def test_deploy_cert(self): server_conf = self.config.parser.abs_path('server.conf') nginx_conf = self.config.parser.abs_path('nginx.conf') example_conf = self.config.parser.abs_path('sites-enabled/example.com') # Choose a version of Nginx less than 1.3.7 so stapling code doesn't get # invoked. self.config.version = (1, 3, 1) # Get the default SSL vhost self.config.deploy_cert( "www.example.com", "example/cert.pem", "example/key.pem", "example/chain.pem", "example/fullchain.pem") self.config.deploy_cert( "another.alias", "/etc/nginx/cert.pem", "/etc/nginx/key.pem", "/etc/nginx/chain.pem", "/etc/nginx/fullchain.pem") self.config.save() self.config.parser.load() parsed_example_conf = util.filter_comments(self.config.parser.parsed[example_conf]) parsed_server_conf = util.filter_comments(self.config.parser.parsed[server_conf]) parsed_nginx_conf = util.filter_comments(self.config.parser.parsed[nginx_conf]) self.assertEqual([[['server'], [ ['listen', '69.50.225.155:9000'], ['listen', '127.0.0.1'], ['server_name', '.example.com'], ['server_name', 'example.*'], ['listen', '5001 ssl'], ['ssl_certificate', 'example/fullchain.pem'], ['ssl_certificate_key', 'example/key.pem']] + util.filter_comments(self.config.parser.loc["ssl_options"]) ]], parsed_example_conf) self.assertEqual([['server_name', 'somename alias another.alias']], parsed_server_conf) self.assertTrue(util.contains_at_depth( parsed_nginx_conf, [['server'], [ ['listen', '8000'], ['listen', 'somename:8080'], ['include', 'server.conf'], [['location', '/'], [['root', 'html'], ['index', 'index.html index.htm']]], ['listen', '5001 ssl'], ['ssl_certificate', '/etc/nginx/fullchain.pem'], ['ssl_certificate_key', '/etc/nginx/key.pem']] + util.filter_comments(self.config.parser.loc["ssl_options"]) ], 2))
def test_deploy_cert(self): server_conf = self.config.parser.abs_path('server.conf') nginx_conf = self.config.parser.abs_path('nginx.conf') example_conf = self.config.parser.abs_path('sites-enabled/example.com') self.config.version = (1, 3, 1) # Get the default SSL vhost self.config.deploy_cert( "www.example.com", "example/cert.pem", "example/key.pem", "example/chain.pem", "example/fullchain.pem") self.config.deploy_cert( "another.alias", "/etc/nginx/cert.pem", "/etc/nginx/key.pem", "/etc/nginx/chain.pem", "/etc/nginx/fullchain.pem") self.config.save() self.config.parser.load() parsed_example_conf = util.filter_comments(self.config.parser.parsed[example_conf]) parsed_server_conf = util.filter_comments(self.config.parser.parsed[server_conf]) parsed_nginx_conf = util.filter_comments(self.config.parser.parsed[nginx_conf]) self.assertEqual([[['server'], [ ['listen', '69.50.225.155:9000'], ['listen', '127.0.0.1'], ['server_name', '.example.com'], ['server_name', 'example.*'], ['listen', '5001', 'ssl'], ['ssl_certificate', 'example/fullchain.pem'], ['ssl_certificate_key', 'example/key.pem'], ['include', self.config.mod_ssl_conf], ['ssl_dhparam', self.config.ssl_dhparams], ]]], parsed_example_conf) self.assertEqual([['server_name', 'somename', 'alias', 'another.alias']], parsed_server_conf) self.assertTrue(util.contains_at_depth( parsed_nginx_conf, [['server'], [ ['listen', '8000'], ['listen', 'somename:8080'], ['include', 'server.conf'], [['location', '/'], [['root', 'html'], ['index', 'index.html', 'index.htm']]], ['listen', '5001', 'ssl'], ['ssl_certificate', '/etc/nginx/fullchain.pem'], ['ssl_certificate_key', '/etc/nginx/key.pem'], ['include', self.config.mod_ssl_conf], ['ssl_dhparam', self.config.ssl_dhparams], ]], 2))
def test_deploy_no_match_default_set(self): default_conf = self.config.parser.abs_path('sites-enabled/default') foo_conf = self.config.parser.abs_path('foo.conf') del self.config.parser.parsed[foo_conf][2][1][0][1][0] # remove default_server self.config.version = (1, 3, 1) self.config.deploy_cert( "www.nomatch.com", "example/cert.pem", "example/key.pem", "example/chain.pem", "example/fullchain.pem") self.config.save() self.config.parser.load() parsed_default_conf = util.filter_comments(self.config.parser.parsed[default_conf]) self.assertEqual([[['server'], [['listen', 'myhost', 'default_server'], ['listen', 'otherhost', 'default_server'], ['server_name', '"www.example.org"'], [['location', '/'], [['root', 'html'], ['index', 'index.html', 'index.htm']]]]], [['server'], [['listen', 'myhost'], ['listen', 'otherhost'], ['server_name', 'www.nomatch.com'], [['location', '/'], [['root', 'html'], ['index', 'index.html', 'index.htm']]], ['listen', '5001', 'ssl'], ['ssl_certificate', 'example/fullchain.pem'], ['ssl_certificate_key', 'example/key.pem'], ['include', self.config.mod_ssl_conf], ['ssl_dhparam', self.config.ssl_dhparams]]]], parsed_default_conf) self.config.deploy_cert( "nomatch.com", "example/cert.pem", "example/key.pem", "example/chain.pem", "example/fullchain.pem") self.config.save() self.config.parser.load() parsed_default_conf = util.filter_comments(self.config.parser.parsed[default_conf]) self.assertTrue(util.contains_at_depth(parsed_default_conf, "nomatch.com", 3))
def test_deploy_cert(self): server_conf = self.config.parser.abs_path('server.conf') nginx_conf = self.config.parser.abs_path('nginx.conf') example_conf = self.config.parser.abs_path('sites-enabled/example.com') # Choose a version of Nginx less than 1.3.7 so stapling code doesn't get # invoked. self.config.version = (1, 3, 1) # Get the default SSL vhost self.config.deploy_cert("www.example.com", "example/cert.pem", "example/key.pem", "example/chain.pem", "example/fullchain.pem") self.config.deploy_cert("another.alias", "/etc/nginx/cert.pem", "/etc/nginx/key.pem", "/etc/nginx/chain.pem", "/etc/nginx/fullchain.pem") self.config.save() self.config.parser.load() parsed_example_conf = util.filter_comments( self.config.parser.parsed[example_conf]) parsed_server_conf = util.filter_comments( self.config.parser.parsed[server_conf]) parsed_nginx_conf = util.filter_comments( self.config.parser.parsed[nginx_conf]) self.assertEqual( [[['server'], [['listen', '69.50.225.155:9000'], ['listen', '127.0.0.1'], ['server_name', '.example.com'], ['server_name', 'example.*'], ['listen', '5001 ssl'], ['ssl_certificate', 'example/fullchain.pem'], ['ssl_certificate_key', 'example/key.pem']] + util.filter_comments(self.config.parser.loc["ssl_options"])]], parsed_example_conf) self.assertEqual([['server_name', 'somename alias another.alias']], parsed_server_conf) self.assertTrue( util.contains_at_depth( parsed_nginx_conf, [['server'], [['listen', '8000'], ['listen', 'somename:8080'], ['include', 'server.conf'], [['location', '/'], [['root', 'html'], ['index', 'index.html index.htm']]], ['listen', '5001 ssl'], ['ssl_certificate', '/etc/nginx/fullchain.pem'], ['ssl_certificate_key', '/etc/nginx/key.pem']] + util.filter_comments(self.config.parser.loc["ssl_options"])], 2))
def test_deploy_no_match_default_set_multi_level_path(self): default_conf = self.config.parser.abs_path('sites-enabled/default') foo_conf = self.config.parser.abs_path('foo.conf') del self.config.parser.parsed[default_conf][0][1][0] del self.config.parser.parsed[default_conf][0][1][0] self.config.version = (1, 3, 1) self.config.deploy_cert("www.nomatch.com", "example/cert.pem", "example/key.pem", "example/chain.pem", "example/fullchain.pem") self.config.save() self.config.parser.load() parsed_foo_conf = util.filter_comments( self.config.parser.parsed[foo_conf]) self.assertEqual( [['server'], [['listen', '*:80', 'ssl'], ['server_name', 'www.nomatch.com'], ['root', '/home/ubuntu/sites/foo/'], [['location', '/status'], [[['types'], [['image/jpeg', 'jpg']]]] ], [['location', '~', 'case_sensitive\\.php$'], [['index', 'index.php'], ['root', '/var/root']]], [['location', '~*', 'case_insensitive\\.php$'], []], [['location', '=', 'exact_match\\.php$'], []], [['location', '^~', 'ignore_regex\\.php$'], []], ['ssl_certificate', 'example/fullchain.pem'], ['ssl_certificate_key', 'example/key.pem']]], parsed_foo_conf[1][1][1])
def test_deploy_no_match_default_set_multi_level_path(self): default_conf = self.config.parser.abs_path('sites-enabled/default') foo_conf = self.config.parser.abs_path('foo.conf') del self.config.parser.parsed[default_conf][0][1][0] del self.config.parser.parsed[default_conf][0][1][0] self.config.version = (1, 3, 1) self.config.deploy_cert( "www.nomatch.com", "example/cert.pem", "example/key.pem", "example/chain.pem", "example/fullchain.pem") self.config.save() self.config.parser.load() parsed_foo_conf = util.filter_comments(self.config.parser.parsed[foo_conf]) self.assertEqual([['server'], [['listen', '*:80', 'ssl'], ['server_name', 'www.nomatch.com'], ['root', '/home/ubuntu/sites/foo/'], [['location', '/status'], [[['types'], [['image/jpeg', 'jpg']]]]], [['location', '~', 'case_sensitive\\.php$'], [['index', 'index.php'], ['root', '/var/root']]], [['location', '~*', 'case_insensitive\\.php$'], []], [['location', '=', 'exact_match\\.php$'], []], [['location', '^~', 'ignore_regex\\.php$'], []], ['ssl_certificate', 'example/fullchain.pem'], ['ssl_certificate_key', 'example/key.pem']]], parsed_foo_conf[1][1][1])
def test_deploy_cert_add_explicit_listen(self): migration_conf = self.config.parser.abs_path( 'sites-enabled/migration.com') self.config.deploy_cert("summer.com", "summer/cert.pem", "summer/key.pem", "summer/chain.pem", "summer/fullchain.pem") self.config.save() self.config.parser.load() parsed_migration_conf = util.filter_comments( self.config.parser.parsed[migration_conf]) self.assertEqual( [['server'], [['server_name', 'migration.com'], ['server_name', 'summer.com'], ['listen', '80'], ['listen', '5001 ssl'], ['ssl_certificate', 'summer/fullchain.pem'], ['ssl_certificate_key', 'summer/key.pem']] + util.filter_comments(self.config.parser.loc["ssl_options"])], parsed_migration_conf[0])
def test_dump_as_file(self): with open(util.get_data_filename('nginx.conf')) as handle: parsed = util.filter_comments(load(handle)) parsed[-1][-1].append([['server'], [['listen', '443 ssl'], ['server_name', 'localhost'], ['ssl_certificate', 'cert.pem'], ['ssl_certificate_key', 'cert.key'], ['ssl_session_cache', 'shared:SSL:1m'], ['ssl_session_timeout', '5m'], ['ssl_ciphers', 'HIGH:!aNULL:!MD5'], [['location', '/'], [['root', 'html'], ['index', 'index.html index.htm']]]]]) with open(util.get_data_filename('nginx.new.conf'), 'w') as handle: dump(parsed, handle) with open(util.get_data_filename('nginx.new.conf')) as handle: parsed_new = util.filter_comments(load(handle)) self.assertEquals(parsed, parsed_new)
def test_deploy_cert_add_explicit_listen(self): migration_conf = self.config.parser.abs_path('sites-enabled/migration.com') self.config.deploy_cert( "summer.com", "summer/cert.pem", "summer/key.pem", "summer/chain.pem", "summer/fullchain.pem") self.config.save() self.config.parser.load() parsed_migration_conf = util.filter_comments(self.config.parser.parsed[migration_conf]) self.assertEqual([['server'], [ ['server_name', 'migration.com'], ['server_name', 'summer.com'], ['listen', '80'], ['listen', '5001 ssl'], ['ssl_certificate', 'summer/fullchain.pem'], ['ssl_certificate_key', 'summer/key.pem']] + util.filter_comments(self.config.parser.loc["ssl_options"]) ], parsed_migration_conf[0])
def test_parse_from_file3(self): with open(util.get_data_filename('multiline_quotes.conf')) as handle: parsed = util.filter_comments(load(handle)) self.assertEqual( parsed, [[['http'], [[['server'], [['listen', '*:443'], [['location', '/'], [['body_filter_by_lua', '\'ngx.ctx.buffered = (ngx.ctx.buffered or "")' ' .. string.sub(ngx.arg[1], 1, 1000)\n' ' ' 'if ngx.arg[2] then\n' ' ' 'ngx.var.resp_body = ngx.ctx.buffered\n' ' end\'']]]]]]]])
def test_parse_from_file2(self): with open(util.get_data_filename('edge_cases.conf')) as handle: parsed = util.filter_comments(load(handle)) self.assertEqual( parsed, [[['server'], [['server_name', 'simple']]], [['server'], [['server_name', 'with.if'], [['location', '~', '^/services/.+$'], [[['if', '($request_filename ~* \\.(ttf|woff)$)'], [['add_header', 'Access-Control-Allow-Origin "*"']]]]]]], [['server'], [['server_name', 'with.complicated.headers'], [['location', '~*', '\\.(?:gif|jpe?g|png)$'], [['add_header', 'Pragma public'], ['add_header', 'Cache-Control \'public, must-revalidate, proxy-revalidate\'' ' "test,;{}" foo'], ['blah', '"hello;world"'], ['try_files', '$uri @rewrites']]]]]])
def test_parse_from_file(self): with open(util.get_data_filename('foo.conf')) as handle: parsed = util.filter_comments(load(handle)) self.assertEqual( parsed, [['user', 'www-data'], [['http'], [[['server'], [['listen', '*:80 default_server ssl'], ['server_name', '*.www.foo.com *.www.example.com'], ['root', '/home/ubuntu/sites/foo/'], [['location', '/status'], [ [['types'], [['image/jpeg', 'jpg']]], ]], [['location', '~', r'case_sensitive\.php$'], [ ['index', 'index.php'], ['root', '/var/root'], ]], [['location', '~*', r'case_insensitive\.php$'], []], [['location', '=', r'exact_match\.php$'], []], [['location', '^~', r'ignore_regex\.php$'], []]]]]]])
def test_parse_from_file(self): with open(util.get_data_filename('foo.conf')) as handle: parsed = util.filter_comments(load(handle)) self.assertEqual( parsed, [['user', 'www-data'], [['http'], [[['server'], [ ['listen', '*:80 default_server ssl'], ['server_name', '*.www.foo.com *.www.example.com'], ['root', '/home/ubuntu/sites/foo/'], [['location', '/status'], [ [['types'], [['image/jpeg', 'jpg']]], ]], [['location', '~', r'case_sensitive\.php$'], [ ['index', 'index.php'], ['root', '/var/root'], ]], [['location', '~*', r'case_insensitive\.php$'], []], [['location', '=', r'exact_match\.php$'], []], [['location', '^~', r'ignore_regex\.php$'], []] ]]]]] )
def test_deploy_cert(self): server_conf = self.config.parser.abs_path("server.conf") nginx_conf = self.config.parser.abs_path("nginx.conf") example_conf = self.config.parser.abs_path("sites-enabled/example.com") # Choose a version of Nginx less than 1.3.7 so stapling code doesn't get # invoked. self.config.version = (1, 3, 1) # Get the default SSL vhost self.config.deploy_cert( "www.example.com", "example/cert.pem", "example/key.pem", "example/chain.pem", "example/fullchain.pem" ) self.config.deploy_cert( "another.alias", "/etc/nginx/cert.pem", "/etc/nginx/key.pem", "/etc/nginx/chain.pem", "/etc/nginx/fullchain.pem", ) self.config.save() self.config.parser.load() parsed_example_conf = util.filter_comments(self.config.parser.parsed[example_conf]) parsed_server_conf = util.filter_comments(self.config.parser.parsed[server_conf]) parsed_nginx_conf = util.filter_comments(self.config.parser.parsed[nginx_conf]) self.assertEqual( [ [ ["server"], [ ["listen", "69.50.225.155:9000"], ["listen", "127.0.0.1"], ["server_name", ".example.com"], ["server_name", "example.*"], ["listen", "5001 ssl"], ["ssl_certificate", "example/fullchain.pem"], ["ssl_certificate_key", "example/key.pem"], ["include", self.config.parser.loc["ssl_options"]], ], ] ], parsed_example_conf, ) self.assertEqual([["server_name", "somename alias another.alias"]], parsed_server_conf) self.assertTrue( util.contains_at_depth( parsed_nginx_conf, [ ["server"], [ ["listen", "8000"], ["listen", "somename:8080"], ["include", "server.conf"], [["location", "/"], [["root", "html"], ["index", "index.html index.htm"]]], ["listen", "5001 ssl"], ["ssl_certificate", "/etc/nginx/fullchain.pem"], ["ssl_certificate_key", "/etc/nginx/key.pem"], ["include", self.config.parser.loc["ssl_options"]], ], ], 2, ) )