From 3919d33ccb312e36f5bbd2ffa95f7ddbf80b8aea Mon Sep 17 00:00:00 2001 From: "Jeremy J. Miller" Date: Fri, 2 Sep 2016 13:44:16 -0400 Subject: [PATCH 1/7] fixing apache_conf.conf_dir --- lib/resources/apache_conf.rb | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/lib/resources/apache_conf.rb b/lib/resources/apache_conf.rb index 31eccee24..0e372fa30 100644 --- a/lib/resources/apache_conf.rb +++ b/lib/resources/apache_conf.rb @@ -21,7 +21,12 @@ module Inspec::Resources def initialize(conf_path = nil) @conf_path = conf_path || inspec.apache.conf_path - @conf_dir = File.dirname(@conf_path) + case inspec.os[:family] + when 'ubuntu', 'debian' + @conf_dir = File.dirname(@conf_path) + else + @conf_dir = inspec.apache.conf_dir + end @files_contents = {} @content = nil @params = nil From 5774dacfeada27a7afe1063f13fec40ada3a3a09 Mon Sep 17 00:00:00 2001 From: "Jeremy J. Miller" Date: Fri, 2 Sep 2016 13:57:35 -0400 Subject: [PATCH 2/7] use inspec.os.debian? --- lib/resources/apache_conf.rb | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/lib/resources/apache_conf.rb b/lib/resources/apache_conf.rb index 0e372fa30..b29c73556 100644 --- a/lib/resources/apache_conf.rb +++ b/lib/resources/apache_conf.rb @@ -21,12 +21,7 @@ module Inspec::Resources def initialize(conf_path = nil) @conf_path = conf_path || inspec.apache.conf_path - case inspec.os[:family] - when 'ubuntu', 'debian' - @conf_dir = File.dirname(@conf_path) - else - @conf_dir = inspec.apache.conf_dir - end + @conf_dir = inspec.os.debian? ? File.dirname(@conf_path) : inspec.apache.conf_dir @files_contents = {} @content = nil @params = nil From 1b92d15d8f917df42980af5c609440f25979b397 Mon Sep 17 00:00:00 2001 From: "Jeremy J. Miller" Date: Fri, 2 Sep 2016 21:55:28 -0400 Subject: [PATCH 3/7] added unit tests --- test/helper.rb | 3 +++ test/unit/mock/cmd/find-httpd-ssl-conf | 1 + test/unit/mock/files/httpd.conf | 26 ++++++++++++++++++++ test/unit/mock/files/ssl.conf | 6 +++++ test/unit/resources/apache_conf_test.rb | 32 ++++++++++++------------- 5 files changed, 52 insertions(+), 16 deletions(-) create mode 100644 test/unit/mock/cmd/find-httpd-ssl-conf create mode 100644 test/unit/mock/files/httpd.conf create mode 100644 test/unit/mock/files/ssl.conf diff --git a/test/helper.rb b/test/helper.rb index 86d509caf..91a99a54b 100644 --- a/test/helper.rb +++ b/test/helper.rb @@ -118,6 +118,8 @@ class MockLoader 'rootwrap.conf' => mockfile.call('rootwrap.conf'), '/etc/apache2/apache2.conf' => mockfile.call('apache2.conf'), '/etc/apache2/ports.conf' => mockfile.call('ports.conf'), + '/etc/httpd/conf/httpd.conf' => mockfile.call('httpd.conf'), + '/etc/httpd/conf.d/ssl.conf' => mockfile.call('ssl.conf'), '/etc/apache2/conf-enabled/serve-cgi-bin.conf' => mockfile.call('serve-cgi-bin.conf'), '/etc/xinetd.conf' => mockfile.call('xinetd.conf'), '/etc/xinetd.d' => mockfile.call('xinetd.d'), @@ -232,6 +234,7 @@ class MockLoader 'iptables -S' => cmd.call('iptables-s'), # apache_conf 'find /etc/apache2/ports.conf -maxdepth 1 -type f' => cmd.call('find-apache2-ports-conf'), + 'find /etc/httpd/conf.d/*.conf -maxdepth 1 -type f' => cmd.call('find-httpd-ssl-conf'), 'find /etc/apache2/conf-enabled/*.conf -maxdepth 1 -type f' => cmd.call('find-apache2-conf-enabled'), # mount "mount | grep -- ' on /'" => cmd.call("mount"), diff --git a/test/unit/mock/cmd/find-httpd-ssl-conf b/test/unit/mock/cmd/find-httpd-ssl-conf new file mode 100644 index 000000000..a463ce440 --- /dev/null +++ b/test/unit/mock/cmd/find-httpd-ssl-conf @@ -0,0 +1 @@ +/etc/httpd/conf.d/ssl.conf diff --git a/test/unit/mock/files/httpd.conf b/test/unit/mock/files/httpd.conf new file mode 100644 index 000000000..d550cdae9 --- /dev/null +++ b/test/unit/mock/files/httpd.conf @@ -0,0 +1,26 @@ +# This is the main Apache server configuration file. It contains comments. +ServerRoot "/etc/httpd" +Listen 80 + +# User/Group: The name (or #number) of the user/group to run httpd as. +# . On SCO (ODT 3) use "User nouser" and "Group nogroup". +# . On HPUX you may not be able to use shared memory as nobody, and the +# suggested workaround is to create a user www and use that user. +# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET) +# when the value of (unsigned)Group is above 60000; +# don't use Group #-1 on these systems! +# +User apache +Group apache + +# Load config files from the config directory "/etc/httpd/conf.d". +# +Include conf.d/*.conf + +# First, we configure the "default" to be a very restrictive set of +# features. +# + + Options FollowSymLinks + AllowOverride None + diff --git a/test/unit/mock/files/ssl.conf b/test/unit/mock/files/ssl.conf new file mode 100644 index 000000000..cb577c29d --- /dev/null +++ b/test/unit/mock/files/ssl.conf @@ -0,0 +1,6 @@ +# apache ssl.conf +Listen 80 + + + Listen 443 + diff --git a/test/unit/resources/apache_conf_test.rb b/test/unit/resources/apache_conf_test.rb index bc50dcbfb..384bb410e 100644 --- a/test/unit/resources/apache_conf_test.rb +++ b/test/unit/resources/apache_conf_test.rb @@ -2,30 +2,30 @@ # author: Stephan Renatus require 'helper' +require 'inspec/resource' +require 'hashie' describe 'Inspec::Resources::ApacheConf' do - let(:resource) { load_resource('apache_conf') } - - it 'verify content is a string' do - _(resource.content).must_be_kind_of String - end - - it 'verify params is a hashmap' do - _(resource.params).must_be_kind_of Hash - end - it 'reads values in apache2.conf' do + resource = MockLoader.new(:ubuntu1404).load_resource('apache_conf') + _(resource.params).must_be_kind_of Hash + require 'pp' + pp resource.content + _(resource.content).must_be_kind_of String _(resource.params('ServerRoot')).must_equal ['"/etc/apache2"'] - end - - it 'reads values in from the direct include ports.conf' do _(resource.params('Listen').sort).must_equal ['443', '80'] - end - - it 'reads values in from wildcard include serve-cgi-bin.conf' do # TODO(sr) currently, the parser only merges parameter across separate # source files, not in one file _(resource.params('Define')).must_equal ['ENABLE_USR_LIB_CGI_BIN', 'ENABLE_USR_LIB_CGI_BIN'] end + + it 'reads values in httpd.conf' do + resource = MockLoader.new(:centos6).load_resource('apache_conf') + _(resource.params).must_be_kind_of Hash + _(resource.content).must_be_kind_of String + _(resource.params('ServerRoot')).must_equal ['"/etc/httpd"'] + _(resource.params('Listen').sort).must_equal ['443', '80'] + end + end From c0d105671ed003610617ee5d069243f20c11c47c Mon Sep 17 00:00:00 2001 From: "Jeremy J. Miller" Date: Fri, 2 Sep 2016 22:00:12 -0400 Subject: [PATCH 4/7] better description for tests --- test/unit/resources/apache_conf_test.rb | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/test/unit/resources/apache_conf_test.rb b/test/unit/resources/apache_conf_test.rb index 384bb410e..1d0637b51 100644 --- a/test/unit/resources/apache_conf_test.rb +++ b/test/unit/resources/apache_conf_test.rb @@ -6,7 +6,8 @@ require 'inspec/resource' require 'hashie' describe 'Inspec::Resources::ApacheConf' do - it 'reads values in apache2.conf' do + # debian style apache2 + it 'reads values in apache2.conf and from Include, IncludeOptional params' do resource = MockLoader.new(:ubuntu1404).load_resource('apache_conf') _(resource.params).must_be_kind_of Hash require 'pp' @@ -20,7 +21,8 @@ describe 'Inspec::Resources::ApacheConf' do 'ENABLE_USR_LIB_CGI_BIN'] end - it 'reads values in httpd.conf' do + # non debian style httpd + it 'reads values in httpd.conf and from Include, IncludeOptional params' do resource = MockLoader.new(:centos6).load_resource('apache_conf') _(resource.params).must_be_kind_of Hash _(resource.content).must_be_kind_of String From 03cb244e844d3a254a06154ac82a89f8e77bae5f Mon Sep 17 00:00:00 2001 From: "Jeremy J. Miller" Date: Fri, 2 Sep 2016 22:02:47 -0400 Subject: [PATCH 5/7] removed superflous Listen 80 --- test/unit/mock/files/httpd.conf | 1 - 1 file changed, 1 deletion(-) diff --git a/test/unit/mock/files/httpd.conf b/test/unit/mock/files/httpd.conf index d550cdae9..00a0c822e 100644 --- a/test/unit/mock/files/httpd.conf +++ b/test/unit/mock/files/httpd.conf @@ -1,6 +1,5 @@ # This is the main Apache server configuration file. It contains comments. ServerRoot "/etc/httpd" -Listen 80 # User/Group: The name (or #number) of the user/group to run httpd as. # . On SCO (ODT 3) use "User nouser" and "Group nogroup". From d5b2e4bf539c599e61953a085cc9948905a99e7d Mon Sep 17 00:00:00 2001 From: "Jeremy J. Miller" Date: Fri, 2 Sep 2016 22:04:06 -0400 Subject: [PATCH 6/7] removed testing artifact --- test/unit/resources/apache_conf_test.rb | 2 -- 1 file changed, 2 deletions(-) diff --git a/test/unit/resources/apache_conf_test.rb b/test/unit/resources/apache_conf_test.rb index 1d0637b51..1294f0cd9 100644 --- a/test/unit/resources/apache_conf_test.rb +++ b/test/unit/resources/apache_conf_test.rb @@ -10,8 +10,6 @@ describe 'Inspec::Resources::ApacheConf' do it 'reads values in apache2.conf and from Include, IncludeOptional params' do resource = MockLoader.new(:ubuntu1404).load_resource('apache_conf') _(resource.params).must_be_kind_of Hash - require 'pp' - pp resource.content _(resource.content).must_be_kind_of String _(resource.params('ServerRoot')).must_equal ['"/etc/apache2"'] _(resource.params('Listen').sort).must_equal ['443', '80'] From 898fe125f21a22ff8fccc1d28d9181a41d3d95ca Mon Sep 17 00:00:00 2001 From: "Jeremy J. Miller" Date: Sun, 4 Sep 2016 13:27:14 -0400 Subject: [PATCH 7/7] keep os logic in apache resource --- lib/resources/apache_conf.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/resources/apache_conf.rb b/lib/resources/apache_conf.rb index b29c73556..e7519031e 100644 --- a/lib/resources/apache_conf.rb +++ b/lib/resources/apache_conf.rb @@ -21,7 +21,7 @@ module Inspec::Resources def initialize(conf_path = nil) @conf_path = conf_path || inspec.apache.conf_path - @conf_dir = inspec.os.debian? ? File.dirname(@conf_path) : inspec.apache.conf_dir + @conf_dir = conf_path ? File.dirname(@conf_path) : inspec.apache.conf_dir @files_contents = {} @content = nil @params = nil