diff --git a/manifests/vhost/fragment.pp b/manifests/vhost/fragment.pp index 37a3105b..b331214b 100644 --- a/manifests/vhost/fragment.pp +++ b/manifests/vhost/fragment.pp @@ -1,80 +1,84 @@ # @summary Define a fragment within a vhost # # @param vhost # The title of the vhost resource to append to # # @param priority # Set the priority to match the one `apache::vhost` sets. This must match the # one `apache::vhost` sets or else the concat fragment won't be found. # # @param content # The content to put in the fragment. Only when it's non-empty the actual # fragment will be created. # # @param order # The order to insert the fragment at # # @example With a vhost without priority # include apache # apache::vhost { 'myvhost': # } # apache::vhost::fragment { 'myfragment': # vhost => 'myvhost', # content => '# Foo', # } # # @example With a vhost with priority # include apache # apache::vhost { 'myvhost': # priority => '42', # } # apache::vhost::fragment { 'myfragment': # vhost => 'myvhost', # priority => '42', # content => '# Foo', # } # # @example With a vhost with default vhost # include apache # apache::vhost { 'myvhost': # default_vhost => true, # } # apache::vhost::fragment { 'myfragment': # vhost => 'myvhost', # priority => '10', # default_vhost implies priority 10 # content => '# Foo', # } # # @example Adding a fragment to the built in default vhost # include apache # apache::vhost::fragment { 'myfragment': # vhost => 'default', # priority => '15', # content => '# Foo', # } # define apache::vhost::fragment ( String[1] $vhost, + Optional[Integer[0]] $port = undef, $priority = undef, Optional[String] $content = undef, Integer[0] $order = 900, ) { # This copies the logic from apache::vhost if $priority { $priority_real = "${priority}-" } elsif $priority == false { $priority_real = '' } else { $priority_real = '25-' } - $filename = regsubst($vhost, ' ', '_', 'G') + $filename = $port ? { + Integer => regsubst("${vhost}-${port}", ' ', '_', 'G'), + Undef => regsubst($vhost, ' ', '_', 'G'), + } if $content =~ String[1] { concat::fragment { "${vhost}-${title}": target => "${priority_real}${filename}.conf", order => $order, content => $content, } } } diff --git a/spec/acceptance/apache_ssl_spec.rb b/spec/acceptance/apache_ssl_spec.rb index 416b31f7..e6ea32c4 100644 --- a/spec/acceptance/apache_ssl_spec.rb +++ b/spec/acceptance/apache_ssl_spec.rb @@ -1,160 +1,160 @@ # frozen_string_literal: true require 'spec_helper_acceptance' apache_hash = apache_settings_hash describe 'apache ssl' do describe 'ssl parameters' do pp = <<-MANIFEST class { 'apache': service_ensure => stopped, default_ssl_vhost => true, default_ssl_cert => '/tmp/ssl_cert', default_ssl_key => '/tmp/ssl_key', default_ssl_chain => '/tmp/ssl_chain', default_ssl_ca => '/tmp/ssl_ca', default_ssl_crl_path => '/tmp/ssl_crl_path', default_ssl_crl => '/tmp/ssl_crl', default_ssl_crl_check => 'chain', } MANIFEST it 'runs without error' do idempotent_apply(pp) end describe file("#{apache_hash['mod_ssl_dir']}/ssl.conf") do it { is_expected.to be_file } if os[:family].include?('redhat') && os[:release].to_i == 8 it { is_expected.to contain 'SSLProtocol all' } else it { is_expected.to contain 'SSLProtocol all -SSLv2 -SSLv3' } end end - describe file("#{apache_hash['vhost_dir']}/15-default-ssl.conf") do + describe file("#{apache_hash['vhost_dir']}/15-default-ssl-443.conf") do it { is_expected.to be_file } it { is_expected.to contain 'SSLCertificateFile "/tmp/ssl_cert"' } it { is_expected.to contain 'SSLCertificateKeyFile "/tmp/ssl_key"' } it { is_expected.to contain 'SSLCertificateChainFile "/tmp/ssl_chain"' } it { is_expected.to contain 'SSLCACertificateFile "/tmp/ssl_ca"' } it { is_expected.to contain 'SSLCARevocationPath "/tmp/ssl_crl_path"' } it { is_expected.to contain 'SSLCARevocationFile "/tmp/ssl_crl"' } if apache_hash['version'] == '2.4' it { is_expected.to contain 'SSLCARevocationCheck chain' } else it { is_expected.not_to contain 'SSLCARevocationCheck' } end end end describe 'vhost ssl parameters' do pp = <<-MANIFEST class { 'apache': service_ensure => stopped, } apache::vhost { 'test_ssl': docroot => '/tmp/test', ssl => true, ssl_cert => '/tmp/ssl_cert', ssl_key => '/tmp/ssl_key', ssl_chain => '/tmp/ssl_chain', ssl_ca => '/tmp/ssl_ca', ssl_crl_path => '/tmp/ssl_crl_path', ssl_crl => '/tmp/ssl_crl', ssl_crl_check => 'chain flag', ssl_certs_dir => '/tmp', ssl_protocol => 'test', ssl_cipher => 'test', ssl_honorcipherorder => 'test', ssl_verify_client => 'require', ssl_verify_depth => 'test', ssl_options => ['test', 'test1'], ssl_proxyengine => true, ssl_proxy_protocol => 'TLSv1.2', } MANIFEST it 'runs without error' do idempotent_apply(pp) end describe file("#{apache_hash['vhost_dir']}/25-test_ssl.conf") do it { is_expected.to be_file } it { is_expected.to contain 'SSLCertificateFile "/tmp/ssl_cert"' } it { is_expected.to contain 'SSLCertificateKeyFile "/tmp/ssl_key"' } it { is_expected.to contain 'SSLCertificateChainFile "/tmp/ssl_chain"' } it { is_expected.to contain 'SSLCACertificateFile "/tmp/ssl_ca"' } it { is_expected.to contain 'SSLCACertificatePath "/tmp"' } it { is_expected.to contain 'SSLCARevocationPath "/tmp/ssl_crl_path"' } it { is_expected.to contain 'SSLCARevocationFile "/tmp/ssl_crl"' } it { is_expected.to contain 'SSLProxyEngine On' } it { is_expected.to contain 'SSLProtocol test' } it { is_expected.to contain 'SSLCipherSuite test' } it { is_expected.to contain 'SSLHonorCipherOrder test' } it { is_expected.to contain 'SSLVerifyClient require' } it { is_expected.to contain 'SSLVerifyDepth test' } it { is_expected.to contain 'SSLOptions test test1' } if apache_hash['version'] == '2.4' it { is_expected.to contain 'SSLCARevocationCheck chain flag' } else it { is_expected.not_to contain 'SSLCARevocationCheck' } end end end describe 'vhost ssl ssl_ca only' do pp = <<-MANIFEST class { 'apache': service_ensure => stopped, } apache::vhost { 'test_ssl_ca_only': docroot => '/tmp/test', ssl => true, ssl_cert => '/tmp/ssl_cert', ssl_key => '/tmp/ssl_key', ssl_ca => '/tmp/ssl_ca', ssl_verify_client => 'optional', } MANIFEST it 'runs without error' do idempotent_apply(pp) end describe file("#{apache_hash['vhost_dir']}/25-test_ssl_ca_only.conf") do it { is_expected.to be_file } it { is_expected.to contain 'SSLCertificateFile "/tmp/ssl_cert"' } it { is_expected.to contain 'SSLCertificateKeyFile "/tmp/ssl_key"' } it { is_expected.to contain 'SSLCACertificateFile "/tmp/ssl_ca"' } it { is_expected.not_to contain 'SSLCACertificatePath' } end end describe 'vhost ssl ssl_certs_dir' do pp = <<-MANIFEST class { 'apache': service_ensure => stopped, } apache::vhost { 'test_ssl_certs_dir_only': docroot => '/tmp/test', ssl => true, ssl_cert => '/tmp/ssl_cert', ssl_key => '/tmp/ssl_key', ssl_certs_dir => '/tmp', ssl_verify_client => 'require', } MANIFEST it 'runs without error' do idempotent_apply(pp) end describe file("#{apache_hash['vhost_dir']}/25-test_ssl_certs_dir_only.conf") do it { is_expected.to be_file } it { is_expected.to contain 'SSLCertificateFile "/tmp/ssl_cert"' } it { is_expected.to contain 'SSLCertificateKeyFile "/tmp/ssl_key"' } it { is_expected.to contain 'SSLCACertificatePath "/tmp"' } it { is_expected.to contain 'SSLVerifyClient require' } it { is_expected.not_to contain 'SSLCACertificateFile' } end end end diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 1b8250c0..2b74bdb7 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1,1292 +1,1292 @@ # frozen_string_literal: true require 'spec_helper_acceptance' apache_hash = apache_settings_hash describe 'apache::vhost define' do context 'no default vhosts' do pp = <<-MANIFEST class { 'apache': default_vhost => false, default_ssl_vhost => false, service_ensure => stopped, } if ($::osfamily == 'Suse' and $::operatingsystemrelease < '15') { exec { '/usr/bin/gensslcert': require => Class['apache'], } } elsif ($::osfamily == 'Suse' and $::operatingsystemrelease >= '15') { # In SLES 15, if not given a name, gensslcert defaults the name to be the hostname exec { '/usr/bin/gensslcert -n default': require => Class['apache'], } } MANIFEST it 'creates no default vhosts' do apply_manifest(pp, catch_failures: true) end - describe file("#{apache_hash['vhost_dir']}/15-default.conf") do + describe file("#{apache_hash['vhost_dir']}/15-default-80.conf") do it { is_expected.not_to be_file } end - describe file("#{apache_hash['vhost_dir']}/15-default-ssl.conf") do + describe file("#{apache_hash['vhost_dir']}/15-default-ssl-443.conf") do it { is_expected.not_to be_file } end end context 'default vhost without ssl' do pp = <<-MANIFEST class { 'apache': } MANIFEST it 'creates a default vhost config' do apply_manifest(pp, catch_failures: true) end - describe file("#{apache_hash['vhost_dir']}/15-default.conf") do + describe file("#{apache_hash['vhost_dir']}/15-default-80.conf") do it { is_expected.to contain '' } end - describe file("#{apache_hash['vhost_dir']}/15-default-ssl.conf") do + describe file("#{apache_hash['vhost_dir']}/15-default-ssl-443.conf") do it { is_expected.not_to be_file } end end context 'default vhost with ssl', unless: (os[:family].include?('redhat') && os[:release].to_i == 8) do pp = <<-MANIFEST file { '#{apache_hash['run_dir']}': ensure => 'directory', recurse => true, } class { 'apache': default_ssl_vhost => true, require => File['#{apache_hash['run_dir']}'], } MANIFEST it 'creates default vhost configs' do apply_manifest(pp, catch_failures: true) end - describe file("#{apache_hash['vhost_dir']}/15-default.conf") do + describe file("#{apache_hash['vhost_dir']}/15-default-80.conf") do it { is_expected.to contain '' } end - describe file("#{apache_hash['vhost_dir']}/15-default-ssl.conf") do + describe file("#{apache_hash['vhost_dir']}/15-default-ssl-443.conf") do it { is_expected.to contain '' } it { is_expected.to contain 'SSLEngine on' } end end context 'new vhost on port 80' do pp = <<-MANIFEST class { 'apache': } file { '/var/www': ensure => 'directory', recurse => true, } apache::vhost { 'first.example.com': port => '80', docroot => '/var/www/first', require => File['/var/www'], } MANIFEST it 'configures an apache vhost' do apply_manifest(pp, catch_failures: true) end describe file("#{apache_hash['vhost_dir']}/25-first.example.com.conf") do it { is_expected.to contain '' } it { is_expected.to contain 'ServerName first.example.com' } end end context 'new proxy vhost on port 80' do pp = <<-MANIFEST class { 'apache': } apache::vhost { 'proxy.example.com': port => '80', docroot => '/var/www/proxy', proxy_pass => [ { 'path' => '/foo', 'url' => 'http://backend-foo/'}, ], proxy_preserve_host => true, proxy_error_override => true, } MANIFEST it 'configures an apache proxy vhost' do apply_manifest(pp, catch_failures: true) end describe file("#{apache_hash['vhost_dir']}/25-proxy.example.com.conf") do it { is_expected.to contain '' } it { is_expected.to contain 'ServerName proxy.example.com' } it { is_expected.to contain 'ProxyPass' } it { is_expected.to contain 'ProxyPreserveHost On' } it { is_expected.to contain 'ProxyErrorOverride On' } it { is_expected.not_to contain 'ProxyAddHeaders' } it { is_expected.not_to contain "" } end end context 'new proxy vhost on port 80' do pp = <<-MANIFEST class { 'apache': } apache::vhost { 'proxy.example.com': port => '80', docroot => '#{apache_hash['doc_root']}/proxy', proxy_pass_match => [ { 'path' => '/foo', 'url' => 'http://backend-foo/'}, ], proxy_preserve_host => true, proxy_error_override => true, } MANIFEST it 'configures an apache proxy vhost' do apply_manifest(pp, catch_failures: true) end describe file("#{apache_hash['vhost_dir']}/25-proxy.example.com.conf") do it { is_expected.to contain '' } it { is_expected.to contain 'ServerName proxy.example.com' } it { is_expected.to contain 'ProxyPassMatch /foo http://backend-foo/' } it { is_expected.to contain 'ProxyPreserveHost On' } it { is_expected.to contain 'ProxyErrorOverride On' } it { is_expected.not_to contain 'ProxyAddHeaders' } it { is_expected.not_to contain "" } end end context 'new vhost with multiple IP addresses on multiple ports' do pp = <<-MANIFEST class { 'apache': default_vhost => false, } apache::vhost { 'example.com': port => ['80', '8080'], ip => ['127.0.0.1','127.0.0.2'], ip_based => true, docroot => '/var/www/html', } host { 'host1.example.com': ip => '127.0.0.1', } host { 'host2.example.com': ip => '127.0.0.2', } file { '/var/www/html/index.html': ensure => file, content => "Hello from vhost\\n", } MANIFEST it 'configures one apache vhost with 2 ip addresses and 2 ports' do apply_manifest(pp, catch_failures: true) end describe service(apache_hash['service_name']), skip: 'FM-8483' do it { is_expected.to be_enabled } it { is_expected.to be_running } end describe file("#{apache_hash['vhost_dir']}/25-example.com.conf") do it { is_expected.to contain '' } it { is_expected.to contain 'ServerName example.com' } end describe file(apache_hash['ports_file']) do it { is_expected.to be_file } it { is_expected.to contain 'Listen 127.0.0.1:80' } it { is_expected.to contain 'Listen 127.0.0.1:8080' } it { is_expected.to contain 'Listen 127.0.0.2:80' } it { is_expected.to contain 'Listen 127.0.0.2:8080' } it { is_expected.not_to contain 'NameVirtualHost 127.0.0.1:80' } it { is_expected.not_to contain 'NameVirtualHost 127.0.0.1:8080' } it { is_expected.not_to contain 'NameVirtualHost 127.0.0.2:80' } it { is_expected.not_to contain 'NameVirtualHost 127.0.0.2:8080' } end it 'answers to host1.example.com port 80' do run_shell('/usr/bin/curl host1.example.com:80', acceptable_exit_codes: 0) do |r| expect(r.stdout).to eq("Hello from vhost\n") end end it 'answers to host1.example.com port 8080' do run_shell('/usr/bin/curl host1.example.com:8080', acceptable_exit_codes: 0) do |r| expect(r.stdout).to eq("Hello from vhost\n") end end it 'answers to host2.example.com port 80' do run_shell('/usr/bin/curl host2.example.com:80', acceptable_exit_codes: 0) do |r| expect(r.stdout).to eq("Hello from vhost\n") end end it 'answers to host2.example.com port 8080' do run_shell('/usr/bin/curl host2.example.com:8080', acceptable_exit_codes: 0) do |r| expect(r.stdout).to eq("Hello from vhost\n") end end end context 'new vhost with IPv6 address on port 80', :ipv6 do pp = <<-MANIFEST class { 'apache': default_vhost => false, } apache::vhost { 'example.com': port => '80', ip => '::1', ip_based => true, docroot => '/var/www/html', } host { 'ipv6.example.com': ip => '::1', } file { '/var/www/html/index.html': ensure => file, content => "Hello from vhost\\n", } MANIFEST it 'configures one apache vhost with an ipv6 address' do apply_manifest(pp, catch_failures: true) end describe service(apache_hash['service_name']), skip: 'FM-8483' do it { is_expected.to be_enabled } it { is_expected.to be_running } end describe file("#{apache_hash['vhost_dir']}/25-example.com.conf") do it { is_expected.to contain '' } it { is_expected.to contain 'ServerName example.com' } end describe file(apache_hash['ports_file']) do it { is_expected.to be_file } it { is_expected.to contain 'Listen [::1]:80' } it { is_expected.not_to contain 'NameVirtualHost [::1]:80' } end it 'answers to ipv6.example.com' do run_shell('/usr/bin/curl ipv6.example.com:80', acceptable_exit_codes: 0) do |r| expect(r.stdout).to eq("Hello from vhost\n") end end end context 'apache_directories' do let(:pp) do <<-MANIFEST class { 'apache': } if versioncmp('#{apache_hash['version']}', '2.4') >= 0 { $_files_match_directory = { 'path' => '(\.swp|\.bak|~)$', 'provider' => 'filesmatch', 'require' => 'all denied', } } else { $_files_match_directory = { 'path' => '(\.swp|\.bak|~)$', 'provider' => 'filesmatch', 'deny' => 'from all', } } $_directories = [ { 'path' => '/var/www/files', }, $_files_match_directory, ] apache::vhost { 'files.example.net': docroot => '/var/www/files', directories => $_directories, } file { '/var/www/files/index.html': ensure => file, content => "Hello World\\n", } file { '/var/www/files/index.html.bak': ensure => file, content => "Hello World\\n", } host { 'files.example.net': ip => '127.0.0.1', } MANIFEST end describe 'readme example, adapted' do it 'configures a vhost with Files' do apply_manifest(pp, catch_failures: true) end describe service(apache_hash['service_name']), skip: 'FM-8483' do it { is_expected.to be_enabled } it { is_expected.to be_running } end it 'answers to files.example.net #stdout' do expect(run_shell('/usr/bin/curl -sSf files.example.net:80/index.html').stdout).to eq("Hello World\n") end it 'answers to files.example.net #stderr' do result = run_shell('/usr/bin/curl -sSf files.example.net:80/index.html.bak', expect_failures: true) expect(result.stderr).to match(%r{curl: \(22\) The requested URL returned error: 403}) expect(result.exit_code).to eq 22 end end describe 'other Directory options' do pp_one = <<-MANIFEST class { 'apache': } if versioncmp($apache_version, '2.4') >= 0 { $_files_match_directory = { 'path' => 'private.html$', 'provider' => 'filesmatch', 'require' => 'all denied' } } else { $_files_match_directory = [ { 'path' => 'private.html$', 'provider' => 'filesmatch', 'deny' => 'from all' }, { 'path' => '/bar/bar.html', 'provider' => 'location', allow => [ 'from 127.0.0.1', ] }, ] } $_directories = [ { 'path' => '/var/www/files', }, { 'path' => '/foo/', 'provider' => 'location', 'directoryindex' => 'notindex.html', }, $_files_match_directory, ] apache::vhost { 'files.example.net': docroot => '/var/www/files', directories => $_directories, } file { '/var/www/files/foo': ensure => directory, } file { '/var/www/files/foo/notindex.html': ensure => file, content => "Hello Foo\\n", } file { '/var/www/files/private.html': ensure => file, content => "Hello World\\n", } file { '/var/www/files/bar': ensure => directory, } file { '/var/www/files/bar/bar.html': ensure => file, content => "Hello Bar\\n", } host { 'files.example.net': ip => '127.0.0.1', } MANIFEST it 'configures a vhost with multiple Directory sections' do apply_manifest(pp_one, catch_failures: true) end describe service(apache_hash['service_name']), skip: 'FM-8483' do it { is_expected.to be_enabled } it { is_expected.to be_running } end it 'answers to files.example.net #stdout' do expect(run_shell('/usr/bin/curl -sSf files.example.net:80/').stdout).to eq("Hello World\n") end it 'answers to files.example.net #stdout foo' do expect(run_shell('/usr/bin/curl -sSf files.example.net:80/foo/').stdout).to eq("Hello Foo\n") end it 'answers to files.example.net #stderr' do result = run_shell('/usr/bin/curl -sSf files.example.net:80/private.html', expect_failures: true) expect(result.stderr).to match(%r{curl: \(22\) The requested URL returned error: 403}) expect(result.exit_code).to eq 22 end it 'answers to files.example.net #stdout bar' do expect(run_shell('/usr/bin/curl -sSf files.example.net:80/bar/bar.html').stdout).to eq("Hello Bar\n") end end describe 'SetHandler directive' do pp_two = <<-MANIFEST class { 'apache': } apache::mod { 'status': } host { 'files.example.net': ip => '127.0.0.1', } apache::vhost { 'files.example.net': docroot => '/var/www/files', directories => [ { path => '/var/www/files', }, { path => '/server-status', provider => 'location', sethandler => 'server-status', }, ], } file { '/var/www/files/index.html': ensure => file, content => "Hello World\\n", } MANIFEST it 'configures a vhost with a SetHandler directive' do apply_manifest(pp_two, catch_failures: true) end describe service(apache_hash['service_name']), skip: 'FM-8483' do it { is_expected.to be_enabled } it { is_expected.to be_running } end it 'answers to files.example.net #stdout' do expect(run_shell('/usr/bin/curl -sSf files.example.net:80/index.html').stdout).to eq("Hello World\n") end it 'answers to files.example.net #stdout regex' do expect(run_shell('/usr/bin/curl -sSf files.example.net:80/server-status?auto').stdout).to match(%r{Scoreboard: }) end end describe 'Satisfy and Auth directive', unless: apache_hash['version'] == '2.4' do pp_two = <<-MANIFEST class { 'apache': } host { 'files.example.net': ip => '127.0.0.1', } apache::vhost { 'files.example.net': docroot => '/var/www/files', directories => [ { path => '/var/www/files/foo', auth_type => 'Basic', auth_name => 'Basic Auth', auth_user_file => '/var/www/htpasswd', auth_require => "valid-user", }, { path => '/var/www/files/bar', auth_type => 'Basic', auth_name => 'Basic Auth', auth_user_file => '/var/www/htpasswd', auth_require => 'valid-user', satisfy => 'Any', }, { path => '/var/www/files/baz', allow => 'from 10.10.10.10', auth_type => 'Basic', auth_name => 'Basic Auth', auth_user_file => '/var/www/htpasswd', auth_require => 'valid-user', satisfy => 'Any', }, ], } file { '/var/www/files/foo': ensure => directory, } file { '/var/www/files/bar': ensure => directory, } file { '/var/www/files/baz': ensure => directory, } file { '/var/www/files/foo/index.html': ensure => file, content => "Hello World\\n", } file { '/var/www/files/bar/index.html': ensure => file, content => "Hello World\\n", } file { '/var/www/files/baz/index.html': ensure => file, content => "Hello World\\n", } file { '/var/www/htpasswd': ensure => file, content => "login:IZ7jMcLSx0oQk", # "password" as password } MANIFEST it 'configures a vhost with Satisfy and Auth directive' do apply_manifest(pp_two, catch_failures: true) end describe service(apache_hash['service_name']), skip: 'FM-8483' do it { is_expected.to be_enabled } it { is_expected.to be_running } it 'answers to files.example.net' do result = run_shell('/usr/bin/curl -sSf files.example.net:80/foo/index.html', expect_failures: true) expect(result.stderr).to match(%r{curl: \(22\) The requested URL returned error: 401}) expect(result.exit_code).to eq 22 expect(run_shell('/usr/bin/curl -sSf -u login:password files.example.net:80/foo/index.html').stdout).to eq("Hello World\n") expect(run_shell('/usr/bin/curl -sSf files.example.net:80/bar/index.html').stdout).to eq("Hello World\n") expect(run_shell('/usr/bin/curl -sSf -u login:password files.example.net:80/bar/index.html').stdout).to eq("Hello World\n") result = run_shell('/usr/bin/curl -sSf files.example.net:80/baz/index.html', expect_failures: true) expect(result.stderr).to match(%r{curl: \(22\) The requested URL returned error: 401}) expect(result.exit_code).to eq 22 expect(run_shell('/usr/bin/curl -sSf -u login:password files.example.net:80/baz/index.html').stdout).to eq("Hello World\n") end end end end context 'virtual_docroot hosting separate sites' do pp = <<-MANIFEST class { 'apache': } apache::vhost { 'virt.example.com': vhost_name => '*', serveraliases => '*virt.example.com', port => '80', docroot => '/var/www/virt', virtual_docroot => '/var/www/virt/%1', } host { 'virt.example.com': ip => '127.0.0.1', } host { 'a.virt.example.com': ip => '127.0.0.1', } host { 'b.virt.example.com': ip => '127.0.0.1', } file { [ '/var/www/virt/a', '/var/www/virt/b', ]: ensure => directory, } file { '/var/www/virt/a/index.html': ensure => file, content => "Hello from a.virt\\n", } file { '/var/www/virt/b/index.html': ensure => file, content => "Hello from b.virt\\n", } MANIFEST it 'configures a vhost with VirtualDocumentRoot' do apply_manifest(pp, catch_failures: true) end describe service(apache_hash['service_name']), skip: 'FM-8483' do it { is_expected.to be_enabled } it { is_expected.to be_running } end it 'answers to a.virt.example.com' do run_shell('/usr/bin/curl a.virt.example.com:80', acceptable_exit_codes: 0) do |r| expect(r.stdout).to eq("Hello from a.virt\n") end end it 'answers to b.virt.example.com' do run_shell('/usr/bin/curl b.virt.example.com:80', acceptable_exit_codes: 0) do |r| expect(r.stdout).to eq("Hello from b.virt\n") end end end context 'proxy_pass for alternative vhost' do it 'configures a local vhost and a proxy vhost' do apply_manifest(%( class { 'apache': default_vhost => false, } apache::vhost { 'localhost': docroot => '/var/www/local', ip => '127.0.0.1', port => '8888', } apache::listen { '*:80': } apache::vhost { 'proxy.example.com': docroot => '/var/www', port => '80', add_listen => false, proxy_pass => { 'path' => '/', 'url' => 'http://localhost:8888/subdir/', }, } host { 'proxy.example.com': ip => '127.0.0.1', } file { ['/var/www/local', '/var/www/local/subdir']: ensure => directory, } file { '/var/www/local/subdir/index.html': ensure => file, content => "Hello from localhost\\n", } ), catch_failures: true) end describe service(apache_hash['service_name']), skip: 'FM-8483' do it { is_expected.to be_enabled } it { is_expected.to be_running } end it 'gets a response from the back end #stdout' do run_shell('/usr/bin/curl --max-redirs 0 proxy.example.com:80') do |r| expect(r.stdout).to eq("Hello from localhost\n") end end it 'gets a response from the back end #exit_code' do run_shell('/usr/bin/curl --max-redirs 0 proxy.example.com:80') do |r| expect(r.exit_code).to eq(0) end end end context 'proxy_pass_match for alternative vhost' do it 'configures a local vhost and a proxy vhost' do apply_manifest(%( class { 'apache': default_vhost => false, } apache::vhost { 'localhost': docroot => '/var/www/local', ip => '127.0.0.1', port => '8888', } apache::listen { '*:80': } apache::vhost { 'proxy.example.com': docroot => '/var/www', port => '80', add_listen => false, proxy_pass_match => { 'path' => '/', 'url' => 'http://localhost:8888/subdir/', }, } host { 'proxy.example.com': ip => '127.0.0.1', } file { ['/var/www/local', '/var/www/local/subdir']: ensure => directory, } file { '/var/www/local/subdir/index.html': ensure => file, content => "Hello from localhost\\n", } ), catch_failures: true) end describe service(apache_hash['service_name']), skip: 'FM-8483' do it { is_expected.to be_enabled } it { is_expected.to be_running } end it 'gets a response from the back end #stdout' do run_shell('/usr/bin/curl --max-redirs 0 proxy.example.com:80') do |r| expect(r.stdout).to eq("Hello from localhost\n") end end it 'gets a response from the back end #exit_code' do run_shell('/usr/bin/curl --max-redirs 0 proxy.example.com:80') do |r| expect(r.exit_code).to eq(0) end end end describe 'ip_based' do pp = <<-MANIFEST class { 'apache': } host { 'test.server': ip => '127.0.0.1' } apache::vhost { 'test.server': docroot => '/tmp', ip_based => true, servername => 'test.server', } MANIFEST it 'applies cleanly' do apply_manifest(pp, catch_failures: true) end describe file(apache_hash['ports_file']) do it { is_expected.to be_file } it { is_expected.not_to contain 'NameVirtualHost test.server' } end describe file("#{apache_hash['vhost_dir']}/25-test.server.conf") do it { is_expected.to be_file } it { is_expected.to contain 'ServerName test.server' } end end describe 'ip_based and no servername' do pp = <<-MANIFEST class { 'apache': } host { 'test.server': ip => '127.0.0.1' } apache::vhost { 'test.server': docroot => '/tmp', ip_based => true, servername => '', } MANIFEST it 'applies cleanly' do apply_manifest(pp, catch_failures: true) end describe file(apache_hash['ports_file']) do it { is_expected.to be_file } it { is_expected.not_to contain 'NameVirtualHost test.server' } end describe file("#{apache_hash['vhost_dir']}/25-test.server.conf") do it { is_expected.to be_file } it { is_expected.not_to contain 'ServerName' } end end describe 'add_listen' do pp = <<-MANIFEST class { 'apache': default_vhost => false } host { 'testlisten.server': ip => '127.0.0.1' } apache::listen { '81': } apache::vhost { 'testlisten.server': docroot => '/tmp', port => '80', add_listen => false, servername => 'testlisten.server', } MANIFEST it 'applies cleanly' do apply_manifest(pp, catch_failures: true) end describe file(apache_hash['ports_file']) do it { is_expected.to be_file } it { is_expected.not_to contain 'Listen 80' } it { is_expected.to contain 'Listen 81' } end end describe 'docroot' do pp = <<-MANIFEST user { 'test_owner': ensure => present, } group { 'test_group': ensure => present, } class { 'apache': } host { 'test.server': ip => '127.0.0.1' } apache::vhost { 'test.server': docroot => '/tmp/test', docroot_owner => 'test_owner', docroot_group => 'test_group', docroot_mode => '0750', } MANIFEST it 'applies cleanly' do apply_manifest(pp, catch_failures: true) end describe file('/tmp/test') do it { is_expected.to be_directory } it { is_expected.to be_owned_by 'test_owner' } it { is_expected.to be_grouped_into 'test_group' } it { is_expected.to be_mode 750 } end end describe 'default_vhost' do pp = <<-MANIFEST class { 'apache': } host { 'test.server': ip => '127.0.0.1' } apache::vhost { 'test.server': docroot => '/tmp', default_vhost => true, } MANIFEST it 'applies cleanly' do apply_manifest(pp, catch_failures: true) end describe file(apache_hash['ports_file']) do it { is_expected.to be_file } end describe file("#{apache_hash['vhost_dir']}/10-test.server.conf") do it { is_expected.to be_file } end end describe 'parameter tests', if: mod_supported_on_platform?('apache::mod::itk') do pp = <<-MANIFEST class { 'apache': } host { 'test.itk': ip => '127.0.0.1' } apache::vhost { 'test.itk': docroot => '/tmp', itk => { user => 'nobody', group => 'nobody' } } host { 'test.custom_fragment': ip => '127.0.0.1' } apache::vhost { 'test.custom_fragment': docroot => '/tmp', custom_fragment => inline_template('#weird test string'), } apache::vhost { 'test.without_priority_prefix': priority => false, docroot => '/tmp' } apache::vhost { 'test.ssl_protocol': docroot => '/tmp', ssl => true, ssl_protocol => ['All', '-SSLv2'], ssl_user_name => 'SSL_CLIENT_S_DN_CN', } apache::vhost { 'test.block': docroot => '/tmp', block => 'scm', } apache::vhost { 'test.setenv_setenvif': docroot => '/tmp', setenv => ['TEST /test'], setenvif => ['Request_URI "\.gif$" object_is_image=gif'] } apache::vhost { 'test.rewrite': docroot => '/tmp', rewrites => [ { comment => 'test', rewrite_cond => '%{HTTP_USER_AGENT} ^Lynx/ [OR]', rewrite_rule => ['^index\.html$ welcome.html'], rewrite_map => ['lc int:tolower'], } ], } apache::vhost { 'test.request_headers': docroot => '/tmp', request_headers => ['append MirrorID "mirror 12"'], } apache::vhost { 'test.redirect': docroot => '/tmp', redirect_source => ['/images'], redirect_dest => ['http://test.server/'], redirect_status => ['permanent'], } apache::vhost { 'test.no_proxy_uris': docroot => '/tmp', proxy_dest => 'http://test2', no_proxy_uris => [ 'http://test2/test' ], } apache::vhost { 'test.proxy': docroot => '/tmp', proxy_dest => 'http://testproxy', } apache::vhost { 'test.scriptaliases': docroot => '/tmp', scriptaliases => [{ alias => '/myscript', path => '/usr/share/myscript', }], } apache::vhost { 'test.aliases': docroot => '/tmp', aliases => [ { alias => '/image' , path => '/ftp/pub/image' } , { scriptalias => '/myscript' , path => '/usr/share/myscript' } ], } apache::vhost { 'test.access_logs': docroot => '/tmp', logroot => '/tmp', access_logs => [ {'file' => 'log1'}, {'file' => 'log2', 'env' => 'admin' }, {'file' => '/var/tmp/log3', 'format' => '%h %l'}, {'syslog' => 'syslog' } ] } apache::vhost { 'test.access_log_env_var': docroot => '/tmp', logroot => '/tmp', access_log_syslog => 'syslog', access_log_env_var => 'admin', } apache::vhost { 'test.access_log_format': docroot => '/tmp', logroot => '/tmp', access_log_syslog => 'syslog', access_log_format => '%h %l', } apache::vhost { 'test.logroot': docroot => '/tmp', logroot => '/tmp', } apache::vhost { 'test.override': docroot => '/tmp', override => ['All'], } apache::vhost { 'test.options': docroot => '/tmp', options => ['Indexes','FollowSymLinks', 'ExecCGI'], } MANIFEST it 'applies cleanly' do apply_manifest(pp, catch_failures: true) end describe file("#{apache_hash['vhost_dir']}/25-test.itk.conf") do it { is_expected.to be_file } it { is_expected.to contain 'AssignUserId nobody nobody' } end describe file("#{apache_hash['vhost_dir']}/25-test.custom_fragment.conf") do it { is_expected.to be_file } it { is_expected.to contain '#weird test string' } end describe file("#{apache_hash['vhost_dir']}/test.without_priority_prefix.conf") do it { is_expected.to be_file } end describe file("#{apache_hash['vhost_dir']}/25-test.ssl_protocol.conf") do it { is_expected.to be_file } it { is_expected.to contain 'SSLProtocol *All -SSLv2' } it { is_expected.to contain 'SSLUserName *SSL_CLIENT_S_DN_CN' } end describe file("#{apache_hash['vhost_dir']}/25-test.block.conf") do it { is_expected.to be_file } it { is_expected.to contain '' } end describe file("#{apache_hash['vhost_dir']}/25-test.setenv_setenvif.conf") do it { is_expected.to be_file } it { is_expected.to contain 'SetEnv TEST /test' } it { is_expected.to contain 'SetEnvIf Request_URI "\.gif$" object_is_image=gif' } end describe file("#{apache_hash['vhost_dir']}/25-test.rewrite.conf") do it { is_expected.to be_file } it { is_expected.to contain '#test' } it { is_expected.to contain 'RewriteCond %{HTTP_USER_AGENT} ^Lynx/ [OR]' } it { is_expected.to contain 'RewriteRule ^index.html$ welcome.html' } it { is_expected.to contain 'RewriteMap lc int:tolower' } end describe file("#{apache_hash['vhost_dir']}/25-test.request_headers.conf") do it { is_expected.to be_file } it { is_expected.to contain 'append MirrorID "mirror 12"' } end describe file("#{apache_hash['vhost_dir']}/25-test.redirect.conf") do it { is_expected.to be_file } it { is_expected.to contain 'Redirect permanent /images http://test.server/' } end describe file("#{apache_hash['vhost_dir']}/25-test.no_proxy_uris.conf") do it { is_expected.to be_file } it { is_expected.to contain 'ProxyPass http://test2/test !' } it { is_expected.to contain 'ProxyPass / http://test2/' } end describe file("#{apache_hash['vhost_dir']}/25-test.proxy.conf") do it { is_expected.to be_file } it { is_expected.to contain 'ProxyPass / http://testproxy/' } end describe file("#{apache_hash['vhost_dir']}/25-test.scriptaliases.conf") do it { is_expected.to be_file } it { is_expected.to contain 'ScriptAlias /myscript "/usr/share/myscript"' } end describe file("#{apache_hash['vhost_dir']}/25-test.aliases.conf") do it { is_expected.to be_file } it { is_expected.to contain 'Alias /image "/ftp/pub/image"' } it { is_expected.to contain 'ScriptAlias /myscript "/usr/share/myscript"' } end describe file("#{apache_hash['vhost_dir']}/25-test.access_logs.conf") do it { is_expected.to be_file } it { is_expected.to contain 'CustomLog "/tmp/log1" combined' } it { is_expected.to contain 'CustomLog "/tmp/log2" combined env=admin' } it { is_expected.to contain 'CustomLog "/var/tmp/log3" "%h %l"' } it { is_expected.to contain 'CustomLog "syslog" combined' } end describe file("#{apache_hash['vhost_dir']}/25-test.access_log_env_var.conf") do it { is_expected.to be_file } it { is_expected.to contain 'CustomLog "syslog" combined env=admin' } end describe file("#{apache_hash['vhost_dir']}/25-test.access_log_format.conf") do it { is_expected.to be_file } it { is_expected.to contain 'CustomLog "syslog" "%h %l"' } end describe file("#{apache_hash['vhost_dir']}/25-test.logroot.conf") do it { is_expected.to be_file } it { is_expected.to contain ' CustomLog "/tmp' } end describe file("#{apache_hash['vhost_dir']}/25-test.override.conf") do it { is_expected.to be_file } it { is_expected.to contain 'AllowOverride All' } end describe file("#{apache_hash['vhost_dir']}/25-test.options.conf") do it { is_expected.to be_file } it { is_expected.to contain 'Options Indexes FollowSymLinks ExecCGI' } end end context 'when a manifest defines $servername' do describe 'when the $use_servername_for_filenames parameter is set to true' do pp = <<-MANIFEST class { 'apache': } host { 'test.server': ip => '127.0.0.1' } apache::vhost { 'test.server': use_servername_for_filenames => true, servername => 'test.servername', docroot => '/tmp', logroot => '/tmp', } MANIFEST it 'applies cleanly and DOES NOT print warning about $use_servername_for_filenames usage for test.server vhost' do result = apply_manifest(pp, catch_failures: true) expect(result.stderr).not_to contain %r{ .*Warning\:\sScope\(Apache::Vhost\[test\.server\]\)\:.* It\sis\spossible\sfor\sthe\s\$name\sparameter.* sanitized\s\$servername\sparameter\swhen\snot\sexplicitly\sdefined\. }xm end describe file("#{apache_hash['vhost_dir']}/25-test.servername.conf") do it { is_expected.to be_file } it { is_expected.to contain ' ErrorLog "/tmp/test.servername_error.log' } it { is_expected.to contain ' CustomLog "/tmp/test.servername_access.log' } end end describe 'when the $use_servername_for_filenames parameter is NOT defined' do pp = <<-MANIFEST class { 'apache': } host { 'test.server': ip => '127.0.0.1' } apache::vhost { 'test.server': servername => 'test.servername', docroot => '/tmp', logroot => '/tmp', } MANIFEST it 'applies cleanly and prints warning about $use_servername_for_filenames usage for test.server vhost' do result = apply_manifest(pp, catch_failures: true) expect(result.stderr).to contain %r{ .*Warning\:\sScope\(Apache::Vhost\[test\.server\]\)\:.* It\sis\spossible\sfor\sthe\s\$name\sparameter.* sanitized\s\$servername\sparameter\swhen\snot\sexplicitly\sdefined\. }xm end describe file("#{apache_hash['vhost_dir']}/25-test.server.conf") do it { is_expected.to be_file } it { is_expected.to contain ' ErrorLog "/tmp/test.server_error.log' } it { is_expected.to contain ' CustomLog "/tmp/test.server_access.log' } end end end ['access', 'error'].each do |logtype| case logtype when 'access' logname = 'CustomLog' when 'error' logname = 'ErrorLog' end describe "#{logtype}_log" do pp = <<-MANIFEST class { 'apache': } host { 'test.server': ip => '127.0.0.1' } apache::vhost { 'test.server': docroot => '/tmp', logroot => '/tmp', #{logtype}_log => false, } MANIFEST it 'applies cleanly' do apply_manifest(pp, catch_failures: true) end describe file("#{apache_hash['vhost_dir']}/25-test.server.conf") do it { is_expected.to be_file } it { is_expected.not_to contain " #{logname} \"/tmp" } end end describe "#{logtype}_log_pipe" do pp = <<-MANIFEST class { 'apache': } host { 'test.server': ip => '127.0.0.1' } apache::vhost { 'test.server': docroot => '/tmp', logroot => '/tmp', #{logtype}_log_pipe => '|/bin/sh', } MANIFEST it 'applies cleanly' do apply_manifest(pp, catch_failures: true) end describe file("#{apache_hash['vhost_dir']}/25-test.server.conf") do it { is_expected.to be_file } it { is_expected.to contain " #{logname} \"|/bin/sh" } end end describe "#{logtype}_log_syslog" do pp = <<-MANIFEST class { 'apache': } host { 'test.server': ip => '127.0.0.1' } apache::vhost { 'test.server': docroot => '/tmp', logroot => '/tmp', #{logtype}_log_syslog => 'syslog', } MANIFEST it 'applies cleanly' do apply_manifest(pp, catch_failures: true) end describe file("#{apache_hash['vhost_dir']}/25-test.server.conf") do it { is_expected.to be_file } it { is_expected.to contain " #{logname} \"syslog\"" } end end end describe 'actions' do pp = <<-MANIFEST class { 'apache': } host { 'test.server': ip => '127.0.0.1' } apache::vhost { 'test.server': docroot => '/tmp', action => 'php-fastcgi', } MANIFEST it 'applies cleanly' do pp += "\nclass { 'apache::mod::actions': }" if %r{debian|suse|ubuntu|sles}.match?(os[:family]) apply_manifest(pp, catch_failures: true) end describe file("#{apache_hash['vhost_dir']}/25-test.server.conf") do it { is_expected.to be_file } it { is_expected.to contain 'Action php-fastcgi /cgi-bin virtual' } end end describe 'suphp' do pp = <<-MANIFEST class { 'apache': service_ensure => stopped, } host { 'test.server': ip => '127.0.0.1' } apache::vhost { 'test.server': docroot => '/tmp', suphp_addhandler => '#{apache_hash['suphp_handler']}', suphp_engine => 'on', suphp_configpath => '#{apache_hash['suphp_configpath']}', } MANIFEST it 'applies cleanly' do apply_manifest(pp, catch_failures: true) end describe file("#{apache_hash['vhost_dir']}/25-test.server.conf") do it { is_expected.to be_file } it { is_expected.to contain "suPHP_AddHandler #{apache_hash['suphp_handler']}" } it { is_expected.to contain 'suPHP_Engine on' } it { is_expected.to contain "suPHP_ConfigPath \"#{apache_hash['suphp_configpath']}\"" } end end describe 'directory rewrite rules' do pp = <<-MANIFEST class { 'apache': } host { 'test.server': ip => '127.0.0.1' } if ! defined(Class['apache::mod::rewrite']) { include ::apache::mod::rewrite } apache::vhost { 'test.server': docroot => '/tmp', directories => [ { path => '/tmp', rewrites => [ { comment => 'Permalink Rewrites', rewrite_base => '/', }, { rewrite_rule => [ '^index\\.php$ - [L]' ] }, { rewrite_cond => [ '%{REQUEST_FILENAME} !-f', '%{REQUEST_FILENAME} !-d', ], rewrite_rule => [ '. /index.php [L]' ], } ], }, ], } MANIFEST it 'applies cleanly' do apply_manifest(pp, catch_failures: true) end describe file("#{apache_hash['vhost_dir']}/25-test.server.conf") do it { is_expected.to be_file } it { is_expected.to contain '#Permalink Rewrites' } it { is_expected.to contain 'RewriteEngine On' } it { is_expected.to contain 'RewriteBase /' } it { is_expected.to contain 'RewriteRule ^index\.php$ - [L]' } it { is_expected.to contain 'RewriteCond %{REQUEST_FILENAME} !-f' } it { is_expected.to contain 'RewriteCond %{REQUEST_FILENAME} !-d' } it { is_expected.to contain 'RewriteRule . /index.php [L]' } end end describe 'wsgi' do context 'filter on OS', if: mod_supported_on_platform?('apache::mod::wsgi') do pp = <<-MANIFEST class { 'apache': } class { 'apache::mod::wsgi': } host { 'test.server': ip => '127.0.0.1' } apache::vhost { 'test.server': docroot => '/tmp', wsgi_application_group => '%{GLOBAL}', wsgi_daemon_process => { 'wsgi' => { 'python-home' => '/usr' }, 'foo' => {} }, wsgi_daemon_process_options => {processes => '2'}, wsgi_import_script => '/test1', wsgi_import_script_options => { application-group => '%{GLOBAL}', process-group => 'wsgi' }, wsgi_process_group => 'nobody', wsgi_script_aliases => { '/test' => '/test1' }, wsgi_script_aliases_match => { '/test/([^/*])' => '/test1' }, wsgi_pass_authorization => 'On', wsgi_chunked_request => 'On', } MANIFEST it 'import_script applies cleanly' do apply_manifest(pp, catch_failures: true) end describe file("#{apache_hash['vhost_dir']}/25-test.server.conf") do it { is_expected.to be_file } it { is_expected.to contain 'WSGIApplicationGroup %{GLOBAL}' } it { is_expected.to contain 'WSGIDaemonProcess foo' } it { is_expected.to contain 'WSGIDaemonProcess wsgi python-home=/usr' } it { is_expected.to contain 'WSGIImportScript /test1 application-group=%{GLOBAL} process-group=wsgi' } it { is_expected.to contain 'WSGIProcessGroup nobody' } it { is_expected.to contain 'WSGIScriptAlias /test "/test1"' } it { is_expected.to contain 'WSGIPassAuthorization On' } it { is_expected.to contain 'WSGIChunkedRequest On' } end end end describe 'additional_includes' do pp = <<-MANIFEST if $::osfamily == 'RedHat' and "$::selinux" == "true" { $semanage_package = $::operatingsystemmajrelease ? { '5' => 'policycoreutils', '8' => 'policycoreutils-python-utils', default => 'policycoreutils-python', } package { $semanage_package: ensure => installed } exec { 'set_apache_defaults': command => 'semanage fcontext -a -t httpd_sys_content_t "/apache_spec(/.*)?"', path => '/bin:/usr/bin/:/sbin:/usr/sbin', require => Package[$semanage_package], } exec { 'restorecon_apache': command => 'restorecon -Rv /apache_spec', path => '/bin:/usr/bin/:/sbin:/usr/sbin', before => Service['httpd'], require => Class['apache'], } } class { 'apache': } host { 'test.server': ip => '127.0.0.1' } file { '/apache_spec': ensure => directory, } file { '/apache_spec/include': ensure => present, content => '#additional_includes' } apache::vhost { 'test.server': docroot => '/apache_spec', additional_includes => '/apache_spec/include', } MANIFEST it 'applies cleanly' do apply_manifest(pp, catch_failures: false) end describe file("#{apache_hash['vhost_dir']}/25-test.server.conf") do it { is_expected.to be_file } it { is_expected.to contain 'Include "/apache_spec/include"' } end end describe 'shibboleth parameters', if: (os[:family] == 'debian' && os[:release] != '7') do # Debian 7 is too old for ShibCompatValidUser pp = <<-MANIFEST class { 'apache': } class { 'apache::mod::shib': } apache::vhost { 'test.server': port => '80', docroot => '/var/www/html', shib_compat_valid_user => 'On' } MANIFEST it 'applies cleanly' do apply_manifest(pp, catch_failures: true) end describe file("#{apache_hash['vhost_dir']}/25-test.server.conf") do it { is_expected.to be_file } it { is_expected.to contain 'ShibCompatValidUser On' } end end # IAC-587: These tests do not currently run successfully on certain RHEL OSs due to dependency issues with the # mod_auth_openidc module. describe 'auth_oidc', if: mod_supported_on_platform?('apache::mod::authnz_ldap') do pp = <<-MANIFEST class { 'apache': } apache::vhost { 'test.server': port => '80', docroot => '/var/www/html', auth_oidc => true, oidc_settings => { 'ProviderMetadataURL' => 'https://login.example.com/.well-known/openid-configuration', 'ClientID' => 'test', 'RedirectURI' => 'https://login.example.com/redirect_uri', 'ProviderTokenEndpointAuth' => 'client_secret_basic', 'RemoteUserClaim' => 'sub', 'ClientSecret' => 'aae053a9-4abf-4824-8956-e94b2af335c8', 'CryptoPassphrase' => '4ad1bb46-9979-450e-ae58-c696967df3cd' } } MANIFEST it 'applys cleanly' do apply_manifest(pp, catch_failures: true) end describe file("#{apache_hash['vhost_dir']}/25-test.server.conf") do it { is_expected.to be_file } it { is_expected.to contain 'OIDCProviderMetadataURL https://login.example.com/.well-known/openid-configuration' } it { is_expected.to contain 'OIDCClientID test' } it { is_expected.to contain 'OIDCRedirectURI https://login.example.com/redirect_uri' } it { is_expected.to contain 'OIDCProviderTokenEndpointAuth client_secret_basic' } it { is_expected.to contain 'OIDCRemoteUserClaim sub' } it { is_expected.to contain 'OIDCClientSecret aae053a9-4abf-4824-8956-e94b2af335c8' } it { is_expected.to contain 'OIDCCryptoPassphrase 4ad1bb46-9979-450e-ae58-c696967df3cd' } end end end diff --git a/spec/defines/vhost_fragment_spec.rb b/spec/defines/vhost_fragment_spec.rb index 886c71f0..af042e4d 100644 --- a/spec/defines/vhost_fragment_spec.rb +++ b/spec/defines/vhost_fragment_spec.rb @@ -1,119 +1,120 @@ # frozen_string_literal: true require 'spec_helper' describe 'apache::vhost::fragment' do on_supported_os.each do |os, os_facts| context "on #{os}" do let(:facts) { os_facts } let(:title) { 'myfragment' } context 'adding to the default vhost' do let(:pre_condition) { 'include apache' } let(:params) do { vhost: 'default', + port: 80, priority: '15', } end context 'with content' do let(:params) { super().merge(content: '# Foo') } it 'creates a vhost concat fragment' do is_expected.to compile.with_all_deps - is_expected.to contain_concat('15-default.conf') + is_expected.to contain_concat('15-default-80.conf') is_expected.to create_concat__fragment('default-myfragment') - .with_target('15-default.conf') + .with_target('15-default-80.conf') .with_order(900) .with_content('# Foo') end end context 'without content' do let(:params) { super().merge(content: '') } it 'does not create a vhost concat fragment' do is_expected.to compile.with_all_deps - is_expected.to contain_concat('15-default.conf') + is_expected.to contain_concat('15-default-80.conf') is_expected.not_to contain_concat__fragment('default-myfragment') end end end context 'adding to a custom vhost' do let(:params) do { vhost: 'custom', content: '# Foo', } end context 'with priority => false' do let(:params) { super().merge(priority: false) } let(:pre_condition) do <<-PUPPET include apache apache::vhost { 'custom': docroot => '/path/to/docroot', priority => false, } PUPPET end it 'creates a vhost concat fragment' do is_expected.to compile.with_all_deps is_expected.to contain_concat('custom.conf') is_expected.to create_concat__fragment('custom-myfragment') .with_target('custom.conf') .with_order(900) .with_content('# Foo') end end context 'with priority => 42' do let(:params) { super().merge(priority: '42') } let(:pre_condition) do <<-PUPPET include apache apache::vhost { 'custom': docroot => '/path/to/docroot', priority => '42', } PUPPET end it 'creates a vhost concat fragment' do is_expected.to compile.with_all_deps is_expected.to contain_concat('42-custom.conf') is_expected.to create_concat__fragment('custom-myfragment') .with_target('42-custom.conf') .with_order(900) .with_content('# Foo') end end context 'with default priority' do let(:pre_condition) do <<-PUPPET include apache apache::vhost { 'custom': docroot => '/path/to/docroot', } PUPPET end it 'creates a vhost concat fragment' do is_expected.to compile.with_all_deps is_expected.to contain_concat('25-custom.conf') is_expected.to create_concat__fragment('custom-myfragment') .with_target('25-custom.conf') .with_order(900) .with_content('# Foo') end end end end end end diff --git a/spec/spec_helper_acceptance_local.rb b/spec/spec_helper_acceptance_local.rb index c80aa202..2cb26b13 100644 --- a/spec/spec_helper_acceptance_local.rb +++ b/spec/spec_helper_acceptance_local.rb @@ -1,194 +1,194 @@ # frozen_string_literal: true require 'singleton' require_relative '../util/apache_mod_platform_support' class LitmusHelper include Singleton include PuppetLitmus end class ApacheModTestFilterHelper include Singleton def initialize_ampc(os) @ampc = ApacheModPlatformCompatibility.new @ampc.generate_supported_platforms_versions @ampc.register_running_platform(os) @ampc.generate_mod_platform_exclusions end def mod_supported_on_platform?(mod) @ampc.mod_supported_on_platform?(mod) end def print_parsing_errors @ampc.print_parsing_errors end end RSpec.configure do |c| # IPv6 is not enabled by default in the new travis-ci Trusty environment (see https://github.com/travis-ci/travis-ci/issues/8891 ) if ENV['CI'] == 'true' c.filter_run_excluding ipv6: true end c.before :suite do # Make sure selinux is disabled so the tests work. LitmusHelper.instance.run_shell('setenforce 0', expect_failures: true) if %r{redhat|oracle}.match?(os[:family]) LitmusHelper.instance.run_shell('puppet module install stahnma/epel') pp = <<-PUPPETCODE # needed by tests package { 'curl': ensure => 'latest', } # needed for netstat, for serverspec checks if $::osfamily == 'SLES' or $::osfamily == 'SUSE' { package { 'net-tools-deprecated': ensure => 'latest', } } # needed for ss, for serverspec checks if $::operatingsystem == 'Ubuntu' and $::operatingsystemmajrelease !~ /14.04|16.04/ { package { 'iproute2': ensure => 'latest', } } if $::osfamily == 'RedHat' { if $::operatingsystemmajrelease == '5' or $::operatingsystemmajrelease == '6'{ class { 'epel': epel_baseurl => "http://osmirror.delivery.puppetlabs.net/epel${::operatingsystemmajrelease}-\\$basearch/RPMS.all", epel_mirrorlist => "http://osmirror.delivery.puppetlabs.net/epel${::operatingsystemmajrelease}-\\$basearch/RPMS.all", } } elsif $::operatingsystemmajrelease == '8' { class { 'epel': os_maj_release => "7", epel_baseurl => "http://osmirror.delivery.puppetlabs.net/epel7-\\$basearch/RPMS.all", epel_mirrorlist => "http://osmirror.delivery.puppetlabs.net/epel7-\\$basearch/RPMS.all", } } else { class { 'epel': } } } PUPPETCODE LitmusHelper.instance.apply_manifest(pp) end c.after :suite do ApacheModTestFilterHelper.instance.print_parsing_errors end end def apache_settings_hash osfamily = os[:family] operatingsystemrelease = os[:release].to_f apache = {} case osfamily when 'redhat', 'oracle' apache['confd_dir'] = '/etc/httpd/conf.d' apache['conf_file'] = '/etc/httpd/conf/httpd.conf' apache['ports_file'] = '/etc/httpd/conf/ports.conf' apache['vhost_dir'] = '/etc/httpd/conf.d' - apache['vhost'] = '/etc/httpd/conf.d/15-default.conf' + apache['vhost'] = '/etc/httpd/conf.d/15-default-80.conf' apache['run_dir'] = '/var/run/httpd' apache['doc_root'] = '/var/www' apache['service_name'] = 'httpd' apache['package_name'] = 'httpd' apache['error_log'] = 'error_log' apache['suphp_handler'] = 'php5-script' apache['suphp_configpath'] = 'undef' if operatingsystemrelease >= 8 && osfamily == 'redhat' apache['version'] = '2.4' apache['mod_dir'] = '/etc/httpd/conf.modules.d' apache['mod_ssl_dir'] = apache['mod_dir'] elsif operatingsystemrelease >= 7 && osfamily == 'redhat' apache['version'] = '2.4' apache['mod_dir'] = '/etc/httpd/conf.modules.d' apache['mod_ssl_dir'] = apache['confd_dir'] elsif operatingsystemrelease >= 7 && osfamily == 'oracle' apache['version'] = '2.4' apache['mod_dir'] = '/etc/httpd/conf.modules.d' apache['mod_ssl_dir'] = apache['confd_dir'] else apache['version'] = '2.2' apache['mod_dir'] = '/etc/httpd/conf.d' apache['mod_ssl_dir'] = apache['mod_dir'] end when 'debian', 'ubuntu' apache['confd_dir'] = '/etc/apache2/conf.d' apache['mod_dir'] = '/etc/apache2/mods-available' apache['conf_file'] = '/etc/apache2/apache2.conf' apache['ports_file'] = '/etc/apache2/ports.conf' - apache['vhost'] = '/etc/apache2/sites-available/15-default.conf' + apache['vhost'] = '/etc/apache2/sites-available/15-default-80.conf' apache['vhost_dir'] = '/etc/apache2/sites-enabled' apache['run_dir'] = '/var/run/apache2' apache['doc_root'] = '/var/www' apache['service_name'] = 'apache2' apache['package_name'] = 'apache2' apache['error_log'] = 'error.log' apache['suphp_handler'] = 'x-httpd-php' apache['suphp_configpath'] = '/etc/php5/apache2' apache['version'] = if osfamily == 'ubuntu' && operatingsystemrelease >= 13.10 '2.4' elsif osfamily == 'debian' && operatingsystemrelease >= 8.0 '2.4' else '2.2' end apache['mod_ssl_dir'] = apache['mod_dir'] when 'freebsd' apache['confd_dir'] = '/usr/local/etc/apache24/Includes' apache['mod_dir'] = '/usr/local/etc/apache24/Modules' apache['conf_file'] = '/usr/local/etc/apache24/httpd.conf' apache['ports_file'] = '/usr/local/etc/apache24/Includes/ports.conf' - apache['vhost'] = '/usr/local/etc/apache24/Vhosts/15-default.conf' + apache['vhost'] = '/usr/local/etc/apache24/Vhosts/15-default-80.conf' apache['vhost_dir'] = '/usr/local/etc/apache24/Vhosts' apache['run_dir'] = '/var/run/apache24' apache['doc_root'] = '/var/www' apache['service_name'] = 'apache24' apache['package_name'] = 'apache24' apache['error_log'] = 'http-error.log' apache['version'] = '2.2' apache['mod_ssl_dir'] = apache['mod_dir'] when 'gentoo' apache['confd_dir'] = '/etc/apache2/conf.d' apache['mod_dir'] = '/etc/apache2/modules.d' apache['conf_file'] = '/etc/apache2/httpd.conf' apache['ports_file'] = '/etc/apache2/ports.conf' - apache['vhost'] = '/etc/apache2/vhosts.d/15-default.conf' + apache['vhost'] = '/etc/apache2/vhosts.d/15-default-80.conf' apache['vhost_dir'] = '/etc/apache2/vhosts.d' apache['run_dir'] = '/var/run/apache2' apache['doc_root'] = '/var/www' apache['service_name'] = 'apache2' apache['package_name'] = 'www-servers/apache' apache['error_log'] = 'http-error.log' apache['version'] = '2.4' apache['mod_ssl_dir'] = apache['mod_dir'] when 'suse', 'sles' apache['confd_dir'] = '/etc/apache2/conf.d' apache['mod_dir'] = '/etc/apache2/mods-available' apache['conf_file'] = '/etc/apache2/httpd.conf' apache['ports_file'] = '/etc/apache2/ports.conf' - apache['vhost'] = '/etc/apache2/sites-available/15-default.conf' + apache['vhost'] = '/etc/apache2/sites-available/15-default-80.conf' apache['vhost_dir'] = '/etc/apache2/sites-available' apache['run_dir'] = '/var/run/apache2' apache['doc_root'] = '/srv/www' apache['service_name'] = 'apache2' apache['package_name'] = 'apache2' apache['error_log'] = 'error.log' apache['version'] = if operatingsystemrelease < 12 '2.2' else '2.4' end apache['mod_ssl_dir'] = apache['mod_dir'] else raise 'unable to figure out what apache version' end apache end def mod_supported_on_platform?(mod) return false if ENV['DISABLE_MOD_TEST_EXCLUSION'] ApacheModTestFilterHelper.instance.mod_supported_on_platform?(mod) end