diff --git a/.puppet-lint.rc b/.puppet-lint.rc index df733ca81..ef187bbda 100644 --- a/.puppet-lint.rc +++ b/.puppet-lint.rc @@ -1,5 +1,4 @@ --no-single_quote_string_with_variables-check --no-80chars-check --no-class_inherits_from_params_class-check ---no-class_parameter_defaults-check --no-documentation-check diff --git a/README.md b/README.md index eaf36b14a..df2c70d5a 100644 --- a/README.md +++ b/README.md @@ -774,6 +774,20 @@ The Apache module allows a lot of flexibility in the setup and configuration of The `vhost` defined type allows you to have specialized configurations for virtual hosts that have requirements outside the defaults. You can set up a default vhost within the base `::apache` class, as well as set a customized vhost as default. Your customized vhost (priority 10) will be privileged over the base class vhost (15). +The `vhost` defined type uses `concat::fragment` to build the configuration file, so if you want to inject custom fragments for pieces of the configuration not supported by default by the defined type, you can simply add a custom fragment. For the `order` parameter for the custom fragment, the `vhost` defined type uses multiples of 10, so any order that isn't a multiple of 10 should work. + +```puppet + apache::vhost { "example.com": + docroot => '/var/www/html', + priority => '25', + } + concat::fragment { "example.com-my_custom_fragment": + target => '25-example.com.conf', + order => 11, + content => '# my custom comment', + } +``` + If you have a series of specific configurations and do not want a base `::apache` class default vhost, make sure to set the base class `default_vhost` to 'false'. ```puppet diff --git a/Rakefile b/Rakefile index e1f7f013c..01c85eb99 100644 --- a/Rakefile +++ b/Rakefile @@ -2,9 +2,9 @@ require 'puppetlabs_spec_helper/rake_tasks' require 'puppet-lint/tasks/puppet-lint' PuppetLint.configuration.fail_on_warnings +PuppetLint.configuration.send('relative') PuppetLint.configuration.send('disable_80chars') PuppetLint.configuration.send('disable_class_inherits_from_params_class') -PuppetLint.configuration.send('disable_class_parameter_defaults') PuppetLint.configuration.send('disable_documentation') PuppetLint.configuration.send('disable_single_quote_string_with_variables') PuppetLint.configuration.send('disable_only_variable_string') diff --git a/manifests/vhost.pp b/manifests/vhost.pp index cc9d837e7..95289ac40 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -1,177 +1,101 @@ -# Definition: apache::vhost -# -# This class installs Apache Virtual Hosts -# -# Parameters: -# - The $port to configure the host on -# - The $docroot provides the DocumentRoot variable -# - The $virtual_docroot provides VirtualDocumentationRoot variable -# - The $serveradmin will specify an email address for Apache that it will -# display when it renders one of it's error pages -# - The $ssl option is set true or false to enable SSL for this Virtual Host -# - The $priority of the site -# - The $servername is the primary name of the virtual host -# - The $serveraliases of the site -# - The $ip to configure the host on, defaulting to * -# - The $options for the given vhost -# - The $override for the given vhost (list of AllowOverride arguments) -# - The $vhost_name for name based virtualhosting, defaulting to * -# - The $logroot specifies the location of the virtual hosts logfiles, default -# to /var/log// -# - The $log_level specifies the verbosity of the error log for this vhost. Not -# set by default for the vhost, instead the global server configuration default -# of 'warn' is used. -# - The $access_log specifies if *_access.log directives should be configured. -# - The $ensure specifies if vhost file is present or absent. -# - The $headers is a list of Header statement strings as per http://httpd.apache.org/docs/2.2/mod/mod_headers.html#header -# - The $request_headers is a list of RequestHeader statement strings as per http://httpd.apache.org/docs/2.2/mod/mod_headers.html#requestheader -# - $aliases is a list of Alias hashes for mod_alias as per http://httpd.apache.org/docs/current/mod/mod_alias.html -# each statement is a hash in the form of { alias => '/alias', path => '/real/path/to/directory' } -# - $directories is a lost of hashes for creating statements as per http://httpd.apache.org/docs/2.2/mod/core.html#directory -# each statement is a hash in the form of { path => '/path/to/directory', => } -# see README.md for list of supported directives. -# -# Actions: -# - Install Apache Virtual Hosts -# -# Requires: -# - The apache class -# -# Sample Usage: -# -# # Simple vhost definition: -# apache::vhost { 'site.name.fqdn': -# port => '80', -# docroot => '/path/to/docroot', -# } -# -# # Multiple Mod Rewrites: -# apache::vhost { 'site.name.fqdn': -# port => '80', -# docroot => '/path/to/docroot', -# rewrites => [ -# { -# comment => 'force www domain', -# rewrite_cond => ['%{HTTP_HOST} ^([a-z.]+)?example.com$ [NC]', '%{HTTP_HOST} !^www. [NC]'], -# rewrite_rule => ['.? http://www.%1example.com%{REQUEST_URI} [R=301,L]'] -# }, -# { -# comment => 'prevent image hotlinking', -# rewrite_cond => ['%{HTTP_REFERER} !^$', '%{HTTP_REFERER} !^http://(www.)?example.com/ [NC]'], -# rewrite_rule => ['.(gif|jpg|png)$ - [F]'] -# }, -# ] -# } -# -# # SSL vhost with non-SSL rewrite: -# apache::vhost { 'site.name.fqdn': -# port => '443', -# ssl => true, -# docroot => '/path/to/docroot', -# } -# apache::vhost { 'site.name.fqdn': -# port => '80', -# docroot => '/path/to/other_docroot', -# custom_fragment => template("${module_name}/my_fragment.erb"), -# } -# +# See README.md for usage information define apache::vhost( - $docroot, - $manage_docroot = true, - $virtual_docroot = false, - $port = undef, - $ip = undef, - $ip_based = false, - $add_listen = true, - $docroot_owner = 'root', - $docroot_group = $::apache::params::root_group, - $docroot_mode = undef, - $serveradmin = undef, - $ssl = false, - $ssl_cert = $::apache::default_ssl_cert, - $ssl_key = $::apache::default_ssl_key, - $ssl_chain = $::apache::default_ssl_chain, - $ssl_ca = $::apache::default_ssl_ca, - $ssl_crl_path = $::apache::default_ssl_crl_path, - $ssl_crl = $::apache::default_ssl_crl, - $ssl_certs_dir = $::apache::params::ssl_certs_dir, - $ssl_protocol = undef, - $ssl_cipher = undef, - $ssl_honorcipherorder = undef, - $ssl_verify_client = undef, - $ssl_verify_depth = undef, - $ssl_options = undef, - $ssl_proxyengine = false, - $priority = undef, - $default_vhost = false, - $servername = $name, - $serveraliases = [], - $options = ['Indexes','FollowSymLinks','MultiViews'], - $override = ['None'], - $directoryindex = '', - $vhost_name = '*', - $logroot = $::apache::logroot, - $logroot_mode = undef, - $log_level = undef, - $access_log = true, - $access_log_file = undef, - $access_log_pipe = undef, - $access_log_syslog = undef, - $access_log_format = undef, - $access_log_env_var = undef, - $aliases = undef, - $directories = undef, - $error_log = true, - $error_log_file = undef, - $error_log_pipe = undef, - $error_log_syslog = undef, - $error_documents = [], - $fallbackresource = undef, - $scriptalias = undef, - $scriptaliases = [], - $proxy_dest = undef, - $proxy_pass = undef, - $suphp_addhandler = $::apache::params::suphp_addhandler, - $suphp_engine = $::apache::params::suphp_engine, - $suphp_configpath = $::apache::params::suphp_configpath, - $php_admin_flags = [], - $php_admin_values = [], - $no_proxy_uris = [], - $proxy_preserve_host = false, - $redirect_source = '/', - $redirect_dest = undef, - $redirect_status = undef, - $redirectmatch_status = undef, - $redirectmatch_regexp = undef, - $rack_base_uris = undef, - $headers = undef, - $request_headers = undef, - $rewrites = undef, - $rewrite_base = undef, - $rewrite_rule = undef, - $rewrite_cond = undef, - $setenv = [], - $setenvif = [], - $block = [], - $ensure = 'present', - $wsgi_application_group = undef, - $wsgi_daemon_process = undef, - $wsgi_daemon_process_options = undef, - $wsgi_import_script = undef, - $wsgi_import_script_options = undef, - $wsgi_process_group = undef, - $wsgi_script_aliases = undef, - $wsgi_pass_authorization = undef, - $custom_fragment = undef, - $itk = undef, - $action = undef, - $fastcgi_server = undef, - $fastcgi_socket = undef, - $fastcgi_dir = undef, - $additional_includes = [], - $apache_version = $::apache::apache_version, - $suexec_user_group = undef, - ) { + $docroot, + $manage_docroot = true, + $virtual_docroot = false, + $port = undef, + $ip = undef, + $ip_based = false, + $add_listen = true, + $docroot_owner = 'root', + $docroot_group = $::apache::params::root_group, + $docroot_mode = undef, + $serveradmin = undef, + $ssl = false, + $ssl_cert = $::apache::default_ssl_cert, + $ssl_key = $::apache::default_ssl_key, + $ssl_chain = $::apache::default_ssl_chain, + $ssl_ca = $::apache::default_ssl_ca, + $ssl_crl_path = $::apache::default_ssl_crl_path, + $ssl_crl = $::apache::default_ssl_crl, + $ssl_certs_dir = $::apache::params::ssl_certs_dir, + $ssl_protocol = undef, + $ssl_cipher = undef, + $ssl_honorcipherorder = undef, + $ssl_verify_client = undef, + $ssl_verify_depth = undef, + $ssl_options = undef, + $ssl_proxyengine = false, + $priority = undef, + $default_vhost = false, + $servername = $name, + $serveraliases = [], + $options = ['Indexes','FollowSymLinks','MultiViews'], + $override = ['None'], + $directoryindex = '', + $vhost_name = '*', + $logroot = $::apache::logroot, + $logroot_mode = undef, + $log_level = undef, + $access_log = true, + $access_log_file = undef, + $access_log_pipe = undef, + $access_log_syslog = undef, + $access_log_format = undef, + $access_log_env_var = undef, + $aliases = undef, + $directories = undef, + $error_log = true, + $error_log_file = undef, + $error_log_pipe = undef, + $error_log_syslog = undef, + $error_documents = [], + $fallbackresource = undef, + $scriptalias = undef, + $scriptaliases = [], + $proxy_dest = undef, + $proxy_pass = undef, + $suphp_addhandler = $::apache::params::suphp_addhandler, + $suphp_engine = $::apache::params::suphp_engine, + $suphp_configpath = $::apache::params::suphp_configpath, + $php_admin_flags = [], + $php_admin_values = [], + $no_proxy_uris = [], + $proxy_preserve_host = false, + $redirect_source = '/', + $redirect_dest = undef, + $redirect_status = undef, + $redirectmatch_status = undef, + $redirectmatch_regexp = undef, + $rack_base_uris = undef, + $headers = undef, + $request_headers = undef, + $rewrites = undef, + $rewrite_base = undef, + $rewrite_rule = undef, + $rewrite_cond = undef, + $setenv = [], + $setenvif = [], + $block = [], + $ensure = 'present', + $wsgi_application_group = undef, + $wsgi_daemon_process = undef, + $wsgi_daemon_process_options = undef, + $wsgi_import_script = undef, + $wsgi_import_script_options = undef, + $wsgi_process_group = undef, + $wsgi_script_aliases = undef, + $wsgi_pass_authorization = undef, + $custom_fragment = undef, + $itk = undef, + $action = undef, + $fastcgi_server = undef, + $fastcgi_socket = undef, + $fastcgi_dir = undef, + $additional_includes = [], + $apache_version = $::apache::apache_version, + $suexec_user_group = undef, +) { # The base class must be included first because it is used by parameter defaults if ! defined(Class['apache']) { fail('You must include the apache base class before using any apache defined resources') @@ -285,7 +209,7 @@ group => $docroot_group, mode => $docroot_mode, require => Package['httpd'], - before => File["${priority_real}-${filename}.conf"], + before => Concat["${priority_real}-${filename}.conf"], } } @@ -454,91 +378,9 @@ $_directories = [ merge($_directory, $_directory_version) ] } - # Template uses: - # - $nvh_addr_port - # - $servername - # - $serveradmin - # - $docroot - # - $virtual_docroot - # - $options - # - $override - # - $logroot - # - $name - # - $aliases - # - $_directories - # - $log_level - # - $access_log - # - $access_log_destination - # - $_access_log_format - # - $_access_log_env_var - # - $error_log - # - $error_log_destination - # - $error_documents - # - $fallbackresource - # - $custom_fragment - # - $additional_includes - # block fragment: - # - $block - # directories fragment: - # - $passenger_enabled - # - $php_admin_flags - # - $php_admin_values - # - $directories (a list of key-value hashes is expected) - # fastcgi fragment: - # - $fastcgi_server - # - $fastcgi_socket - # - $fastcgi_dir - # proxy fragment: - # - $proxy_dest - # - $no_proxy_uris - # - $proxy_preserve_host (true to set ProxyPreserveHost to on and false to off - # rack fragment: - # - $rack_base_uris - # redirect fragment: - # - $redirect_source - # - $redirect_dest - # - $redirect_status - # header fragment - # - $headers - # requestheader fragment: - # - $request_headers - # rewrite fragment: - # - $rewrites - # scriptalias fragment: - # - $scriptalias - # - $scriptaliases - # - $ssl - # serveralias fragment: - # - $serveraliases - # setenv fragment: - # - $setenv - # - $setenvif - # ssl fragment: - # - $ssl - # - $ssl_cert - # - $ssl_key - # - $ssl_chain - # - $ssl_certs_dir - # - $ssl_ca - # - $ssl_crl - # - $ssl_crl_path - # - $ssl_verify_client - # - $ssl_verify_depth - # - $ssl_options - # suphp fragment: - # - $suphp_addhandler - # - $suphp_engine - # - $suphp_configpath - # wsgi fragment: - # - $wsgi_application_group - # - $wsgi_daemon_process - # - $wsgi_import_script - # - $wsgi_process_group - # - $wsgi_script_aliases - file { "${priority_real}-${filename}.conf": + concat { "${priority_real}-${filename}.conf": ensure => $ensure, path => "${::apache::vhost_dir}/${priority_real}-${filename}.conf", - content => template('apache/vhost.conf.erb'), owner => 'root', group => $::apache::params::root_group, mode => '0644', @@ -558,8 +400,357 @@ owner => 'root', group => $::apache::params::root_group, mode => '0644', - require => File["${priority_real}-${filename}.conf"], + require => Concat["${priority_real}-${filename}.conf"], notify => Service['httpd'], } } + + # Template uses: + # - $nvh_addr_port + # - $servername + # - $serveradmin + concat::fragment { "${name}-apache-header": + target => "${priority_real}-${filename}.conf", + order => 0, + content => template('apache/vhost/_file_header.erb'), + } + + # Template uses: + # - $virtual_docroot + # - $docroot + concat::fragment { "${name}-docroot": + target => "${priority_real}-${filename}.conf", + order => 10, + content => template('apache/vhost/_docroot.erb'), + } + + # Template uses: + # - $aliases + if $aliases and ! empty($aliases) { + concat::fragment { "${name}-aliases": + target => "${priority_real}-${filename}.conf", + order => 20, + content => template('apache/vhost/_aliases.erb'), + } + } + + # Template uses: + # - $itk + # - $::kernelversion + if $itk and ! empty($itk) { + concat::fragment { "${name}-itk": + target => "${priority_real}-${filename}.conf", + order => 30, + content => template('apache/vhost/_itk.erb'), + } + } + + # Template uses: + # - $fallbackresource + if $fallbackresource { + concat::fragment { "${name}-fallbackresource": + target => "${priority_real}-${filename}.conf", + order => 40, + content => template('apache/vhost/_fallbackresource.erb'), + } + } + + # Template uses: + # - $_directories + # - $docroot + # - $apache_version + # - $suphp_engine + if $_directories and ! empty($_directories) { + concat::fragment { "${name}-directories": + target => "${priority_real}-${filename}.conf", + order => 50, + content => template('apache/vhost/_directories.erb'), + } + } + + # Template uses: + # - $additional_includes + if $additional_includes and ! empty($additional_includes) { + concat::fragment { "${name}-additional_includes": + target => "${priority_real}-${filename}.conf", + order => 60, + content => template('apache/vhost/_additional_includes.erb'), + } + } + + # Template uses: + # - $error_log + # - $log_level + # - $error_log_destination + # - $log_level + if $error_log or $log_level { + concat::fragment { "${name}-logging": + target => "${priority_real}-${filename}.conf", + order => 70, + content => template('apache/vhost/_logging.erb'), + } + } + + # Template uses no variables + concat::fragment { "${name}-serversignature": + target => "${priority_real}-${filename}.conf", + order => 80, + content => template('apache/vhost/_serversignature.erb'), + } + + # Template uses: + # - $access_log + # - $_access_log_env_var + # - $access_log_destination + # - $_access_log_format + # - $_access_log_env_var + if $access_log { + concat::fragment { "${name}-access_log": + target => "${priority_real}-${filename}.conf", + order => 90, + content => template('apache/vhost/_access_log.erb'), + } + } + + # Template uses: + # - $action + if $action { + concat::fragment { "${name}-action": + target => "${priority_real}-${filename}.conf", + order => 100, + content => template('apache/vhost/_action.erb'), + } + } + + # Template uses: + # - $block + # - $apache_version + if $block and ! empty($block) { + concat::fragment { "${name}-block": + target => "${priority_real}-${filename}.conf", + order => 110, + content => template('apache/vhost/_block.erb'), + } + } + + # Template uses: + # - $error_documents + if $error_documents and ! empty($error_documents) { + concat::fragment { "${name}-error_document": + target => "${priority_real}-${filename}.conf", + order => 120, + content => template('apache/vhost/_error_document.erb'), + } + } + + # Template uses: + # - $proxy_dest + # - $proxy_pass + # - $proxy_preserve_host + # - $no_proxy_uris + if $proxy_dest or $proxy_pass { + concat::fragment { "${name}-proxy": + target => "${priority_real}-${filename}.conf", + order => 130, + content => template('apache/vhost/_proxy.erb'), + } + } + + # Template uses: + # - $rack_base_uris + if $rack_base_uris { + concat::fragment { "${name}-rack": + target => "${priority_real}-${filename}.conf", + order => 140, + content => template('apache/vhost/_rack.erb'), + } + } + + # Template uses: + # - $redirect_source + # - $redirect_dest + # - $redirect_status + # - $redirect_dest_a + # - $redirect_source_a + # - $redirect_status_a + # - $redirectmatch_status + # - $redirectmatch_regexp + # - $redirectmatch_status_a + # - $redirectmatch_regexp_a + if ($redirect_source and $redirect_dest) or ($redirectmatch_status and $redirectmatch_regexp) { + concat::fragment { "${name}-redirect": + target => "${priority_real}-${filename}.conf", + order => 150, + content => template('apache/vhost/_redirect.erb'), + } + } + + # Template uses: + # - $rewrites + # - $rewrite_base + # - $rewrite_rule + # - $rewrite_cond + if $rewrites or $rewrite_rule { + concat::fragment { "${name}-rewrite": + target => "${priority_real}-${filename}.conf", + order => 160, + content => template('apache/vhost/_rewrite.erb'), + } + } + + # Template uses: + # - $scriptaliases + # - $scriptalias + if $scriptaliases and ! empty($scriptaliases) { + concat::fragment { "${name}-scriptalias": + target => "${priority_real}-${filename}.conf", + order => 170, + content => template('apache/vhost/_scriptalias.erb'), + } + } + + # Template uses: + # - $serveraliases + if $serveraliases and ! empty($serveraliases) { + concat::fragment { "${name}-serveralias": + target => "${priority_real}-${filename}.conf", + order => 180, + content => template('apache/vhost/_serveralias.erb'), + } + } + + # Template uses: + # - $setenv + # - $setenvif + if ($setenv and ! empty($setenv)) or ($setenvif and ! empty($setenvif)) { + concat::fragment { "${name}-setenv": + target => "${priority_real}-${filename}.conf", + order => 190, + content => template('apache/vhost/_setenv.erb'), + } + } + + # Template uses: + # - $ssl + # - $ssl_cert + # - $ssl_key + # - $ssl_chain + # - $ssl_certs_dir + # - $ssl_ca + # - $ssl_crl_path + # - $ssl_crl + # - $ssl_proxyengine + # - $ssl_protocol + # - $ssl_cipher + # - $ssl_honorcipherorder + # - $ssl_verify_client + # - $ssl_verify_depth + # - $ssl_options + if $ssl { + concat::fragment { "${name}-ssl": + target => "${priority_real}-${filename}.conf", + order => 200, + content => template('apache/vhost/_ssl.erb'), + } + } + + # Template uses: + # - $suphp_engine + # - $suphp_addhandler + # - $suphp_configpath + if $suphp_engine == 'on' { + concat::fragment { "${name}-suphp": + target => "${priority_real}-${filename}.conf", + order => 210, + content => template('apache/vhost/_suphp.erb'), + } + } + + # Template uses: + # - $php_admin_values + # - $php_admin_flags + if ($php_admin_values and ! empty($php_admin_values)) or ($php_admin_flags and ! empty($php_admin_flags)) { + concat::fragment { "${name}-php_admin": + target => "${priority_real}-${filename}.conf", + order => 220, + content => template('apache/vhost/_php_admin.erb'), + } + } + + # Template uses: + # - $headers + if $headers and ! empty($headers) { + concat::fragment { "${name}-header": + target => "${priority_real}-${filename}.conf", + order => 230, + content => template('apache/vhost/_header.erb'), + } + } + + # Template uses: + # - $request_headers + if $request_headers and ! empty($request_headers) { + concat::fragment { "${name}-requestheader": + target => "${priority_real}-${filename}.conf", + order => 240, + content => template('apache/vhost/_requestheader.erb'), + } + } + + # Template uses: + # - $wsgi_application_group + # - $wsgi_daemon_process + # - $wsgi_daemon_process_options + # - $wsgi_import_script + # - $wsgi_import_script_options + # - $wsgi_process_group + # - $wsgi_script_aliases + # - $wsgi_pass_authorization + if $wsgi_application_group or $wsgi_daemon_process or ($wsgi_import_script and $wsgi_import_script_options) or $wsgi_process_group or ($wsgi_script_aliases and ! empty($wsgi_script_aliases)) or $wsgi_pass_authorization { + concat::fragment { "${name}-wsgi": + target => "${priority_real}-${filename}.conf", + order => 250, + content => template('apache/vhost/_wsgi.erb'), + } + } + + # Template uses: + # - $custom_fragment + if $custom_fragment { + concat::fragment { "${name}-custom_fragment": + target => "${priority_real}-${filename}.conf", + order => 260, + content => template('apache/vhost/_custom_fragment.erb'), + } + } + + # Template uses: + # - $fastcgi_server + # - $fastcgi_socket + # - $fastcgi_dir + # - $apache_version + if $fastcgi_server or $fastcgi_dir { + concat::fragment { "${name}-fastcgi": + target => "${priority_real}-${filename}.conf", + order => 270, + content => template('apache/vhost/_fastcgi.erb'), + } + } + + # Template uses: + # - $suexec_user_group + if $suexec_user_group { + concat::fragment { "${name}-suexec": + target => "${priority_real}-${filename}.conf", + order => 280, + content => template('apache/vhost/_suexec.erb'), + } + } + + # Template uses no variables + concat::fragment { "${name}-file_footer": + target => "${priority_real}-${filename}.conf", + order => 999, + content => template('apache/vhost/_file_footer.erb'), + } } diff --git a/metadata.json b/metadata.json index f225f70e9..fba59e7c3 100644 --- a/metadata.json +++ b/metadata.json @@ -74,7 +74,7 @@ }, { "name": "puppetlabs/concat", - "version_requirement": ">= 1.0.0" + "version_requirement": ">= 1.1.0" } ] } diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index e47765bf7..bc131a1c5 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -2,7 +2,7 @@ describe 'apache::vhost', :type => :define do let :pre_condition do - 'class { "apache": default_vhost => false, }' + 'class { "apache": default_vhost => false, default_mods => false, }' end let :title do 'rspec.example.com' @@ -100,1496 +100,481 @@ it { is_expected.to contain_apache__listen(params[:port]) } it { is_expected.to contain_apache__namevirtualhost("*:#{params[:port]}") } end - - # All match and notmatch should be a list of regexs and exact match strings - context ".conf content" do - [ - { - :title => 'should contain docroot', - :attr => 'docroot', - :value => '/not/default', - :match => [/^ DocumentRoot "\/not\/default"$/,/ /], - }, - { - :title => 'should set a port', - :attr => 'port', - :value => '8080', - :match => [/^$/], - }, - { - :title => 'should set an ip', - :attr => 'ip', - :value => '10.0.0.1', - :match => [/^$/], - }, - { - :title => 'should set a serveradmin', - :attr => 'serveradmin', - :value => 'test@test.com', - :match => [/^ ServerAdmin test@test.com$/], - }, - { - :title => 'should enable ssl', - :attr => 'ssl', - :value => true, - :match => [/^ SSLEngine on$/], - }, - { - :title => 'should set a servername', - :attr => 'servername', - :value => 'param.test', - :match => [/^ ServerName param.test$/], - }, - { - :title => 'should accept server aliases', - :attr => 'serveraliases', - :value => ['one.com','two.com'], - :match => [ - /^ ServerAlias one\.com$/, - /^ ServerAlias two\.com$/ - ], - }, - { - :title => 'should accept setenv', - :attr => 'setenv', - :value => ['TEST1 one','TEST2 two'], - :match => [ - /^ SetEnv TEST1 one$/, - /^ SetEnv TEST2 two$/ - ], - }, - { - :title => 'should accept setenvif', - :attr => 'setenvif', - ## These are bugged in rspec-puppet; the $1 is droped - #:value => ['Host "^([^\.]*)\.website\.com$" CLIENT_NAME=$1'], - #:match => [' SetEnvIf Host "^([^\.]*)\.website\.com$" CLIENT_NAME=$1'], - :value => ['Host "^test\.com$" VHOST_ACCESS=test'], - :match => [/^ SetEnvIf Host "\^test\\.com\$" VHOST_ACCESS=test$/], - }, - { - :title => 'should accept options', - :attr => 'options', - :value => ['Fake','Options'], - :match => [/^ Options Fake Options$/], - }, - { - :title => 'should accept overrides', - :attr => 'override', - :value => ['Fake', 'Override'], - :match => [/^ AllowOverride Fake Override$/], - }, - { - :title => 'should accept logroot', - :attr => 'logroot', - :value => '/fake/log', - :match => [/CustomLog "\/fake\/log\//,/ErrorLog "\/fake\/log\//], - }, - { - :title => 'should accept log_level', - :attr => 'log_level', - :value => 'info', - :match => [/LogLevel info/], - }, - { - :title => 'should accept pipe destination for access log', - :attr => 'access_log_pipe', - :value => '| /bin/fake/logging', - :match => [/CustomLog "| \/bin\/fake\/logging" combined$/], - }, - { - :title => 'should accept pipe destination for error log', - :attr => 'error_log_pipe', - :value => '| /bin/fake/logging', - :match => [/ErrorLog "| \/bin\/fake\/logging" combined$/], - }, - { - :title => 'should accept syslog destination for access log', - :attr => 'access_log_syslog', - :value => 'syslog:local1', - :match => [/CustomLog "syslog:local1" combined$/], - }, - { - :title => 'should accept syslog destination for error log', - :attr => 'error_log_syslog', - :value => 'syslog', - :match => [/ErrorLog "syslog"$/], - }, - { - :title => 'should accept custom format for access logs', - :attr => 'access_log_format', - :value => '%h %{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\" \"Host: %{Host}i\" %T %D', - :match => [/CustomLog "\/var\/log\/.+_access\.log" "%h %\{X-Forwarded-For\}i %l %u %t \\"%r\\" %s %b \\"%\{Referer\}i\\" \\"%\{User-agent\}i\\" \\"Host: %\{Host\}i\\" %T %D"$/], - }, - { - :title => 'should contain access logs', - :attr => 'access_log', - :value => true, - :match => [/CustomLog "\/var\/log\/.+_access\.log" combined$/], - }, - { - :title => 'should not contain access logs', - :attr => 'access_log', - :value => false, - :notmatch => [/CustomLog "\/var\/log\/.+_access\.log" combined$/], - }, - { - :title => 'should contain error logs', - :attr => 'error_log', - :value => true, - :match => [/ErrorLog.+$/], - }, - { - :title => 'should not contain error logs', - :attr => 'error_log', - :value => false, - :notmatch => [/ErrorLog.+$/], - }, - { - :title => 'should set ErrorDocument 503', - :attr => 'error_documents', - :value => [ { 'error_code' => '503', 'document' => '"Go away, the backend is broken."'}], - :match => [/^ ErrorDocument 503 "Go away, the backend is broken."$/], - }, - { - :title => 'should set ErrorDocuments 503 407', - :attr => 'error_documents', - :value => [ - { 'error_code' => '503', 'document' => '/service-unavail'}, - { 'error_code' => '407', 'document' => 'https://example.com/proxy/login'}, - ], - :match => [ - /^ ErrorDocument 503 \/service-unavail$/, - /^ ErrorDocument 407 https:\/\/example\.com\/proxy\/login$/, - ], - }, - { - :title => 'should set ErrorDocument 503 in directory', - :attr => 'directories', - :value => { 'path' => '/srv/www', 'error_documents' => [{ 'error_code' => '503', 'document' => '"Go away, the backend is broken."'}] }, - :match => [/^ ErrorDocument 503 "Go away, the backend is broken."$/], - }, - { - :title => 'should set ErrorDocuments 503 407 in directory', - :attr => 'directories', - :value => { 'path' => '/srv/www', 'error_documents' => - [ - { 'error_code' => '503', 'document' => '/service-unavail'}, - { 'error_code' => '407', 'document' => 'https://example.com/proxy/login'}, - ]}, - :match => [ - /^ ErrorDocument 503 \/service-unavail$/, - /^ ErrorDocument 407 https:\/\/example\.com\/proxy\/login$/, - ], - }, - { - :title => 'should accept a scriptalias', - :attr => 'scriptalias', - :value => '/usr/scripts', - :match => [ - /^ ScriptAlias \/cgi-bin "\/usr\/scripts"$/, - ], - }, - { - :title => 'should accept a single scriptaliases', - :attr => 'scriptaliases', - :value => { 'alias' => '/blah/', 'path' => '/usr/scripts' }, - :match => [ - /^ ScriptAlias \/blah\/ "\/usr\/scripts"$/, - ], - :nomatch => [/ScriptAlias \/cgi\-bin\//], - }, - { - :title => 'should accept multiple scriptaliases', - :attr => 'scriptaliases', - :value => [ { 'alias' => '/blah', 'path' => '/usr/scripts' }, { 'alias' => '/blah2', 'path' => '/usr/scripts' } ], - :match => [ - /^ ScriptAlias \/blah "\/usr\/scripts"$/, - /^ ScriptAlias \/blah2 "\/usr\/scripts"$/, - ], - :nomatch => [/ScriptAlias \/cgi\-bin\//], - }, - { - :title => 'should accept multiple scriptaliases with and without trailing slashes', - :attr => 'scriptaliases', - :value => [ { 'alias' => '/blah', 'path' => '/usr/scripts' }, { 'alias' => '/blah2/', 'path' => '/usr/scripts2/' } ], - :match => [ - /^ ScriptAlias \/blah "\/usr\/scripts"$/, - /^ ScriptAlias \/blah2\/ "\/usr\/scripts2\/"$/, - ], - :nomatch => [/ScriptAlias \/cgi\-bin\//], - }, - { - :title => 'should accept a ScriptAliasMatch directive', - :attr => 'scriptaliases', - ## XXX As mentioned above, rspec-puppet drops constructs like $1. - ## Thus, these tests don't work as they should. As a workaround we - ## use FOO instead of $1 here. - :value => [ { 'aliasmatch' => '^/cgi-bin(.*)', 'path' => '/usr/local/apache/cgi-binFOO' } ], - :match => [ - /^ ScriptAliasMatch \^\/cgi-bin\(\.\*\) "\/usr\/local\/apache\/cgi-binFOO"$/ - ], - }, - { - :title => 'should accept multiple ScriptAliasMatch directives', - :attr => 'scriptaliases', - ## XXX As mentioned above, rspec-puppet drops constructs like $1. - ## Thus, these tests don't work as they should. As a workaround we - ## use FOO instead of $1 here. - :value => [ - { 'aliasmatch' => '^/cgi-bin(.*)', 'path' => '/usr/local/apache/cgi-binFOO' }, - { 'aliasmatch' => '"(?x)^/git/(.*/(HEAD|info/refs|objects/(info/[^/]+|[0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(pack|idx))|git-(upload|receive)-pack))"', 'path' => '/var/www/bin/gitolite-suexec-wrapper/FOO' }, - ], - :match => [ - /^ ScriptAliasMatch \^\/cgi-bin\(\.\*\) "\/usr\/local\/apache\/cgi-binFOO"$/, - /^ ScriptAliasMatch "\(\?x\)\^\/git\/\(\.\*\/\(HEAD\|info\/refs\|objects\/\(info\/\[\^\/\]\+\|\[0-9a-f\]\{2\}\/\[0-9a-f\]\{38\}\|pack\/pack-\[0-9a-f\]\{40\}\\\.\(pack\|idx\)\)\|git-\(upload\|receive\)-pack\)\)" "\/var\/www\/bin\/gitolite-suexec-wrapper\/FOO"$/, - ], - }, - { - :title => 'should accept mixed ScriptAlias and ScriptAliasMatch directives', - :attr => 'scriptaliases', - ## XXX As mentioned above, rspec-puppet drops constructs like $1. - ## Thus, these tests don't work as they should. As a workaround we - ## use FOO instead of $1 here. - :value => [ - { 'aliasmatch' => '"(?x)^/git/(.*/(HEAD|info/refs|objects/(info/[^/]+|[0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(pack|idx))|git-(upload|receive)-pack))"', 'path' => '/var/www/bin/gitolite-suexec-wrapper/FOO' }, - { 'alias' => '/git', 'path' => '/var/www/gitweb/index.cgi' }, - { 'aliasmatch' => '^/cgi-bin(.*)', 'path' => '/usr/local/apache/cgi-binFOO' }, - { 'alias' => '/trac', 'path' => '/etc/apache2/trac.fcgi' }, - ], - :match => [ - /^ ScriptAliasMatch "\(\?x\)\^\/git\/\(\.\*\/\(HEAD\|info\/refs\|objects\/\(info\/\[\^\/\]\+\|\[0-9a-f\]\{2\}\/\[0-9a-f\]\{38\}\|pack\/pack-\[0-9a-f\]\{40\}\\\.\(pack\|idx\)\)\|git-\(upload\|receive\)-pack\)\)" "\/var\/www\/bin\/gitolite-suexec-wrapper\/FOO"$/, - /^ ScriptAlias \/git "\/var\/www\/gitweb\/index\.cgi"$/, - /^ ScriptAliasMatch \^\/cgi-bin\(\.\*\) "\/usr\/local\/apache\/cgi-binFOO"$/, - /^ ScriptAlias \/trac "\/etc\/apache2\/trac.fcgi"$/, - ], - }, - { - :title => 'should accept proxy destinations', - :attr => 'proxy_dest', - :value => 'http://fake.com', - :match => [ - /^ ProxyPass \/ http:\/\/fake.com\/$/, - /^ $/, - /^ ProxyPassReverse http:\/\/fake.com\/$/, - /^ <\/Location>$/, - ], - :notmatch => [/ProxyPass .+!$/], - }, - { - :title => 'should accept proxy_pass hash', - :attr => 'proxy_pass', - :value => { 'path' => '/path-a', 'url' => 'http://fake.com/a' }, - :match => [ - /^ ProxyPass \/path-a http:\/\/fake.com\/a$/, - /^ $/, - /^ ProxyPassReverse http:\/\/fake.com\/a$/, - /^ <\/Location>$/, - - ], - :notmatch => [/ProxyPass .+!$/], - }, - { - :title => 'should accept reverse_urls string', - :attr => 'proxy_pass', - :value => { 'path' => '/path-a', 'url' => 'http://fake.com/a', 'reverse_urls' => 'http://127.0.0.1:8080' }, - :match => [ - /^ ProxyPass \/path-a http:\/\/fake.com\/a$/, - /^ $/, - /^ ProxyPassReverse http:\/\/127.0.0.1:8080$/, - /^ <\/Location>$/, - - ], - :notmatch => [/^ ProxyPassReverse http:\/\/fake.com\/a$/], - }, - { - :title => 'should accept reverse_urls array', - :attr => 'proxy_pass', - :value => { 'path' => '/path-a', 'url' => 'http://fake.com/a', 'reverse_urls' => ['http://127.0.0.1:8080', 'http://127.0.0.1:8081'] }, - :match => [ - /^ ProxyPass \/path-a http:\/\/fake.com\/a$/, - /^ $/, - /^ ProxyPassReverse http:\/\/127.0.0.1:8080$/, - /^ ProxyPassReverse http:\/\/127.0.0.1:8081$/, - /^ <\/Location>$/, - - ], - :notmatch => [/^ ProxyPassReverse http:\/\/fake.com\/a$/], - }, - { - :title => 'should accept proxy_pass array of hash', - :attr => 'proxy_pass', - :value => [ - { 'path' => '/path-a/', 'url' => 'http://fake.com/a/' }, - { 'path' => '/path-b', 'url' => 'http://fake.com/b' }, - ], - :match => [ - /^ ProxyPass \/path-a\/ http:\/\/fake.com\/a\/$/, - /^ $/, - /^ ProxyPassReverse http:\/\/fake.com\/a\/$/, - /^ <\/Location>$/, - /^ ProxyPass \/path-b http:\/\/fake.com\/b$/, - /^ $/, - /^ ProxyPassReverse http:\/\/fake.com\/b$/, - /^ <\/Location>$/, - ], - :notmatch => [/ProxyPass .+!$/], - }, - { - :title => 'should enable rack', - :attr => 'rack_base_uris', - :value => ['/rack1','/rack2'], - :match => [ - /^ RackBaseURI \/rack1$/, - /^ RackBaseURI \/rack2$/, - ], - }, - { - :title => 'should accept headers', - :attr => 'headers', - :value => ['add something', 'merge something_else'], - :match => [ - /^ Header add something$/, - /^ Header merge something_else$/, - ], - }, - { - :title => 'should accept request headers', - :attr => 'request_headers', - :value => ['append something', 'unset something_else'], - :match => [ - /^ RequestHeader append something$/, - /^ RequestHeader unset something_else$/, - ], - }, - { - :title => 'should accept rewrite rules', - :attr => 'rewrite_rule', - :value => 'not a real rule', - :match => [/^ RewriteRule not a real rule$/], - }, - { - :title => 'should accept rewrite rules', - :attr => 'rewrites', - :value => [{'rewrite_rule' => ['not a real rule']}], - :match => [/^ RewriteRule not a real rule$/], - }, - { - :title => 'should accept rewrite comment', - :attr => 'rewrites', - :value => [{'comment' => 'rewrite comment', 'rewrite_rule' => ['not a real rule']}], - :match => [/^ #rewrite comment/], - }, - { - :title => 'should accept rewrite conditions', - :attr => 'rewrites', - :value => [{'comment' => 'redirect IE', 'rewrite_cond' => ['%{HTTP_USER_AGENT} ^MSIE'], 'rewrite_rule' => ['^index\.html$ welcome.html'],}], - :match => [ - /^ #redirect IE$/, - /^ RewriteCond %{HTTP_USER_AGENT} \^MSIE$/, - /^ RewriteRule \^index\\\.html\$ welcome.html$/, - ], - }, - { - :title => 'should accept multiple rewrites', - :attr => 'rewrites', - :value => [ - {'rewrite_rule' => ['not a real rule']}, - {'rewrite_rule' => ['not a real rule two']}, - ], - :match => [ - /^ RewriteRule not a real rule$/, - /^ RewriteRule not a real rule two$/, - ], - }, - { - :title => 'should block scm', - :attr => 'block', - :value => 'scm', - :match => [/^ $/], - }, - { - :title => 'should accept a custom fragment', - :attr => 'custom_fragment', - :value => " Some custom fragment line\n That spans multiple lines", - :match => [ - /^ Some custom fragment line$/, - /^ That spans multiple lines$/, - /^<\/VirtualHost>$/, - ], - }, - { - :title => 'should accept an array of alias hashes', - :attr => 'aliases', - :value => [ { 'alias' => '/', 'path' => '/var/www'} ], - :match => [/^ Alias \/ "\/var\/www"$/], - }, - { - :title => 'should accept an alias hash', - :attr => 'aliases', - :value => { 'alias' => '/', 'path' => '/var/www'}, - :match => [/^ Alias \/ "\/var\/www"$/], - }, - { - :title => 'should accept multiple aliases', - :attr => 'aliases', - :value => [ - { 'alias' => '/', 'path' => '/var/www'}, - { 'alias' => '/cgi-bin', 'path' => '/var/www/cgi-bin'}, - { 'alias' => '/css', 'path' => '/opt/someapp/css'}, - ], - :match => [ - /^ Alias \/ "\/var\/www"$/, - /^ Alias \/cgi-bin "\/var\/www\/cgi-bin"$/, - /^ Alias \/css "\/opt\/someapp\/css"$/, - ], - }, - { - :title => 'should accept an aliasmatch hash', - :attr => 'aliases', - ## XXX As mentioned above, rspec-puppet drops the $1. Thus, these - # tests don't work. - #:value => { 'aliasmatch' => '^/image/(.*).gif', 'path' => '/files/gifs/$1.gif' }, - #:match => [/^ AliasMatch \^\/image\/\(\.\*\)\.gif \/files\/gifs\/\$1\.gif$/], - }, - { - :title => 'should accept a array of alias and aliasmatch hashes mixed', - :attr => 'aliases', - ## XXX As mentioned above, rspec-puppet drops the $1. Thus, these - # tests don't work. - #:value => [ - # { 'alias' => '/css', 'path' => '/files/css' }, - # { 'aliasmatch' => '^/image/(.*).gif', 'path' => '/files/gifs/$1.gif' }, - # { 'aliasmatch' => '^/image/(.*).jpg', 'path' => '/files/jpgs/$1.jpg' }, - # { 'alias' => '/image', 'path' => '/files/images' }, - #], - #:match => [ - # /^ Alias \/css \/files\/css$/, - # /^ AliasMatch \^\/image\/\(.\*\)\.gif \/files\/gifs\/\$1\.gif$/, - # /^ AliasMatch \^\/image\/\(.\*\)\.jpg \/files\/jpgs\/\$1\.jpg$/, - # /^ Alias \/image \/files\/images$/ - #], - }, - { - :title => 'should accept multiple additional includes', - :attr => 'additional_includes', - :value => [ - '/tmp/proxy_group_a', - '/tmp/proxy_group_b', - '/tmp/proxy_group_c', - ], - :match => [ - /^ Include "\/tmp\/proxy_group_a"$/, - /^ Include "\/tmp\/proxy_group_b"$/, - /^ Include "\/tmp\/proxy_group_c"$/, - ], - }, - { - :title => 'should accept a suPHP_Engine', - :attr => 'suphp_engine', - :value => 'on', - :match => [/^ suPHP_Engine on$/], - }, - { - :title => 'should accept a php_admin_flags', - :attr => 'php_admin_flags', - :value => { 'engine' => 'on' }, - :match => [/^ php_admin_flag engine on$/], - }, - { - :title => 'should accept php_admin_values', - :attr => 'php_admin_values', - :value => { 'open_basedir' => '/srv/web/www.com/:/usr/share/pear/' }, - :match => [/^ php_admin_value open_basedir \/srv\/web\/www.com\/:\/usr\/share\/pear\/$/], - }, - { - :title => 'should accept php_admin_flags in directories', - :attr => 'directories', - :value => { - 'path' => '/srv/www', - 'php_admin_flags' => { 'php_engine' => 'on' } - }, - :match => [/^ php_admin_flag php_engine on$/], - }, - { - :title => 'should accept php_admin_values', - :attr => 'php_admin_values', - :value => { 'open_basedir' => '/srv/web/www.com/:/usr/share/pear/' }, - :match => [/^ php_admin_value open_basedir \/srv\/web\/www.com\/:\/usr\/share\/pear\/$/], - }, - { - :title => 'should accept php_admin_values in directories', - :attr => 'directories', - :value => { - 'path' => '/srv/www', - 'php_admin_values' => { 'open_basedir' => '/srv/web/www.com/:/usr/share/pear/' } - }, - :match => [/^ php_admin_value open_basedir \/srv\/web\/www.com\/:\/usr\/share\/pear\/$/], - }, - { - :title => 'should accept a wsgi script alias', - :attr => 'wsgi_script_aliases', - :value => { '/' => '/var/www/myapp.wsgi'}, - :match => [/^ WSGIScriptAlias \/ "\/var\/www\/myapp.wsgi"$/], - }, - { - :title => 'should accept multiple wsgi aliases', - :attr => 'wsgi_script_aliases', - :value => { - '/wiki' => '/usr/local/wsgi/scripts/mywiki.wsgi', - '/blog' => '/usr/local/wsgi/scripts/myblog.wsgi', - '/' => '/usr/local/wsgi/scripts/myapp.wsgi', - }, - :match => [ - /^ WSGIScriptAlias \/wiki "\/usr\/local\/wsgi\/scripts\/mywiki.wsgi"$/, - /^ WSGIScriptAlias \/blog "\/usr\/local\/wsgi\/scripts\/myblog.wsgi"$/, - /^ WSGIScriptAlias \/ "\/usr\/local\/wsgi\/scripts\/myapp.wsgi"$/, - ], - }, - { - :title => 'should accept a wsgi application group', - :attr => 'wsgi_application_group', - :value => '%{GLOBAL}', - :match => [/^ WSGIApplicationGroup %{GLOBAL}$/], - }, - { - :title => 'should set wsgi pass authorization', - :attr => 'wsgi_pass_authorization', - :value => 'On', - :match => [/^ WSGIPassAuthorization On$/], - }, - { - :title => 'should set wsgi pass authorization false', - :attr => 'wsgi_pass_authorization', - :value => 'Off', - :match => [/^ WSGIPassAuthorization Off$/], - }, - { - :title => 'should contain environment variables', - :attr => 'access_log_env_var', - :value => 'admin', - :match => [/CustomLog "\/var\/log\/.+_access\.log" combined env=admin$/] - }, - { - :title => 'should contain virtual_docroot', - :attr => 'virtual_docroot', - :value => '/not/default', - :match => [ - /^ VirtualDocumentRoot "\/not\/default"$/, - ], - }, - { - :title => 'should accept multiple directories', - :attr => 'directories', - :value => [ - { 'path' => '/opt/app' }, - { 'path' => '/var/www' }, - { 'path' => '/rspec/docroot'} - ], - :match => [ - /^ $/, - /^ $/, - /^ $/, - ], - }, - ].each do |param| - describe "when #{param[:attr]} is #{param[:value]}" do - let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end - - it { is_expected.to contain_file("25-#{title}.conf").with_mode('0644') } - if param[:match] - it "#{param[:title]}: matches" do - param[:match].each do |match| - is_expected.to contain_file("25-#{title}.conf").with_content( match ) - end - end - end - if param[:notmatch] - it "#{param[:title]}: notmatches" do - param[:notmatch].each do |notmatch| - is_expected.not_to contain_file("25-#{title}.conf").with_content( notmatch ) - end - end - end - end - end - end - - # Apache below 2.4 (Default Version). All match and notmatch should be a list of regexs and exact match strings - context ".conf content with $apache_version < 2.4" do - [ - { - :title => 'should accept a directory', - :attr => 'directories', - :value => { 'path' => '/opt/app' }, - :notmatch => [' '], - :match => [ - /^ $/, - /^ AllowOverride None$/, - /^ Order allow,deny$/, - /^ Allow from all$/, - /^ <\/Directory>$/, - ], - }, - { - :title => 'should accept directory directives hash', - :attr => 'directories', - :value => { - 'path' => '/opt/app', - 'headers' => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"', - 'allow' => 'from rspec.org', - 'allow_override' => 'Lol', - 'deny' => 'from google.com', - 'options' => '-MultiViews', - 'order' => 'deny,yned', - 'passenger_enabled' => 'onf', - 'sethandler' => 'None', - 'auth_type' => 'Basic', - 'auth_name' => 'Basic Auth', - 'auth_user_file' => '/opt/app/htpasswd', - 'auth_require' => 'valid-user', - 'satisfy' => 'Any', + context 'set everything!' do + let :params do + { + 'docroot' => '/var/www/foo', + 'manage_docroot' => false, + 'virtual_docroot' => true, + 'port' => '8080', + 'ip' => '127.0.0.1', + 'ip_based' => true, + 'add_listen' => false, + 'docroot_owner' => 'user', + 'docroot_group' => 'wheel', + 'docroot_mode' => '0664', + 'serveradmin' => 'foo@localhost', + 'ssl' => true, + 'ssl_cert' => '/ssl/cert', + 'ssl_key' => '/ssl/key', + 'ssl_chain' => '/ssl/chain', + 'ssl_crl_path' => '/ssl/crl', + 'ssl_crl' => 'foo.crl', + 'ssl_certs_dir' => '/ssl/certs', + 'ssl_protocol' => 'SSLv2', + 'ssl_cipher' => 'HIGH', + 'ssl_honorcipherorder' => 'Off', + 'ssl_verify_client' => 'optional', + 'ssl_verify_depth' => '3', + 'ssl_options' => '+ExportCertData', + 'ssl_proxyengine' => true, + 'priority' => '30', + 'default_vhost' => true, + 'servername' => 'example.com', + 'serveraliases' => ['test-example.com'], + 'options' => ['MultiView'], + 'override' => ['All'], + 'directoryindex' => 'index.html', + 'vhost_name' => 'test', + 'logroot' => '/var/www/logs', + 'logroot_mode' => '0600', + 'log_level' => 'crit', + 'access_log' => false, + 'access_log_file' => 'httpd_access_log', + 'access_log_pipe' => '', + 'access_log_syslog' => true, + 'access_log_format' => '%h %l %u %t \"%r\" %>s %b', + 'access_log_env_var' => '', + 'aliases' => '/image', + 'directories' => { + 'path' => '/var/www/files', + 'provider' => 'files', + 'deny' => 'from all' }, - :match => [ - /^ $/, - /^ Header Set X-Robots-Tag "noindex, noarchive, nosnippet"$/, - /^ Allow from rspec.org$/, - /^ AllowOverride Lol$/, - /^ Deny from google.com$/, - /^ Options -MultiViews$/, - /^ Order deny,yned$/, - /^ SetHandler None$/, - /^ PassengerEnabled onf$/, - /^ AuthType Basic$/, - /^ AuthName "Basic Auth"$/, - /^ AuthUserFile \/opt\/app\/htpasswd$/, - /^ Require valid-user$/, - /^ Satisfy Any$/, - /^ <\/Directory>$/, - ], - }, - { - :title => 'should accept directory directives with arrays and hashes', - :attr => 'directories', - :value => [ + 'error_log' => false, + 'error_log_file' => 'httpd_error_log', + 'error_log_pipe' => '', + 'error_log_syslog' => true, + 'error_documents' => 'true', + 'fallbackresource' => '/index.php', + 'scriptalias' => '/usr/lib/cgi-bin', + 'scriptaliases' => [ { - 'path' => '/opt/app1', - 'allow' => 'from rspec.org', - 'allow_override' => ['AuthConfig','Indexes'], - 'deny' => 'from google.com', - 'options' => ['-MultiViews','+MultiViews'], - 'order' => ['deny','yned'], - 'passenger_enabled' => 'onf', + 'alias' => '/myscript', + 'path' => '/usr/share/myscript', }, { - 'path' => '/opt/app2', - 'addhandlers' => { - 'handler' => 'cgi-script', - 'extensions' => '.cgi', - }, + 'aliasmatch' => '^/foo(.*)', + 'path' => '/usr/share/fooscripts$1', }, ], - :match => [ - /^ $/, - /^ Allow from rspec.org$/, - /^ AllowOverride AuthConfig Indexes$/, - /^ Deny from google.com$/, - /^ Options -MultiViews \+MultiViews$/, - /^ Order deny,yned$/, - /^ PassengerEnabled onf$/, - /^ <\/Directory>$/, - /^ $/, - /^ AllowOverride None$/, - /^ Order allow,deny$/, - /^ Allow from all$/, - /^ AddHandler cgi-script .cgi$/, - /^ <\/Directory>$/, - ], - }, - { - :title => 'should accept directory directives with rewrites array', - :attr => 'directories', - :value => [ + 'proxy_dest' => '/', + 'proxy_pass' => [ { - 'path' => '/opt/app3', - 'rewrites' => [ - { - 'comment' => 'Permalink Rewrites', - 'rewrite_base' => '/', - 'rewrite_rule' => [ '^index\.php$ - [L]' ], - }, - { - 'rewrite_cond' => [ - '%{REQUEST_FILENAME} !-f', - '%{REQUEST_FILENAME} !-d', - ], - 'rewrite_rule' => [ '. /index.php [L]' ], - } - ] + 'path' => '/a', + 'url' => 'http://backend-a/' } ], - :match => [ - /^ $/, - /^ #Permalink Rewrites$/, - /^ RewriteEngine On$/, - /^ RewriteBase \/$/, - /^ RewriteRule \^index\\.php\$ - \[L\]$/, - /^ RewriteCond %{REQUEST_FILENAME} !-f$/, - /^ RewriteCond %{REQUEST_FILENAME} !-d$/, - /^ RewriteRule . \/index.php \[L\]$/, - /^ <\/Directory>$/, - ], - }, - { - :title => 'should accept location for provider', - :attr => 'directories', - :value => { - 'path' => '/', - 'provider' => 'location', - }, - :notmatch => [' AllowOverride None'], - :match => [ - /^ $/, - /^ Order allow,deny$/, - /^ Allow from all$/, - /^ <\/Location>$/, - ], - }, - { - :title => 'should accept files for provider', - :attr => 'directories', - :value => { - 'path' => 'index.html', - 'provider' => 'files', - }, - :notmatch => [' AllowOverride None'], - :match => [ - /^ $/, - /^ Order allow,deny$/, - /^ Allow from all$/, - /^ <\/Files>$/, - ], - }, - { - :title => 'should accept files match for provider', - :attr => 'directories', - :value => { - 'path' => 'index.html', - 'provider' => 'filesmatch', - }, - :notmatch => [' AllowOverride None'], - :match => [ - /^ $/, - /^ Order allow,deny$/, - /^ Allow from all$/, - /^ <\/FilesMatch>$/, - ], - }, - ].each do |param| - describe "when #{param[:attr]} is #{param[:value]}" do - let :params do default_params.merge({ - param[:attr].to_sym => param[:value], - :apache_version => '2.2', - }) end - - it { is_expected.to contain_file("25-#{title}.conf").with_mode('0644') } - if param[:match] - it "#{param[:title]}: matches" do - param[:match].each do |match| - is_expected.to contain_file("25-#{title}.conf").with_content( match ) - end - end - end - if param[:notmatch] - it "#{param[:title]}: notmatches" do - param[:notmatch].each do |notmatch| - is_expected.not_to contain_file("25-#{title}.conf").with_content( notmatch ) - end - end - end - end - end - end - - # Apache equals or above 2.4. All match and notmatch should be a list of regexs and exact match strings - context ".conf content with $apache_version >= 2.4" do - [ - { - :title => 'should accept a directory', - :attr => 'directories', - :value => { 'path' => '/opt/app' }, - :notmatch => [' '], - :match => [ - /^ $/, - /^ AllowOverride None$/, - /^ Require all granted$/, - /^ <\/Directory>$/, - ], - }, - { - :title => 'should accept directory directives hash', - :attr => 'directories', - :value => { - 'path' => '/opt/app', - 'headers' => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"', - 'allow_override' => 'Lol', - 'options' => '-MultiViews', - 'require' => 'something denied', - 'passenger_enabled' => 'onf', - }, - :match => [ - /^ $/, - /^ Header Set X-Robots-Tag "noindex, noarchive, nosnippet"$/, - /^ AllowOverride Lol$/, - /^ Options -MultiViews$/, - /^ Require something denied$/, - /^ PassengerEnabled onf$/, - /^ <\/Directory>$/, - ], - }, - { - :title => 'should accept directory directives with arrays and hashes', - :attr => 'directories', - :value => [ + 'suphp_addhandler' => 'foo', + 'suphp_engine' => 'on', + 'suphp_configpath' => '/var/www/html', + 'php_admin_flags' => ['foo', 'bar'], + 'php_admin_values' => ['true', 'false'], + 'no_proxy_uris' => '/foo', + 'proxy_preserve_host' => true, + 'redirect_source' => '/bar', + 'redirect_dest' => '/', + 'redirect_status' => 'temp', + 'redirectmatch_status' => ['404'], + 'redirectmatch_regexp' => ['\.git$'], + 'rack_base_uris' => ['/rackapp1'], + 'headers' => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"', + 'request_headers' => ['append MirrorID "mirror 12"'], + 'rewrites' => [ { - 'path' => '/opt/app1', - 'allow_override' => ['AuthConfig','Indexes'], - 'options' => ['-MultiViews','+MultiViews'], - 'require' => ['host','example.org'], - 'passenger_enabled' => 'onf', - }, - { - 'path' => '/opt/app2', - 'addhandlers' => { - 'handler' => 'cgi-script', - 'extensions' => '.cgi', - }, - }, - ], - :match => [ - /^ $/, - /^ AllowOverride AuthConfig Indexes$/, - /^ Options -MultiViews \+MultiViews$/, - /^ Require host example.org$/, - /^ PassengerEnabled onf$/, - /^ <\/Directory>$/, - /^ $/, - /^ AllowOverride None$/, - /^ Require all granted$/, - /^ AddHandler cgi-script .cgi$/, - /^ <\/Directory>$/, - ], - }, - { - :title => 'should accept directory directives with rewrites array', - :attr => 'directories', - :value => [ - { - 'path' => '/opt/app3', - 'rewrites' => [ - { - 'comment' => 'Permalink Rewrites', - 'rewrite_base' => '/', - 'rewrite_rule' => [ '^index\.php$ - [L]' ], - }, - { - 'rewrite_cond' => [ - '%{REQUEST_FILENAME} !-f', - '%{REQUEST_FILENAME} !-d', - ], - 'rewrite_rule' => [ '. /index.php [L]' ], - } - ] + 'rewrite_rule' => ['^index\.html$ welcome.html'] } ], - :match => [ - /^ $/, - /^ #Permalink Rewrites$/, - /^ RewriteEngine On$/, - /^ RewriteBase \/$/, - /^ RewriteRule \^index\\.php\$ - \[L\]$/, - /^ RewriteCond %{REQUEST_FILENAME} !-f$/, - /^ RewriteCond %{REQUEST_FILENAME} !-d$/, - /^ RewriteRule . \/index.php \[L\]$/, - /^ <\/Directory>$/, - ], - }, - { - :title => 'should accept location for provider', - :attr => 'directories', - :value => { - 'path' => '/', - 'provider' => 'location', + 'rewrite_base' => '/', + 'rewrite_rule' => '^index\.html$ welcome.html', + 'rewrite_cond' => '%{HTTP_USER_AGENT} ^MSIE', + 'setenv' => ['FOO=/bin/true'], + 'setenvif' => 'Request_URI "\.gif$" object_is_image=gif', + 'block' => 'scm', + 'wsgi_application_group' => '%{GLOBAL}', + 'wsgi_daemon_process' => 'wsgi', + 'wsgi_daemon_process_options' => { + 'processes' => '2', + 'threads' => '15', + 'display-name' => '%{GROUP}', }, - :notmatch => [' AllowOverride None'], - :match => [ - /^ $/, - /^ Require all granted$/, - /^ <\/Location>$/, - ], - }, - { - :title => 'should accept files for provider', - :attr => 'directories', - :value => { - 'path' => 'index.html', - 'provider' => 'files', + 'wsgi_import_script' => '/var/www/demo.wsgi', + 'wsgi_import_script_options' => { + 'process-group' => 'wsgi', + 'application-group' => '%{GLOBAL}' }, - :notmatch => [' AllowOverride None'], - :match => [ - /^ $/, - /^ Require all granted$/, - /^ <\/Files>$/, - ], - }, - { - :title => 'should accept files match for provider', - :attr => 'directories', - :value => { - 'path' => 'index.html', - 'provider' => 'filesmatch', + 'wsgi_process_group' => 'wsgi', + 'wsgi_script_aliases' => { + '/' => '/var/www/demo.wsgi' }, - :notmatch => [' AllowOverride None'], - :match => [ - /^ $/, - /^ Require all granted$/, - /^ <\/FilesMatch>$/, - ], - }, - ].each do |param| - describe "when #{param[:attr]} is #{param[:value]}" do - let :params do default_params.merge({ - param[:attr].to_sym => param[:value], - :apache_version => '2.4', - }) end - - it { is_expected.to contain_file("25-#{title}.conf").with_mode('0644') } - if param[:match] - it "#{param[:title]}: matches" do - param[:match].each do |match| - is_expected.to contain_file("25-#{title}.conf").with_content( match ) - end - end - end - if param[:notmatch] - it "#{param[:title]}: notmatches" do - param[:notmatch].each do |notmatch| - is_expected.not_to contain_file("25-#{title}.conf").with_content( notmatch ) - end - end - end - end + 'wsgi_pass_authorization' => 'On', + 'custom_fragment' => '#custom string', + 'itk' => { + 'user' => 'someuser', + 'group' => 'somegroup' + }, + 'action' => 'foo', + 'fastcgi_server' => 'localhost', + 'fastcgi_socket' => '/tmp/fastcgi.socket', + 'fastcgi_dir' => '/tmp', + 'additional_includes' => '/custom/path/includes', + 'apache_version' => '2.4', + 'suexec_user_group' => 'root root', + } end - end - - # All match and notmatch should be a list of regexs and exact match strings - context ".conf content with SSL" do - [ - { - :title => 'should accept setting SSLCertificateFile', - :attr => 'ssl_cert', - :value => '/path/to/cert.pem', - :match => [/^ SSLCertificateFile "\/path\/to\/cert\.pem"$/], - }, - { - :title => 'should accept setting SSLCertificateKeyFile', - :attr => 'ssl_key', - :value => '/path/to/cert.pem', - :match => [/^ SSLCertificateKeyFile "\/path\/to\/cert\.pem"$/], - }, - { - :title => 'should accept setting SSLCertificateChainFile', - :attr => 'ssl_chain', - :value => '/path/to/cert.pem', - :match => [/^ SSLCertificateChainFile "\/path\/to\/cert\.pem"$/], - }, - { - :title => 'should accept setting SSLCertificatePath', - :attr => 'ssl_certs_dir', - :value => '/path/to/certs', - :match => [/^ SSLCACertificatePath "\/path\/to\/certs"$/], - }, + let :facts do { - :title => 'should accept setting SSLCertificateFile', - :attr => 'ssl_ca', - :value => '/path/to/ca.pem', - :match => [/^ SSLCACertificateFile "\/path\/to\/ca\.pem"$/], - }, - { - :title => 'should accept setting SSLRevocationPath', - :attr => 'ssl_crl_path', - :value => '/path/to/crl', - :match => [/^ SSLCARevocationPath "\/path\/to\/crl"$/], - }, - { - :title => 'should accept setting SSLRevocationFile', - :attr => 'ssl_crl', - :value => '/path/to/crl.pem', - :match => [/^ SSLCARevocationFile "\/path\/to\/crl\.pem"$/], - }, - { - :title => 'should accept setting SSLProxyEngine', - :attr => 'ssl_proxyengine', - :value => true, - :match => [/^ SSLProxyEngine On$/], - }, - { - :title => 'should accept setting SSLProtocol', - :attr => 'ssl_protocol', - :value => 'all -SSLv2', - :match => [/^ SSLProtocol all -SSLv2$/], - }, - { - :title => 'should accept setting SSLCipherSuite', - :attr => 'ssl_cipher', - :value => 'RC4-SHA:HIGH:!ADH:!SSLv2', - :match => [/^ SSLCipherSuite RC4-SHA:HIGH:!ADH:!SSLv2$/], - }, - { - :title => 'should accept setting SSLHonorCipherOrder', - :attr => 'ssl_honorcipherorder', - :value => 'On', - :match => [/^ SSLHonorCipherOrder On$/], - }, - { - :title => 'should accept setting SSLVerifyClient', - :attr => 'ssl_verify_client', - :value => 'optional', - :match => [/^ SSLVerifyClient optional$/], - }, - { - :title => 'should accept setting SSLVerifyDepth', - :attr => 'ssl_verify_depth', - :value => '1', - :match => [/^ SSLVerifyDepth 1$/], - }, - { - :title => 'should accept setting SSLOptions with a string', - :attr => 'ssl_options', - :value => '+ExportCertData', - :match => [/^ SSLOptions \+ExportCertData$/], - }, + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :kernelversion => '3.6.2', + } + end + + it { is_expected.to compile } + it { is_expected.to_not contain_file('/var/www/foo') } + it { is_expected.to contain_class('apache::mod::ssl') } + it { is_expected.to contain_class('apache::mod::mime') } + it { is_expected.to contain_class('apache::mod::vhost_alias') } + it { is_expected.to contain_class('apache::mod::wsgi') } + it { is_expected.to contain_class('apache::mod::suexec') } + it { is_expected.to contain_file('/var/www/logs') } + it { is_expected.to contain_class('apache::mod::rewrite') } + it { is_expected.to contain_class('apache::mod::alias') } + it { is_expected.to contain_class('apache::mod::proxy') } + it { is_expected.to contain_class('apache::mod::proxy_http') } + it { is_expected.to contain_class('apache::mod::passenger') } + it { is_expected.to contain_class('apache::mod::passenger') } + it { is_expected.to contain_class('apache::mod::fastcgi') } + it { is_expected.to contain_class('apache::mod::headers') } + it { is_expected.to contain_concat('30-rspec.example.com.conf').with({ + 'owner' => 'root', + 'mode' => '0644', + 'require' => 'Package[httpd]', + 'notify' => 'Service[httpd]', + }) + } + it { is_expected.to contain_concat__fragment('rspec.example.com-apache-header') } + it { is_expected.to contain_concat__fragment('rspec.example.com-docroot') } + it { is_expected.to contain_concat__fragment('rspec.example.com-aliases') } + it { is_expected.to contain_concat__fragment('rspec.example.com-itk') } + it { is_expected.to contain_concat__fragment('rspec.example.com-fallbackresource') } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories') } + it { is_expected.to contain_concat__fragment('rspec.example.com-additional_includes') } + it { is_expected.to contain_concat__fragment('rspec.example.com-logging') } + it { is_expected.to contain_concat__fragment('rspec.example.com-serversignature') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-access_log') } + it { is_expected.to contain_concat__fragment('rspec.example.com-action') } + it { is_expected.to contain_concat__fragment('rspec.example.com-block') } + it { is_expected.to contain_concat__fragment('rspec.example.com-error_document') } + it { is_expected.to contain_concat__fragment('rspec.example.com-proxy') } + it { is_expected.to contain_concat__fragment('rspec.example.com-rack') } + it { is_expected.to contain_concat__fragment('rspec.example.com-redirect') } + it { is_expected.to contain_concat__fragment('rspec.example.com-rewrite') } + it { is_expected.to contain_concat__fragment('rspec.example.com-scriptalias') } + it { is_expected.to contain_concat__fragment('rspec.example.com-serveralias') } + it { is_expected.to contain_concat__fragment('rspec.example.com-setenv') } + it { is_expected.to contain_concat__fragment('rspec.example.com-ssl') } + it { is_expected.to contain_concat__fragment('rspec.example.com-suphp') } + it { is_expected.to contain_concat__fragment('rspec.example.com-php_admin') } + it { is_expected.to contain_concat__fragment('rspec.example.com-header') } + it { is_expected.to contain_concat__fragment('rspec.example.com-requestheader') } + it { is_expected.to contain_concat__fragment('rspec.example.com-wsgi') } + it { is_expected.to contain_concat__fragment('rspec.example.com-custom_fragment') } + it { is_expected.to contain_concat__fragment('rspec.example.com-fastcgi') } + it { is_expected.to contain_concat__fragment('rspec.example.com-suexec') } + it { is_expected.to contain_concat__fragment('rspec.example.com-file_footer') } + end + context 'not everything can be set together...' do + let :params do + { + 'access_log_pipe' => '/dev/null', + 'error_log_pipe' => '/dev/null', + 'docroot' => '/var/www/foo', + 'ensure' => 'absent', + 'manage_docroot' => true, + 'logroot' => '/tmp/logroot', + } + end + let :facts do { - :title => 'should accept setting SSLOptions with an array', - :attr => 'ssl_options', - :value => ['+StrictRequire','+ExportCertData'], - :match => [/^ SSLOptions \+StrictRequire \+ExportCertData/], - }, + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :kernelversion => '3.6.2', + } + end + + it { is_expected.to compile } + it { is_expected.to_not contain_class('apache::mod::ssl') } + it { is_expected.to_not contain_class('apache::mod::mime') } + it { is_expected.to_not contain_class('apache::mod::vhost_alias') } + it { is_expected.to_not contain_class('apache::mod::wsgi') } + it { is_expected.to_not contain_class('apache::mod::suexec') } + it { is_expected.to_not contain_class('apache::mod::rewrite') } + it { is_expected.to contain_class('apache::mod::alias') } + it { is_expected.to_not contain_class('apache::mod::proxy') } + it { is_expected.to_not contain_class('apache::mod::proxy_http') } + it { is_expected.to_not contain_class('apache::mod::passenger') } + it { is_expected.to_not contain_class('apache::mod::headers') } + it { is_expected.to contain_file('/var/www/foo') } + it { is_expected.to_not contain_file('/tmp/logroot') } + it { is_expected.to contain_concat('25-rspec.example.com.conf').with({ + 'ensure' => 'absent', + }) + } + it { is_expected.to contain_concat__fragment('rspec.example.com-apache-header') } + it { is_expected.to contain_concat__fragment('rspec.example.com-docroot') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-aliases') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-itk') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-fallbackresource') } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-additional_includes') } + it { is_expected.to contain_concat__fragment('rspec.example.com-logging') } + it { is_expected.to contain_concat__fragment('rspec.example.com-serversignature') } + it { is_expected.to contain_concat__fragment('rspec.example.com-access_log') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-action') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-block') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-error_document') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-proxy') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-rack') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-redirect') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-rewrite') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-scriptalias') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-serveralias') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-setenv') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-ssl') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-suphp') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-php_admin') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-header') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-requestheader') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-wsgi') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-custom_fragment') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-fastcgi') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-suexec') } + it { is_expected.to contain_concat__fragment('rspec.example.com-file_footer') } + end + end + describe 'validation' do + context 'bad ensure' do + let :params do { - :title => 'should accept setting SSLOptions with a string in directories', - :attr => 'directories', - :value => { 'path' => '/srv/www', 'ssl_options' => '+ExportCertData'}, - :match => [/^ SSLOptions \+ExportCertData$/], - }, + 'docroot' => '/rspec/docroot', + 'ensure' => 'bogus', + } + end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad suphp_engine' do + let :params do { - :title => 'should accept setting SSLOptions with an array in directories', - :attr => 'directories', - :value => { 'path' => '/srv/www', 'ssl_options' => ['-StdEnvVars','+ExportCertData']}, - :match => [/^ SSLOptions -StdEnvVars \+ExportCertData/], - }, - ].each do |param| - describe "when #{param[:attr]} is #{param[:value]} with SSL" do - let :params do - default_params.merge( { - param[:attr].to_sym => param[:value], - :ssl => true, - } ) - end - it { is_expected.to contain_file("25-#{title}.conf").with_mode('0644') } - if param[:match] - it "#{param[:title]}: matches" do - param[:match].each do |match| - is_expected.to contain_file("25-#{title}.conf").with_content( match ) - end - end - end - if param[:notmatch] - it "#{param[:title]}: notmatches" do - param[:notmatch].each do |notmatch| - is_expected.not_to contain_file("25-#{title}.conf").with_content( notmatch ) - end - end - end - end + 'docroot' => '/rspec/docroot', + 'suphp_engine' => 'bogus', + } end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } end - - context 'attribute resources' do - describe 'when access_log_file and access_log_pipe are specified' do - let :params do default_params.merge({ - :access_log_file => 'fake.log', - :access_log_pipe => '| /bin/fake', - }) end - it 'should cause a failure' do - expect { subject }.to raise_error(Puppet::Error, /'access_log_file' and 'access_log_pipe' cannot be defined at the same time/) - end + context 'bad ip_based' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'ip_based' => 'bogus', + } end - describe 'when error_log_file and error_log_pipe are specified' do - let :params do default_params.merge({ - :error_log_file => 'fake.log', - :error_log_pipe => '| /bin/fake', - }) end - it 'should cause a failure' do - expect { subject }.to raise_error(Puppet::Error, /'error_log_file' and 'error_log_pipe' cannot be defined at the same time/) - end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad access_log' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'access_log' => 'bogus', + } end - describe 'when logroot and logroot_mode are specified' do - let :params do default_params.merge({ - :logroot => '/rspec/logroot', - :logroot_mode => '0755', - }) end - it 'should set logroot mode' do - should contain_file(params[:logroot]).with({ - :ensure => :directory, - :mode => '0755', - }) - end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad error_log' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'error_log' => 'bogus', + } end - describe 'when docroot owner and mode is specified' do - let :params do default_params.merge({ - :docroot_owner => 'testuser', - :docroot_group => 'testgroup', - :docroot_mode => '0750', - }) end - it 'should set vhost ownership and permissions' do - is_expected.to contain_file(params[:docroot]).with({ - :ensure => :directory, - :owner => 'testuser', - :group => 'testgroup', - :mode => '0750', - }) - end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad_ssl' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'ssl' => 'bogus', + } end - - describe 'when docroot is *not* managed' do - let :params do default_params.merge({ - :manage_docroot=> false, - }) end - it 'should not contain docroot ' do - is_expected.not_to contain_file(params[:docroot]) - end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad default_vhost' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'default_vhost' => 'bogus', + } end - - describe 'when wsgi_daemon_process and wsgi_daemon_process_options are specified' do - let :params do default_params.merge({ - :wsgi_daemon_process => 'example.org', - :wsgi_daemon_process_options => { 'processes' => '2', 'threads' => '15' }, - }) end - it 'should set wsgi_daemon_process_options' do - is_expected.to contain_file("25-#{title}.conf").with_content( - /^ WSGIDaemonProcess example.org processes=2 threads=15$/ - ) - end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad ssl_proxyengine' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'ssl_proxyengine' => 'bogus', + } end - - describe 'when wsgi_import_script and wsgi_import_script_options are specified' do - let :params do default_params.merge({ - :wsgi_import_script => '/var/www/demo.wsgi', - :wsgi_import_script_options => { 'application-group' => '%{GLOBAL}', 'process-group' => 'wsgi' }, - }) end - it 'should set wsgi_import_script_options' do - is_expected.to contain_file("25-#{title}.conf").with_content( - /^ WSGIImportScript \/var\/www\/demo.wsgi application-group=%{GLOBAL} process-group=wsgi$/ - ) - end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad rewrites' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'rewrites' => 'bogus', + } end - - describe 'when rewrites are specified' do - let :params do default_params.merge({ - :rewrites => [ - { - 'comment' => 'test rewrites', - 'rewrite_base' => '/mytestpath/', - 'rewrite_cond' => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'], - 'rewrite_rule' => ['^index\.html$ welcome.html', '^index\.cgi$ index.php'], - } - ] - }) end - it 'should set RewriteConds and RewriteRules' do - is_expected.to contain_file("25-#{title}.conf").with_content( - /^ #test rewrites$/ - ) - is_expected.to contain_file("25-#{title}.conf").with_content( - /^ RewriteCond %\{HTTP_USER_AGENT\} \^Lynx\/ \[OR\]$/ - ) - is_expected.to contain_file("25-#{title}.conf").with_content( - /^ RewriteBase \/mytestpath\/$/ - ) - is_expected.to contain_file("25-#{title}.conf").with_content( - /^ RewriteCond %\{HTTP_USER_AGENT\} \^Mozilla\/\[12\]$/ - ) - is_expected.to contain_file("25-#{title}.conf").with_content( - /^ RewriteRule \^index\\.html\$ welcome.html$/ - ) - is_expected.to contain_file("25-#{title}.conf").with_content( - /^ RewriteRule \^index\\.cgi\$ index.php$/ - ) - end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad rewrites 2' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'rewrites' => ['bogus'], + } end - - describe 'when rewrite_rule and rewrite_cond are specified' do - let :params do default_params.merge({ - :rewrite_cond => '%{HTTPS} off', - :rewrite_rule => '(.*) https://%{HTTPS_HOST}%{REQUEST_URI}', - }) end - it 'should set RewriteCond' do - is_expected.to contain_file("25-#{title}.conf").with_content( - /^ RewriteCond %\{HTTPS\} off$/ - ) - end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad suexec_user_group' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'suexec_user_group' => 'bogus', + } end - - describe 'when action is specified specified' do - let :params do default_params.merge({ - :action => 'php-fastcgi', - }) end - it 'should set Action' do - is_expected.to contain_file("25-#{title}.conf").with_content( - /^ Action php-fastcgi \/cgi-bin virtual$/ - ) - end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad wsgi_script_alias' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'wsgi_script_alias' => 'bogus', + } end - - describe 'when suphp_engine is on and suphp_configpath is specified' do - let :params do default_params.merge({ - :suphp_engine => 'on', - :suphp_configpath => '/etc/php5/apache2', - }) end - it 'should set suphp_configpath' do - is_expected.to contain_file("25-#{title}.conf").with_content( - /^ suPHP_ConfigPath "\/etc\/php5\/apache2"$/ - ) - end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad wsgi_daemon_process_options' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'wsgi_daemon_process_options' => 'bogus', + } end - - describe 'when suphp_engine is on and suphp_addhandler is specified' do - let :params do default_params.merge({ - :suphp_engine => 'on', - :suphp_addhandler => 'x-httpd-php', - }) end - it 'should set suphp_addhandler' do - is_expected.to contain_file("25-#{title}.conf").with_content( - /^ suPHP_AddHandler x-httpd-php/ - ) - end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad wsgi_import_script_alias' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'wsgi_import_script_alias' => 'bogus', + } end - - describe 'when suphp_engine is on and suphp { user & group } is specified' do - let :params do default_params.merge({ - :suphp_engine => 'on', - :directories => { 'path' => '/srv/www', - 'suphp' => { 'user' => 'myappuser', 'group' => 'myappgroup' }, - } - }) end - it 'should set suphp_UserGroup' do - is_expected.to contain_file("25-#{title}.conf").with_content( - /^ suPHP_UserGroup myappuser myappgroup/ - ) - end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad itk' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'itk' => 'bogus', + } end - - describe 'priority/default settings' do - describe 'when neither priority/default is specified' do - let :params do default_params end - it { is_expected.to contain_file("25-#{title}.conf").with_path( - /25-#{title}.conf/ - ) } - end - describe 'when both priority/default_vhost is specified' do - let :params do - default_params.merge({ - :priority => 15, - :default_vhost => true, - }) - end - it { is_expected.to contain_file("15-#{title}.conf").with_path( - /15-#{title}.conf/ - ) } - end - describe 'when only priority is specified' do - let :params do - default_params.merge({ :priority => 14, }) - end - it { is_expected.to contain_file("14-#{title}.conf").with_path( - /14-#{title}.conf/ - ) } - end - describe 'when only default is specified' do - let :params do - default_params.merge({ :default_vhost => true, }) - end - it { is_expected.to contain_file("10-#{title}.conf").with_path( - /10-#{title}.conf/ - ) } - end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad log_level' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'log_level' => 'bogus', + } end - - describe 'fcgid directory options' do - describe 'No fcgiwrapper' do - let :params do - default_params.merge({ - :directories => { 'path' => '/srv/www' }, - }) - end - - it { is_expected.not_to contain_file("25-#{title}.conf").with_content(%r{FcgidWrapper}) } - end - - describe 'Only a command' do - let :params do - default_params.merge({ - :directories => { 'path' => '/srv/www', - 'fcgiwrapper' => { 'command' => '/usr/local/bin/fcgiwrapper' }, - } - }) - end - - it { is_expected.to contain_file("25-#{title}.conf").with_content(%r{^ FcgidWrapper /usr/local/bin/fcgiwrapper $}) } - end - - describe 'All parameters' do - let :params do - default_params.merge({ - :directories => { 'path' => '/srv/www', - 'fcgiwrapper' => { 'command' => '/usr/local/bin/fcgiwrapper', 'suffix' => '.php', 'virtual' => 'virtual' }, - } - }) - end - - it { is_expected.to contain_file("25-#{title}.conf").with_content(%r{^ FcgidWrapper /usr/local/bin/fcgiwrapper .php virtual$}) } - end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'access_log_file and access_log_pipe' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'access_log_file' => 'bogus', + 'access_log_pipe' => 'bogus', + } end - - describe 'various ip/port combos' do - describe 'when ip_based is true' do - let :params do default_params.merge({ :ip_based => true }) end - it 'should not specify a NameVirtualHost' do - is_expected.to contain_apache__listen(params[:port]) - is_expected.not_to contain_apache__namevirtualhost("*:#{params[:port]}") - end - end - - describe 'when ip_based is default' do - let :params do default_params end - it 'should specify a NameVirtualHost' do - is_expected.to contain_apache__listen(params[:port]) - is_expected.to contain_apache__namevirtualhost("*:#{params[:port]}") - end - end - - describe 'when an ip is set' do - let :params do default_params.merge({ :ip => '10.0.0.1' }) end - it 'should specify a NameVirtualHost for the ip' do - is_expected.not_to contain_apache__listen(params[:port]) - is_expected.to contain_apache__listen("10.0.0.1:#{params[:port]}") - is_expected.to contain_apache__namevirtualhost("10.0.0.1:#{params[:port]}") - end - end - - describe 'an ip_based vhost without a port' do - let :params do - { - :docroot => '/fake', - :ip => '10.0.0.1', - :ip_based => true, - } - end - it 'should specify a NameVirtualHost for the ip' do - is_expected.not_to contain_apache__listen(params[:ip]) - is_expected.not_to contain_apache__namevirtualhost(params[:ip]) - is_expected.to contain_file("25-#{title}.conf").with_content %r{} - end - end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'error_log_file and error_log_pipe' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'error_log_file' => 'bogus', + 'error_log_pipe' => 'bogus', + } end - - describe 'when suexec_user_group is specified' do - let :params do - default_params.merge({ - :suexec_user_group => 'nobody nogroup', - }) - end - - it { is_expected.to contain_file("25-#{title}.conf").with_content %r{^ SuexecUserGroup nobody nogroup$} } + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad fallbackresource' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'fallbackresource' => 'bogus', + } end - - describe 'redirect rules' do - describe 'without lockstep arrays' do - let :params do - default_params.merge({ - :redirect_source => [ - '/login', - '/logout', - ], - :redirect_dest => [ - 'http://10.0.0.10/login', - 'http://10.0.0.10/logout', - ], - :redirect_status => [ - 'permanent', - '', - ], - }) - end - - it { is_expected.to contain_file("25-#{title}.conf").with_content %r{ Redirect permanent /login http://10\.0\.0\.10/login} } - it { is_expected.to contain_file("25-#{title}.conf").with_content %r{ Redirect /logout http://10\.0\.0\.10/logout} } - end - describe 'redirect match rules' do - let :params do - default_params.merge({ - :redirectmatch_status => [ - '404', - ], - :redirectmatch_regexp => [ - '/\.git(/.*|$)', - ], - }) - end - - it { is_expected.to contain_file("25-#{title}.conf").with_content %r{ RedirectMatch 404 } } - end - describe 'without a status' do - let :params do - default_params.merge({ - :redirect_source => [ - '/login', - '/logout', - ], - :redirect_dest => [ - 'http://10.0.0.10/login', - 'http://10.0.0.10/logout', - ], - }) - end - - it { is_expected.to contain_file("25-#{title}.conf").with_content %r{ Redirect /login http://10\.0\.0\.10/login} } - it { is_expected.to contain_file("25-#{title}.conf").with_content %r{ Redirect /logout http://10\.0\.0\.10/logout} } - end - describe 'with a single status and dest' do - let :params do - default_params.merge({ - :redirect_source => [ - '/login', - '/logout', - ], - :redirect_dest => 'http://10.0.0.10/test', - :redirect_status => 'permanent', - }) - end - - it { is_expected.to contain_file("25-#{title}.conf").with_content %r{ Redirect permanent /login http://10\.0\.0\.10/test} } - it { is_expected.to contain_file("25-#{title}.conf").with_content %r{ Redirect permanent /logout http://10\.0\.0\.10/test} } - end - - describe 'with a directoryindex specified' do - let :params do - default_params.merge({ - :directoryindex => 'index.php' - }) - end - it { is_expected.to contain_file("25-#{title}.conf").with_content %r{DirectoryIndex index.php} } - end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad custom_fragment' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'custom_fragment' => true, + } end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } end end end diff --git a/templates/vhost/_access_log.erb b/templates/vhost/_access_log.erb new file mode 100644 index 000000000..1ec47ff71 --- /dev/null +++ b/templates/vhost/_access_log.erb @@ -0,0 +1,5 @@ +<% if @access_log and @_access_log_env_var -%> + CustomLog "<%= @access_log_destination %>" <%= @_access_log_format %> <%= @_access_log_env_var %> +<% elsif @access_log -%> + CustomLog "<%= @access_log_destination %>" <%= @_access_log_format %> +<% end -%> diff --git a/templates/vhost/_additional_includes.erb b/templates/vhost/_additional_includes.erb new file mode 100644 index 000000000..d4d5f9134 --- /dev/null +++ b/templates/vhost/_additional_includes.erb @@ -0,0 +1,5 @@ +<% Array(@additional_includes).each do |include| -%> + + ## Load additional static includes + Include "<%= include %>" +<% end -%> diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index accd72448..9ead45612 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -1,4 +1,6 @@ <% if @_directories and ! @_directories.empty? -%> + + ## Directories, there should at least be a declaration for <%= @docroot %> <%- [@_directories].flatten.compact.each do |directory| -%> <%- if directory['path'] and directory['path'] != '' -%> <%- if directory['provider'] and directory['provider'].match('(directory|location|files)') -%> diff --git a/templates/vhost/_docroot.erb b/templates/vhost/_docroot.erb new file mode 100644 index 000000000..6039fa63c --- /dev/null +++ b/templates/vhost/_docroot.erb @@ -0,0 +1,7 @@ + + ## Vhost docroot +<% if @virtual_docroot -%> + VirtualDocumentRoot "<%= @virtual_docroot %>" +<% else -%> + DocumentRoot "<%= @docroot %>" +<% end -%> diff --git a/templates/vhost/_fallbackresource.erb b/templates/vhost/_fallbackresource.erb new file mode 100644 index 000000000..f1e4c35dc --- /dev/null +++ b/templates/vhost/_fallbackresource.erb @@ -0,0 +1,4 @@ +<% if @fallbackresource -%> + + FallbackResource <%= @fallbackresource %> +<% end -%> diff --git a/templates/vhost/_file_footer.erb b/templates/vhost/_file_footer.erb new file mode 100644 index 000000000..84035efa4 --- /dev/null +++ b/templates/vhost/_file_footer.erb @@ -0,0 +1 @@ + diff --git a/templates/vhost/_file_header.erb b/templates/vhost/_file_header.erb new file mode 100644 index 000000000..e6f2f95e7 --- /dev/null +++ b/templates/vhost/_file_header.erb @@ -0,0 +1,10 @@ +# ************************************ +# Vhost template in module puppetlabs-apache +# Managed by Puppet +# ************************************ + +> + ServerName <%= @servername %> +<% if @serveradmin -%> + ServerAdmin <%= @serveradmin %> +<% end -%> diff --git a/templates/vhost/_itk.erb b/templates/vhost/_itk.erb index 2971c7a7d..803a73db7 100644 --- a/templates/vhost/_itk.erb +++ b/templates/vhost/_itk.erb @@ -1,4 +1,5 @@ <% if @itk and ! @itk.empty? -%> + ## ITK statement <%- if @itk["user"] and @itk["group"] -%> diff --git a/templates/vhost/_logging.erb b/templates/vhost/_logging.erb new file mode 100644 index 000000000..35a924d29 --- /dev/null +++ b/templates/vhost/_logging.erb @@ -0,0 +1,10 @@ +<% if @error_log or @log_level -%> + + ## Logging +<% end -%> +<% if @error_log -%> + ErrorLog "<%= @error_log_destination %>" +<% end -%> +<% if @log_level -%> + LogLevel <%= @log_level %> +<% end -%> diff --git a/templates/vhost/_php_admin.erb b/templates/vhost/_php_admin.erb index 59536cbc9..b79b818df 100644 --- a/templates/vhost/_php_admin.erb +++ b/templates/vhost/_php_admin.erb @@ -1,12 +1,12 @@ <% if @php_admin_values and not @php_admin_values.empty? -%> -<% @php_admin_values.each do |key,value| -%> + <%- @php_admin_values.each do |key,value| -%> php_admin_value <%= key %> <%= value %> -<% end -%> + <%- end -%> <% end -%> <% if @php_admin_flags and not @php_admin_flags.empty? -%> -<% @php_admin_flags.each do |key,flag| -%> -<%# normalize flag -%> -<% if flag =~ /true|yes|on|1/i then flag = 'on' else flag = 'off' end -%> + <%- @php_admin_flags.each do |key,flag| -%> + <%-# normalize flag -%> + <%- if flag =~ /true|yes|on|1/i then flag = 'on' else flag = 'off' end -%> php_admin_flag <%= key %> <%= flag %> -<% end -%> + <%- end -%> <% end -%> diff --git a/templates/vhost/_redirect.erb b/templates/vhost/_redirect.erb index e865bd9af..819d6e769 100644 --- a/templates/vhost/_redirect.erb +++ b/templates/vhost/_redirect.erb @@ -4,21 +4,20 @@ <% @redirect_status_a = Array(@redirect_status) -%> ## Redirect rules -<% @redirect_source_a.each_with_index do |source, i| -%> + <%- @redirect_source_a.each_with_index do |source, i| -%> <% @redirect_dest_a[i] ||= @redirect_dest_a[0] -%> <% @redirect_status_a[i] ||= @redirect_status_a[0] -%> Redirect <%= "#{@redirect_status_a[i]} " %><%= source %> <%= @redirect_dest_a[i] %> + <%- end -%> <% end -%> -<% end -%> - <%- if @redirectmatch_status and @redirectmatch_regexp -%> <% @redirectmatch_status_a = Array(@redirectmatch_status) -%> <% @redirectmatch_regexp_a = Array(@redirectmatch_regexp) -%> ## RedirectMatch rules -<% @redirectmatch_status_a.each_with_index do |status, i| -%> + <%- @redirectmatch_status_a.each_with_index do |status, i| -%> <% @redirectmatch_status_a[i] ||= @redirectmatch_status_a[0] -%> <% @redirectmatch_regexp_a[i] ||= @redirectmatch_regexp_a[0] -%> RedirectMatch <%= "#{@redirectmatch_status_a[i]} " %> <%= @redirectmatch_regexp_a[i] %> -<% end -%> + <%- end -%> <% end -%> diff --git a/templates/vhost/_rewrite.erb b/templates/vhost/_rewrite.erb index c995868d7..46dd95691 100644 --- a/templates/vhost/_rewrite.erb +++ b/templates/vhost/_rewrite.erb @@ -31,13 +31,13 @@ <% if @rewrite_rule and !@rewrites -%> ## Rewrite rules RewriteEngine On -<% if @rewrite_base -%> + <%- if @rewrite_base -%> RewriteBase <%= @rewrite_base %> -<% end -%> -<% if @rewrite_cond -%> -<% Array(@rewrite_cond).each do |cond| -%> + <%- end -%> + <%- if @rewrite_cond -%> + <%- Array(@rewrite_cond).each do |cond| -%> RewriteCond <%= cond %> -<% end -%> -<% end -%> + <%- end -%> + <%- end -%> RewriteRule <%= @rewrite_rule %> <%- end -%> diff --git a/templates/vhost/_serveralias.erb b/templates/vhost/_serveralias.erb index 278b6ddc5..e08a55e32 100644 --- a/templates/vhost/_serveralias.erb +++ b/templates/vhost/_serveralias.erb @@ -1,7 +1,7 @@ <% if @serveraliases and ! @serveraliases.empty? -%> ## Server aliases -<% Array(@serveraliases).each do |serveralias| -%> + <%- Array(@serveraliases).each do |serveralias| -%> ServerAlias <%= serveralias %> -<% end -%> + <%- end -%> <% end -%> diff --git a/templates/vhost/_serversignature.erb b/templates/vhost/_serversignature.erb new file mode 100644 index 000000000..ff13aaf45 --- /dev/null +++ b/templates/vhost/_serversignature.erb @@ -0,0 +1 @@ + ServerSignature Off diff --git a/templates/vhost/_setenv.erb b/templates/vhost/_setenv.erb index d5f9ea845..ce1fa955e 100644 --- a/templates/vhost/_setenv.erb +++ b/templates/vhost/_setenv.erb @@ -1,12 +1,12 @@ <% if @setenv and ! @setenv.empty? -%> ## SetEnv/SetEnvIf for environment variables -<% Array(@setenv).each do |envvar| -%> + <%- Array(@setenv).each do |envvar| -%> SetEnv <%= envvar %> -<% end -%> + <%- end -%> <% end -%> <% if @setenvif and ! @setenvif.empty? -%> -<% Array(@setenvif).each do |envifvar| -%> + <%- Array(@setenvif).each do |envifvar| -%> SetEnvIf <%= envifvar %> -<% end -%> + <%- end -%> <% end -%> diff --git a/templates/vhost/_ssl.erb b/templates/vhost/_ssl.erb index 174f0a189..55289ae7e 100644 --- a/templates/vhost/_ssl.erb +++ b/templates/vhost/_ssl.erb @@ -4,40 +4,40 @@ SSLEngine on SSLCertificateFile "<%= @ssl_cert %>" SSLCertificateKeyFile "<%= @ssl_key %>" -<% if @ssl_chain -%> + <%- if @ssl_chain -%> SSLCertificateChainFile "<%= @ssl_chain %>" -<% end -%> -<% if @ssl_certs_dir -%> + <%- end -%> + <%- if @ssl_certs_dir -%> SSLCACertificatePath "<%= @ssl_certs_dir %>" -<% end -%> -<% if @ssl_ca -%> + <%- end -%> + <%- if @ssl_ca -%> SSLCACertificateFile "<%= @ssl_ca %>" -<% end -%> -<% if @ssl_crl_path -%> + <%- end -%> + <%- if @ssl_crl_path -%> SSLCARevocationPath "<%= @ssl_crl_path %>" -<% end -%> -<% if @ssl_crl -%> + <%- end -%> + <%- if @ssl_crl -%> SSLCARevocationFile "<%= @ssl_crl %>" -<% end -%> -<% if @ssl_proxyengine -%> + <%- end -%> + <%- if @ssl_proxyengine -%> SSLProxyEngine On -<% end -%> -<% if @ssl_protocol -%> + <%- end -%> + <%- if @ssl_protocol -%> SSLProtocol <%= @ssl_protocol %> -<% end -%> -<% if @ssl_cipher -%> + <%- end -%> + <%- if @ssl_cipher -%> SSLCipherSuite <%= @ssl_cipher %> -<% end -%> -<% if @ssl_honorcipherorder -%> + <%- end -%> + <%- if @ssl_honorcipherorder -%> SSLHonorCipherOrder <%= @ssl_honorcipherorder %> -<% end -%> -<% if @ssl_verify_client -%> + <%- end -%> + <%- if @ssl_verify_client -%> SSLVerifyClient <%= @ssl_verify_client %> -<% end -%> -<% if @ssl_verify_depth -%> + <%- end -%> + <%- if @ssl_verify_depth -%> SSLVerifyDepth <%= @ssl_verify_depth %> -<% end -%> -<% if @ssl_options -%> + <%- end -%> + <%- if @ssl_options -%> SSLOptions <%= Array(@ssl_options).join(' ') %> -<% end -%> + <%- end -%> <% end -%> diff --git a/templates/vhost/_suphp.erb b/templates/vhost/_suphp.erb index 938958180..e394b6f94 100644 --- a/templates/vhost/_suphp.erb +++ b/templates/vhost/_suphp.erb @@ -1,11 +1,11 @@ <% if @suphp_engine == 'on' -%> -<% if @suphp_addhandler -%> + <%- if @suphp_addhandler -%> suPHP_AddHandler <%= @suphp_addhandler %> -<% end -%> -<% if @suphp_engine -%> + <%- end -%> + <%- if @suphp_engine -%> suPHP_Engine <%= @suphp_engine %> -<% end -%> -<% if @suphp_configpath -%> + <%- end -%> + <%- if @suphp_configpath -%> suPHP_ConfigPath "<%= @suphp_configpath %>" -<% end -%> + <%- end -%> <% end -%> diff --git a/tests/vhost.pp b/tests/vhost.pp index a6c61360a..4ffb78299 100644 --- a/tests/vhost.pp +++ b/tests/vhost.pp @@ -143,14 +143,14 @@ # Vhost to redirect non-ssl to ssl apache::vhost { 'sixteenth.example.com non-ssl': - servername => 'sixteenth.example.com', - port => '80', - docroot => '/var/www/sixteenth', - rewrites => [ + servername => 'sixteenth.example.com', + port => '80', + docroot => '/var/www/sixteenth', + rewrites => [ { - comment => 'redirect non-SSL traffic to SSL site', - rewrite_cond => ['%{HTTPS} off'], - rewrite_rule => ['(.*) https://%{HTTPS_HOST}%{REQUEST_URI}'], + comment => 'redirect non-SSL traffic to SSL site', + rewrite_cond => ['%{HTTPS} off'], + rewrite_rule => ['(.*) https://%{HTTPS_HOST}%{REQUEST_URI}'], } ] } @@ -215,18 +215,18 @@ # Vhost with SSLProtocol,SSLCipherSuite, SSLHonorCipherOrder apache::vhost { 'securedomain.com': - priority => '10', - vhost_name => 'www.securedomain.com', - port => '443', - docroot => '/var/www/secure', - ssl => true, - ssl_cert => '/etc/ssl/securedomain.cert', - ssl_key => '/etc/ssl/securedomain.key', - ssl_chain => '/etc/ssl/securedomain.crt', - ssl_protocol => '-ALL +SSLv3 +TLSv1', - ssl_cipher => 'ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM', - ssl_honorcipherorder => 'On', - add_listen => false, + priority => '10', + vhost_name => 'www.securedomain.com', + port => '443', + docroot => '/var/www/secure', + ssl => true, + ssl_cert => '/etc/ssl/securedomain.cert', + ssl_key => '/etc/ssl/securedomain.key', + ssl_chain => '/etc/ssl/securedomain.crt', + ssl_protocol => '-ALL +SSLv3 +TLSv1', + ssl_cipher => 'ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM', + ssl_honorcipherorder => 'On', + add_listen => false, } # Vhost with access log environment variables writing control