) + } + end + end + when '9' + context 'on stretch' do + let :pre_condition do + 'class { "apache": mpm_module => prefork, }' + end - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('php5') } - it { is_expected.to contain_package('php') } - it { - is_expected.to contain_file('php5.load').with( - content: "LoadModule php5_module modules/libphp5.so\n", - ) - } - end - context 'with alternative package name' do - let :pre_condition do - 'class { "apache": }' - end - let :params do - { package_name: 'php54' } - end + it { is_expected.to contain_apache__mod('php7.0') } + it { is_expected.to contain_package('libapache2-mod-php7.0') } + it { + is_expected.to contain_file('php7.0.load').with( + content: "LoadModule php7_module /usr/lib/apache2/modules/libphp7.0.so\n", + ) + } + end + end + end + when 'RedHat' + describe 'on a RedHat OS' do + context 'with default params' do + let :pre_condition do + 'class { "apache": }' + end - it { is_expected.to contain_package('php54') } - end - context 'with alternative path' do - let :pre_condition do - 'class { "apache": }' - end - let :params do - { path: 'alternative-path' } - end + it { is_expected.to contain_class('apache::params') } + it { is_expected.to contain_apache__mod('php5') } + it { is_expected.to contain_package('php') } if facts[:os]['release']['major'].to_i > 5 + it { + is_expected.to contain_file('php5.load').with( + content: "LoadModule php5_module modules/libphp5.so\n", + ) + } + end + context 'with alternative package name' do + let :pre_condition do + 'class { "apache": }' + end + let :params do + { package_name: 'php54' } + end - it { - is_expected.to contain_file('php5.load').with( - content: "LoadModule php5_module alternative-path\n", - ) - } - end - context 'with alternative extensions' do - let :pre_condition do - 'class { "apache": }' - end - let :params do - { extensions: ['.php', '.php5'] } - end + it { is_expected.to contain_package('php54') } + end + context 'with alternative path' do + let :pre_condition do + 'class { "apache": }' + end + let :params do + { path: 'alternative-path' } + end - it { is_expected.to contain_file('php5.conf').with_content(Regexp.new(Regexp.escape(''))) } - end - context 'with specific version' do - let :pre_condition do - 'class { "apache": }' - end - let :params do - { package_ensure: '5.3.13' } - end + it { + is_expected.to contain_file('php5.load').with( + content: "LoadModule php5_module alternative-path\n", + ) + } + end + context 'with alternative extensions' do + let :pre_condition do + 'class { "apache": }' + end + let :params do + { extensions: ['.php', '.php5'] } + end - it { - is_expected.to contain_package('php').with( - ensure: '5.3.13', - ) - } - end - context 'with mpm_module => prefork' do - let :pre_condition do - 'class { "apache": mpm_module => prefork, }' - end + it { is_expected.to contain_file('php5.conf').with_content(Regexp.new(Regexp.escape(''))) } + end + if facts[:os]['release']['major'].to_i > 5 + context 'with specific version' do + let :pre_condition do + 'class { "apache": }' + end + let :params do + { package_ensure: '5.3.13' } + end - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_class('apache::mod::prefork') } - it { is_expected.to contain_apache__mod('php5') } - it { is_expected.to contain_package('php') } - it { - is_expected.to contain_file('php5.load').with( - content: "LoadModule php5_module modules/libphp5.so\n", - ) - } - end - context 'with mpm_module => itk' do - let :pre_condition do - 'class { "apache": mpm_module => itk, }' - end + it { + is_expected.to contain_package('php').with( + ensure: '5.3.13', + ) + } + end + end + context 'with mpm_module => prefork' do + let :pre_condition do + 'class { "apache": mpm_module => prefork, }' + end - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_class('apache::mod::itk') } - it { is_expected.to contain_apache__mod('php5') } - it { is_expected.to contain_package('php') } - it { - is_expected.to contain_file('php5.load').with( - content: "LoadModule php5_module modules/libphp5.so\n", - ) - } - end - end - describe 'on a FreeBSD OS' do - let :facts do - { - osfamily: 'FreeBSD', - operatingsystemrelease: '10', - operatingsystem: 'FreeBSD', - id: 'root', - kernel: 'FreeBSD', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end + it { is_expected.to contain_class('apache::params') } + it { is_expected.to contain_class('apache::mod::prefork') } + it { is_expected.to contain_apache__mod('php5') } + it { is_expected.to contain_package('php') } if facts[:os]['release']['major'].to_i > 5 + it { + is_expected.to contain_file('php5.load').with( + content: "LoadModule php5_module modules/libphp5.so\n", + ) + } + end + context 'with mpm_module => itk' do + let :pre_condition do + 'class { "apache": mpm_module => itk, }' + end - context 'with mpm_module => prefork' do - let :pre_condition do - 'class { "apache": mpm_module => prefork, }' - end + it { is_expected.to contain_class('apache::params') } + it { is_expected.to contain_class('apache::mod::itk') } + it { is_expected.to contain_apache__mod('php5') } + it { is_expected.to contain_package('php') } if facts[:os]['release']['major'].to_i > 5 + it { + is_expected.to contain_file('php5.load').with( + content: "LoadModule php5_module modules/libphp5.so\n", + ) + } + end + end + when 'FreeBSD' + describe 'on a FreeBSD OS' do + context 'with mpm_module => prefork' do + let :pre_condition do + 'class { "apache": mpm_module => prefork, }' + end - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('php5') } - it { is_expected.to contain_package('www/mod_php5') } - it { is_expected.to contain_file('php5.load') } - end - context 'with mpm_module => itk' do - let :pre_condition do - 'class { "apache": mpm_module => itk, }' - end + it { is_expected.to contain_class('apache::params') } + it { is_expected.to contain_apache__mod('php5') } + it { is_expected.to contain_package('www/mod_php5') } + it { is_expected.to contain_file('php5.load') } + end + context 'with mpm_module => itk' do + let :pre_condition do + 'class { "apache": mpm_module => itk, }' + end - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_class('apache::mod::itk') } - it { is_expected.to contain_apache__mod('php5') } - it { is_expected.to contain_package('www/mod_php5') } - it { is_expected.to contain_file('php5.load') } - end - end - describe 'on a Gentoo OS' do - let :facts do - { - osfamily: 'Gentoo', - operatingsystem: 'Gentoo', - operatingsystemrelease: '3.16.1-gentoo', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', - is_pe: false, - } - end + it { is_expected.to contain_class('apache::params') } + it { is_expected.to contain_class('apache::mod::itk') } + it { is_expected.to contain_apache__mod('php5') } + it { is_expected.to contain_package('www/mod_php5') } + it { is_expected.to contain_file('php5.load') } + end + end + when 'Gentoo' + describe 'on a Gentoo OS' do + context 'with mpm_module => prefork' do + let :pre_condition do + 'class { "apache": mpm_module => prefork, }' + end - context 'with mpm_module => prefork' do - let :pre_condition do - 'class { "apache": mpm_module => prefork, }' - end + it { is_expected.to contain_class('apache::params') } + it { is_expected.to contain_apache__mod('php5') } + it { is_expected.to contain_package('dev-lang/php') } + it { is_expected.to contain_file('php5.load') } + end + context 'with mpm_module => itk' do + let :pre_condition do + 'class { "apache": mpm_module => itk, }' + end - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('php5') } - it { is_expected.to contain_package('dev-lang/php') } - it { is_expected.to contain_file('php5.load') } - end - context 'with mpm_module => itk' do - let :pre_condition do - 'class { "apache": mpm_module => itk, }' + it { is_expected.to contain_class('apache::params') } + it { is_expected.to contain_class('apache::mod::itk') } + it { is_expected.to contain_apache__mod('php5') } + it { is_expected.to contain_package('dev-lang/php') } + it { is_expected.to contain_file('php5.load') } + end + end end - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_class('apache::mod::itk') } - it { is_expected.to contain_apache__mod('php5') } - it { is_expected.to contain_package('dev-lang/php') } - it { is_expected.to contain_file('php5.load') } - end - end - describe 'OS independent tests' do - let :facts do - { - osfamily: 'Debian', - operatingsystem: 'Debian', - operatingsystemrelease: '6', - kernel: 'Linux', - lsbdistcodename: 'jessie', - id: 'root', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end + # all the following tests are for legacy php/apache versions. They don't work on modern ubuntu + next if (facts[:os]['release']['major'].to_i > 15 && facts[:os]['name'] == 'Ubuntu') || + (facts[:os]['release']['major'].to_i >= 9 && facts[:os]['name'] == 'Debian') - context 'with content param' do - let :pre_condition do - 'class { "apache": mpm_module => prefork, }' - end - let :params do - { content: 'somecontent' } - end + describe 'OS independent tests' do + context 'with content param' do + let :pre_condition do + 'class { "apache": mpm_module => prefork, }' + end + let :params do + { content: 'somecontent' } + end - it { - is_expected.to contain_file('php5.conf').with( - content: 'somecontent', - ) - } - end - context 'with template param' do - let :pre_condition do - 'class { "apache": mpm_module => prefork, }' - end - let :params do - { template: 'apache/mod/php.conf.erb' } - end + it { + is_expected.to contain_file('php5.conf').with( + content: 'somecontent', + ) + } + end + context 'with template param' do + let :pre_condition do + 'class { "apache": mpm_module => prefork, }' + end + let :params do + { template: 'apache/mod/php.conf.erb' } + end - it { - is_expected.to contain_file('php5.conf').with( - content: %r{^# PHP is an HTML-embedded scripting language which attempts to make it}, - ) - } - end - context 'with source param' do - let :pre_condition do - 'class { "apache": mpm_module => prefork, }' - end - let :params do - { source: 'some-path' } - end + it { + is_expected.to contain_file('php5.conf').with( + content: %r{^# PHP is an HTML-embedded scripting language which attempts to make it}, + ) + } + end + context 'with source param' do + let :pre_condition do + 'class { "apache": mpm_module => prefork, }' + end + let :params do + { source: 'some-path' } + end - it { - is_expected.to contain_file('php5.conf').with( - source: 'some-path', - ) - } - end - context 'content has priority over template' do - let :pre_condition do - 'class { "apache": mpm_module => prefork, }' - end - let :params do - { - template: 'apache/mod/php5.conf.erb', - content: 'somecontent', - } - end + it { + is_expected.to contain_file('php5.conf').with( + source: 'some-path', + ) + } + end + context 'content has priority over template' do + let :pre_condition do + 'class { "apache": mpm_module => prefork, }' + end + let :params do + { + template: 'apache/mod/php5.conf.erb', + content: 'somecontent', + } + end - it { - is_expected.to contain_file('php5.conf').with( - content: 'somecontent', - ) - } - end - context 'source has priority over template' do - let :pre_condition do - 'class { "apache": mpm_module => prefork, }' - end - let :params do - { - template: 'apache/mod/php5.conf.erb', - source: 'some-path', - } - end + it { + is_expected.to contain_file('php5.conf').with( + content: 'somecontent', + ) + } + end + context 'source has priority over template' do + let :pre_condition do + 'class { "apache": mpm_module => prefork, }' + end + let :params do + { + template: 'apache/mod/php5.conf.erb', + source: 'some-path', + } + end - it { - is_expected.to contain_file('php5.conf').with( - source: 'some-path', - ) - } - end - context 'source has priority over content' do - let :pre_condition do - 'class { "apache": mpm_module => prefork, }' - end - let :params do - { - content: 'somecontent', - source: 'some-path', - } - end + it { + is_expected.to contain_file('php5.conf').with( + source: 'some-path', + ) + } + end + context 'source has priority over content' do + let :pre_condition do + 'class { "apache": mpm_module => prefork, }' + end + let :params do + { + content: 'somecontent', + source: 'some-path', + } + end - it { - is_expected.to contain_file('php5.conf').with( - source: 'some-path', - ) - } - end - context 'with mpm_module => worker' do - let :pre_condition do - 'class { "apache": mpm_module => worker, }' - end + it { + is_expected.to contain_file('php5.conf').with( + source: 'some-path', + ) + } + end + context 'with mpm_module => worker' do + let :pre_condition do + 'class { "apache": mpm_module => worker, }' + end - it 'raises an error' do - expect { expect(subject).to contain_apache__mod('php5') }.to raise_error Puppet::Error, %r{mpm_module => 'prefork' or mpm_module => 'itk'} + it 'raises an error' do + expect { expect(subject).to contain_apache__mod('php5') }.to raise_error Puppet::Error, %r{mpm_module => 'prefork' or mpm_module => 'itk'} + end + end end end end diff --git a/spec/classes/mod/security_spec.rb b/spec/classes/mod/security_spec.rb index 8f4d053fd7..570d9af606 100644 --- a/spec/classes/mod/security_spec.rb +++ b/spec/classes/mod/security_spec.rb @@ -2,187 +2,181 @@ require 'spec_helper' describe 'apache::mod::security', type: :class do - it_behaves_like 'a mod class, without including apache' - context 'on RedHat based systems' do - let :facts do - { - osfamily: 'RedHat', - operatingsystem: 'CentOS', - operatingsystemrelease: '7', - kernel: 'Linux', - id: 'root', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end + on_supported_os.each do |os, facts| + context "on #{os} " do + let :facts do + facts + end - it { - is_expected.to contain_apache__mod('security').with( - id: 'security2_module', - lib: 'mod_security2.so', - ) - } - it { - is_expected.to contain_apache__mod('unique_id_module').with( - id: 'unique_id_module', - lib: 'mod_unique_id.so', - ) - } - it { is_expected.to contain_package('mod_security_crs') } - it { - is_expected.to contain_file('security.conf').with( - path: '/etc/httpd/conf.modules.d/security.conf', - ) - } - it { - is_expected.to contain_file('security.conf') - .with_content(%r{^\s+SecAuditLogRelevantStatus "\^\(\?:5\|4\(\?!04\)\)"$}) - .with_content(%r{^\s+SecAuditLogParts ABIJDEFHZ$}) - .with_content(%r{^\s+SecDebugLog /var/log/httpd/modsec_debug.log$}) - .with_content(%r{^\s+SecAuditLog /var/log/httpd/modsec_audit.log$}) - } - it { - is_expected.to contain_file('/etc/httpd/modsecurity.d').with( - ensure: 'directory', path: '/etc/httpd/modsecurity.d', - owner: 'root', group: 'root', mode: '0755' - ) - } - it { - is_expected.to contain_file('/etc/httpd/modsecurity.d/activated_rules').with( - ensure: 'directory', path: '/etc/httpd/modsecurity.d/activated_rules', - owner: 'apache', group: 'apache' - ) - } - it { - is_expected.to contain_file('/etc/httpd/modsecurity.d/security_crs.conf').with( - path: '/etc/httpd/modsecurity.d/security_crs.conf', - ) - } - it { is_expected.to contain_apache__security__rule_link('base_rules/modsecurity_35_bad_robots.data') } - it { - is_expected.to contain_file('modsecurity_35_bad_robots.data').with( - path: '/etc/httpd/modsecurity.d/activated_rules/modsecurity_35_bad_robots.data', - target: '/usr/lib/modsecurity.d/base_rules/modsecurity_35_bad_robots.data', - ) - } + case facts[:os]['family'] + when 'RedHat' + context 'on RedHat based systems' do + it { + is_expected.to contain_apache__mod('security').with( + id: 'security2_module', + lib: 'mod_security2.so', + ) + } + it { + is_expected.to contain_apache__mod('unique_id_module').with( + id: 'unique_id_module', + lib: 'mod_unique_id.so', + ) + } + it { is_expected.to contain_package('mod_security_crs') } + if facts[:os]['release']['major'].to_i > 6 + it { + is_expected.to contain_file('security.conf').with( + path: '/etc/httpd/conf.modules.d/security.conf', + ) + } + end + it { + is_expected.to contain_file('security.conf') + .with_content(%r{^\s+SecAuditLogRelevantStatus "\^\(\?:5\|4\(\?!04\)\)"$}) + .with_content(%r{^\s+SecAuditLogParts ABIJDEFHZ$}) + .with_content(%r{^\s+SecDebugLog /var/log/httpd/modsec_debug.log$}) + .with_content(%r{^\s+SecAuditLog /var/log/httpd/modsec_audit.log$}) + } + it { + is_expected.to contain_file('/etc/httpd/modsecurity.d').with( + ensure: 'directory', path: '/etc/httpd/modsecurity.d', + owner: 'root', group: 'root', mode: '0755' + ) + } + it { + is_expected.to contain_file('/etc/httpd/modsecurity.d/activated_rules').with( + ensure: 'directory', path: '/etc/httpd/modsecurity.d/activated_rules', + owner: 'apache', group: 'apache' + ) + } + it { + is_expected.to contain_file('/etc/httpd/modsecurity.d/security_crs.conf').with( + path: '/etc/httpd/modsecurity.d/security_crs.conf', + ) + } + it { is_expected.to contain_apache__security__rule_link('base_rules/modsecurity_35_bad_robots.data') } + it { + is_expected.to contain_file('modsecurity_35_bad_robots.data').with( + path: '/etc/httpd/modsecurity.d/activated_rules/modsecurity_35_bad_robots.data', + target: '/usr/lib/modsecurity.d/base_rules/modsecurity_35_bad_robots.data', + ) + } - describe 'with parameters' do - let :params do - { - activated_rules: [ - '/tmp/foo/bar.conf', - ], - audit_log_relevant_status: '^(?:5|4(?!01|04))', - audit_log_parts: 'ABCDZ', - secdefaultaction: 'deny,status:406,nolog,auditlog', - } - end + describe 'with parameters' do + let :params do + { + activated_rules: [ + '/tmp/foo/bar.conf', + ], + audit_log_relevant_status: '^(?:5|4(?!01|04))', + audit_log_parts: 'ABCDZ', + secdefaultaction: 'deny,status:406,nolog,auditlog', + } + end - it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecAuditLogRelevantStatus "\^\(\?:5\|4\(\?!01\|04\)\)"$} } - it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecAuditLogParts ABCDZ$} } - it { is_expected.to contain_file('/etc/httpd/modsecurity.d/security_crs.conf').with_content %r{^\s*SecDefaultAction "phase:2,deny,status:406,nolog,auditlog"$} } - it { - is_expected.to contain_file('bar.conf').with( - path: '/etc/httpd/modsecurity.d/activated_rules/bar.conf', - target: '/tmp/foo/bar.conf', - ) - } - end - describe 'with other modsec parameters' do - let :params do - { - manage_security_crs: false, - } - end + it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecAuditLogRelevantStatus "\^\(\?:5\|4\(\?!01\|04\)\)"$} } + it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecAuditLogParts ABCDZ$} } + it { is_expected.to contain_file('/etc/httpd/modsecurity.d/security_crs.conf').with_content %r{^\s*SecDefaultAction "phase:2,deny,status:406,nolog,auditlog"$} } + it { + is_expected.to contain_file('bar.conf').with( + path: '/etc/httpd/modsecurity.d/activated_rules/bar.conf', + target: '/tmp/foo/bar.conf', + ) + } + end + describe 'with other modsec parameters' do + let :params do + { + manage_security_crs: false, + } + end - it { is_expected.not_to contain_file('/etc/httpd/modsecurity.d/security_crs.conf') } - end - end - context 'on Debian based systems' do - let :facts do - { - osfamily: 'Debian', - operatingsystem: 'Debian', - operatingsystemrelease: '8', - lsbdistcodename: 'jessie', - id: 'root', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - kernel: 'Linux', - is_pe: false, - } - end + it { is_expected.not_to contain_file('/etc/httpd/modsecurity.d/security_crs.conf') } + end + end + when 'Debian' + context 'on Debian based systems' do + it { + is_expected.to contain_apache__mod('security').with( + id: 'security2_module', + lib: 'mod_security2.so', + ) + } + it { + is_expected.to contain_apache__mod('unique_id_module').with( + id: 'unique_id_module', + lib: 'mod_unique_id.so', + ) + } + it { is_expected.to contain_package('modsecurity-crs') } + it { + is_expected.to contain_file('security.conf').with( + path: '/etc/apache2/mods-available/security.conf', + ) + } + it { + is_expected.to contain_file('security.conf') + .with_content(%r{^\s+SecAuditLogRelevantStatus "\^\(\?:5\|4\(\?!04\)\)"$}) + .with_content(%r{^\s+SecAuditLogParts ABIJDEFHZ$}) + .with_content(%r{^\s+SecDebugLog /var/log/apache2/modsec_debug.log$}) + .with_content(%r{^\s+SecAuditLog /var/log/apache2/modsec_audit.log$}) + } + it { + is_expected.to contain_file('/etc/modsecurity').with( + ensure: 'directory', path: '/etc/modsecurity', + owner: 'root', group: 'root', mode: '0755' + ) + } + it { + is_expected.to contain_file('/etc/modsecurity/activated_rules').with( + ensure: 'directory', path: '/etc/modsecurity/activated_rules', + owner: 'www-data', group: 'www-data' + ) + } + it { + is_expected.to contain_file('/etc/modsecurity/security_crs.conf').with( + path: '/etc/modsecurity/security_crs.conf', + ) + } + if (facts[:os]['release']['major'].to_i < 18 && facts[:os]['name'] == 'Ubuntu') || + (facts[:os]['release']['major'].to_i < 9 && facts[:os]['name'] == 'Debian') + it { is_expected.to contain_apache__security__rule_link('base_rules/modsecurity_35_bad_robots.data') } + it { + is_expected.to contain_file('modsecurity_35_bad_robots.data').with( + path: '/etc/modsecurity/activated_rules/modsecurity_35_bad_robots.data', + target: '/usr/share/modsecurity-crs/base_rules/modsecurity_35_bad_robots.data', + ) + } + end - it { - is_expected.to contain_apache__mod('security').with( - id: 'security2_module', - lib: 'mod_security2.so', - ) - } - it { - is_expected.to contain_apache__mod('unique_id_module').with( - id: 'unique_id_module', - lib: 'mod_unique_id.so', - ) - } - it { is_expected.to contain_package('modsecurity-crs') } - it { - is_expected.to contain_file('security.conf').with( - path: '/etc/apache2/mods-available/security.conf', - ) - } - it { - is_expected.to contain_file('security.conf') - .with_content(%r{^\s+SecAuditLogRelevantStatus "\^\(\?:5\|4\(\?!04\)\)"$}) - .with_content(%r{^\s+SecAuditLogParts ABIJDEFHZ$}) - .with_content(%r{^\s+SecDebugLog /var/log/apache2/modsec_debug.log$}) - .with_content(%r{^\s+SecAuditLog /var/log/apache2/modsec_audit.log$}) - } - it { - is_expected.to contain_file('/etc/modsecurity').with( - ensure: 'directory', path: '/etc/modsecurity', - owner: 'root', group: 'root', mode: '0755' - ) - } - it { - is_expected.to contain_file('/etc/modsecurity/activated_rules').with( - ensure: 'directory', path: '/etc/modsecurity/activated_rules', - owner: 'www-data', group: 'www-data' - ) - } - it { - is_expected.to contain_file('/etc/modsecurity/security_crs.conf').with( - path: '/etc/modsecurity/security_crs.conf', - ) - } - it { is_expected.to contain_apache__security__rule_link('base_rules/modsecurity_35_bad_robots.data') } - it { - is_expected.to contain_file('modsecurity_35_bad_robots.data').with( - path: '/etc/modsecurity/activated_rules/modsecurity_35_bad_robots.data', - target: '/usr/share/modsecurity-crs/base_rules/modsecurity_35_bad_robots.data', - ) - } + describe 'with parameters' do + let :params do + { + activated_rules: [ + '/tmp/foo/bar.conf', + ], + audit_log_relevant_status: '^(?:5|4(?!01|04))', + audit_log_parts: 'ABCDZ', + secdefaultaction: 'deny,status:406,nolog,auditlog', + } + end - describe 'with parameters' do - let :params do - { - activated_rules: [ - '/tmp/foo/bar.conf', - ], - audit_log_relevant_status: '^(?:5|4(?!01|04))', - audit_log_parts: 'ABCDZ', - secdefaultaction: 'deny,status:406,nolog,auditlog', - } + if (facts[:os]['release']['major'].to_i < 18 && facts[:os]['name'] == 'Ubuntu') || + (facts[:os]['release']['major'].to_i < 9 && facts[:os]['name'] == 'Debian') + it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecAuditLogRelevantStatus "\^\(\?:5\|4\(\?!01\|04\)\)"$} } + it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecAuditLogParts ABCDZ$} } + it { is_expected.to contain_file('/etc/modsecurity/security_crs.conf').with_content %r{^\s*SecDefaultAction "phase:2,deny,status:406,nolog,auditlog"$} } + it { + is_expected.to contain_file('bar.conf').with( + path: '/etc/modsecurity/activated_rules/bar.conf', + target: '/tmp/foo/bar.conf', + ) + } + end + end + end end - - it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecAuditLogRelevantStatus "\^\(\?:5\|4\(\?!01\|04\)\)"$} } - it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecAuditLogParts ABCDZ$} } - it { is_expected.to contain_file('/etc/modsecurity/security_crs.conf').with_content %r{^\s*SecDefaultAction "phase:2,deny,status:406,nolog,auditlog"$} } - it { - is_expected.to contain_file('bar.conf').with( - path: '/etc/modsecurity/activated_rules/bar.conf', - target: '/tmp/foo/bar.conf', - ) - } end end end diff --git a/spec/classes/mod/suphp_spec.rb b/spec/classes/mod/suphp_spec.rb index 573b7c16c7..db4bebd501 100644 --- a/spec/classes/mod/suphp_spec.rb +++ b/spec/classes/mod/suphp_spec.rb @@ -1,38 +1,16 @@ require 'spec_helper' describe 'apache::mod::suphp', type: :class do - it_behaves_like 'a mod class, without including apache' - context 'on a Debian OS' do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '8', - lsbdistcodename: 'jessie', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end + on_supported_os.each do |os, facts| + # suphp has been declared EOL and is no longer supported on any Debian module that we test on + next unless facts[:os]['family'] == 'RedHat' + context "on #{os} " do + let :facts do + facts + end - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_package('libapache2-mod-suphp') } - end - context 'on a RedHat OS' do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '6', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } + it { is_expected.to contain_class('apache::params') } + it { is_expected.to contain_package('mod_suphp') } end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_package('mod_suphp') } end end diff --git a/spec/defines/fastcgi_server_spec.rb b/spec/defines/fastcgi_server_spec.rb index 9d3f62d8b0..fafc63acb4 100644 --- a/spec/defines/fastcgi_server_spec.rb +++ b/spec/defines/fastcgi_server_spec.rb @@ -8,162 +8,97 @@ 'www' end - describe 'os-dependent items' do - context 'on RedHat based systems' do - let :default_facts do - { - osfamily: 'RedHat', - operatingsystem: 'CentOS', - operatingsystemrelease: '6', - kernel: 'Linux', - id: 'root', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } + on_supported_os.each do |os, facts| + next if facts[:os]['release']['major'] == '18.04' + next if facts[:os]['release']['major'] == '7' && facts[:os]['family']['RedHat'] + context "on #{os} " do + let :facts do + facts end - let(:facts) { default_facts } it { is_expected.to contain_class('apache') } it { is_expected.to contain_class('apache::mod::fastcgi') } - it { - is_expected.to contain_file("fastcgi-pool-#{title}.conf").with( - ensure: 'file', - path: "/etc/httpd/conf.d/fastcgi-pool-#{title}.conf", - ) - } - end - context 'on Debian based systems' do - let :default_facts do - { - osfamily: 'Debian', - operatingsystem: 'Debian', - operatingsystemrelease: '8', - lsbdistcodename: 'jessie', - kernel: 'Linux', - id: 'root', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, + case facts[:os]['family'] + when 'RedHat' + it { + is_expected.to contain_file("fastcgi-pool-#{title}.conf").with( + ensure: 'file', + path: "/etc/httpd/conf.d/fastcgi-pool-#{title}.conf", + ) } - end - let(:facts) { default_facts } - - it { is_expected.to contain_class('apache') } - it { is_expected.to contain_class('apache::mod::fastcgi') } - it { - is_expected.to contain_file("fastcgi-pool-#{title}.conf").with( - ensure: 'file', - path: "/etc/apache2/conf.d/fastcgi-pool-#{title}.conf", - ) - } - end - context 'on FreeBSD systems' do - let :default_facts do - { - osfamily: 'FreeBSD', - operatingsystem: 'FreeBSD', - operatingsystemrelease: '9', - kernel: 'FreeBSD', - id: 'root', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, + when 'Debian' + it { + is_expected.to contain_file("fastcgi-pool-#{title}.conf").with( + ensure: 'file', + path: "/etc/apache2/conf.d/fastcgi-pool-#{title}.conf", + ) } - end - let(:facts) { default_facts } - - it { is_expected.to contain_class('apache') } - it { is_expected.to contain_class('apache::mod::fastcgi') } - it { - is_expected.to contain_file("fastcgi-pool-#{title}.conf").with( - ensure: 'file', - path: "/usr/local/etc/apache24/Includes/fastcgi-pool-#{title}.conf", - ) - } - end - context 'on Gentoo systems' do - let :default_facts do - { - osfamily: 'Gentoo', - operatingsystem: 'Gentoo', - operatingsystemrelease: '3.16.1-gentoo', - kernel: 'Linux', - id: 'root', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', - is_pe: false, + when 'FreeBSD' + it { + is_expected.to contain_file("fastcgi-pool-#{title}.conf").with( + ensure: 'file', + path: "/usr/local/etc/apache24/Includes/fastcgi-pool-#{title}.conf", + ) } - end - let(:facts) { default_facts } - - it { is_expected.to contain_class('apache') } - it { is_expected.to contain_class('apache::mod::fastcgi') } - it { - is_expected.to contain_file("fastcgi-pool-#{title}.conf").with( - ensure: 'file', - path: "/etc/apache2/conf.d/fastcgi-pool-#{title}.conf", - ) - } - end - end - describe 'os-independent items' do - let :facts do - { - osfamily: 'Debian', - operatingsystem: 'Debian', - operatingsystemrelease: '8', - lsbdistcodename: 'jessie', - kernel: 'Linux', - id: 'root', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - describe '.conf content using TCP communication' do - let :params do - { - host: '127.0.0.1:9001', - timeout: 30, - flush: true, - faux_path: '/var/www/php-www.fcgi', - fcgi_alias: '/php-www.fcgi', - file_type: 'application/x-httpd-php', - pass_header: 'Authorization', + when 'Gentoo' + it { + is_expected.to contain_file("fastcgi-pool-#{title}.conf").with( + ensure: 'file', + path: "/etc/apache2/conf.d/fastcgi-pool-#{title}.conf", + ) } end - let :expected do + + describe 'os-independent items' do + describe '.conf content using TCP communication' do + let :params do + { + host: '127.0.0.1:9001', + timeout: 30, + flush: true, + faux_path: '/var/www/php-www.fcgi', + fcgi_alias: '/php-www.fcgi', + file_type: 'application/x-httpd-php', + pass_header: 'Authorization', + } + end + let :expected do # rubocop:disable Layout/IndentationWidth : Changes to the indent causes test failures. 'FastCGIExternalServer /var/www/php-www.fcgi -idle-timeout 30 -flush -host 127.0.0.1:9001 -pass-header Authorization Alias /php-www.fcgi /var/www/php-www.fcgi Action application/x-httpd-php /php-www.fcgi ' - # rubocop:enable Layout/IndentationWidth - end + # rubocop:enable Layout/IndentationWidth + end - it do - is_expected.to contain_file('fastcgi-pool-www.conf').with_content(expected) - end - end - describe '.conf content using socket communication' do - let :params do - { - host: '/var/run/fcgi.sock', - timeout: 30, - flush: true, - faux_path: '/var/www/php-www.fcgi', - fcgi_alias: '/php-www.fcgi', - file_type: 'application/x-httpd-php', - } - end - let :expected do + it do + is_expected.to contain_file('fastcgi-pool-www.conf').with_content(expected) + end + end + describe '.conf content using socket communication' do + let :params do + { + host: '/var/run/fcgi.sock', + timeout: 30, + flush: true, + faux_path: '/var/www/php-www.fcgi', + fcgi_alias: '/php-www.fcgi', + file_type: 'application/x-httpd-php', + } + end + let :expected do # rubocop:disable Layout/IndentationWidth : Changes to the indent causes test failures. 'FastCGIExternalServer /var/www/php-www.fcgi -idle-timeout 30 -flush -socket /var/run/fcgi.sock Alias /php-www.fcgi /var/www/php-www.fcgi Action application/x-httpd-php /php-www.fcgi ' - # rubocop:enable Layout/IndentationWidth - end + # rubocop:enable Layout/IndentationWidth + end - it do - is_expected.to contain_file('fastcgi-pool-www.conf').with_content(expected) + it do + is_expected.to contain_file('fastcgi-pool-www.conf').with_content(expected) + end + end end end end diff --git a/spec/defines/modsec_link_spec.rb b/spec/defines/modsec_link_spec.rb index 8a181841ef..3035b71b71 100644 --- a/spec/defines/modsec_link_spec.rb +++ b/spec/defines/modsec_link_spec.rb @@ -11,46 +11,29 @@ class { "apache::mod::security": activated_rules => [] } 'base_rules/modsecurity_35_bad_robots.data' end - context 'on RedHat based systems' do - let :facts do - { - osfamily: 'RedHat', - operatingsystem: 'CentOS', - operatingsystemrelease: '7', - kernel: 'Linux', - id: 'root', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { - is_expected.to contain_file('modsecurity_35_bad_robots.data').with( - path: '/etc/httpd/modsecurity.d/activated_rules/modsecurity_35_bad_robots.data', - target: '/usr/lib/modsecurity.d/base_rules/modsecurity_35_bad_robots.data', - ) - } - end + on_supported_os.each do |os, facts| + context "on #{os} " do + let :facts do + facts + end - context 'on Debian based systems' do - let :facts do - { - osfamily: 'Debian', - operatingsystem: 'Debian', - operatingsystemrelease: '8', - lsbdistcodename: 'jessie', - id: 'root', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - kernel: 'Linux', - is_pe: false, - } + it { is_expected.to compile.with_all_deps } + case facts[:os]['family'] + when 'RedHat' + it { + is_expected.to contain_file('modsecurity_35_bad_robots.data').with( + path: '/etc/httpd/modsecurity.d/activated_rules/modsecurity_35_bad_robots.data', + target: '/usr/lib/modsecurity.d/base_rules/modsecurity_35_bad_robots.data', + ) + } + when 'Debian' + it { + is_expected.to contain_file('modsecurity_35_bad_robots.data').with( + path: '/etc/modsecurity/activated_rules/modsecurity_35_bad_robots.data', + target: '/usr/share/modsecurity-crs/base_rules/modsecurity_35_bad_robots.data', + ) + } + end end - - it { - is_expected.to contain_file('modsecurity_35_bad_robots.data').with( - path: '/etc/modsecurity/activated_rules/modsecurity_35_bad_robots.data', - target: '/usr/share/modsecurity-crs/base_rules/modsecurity_35_bad_robots.data', - ) - } end end diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index b5427aead2..f301864048 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -1,2299 +1,2053 @@ require 'spec_helper' describe 'apache::vhost', type: :define do - let :pre_condition do - 'class { "apache": default_vhost => false, default_mods => false, vhost_enable_dir => "/etc/apache2/sites-enabled"}' - end - let :title do - 'rspec.example.com' - end - let :default_params do - { - docroot: '/rspec/docroot', - port: '84', - } - end + describe 'os-independent items' do + on_supported_os.each do |os, facts| + # this setup uses fastcgi wich isn't available on RHEL 7 / Ubuntu 18.04 + next if facts[:os]['release']['major'] == '18.04' + next if facts[:os]['release']['major'] == '7' && facts[:os]['family']['RedHat'] + # next if facts[:os]['name'] == 'SLES' - describe 'os-dependent items' do - context 'on RedHat based systems' do - let :default_facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '6', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - let(:params) { default_params } - let(:facts) { default_facts } + apache_name = case facts[:os]['family'] + when 'RedHat' + 'httpd' + when 'Debian' + 'apache2' + else + 'apache2' + end - it { is_expected.to contain_class('apache') } - it { is_expected.to contain_class('apache::params') } - end - context 'on Debian based systems' do - let :default_facts do - { - osfamily: 'Debian', - operatingsystemrelease: '8', - lsbdistcodename: 'jessie', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } + let :pre_condition do + "class {'apache': default_vhost => false, default_mods => false, vhost_enable_dir => '/etc/#{apache_name}/sites-enabled'}" end - let(:params) { default_params } - let(:facts) { default_facts } - - it { is_expected.to contain_class('apache') } - it { is_expected.to contain_class('apache::params') } - it { - is_expected.to contain_concat('25-rspec.example.com.conf').with( - ensure: 'present', - path: '/etc/apache2/sites-available/25-rspec.example.com.conf', - ) - } - it { - is_expected.to contain_file('25-rspec.example.com.conf symlink').with( - ensure: 'link', - path: '/etc/apache2/sites-enabled/25-rspec.example.com.conf', - target: '/etc/apache2/sites-available/25-rspec.example.com.conf', - ) - } - end - context 'on FreeBSD systems' do - let :default_facts do - { - osfamily: 'FreeBSD', - operatingsystemrelease: '9', - operatingsystem: 'FreeBSD', - id: 'root', - kernel: 'FreeBSD', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } + + let :title do + 'rspec.example.com' end - let(:params) { default_params } - let(:facts) { default_facts } - - it { is_expected.to contain_class('apache') } - it { is_expected.to contain_class('apache::params') } - it { - is_expected.to contain_concat('25-rspec.example.com.conf').with( - ensure: 'present', - path: '/usr/local/etc/apache24/Vhosts/25-rspec.example.com.conf', - ) - } - end - context 'on Gentoo systems' do - let :default_facts do + + let :default_params do { - osfamily: 'Gentoo', - operatingsystem: 'Gentoo', - operatingsystemrelease: '3.16.1-gentoo', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', - is_pe: false, + docroot: '/rspec/docroot', + port: '84', } end - let(:params) { default_params } - let(:facts) { default_facts } - - it { is_expected.to contain_class('apache') } - it { is_expected.to contain_class('apache::params') } - it { - is_expected.to contain_concat('25-rspec.example.com.conf').with( - ensure: 'present', - path: '/etc/apache2/vhosts.d/25-rspec.example.com.conf', - ) - } - end - end - describe 'os-independent items' do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '6', - lsbdistcodename: 'squeeze', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - describe 'basic assumptions' do - let(:params) { default_params } + context "on #{os} " do + let :facts do + facts + end - it { is_expected.to contain_class('apache') } - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__listen(params[:port]) } - it { is_expected.to contain_apache__namevirtualhost("*:#{params[:port]}") } - end - context 'set everything!' do - let :params do - { - 'docroot' => '/var/www/foo', - 'manage_docroot' => false, - 'virtual_docroot' => true, - 'port' => '8080', - 'ip' => '127.0.0.1', - 'ip_based' => true, - 'add_listen' => false, - 'docroot_owner' => 'user', - 'docroot_group' => 'wheel', - 'docroot_mode' => '0664', - 'serveradmin' => 'foo@localhost', - 'ssl' => true, - 'ssl_cert' => '/ssl/cert', - 'ssl_key' => '/ssl/key', - 'ssl_chain' => '/ssl/chain', - 'ssl_crl_path' => '/ssl/crl', - 'ssl_crl' => 'foo.crl', - 'ssl_certs_dir' => '/ssl/certs', - 'ssl_protocol' => 'SSLv2', - 'ssl_cipher' => 'HIGH', - 'ssl_honorcipherorder' => 'Off', - 'ssl_verify_client' => 'optional', - 'ssl_verify_depth' => '3', - 'ssl_options' => '+ExportCertData', - 'ssl_openssl_conf_cmd' => 'DHParameters "foo.pem"', - 'ssl_proxy_verify' => 'require', - 'ssl_proxy_check_peer_cn' => 'on', - 'ssl_proxy_check_peer_name' => 'on', - 'ssl_proxy_check_peer_expire' => 'on', - 'ssl_proxyengine' => true, - 'ssl_proxy_cipher_suite' => 'HIGH', - 'ssl_proxy_protocol' => 'TLSv1.2', - - 'priority' => '30', - 'default_vhost' => true, - 'servername' => 'example.com', - 'serveraliases' => ['test-example.com'], - 'options' => ['MultiView'], - 'override' => ['All'], - 'directoryindex' => 'index.html', - 'vhost_name' => 'test', - 'logroot' => '/var/www/logs', - 'logroot_ensure' => 'directory', - 'logroot_mode' => '0600', - 'logroot_owner' => 'root', - 'logroot_group' => 'root', - 'log_level' => 'crit', - 'access_log' => false, - 'access_log_file' => 'httpd_access_log', - 'access_log_syslog' => true, - 'access_log_format' => '%h %l %u %t \"%r\" %>s %b', - 'access_log_env_var' => '', - 'aliases' => '/image', - 'directories' => [ + describe 'basic assumptions' do + let(:params) { default_params } + + it { is_expected.to contain_class('apache') } + it { is_expected.to contain_class('apache::params') } + it { is_expected.to contain_apache__listen(params[:port]) } + # namebased virualhost is only created on apache 2.2 and older + if (facts[:os]['family'] == 'RedHat' && facts[:os]['release']['major'].to_i < 7) || + (facts[:os]['name'] == 'Amazon') || + (facts[:os]['name'] == 'SLES' && facts[:os]['release']['major'].to_i < 12) + it { is_expected.to contain_apache__namevirtualhost("*:#{params[:port]}") } + end + end + context 'set everything!' do + let :params do { - 'path' => '/var/www/files', - 'provider' => 'files', - 'require' => ['valid-user', 'all denied'], - }, + 'docroot' => '/var/www/foo', + 'manage_docroot' => false, + 'virtual_docroot' => true, + 'port' => '8080', + 'ip' => '127.0.0.1', + 'ip_based' => true, + 'add_listen' => false, + 'docroot_owner' => 'user', + 'docroot_group' => 'wheel', + 'docroot_mode' => '0664', + 'serveradmin' => 'foo@localhost', + 'ssl' => true, + 'ssl_cert' => '/ssl/cert', + 'ssl_key' => '/ssl/key', + 'ssl_chain' => '/ssl/chain', + 'ssl_crl_path' => '/ssl/crl', + 'ssl_crl' => 'foo.crl', + 'ssl_certs_dir' => '/ssl/certs', + 'ssl_protocol' => 'SSLv2', + 'ssl_cipher' => 'HIGH', + 'ssl_honorcipherorder' => 'Off', + 'ssl_verify_client' => 'optional', + 'ssl_verify_depth' => '3', + 'ssl_options' => '+ExportCertData', + 'ssl_openssl_conf_cmd' => 'DHParameters "foo.pem"', + 'ssl_proxy_verify' => 'require', + 'ssl_proxy_check_peer_cn' => 'on', + 'ssl_proxy_check_peer_name' => 'on', + 'ssl_proxy_check_peer_expire' => 'on', + 'ssl_proxyengine' => true, + 'ssl_proxy_cipher_suite' => 'HIGH', + 'ssl_proxy_protocol' => 'TLSv1.2', + + 'priority' => '30', + 'default_vhost' => true, + 'servername' => 'example.com', + 'serveraliases' => ['test-example.com'], + 'options' => ['MultiView'], + 'override' => ['All'], + 'directoryindex' => 'index.html', + 'vhost_name' => 'test', + 'logroot' => '/var/www/logs', + 'logroot_ensure' => 'directory', + 'logroot_mode' => '0600', + 'logroot_owner' => 'root', + 'logroot_group' => 'root', + 'log_level' => 'crit', + 'access_log' => false, + 'access_log_file' => 'httpd_access_log', + 'access_log_syslog' => true, + 'access_log_format' => '%h %l %u %t \"%r\" %>s %b', + 'access_log_env_var' => '', + 'aliases' => '/image', + 'directories' => [ + { + 'path' => '/var/www/files', + 'provider' => 'files', + 'require' => ['valid-user', 'all denied'], + }, + { + 'path' => '/var/www/files', + 'provider' => 'files', + 'additional_includes' => ['/custom/path/includes', '/custom/path/another_includes'], + }, + { + 'path' => '/var/www/files', + 'provider' => 'files', + 'require' => 'all granted', + }, + { + 'path' => '/var/www/files', + 'provider' => 'files', + 'require' => + { + 'enforce' => 'all', + 'requires' => ['all-valid1', 'all-valid2'], + }, + }, + { + 'path' => '/var/www/files', + 'provider' => 'files', + 'require' => + { + 'enforce' => 'none', + 'requires' => ['none-valid1', 'none-valid2'], + }, + }, + { + 'path' => '/var/www/files', + 'provider' => 'files', + 'require' => + { + 'enforce' => 'any', + 'requires' => ['any-valid1', 'any-valid2'], + }, + }, + { + 'path' => '*', + 'provider' => 'proxy', + }, + { 'path' => '/var/www/files/indexed_directory', + 'directoryindex' => 'disabled', + 'options' => ['Indexes', 'FollowSymLinks', 'MultiViews'], + 'index_options' => ['FancyIndexing'], + 'index_style_sheet' => '/styles/style.css' }, + { 'path' => '/var/www/files/output_filtered', + 'set_output_filter' => 'output_filter' }, + { 'path' => '/var/www/files', + 'provider' => 'location', + 'limit' => [ + { 'methods' => 'GET HEAD', + 'require' => ['valid-user'] }, + ] }, + { 'path' => '/var/www/files', + 'provider' => 'location', + 'limit_except' => [ + { 'methods' => 'GET HEAD', + 'require' => ['valid-user'] }, + ] }, + { 'path' => '/var/www/dav', + 'dav' => 'filesystem', + 'dav_depth_infinity' => true, + 'dav_min_timeout' => '600' }, + { + 'path' => '/var/www/node-app/public', + 'passenger_enabled' => true, + 'passenger_base_uri' => '/app', + 'passenger_ruby' => '/path/to/ruby', + 'passenger_python' => '/path/to/python', + 'passenger_nodejs' => '/path/to/nodejs', + 'passenger_meteor_app_settings' => '/path/to/file.json', + 'passenger_app_env' => 'demo', + 'passenger_app_root' => '/var/www/node-app', + 'passenger_app_group_name' => 'foo_bar', + 'passenger_app_type' => 'node', + 'passenger_startup_file' => 'start.js', + 'passenger_restart_dir' => 'temp', + 'passenger_load_shell_envvars' => false, + 'passenger_rolling_restarts' => false, + 'passenger_resist_deployment_errors' => false, + 'passenger_user' => 'nodeuser', + 'passenger_group' => 'nodegroup', + 'passenger_friendly_error_pages' => true, + 'passenger_min_instances' => 7, + 'passenger_max_instances' => 9, + 'passenger_force_max_concurrent_requests_per_process' => 12, + 'passenger_start_timeout' => 10, + 'passenger_concurrency_model' => 'thread', + 'passenger_thread_count' => 20, + 'passenger_max_requests' => 2000, + 'passenger_max_request_time' => 1, + 'passenger_memory_limit' => 32, + 'passenger_high_performance' => false, + 'passenger_buffer_upload' => false, + 'passenger_buffer_response' => false, + 'passenger_error_override' => false, + 'passenger_max_request_queue_size' => 120, + 'passenger_max_request_queue_time' => 5, + 'passenger_sticky_sessions' => true, + 'passenger_sticky_sessions_cookie_name' => '_delicious_cookie', + 'passenger_allow_encoded_slashes' => false, + 'passenger_debugger' => false, + }, + ], + 'error_log' => false, + 'error_log_file' => 'httpd_error_log', + 'error_log_syslog' => true, + 'error_documents' => 'true', + 'fallbackresource' => '/index.php', + 'scriptalias' => '/usr/lib/cgi-bin', + 'scriptaliases' => [ + { + 'alias' => '/myscript', + 'path' => '/usr/share/myscript', + }, + { + 'aliasmatch' => '^/foo(.*)', + 'path' => '/usr/share/fooscripts$1', + }, + ], + 'proxy_dest' => '/', + 'proxy_pass' => [ + { + 'path' => '/a', + 'url' => 'http://backend-a/', + 'keywords' => ['noquery', 'interpolate'], + 'no_proxy_uris' => ['/a/foo', '/a/bar'], + 'no_proxy_uris_match' => ['/a/foomatch'], + 'reverse_cookies' => [ + { + 'path' => '/a', + 'url' => 'http://backend-a/', + }, + { + 'domain' => 'foo', + 'url' => 'http://foo', + }, + ], + 'params' => { + 'retry' => '0', + 'timeout' => '5', + }, + 'setenv' => ['proxy-nokeepalive 1', 'force-proxy-request-1.0 1'], + }, + ], + 'proxy_pass_match' => [ + { + 'path' => '/a', + 'url' => 'http://backend-a/', + 'keywords' => ['noquery', 'interpolate'], + 'no_proxy_uris' => ['/a/foo', '/a/bar'], + 'no_proxy_uris_match' => ['/a/foomatch'], + 'params' => { + 'retry' => '0', + 'timeout' => '5', + }, + 'setenv' => ['proxy-nokeepalive 1', 'force-proxy-request-1.0 1'], + }, + ], + 'suphp_addhandler' => 'foo', + 'suphp_engine' => 'on', + 'suphp_configpath' => '/var/www/html', + 'php_admin_flags' => ['foo', 'bar'], + 'php_admin_values' => ['true', 'false'], + 'no_proxy_uris' => '/foo', + 'no_proxy_uris_match' => '/foomatch', + 'proxy_preserve_host' => true, + 'proxy_add_headers' => true, + 'proxy_error_override' => true, + 'redirect_source' => '/bar', + 'redirect_dest' => '/', + 'redirect_status' => 'temp', + 'redirectmatch_status' => ['404'], + 'redirectmatch_regexp' => ['\.git$'], + 'redirectmatch_dest' => ['http://www.example.com'], + 'headers' => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"', + 'request_headers' => ['append MirrorID "mirror 12"'], + 'rewrites' => [ + { + 'rewrite_rule' => ['^index\.html$ welcome.html'], + }, + ], + 'filters' => [ + 'FilterDeclare COMPRESS', + 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html', + 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/css', + 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/plain', + 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/xml', + 'FilterChain COMPRESS', + 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no', + ], + 'rewrite_base' => '/', + 'rewrite_rule' => '^index\.html$ welcome.html', + 'rewrite_cond' => '%{HTTP_USER_AGENT} ^MSIE', + 'rewrite_inherit' => true, + 'setenv' => ['FOO=/bin/true'], + 'setenvif' => 'Request_URI "\.gif$" object_is_image=gif', + 'setenvifnocase' => 'REMOTE_ADDR ^127.0.0.1 localhost=true', + 'block' => 'scm', + 'wsgi_application_group' => '%{GLOBAL}', + 'wsgi_daemon_process' => 'wsgi', + 'wsgi_daemon_process_options' => { + 'processes' => '2', + 'threads' => '15', + 'display-name' => '%{GROUP}', + }, + 'wsgi_import_script' => '/var/www/demo.wsgi', + 'wsgi_import_script_options' => { + 'process-group' => 'wsgi', + 'application-group' => '%{GLOBAL}', + }, + 'wsgi_process_group' => 'wsgi', + 'wsgi_script_aliases' => { + '/' => '/var/www/demo.wsgi', + }, + 'wsgi_script_aliases_match' => { + '^/test/(^[/*)' => '/var/www/demo.wsgi', + }, + 'wsgi_pass_authorization' => 'On', + 'custom_fragment' => '#custom string', + 'itk' => { + 'user' => 'someuser', + 'group' => 'somegroup', + }, + 'wsgi_chunked_request' => 'On', + 'action' => 'foo', + 'fastcgi_server' => 'localhost', + 'fastcgi_socket' => '/tmp/fastcgi.socket', + 'fastcgi_dir' => '/tmp', + 'fastcgi_idle_timeout' => '120', + 'additional_includes' => '/custom/path/includes', + 'apache_version' => '2.4', + 'use_optional_includes' => true, + 'suexec_user_group' => 'root root', + 'allow_encoded_slashes' => 'nodecode', + 'use_canonical_name' => 'dns', + 'passenger_enabled' => false, + 'passenger_base_uri' => '/app', + 'passenger_ruby' => '/usr/bin/ruby1.9.1', + 'passenger_python' => '/usr/local/bin/python', + 'passenger_nodejs' => '/usr/bin/node', + 'passenger_meteor_app_settings' => '/path/to/some/file.json', + 'passenger_app_env' => 'test', + 'passenger_app_root' => '/usr/share/myapp', + 'passenger_app_group_name' => 'app_customer', + 'passenger_app_type' => 'rack', + 'passenger_startup_file' => 'bin/www', + 'passenger_restart_dir' => 'tmp', + 'passenger_spawn_method' => 'direct', + 'passenger_load_shell_envvars' => false, + 'passenger_rolling_restarts' => false, + 'passenger_resist_deployment_errors' => true, + 'passenger_user' => 'sandbox', + 'passenger_group' => 'sandbox', + 'passenger_friendly_error_pages' => false, + 'passenger_min_instances' => 1, + 'passenger_max_instances' => 30, + 'passenger_max_preloader_idle_time' => 600, + 'passenger_force_max_concurrent_requests_per_process' => 10, + 'passenger_start_timeout' => 600, + 'passenger_concurrency_model' => 'thread', + 'passenger_thread_count' => 5, + 'passenger_max_requests' => 1000, + 'passenger_max_request_time' => 2, + 'passenger_memory_limit' => 64, + 'passenger_stat_throttle_rate' => 5, + 'passenger_pre_start' => 'http://localhost/myapp', + 'passenger_high_performance' => true, + 'passenger_buffer_upload' => false, + 'passenger_buffer_response' => false, + 'passenger_error_override' => true, + 'passenger_max_request_queue_size' => 10, + 'passenger_max_request_queue_time' => 2, + 'passenger_sticky_sessions' => true, + 'passenger_sticky_sessions_cookie_name' => '_nom_nom_nom', + 'passenger_allow_encoded_slashes' => true, + 'passenger_debugger' => true, + 'passenger_lve_min_uid' => 500, + 'add_default_charset' => 'UTF-8', + 'jk_mounts' => [ + { 'mount' => '/*', 'worker' => 'tcnode1' }, + { 'unmount' => '/*.jpg', 'worker' => 'tcnode1' }, + ], + 'auth_kerb' => true, + 'krb_method_negotiate' => 'off', + 'krb_method_k5passwd' => 'off', + 'krb_authoritative' => 'off', + 'krb_auth_realms' => ['EXAMPLE.ORG', 'EXAMPLE.NET'], + 'krb_5keytab' => '/tmp/keytab5', + 'krb_local_user_mapping' => 'off', + 'http_protocol_options' => 'Strict LenientMethods Allow0.9', + 'keepalive' => 'on', + 'keepalive_timeout' => '100', + 'max_keepalive_requests' => '1000', + } + end + + it { is_expected.to compile } + it { is_expected.not_to contain_file('/var/www/foo') } + it { is_expected.to contain_class('apache::mod::ssl') } + it { + is_expected.to contain_file('ssl.conf').with( + content: %r{^\s+SSLHonorCipherOrder On$}, + ) + } + it { + is_expected.to contain_file('ssl.conf').with( + content: %r{^\s+SSLPassPhraseDialog builtin$}, + ) + } + it { + is_expected.to contain_file('ssl.conf').with( + content: %r{^\s+SSLSessionCacheTimeout 300$}, + ) + } + it { is_expected.to contain_class('apache::mod::mime') } + it { is_expected.to contain_class('apache::mod::vhost_alias') } + it { is_expected.to contain_class('apache::mod::wsgi') } + it { is_expected.to contain_class('apache::mod::suexec') } + it { is_expected.to contain_class('apache::mod::passenger') } + it { + is_expected.to contain_file('/var/www/logs').with('ensure' => 'directory', + 'mode' => '0600') + } + it { is_expected.to contain_class('apache::mod::rewrite') } + it { is_expected.to contain_class('apache::mod::alias') } + it { is_expected.to contain_class('apache::mod::proxy') } + it { is_expected.to contain_class('apache::mod::proxy_http') } + it { is_expected.to contain_class('apache::mod::fastcgi') } + it { is_expected.to contain_class('apache::mod::headers') } + it { is_expected.to contain_class('apache::mod::filter') } + it { is_expected.to contain_class('apache::mod::env') } + it { is_expected.to contain_class('apache::mod::setenvif') } + it { + is_expected.to contain_concat('30-rspec.example.com.conf').with('owner' => 'root', + 'mode' => '0644', + 'require' => 'Package[httpd]', + 'notify' => 'Class[Apache::Service]') + } + if facts[:os]['release']['major'].to_i >= 18 && facts[:os]['name'] == 'Ubuntu' + it { + is_expected.to contain_file('30-rspec.example.com.conf symlink').with('ensure' => 'link', + 'path' => "/etc/#{apache_name}/sites-enabled/30-rspec.example.com.conf") + } + end + it { is_expected.to contain_concat__fragment('rspec.example.com-apache-header') } + it { is_expected.to contain_concat__fragment('rspec.example.com-docroot') } + it { is_expected.to contain_concat__fragment('rspec.example.com-aliases') } + it { is_expected.to contain_concat__fragment('rspec.example.com-itk') } + it { is_expected.to contain_concat__fragment('rspec.example.com-fallbackresource') } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories') } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+Include\s'\/custom\/path\/includes'$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+Include\s'\/custom\/path\/another_includes'$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+Require valid-user$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+Require all denied$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+Require all granted$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+<\/RequireAll>$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+Require all-valid1$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+Require all-valid2$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+<\/RequireNone>$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+Require none-valid1$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+Require none-valid2$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+<\/RequireAny>$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+Require any-valid1$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+Require any-valid2$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+Options\sIndexes\sFollowSymLinks\sMultiViews$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+IndexOptions\sFancyIndexing$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+IndexStyleSheet\s'\/styles\/style\.css'$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+DirectoryIndex\sdisabled$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+SetOutputFilter\soutput_filter$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{\s+\s*Require valid-user\s*<\/Limit>}m, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{\s+\s*Require valid-user\s*<\/LimitExcept>}m, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+Dav\sfilesystem$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+DavDepthInfinity\sOn$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+DavMinTimeout\s600$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+PassengerEnabled\sOn$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+PassengerBaseURI\s/app$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+PassengerRuby\s/path/to/ruby$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+PassengerPython\s/path/to/python$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+PassengerNodejs\s/path/to/nodejs$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+PassengerMeteorAppSettings\s/path/to/file\.json$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+PassengerAppEnv\sdemo$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+PassengerAppRoot\s/var/www/node-app$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+PassengerAppGroupName\sfoo_bar$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+PassengerAppType\snode$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+PassengerStartupFile\sstart\.js$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+PassengerRestartDir\stemp$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+PassengerLoadShellEnvvars\sOff$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+PassengerRollingRestarts\sOff$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+PassengerResistDeploymentErrors\sOff$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+PassengerUser\snodeuser$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+PassengerGroup\snodegroup$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+PassengerFriendlyErrorPages\sOn$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+PassengerMinInstances\s7$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+PassengerMaxInstances\s9$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+PassengerForceMaxConcurrentRequestsPerProcess\s12$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+PassengerStartTimeout\s10$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+PassengerConcurrencyModel\sthread$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+PassengerThreadCount\s20$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+PassengerMaxRequests\s2000$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+PassengerMaxRequestTime\s1$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+PassengerMemoryLimit\s32$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+PassengerHighPerformance\sOff$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+PassengerBufferUpload\sOff$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+PassengerBufferResponse\sOff$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+PassengerErrorOverride\sOff$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+PassengerMaxRequestQueueSize\s120$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+PassengerMaxRequestQueueTime\s5$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+PassengerStickySessions\sOn$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+PassengerStickySessionsCookieName\s_delicious_cookie$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+PassengerAllowEncodedSlashes\sOff$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+PassengerDebugger\sOff$}, + ) + } + it { is_expected.to contain_concat__fragment('rspec.example.com-additional_includes') } + it { is_expected.to contain_concat__fragment('rspec.example.com-logging') } + it { is_expected.to contain_concat__fragment('rspec.example.com-serversignature') } + it { is_expected.not_to contain_concat__fragment('rspec.example.com-access_log') } + it { is_expected.to contain_concat__fragment('rspec.example.com-action') } + it { is_expected.to contain_concat__fragment('rspec.example.com-block') } + it { is_expected.to contain_concat__fragment('rspec.example.com-error_document') } + it { + is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( + %r{retry=0}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( + %r{timeout=5}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( + %r{SetEnv force-proxy-request-1.0 1}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( + %r{SetEnv proxy-nokeepalive 1}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( + %r{noquery interpolate}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( + %r{ProxyPreserveHost On}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( + %r{ProxyAddHeaders On}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( + %r{ProxyPassReverseCookiePath\s+\/a\s+http:\/\/}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( + %r{ProxyPassReverseCookieDomain\s+foo\s+http:\/\/foo}, + ) + } + it { is_expected.to contain_concat__fragment('rspec.example.com-redirect') } + it { is_expected.to contain_concat__fragment('rspec.example.com-rewrite') } + it { + is_expected.to contain_concat__fragment('rspec.example.com-rewrite').with( + content: %r{^\s+RewriteOptions Inherit$}, + ) + } + it { is_expected.to contain_concat__fragment('rspec.example.com-scriptalias') } + it { is_expected.to contain_concat__fragment('rspec.example.com-serveralias') } + it { + is_expected.to contain_concat__fragment('rspec.example.com-setenv').with_content( + %r{SetEnv FOO=/bin/true}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-setenv').with_content( + %r{SetEnvIf Request_URI "\\.gif\$" object_is_image=gif}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-setenv').with_content( + %r{SetEnvIfNoCase REMOTE_ADDR \^127.0.0.1 localhost=true}, + ) + } + it { is_expected.to contain_concat__fragment('rspec.example.com-ssl') } + it { + is_expected.to contain_concat__fragment('rspec.example.com-ssl').with( + content: %r{^\s+SSLOpenSSLConfCmd\s+DHParameters "foo.pem"$}, + ) + } + it { is_expected.to contain_concat__fragment('rspec.example.com-sslproxy') } + it { + is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with( + content: %r{^\s+SSLProxyEngine On$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with( + content: %r{^\s+SSLProxyCheckPeerCN\s+on$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with( + content: %r{^\s+SSLProxyCheckPeerName\s+on$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with( + content: %r{^\s+SSLProxyCheckPeerExpire\s+on$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with( + content: %r{^\s+SSLProxyCipherSuite\s+HIGH$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with( + content: %r{^\s+SSLProxyProtocol\s+TLSv1.2$}, + ) + } + it { is_expected.to contain_concat__fragment('rspec.example.com-suphp') } + it { is_expected.to contain_concat__fragment('rspec.example.com-php_admin') } + it { is_expected.to contain_concat__fragment('rspec.example.com-header') } + it { + is_expected.to contain_concat__fragment('rspec.example.com-filters').with( + content: %r{^\s+FilterDeclare COMPRESS$}, + ) + } + it { is_expected.to contain_concat__fragment('rspec.example.com-requestheader') } + it { is_expected.to contain_concat__fragment('rspec.example.com-wsgi') } + it { is_expected.to contain_concat__fragment('rspec.example.com-custom_fragment') } + it { is_expected.to contain_concat__fragment('rspec.example.com-fastcgi') } + it { is_expected.to contain_concat__fragment('rspec.example.com-suexec') } + it { is_expected.to contain_concat__fragment('rspec.example.com-allow_encoded_slashes') } + it { is_expected.to contain_concat__fragment('rspec.example.com-passenger') } + it { is_expected.to contain_concat__fragment('rspec.example.com-charsets') } + it { is_expected.not_to contain_concat__fragment('rspec.example.com-security') } + it { is_expected.to contain_concat__fragment('rspec.example.com-file_footer') } + it { + is_expected.to contain_concat__fragment('rspec.example.com-jk_mounts').with( + content: %r{^\s+JkMount\s+\/\*\s+tcnode1$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-jk_mounts').with( + content: %r{^\s+JkUnMount\s+\/\*\.jpg\s+tcnode1$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with( + content: %r{^\s+KrbMethodNegotiate\soff$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with( + content: %r{^\s+KrbAuthoritative\soff$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with( + content: %r{^\s+KrbAuthRealms\sEXAMPLE.ORG\sEXAMPLE.NET$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with( + content: %r{^\s+Krb5Keytab\s\/tmp\/keytab5$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with( + content: %r{^\s+KrbLocalUserMapping\soff$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with( + content: %r{^\s+KrbServiceName\sHTTP$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with( + content: %r{^\s+KrbSaveCredentials\soff$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with( + content: %r{^\s+KrbVerifyKDC\son$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-http_protocol_options').with( + content: %r{^\s*HttpProtocolOptions\s+Strict\s+LenientMethods\s+Allow0\.9$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-keepalive_options').with( + content: %r{^\s+KeepAlive\son$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-keepalive_options').with( + content: %r{^\s+KeepAliveTimeout\s100$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-keepalive_options').with( + content: %r{^\s+MaxKeepAliveRequests\s1000$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerEnabled\sOff$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerBaseURI\s/app$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerRuby\s/usr/bin/ruby1\.9\.1$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerPython\s/usr/local/bin/python$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerNodejs\s/usr/bin/node$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerMeteorAppSettings\s/path/to/some/file.json$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerAppEnv\stest$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerAppRoot\s/usr/share/myapp$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerAppGroupName\sapp_customer$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerAppType\srack$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerStartupFile\sbin/www$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerRestartDir\stmp$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerSpawnMethod\sdirect$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerLoadShellEnvvars\sOff$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerRollingRestarts\sOff$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerResistDeploymentErrors\sOn$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerUser\ssandbox$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerGroup\ssandbox$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerFriendlyErrorPages\sOff$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerMinInstances\s1$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerMaxInstances\s30$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerMaxPreloaderIdleTime\s600$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerForceMaxConcurrentRequestsPerProcess\s10$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerStartTimeout\s600$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerConcurrencyModel\sthread$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerThreadCount\s5$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerMaxRequests\s1000$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerMaxRequestTime\s2$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerMemoryLimit\s64$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerStatThrottleRate\s5$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-file_footer').with( + content: %r{^PassengerPreStart\shttp://localhost/myapp$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerHighPerformance\sOn$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerBufferUpload\sOff$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerBufferResponse\sOff$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerErrorOverride\sOn$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerMaxRequestQueueSize\s10$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerMaxRequestQueueTime\s2$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerStickySessions\sOn$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerStickySessionsCookieName\s_nom_nom_nom$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerAllowEncodedSlashes\sOn$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerDebugger\sOn$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( + content: %r{^\s+PassengerLveMinUid\s500$}, + ) + } + end + context 'vhost with multiple ip addresses' do + let :params do { - 'path' => '/var/www/files', - 'provider' => 'files', - 'additional_includes' => ['/custom/path/includes', '/custom/path/another_includes'], - }, + 'port' => '80', + 'ip' => ['127.0.0.1', '::1'], + 'ip_based' => true, + 'servername' => 'example.com', + 'docroot' => '/var/www/html', + 'add_listen' => true, + 'ensure' => 'present', + } + end + + it { is_expected.to compile } + it { + is_expected.to contain_concat__fragment('rspec.example.com-apache-header').with( + content: %r{[.\/m]*[.\/m]*$}, + ) + } + it { is_expected.to contain_concat__fragment('Listen 127.0.0.1:80') } + it { is_expected.to contain_concat__fragment('Listen [::1]:80') } + it { is_expected.not_to contain_concat__fragment('NameVirtualHost 127.0.0.1:80') } + it { is_expected.not_to contain_concat__fragment('NameVirtualHost [::1]:80') } + end + + context 'vhost with multiple ports' do + let :params do { - 'path' => '/var/www/files', - 'provider' => 'files', - 'require' => 'all granted', - }, + 'port' => ['80', '8080'], + 'ip' => '127.0.0.1', + 'ip_based' => true, + 'servername' => 'example.com', + 'docroot' => '/var/www/html', + 'add_listen' => true, + 'ensure' => 'present', + } + end + + it { is_expected.to compile } + it { + is_expected.to contain_concat__fragment('rspec.example.com-apache-header').with( + content: %r{[.\/m]*[.\/m]*$}, + ) + } + it { is_expected.to contain_concat__fragment('Listen 127.0.0.1:80') } + it { is_expected.to contain_concat__fragment('Listen 127.0.0.1:8080') } + it { is_expected.not_to contain_concat__fragment('NameVirtualHost 127.0.0.1:80') } + it { is_expected.not_to contain_concat__fragment('NameVirtualHost 127.0.0.1:8080') } + end + + context 'vhost with multiple ip addresses, multiple ports' do + let :params do { - 'path' => '/var/www/files', - 'provider' => 'files', - 'require' => - { - 'enforce' => 'all', - 'requires' => ['all-valid1', 'all-valid2'], - }, - }, + 'port' => ['80', '8080'], + 'ip' => ['127.0.0.1', '::1'], + 'ip_based' => true, + 'servername' => 'example.com', + 'docroot' => '/var/www/html', + 'add_listen' => true, + 'ensure' => 'present', + } + end + + it { is_expected.to compile } + it { + is_expected.to contain_concat__fragment('rspec.example.com-apache-header').with( + content: %r{[.\/m]*[.\/m]*$}, + ) + } + it { is_expected.to contain_concat__fragment('Listen 127.0.0.1:80') } + it { is_expected.to contain_concat__fragment('Listen 127.0.0.1:8080') } + it { is_expected.to contain_concat__fragment('Listen [::1]:80') } + it { is_expected.to contain_concat__fragment('Listen [::1]:8080') } + it { is_expected.not_to contain_concat__fragment('NameVirtualHost 127.0.0.1:80') } + it { is_expected.not_to contain_concat__fragment('NameVirtualHost 127.0.0.1:8080') } + it { is_expected.not_to contain_concat__fragment('NameVirtualHost [::1]:80') } + it { is_expected.not_to contain_concat__fragment('NameVirtualHost [::1]:8080') } + end + + context 'vhost with ipv6 address' do + let :params do { - 'path' => '/var/www/files', - 'provider' => 'files', - 'require' => - { - 'enforce' => 'none', - 'requires' => ['none-valid1', 'none-valid2'], - }, - }, + 'port' => '80', + 'ip' => '::1', + 'ip_based' => true, + 'servername' => 'example.com', + 'docroot' => '/var/www/html', + 'add_listen' => true, + 'ensure' => 'present', + } + end + + it { is_expected.to compile } + it { + is_expected.to contain_concat__fragment('rspec.example.com-apache-header').with( + content: %r{[.\/m]*[.\/m]*$}, + ) + } + it { is_expected.to contain_concat__fragment('Listen [::1]:80') } + it { is_expected.not_to contain_concat__fragment('NameVirtualHost [::1]:80') } + end + + context 'vhost with wildcard ip address' do + let :params do { - 'path' => '/var/www/files', - 'provider' => 'files', - 'require' => - { - 'enforce' => 'any', - 'requires' => ['any-valid1', 'any-valid2'], - }, - }, + 'port' => '80', + 'ip' => '*', + 'ip_based' => true, + 'servername' => 'example.com', + 'docroot' => '/var/www/html', + 'add_listen' => true, + 'ensure' => 'present', + } + end + + it { is_expected.to compile } + it { + is_expected.to contain_concat__fragment('rspec.example.com-apache-header').with( + content: %r{[.\/m]*[.\/m]*$}, + ) + } + it { is_expected.to contain_concat__fragment('Listen *:80') } + it { is_expected.not_to contain_concat__fragment('NameVirtualHost *:80') } + end + + context 'modsec_audit_log' do + let :params do { - 'path' => '*', - 'provider' => 'proxy', - }, - { 'path' => '/var/www/files/indexed_directory', - 'directoryindex' => 'disabled', - 'options' => ['Indexes', 'FollowSymLinks', 'MultiViews'], - 'index_options' => ['FancyIndexing'], - 'index_style_sheet' => '/styles/style.css' }, - { 'path' => '/var/www/files/output_filtered', - 'set_output_filter' => 'output_filter' }, - { 'path' => '/var/www/files', - 'provider' => 'location', - 'limit' => [ - { 'methods' => 'GET HEAD', - 'require' => ['valid-user'] }, - ] }, - { 'path' => '/var/www/files', - 'provider' => 'location', - 'limit_except' => [ - { 'methods' => 'GET HEAD', - 'require' => ['valid-user'] }, - ] }, - { 'path' => '/var/www/dav', - 'dav' => 'filesystem', - 'dav_depth_infinity' => true, - 'dav_min_timeout' => '600' }, + 'docroot' => '/rspec/docroot', + 'modsec_audit_log' => true, + } + end + + it { is_expected.to compile } + it { + is_expected.to contain_concat__fragment('rspec.example.com-security').with( + content: %r{^\s*SecAuditLog "\/var\/log\/#{apache_name}\/rspec\.example\.com_security\.log"$}, + ) + } + end + context 'modsec_audit_log_file' do + let :params do { - 'path' => '/var/www/node-app/public', - 'passenger_enabled' => true, - 'passenger_base_uri' => '/app', - 'passenger_ruby' => '/path/to/ruby', - 'passenger_python' => '/path/to/python', - 'passenger_nodejs' => '/path/to/nodejs', - 'passenger_meteor_app_settings' => '/path/to/file.json', - 'passenger_app_env' => 'demo', - 'passenger_app_root' => '/var/www/node-app', - 'passenger_app_group_name' => 'foo_bar', - 'passenger_app_type' => 'node', - 'passenger_startup_file' => 'start.js', - 'passenger_restart_dir' => 'temp', - 'passenger_load_shell_envvars' => false, - 'passenger_rolling_restarts' => false, - 'passenger_resist_deployment_errors' => false, - 'passenger_user' => 'nodeuser', - 'passenger_group' => 'nodegroup', - 'passenger_friendly_error_pages' => true, - 'passenger_min_instances' => 7, - 'passenger_max_instances' => 9, - 'passenger_force_max_concurrent_requests_per_process' => 12, - 'passenger_start_timeout' => 10, - 'passenger_concurrency_model' => 'thread', - 'passenger_thread_count' => 20, - 'passenger_max_requests' => 2000, - 'passenger_max_request_time' => 1, - 'passenger_memory_limit' => 32, - 'passenger_high_performance' => false, - 'passenger_buffer_upload' => false, - 'passenger_buffer_response' => false, - 'passenger_error_override' => false, - 'passenger_max_request_queue_size' => 120, - 'passenger_max_request_queue_time' => 5, - 'passenger_sticky_sessions' => true, - 'passenger_sticky_sessions_cookie_name' => '_delicious_cookie', - 'passenger_allow_encoded_slashes' => false, - 'passenger_debugger' => false, - }, - ], - 'error_log' => false, - 'error_log_file' => 'httpd_error_log', - 'error_log_syslog' => true, - 'error_documents' => 'true', - 'fallbackresource' => '/index.php', - 'scriptalias' => '/usr/lib/cgi-bin', - 'scriptaliases' => [ + 'docroot' => '/rspec/docroot', + 'modsec_audit_log_file' => 'foo.log', + } + end + + it { is_expected.to compile } + it { + is_expected.to contain_concat__fragment('rspec.example.com-security').with( + content: %r{\s*SecAuditLog "\/var\/log\/#{apache_name}\/foo.log"$}, + ) + } + end + context 'set only aliases' do + let :params do { - 'alias' => '/myscript', - 'path' => '/usr/share/myscript', - }, + 'docroot' => '/rspec/docroot', + 'aliases' => [ + { + 'alias' => '/alias', + 'path' => '/rspec/docroot', + }, + ], + } + end + + it { is_expected.to contain_class('apache::mod::alias') } + end + context 'proxy_pass_match' do + let :params do { - 'aliasmatch' => '^/foo(.*)', - 'path' => '/usr/share/fooscripts$1', - }, - ], - 'proxy_dest' => '/', - 'proxy_pass' => [ + 'docroot' => '/rspec/docroot', + 'proxy_pass_match' => [ + { + 'path' => '.*', + 'url' => 'http://backend-a/', + 'params' => { 'timeout' => 300 }, + }, + ], + } + end + + it { + is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( + %r{ProxyPassMatch .* http:\/\/backend-a\/ timeout=300}, + ).with_content(%r{## Proxy rules}) + } + end + context 'proxy_dest_match' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'proxy_dest_match' => '/', + } + end + + it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content(%r{## Proxy rules}) } + end + context 'not everything can be set together...' do + let :params do { - 'path' => '/a', - 'url' => 'http://backend-a/', - 'keywords' => ['noquery', 'interpolate'], - 'no_proxy_uris' => ['/a/foo', '/a/bar'], - 'no_proxy_uris_match' => ['/a/foomatch'], - 'reverse_cookies' => [ + 'access_log_pipe' => '/dev/null', + 'error_log_pipe' => '/dev/null', + 'docroot' => '/var/www/foo', + 'ensure' => 'absent', + 'manage_docroot' => true, + 'logroot' => '/tmp/logroot', + 'logroot_ensure' => 'absent', + 'directories' => [ { - 'path' => '/a', - 'url' => 'http://backend-a/', + 'path' => '/var/www/files', + 'provider' => 'files', + 'allow' => ['from 127.0.0.1', 'from 127.0.0.2'], + 'deny' => ['from 127.0.0.3', 'from 127.0.0.4'], + 'satisfy' => 'any', }, { - 'domain' => 'foo', - 'url' => 'http://foo', + 'path' => '/var/www/foo', + 'provider' => 'files', + 'allow' => 'from 127.0.0.5', + 'deny' => 'from all', + 'order' => 'deny,allow', }, ], - 'params' => { - 'retry' => '0', - 'timeout' => '5', - }, - 'setenv' => ['proxy-nokeepalive 1', 'force-proxy-request-1.0 1'], - }, - ], - 'proxy_pass_match' => [ + + } + end + + it { is_expected.to compile } + it { is_expected.not_to contain_class('apache::mod::ssl') } + it { is_expected.not_to contain_class('apache::mod::mime') } + it { is_expected.not_to contain_class('apache::mod::vhost_alias') } + it { is_expected.not_to contain_class('apache::mod::wsgi') } + it { is_expected.not_to contain_class('apache::mod::passenger') } + it { is_expected.not_to contain_class('apache::mod::suexec') } + it { is_expected.not_to contain_class('apache::mod::rewrite') } + it { is_expected.not_to contain_class('apache::mod::alias') } + it { is_expected.not_to contain_class('apache::mod::proxy') } + it { is_expected.not_to contain_class('apache::mod::proxy_http') } + it { is_expected.not_to contain_class('apache::mod::headers') } + it { is_expected.to contain_file('/var/www/foo') } + it { + is_expected.to contain_file('/tmp/logroot').with('ensure' => 'absent') + } + it { + is_expected.to contain_concat('25-rspec.example.com.conf').with('ensure' => 'absent') + } + it { is_expected.to contain_concat__fragment('rspec.example.com-apache-header') } + it { is_expected.to contain_concat__fragment('rspec.example.com-docroot') } + it { is_expected.not_to contain_concat__fragment('rspec.example.com-aliases') } + it { is_expected.not_to contain_concat__fragment('rspec.example.com-itk') } + it { is_expected.not_to contain_concat__fragment('rspec.example.com-fallbackresource') } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories') } + # the following style is only present on Apache 2.2 + # That is used in SLES 11, RHEL6, Amazon Linux + if (facts[:os]['family'] == 'RedHat' && facts[:os]['release']['major'].to_i < 7) || + (facts[:os]['name'] == 'Amazon') || + (facts[:os]['name'] == 'SLES' && facts[:os]['release']['major'].to_i < 12) + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+Allow from 127\.0\.0\.1$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+Allow from 127\.0\.0\.2$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+Allow from 127\.0\.0\.5$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+Deny from 127\.0\.0\.3$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+Deny from 127\.0\.0\.4$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+Deny from all$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+Satisfy any$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+Order deny,allow$}, + ) + } + end + it { is_expected.not_to contain_concat__fragment('rspec.example.com-additional_includes') } + it { is_expected.to contain_concat__fragment('rspec.example.com-logging') } + it { is_expected.to contain_concat__fragment('rspec.example.com-serversignature') } + it { is_expected.to contain_concat__fragment('rspec.example.com-access_log') } + it { is_expected.not_to contain_concat__fragment('rspec.example.com-action') } + it { is_expected.not_to contain_concat__fragment('rspec.example.com-block') } + it { is_expected.not_to contain_concat__fragment('rspec.example.com-error_document') } + it { is_expected.not_to contain_concat__fragment('rspec.example.com-proxy') } + it { is_expected.not_to contain_concat__fragment('rspec.example.com-redirect') } + it { is_expected.not_to contain_concat__fragment('rspec.example.com-rewrite') } + it { is_expected.not_to contain_concat__fragment('rspec.example.com-scriptalias') } + it { is_expected.not_to contain_concat__fragment('rspec.example.com-serveralias') } + it { is_expected.not_to contain_concat__fragment('rspec.example.com-setenv') } + it { is_expected.not_to contain_concat__fragment('rspec.example.com-ssl') } + it { is_expected.not_to contain_concat__fragment('rspec.example.com-sslproxy') } + it { is_expected.not_to contain_concat__fragment('rspec.example.com-suphp') } + it { is_expected.not_to contain_concat__fragment('rspec.example.com-php_admin') } + it { is_expected.not_to contain_concat__fragment('rspec.example.com-header') } + it { is_expected.not_to contain_concat__fragment('rspec.example.com-requestheader') } + it { is_expected.not_to contain_concat__fragment('rspec.example.com-wsgi') } + it { is_expected.not_to contain_concat__fragment('rspec.example.com-custom_fragment') } + it { is_expected.not_to contain_concat__fragment('rspec.example.com-fastcgi') } + it { is_expected.not_to contain_concat__fragment('rspec.example.com-suexec') } + it { is_expected.not_to contain_concat__fragment('rspec.example.com-charsets') } + it { is_expected.not_to contain_concat__fragment('rspec.example.com-limits') } + it { is_expected.to contain_concat__fragment('rspec.example.com-file_footer') } + end + context 'wsgi_application_group should set apache::mod::wsgi' do + let :params do { - 'path' => '/a', - 'url' => 'http://backend-a/', - 'keywords' => ['noquery', 'interpolate'], - 'no_proxy_uris' => ['/a/foo', '/a/bar'], - 'no_proxy_uris_match' => ['/a/foomatch'], - 'params' => { - 'retry' => '0', - 'timeout' => '5', - }, - 'setenv' => ['proxy-nokeepalive 1', 'force-proxy-request-1.0 1'], - }, - ], - 'suphp_addhandler' => 'foo', - 'suphp_engine' => 'on', - 'suphp_configpath' => '/var/www/html', - 'php_admin_flags' => ['foo', 'bar'], - 'php_admin_values' => ['true', 'false'], - 'no_proxy_uris' => '/foo', - 'no_proxy_uris_match' => '/foomatch', - 'proxy_preserve_host' => true, - 'proxy_add_headers' => true, - 'proxy_error_override' => true, - 'redirect_source' => '/bar', - 'redirect_dest' => '/', - 'redirect_status' => 'temp', - 'redirectmatch_status' => ['404'], - 'redirectmatch_regexp' => ['\.git$'], - 'redirectmatch_dest' => ['http://www.example.com'], - 'headers' => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"', - 'request_headers' => ['append MirrorID "mirror 12"'], - 'rewrites' => [ + 'docroot' => '/rspec/docroot', + 'wsgi_application_group' => '%{GLOBAL}', + } + end + + it { is_expected.to contain_class('apache::mod::wsgi') } + end + context 'wsgi_daemon_process should set apache::mod::wsgi' do + let :params do { - 'rewrite_rule' => ['^index\.html$ welcome.html'], - }, - ], - 'filters' => [ - 'FilterDeclare COMPRESS', - 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html', - 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/css', - 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/plain', - 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/xml', - 'FilterChain COMPRESS', - 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no', - ], - 'rewrite_base' => '/', - 'rewrite_rule' => '^index\.html$ welcome.html', - 'rewrite_cond' => '%{HTTP_USER_AGENT} ^MSIE', - 'rewrite_inherit' => true, - 'setenv' => ['FOO=/bin/true'], - 'setenvif' => 'Request_URI "\.gif$" object_is_image=gif', - 'setenvifnocase' => 'REMOTE_ADDR ^127.0.0.1 localhost=true', - 'block' => 'scm', - 'wsgi_application_group' => '%{GLOBAL}', - 'wsgi_daemon_process' => 'wsgi', - 'wsgi_daemon_process_options' => { - 'processes' => '2', - 'threads' => '15', - 'display-name' => '%{GROUP}', - }, - 'wsgi_import_script' => '/var/www/demo.wsgi', - 'wsgi_import_script_options' => { - 'process-group' => 'wsgi', - 'application-group' => '%{GLOBAL}', - }, - 'wsgi_process_group' => 'wsgi', - 'wsgi_script_aliases' => { - '/' => '/var/www/demo.wsgi', - }, - 'wsgi_script_aliases_match' => { - '^/test/(^[/*)' => '/var/www/demo.wsgi', - }, - 'wsgi_pass_authorization' => 'On', - 'custom_fragment' => '#custom string', - 'itk' => { - 'user' => 'someuser', - 'group' => 'somegroup', - }, - 'wsgi_chunked_request' => 'On', - 'action' => 'foo', - 'fastcgi_server' => 'localhost', - 'fastcgi_socket' => '/tmp/fastcgi.socket', - 'fastcgi_dir' => '/tmp', - 'fastcgi_idle_timeout' => '120', - 'additional_includes' => '/custom/path/includes', - 'apache_version' => '2.4', - 'use_optional_includes' => true, - 'suexec_user_group' => 'root root', - 'allow_encoded_slashes' => 'nodecode', - 'use_canonical_name' => 'dns', - 'passenger_enabled' => false, - 'passenger_base_uri' => '/app', - 'passenger_ruby' => '/usr/bin/ruby1.9.1', - 'passenger_python' => '/usr/local/bin/python', - 'passenger_nodejs' => '/usr/bin/node', - 'passenger_meteor_app_settings' => '/path/to/some/file.json', - 'passenger_app_env' => 'test', - 'passenger_app_root' => '/usr/share/myapp', - 'passenger_app_group_name' => 'app_customer', - 'passenger_app_type' => 'rack', - 'passenger_startup_file' => 'bin/www', - 'passenger_restart_dir' => 'tmp', - 'passenger_spawn_method' => 'direct', - 'passenger_load_shell_envvars' => false, - 'passenger_rolling_restarts' => false, - 'passenger_resist_deployment_errors' => true, - 'passenger_user' => 'sandbox', - 'passenger_group' => 'sandbox', - 'passenger_friendly_error_pages' => false, - 'passenger_min_instances' => 1, - 'passenger_max_instances' => 30, - 'passenger_max_preloader_idle_time' => 600, - 'passenger_force_max_concurrent_requests_per_process' => 10, - 'passenger_start_timeout' => 600, - 'passenger_concurrency_model' => 'thread', - 'passenger_thread_count' => 5, - 'passenger_max_requests' => 1000, - 'passenger_max_request_time' => 2, - 'passenger_memory_limit' => 64, - 'passenger_stat_throttle_rate' => 5, - 'passenger_pre_start' => 'http://localhost/myapp', - 'passenger_high_performance' => true, - 'passenger_buffer_upload' => false, - 'passenger_buffer_response' => false, - 'passenger_error_override' => true, - 'passenger_max_request_queue_size' => 10, - 'passenger_max_request_queue_time' => 2, - 'passenger_sticky_sessions' => true, - 'passenger_sticky_sessions_cookie_name' => '_nom_nom_nom', - 'passenger_allow_encoded_slashes' => true, - 'passenger_debugger' => true, - 'passenger_lve_min_uid' => 500, - 'add_default_charset' => 'UTF-8', - 'jk_mounts' => [ - { 'mount' => '/*', 'worker' => 'tcnode1' }, - { 'unmount' => '/*.jpg', 'worker' => 'tcnode1' }, - ], - 'auth_kerb' => true, - 'krb_method_negotiate' => 'off', - 'krb_method_k5passwd' => 'off', - 'krb_authoritative' => 'off', - 'krb_auth_realms' => ['EXAMPLE.ORG', 'EXAMPLE.NET'], - 'krb_5keytab' => '/tmp/keytab5', - 'krb_local_user_mapping' => 'off', - 'http_protocol_options' => 'Strict LenientMethods Allow0.9', - 'keepalive' => 'on', - 'keepalive_timeout' => '100', - 'max_keepalive_requests' => '1000', - 'comment' => [ - 'Comment 1', - 'Comment 2', - ], - } - end - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '7', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - kernelversion: '3.6.2', - is_pe: false, - } - end - - it { is_expected.to compile } - it { is_expected.not_to contain_file('/var/www/foo') } - it { is_expected.to contain_class('apache::mod::ssl') } - it { - is_expected.to contain_file('ssl.conf').with( - content: %r{^\s+SSLHonorCipherOrder On$}, - ) - } - it { - is_expected.to contain_file('ssl.conf').with( - content: %r{^\s+SSLPassPhraseDialog builtin$}, - ) - } - it { - is_expected.to contain_file('ssl.conf').with( - content: %r{^\s+SSLSessionCacheTimeout 300$}, - ) - } - it { is_expected.to contain_class('apache::mod::mime') } - it { is_expected.to contain_class('apache::mod::vhost_alias') } - it { is_expected.to contain_class('apache::mod::wsgi') } - it { is_expected.to contain_class('apache::mod::suexec') } - it { is_expected.to contain_class('apache::mod::passenger') } - it { - is_expected.to contain_file('/var/www/logs').with('ensure' => 'directory', - 'mode' => '0600') - } - it { is_expected.to contain_class('apache::mod::rewrite') } - it { is_expected.to contain_class('apache::mod::alias') } - it { is_expected.to contain_class('apache::mod::proxy') } - it { is_expected.to contain_class('apache::mod::proxy_http') } - it { is_expected.to contain_class('apache::mod::fastcgi') } - it { is_expected.to contain_class('apache::mod::headers') } - it { is_expected.to contain_class('apache::mod::filter') } - it { is_expected.to contain_class('apache::mod::env') } - it { is_expected.to contain_class('apache::mod::setenvif') } - it { - is_expected.to contain_concat('30-rspec.example.com.conf').with('owner' => 'root', - 'mode' => '0644', - 'require' => 'Package[httpd]', - 'notify' => 'Class[Apache::Service]') - } - it { - is_expected.to contain_file('30-rspec.example.com.conf symlink').with('ensure' => 'link', - 'path' => '/etc/apache2/sites-enabled/30-rspec.example.com.conf') - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-apache-header').with( - content: %r{^# Comment 1$}, - ) - } - it { is_expected.to contain_concat__fragment('rspec.example.com-docroot') } - it { is_expected.to contain_concat__fragment('rspec.example.com-aliases') } - it { is_expected.to contain_concat__fragment('rspec.example.com-itk') } - it { is_expected.to contain_concat__fragment('rspec.example.com-fallbackresource') } - it { is_expected.to contain_concat__fragment('rspec.example.com-directories') } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Include\s'\/custom\/path\/includes'$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Include\s'\/custom\/path\/another_includes'$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Require valid-user$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Require all denied$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Require all granted$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+<\/RequireAll>$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Require all-valid1$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Require all-valid2$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+<\/RequireNone>$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Require none-valid1$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Require none-valid2$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+<\/RequireAny>$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Require any-valid1$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Require any-valid2$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Options\sIndexes\sFollowSymLinks\sMultiViews$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+IndexOptions\sFancyIndexing$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+IndexStyleSheet\s'\/styles\/style\.css'$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+DirectoryIndex\sdisabled$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+SetOutputFilter\soutput_filter$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{\s+\s*Require valid-user\s*<\/Limit>}m, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{\s+\s*Require valid-user\s*<\/LimitExcept>}m, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Dav\sfilesystem$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+DavDepthInfinity\sOn$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+DavMinTimeout\s600$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerEnabled\sOn$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerBaseURI\s/app$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerRuby\s/path/to/ruby$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerPython\s/path/to/python$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerNodejs\s/path/to/nodejs$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerMeteorAppSettings\s/path/to/file\.json$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerAppEnv\sdemo$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerAppRoot\s/var/www/node-app$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerAppGroupName\sfoo_bar$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerAppType\snode$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerStartupFile\sstart\.js$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerRestartDir\stemp$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerLoadShellEnvvars\sOff$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerRollingRestarts\sOff$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerResistDeploymentErrors\sOff$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerUser\snodeuser$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerGroup\snodegroup$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerFriendlyErrorPages\sOn$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerMinInstances\s7$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerMaxInstances\s9$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerForceMaxConcurrentRequestsPerProcess\s12$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerStartTimeout\s10$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerConcurrencyModel\sthread$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerThreadCount\s20$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerMaxRequests\s2000$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerMaxRequestTime\s1$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerMemoryLimit\s32$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerHighPerformance\sOff$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerBufferUpload\sOff$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerBufferResponse\sOff$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerErrorOverride\sOff$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerMaxRequestQueueSize\s120$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerMaxRequestQueueTime\s5$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerStickySessions\sOn$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerStickySessionsCookieName\s_delicious_cookie$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerAllowEncodedSlashes\sOff$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerDebugger\sOff$}, - ) - } - it { is_expected.to contain_concat__fragment('rspec.example.com-additional_includes') } - it { is_expected.to contain_concat__fragment('rspec.example.com-logging') } - it { is_expected.to contain_concat__fragment('rspec.example.com-serversignature') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-access_log') } - it { is_expected.to contain_concat__fragment('rspec.example.com-action') } - it { is_expected.to contain_concat__fragment('rspec.example.com-block') } - it { is_expected.to contain_concat__fragment('rspec.example.com-error_document') } - it { - is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( - %r{retry=0}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( - %r{timeout=5}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( - %r{SetEnv force-proxy-request-1.0 1}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( - %r{SetEnv proxy-nokeepalive 1}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( - %r{noquery interpolate}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( - %r{ProxyPreserveHost On}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( - %r{ProxyAddHeaders On}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( - %r{ProxyPassReverseCookiePath\s+\/a\s+http:\/\/}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( - %r{ProxyPassReverseCookieDomain\s+foo\s+http:\/\/foo}, - ) - } - it { is_expected.to contain_concat__fragment('rspec.example.com-redirect') } - it { is_expected.to contain_concat__fragment('rspec.example.com-rewrite') } - it { - is_expected.to contain_concat__fragment('rspec.example.com-rewrite').with( - content: %r{^\s+RewriteOptions Inherit$}, - ) - } - it { is_expected.to contain_concat__fragment('rspec.example.com-scriptalias') } - it { is_expected.to contain_concat__fragment('rspec.example.com-serveralias') } - it { - is_expected.to contain_concat__fragment('rspec.example.com-setenv').with_content( - %r{SetEnv FOO=/bin/true}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-setenv').with_content( - %r{SetEnvIf Request_URI "\\.gif\$" object_is_image=gif}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-setenv').with_content( - %r{SetEnvIfNoCase REMOTE_ADDR \^127.0.0.1 localhost=true}, - ) - } - it { is_expected.to contain_concat__fragment('rspec.example.com-ssl') } - it { - is_expected.to contain_concat__fragment('rspec.example.com-ssl').with( - content: %r{^\s+SSLOpenSSLConfCmd\s+DHParameters "foo.pem"$}, - ) - } - it { is_expected.to contain_concat__fragment('rspec.example.com-sslproxy') } - it { - is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with( - content: %r{^\s+SSLProxyEngine On$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with( - content: %r{^\s+SSLProxyCheckPeerCN\s+on$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with( - content: %r{^\s+SSLProxyCheckPeerName\s+on$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with( - content: %r{^\s+SSLProxyCheckPeerExpire\s+on$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with( - content: %r{^\s+SSLProxyCipherSuite\s+HIGH$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with( - content: %r{^\s+SSLProxyProtocol\s+TLSv1.2$}, - ) - } - it { is_expected.to contain_concat__fragment('rspec.example.com-suphp') } - it { is_expected.to contain_concat__fragment('rspec.example.com-php_admin') } - it { is_expected.to contain_concat__fragment('rspec.example.com-header') } - it { - is_expected.to contain_concat__fragment('rspec.example.com-filters').with( - content: %r{^\s+FilterDeclare COMPRESS$}, - ) - } - it { is_expected.to contain_concat__fragment('rspec.example.com-requestheader') } - it { is_expected.to contain_concat__fragment('rspec.example.com-wsgi') } - it { is_expected.to contain_concat__fragment('rspec.example.com-custom_fragment') } - it { is_expected.to contain_concat__fragment('rspec.example.com-fastcgi') } - it { is_expected.to contain_concat__fragment('rspec.example.com-suexec') } - it { is_expected.to contain_concat__fragment('rspec.example.com-allow_encoded_slashes') } - it { is_expected.to contain_concat__fragment('rspec.example.com-passenger') } - it { is_expected.to contain_concat__fragment('rspec.example.com-charsets') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-security') } - it { is_expected.to contain_concat__fragment('rspec.example.com-file_footer') } - it { - is_expected.to contain_concat__fragment('rspec.example.com-jk_mounts').with( - content: %r{^\s+JkMount\s+\/\*\s+tcnode1$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-jk_mounts').with( - content: %r{^\s+JkUnMount\s+\/\*\.jpg\s+tcnode1$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with( - content: %r{^\s+KrbMethodNegotiate\soff$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with( - content: %r{^\s+KrbAuthoritative\soff$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with( - content: %r{^\s+KrbAuthRealms\sEXAMPLE.ORG\sEXAMPLE.NET$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with( - content: %r{^\s+Krb5Keytab\s\/tmp\/keytab5$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with( - content: %r{^\s+KrbLocalUserMapping\soff$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with( - content: %r{^\s+KrbServiceName\sHTTP$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with( - content: %r{^\s+KrbSaveCredentials\soff$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with( - content: %r{^\s+KrbVerifyKDC\son$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-http_protocol_options').with( - content: %r{^\s*HttpProtocolOptions\s+Strict\s+LenientMethods\s+Allow0\.9$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-keepalive_options').with( - content: %r{^\s+KeepAlive\son$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-keepalive_options').with( - content: %r{^\s+KeepAliveTimeout\s100$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-keepalive_options').with( - content: %r{^\s+MaxKeepAliveRequests\s1000$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerEnabled\sOff$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerBaseURI\s/app$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerRuby\s/usr/bin/ruby1\.9\.1$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerPython\s/usr/local/bin/python$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerNodejs\s/usr/bin/node$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerMeteorAppSettings\s/path/to/some/file.json$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerAppEnv\stest$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerAppRoot\s/usr/share/myapp$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerAppGroupName\sapp_customer$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerAppType\srack$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerStartupFile\sbin/www$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerRestartDir\stmp$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerSpawnMethod\sdirect$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerLoadShellEnvvars\sOff$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerRollingRestarts\sOff$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerResistDeploymentErrors\sOn$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerUser\ssandbox$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerGroup\ssandbox$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerFriendlyErrorPages\sOff$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerMinInstances\s1$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerMaxInstances\s30$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerMaxPreloaderIdleTime\s600$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerForceMaxConcurrentRequestsPerProcess\s10$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerStartTimeout\s600$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerConcurrencyModel\sthread$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerThreadCount\s5$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerMaxRequests\s1000$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerMaxRequestTime\s2$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerMemoryLimit\s64$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerStatThrottleRate\s5$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-file_footer').with( - content: %r{^PassengerPreStart\shttp://localhost/myapp$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerHighPerformance\sOn$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerBufferUpload\sOff$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerBufferResponse\sOff$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerErrorOverride\sOn$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerMaxRequestQueueSize\s10$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerMaxRequestQueueTime\s2$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerStickySessions\sOn$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerStickySessionsCookieName\s_nom_nom_nom$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerAllowEncodedSlashes\sOn$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerDebugger\sOn$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerLveMinUid\s500$}, - ) - } - end - context 'vhost with multiple ip addresses' do - let :params do - { - 'port' => '80', - 'ip' => ['127.0.0.1', '::1'], - 'ip_based' => true, - 'servername' => 'example.com', - 'docroot' => '/var/www/html', - 'add_listen' => true, - 'ensure' => 'present', - } - end - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '7', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - kernelversion: '3.6.2', - is_pe: false, - } - end - - it { is_expected.to compile } - it { - is_expected.to contain_concat__fragment('rspec.example.com-apache-header').with( - content: %r{[.\/m]*[.\/m]*$}, - ) - } - it { is_expected.to contain_concat__fragment('Listen 127.0.0.1:80') } - it { is_expected.to contain_concat__fragment('Listen [::1]:80') } - it { is_expected.not_to contain_concat__fragment('NameVirtualHost 127.0.0.1:80') } - it { is_expected.not_to contain_concat__fragment('NameVirtualHost [::1]:80') } - end - - context 'vhost with multiple ports' do - let :params do - { - 'port' => ['80', '8080'], - 'ip' => '127.0.0.1', - 'ip_based' => true, - 'servername' => 'example.com', - 'docroot' => '/var/www/html', - 'add_listen' => true, - 'ensure' => 'present', - } - end - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '7', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - kernelversion: '3.6.2', - is_pe: false, - } - end - - it { is_expected.to compile } - it { - is_expected.to contain_concat__fragment('rspec.example.com-apache-header').with( - content: %r{[.\/m]*[.\/m]*$}, - ) - } - it { is_expected.to contain_concat__fragment('Listen 127.0.0.1:80') } - it { is_expected.to contain_concat__fragment('Listen 127.0.0.1:8080') } - it { is_expected.not_to contain_concat__fragment('NameVirtualHost 127.0.0.1:80') } - it { is_expected.not_to contain_concat__fragment('NameVirtualHost 127.0.0.1:8080') } - end - - context 'vhost with multiple ip addresses, multiple ports' do - let :params do - { - 'port' => ['80', '8080'], - 'ip' => ['127.0.0.1', '::1'], - 'ip_based' => true, - 'servername' => 'example.com', - 'docroot' => '/var/www/html', - 'add_listen' => true, - 'ensure' => 'present', - } - end - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '7', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - kernelversion: '3.6.2', - is_pe: false, - } - end - - it { is_expected.to compile } - it { - is_expected.to contain_concat__fragment('rspec.example.com-apache-header').with( - content: %r{[.\/m]*[.\/m]*$}, - ) - } - it { is_expected.to contain_concat__fragment('Listen 127.0.0.1:80') } - it { is_expected.to contain_concat__fragment('Listen 127.0.0.1:8080') } - it { is_expected.to contain_concat__fragment('Listen [::1]:80') } - it { is_expected.to contain_concat__fragment('Listen [::1]:8080') } - it { is_expected.not_to contain_concat__fragment('NameVirtualHost 127.0.0.1:80') } - it { is_expected.not_to contain_concat__fragment('NameVirtualHost 127.0.0.1:8080') } - it { is_expected.not_to contain_concat__fragment('NameVirtualHost [::1]:80') } - it { is_expected.not_to contain_concat__fragment('NameVirtualHost [::1]:8080') } - end - - context 'vhost with ipv6 address' do - let :params do - { - 'port' => '80', - 'ip' => '::1', - 'ip_based' => true, - 'servername' => 'example.com', - 'docroot' => '/var/www/html', - 'add_listen' => true, - 'ensure' => 'present', - } - end - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '7', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - kernelversion: '3.6.2', - is_pe: false, - } - end - - it { is_expected.to compile } - it { - is_expected.to contain_concat__fragment('rspec.example.com-apache-header').with( - content: %r{[.\/m]*[.\/m]*$}, - ) - } - it { is_expected.to contain_concat__fragment('Listen [::1]:80') } - it { is_expected.not_to contain_concat__fragment('NameVirtualHost [::1]:80') } - end - - context 'vhost with wildcard ip address' do - let :params do - { - 'port' => '80', - 'ip' => '*', - 'ip_based' => true, - 'servername' => 'example.com', - 'docroot' => '/var/www/html', - 'add_listen' => true, - 'ensure' => 'present', - } - end - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '7', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - kernelversion: '3.6.2', - is_pe: false, - } - end - - it { is_expected.to compile } - it { - is_expected.to contain_concat__fragment('rspec.example.com-apache-header').with( - content: %r{[.\/m]*[.\/m]*$}, - ) - } - it { is_expected.to contain_concat__fragment('Listen *:80') } - it { is_expected.not_to contain_concat__fragment('NameVirtualHost *:80') } - end - - context 'modsec_audit_log' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'modsec_audit_log' => true, - } - end - - it { is_expected.to compile } - it { - is_expected.to contain_concat__fragment('rspec.example.com-security').with( - content: %r{^\s*SecAuditLog "\/var\/log\/apache2\/rspec\.example\.com_security\.log"$}, - ) - } - end - context 'modsec_audit_log_file' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'modsec_audit_log_file' => 'foo.log', - } - end - - it { is_expected.to compile } - it { - is_expected.to contain_concat__fragment('rspec.example.com-security').with( - content: %r{\s*SecAuditLog "\/var\/log\/apache2\/foo.log"$}, - ) - } - end - context 'set only aliases' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'aliases' => [ + 'docroot' => '/rspec/docroot', + 'wsgi_daemon_process' => 'wsgi', + } + end + + it { is_expected.to contain_class('apache::mod::wsgi') } + end + context 'wsgi_import_script on its own should not set apache::mod::wsgi' do + let :params do { - 'alias' => '/alias', - 'path' => '/rspec/docroot', - }, - ], - } - end - - it { is_expected.to contain_class('apache::mod::alias') } - end - context 'proxy_pass_match' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'proxy_pass_match' => [ + 'docroot' => '/rspec/docroot', + 'wsgi_import_script' => '/var/www/demo.wsgi', + } + end + + it { is_expected.not_to contain_class('apache::mod::wsgi') } + end + context 'wsgi_import_script_options on its own should not set apache::mod::wsgi' do + let :params do { - 'path' => '.*', - 'url' => 'http://backend-a/', - 'params' => { 'timeout' => 300 }, - }, - ], - } - end + 'docroot' => '/rspec/docroot', + 'wsgi_import_script_options' => { + 'process-group' => 'wsgi', + 'application-group' => '%{GLOBAL}', + }, + } + end - it { - is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( - %r{ProxyPassMatch .* http:\/\/backend-a\/ timeout=300}, - ).with_content(%r{## Proxy rules}) - } - end - context 'proxy_dest_match' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'proxy_dest_match' => '/', - } - end + it { is_expected.not_to contain_class('apache::mod::wsgi') } + end + context 'wsgi_import_script and wsgi_import_script_options should set apache::mod::wsgi' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'wsgi_import_script' => '/var/www/demo.wsgi', + 'wsgi_import_script_options' => { + 'process-group' => 'wsgi', + 'application-group' => '%{GLOBAL}', + }, + } + end - it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content(%r{## Proxy rules}) } - end - context 'not everything can be set together...' do - let :params do - { - 'access_log_pipe' => '/dev/null', - 'error_log_pipe' => '/dev/null', - 'docroot' => '/var/www/foo', - 'ensure' => 'absent', - 'manage_docroot' => true, - 'logroot' => '/tmp/logroot', - 'logroot_ensure' => 'absent', - 'directories' => [ + it { is_expected.to contain_class('apache::mod::wsgi') } + end + context 'wsgi_process_group should set apache::mod::wsgi' do + let :params do { - 'path' => '/var/www/files', - 'provider' => 'files', - 'allow' => ['from 127.0.0.1', 'from 127.0.0.2'], - 'deny' => ['from 127.0.0.3', 'from 127.0.0.4'], - 'satisfy' => 'any', - }, + 'docroot' => '/rspec/docroot', + 'wsgi_daemon_process' => 'wsgi', + } + end + + it { is_expected.to contain_class('apache::mod::wsgi') } + end + context 'wsgi_script_aliases with non-empty aliases should set apache::mod::wsgi' do + let :params do { - 'path' => '/var/www/foo', - 'provider' => 'files', - 'allow' => 'from 127.0.0.5', - 'deny' => 'from all', - 'order' => 'deny,allow', - }, - ], - - } - end - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '6', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - kernelversion: '3.6.2', - is_pe: false, - } - end - - it { is_expected.to compile } - it { is_expected.not_to contain_class('apache::mod::ssl') } - it { is_expected.not_to contain_class('apache::mod::mime') } - it { is_expected.not_to contain_class('apache::mod::vhost_alias') } - it { is_expected.not_to contain_class('apache::mod::wsgi') } - it { is_expected.not_to contain_class('apache::mod::passenger') } - it { is_expected.not_to contain_class('apache::mod::suexec') } - it { is_expected.not_to contain_class('apache::mod::rewrite') } - it { is_expected.not_to contain_class('apache::mod::alias') } - it { is_expected.not_to contain_class('apache::mod::proxy') } - it { is_expected.not_to contain_class('apache::mod::proxy_http') } - it { is_expected.not_to contain_class('apache::mod::headers') } - it { is_expected.to contain_file('/var/www/foo') } - it { - is_expected.to contain_file('/tmp/logroot').with('ensure' => 'absent') - } - it { - is_expected.to contain_concat('25-rspec.example.com.conf').with('ensure' => 'absent') - } - it { is_expected.to contain_concat__fragment('rspec.example.com-apache-header') } - it { is_expected.to contain_concat__fragment('rspec.example.com-docroot') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-aliases') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-itk') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-fallbackresource') } - it { is_expected.to contain_concat__fragment('rspec.example.com-directories') } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Allow from 127\.0\.0\.1$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Allow from 127\.0\.0\.2$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Allow from 127\.0\.0\.5$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Deny from 127\.0\.0\.3$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Deny from 127\.0\.0\.4$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Deny from all$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Satisfy any$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Order deny,allow$}, - ) - } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-additional_includes') } - it { is_expected.to contain_concat__fragment('rspec.example.com-logging') } - it { is_expected.to contain_concat__fragment('rspec.example.com-serversignature') } - it { is_expected.to contain_concat__fragment('rspec.example.com-access_log') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-action') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-block') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-error_document') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-proxy') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-redirect') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-rewrite') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-scriptalias') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-serveralias') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-setenv') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-ssl') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-sslproxy') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-suphp') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-php_admin') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-header') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-requestheader') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-wsgi') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-custom_fragment') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-fastcgi') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-suexec') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-charsets') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-limits') } - it { is_expected.to contain_concat__fragment('rspec.example.com-file_footer') } - end - context 'wsgi_application_group should set apache::mod::wsgi' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'wsgi_application_group' => '%{GLOBAL}', - } - end - - it { is_expected.to contain_class('apache::mod::wsgi') } - end - context 'wsgi_daemon_process should set apache::mod::wsgi' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'wsgi_daemon_process' => 'wsgi', - } - end - - it { is_expected.to contain_class('apache::mod::wsgi') } - end - context 'wsgi_import_script on its own should not set apache::mod::wsgi' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'wsgi_import_script' => '/var/www/demo.wsgi', - } - end - - it { is_expected.not_to contain_class('apache::mod::wsgi') } - end - context 'wsgi_import_script_options on its own should not set apache::mod::wsgi' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'wsgi_import_script_options' => { - 'process-group' => 'wsgi', - 'application-group' => '%{GLOBAL}', - }, - } - end - - it { is_expected.not_to contain_class('apache::mod::wsgi') } - end - context 'wsgi_import_script and wsgi_import_script_options should set apache::mod::wsgi' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'wsgi_import_script' => '/var/www/demo.wsgi', - 'wsgi_import_script_options' => { - 'process-group' => 'wsgi', - 'application-group' => '%{GLOBAL}', - }, - } - end - - it { is_expected.to contain_class('apache::mod::wsgi') } - end - context 'wsgi_process_group should set apache::mod::wsgi' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'wsgi_daemon_process' => 'wsgi', - } - end - - it { is_expected.to contain_class('apache::mod::wsgi') } - end - context 'wsgi_script_aliases with non-empty aliases should set apache::mod::wsgi' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'wsgi_script_aliases' => { - '/' => '/var/www/demo.wsgi', - }, - } - end - - it { is_expected.to contain_class('apache::mod::wsgi') } - end - context 'wsgi_script_aliases with empty aliases should set apache::mod::wsgi' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'wsgi_script_aliases' => {}, - } - end - - it { is_expected.not_to contain_class('apache::mod::wsgi') } - end - context 'wsgi_pass_authorization should set apache::mod::wsgi' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'wsgi_pass_authorization' => 'On', - } - end - - it { is_expected.to contain_class('apache::mod::wsgi') } - end - context 'when not setting nor managing the docroot' do - let :params do - { - 'docroot' => false, - 'manage_docroot' => false, - } - end - - it { is_expected.to compile } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-docroot') } - end - context 'ssl_proxyengine without ssl' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'ssl' => false, - 'ssl_proxyengine' => true, - } - end - - it { is_expected.to compile } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-ssl') } - it { is_expected.to contain_concat__fragment('rspec.example.com-sslproxy') } - end - context 'ssl_proxy_protocol without ssl_proxyengine' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'ssl' => true, - 'ssl_proxyengine' => false, - 'ssl_proxy_protocol' => 'TLSv1.2', - } - end - - it { is_expected.to compile } - it { is_expected.to contain_concat__fragment('rspec.example.com-ssl') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-sslproxy') } - end - end - describe 'access logs' do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '6', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - context 'single log file' do - let(:params) do - { - 'docroot' => '/rspec/docroot', - 'access_log_file' => 'my_log_file', - } - end - - it { - is_expected.to contain_concat__fragment('rspec.example.com-access_log').with( - content: %r{^\s+CustomLog.*my_log_file" combined\s*$}, - ) - } - end - context 'single log file with environment' do - let(:params) do - { - 'docroot' => '/rspec/docroot', - 'access_log_file' => 'my_log_file', - 'access_log_env_var' => 'prod', - } - end - - it { - is_expected.to contain_concat__fragment('rspec.example.com-access_log').with( - content: %r{^\s+CustomLog.*my_log_file" combined\s+env=prod$}, - ) - } - end - context 'multiple log files' do - let(:params) do - { - 'docroot' => '/rspec/docroot', - 'access_logs' => [ - { 'file' => '/tmp/log1', 'env' => 'dev' }, - { 'file' => 'log2' }, - { 'syslog' => 'syslog', 'format' => '%h %l' }, - ], - } - end - - it { - is_expected.to contain_concat__fragment('rspec.example.com-access_log').with( - content: %r{^\s+CustomLog "\/tmp\/log1"\s+combined\s+env=dev$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-access_log').with( - content: %r{^\s+CustomLog "\/var\/log\/httpd\/log2"\s+combined\s*$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-access_log').with( - content: %r{^\s+CustomLog "syslog" "%h %l"\s*$}, - ) - } - end - end # access logs - describe 'validation' do - let :default_facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '6', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - context 'bad ensure' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'ensure' => 'bogus', - } - end - let(:facts) { default_facts } - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'bad suphp_engine' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'suphp_engine' => 'bogus', - } - end - let(:facts) { default_facts } - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'bad ip_based' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'ip_based' => 'bogus', - } - end - let(:facts) { default_facts } - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'bad access_log' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'access_log' => 'bogus', - } - end - let(:facts) { default_facts } - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'bad error_log' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'error_log' => 'bogus', - } - end - let(:facts) { default_facts } - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'bad_ssl' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'ssl' => 'bogus', - } - end - let(:facts) { default_facts } - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'bad default_vhost' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'default_vhost' => 'bogus', - } - end - let(:facts) { default_facts } - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'bad ssl_proxyengine' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'ssl_proxyengine' => 'bogus', - } - end - let(:facts) { default_facts } - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'bad rewrites' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'rewrites' => 'bogus', - } - end - let(:facts) { default_facts } - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'bad rewrites 2' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'rewrites' => ['bogus'], - } - end - let(:facts) { default_facts } - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'empty rewrites' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'rewrites' => [], - } - end - let(:facts) { default_facts } - - it { is_expected.to compile } - end - context 'bad suexec_user_group' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'suexec_user_group' => 'bogus', - } - end - let(:facts) { default_facts } - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'bad wsgi_script_alias' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'wsgi_script_alias' => 'bogus', - } - end - let(:facts) { default_facts } - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'bad wsgi_daemon_process_options' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'wsgi_daemon_process_options' => 'bogus', - } - end - let(:facts) { default_facts } - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'bad wsgi_import_script_alias' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'wsgi_import_script_alias' => 'bogus', - } - end - let(:facts) { default_facts } - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'bad itk' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'itk' => 'bogus', - } - end - let(:facts) { default_facts } - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'bad logroot_ensure' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'log_level' => 'bogus', - } - end - let(:facts) { default_facts } - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'bad log_level' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'log_level' => 'bogus', - } - end - let(:facts) { default_facts } - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'access_log_file and access_log_pipe' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'access_log_file' => 'bogus', - 'access_log_pipe' => 'bogus', - } - end - let(:facts) { default_facts } - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'error_log_file and error_log_pipe' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'error_log_file' => 'bogus', - 'error_log_pipe' => 'bogus', - } - end - let(:facts) { default_facts } - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'bad fallbackresource' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'fallbackresource' => 'bogus', - } - end - let(:facts) { default_facts } - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'bad custom_fragment' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'custom_fragment' => true, - } - end - let(:facts) { default_facts } - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'bad access_logs' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'access_logs' => '/var/log/somewhere', - } - end - let(:facts) { default_facts } + 'docroot' => '/rspec/docroot', + 'wsgi_script_aliases' => { + '/' => '/var/www/demo.wsgi', + }, + } + end - it { is_expected.to raise_error(Puppet::Error) } - end - context 'default of require all granted' do - let :params do - { - 'docroot' => '/var/www/foo', - 'directories' => [ + it { is_expected.to contain_class('apache::mod::wsgi') } + end + context 'wsgi_script_aliases with empty aliases should set apache::mod::wsgi' do + let :params do { - 'path' => '/var/www/foo/files', - 'provider' => 'files', - }, - ], - - } - end - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '7', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - kernelversion: '3.19.2', - is_pe: false, - } - end - - it { is_expected.to compile } - it { is_expected.to contain_concat('25-rspec.example.com.conf') } - it { is_expected.to contain_concat__fragment('rspec.example.com-directories') } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Require all granted$}, - ) - } - end - context 'require unmanaged' do - let :params do - { - 'docroot' => '/var/www/foo', - 'directories' => [ + 'docroot' => '/rspec/docroot', + 'wsgi_script_aliases' => {}, + } + end + + it { is_expected.not_to contain_class('apache::mod::wsgi') } + end + context 'wsgi_pass_authorization should set apache::mod::wsgi' do + let :params do { - 'path' => '/var/www/foo', - 'require' => 'unmanaged', - }, - ], - - } - end - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '7', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - kernelversion: '3.19.2', - is_pe: false, - } - end - - it { is_expected.to compile } - it { is_expected.to contain_concat('25-rspec.example.com.conf') } - it { is_expected.to contain_concat__fragment('rspec.example.com-directories') } - it { - is_expected.not_to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Require all granted$}, - ) - } - end - describe 'redirectmatch_*' do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '6', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - let :dparams do - { - docroot: '/rspec/docroot', - port: '84', - } - end - - context 'status' do - let(:params) { dparams.merge(redirectmatch_status: '404') } - - it { is_expected.to contain_class('apache::mod::alias') } - end - context 'dest' do - let(:params) { dparams.merge(redirectmatch_dest: 'http://other.example.com$1.jpg') } - - it { is_expected.to contain_class('apache::mod::alias') } - end - context 'regexp' do - let(:params) { dparams.merge(redirectmatch_regexp: "(.*)\.gif$") } - - it { is_expected.to contain_class('apache::mod::alias') } - end - context 'none' do - let(:params) { dparams } - - it { is_expected.not_to contain_class('apache::mod::alias') } + 'docroot' => '/rspec/docroot', + 'wsgi_pass_authorization' => 'On', + } + end + + it { is_expected.to contain_class('apache::mod::wsgi') } + end + context 'when not setting nor managing the docroot' do + let :params do + { + 'docroot' => false, + 'manage_docroot' => false, + } + end + + it { is_expected.to compile } + it { is_expected.not_to contain_concat__fragment('rspec.example.com-docroot') } + end + context 'ssl_proxyengine without ssl' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'ssl' => false, + 'ssl_proxyengine' => true, + } + end + + it { is_expected.to compile } + it { is_expected.not_to contain_concat__fragment('rspec.example.com-ssl') } + it { is_expected.to contain_concat__fragment('rspec.example.com-sslproxy') } + end + context 'ssl_proxy_protocol without ssl_proxyengine' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'ssl' => true, + 'ssl_proxyengine' => false, + 'ssl_proxy_protocol' => 'TLSv1.2', + } + end + + it { is_expected.to compile } + it { is_expected.to contain_concat__fragment('rspec.example.com-ssl') } + it { is_expected.not_to contain_concat__fragment('rspec.example.com-sslproxy') } + end + describe 'access logs' do + context 'single log file' do + let(:params) do + { + 'docroot' => '/rspec/docroot', + 'access_log_file' => 'my_log_file', + } + end + + it { + is_expected.to contain_concat__fragment('rspec.example.com-access_log').with( + content: %r{^\s+CustomLog.*my_log_file" combined\s*$}, + ) + } + end + context 'single log file with environment' do + let(:params) do + { + 'docroot' => '/rspec/docroot', + 'access_log_file' => 'my_log_file', + 'access_log_env_var' => 'prod', + } + end + + it { + is_expected.to contain_concat__fragment('rspec.example.com-access_log').with( + content: %r{^\s+CustomLog.*my_log_file" combined\s+env=prod$}, + ) + } + end + context 'multiple log files' do + let(:params) do + { + 'docroot' => '/rspec/docroot', + 'access_logs' => [ + { 'file' => '/tmp/log1', 'env' => 'dev' }, + { 'file' => 'log2' }, + { 'syslog' => 'syslog', 'format' => '%h %l' }, + ], + } + end + + it { + is_expected.to contain_concat__fragment('rspec.example.com-access_log').with( + content: %r{^\s+CustomLog "\/tmp\/log1"\s+combined\s+env=dev$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-access_log').with( + content: %r{^\s+CustomLog "\/var\/log\/#{apache_name}\/log2"\s+combined\s*$}, + ) + } + it { + is_expected.to contain_concat__fragment('rspec.example.com-access_log').with( + content: %r{^\s+CustomLog "syslog" "%h %l"\s*$}, + ) + } + end + end # access logs + describe 'validation' do + context 'bad ensure' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'ensure' => 'bogus', + } + end + + it { is_expected.to raise_error(Puppet::Error) } + end + context 'bad suphp_engine' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'suphp_engine' => 'bogus', + } + end + + it { is_expected.to raise_error(Puppet::Error) } + end + context 'bad ip_based' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'ip_based' => 'bogus', + } + end + + it { is_expected.to raise_error(Puppet::Error) } + end + context 'bad access_log' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'access_log' => 'bogus', + } + end + + it { is_expected.to raise_error(Puppet::Error) } + end + context 'bad error_log' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'error_log' => 'bogus', + } + end + + it { is_expected.to raise_error(Puppet::Error) } + end + context 'bad_ssl' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'ssl' => 'bogus', + } + end + + it { is_expected.to raise_error(Puppet::Error) } + end + context 'bad default_vhost' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'default_vhost' => 'bogus', + } + end + + it { is_expected.to raise_error(Puppet::Error) } + end + context 'bad ssl_proxyengine' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'ssl_proxyengine' => 'bogus', + } + end + + it { is_expected.to raise_error(Puppet::Error) } + end + context 'bad rewrites' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'rewrites' => 'bogus', + } + end + + it { is_expected.to raise_error(Puppet::Error) } + end + context 'bad rewrites 2' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'rewrites' => ['bogus'], + } + end + + it { is_expected.to raise_error(Puppet::Error) } + end + context 'empty rewrites' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'rewrites' => [], + } + end + + it { is_expected.to compile } + end + context 'bad suexec_user_group' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'suexec_user_group' => 'bogus', + } + end + + it { is_expected.to raise_error(Puppet::Error) } + end + context 'bad wsgi_script_alias' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'wsgi_script_alias' => 'bogus', + } + end + + it { is_expected.to raise_error(Puppet::Error) } + end + context 'bad wsgi_daemon_process_options' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'wsgi_daemon_process_options' => 'bogus', + } + end + + it { is_expected.to raise_error(Puppet::Error) } + end + context 'bad wsgi_import_script_alias' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'wsgi_import_script_alias' => 'bogus', + } + end + + it { is_expected.to raise_error(Puppet::Error) } + end + context 'bad itk' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'itk' => 'bogus', + } + end + + it { is_expected.to raise_error(Puppet::Error) } + end + context 'bad logroot_ensure' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'log_level' => 'bogus', + } + end + + it { is_expected.to raise_error(Puppet::Error) } + end + context 'bad log_level' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'log_level' => 'bogus', + } + end + + it { is_expected.to raise_error(Puppet::Error) } + end + context 'access_log_file and access_log_pipe' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'access_log_file' => 'bogus', + 'access_log_pipe' => 'bogus', + } + end + + it { is_expected.to raise_error(Puppet::Error) } + end + context 'error_log_file and error_log_pipe' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'error_log_file' => 'bogus', + 'error_log_pipe' => 'bogus', + } + end + + it { is_expected.to raise_error(Puppet::Error) } + end + context 'bad fallbackresource' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'fallbackresource' => 'bogus', + } + end + + it { is_expected.to raise_error(Puppet::Error) } + end + context 'bad custom_fragment' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'custom_fragment' => true, + } + end + + it { is_expected.to raise_error(Puppet::Error) } + end + context 'bad access_logs' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'access_logs' => '/var/log/somewhere', + } + end + + it { is_expected.to raise_error(Puppet::Error) } + end + context 'default of require all granted' do + let :params do + { + 'docroot' => '/var/www/foo', + 'directories' => [ + { + 'path' => '/var/www/foo/files', + 'provider' => 'files', + }, + ], + + } + end + + it { is_expected.to compile } + it { is_expected.to contain_concat('25-rspec.example.com.conf') } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories') } + # this works only with apache 2.4 and newer + if (facts[:os]['family'] == 'RedHat' && facts[:os]['release']['major'].to_i > 6) || + (facts[:os]['name'] == 'SLES' && facts[:os]['release']['major'].to_i > 11) + it { + is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+Require all granted$}, + ) + } + end + end + context 'require unmanaged' do + let :params do + { + 'docroot' => '/var/www/foo', + 'directories' => [ + { + 'path' => '/var/www/foo', + 'require' => 'unmanaged', + }, + ], + + } + end + + it { is_expected.to compile } + it { is_expected.to contain_concat('25-rspec.example.com.conf') } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories') } + it { + is_expected.not_to contain_concat__fragment('rspec.example.com-directories').with( + content: %r{^\s+Require all granted$}, + ) + } + end + describe 'redirectmatch_*' do + let :dparams do + { + docroot: '/rspec/docroot', + port: '84', + } + end + + context 'status' do + let(:params) { dparams.merge(redirectmatch_status: '404') } + + it { is_expected.to contain_class('apache::mod::alias') } + end + context 'dest' do + let(:params) { dparams.merge(redirectmatch_dest: 'http://other.example.com$1.jpg') } + + it { is_expected.to contain_class('apache::mod::alias') } + end + context 'regexp' do + let(:params) { dparams.merge(redirectmatch_regexp: "(.*)\.gif$") } + + it { is_expected.to contain_class('apache::mod::alias') } + end + context 'none' do + let(:params) { dparams } + + it { is_expected.not_to contain_class('apache::mod::alias') } + end + end + end end end end diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index b2115947d7..0c19871d27 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -35,7 +35,8 @@ run_puppet_access_login(user: 'admin') if pe_install? && (Gem::Version.new(puppet_version) >= Gem::Version.new('5.0.0')) # net-tools required for netstat utility being used by be_listening if (fact('osfamily') == 'RedHat' && fact('operatingsystemmajrelease') == '7') || - (fact('osfamily') == 'Debian' && fact('operatingsystemmajrelease') == '9') + (fact('osfamily') == 'Debian' && fact('operatingsystemmajrelease') == '9') || + (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') == '18.04') pp = <<-EOS package { 'net-tools': ensure => installed } EOS diff --git a/spec/spec_helper_local.rb b/spec/spec_helper_local.rb index 6c37eb2af7..58b7d0a8f7 100644 --- a/spec/spec_helper_local.rb +++ b/spec/spec_helper_local.rb @@ -19,21 +19,6 @@ it { is_expected.to compile.with_all_deps } end -shared_examples 'a mod class, without including apache' do - let :facts do - { - id: 'root', - lsbdistcodename: 'jessie', - kernel: 'Linux', - osfamily: 'Debian', - operatingsystem: 'Debian', - operatingsystemrelease: '8', - operatingsystemmajrelease: nil, - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - hardwaremodel: 'x86_64', - } - end - - it { is_expected.to compile.with_all_deps } +shared_context 'a mod class, without including apache' do + let(:facts) { on_supported_os['debian-8-x86_64'] } end