fix(server-status): enable module in Debian family

apache/files/server-status.conf.jinja

@@ -1,3 +1,7 @@
+########################################################################
+# File managed by Salt at <{{ source }}>.
+# Your changes will be overwritten.
+########################################################################
 <Location "/server-status">
     SetHandler server-status
 {%- if apache.version == '2.4' %}

apache/server_status.sls

@@ -19,16 +19,10 @@ include:
       - module: apache-reload
       - service: apache
 
-{% if grains['os_family']=="Debian" %}
-a2endisconf server-status:
+{%- if grains['os_family'] == "Debian" %}
+a2enconf server-status:
   cmd.run:
-{%   if apache.get('server_status_require') is defined %}
-    - name: a2enconf server-status
-    - unless: test -L /etc/apache2/conf-enabled/server-status.conf
-{%   else %}
-    - name: a2disconf server-status
-    - onlyif: test -L /etc/apache2/conf-enabled/server-status.conf
-{%   endif %}
+    - unless: 'test -L /etc/apache2/conf-enabled/server-status.conf'
     - order: 225
     - require:
       - pkg: apache

kitchen.yml

@@ -157,7 +157,7 @@ suites:
         base:
           '*':
             - apache
-            - apache.mod_security
+            - apache.config
       pillars:
         top.sls:
           base:
@@ -168,3 +168,21 @@ suites:
     verifier:
       inspec_tests:
         - path: test/integration/default
+  - name: modules
+    provisioner:
+      state_top:
+        base:
+          '*':
+            - apache
+            - apache.mod_security
+            - apache.server_status
+      pillars:
+        top.sls:
+          base:
+            '*':
+              - apache
+      pillars_from_files:
+        apache.sls: test/salt/pillar/modules.sls
+    verifier:
+      inspec_tests:
+        - path: test/integration/modules

test/integration/default/controls/config_spec.rb

@@ -3,7 +3,19 @@
 control 'apache configuration' do
   title 'should match desired lines'
 
-  describe file('/etc/apache2/apache2.conf') do
+  config_file =
+    case platform[:family]
+    when 'debian'
+      '/etc/apache2/apache2.conf'
+    when 'redhat', 'fedora'
+      '/etc/httpd/conf/httpd.conf'
+    when 'suse'
+      '/etc/apache2/httpd.conf'
+    # `linux` here is sufficient for `arch`
+    when 'linux'
+      '/etc/httpd/conf/httpd.conf'
+    end
+  describe file(config_file) do
     it { should be_file }
     it { should be_owned_by 'root' }
     it { should be_grouped_into 'root' }
@@ -15,3 +27,13 @@ control 'apache configuration' do
     end
   end
 end
+control 'apache configuration' do
+  title 'should be valid'
+
+  describe command('apachectl -t') do
+    its('stdout') { should eq '' }
+    its('stderr') { should include 'Syntax OK' }
+
+    its('exit_status') { should eq 0 }
+  end
+end

test/integration/default/controls/packages_spec.rb

@@ -1,20 +1,17 @@
 # frozen_string_literal: true
 
-# Overide by OS
-package_name = 'bash'
-package_name = 'cronie' if (os[:name] == 'centos') && os[:release].start_with?('6')
-
 control 'apache package' do
   title 'should be installed'
 
   package_name =
     case platform[:family]
     when 'debian', 'suse'
-        'apache2'
+      'apache2'
     when 'redhat', 'fedora'
-        'httpd'
-    when 'arch'
-        'apache'
+      'httpd'
+    # `linux` here is sufficient for `arch`
+    when 'linux'
+      'apache'
     end
 
   describe package(package_name) do

test/integration/default/controls/services_spec.rb

@@ -1,13 +1,17 @@
 # frozen_string_literal: true
 
-# Overide by OS
-service_name = 'apache2'
-service_name = 'httpd' if (os[:name] == 'centos')
-
 control 'apache service' do
   impact 0.5
   title 'should be running and enabled'
 
+  service_name =
+    case platform[:family]
+    when 'debian', 'suse'
+      'apache2'
+    when 'redhat', 'fedora', 'linux'
+      'httpd'
+    end
+
   describe service(service_name) do
     it { should be_enabled }
     it { should be_running }

test/integration/modules/controls/mod_security_spec.rb

@@ -9,6 +9,8 @@ control 'apache mod_security configuration' do
       '/etc/httpd/conf.d/mod_security.conf'
     when 'debian'
       '/etc/modsecurity/modsecurity.conf-recommended'
+    when 'suse'
+      '/etc/apache2/conf.d/mod_security2.conf'
     end
 
   describe file(modspec_file) do

test/integration/modules/controls/packages_spec.rb

@@ -5,12 +5,12 @@ control 'apache mod_security package' do
 
   package_name =
     case platform[:family]
-    when 'debian', 'suse'
-        'libapache2-mod-security2'
+    when 'debian'
+      'libapache2-mod-security2'
     when 'redhat', 'fedora'
-        'mod_security'
+      'mod_security'
     when 'suse'
-        'apache2-mod_security2'
+      'apache2-mod_security2'
     end
 
   describe package(package_name) do

test/integration/modules/controls/server_status_spec.rb

@@ -3,14 +3,14 @@
 control 'apache server_status configuration' do
   title 'should match desired lines'
 
-  server_status_stanza = <<-SS_STANZA
-<Location "/server-status">
-    SetHandler server-status
-    Require local
-    Require host foo.example.com
-    Require ip 10.8.8.0/24
-</Location>
-SS_STANZA
+  server_status_stanza = <<~SS_STANZA
+    <Location "/server-status">
+        SetHandler server-status
+        Require local
+        Require host foo.example.com
+        Require ip 10.8.8.0/24
+    </Location>
+  SS_STANZA
 
   confdir =
     case platform[:family]
@@ -20,7 +20,8 @@ SS_STANZA
       '/etc/httpd/conf.d'
     when 'suse'
       '/etc/apache2/conf.d'
-    when 'arch'
+    # `linux` here is sufficient for `arch`
+    when 'linux'
       '/etc/httpd/conf/extra'
     end
 

test/integration/modules/controls/services_spec.rb

@@ -1,13 +1,17 @@
 # frozen_string_literal: true
 
-# Overide by OS
-service_name = 'apache2'
-service_name = 'httpd' if (os[:name] == 'centos')
-
 control 'apache service' do
   impact 0.5
   title 'should be running and enabled'
 
+  service_name =
+    case platform[:family]
+    when 'debian', 'suse'
+      'apache2'
+    when 'redhat', 'fedora', 'linux'
+      'httpd'
+    end
+
   describe service(service_name) do
     it { should be_enabled }
     it { should_not be_running }