Allow apache_conf to include symlinked configuration files

[carldjohnston]

Fix for #1401

Signed-off-by: Carl Johnston carldjohnston@gmail.com

[chris-rock]

@carldjohnston Great work. I would like to see an integration test for this PR to verify everything works as expected.

[carldjohnston]

Hi @chris-rock - Hoping these tests are what you were after.

I've basically mocked the "find ..-type l" commands that the original commit generates and pointed it at "security.conf"; then we're looking for "ServerSignature Off" within that file.

I had to poke through and learn how it's all put together - thanks for teaching me something new :)

[adamleff]

These are great additional unit tests, @carldjohnston - thank you! However, @chris-rock was asking for some integration tests where we actually run InSpec on a real filesystem/configs to check to see that the resource functions correctly.

Here's a suggestion on how you might do that:

• Modify the os_prepare::apache recipe (https://github.com/chef/inspec/blob/master/test/cookbooks/os_prepare/recipes/apache.rb) to write out:
  • an apache config that will be Include'd
  • a symlink to that apache config
  • a new top-level apache config that Includes the symlink
• Modify the apache_conf integration spec (https://github.com/chef/inspec/blob/master/test/integration/default/apache_conf_spec.rb) to test that you can read the the new top-level apache config and read values from the symlink'd include conf.

Hopefully that makes sense - if not, let me know!

[carldjohnston]

Thanks @adamleff, that makes perfect sense.

I'm working through this and have a working config, just the inspec side isn't working as expected.

By default (without parameters) using the apache_conf resource defaults to looking at /etc/httpd/conf/httpd.conf, however the os_prepare cookbook makes use of the httpd cookbook, which is putting configuration in /etc/httpd-default/conf/httpd.conf, and that's not being tested correctly as it's not including files correctly.. See Issue #1394.

I can rework this to use the apache2 cookbook, which replaces configuration in the default location and would make it easier to test for linked files, or we could work through the above issue - what do you think?

[adamleff]

@carldjohnston so sorry for the delay in my response!

I think there might be a middle-ground we can pursue until a fix for #1394 is committed. In the os_prepare cookbook, in the apache recipe, we can just use a combination of Chef directory and either template or file resource to write out a file in the default location /etc/httpd/conf/httpd.conf for purposes of this test. We don't have to use the httpd helper cookbook to do so. I think that would be enough to lay down the test fixtures we need to properly test this.

Does that make sense? What do you think of that approach?

[carldjohnston]

Hi @adamleff, I'm happy to go with that approach, probably makes understanding the os_prepare cookbook a little easier too; I'll put it together in the next couple of days.

[carldjohnston]

Hi @adamleff, I've added those modifications, let me know if you need anything else.

Thanks!

[adamleff]

Haven't forgotten about you @carldjohnston! This is on my list for tomorrow if not later today!

[adamleff]

Superb work, @carldjohnston. Thanks for being agreeable to enhance the tests, as well!

[chris-rock]

@carldjohnston Thank you for this improvement

[adamleff]

Merging! Thanks again, @carldjohnston!