2019-06-11 22:24:35 +00:00
|
|
|
require "helper"
|
|
|
|
|
require "inspec/resource"
|
|
|
|
|
require "inspec/resources/nginx_conf"
|
2017-06-26 13:37:41 +00:00
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
describe "Inspec::Resources::NginxConf" do
|
2017-06-26 13:37:41 +00:00
|
|
|
# None of these tests currently work correctly on windows. See the
|
|
|
|
|
# nginx_conf toplevel comment.
|
|
|
|
|
next if Gem.win_platform?
|
|
|
|
|
|
2021-09-30 08:56:43 +00:00
|
|
|
let(:nginx_conf) { MockLoader.new(:ubuntu).load_resource("nginx_conf") }
|
2017-09-06 12:19:04 +00:00
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "doesnt fail with a missing file" do
|
2019-06-18 05:39:37 +00:00
|
|
|
# This path is not mocked because we cannot mock File.exist?
|
|
|
|
|
# ...As far as I know
|
2021-09-30 08:56:43 +00:00
|
|
|
nginx_conf = MockLoader.new(:ubuntu).load_resource("nginx_conf", "/this/path/does/not/exist")
|
2019-06-18 05:39:37 +00:00
|
|
|
_(nginx_conf.params).must_equal({})
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it "does not fail with an empty file" do
|
2021-09-30 08:56:43 +00:00
|
|
|
nginx_conf = MockLoader.new(:ubuntu).load_resource("nginx_conf", "/etc/nginx/conf.d/empty.conf")
|
2019-06-18 05:39:37 +00:00
|
|
|
_(nginx_conf.params).must_equal({})
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it "does not fail with a file that all lines are commented out" do
|
2021-09-30 08:56:43 +00:00
|
|
|
nginx_conf = MockLoader.new(:ubuntu).load_resource("nginx_conf", "/etc/nginx/conf.d/comments_only.conf")
|
2017-09-06 12:19:04 +00:00
|
|
|
_(nginx_conf.params).must_equal({})
|
|
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "doesnt fail with an incorrect file" do
|
2021-09-30 08:56:43 +00:00
|
|
|
nginx_conf = MockLoader.new(:ubuntu).load_resource("nginx_conf", "/etc/passwd")
|
2017-09-06 12:19:04 +00:00
|
|
|
_(nginx_conf.params).must_equal({})
|
|
|
|
|
end
|
2017-06-26 13:37:41 +00:00
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "reads the nginx_conf with all referenced include calls" do
|
2017-09-06 12:19:04 +00:00
|
|
|
_(nginx_conf.params).must_be_kind_of Hash
|
|
|
|
|
_(nginx_conf.contents).must_be_kind_of Hash
|
2019-06-11 22:24:35 +00:00
|
|
|
_(nginx_conf.contents.keys).must_equal %w{
|
2017-09-15 20:37:57 +00:00
|
|
|
/etc/nginx/nginx.conf
|
|
|
|
|
/etc/nginx/conf/mime.types
|
|
|
|
|
/etc/nginx/proxy.conf
|
2019-06-18 05:39:37 +00:00
|
|
|
/etc/nginx/conf.d/comments_only.conf
|
|
|
|
|
/etc/nginx/conf.d/empty.conf
|
2017-09-15 20:37:57 +00:00
|
|
|
/etc/nginx/conf.d/foobar.conf
|
|
|
|
|
/etc/nginx/conf.d/multiple.conf
|
2018-05-03 13:53:20 +00:00
|
|
|
/etc/nginx/quotes.d/example.conf
|
2019-06-11 22:24:35 +00:00
|
|
|
}
|
2017-06-26 13:37:41 +00:00
|
|
|
|
2017-09-15 20:37:57 +00:00
|
|
|
# verify user
|
2019-06-11 22:24:35 +00:00
|
|
|
_(nginx_conf.params["user"]).must_equal [%w{www www}] # multiple
|
2017-06-26 13:37:41 +00:00
|
|
|
|
2017-09-15 20:37:57 +00:00
|
|
|
# verify error_log
|
2019-06-11 22:24:35 +00:00
|
|
|
_(nginx_conf.params["error_log"]).must_equal [["logs/error.log"]] # with /
|
2017-09-15 20:37:57 +00:00
|
|
|
|
|
|
|
|
# verify events
|
2019-06-11 22:24:35 +00:00
|
|
|
_(nginx_conf.params["events"]).must_equal [{ "worker_connections" => [["4096"]] }]
|
2017-09-15 20:37:57 +00:00
|
|
|
|
|
|
|
|
# verify http
|
2019-06-11 22:24:35 +00:00
|
|
|
_(nginx_conf.params["http"].length).must_equal 1
|
2017-09-15 20:37:57 +00:00
|
|
|
|
|
|
|
|
# verify server count
|
2019-06-11 22:24:35 +00:00
|
|
|
_(nginx_conf.params["http"][0]["server"].length).must_equal 6
|
2017-09-15 20:37:57 +00:00
|
|
|
|
|
|
|
|
# verify index
|
2019-06-11 22:24:35 +00:00
|
|
|
_(nginx_conf.params["http"][0]["index"]).must_equal [["index.html", "index.htm", "index.php"]]
|
2017-09-15 20:37:57 +00:00
|
|
|
|
|
|
|
|
# verify default_type (parameter with '/')
|
2019-06-11 22:24:35 +00:00
|
|
|
_(nginx_conf.params["http"][0]["default_type"]).must_equal [["application/octet-stream"]]
|
2017-06-26 13:37:41 +00:00
|
|
|
|
2017-09-15 20:37:57 +00:00
|
|
|
# verify log_format (multi-line parameter)
|
2019-06-11 22:24:35 +00:00
|
|
|
_(nginx_conf.params["http"][0]["log_format"]).must_equal [%w{main multi line}]
|
2017-09-15 20:37:57 +00:00
|
|
|
|
|
|
|
|
# verify types (relative include test)
|
2019-06-11 22:24:35 +00:00
|
|
|
_(nginx_conf.params["http"][0]["types"]).must_equal [{ "text/html" => [%w{html htm shtml}] }]
|
2017-09-15 20:37:57 +00:00
|
|
|
|
|
|
|
|
# verify proxy_redirect (absolute include test)
|
2019-06-11 22:24:35 +00:00
|
|
|
_(nginx_conf.params["http"][0]["proxy_redirect"]).must_equal [["off"]]
|
2017-06-26 13:37:41 +00:00
|
|
|
|
2017-09-15 20:37:57 +00:00
|
|
|
# verify server in main nginx.conf
|
2019-06-11 22:24:35 +00:00
|
|
|
_(nginx_conf.params["http"][0]["server"][0]["listen"]).must_equal [["80"]]
|
|
|
|
|
_(nginx_conf.params["http"][0]["server"][0]["server_name"]).must_equal [["domain1.com", "www.domain1.com"]]
|
|
|
|
|
_(nginx_conf.params["http"][0]["server"][0]["location"][0]["_"]).must_equal ["~", "\\.php$"]
|
|
|
|
|
_(nginx_conf.params["http"][0]["server"][0]["location"][0]["fastcgi_pass"]).must_equal [["127.0.0.1:1025"]]
|
2017-09-15 20:37:57 +00:00
|
|
|
|
|
|
|
|
# verify another server in main nginx.conf (multi-server and multi-location test)
|
2019-06-11 22:24:35 +00:00
|
|
|
_(nginx_conf.params["http"][0]["server"][1]["listen"]).must_equal [["443"]]
|
|
|
|
|
_(nginx_conf.params["http"][0]["server"][1]["server_name"]).must_equal [["domain2.com", "www.domain2.com"]]
|
|
|
|
|
_(nginx_conf.params["http"][0]["server"][1]["location"][0]["_"]).must_equal ["~", "^/(images|javascript|js|css|flash|media|static)/"]
|
|
|
|
|
_(nginx_conf.params["http"][0]["server"][1]["location"][0]["root"]).must_equal [["/var/www/virtual/big.server.com/htdocs"]]
|
|
|
|
|
_(nginx_conf.params["http"][0]["server"][1]["location"][1]["_"]).must_equal ["/"]
|
|
|
|
|
_(nginx_conf.params["http"][0]["server"][1]["location"][1]["proxy_pass"]).must_equal [["http://127.0.0.1:8080"]]
|
2017-09-15 20:37:57 +00:00
|
|
|
|
|
|
|
|
# verify a server in conf.d (wildcard include test)
|
2019-06-11 22:24:35 +00:00
|
|
|
_(nginx_conf.params["http"][0]["server"][2]["listen"]).must_equal [["8081"]]
|
|
|
|
|
_(nginx_conf.params["http"][0]["server"][2]["server_name"]).must_equal [["foobar.com", "www.foobar.com"]]
|
|
|
|
|
_(nginx_conf.params["http"][0]["server"][2]["location"][0]["_"]).must_equal ["~", "^/flash/"]
|
|
|
|
|
_(nginx_conf.params["http"][0]["server"][2]["location"][0]["root"]).must_equal [["/var/www/virtual/www.foobar.com/htdocs"]]
|
2017-09-15 20:37:57 +00:00
|
|
|
|
|
|
|
|
# verify servers in conf.d files (wildcard include test)
|
2019-06-11 22:24:35 +00:00
|
|
|
_(nginx_conf.params["http"][0]["server"][3]["listen"]).must_equal [["8083"]]
|
|
|
|
|
_(nginx_conf.params["http"][0]["server"][3]["server_name"]).must_equal [["example1.com", "www.example1.com"]]
|
|
|
|
|
_(nginx_conf.params["http"][0]["server"][3]["location"][0]["_"]).must_equal ["~", "^/static/"]
|
|
|
|
|
_(nginx_conf.params["http"][0]["server"][3]["location"][0]["root"]).must_equal [["/var/www/virtual/www.example1.com/htdocs"]]
|
|
|
|
|
_(nginx_conf.params["http"][0]["server"][4]["listen"]).must_equal [["8084"]]
|
|
|
|
|
_(nginx_conf.params["http"][0]["server"][4]["server_name"]).must_equal [["example2.com", "www.example2.com"]]
|
|
|
|
|
_(nginx_conf.params["http"][0]["server"][4]["location"][0]["_"]).must_equal ["~", "^/media/"]
|
|
|
|
|
_(nginx_conf.params["http"][0]["server"][4]["location"][0]["root"]).must_equal [["/var/www/virtual/www.example2.com/htdocs"]]
|
2018-05-03 13:53:20 +00:00
|
|
|
|
|
|
|
|
# verify a server in conf.d_quotes (quotes in path test)
|
2019-06-11 22:24:35 +00:00
|
|
|
_(nginx_conf.params["http"][0]["server"][5]["listen"]).must_equal [["8085"]]
|
|
|
|
|
_(nginx_conf.params["http"][0]["server"][5]["server_name"]).must_equal [["quotes.com", "www.quotes.com"]]
|
2017-06-26 13:37:41 +00:00
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "skips the resource if it cannot parse the config" do
|
2021-09-30 08:56:43 +00:00
|
|
|
resource = MockLoader.new(:ubuntu).load_resource("nginx_conf", "/etc/nginx/failed.conf")
|
2017-06-26 13:37:41 +00:00
|
|
|
_(resource.params).must_equal({})
|
2017-11-06 18:28:53 +00:00
|
|
|
_(resource.resource_exception_message).must_equal "Cannot parse NginX config in /etc/nginx/failed.conf."
|
2017-06-26 13:37:41 +00:00
|
|
|
end
|
2017-09-06 12:19:04 +00:00
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
describe "#http" do
|
2017-09-06 12:19:04 +00:00
|
|
|
let(:http) { nginx_conf.http }
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "provides an accessor for all http entries" do
|
2017-09-06 12:19:04 +00:00
|
|
|
_(http).must_be_kind_of Inspec::Resources::NginxConfHttp
|
|
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "pretty-prints in CLI" do
|
|
|
|
|
_(http.inspect).must_equal "nginx_conf /etc/nginx/nginx.conf, http entries"
|
2017-09-06 12:19:04 +00:00
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "provides accessors to individual http entries" do
|
2017-09-06 12:19:04 +00:00
|
|
|
_(http.entries).must_be_kind_of Array
|
|
|
|
|
_(http.entries.length).must_equal 1
|
|
|
|
|
_(http.entries[0]).must_be_kind_of Inspec::Resources::NginxConfHttpEntry
|
2017-09-15 20:37:57 +00:00
|
|
|
http.entries.each do |entry|
|
|
|
|
|
_(entry).must_be_kind_of Inspec::Resources::NginxConfHttpEntry
|
|
|
|
|
end
|
2017-09-06 12:19:04 +00:00
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "provides aggregated access to all servers" do
|
2017-09-06 12:19:04 +00:00
|
|
|
_(http.servers).must_be_kind_of Array
|
2018-05-03 13:53:20 +00:00
|
|
|
_(http.servers.length).must_equal 6
|
2017-09-15 20:37:57 +00:00
|
|
|
http.servers.each do |server|
|
|
|
|
|
_(server).must_be_kind_of Inspec::Resources::NginxConfServer
|
|
|
|
|
end
|
2017-09-06 12:19:04 +00:00
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "provides aggregated access to all locations" do
|
2017-09-06 12:19:04 +00:00
|
|
|
_(http.locations).must_be_kind_of Array
|
2017-09-15 20:37:57 +00:00
|
|
|
_(http.locations.length).must_equal 6
|
|
|
|
|
http.locations.each do |location|
|
|
|
|
|
_(location).must_be_kind_of Inspec::Resources::NginxConfLocation
|
|
|
|
|
end
|
2017-09-06 12:19:04 +00:00
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "doesnt fail on params == nil" do
|
2017-09-06 12:19:04 +00:00
|
|
|
entry = Inspec::Resources::NginxConfHttp.new(nil, nil)
|
|
|
|
|
_(entry.entries).must_equal([])
|
|
|
|
|
_(entry.servers).must_equal([])
|
|
|
|
|
_(entry.locations).must_equal([])
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
describe "NginxConfHttpEntry" do
|
2017-09-06 12:19:04 +00:00
|
|
|
let(:entry) { nginx_conf.http.entries[0] }
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "pretty-prints in CLI" do
|
|
|
|
|
_(entry.inspect).must_equal "nginx_conf /etc/nginx/nginx.conf, http entry"
|
2017-09-06 12:19:04 +00:00
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "provides aggregated access to all servers" do
|
2017-09-06 12:19:04 +00:00
|
|
|
_(entry.servers).must_be_kind_of Array
|
2018-05-03 13:53:20 +00:00
|
|
|
_(entry.servers.length).must_equal 6
|
2017-09-06 12:19:04 +00:00
|
|
|
_(entry.servers[0]).must_be_kind_of Inspec::Resources::NginxConfServer
|
2017-09-15 20:37:57 +00:00
|
|
|
entry.servers.each do |server|
|
|
|
|
|
_(server).must_be_kind_of Inspec::Resources::NginxConfServer
|
|
|
|
|
end
|
2017-09-06 12:19:04 +00:00
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "provides aggregated access to all locations" do
|
2017-09-06 12:19:04 +00:00
|
|
|
_(entry.locations).must_be_kind_of Array
|
2017-09-15 20:37:57 +00:00
|
|
|
_(entry.locations.length).must_equal 6
|
2017-09-06 12:19:04 +00:00
|
|
|
_(entry.locations[0]).must_be_kind_of Inspec::Resources::NginxConfLocation
|
2017-09-15 20:37:57 +00:00
|
|
|
entry.locations.each do |location|
|
|
|
|
|
_(location).must_be_kind_of Inspec::Resources::NginxConfLocation
|
|
|
|
|
end
|
2017-09-06 12:19:04 +00:00
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "doesnt fail on params == nil" do
|
2017-09-06 12:19:04 +00:00
|
|
|
entry = Inspec::Resources::NginxConfHttpEntry.new(nil, nil)
|
|
|
|
|
_(entry.params).must_equal({})
|
|
|
|
|
_(entry.servers).must_equal([])
|
|
|
|
|
_(entry.locations).must_equal([])
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
describe "#servers" do
|
2017-09-06 12:19:04 +00:00
|
|
|
let(:servers) { nginx_conf.servers }
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "forwards access to #http.servers" do
|
2017-09-06 12:19:04 +00:00
|
|
|
_(servers.map(&:params)).must_equal nginx_conf.http.servers.map(&:params)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
describe "#locations" do
|
2017-09-06 12:19:04 +00:00
|
|
|
let(:locations) { nginx_conf.locations }
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "forwards access to #http.locations" do
|
2017-09-06 12:19:04 +00:00
|
|
|
_(locations.map(&:params)).must_equal nginx_conf.http.locations.map(&:params)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
describe "NginxConfServer" do
|
2017-09-06 12:19:04 +00:00
|
|
|
let(:entry) { nginx_conf.servers[0] }
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "pretty-prints in CLI" do
|
|
|
|
|
_(entry.inspect).must_equal "nginx_conf /etc/nginx/nginx.conf, server domain1.com:80"
|
2017-09-06 12:19:04 +00:00
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "provides access to all its parameters" do
|
|
|
|
|
_(entry.params).must_equal nginx_conf.params["http"][0]["server"][0]
|
2017-09-06 12:19:04 +00:00
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "provides access to its parent" do
|
2017-09-06 12:19:04 +00:00
|
|
|
_(entry.parent.params).must_equal nginx_conf.http.entries[0].params
|
|
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "provides access to all its locations" do
|
2017-09-06 12:19:04 +00:00
|
|
|
_(entry.locations).must_be_kind_of Array
|
|
|
|
|
_(entry.locations.length).must_equal 1
|
2017-09-15 20:37:57 +00:00
|
|
|
entry.locations.each do |location|
|
|
|
|
|
_(location).must_be_kind_of Inspec::Resources::NginxConfLocation
|
|
|
|
|
end
|
2017-09-06 12:19:04 +00:00
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "doesnt fail on params == nil" do
|
2017-09-06 12:19:04 +00:00
|
|
|
entry = Inspec::Resources::NginxConfServer.new(nil, nil)
|
|
|
|
|
_(entry.params).must_equal({})
|
|
|
|
|
_(entry.locations).must_equal([])
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
describe "NginxConfLocation" do
|
2017-09-06 12:19:04 +00:00
|
|
|
let(:entry) { nginx_conf.locations[0] }
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "pretty-prints in CLI" do
|
2017-09-06 12:19:04 +00:00
|
|
|
_(entry.inspect).must_equal 'nginx_conf /etc/nginx/nginx.conf, location "~ \\\\.php$"'
|
|
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "provides access to all its parameters" do
|
|
|
|
|
_(entry.params).must_equal nginx_conf.params["http"][0]["server"][0]["location"][0]
|
2017-09-06 12:19:04 +00:00
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "provides access to its parent" do
|
2017-09-06 12:19:04 +00:00
|
|
|
_(entry.parent.params).must_equal nginx_conf.servers[0].params
|
|
|
|
|
end
|
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "doesnt fail on params == nil" do
|
2017-09-06 12:19:04 +00:00
|
|
|
entry = Inspec::Resources::NginxConfLocation.new(nil, nil)
|
|
|
|
|
_(entry.params).must_equal({})
|
|
|
|
|
end
|
|
|
|
|
end
|
2017-06-26 13:37:41 +00:00
|
|
|
end
|
