test(inspec): more tests on nginx config

daks · myii · commit 7e737c1863a4 · 2019-04-17T11:00:23.000+01:00
diff --git a/test/integration/default/controls/config.rb b/test/integration/default/controls/config.rb
@@ -1,10 +1,56 @@
+# Set defaults, use debian as base
+
+server_available = '/etc/nginx/sites-available'
+server_enabled	 = '/etc/nginx/sites-enabled'
+
+# Override by OS
+case os[:name]
+when 'redhat', 'centos', 'fedora'
+  server_available = '/etc/nginx/conf.d'
+  server_enabled   = '/etc/nginx/conf.d'
+end
+
 control 'Nginx configuration' do
   title 'should match desired lines'
 
+  # main configuration
   describe file('/etc/nginx/nginx.conf') do
     it { should be_file }
     it { should be_owned_by 'root' }
     it { should be_grouped_into 'root' }
     its('mode') { should cmp '0644' }
   end
+
+  # snippets configuration
+  describe file('/etc/nginx/snippets/letsencrypt.conf') do
+    it { should be_file }
+    it { should be_owned_by 'root' }
+    it { should be_grouped_into 'root' }
+    its('mode') { should cmp '0644' }
+    its('content') { should include 'location ^~ /.well-known/acme-challenge/ {' }
+    its('content') { should include 'proxy_pass http://localhost:9999;' }
+    its('content') { should include '{' }
+  end
+
+  # sites configuration
+  [server_available, server_enabled].each do |dir|
+
+    describe file ("#{dir}/default") do
+     it { should_not exist }
+    end
+
+    describe file ("#{dir}/mysite") do
+      it { should be_file }
+      it { should be_owned_by 'root' }
+      it { should be_grouped_into 'root' }
+      its('mode') { should cmp '0644' }
+      its('content') { should include 'server_name localhost;' }
+      its('content') { should include 'listen 80 default_server;' }
+      its('content') { should include 'index index.html index.htm;' }
+      its('content') { should include 'location ~ .htm {' }
+      its('content') { should include 'try_files $uri $uri/ =404;' }
+      its('content') { should include 'include snippets/letsencrypt.conf;' }
+    end
+
+  end
 end
diff --git a/test/salt/default/pillar/nginx.sls b/test/salt/default/pillar/nginx.sls
@@ -0,0 +1,31 @@
+
+# Simple pillar setup
+# - snippet letsencrypt
+# - remove 'default' site
+# - create 'mysite' site
+
+nginx:
+  ng:
+    snippets:
+      letsencrypt:
+        - location ^~ /.well-known/acme-challenge/:
+          - proxy_pass: http://localhost:9999
+    servers:
+      managed:
+        default:
+          deleted: True
+          enabled: False
+          config: {}
+
+        mysite:
+          enabled: True
+          config:
+            - server:
+              - server_name: localhost
+              - listen:
+                - '80 default_server'
+              - index: 'index.html index.htm'
+              - location ~ .htm:
+                - try_files: '$uri $uri/ =404'
+              - include: 'snippets/letsencrypt.conf'
+
