saltstack-formulas/bind-formula
1
0
Fork 0
mirror of https://github.com/saltstack-formulas/bind-formula.git synced 2025-04-16 09:40:22 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind-formula/test/integration/default/config_spec.rb
Eric Veiras Galisson 64872f6ff6 test(inspec): fix suse/opensuse tests
2019-05-23 13:00:29 +02:00

173 lines
6.1 KiB
Ruby
Raw Blame History

# Set defaults, use debian as base
conf_user = 'bind'
conf_group = 'bind'
keys_user = 'root'
keys_group = conf_group
logs_user = 'root'
logs_group = conf_group
logs_mode = '0775'
named_directory = '/var/cache/bind'
zones_directory = '/var/cache/bind/zones'
keys_directory = '/etc/bind/keys'
log_directory = '/var/log/bind9'
keys_mode = '02755'
conf_mode = '0644'
config = '/etc/bind/named.conf'
# Override by OS
case os[:name]
when 'arch','redhat', 'centos', 'fedora'
conf_user = 'named'
conf_group = 'named'
keys_group = 'root'
logs_group = conf_group
named_directory = '/var/named'
zones_directory = named_directory
keys_directory = '/etc/named.keys'
keys_mode = '0755'
conf_mode = '0640'
config = '/etc/named.conf'
when 'suse', 'opensuse'
conf_user = 'root'
conf_group = 'named'
logs_user = 'root'
logs_group = 'root'
logs_mode = '0755'
keys_group = 'root'
logs_group = 'root'
named_directory = '/var/lib/named'
zones_directory = '/var/lib/named'
keys_directory = '/etc/named.keys'
keys_mode = '0755'
conf_mode = '0640'
config = '/etc/named.d/named.conf'
end
# Override log directory by OS
case os[:name]
when 'arch', 'ubuntu'
log_directory = '/var/log/named'
when 'redhat', 'centos', 'fedora'
log_directory = '/var/named/data'
when 'suse', 'opensuse'
log_directory = '/var/log'
end
# Check main config dir
control 'Directory ' + named_directory do
title 'should exist'
describe directory(named_directory) do
its('owner') { should eq conf_user }
its('group') { should eq conf_group }
its('mode') { should cmp '0775' }
end
end
# Check DNSSEC keys dir
control 'Directory ' + keys_directory do
title 'should exist'
describe directory(keys_directory) do
its('owner') { should eq keys_user }
its('group') { should eq keys_group }
its('mode') { should cmp keys_mode }
end
end
# Check Logs dir
control 'Directory ' + log_directory do
title 'should exist'
describe directory(log_directory) do
its('owner') { should eq logs_user }
its('group') { should eq logs_group }
its('mode') { should cmp logs_mode }
end
end
# Check zones dir if on debian based OS
control 'Directory ' + zones_directory do
title 'should exist'
only_if do
os.debian?
end
describe directory(zones_directory) do
its('owner') { should eq conf_user }
its('group') { should eq conf_group }
its('mode') { should cmp '0775' }
end
end
# Check main config
# RHEL: Doesn't use .options and has rfc1912.zones
# Debian: Uses .options
case os[:name]
when 'arch','redhat', 'centos', 'fedora'
control 'File ' + config do
title 'should exist'
describe file(config) do
its('owner') { should eq conf_user }
its('group') { should eq conf_group }
its('mode') { should cmp conf_mode }
its('content') { should match /^include\ "\/etc\/named\.rfc1912\.zones";/ }
its('content') { should match /^include\ "\/etc\/named\.conf\.local";/ }
end
end
when 'ubuntu', 'debian'
control 'File ' + config do
title 'should exist'
describe file(config) do
its('owner') { should eq conf_user }
its('group') { should eq conf_group }
its('mode') { should cmp conf_mode }
its('content') { should match /^include\ "\/etc\/bind\/named\.conf\.local";/ }
its('content') { should match /^include\ "\/etc\/bind\/named\.conf\.options";/ }
end
end
end
# If debian check the .options file
control 'File ' + config + '.options' do
title 'should exist'
only_if do
os.debian?
end
describe file(config + '.options') do
its('owner') { should eq conf_user }
its('group') { should eq conf_group }
its('mode') { should cmp '0644' }
its('content') { should match /\ {8}directory\ "#{named_directory}"/ }
its('content') { should match /\ {8}key-directory\ "#{keys_directory}"/ }
end
end
# Check config.local
control 'File ' + config + '.local' do
title 'should exist'
describe file(config + '.local') do
its('owner') { should eq conf_user }
its('group') { should eq conf_group }
its('mode') { should cmp '0644' }
# Multi line regex to match the various zones
# If you're here to update the pillar/tests I would highly reccommend
# using an online miltiline regex editor to do this:
# https://www.regextester.com/
# the #{foo} is a ruby string expansion so we can use the variables
# defined above
# Match example.com zone from the pillar
its('content') { should match /^zone\ "example\.com"\ {\n\ \ type\ master;\n\ \ file\ "#{zones_directory}\/example\.com";\n\ \ \n\ \ update-policy\ {\n\ \ \ \ grant\ core_dhcp\ name\ dns_entry_allowed_to_update\.\ ANY;\n\ \ \};\n\ \ notify\ no;\n\};/ }
# Match example.net from pillar
its('content') { should match /^zone\ "example\.net"\ {\n\ \ type\ master;\n\ \ file\ "#{zones_directory}\/example\.net";\n\ \ \n\ \ notify\ no;\n\};/ }
# Match example.org from pillar
its('content') { should match /^zone\ "example\.org"\ {\n\ \ type\ slave;\n\ \ file\ "#{zones_directory}\/";\n\ \ \n\ \ notify\ no;\n\ \ masters\ \{\n\ \ \ \ 192\.0\.2\.1;\n\ \ \ \ 192\.0\.2\.2;\n\ \ \};\n\};/ }
# Match 113.0.203 reverse zone from pillar
its('content') { should match /^zone\ "113\.0\.203\.in-addr\.arpa"\ {\n\ \ type\ master;\n\ \ file\ "#{zones_directory}\/113\.0\.203\.in-addr\.arpa";\n\ \ \n\ \ notify\ no;\n\};/ }
# Match 100.51.198 reverse zone from pillar
its('content') { should match /^zone\ "100\.51\.198\.in-addr\.arpa"\ {\n\ \ type\ master;\n\ \ file\ "#{zones_directory}\/100\.51\.198\.in-addr\.arpa";\n\ \ \n\ \ notify\ no;\n\};/ }
# Match logging
its('content') { should match /^logging\ \{\n\ \ channel\ "querylog"\ {\n\ \ \ \ file\ "#{log_directory}\/query\.log";\n\ \ \ \ print-time\ yes;\n\ \ \};\n\ \ category\ queries\ \{\ querylog;\ \};\n\};/ }
# Match acl1
its('content') { should match /acl\ client1\ \{\n\ \ 127\.0\.0\.0\/8;\n\ \ 10\.20\.0\.0\/16;\n\};/ }
# Match acl2
its('content') { should match /^acl\ client2\ \{\n\ \ 10\.30\.0\.0\/8;\n\};/ }
end
end
Reference in a new issue View git blame Copy permalink