diff --git a/test/integration/default/controls/config_spec.rb b/test/integration/default/controls/config_spec.rb index 22f7351..86a8554 100644 --- a/test/integration/default/controls/config_spec.rb +++ b/test/integration/default/controls/config_spec.rb @@ -1,3 +1,4 @@ +# frozen_string_literal: true # Set defaults, use debian as base conf_user = 'bind' @@ -17,7 +18,7 @@ config = '/etc/bind/named.conf' # Override by OS case os[:name] -when 'arch','redhat', 'centos', 'fedora', 'amazon' +when 'arch', 'redhat', 'centos', 'fedora', 'amazon' conf_user = 'named' conf_group = 'named' keys_group = 'root' @@ -28,8 +29,8 @@ when 'arch','redhat', 'centos', 'fedora', 'amazon' keys_mode = '0755' conf_mode = '0640' config = '/etc/named.conf' - when 'suse', 'opensuse' - conf_user = 'root' +when 'suse', 'opensuse' + conf_user = 'root' conf_group = 'named' logs_user = 'root' logs_group = 'root' @@ -47,11 +48,11 @@ end # Override log directory by OS case os[:name] when 'arch', 'ubuntu' - log_directory = '/var/log/named' + log_directory = '/var/log/named' when 'redhat', 'centos', 'fedora', 'amazon' - log_directory = '/var/named/data' + log_directory = '/var/named/data' when 'suse', 'opensuse' - log_directory = '/var/log' + log_directory = '/var/log' end # Check main config dir @@ -101,28 +102,28 @@ end # RHEL: Doesn't use .options and has rfc1912.zones # Debian: Uses .options case os[:name] -when 'arch','redhat', 'centos', 'fedora', 'amazon' +when 'arch', 'redhat', 'centos', 'fedora', 'amazon' control 'File ' + config do - title 'should exist' + title 'should exist' describe file(config) do - its('owner') { should eq conf_user } + its('owner') { should eq conf_user } its('group') { should eq conf_group } its('mode') { should cmp conf_mode } - its('content') { should match /^include\ "\/etc\/named\.rfc1912\.zones";/ } - its('content') { should match /^include\ "\/etc\/named\.conf\.local";/ } - end + its('content') { should match %r{^include\ "/etc/named\.rfc1912\.zones";} } + its('content') { should match %r{^include\ "/etc/named\.conf\.local";} } end + end when 'ubuntu', 'debian' control 'File ' + config do - title 'should exist' + title 'should exist' describe file(config) do - its('owner') { should eq conf_user } + its('owner') { should eq conf_user } its('group') { should eq conf_group } its('mode') { should cmp conf_mode } - its('content') { should match /^include\ "\/etc\/bind\/named\.conf\.local";/ } - its('content') { should match /^include\ "\/etc\/bind\/named\.conf\.options";/ } - end + its('content') { should match %r{^include\ "/etc/bind/named\.conf\.local";} } + its('content') { should match %r{^include\ "/etc/bind/named\.conf\.options";} } end + end end # If debian check the .options file @@ -154,20 +155,20 @@ control 'File ' + config + '.local' do # the #{foo} is a ruby string expansion so we can use the variables # defined above # Match example.com zone from the pillar - its('content') { should match /^zone\ "example\.com"\ {\n\ \ type\ master;\n\ \ file\ "#{zones_directory}\/example\.com";\n\ \ \n\ \ update-policy\ {\n\ \ \ \ grant\ core_dhcp\ name\ dns_entry_allowed_to_update\.\ ANY;\n\ \ \};\n\ \ notify\ no;\n\};/ } + its('content') { should match %r{^zone\ "example\.com"\ {\n\ \ type\ master;\n\ \ file\ "#{zones_directory}/example\.com";\n\ \ \n\ \ update-policy\ {\n\ \ \ \ grant\ core_dhcp\ name\ dns_entry_allowed_to_update\.\ ANY;\n\ \ \};\n\ \ notify\ no;\n\};} } # Match example.net from pillar - its('content') { should match /^zone\ "example\.net"\ {\n\ \ type\ master;\n\ \ file\ "#{zones_directory}\/example\.net";\n\ \ \n\ \ notify\ no;\n\};/ } + its('content') { should match %r{^zone\ "example\.net"\ {\n\ \ type\ master;\n\ \ file\ "#{zones_directory}/example\.net";\n\ \ \n\ \ notify\ no;\n\};} } # Match example.org from pillar - its('content') { should match /^zone\ "example\.org"\ {\n\ \ type\ slave;\n\ \ file\ "#{zones_directory}\/";\n\ \ \n\ \ notify\ no;\n\ \ masters\ \{\n\ \ \ \ 192\.0\.2\.1;\n\ \ \ \ 192\.0\.2\.2;\n\ \ \};\n\};/ } + its('content') { should match %r{^zone\ "example\.org"\ {\n\ \ type\ slave;\n\ \ file\ "#{zones_directory}/";\n\ \ \n\ \ notify\ no;\n\ \ masters\ \{\n\ \ \ \ 192\.0\.2\.1;\n\ \ \ \ 192\.0\.2\.2;\n\ \ \};\n\};} } # Match 113.0.203 reverse zone from pillar - its('content') { should match /^zone\ "113\.0\.203\.in-addr\.arpa"\ {\n\ \ type\ master;\n\ \ file\ "#{zones_directory}\/113\.0\.203\.in-addr\.arpa";\n\ \ \n\ \ notify\ no;\n\};/ } + its('content') { should match %r{^zone\ "113\.0\.203\.in-addr\.arpa"\ {\n\ \ type\ master;\n\ \ file\ "#{zones_directory}/113\.0\.203\.in-addr\.arpa";\n\ \ \n\ \ notify\ no;\n\};} } # Match 100.51.198 reverse zone from pillar - its('content') { should match /^zone\ "100\.51\.198\.in-addr\.arpa"\ {\n\ \ type\ master;\n\ \ file\ "#{zones_directory}\/100\.51\.198\.in-addr\.arpa";\n\ \ \n\ \ notify\ no;\n\};/ } + its('content') { should match %r{^zone\ "100\.51\.198\.in-addr\.arpa"\ {\n\ \ type\ master;\n\ \ file\ "#{zones_directory}/100\.51\.198\.in-addr\.arpa";\n\ \ \n\ \ notify\ no;\n\};} } # Match logging - its('content') { should match /^logging\ \{\n\ \ channel\ "querylog"\ {\n\ \ \ \ file\ "#{log_directory}\/query\.log";\n\ \ \ \ print-time\ yes;\n\ \ \};\n\ \ category\ queries\ \{\ querylog;\ \};\n\};/ } + its('content') { should match %r{^logging\ \{\n\ \ channel\ "querylog"\ {\n\ \ \ \ file\ "#{log_directory}/query\.log";\n\ \ \ \ print-time\ yes;\n\ \ \};\n\ \ category\ queries\ \{\ querylog;\ \};\n\};} } # Match acl1 - its('content') { should match /acl\ client1\ \{\n\ \ 127\.0\.0\.0\/8;\n\ \ 10\.20\.0\.0\/16;\n\};/ } + its('content') { should match %r{acl\ client1\ \{\n\ \ 127\.0\.0\.0/8;\n\ \ 10\.20\.0\.0/16;\n\};} } # Match acl2 - its('content') { should match /^acl\ client2\ \{\n\ \ 10\.30\.0\.0\/8;\n\};/ } + its('content') { should match %r{^acl\ client2\ \{\n\ \ 10\.30\.0\.0/8;\n\};} } end end diff --git a/test/integration/default/controls/pkgs_spec.rb b/test/integration/default/controls/pkgs_spec.rb index 2d487a2..29066c1 100644 --- a/test/integration/default/controls/pkgs_spec.rb +++ b/test/integration/default/controls/pkgs_spec.rb @@ -1,20 +1,21 @@ +# frozen_string_literal: true case os[:name] when 'arch' - os_packages = %w( + os_packages = %w[ bind bind-tools dnssec-tools - ) + ] when 'redhat', 'centos', 'fedora', 'amazon' - os_packages = %w(bind) + os_packages = %w[bind] when 'suse', 'opensuse' - os_packages = %w(bind) + os_packages = %w[bind] when 'debian', 'ubuntu' - os_packages = %w( + os_packages = %w[ bind9 bind9utils - ) + ] end control 'Bind9 packages' do @@ -26,4 +27,3 @@ control 'Bind9 packages' do end end end - diff --git a/test/integration/default/controls/service_spec.rb b/test/integration/default/controls/service_spec.rb index 04867c9..fd15938 100644 --- a/test/integration/default/controls/service_spec.rb +++ b/test/integration/default/controls/service_spec.rb @@ -1,6 +1,7 @@ +# frozen_string_literal: true case os[:name] -when 'arch','redhat', 'centos', 'fedora', 'amazon' +when 'arch', 'redhat', 'centos', 'fedora', 'amazon' service = 'named' when 'suse', 'opensuse' service = 'named' @@ -12,7 +13,7 @@ control 'Bind9 service' do title 'should be running' describe service(service) do -# it { should be_enabled } + # it { should be_enabled } it { should be_running } end end diff --git a/test/integration/default/controls/zones_spec.rb b/test/integration/default/controls/zones_spec.rb index b0cfdc5..8a9d6ef 100644 --- a/test/integration/default/controls/zones_spec.rb +++ b/test/integration/default/controls/zones_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + # Set defaults, use debian as base conf_user = 'bind' @@ -16,7 +18,7 @@ config = '/etc/bind/named.conf' # Override by OS case os[:name] -when 'arch','redhat', 'centos', 'fedora', 'amazon' +when 'arch', 'redhat', 'centos', 'fedora', 'amazon' conf_user = 'named' conf_group = 'named' keys_group = 'root' @@ -28,140 +30,139 @@ when 'arch','redhat', 'centos', 'fedora', 'amazon' conf_mode = '0640' config = '/etc/named.conf' when 'suse', 'opensuse' - zones_directory = nil # not implemented + zones_directory = nil # not implemented end # Override log directory by OS case os[:name] when 'arch', 'ubuntu' - log_directory = '/var/log/named' + log_directory = '/var/log/named' when 'redhat', 'centos', 'fedora', 'amazon' - log_directory = '/var/named/data' + log_directory = '/var/named/data' end if zones_directory -# Test example.com zonefile -control 'File ' + zones_directory + '/example.com' do - title 'should exist' - describe file(zones_directory + '/example.com') do - its('owner') { should eq conf_user } - its('group') { should eq conf_group } - its('mode') { should cmp '0644' } - # Multi line regex to match the various zones - # If you're here to update the pillar/tests I would highly reccommend - # using an online miltiline regex editor to do this: - # https://www.regextester.com/ - # the #{foo} is a ruby string expansion so we can use the variables - # defined above + # Test example.com zonefile + control 'File ' + zones_directory + '/example.com' do + title 'should exist' + describe file(zones_directory + '/example.com') do + its('owner') { should eq conf_user } + its('group') { should eq conf_group } + its('mode') { should cmp '0644' } + # Multi line regex to match the various zones + # If you're here to update the pillar/tests I would highly reccommend + # using an online miltiline regex editor to do this: + # https://www.regextester.com/ + # the #{foo} is a ruby string expansion so we can use the variables + # defined above - # Match SOA - its('content') { should match /^@\ IN\ SOA\ ns1.example.com\ hostmaster.example.com\ \(\n 2018073100\ ;\ serial\n\ \ \ \ 12h\ ;\ refresh\n\ \ \ \ 600\ ;\ retry\n\ \ \ \ 2w\ ;\ expiry\n\ \ \ \ 1m\ ;\ nxdomain\ ttl\n\);/ } + # Match SOA + its('content') { should match /^@\ IN\ SOA\ ns1.example.com\ hostmaster.example.com\ \(\n 2018073100\ ;\ serial\n\ \ \ \ 12h\ ;\ refresh\n\ \ \ \ 600\ ;\ retry\n\ \ \ \ 2w\ ;\ expiry\n\ \ \ \ 1m\ ;\ nxdomain\ ttl\n\);/ } - # Just match string for these as it's much easier to read - # Match NS - its('content') { should match '@ NS ns1' } - # Match A - its('content') { should match 'ns1 A 203.0.113.1' } - its('content') { should match 'foo A 203.0.113.2' } - its('content') { should match 'bar A 203.0.113.3' } - # Match CNAME - its('content') { should match 'ftp CNAME foo.example.com.' } - its('content') { should match 'www CNAME bar.example.com.' } - its('content') { should match 'mail CNAME mx1.example.com.' } - its('content') { should match 'smtp CNAME mx1.example.com.' } - # Match TXT - its('content') { should match '@ TXT "some_value"' } + # Just match string for these as it's much easier to read + # Match NS + its('content') { should match '@ NS ns1' } + # Match A + its('content') { should match 'ns1 A 203.0.113.1' } + its('content') { should match 'foo A 203.0.113.2' } + its('content') { should match 'bar A 203.0.113.3' } + # Match CNAME + its('content') { should match 'ftp CNAME foo.example.com.' } + its('content') { should match 'www CNAME bar.example.com.' } + its('content') { should match 'mail CNAME mx1.example.com.' } + its('content') { should match 'smtp CNAME mx1.example.com.' } + # Match TXT + its('content') { should match '@ TXT "some_value"' } + end end -end -# Test example.net zonefile -control 'File ' + zones_directory + '/example.net' do - title 'should exist' - describe file(zones_directory + '/example.net') do - its('owner') { should eq conf_user } - its('group') { should eq conf_group } - its('mode') { should cmp '0644' } - # Match SOA - its('content') { should match /^@\ IN\ SOA\ ns1.example.net\ hostmaster.example.net\ \(\n\ \ \ \ [0-9]{10}\ ;\ serial\n\ \ \ \ 12h\ ;\ refresh\n\ \ \ \ 300\ ;\ retry\n\ \ \ \ 2w\ ;\ expiry\n\ \ \ \ 1m\ ;\ nxdomain\ ttl\n\);/ } - # Match Include - its('content') { should match /^\$INCLUDE\ #{zones_directory}\/example\.net\.include$/ } + # Test example.net zonefile + control 'File ' + zones_directory + '/example.net' do + title 'should exist' + describe file(zones_directory + '/example.net') do + its('owner') { should eq conf_user } + its('group') { should eq conf_group } + its('mode') { should cmp '0644' } + # Match SOA + its('content') { should match /^@\ IN\ SOA\ ns1.example.net\ hostmaster.example.net\ \(\n\ \ \ \ [0-9]{10}\ ;\ serial\n\ \ \ \ 12h\ ;\ refresh\n\ \ \ \ 300\ ;\ retry\n\ \ \ \ 2w\ ;\ expiry\n\ \ \ \ 1m\ ;\ nxdomain\ ttl\n\);/ } + # Match Include + its('content') { should match %r{^\$INCLUDE\ #{zones_directory}/example\.net\.include$} } + end end -end -# Test example.net.include zonefile -control 'File ' + zones_directory + '/example.net.include' do - title 'should exist' - describe file(zones_directory + '/example.net.include') do - its('owner') { should eq conf_user } - its('group') { should eq conf_group } - its('mode') { should cmp '0644' } - # Just match string for these as it's much easier to read - # Match NS - its('content') { should match '@ NS ns1' } - # Match A - its('content') { should match 'ns1 A 198.51.100.1' } - its('content') { should match 'foo A 198.51.100.2' } - its('content') { should match 'bar A 198.51.100.3' } - its('content') { should match 'baz A 198.51.100.4' } - its('content') { should match 'mx1 A 198.51.100.5' } - its('content') { should match 'mx1 A 198.51.100.6' } - its('content') { should match 'mx1 A 198.51.100.7' } - # Match CNAME - its('content') { should match 'mail CNAME mx1.example.net.' } - its('content') { should match 'smtp CNAME mx1.example.net.' } + # Test example.net.include zonefile + control 'File ' + zones_directory + '/example.net.include' do + title 'should exist' + describe file(zones_directory + '/example.net.include') do + its('owner') { should eq conf_user } + its('group') { should eq conf_group } + its('mode') { should cmp '0644' } + # Just match string for these as it's much easier to read + # Match NS + its('content') { should match '@ NS ns1' } + # Match A + its('content') { should match 'ns1 A 198.51.100.1' } + its('content') { should match 'foo A 198.51.100.2' } + its('content') { should match 'bar A 198.51.100.3' } + its('content') { should match 'baz A 198.51.100.4' } + its('content') { should match 'mx1 A 198.51.100.5' } + its('content') { should match 'mx1 A 198.51.100.6' } + its('content') { should match 'mx1 A 198.51.100.7' } + # Match CNAME + its('content') { should match 'mail CNAME mx1.example.net.' } + its('content') { should match 'smtp CNAME mx1.example.net.' } + end end -end -# Test 113.0.203.in-addr.arpa zonefile -control 'File ' + zones_directory + '/113.0.203.in-addr.arpa' do - title 'should exist' - describe file(zones_directory + '/113.0.203.in-addr.arpa') do - its('owner') { should eq conf_user } - its('group') { should eq conf_group } - its('mode') { should cmp '0644' } - # Match SOA - its('content') { should match /^@\ IN\ SOA\ ns1.example.com\ hostmaster.example.com\ \(\n\ \ \ \ 2018073100\ ;\ serial\n\ \ \ \ 12h\ ;\ refresh\n\ \ \ \ 600\ ;\ retry\n\ \ \ \ 2w\ ;\ expiry\n\ \ \ \ 1m\ ;\ nxdomain\ ttl\n\);/ } + # Test 113.0.203.in-addr.arpa zonefile + control 'File ' + zones_directory + '/113.0.203.in-addr.arpa' do + title 'should exist' + describe file(zones_directory + '/113.0.203.in-addr.arpa') do + its('owner') { should eq conf_user } + its('group') { should eq conf_group } + its('mode') { should cmp '0644' } + # Match SOA + its('content') { should match /^@\ IN\ SOA\ ns1.example.com\ hostmaster.example.com\ \(\n\ \ \ \ 2018073100\ ;\ serial\n\ \ \ \ 12h\ ;\ refresh\n\ \ \ \ 600\ ;\ retry\n\ \ \ \ 2w\ ;\ expiry\n\ \ \ \ 1m\ ;\ nxdomain\ ttl\n\);/ } - # Just match string for these as it's much easier to read - # Match Include - its('content') { should match '1.113.0.203.in-addr.arpa PTR ns1.example.com.' } - its('content') { should match '2.113.0.203.in-addr.arpa PTR foo.example.com.' } - its('content') { should match '3.113.0.203.in-addr.arpa PTR bar.example.com.' } + # Just match string for these as it's much easier to read + # Match Include + its('content') { should match '1.113.0.203.in-addr.arpa PTR ns1.example.com.' } + its('content') { should match '2.113.0.203.in-addr.arpa PTR foo.example.com.' } + its('content') { should match '3.113.0.203.in-addr.arpa PTR bar.example.com.' } + end end -end -# Test 100.51.198.in-addr.arpa zonefile -control 'File ' + zones_directory + '/100.51.198.in-addr.arpa' do - title 'should exist' - describe file(zones_directory + '/100.51.198.in-addr.arpa') do - its('owner') { should eq conf_user } - its('group') { should eq conf_group } - its('mode') { should cmp '0644' } - # Match SOA - its('content') { should match /^@\ IN\ SOA\ ns1.example.net\ hostmaster.example.net\ \(\n\ \ \ \ [0-9]{10}\ ;\ serial\n\ \ \ \ 12h\ ;\ refresh\n\ \ \ \ 600\ ;\ retry\n\ \ \ \ 2w\ ;\ expiry\n\ \ \ \ 1m\ ;\ nxdomain\ ttl\n\);/ } - # Match Include - its('content') { should match /^\$INCLUDE\ #{zones_directory}\/100\.51\.198\.in-addr\.arpa\.include$/ } + # Test 100.51.198.in-addr.arpa zonefile + control 'File ' + zones_directory + '/100.51.198.in-addr.arpa' do + title 'should exist' + describe file(zones_directory + '/100.51.198.in-addr.arpa') do + its('owner') { should eq conf_user } + its('group') { should eq conf_group } + its('mode') { should cmp '0644' } + # Match SOA + its('content') { should match /^@\ IN\ SOA\ ns1.example.net\ hostmaster.example.net\ \(\n\ \ \ \ [0-9]{10}\ ;\ serial\n\ \ \ \ 12h\ ;\ refresh\n\ \ \ \ 600\ ;\ retry\n\ \ \ \ 2w\ ;\ expiry\n\ \ \ \ 1m\ ;\ nxdomain\ ttl\n\);/ } + # Match Include + its('content') { should match %r{^\$INCLUDE\ #{zones_directory}/100\.51\.198\.in-addr\.arpa\.include$} } + end end -end -# Test 100.51.198.in-addr.arpa.include zonefile -control 'File ' + zones_directory + '/100.51.198.in-addr.arpa.include' do - title 'should exist' - describe file(zones_directory + '/100.51.198.in-addr.arpa.include') do - its('owner') { should eq conf_user } - its('group') { should eq conf_group } - its('mode') { should cmp '0644' } - # Match PTR - its('content') { should match '1.100.51.198.in-addr.arpa. PTR ns1.example.net.' } - its('content') { should match '2.100.51.198.in-addr.arpa. PTR foo.example.net.' } - its('content') { should match '3.100.51.198.in-addr.arpa. PTR bar.example.net.' } - its('content') { should match '4.100.51.198.in-addr.arpa. PTR baz.example.net.' } - its('content') { should match '5.100.51.198.in-addr.arpa. PTR mx1.example.net.' } - its('content') { should match '6.100.51.198.in-addr.arpa. PTR mx1.example.net.' } - its('content') { should match '7.100.51.198.in-addr.arpa. PTR mx1.example.net.' } + # Test 100.51.198.in-addr.arpa.include zonefile + control 'File ' + zones_directory + '/100.51.198.in-addr.arpa.include' do + title 'should exist' + describe file(zones_directory + '/100.51.198.in-addr.arpa.include') do + its('owner') { should eq conf_user } + its('group') { should eq conf_group } + its('mode') { should cmp '0644' } + # Match PTR + its('content') { should match '1.100.51.198.in-addr.arpa. PTR ns1.example.net.' } + its('content') { should match '2.100.51.198.in-addr.arpa. PTR foo.example.net.' } + its('content') { should match '3.100.51.198.in-addr.arpa. PTR bar.example.net.' } + its('content') { should match '4.100.51.198.in-addr.arpa. PTR baz.example.net.' } + its('content') { should match '5.100.51.198.in-addr.arpa. PTR mx1.example.net.' } + its('content') { should match '6.100.51.198.in-addr.arpa. PTR mx1.example.net.' } + its('content') { should match '7.100.51.198.in-addr.arpa. PTR mx1.example.net.' } + end end end - -end