test(default+modules): add modules' tests suite

test/integration/default/controls/config_spec.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+control 'apache configuration' do
+  title 'should match desired lines'
+
+  describe file('/etc/apache2/apache2.conf') do
+    it { should be_file }
+    it { should be_owned_by 'root' }
+    it { should be_grouped_into 'root' }
+    its('mode') { should cmp '0644' }
+    its('content') do
+      should include(
+        'This file is managed by Salt! Do not edit by hand!'
+      )
+    end
+  end
+end

test/integration/default/controls/packages_spec.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+# Overide by OS
+package_name = 'bash'
+package_name = 'cronie' if (os[:name] == 'centos') && os[:release].start_with?('6')
+
+control 'apache package' do
+  title 'should be installed'
+
+  package_name =
+    case platform[:family]
+    when 'debian', 'suse'
+        'apache2'
+    when 'redhat', 'fedora'
+        'httpd'
+    when 'arch'
+        'apache'
+    end
+
+  describe package(package_name) do
+    it { should be_installed }
+  end
+end

test/integration/default/controls/services_spec.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+# Overide by OS
+service_name = 'apache2'
+service_name = 'httpd' if (os[:name] == 'centos')
+
+control 'apache service' do
+  impact 0.5
+  title 'should be running and enabled'
+
+  describe service(service_name) do
+    it { should be_enabled }
+    it { should be_running }
+  end
+end

test/integration/modules/README.md

@@ -0,0 +1,50 @@
+# InSpec Profile: `modules`
+
+This shows the implementation of the `modules` InSpec [profile](https://github.com/inspec/inspec/blob/master/docs/profiles.md).
+
+## Verify a profile
+
+InSpec ships with built-in features to verify a profile structure.
+
+```bash
+$ inspec check modules
+Summary
+-------
+Location: modules
+Profile: profile
+Controls: 4
+Timestamp: 2019-06-24T23:09:01+00:00
+Valid: true
+
+Errors
+------
+
+Warnings
+--------
+```
+
+## Execute a profile
+
+To run all **supported** controls on a local machine use `inspec exec /path/to/profile`.
+
+```bash
+$ inspec exec modules
+..
+
+Finished in 0.0025 seconds (files took 0.12449 seconds to load)
+8 examples, 0 failures
+```
+
+## Execute a specific control from a profile
+
+To run one control from the profile use `inspec exec /path/to/profile --controls name`.
+
+```bash
+$ inspec exec modules --controls package
+.
+
+Finished in 0.0025 seconds (files took 0.12449 seconds to load)
+1 examples, 0 failures
+```
+
+See an [example control here](https://github.com/inspec/inspec/blob/master/examples/profile/controls/example.rb).

test/integration/modules/controls/config_spec.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+control 'apache configuration' do
+  title 'should be valid'
+
+  describe command('apachectl -t') do
+    its('stdout') { should eq '' }
+    its('stderr') { should include 'Syntax OK' }
+
+    its('exit_status') { should eq 0 }
+  end
+end

test/integration/default/controls/mod_security_spec.rb → test/integration/modules/controls/mod_security_spec.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-control 'Apache mod_security configuration' do
+control 'apache mod_security configuration' do
   title 'should match desired lines'
 
   modspec_file =

test/integration/modules/controls/packages_spec.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+control 'apache mod_security package' do
+  title 'should be installed'
+
+  package_name =
+    case platform[:family]
+    when 'debian', 'suse'
+        'libapache2-mod-security2'
+    when 'redhat', 'fedora'
+        'mod_security'
+    when 'suse'
+        'apache2-mod_security2'
+    end
+
+  describe package(package_name) do
+    it { should be_installed }
+  end
+end

test/integration/modules/controls/server_status_spec.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+control 'apache server_status configuration' do
+  title 'should match desired lines'
+
+  server_status_stanza = <<-SS_STANZA
+<Location "/server-status">
+    SetHandler server-status
+    Require local
+    Require host foo.example.com
+    Require ip 10.8.8.0/24
+</Location>
+SS_STANZA
+
+  confdir =
+    case platform[:family]
+    when 'debian'
+      '/etc/apache2/conf-available'
+    when 'redhat', 'fedora'
+      '/etc/httpd/conf.d'
+    when 'suse'
+      '/etc/apache2/conf.d'
+    when 'arch'
+      '/etc/httpd/conf/extra'
+    end
+
+  describe file("#{confdir}/server-status.conf") do
+    it { should be_file }
+    it { should be_owned_by 'root' }
+    it { should be_grouped_into 'root' }
+    its('mode') { should cmp '0644' }
+    its('content') { should include '# File managed by Salt' }
+    its('content') { should include server_status_stanza }
+  end
+end

test/integration/modules/controls/services_spec.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+# Overide by OS
+service_name = 'apache2'
+service_name = 'httpd' if (os[:name] == 'centos')
+
+control 'apache service' do
+  impact 0.5
+  title 'should be running and enabled'
+
+  describe service(service_name) do
+    it { should be_enabled }
+    it { should_not be_running }
+  end
+end

test/integration/modules/inspec.yml

@@ -0,0 +1,18 @@
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
+name: modules
+title: apache formula
+maintainer: SaltStack Formulas
+license: Apache-2.0
+summary: Verify that the apache formula manages modules correctly
+supports:
+  - platform-name: debian
+  - platform-name: ubuntu
+  - platform-name: centos
+  - platform-name: fedora
+  - platform-name: opensuse
+  - platform-name: suse
+  - platform-name: freebsd
+  - platform-name: amazon
+  - platform-name: arch

test/salt/pillar/default.sls

@@ -1,17 +1,3 @@
 # -*- coding: utf-8 -*-
 # vim: ft=yaml
 ---
-apache:
-  manage_service_states: false
-  mod_security:
-    crs_install: true
-    manage_config: true
-    sec_rule_engine: 'On'
-    sec_request_body_access: 'On'
-    sec_request_body_limit: '14000000'
-    sec_request_body_no_files_limit: '114002'
-    sec_request_body_in_memory_limit: '114002'
-    sec_request_body_limit_action: 'Reject'
-    sec_pcre_match_limit: '15000'
-    sec_pcre_match_limit_recursion: '15000'
-    sec_debug_log_level: '3'

test/salt/pillar/modules.sls

@@ -0,0 +1,22 @@
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
+apache:
+  manage_service_states: false
+  mod_security:
+    crs_install: true
+    manage_config: true
+    sec_rule_engine: 'On'
+    sec_request_body_access: 'On'
+    sec_request_body_limit: '14000000'
+    sec_request_body_no_files_limit: '114002'
+    sec_request_body_in_memory_limit: '114002'
+    sec_request_body_limit_action: 'Reject'
+    sec_pcre_match_limit: '15000'
+    sec_pcre_match_limit_recursion: '15000'
+    sec_debug_log_level: '3'
+  server_status_require:
+    ip:
+      - 10.8.8.0/24
+    host:
+      - foo.example.com