Project

General

Profile

Download (9.75 KB) Statistics
| Branch: | Tag: | Revision:

puppet-foreman/spec/classes/foreman_config_apache_spec.rb @ a50abdec

require 'spec_helper'

describe 'foreman::config::apache' do
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) { facts }
let(:params) { {} }

let(:http_dir) do
case facts[:osfamily]
when 'RedHat'
'/etc/httpd'
when 'Debian'
'/etc/apache2'
end
end

describe 'with passenger' do
let(:params) do
super().merge(
passenger: true,
passenger_ruby: '/usr/bin/tfm-ruby',
)
end

it 'should include apache with modules' do
should contain_class('apache')
should contain_class('apache::mod::headers')
should contain_class('apache::mod::passenger')
should_not contain_class('apache::mod::proxy')
should_not contain_class('apache::mod::proxy_http')
should_not contain_class('apache::mod::proxy_wstunnel')
end

it 'should ensure not ownership' do
should_not contain_file('/usr/share/foreman/config.ru').with_owner('foreman')
should_not contain_file('/usr/share/foreman/config/environment.rb').with_owner('foreman')
end

it 'should include a http vhost' do
should contain_apache__vhost('foreman')
.with_passenger_min_instances(1)
.without_passenger_pre_start
.with_passenger_start_timeout(90)
.with_passenger_ruby('/usr/bin/tfm-ruby')
end

describe 'with prestart' do
let(:params) { super().merge(passenger_prestart: true) }

it { should contain_apache__vhost('foreman').with_passenger_pre_start("http://#{facts[:fqdn]}:80") }
end

describe 'with user' do
let(:params) { super().merge(user: 'foreman') }

it 'should ensure ownership' do
should contain_file('/usr/share/foreman/config.ru').with_owner('foreman')
should contain_file('/usr/share/foreman/config/environment.rb').with_owner('foreman')
end
end

describe 'with keycloak' do
let(:params) { super().merge(keycloak: true) }

it { should compile.with_all_deps }
it { should contain_apache__mod('auth_openidc') }
it { should contain_class('apache::mod::authz_user') }
it { should contain_file("#{http_dir}/conf.d/foreman-openidc_oidc_keycloak_ssl-realm.conf") }
end
end

describe 'with ssl' do
let(:params) do
{
ssl: true,
ssl_cert: '/cert.pem',
ssl_key: '/key.pem',
ssl_crl: '/crl.pem',
ssl_chain: '/chain.pem',
ssl_ca: '/ca.pem',
ssl_certs_dir: '',
ssl_protocol: '-all +TLSv1.2',
ssl_verify_client: 'require',
}
end

it 'should not contain the docroot' do
should_not contain_file('/usr/share/foreman/public')
end

it 'should contain virt host plugin dir' do
should contain_file("#{http_dir}/conf.d/05-foreman.d").with_ensure('directory')
end

it 'should contain ssl virt host plugin dir' do
should contain_file("#{http_dir}/conf.d/05-foreman-ssl.d").with_ensure('directory')
end

it 'should include a http vhost' do
should contain_apache__vhost('foreman')
.with_ip(nil)
.with_servername(facts[:fqdn])
.with_serveraliases([])
.with_add_default_charset('UTF-8')
.with_docroot('/usr/share/foreman/public')
.with_priority('05')
.with_options(['SymLinksIfOwnerMatch'])
.with_port(80)
.with_custom_fragment(%r{^<LocationMatch "\^/\(assets\|webpack\)">$})
end

it 'should include a https vhost' do
should contain_apache__vhost('foreman-ssl')
.with_ip(nil)
.with_servername(facts[:fqdn])
.with_serveraliases([])
.with_add_default_charset('UTF-8')
.with_docroot('/usr/share/foreman/public')
.with_priority('05')
.with_options(['SymLinksIfOwnerMatch'])
.with_port(443)
.with_ssl(true)
.with_ssl_cert('/cert.pem')
.with_ssl_certs_dir('')
.with_ssl_key('/key.pem')
.with_ssl_chain('/chain.pem')
.with_ssl_ca('/ca.pem')
.with_ssl_crl('/crl.pem')
.with_ssl_protocol('-all +TLSv1.2')
.with_ssl_verify_client('require')
.with_ssl_options('+StdEnvVars +ExportCertData')
.with_ssl_verify_depth('3')
.with_ssl_crl_check('chain')
.with_custom_fragment(%r{^<LocationMatch "\^/\(assets\|webpack\)">$})
end

describe 'with vhost and ssl, no CRL explicitly' do
let(:params) do
super().merge(
ssl_certs_dir: '',
ssl_crl: '',
)
end

it { should contain_apache__vhost('foreman-ssl').without_ssl_crl.without_ssl_crl_chain }
end

describe 'with a different priority set' do
let(:params) { super().merge(priority: '20') }

it 'should contain virt host plugin dir' do
should_not contain_file("#{http_dir}/conf.d/05-foreman.d")
should contain_file("#{http_dir}/conf.d/20-foreman.d").with_ensure('directory')
end

it 'should contain ssl virt host plugin dir' do
should_not contain_file("#{http_dir}/conf.d/05-foreman-ssl.d")
should contain_file("#{http_dir}/conf.d/20-foreman-ssl.d").with_ensure('directory')
end

it 'should include a http vhost' do
should contain_apache__vhost('foreman')
.with_priority(20)
.with_additional_includes(["#{http_dir}/conf.d/20-foreman.d/*.conf"])
end

it 'should include a http ssl vhost' do
should contain_apache__vhost('foreman-ssl')
.with_priority(20)
.with_ssl(true)
.with_additional_includes(["#{http_dir}/conf.d/20-foreman-ssl.d/*.conf"])
end
end

describe 'with different ports set' do
let(:params) do
super().merge(
server_port: 8080,
server_ssl_port: 8443,
)
end

it 'should set the respective parameters' do
should contain_apache__vhost('foreman').with_port(8080)
should contain_apache__vhost('foreman-ssl').with_port(8443)
end

describe 'with passenger and prestart' do
let(:params) { super().merge(passenger: true, passenger_prestart: true) }

it 'should set passenger_pre_start' do
should contain_apache__vhost('foreman').with_passenger_pre_start("http://#{facts[:fqdn]}:8080")
should contain_apache__vhost('foreman-ssl').with_passenger_pre_start("https://#{facts[:fqdn]}:8443")
end
end
end

context 'without passenger' do
let(:params) { super().merge(passenger: false) }

describe 'with ssl' do
let(:params) { super().merge(ssl: true) }

it { should compile.with_all_deps }
it 'should include apache with modules' do
should contain_class('apache::mod::proxy')
should contain_class('apache::mod::proxy_http')
should contain_class('apache::mod::proxy_wstunnel')
should contain_class('apache::mod::rewrite')
should_not contain_class('apache::mod::passenger')
end
it do
should contain_apache__vhost('foreman')
.with_passenger(nil)
.with_proxy_preserve_host(true)
.with_proxy_add_headers(true)
.with_request_headers([
'set X_FORWARDED_PROTO "http"',
'set SSL_CLIENT_S_DN ""',
'set SSL_CLIENT_CERT ""',
'set SSL_CLIENT_VERIFY ""'
])
.with_proxy_pass(
"no_proxy_uris" => ['/pulp', '/pulp2', '/streamer', '/pub'],
"path" => '/',
"url" => 'http://localhost:3000/',
"params" => { "retry" => '0' },
)
.with_rewrites([
{
'comment' => 'Upgrade Websocket connections',
'rewrite_cond' => '%{HTTP:Upgrade} =websocket [NC]',
'rewrite_rule' => '/(.*) ws://localhost:3000/$1 [P,L]',
},
])
end

it do
should contain_apache__vhost('foreman-ssl')
.with_passenger(nil)
.with_proxy_preserve_host(true)
.with_proxy_add_headers(true)
.with_request_headers([
'set X_FORWARDED_PROTO "https"',
'set SSL_CLIENT_S_DN "%{SSL_CLIENT_S_DN}s"',
'set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"',
'set SSL_CLIENT_VERIFY "%{SSL_CLIENT_VERIFY}s"'
])
.with_ssl_proxyengine(true)
.with_proxy_pass(
"no_proxy_uris" => ['/pulp', '/pulp2', '/streamer', '/pub'],
"path" => '/',
"url" => 'http://localhost:3000/',
"params" => { "retry" => '0' },
)
.with_rewrites([
{
'comment' => 'Upgrade Websocket connections',
'rewrite_cond' => '%{HTTP:Upgrade} =websocket [NC]',
'rewrite_rule' => '/(.*) ws://localhost:3000/$1 [P,L]',
},
])
end
end
end
end
end
end
end
(3-3/12)