X-Git-Url: https://git.donarmstrong.com/?p=dsa-puppet.git;a=blobdiff_plain;f=3rdparty%2Fmodules%2Fapache%2Fspec%2Facceptance%2Fapache_ssl_spec.rb;fp=3rdparty%2Fmodules%2Fapache%2Fspec%2Facceptance%2Fapache_ssl_spec.rb;h=f8023fa2403999179c37a7d70c9649de35c446cd;hp=0000000000000000000000000000000000000000;hb=4631045ebb77ee8622f6fa09277a50c372bcc02e;hpb=3d4dc4fd9e59bd0e07646c99f6b356c7d9d859aa diff --git a/3rdparty/modules/apache/spec/acceptance/apache_ssl_spec.rb b/3rdparty/modules/apache/spec/acceptance/apache_ssl_spec.rb new file mode 100644 index 00000000..f8023fa2 --- /dev/null +++ b/3rdparty/modules/apache/spec/acceptance/apache_ssl_spec.rb @@ -0,0 +1,100 @@ +require 'spec_helper_acceptance' +require_relative './version.rb' + +case fact('osfamily') +when 'RedHat' + vhostd = '/etc/httpd/conf.d' +when 'Debian' + vhostd = '/etc/apache2/sites-available' +end + +describe 'apache ssl', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do + + describe 'ssl parameters' do + it 'runs without error' do + pp = <<-EOS + class { 'apache': + service_ensure => stopped, + default_ssl_vhost => true, + default_ssl_cert => '/tmp/ssl_cert', + default_ssl_key => '/tmp/ssl_key', + default_ssl_chain => '/tmp/ssl_chain', + default_ssl_ca => '/tmp/ssl_ca', + default_ssl_crl_path => '/tmp/ssl_crl_path', + default_ssl_crl => '/tmp/ssl_crl', + default_ssl_crl_check => 'chain', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{vhostd}/15-default-ssl.conf") do + it { is_expected.to be_file } + it { is_expected.to contain 'SSLCertificateFile "/tmp/ssl_cert"' } + it { is_expected.to contain 'SSLCertificateKeyFile "/tmp/ssl_key"' } + it { is_expected.to contain 'SSLCertificateChainFile "/tmp/ssl_chain"' } + it { is_expected.to contain 'SSLCACertificateFile "/tmp/ssl_ca"' } + it { is_expected.to contain 'SSLCARevocationPath "/tmp/ssl_crl_path"' } + it { is_expected.to contain 'SSLCARevocationFile "/tmp/ssl_crl"' } + if $apache_version == '2.4' + it { is_expected.to contain 'SSLCARevocationCheck "chain"' } + else + it { is_expected.not_to contain 'SSLCARevocationCheck' } + end + end + end + + describe 'vhost ssl parameters' do + it 'runs without error' do + pp = <<-EOS + class { 'apache': + service_ensure => stopped, + } + + apache::vhost { 'test_ssl': + docroot => '/tmp/test', + ssl => true, + ssl_cert => '/tmp/ssl_cert', + ssl_key => '/tmp/ssl_key', + ssl_chain => '/tmp/ssl_chain', + ssl_ca => '/tmp/ssl_ca', + ssl_crl_path => '/tmp/ssl_crl_path', + ssl_crl => '/tmp/ssl_crl', + ssl_crl_check => 'chain', + ssl_certs_dir => '/tmp', + ssl_protocol => 'test', + ssl_cipher => 'test', + ssl_honorcipherorder => 'test', + ssl_verify_client => 'test', + ssl_verify_depth => 'test', + ssl_options => ['test', 'test1'], + ssl_proxyengine => true, + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{vhostd}/25-test_ssl.conf") do + it { is_expected.to be_file } + it { is_expected.to contain 'SSLCertificateFile "/tmp/ssl_cert"' } + it { is_expected.to contain 'SSLCertificateKeyFile "/tmp/ssl_key"' } + it { is_expected.to contain 'SSLCertificateChainFile "/tmp/ssl_chain"' } + it { is_expected.to contain 'SSLCACertificateFile "/tmp/ssl_ca"' } + it { is_expected.to contain 'SSLCARevocationPath "/tmp/ssl_crl_path"' } + it { is_expected.to contain 'SSLCARevocationFile "/tmp/ssl_crl"' } + it { is_expected.to contain 'SSLProxyEngine On' } + it { is_expected.to contain 'SSLProtocol test' } + it { is_expected.to contain 'SSLCipherSuite test' } + it { is_expected.to contain 'SSLHonorCipherOrder test' } + it { is_expected.to contain 'SSLVerifyClient test' } + it { is_expected.to contain 'SSLVerifyDepth test' } + it { is_expected.to contain 'SSLOptions test test1' } + if $apache_version == '2.4' + it { is_expected.to contain 'SSLCARevocationCheck "chain"' } + else + it { is_expected.not_to contain 'SSLCARevocationCheck' } + end + end + end + +end