Convert tests to InSpec tests

- Convert all test files to proper InSpec format with controls and metadata
- Rename test files to use _spec.rb suffix
- Add inspec.yml files for all test suites
- Add dependencies between test suites where appropriate
- Update test structure for better organization and reporting

Signed-off-by: Dan Webb <[email protected]>

kitchen.yml

@@ -32,55 +32,33 @@ suites:
   - name: distro
     run_list:
       - recipe[test::distro]
-      - recipe[test::test_site]
     verifier:
       inspec_tests:
-        - test/integration/default
         - test/integration/default_install
   - name: distro-nginx-full
     run_list:
       - recipe[test::distro_nginx-full]
-      - recipe[test::test_site]
     includes:
       - ubuntu-22.04
       - ubuntu-24.04
     verifier:
       inspec_tests:
-        - test/integration/default
         - test/integration/default_install
   - name: repo
     run_list:
       - recipe[test::repo]
-      - recipe[test::test_site]
     verifier:
-      inspec_tests:
-        - test/integration/default
-        - test/integration/repo
-        - test/integration/repo_install
-  - name: repo_overrides
-    run_list:
-      - recipe[test::repo_overrides]
-      - recipe[test::test_site]
-    verifier:
-      inspec_tests:
-        - test/integration/default
-        - test/integration/repo_overrides
-        - test/integration/repo_install
+      inspec_tests: test/integration/repo_install
   - name: epel
     run_list:
       - recipe[test::epel]
-      - recipe[test::test_site]
     includes:
       - almalinux-8
       - almalinux-9
       - centos-stream-9
       - centos-stream-10
       - rockylinux-8
       - rockylinux-9
-    verifier:
-      inspec_tests:
-        - test/integration/default
-        - test/integration/epel
   - name: invalid-conf
     run_list:
       - recipe[test::invalid-conf]

test/cookbooks/test/recipes/distro.rb

@@ -1,3 +1,5 @@
-apt_update 'update' if platform_family?('debian')
+apt_update 'update'
 
 nginx_install 'distro'
+
+include_recipe 'test::test_site'

test/cookbooks/test/recipes/distro_nginx-full.rb

@@ -3,3 +3,5 @@
 nginx_install 'distro' do
   packages 'nginx-full'
 end
+
+include_recipe 'test::test_site'

test/cookbooks/test/recipes/epel.rb

@@ -1,3 +1,5 @@
 nginx_install 'nginx' do
   source 'epel'
 end
+
+include_recipe 'test::test_site'

test/cookbooks/test/recipes/repo.rb

@@ -1,5 +1,7 @@
-apt_update 'update' if platform_family?('debian')
+apt_update 'update'
 
 nginx_install 'nginx' do
   source 'repo'
 end
+
+include_recipe 'test::test_site'

test/integration/default/controls/config_spec.rb

@@ -0,0 +1,104 @@
+control 'nginx-config-01' do
+  impact 1.0
+  title 'Nginx Configuration Directories'
+  desc 'Ensure Nginx configuration directories exist with proper permissions'
+
+  describe directory('/etc/nginx') do
+    it { should exist }
+  end
+
+  %w(conf.d conf.http.d).each do |dir|
+    describe directory("/etc/nginx/#{dir}") do
+      it { should exist }
+      it { should be_directory }
+      its('mode') { should cmp '0755' }
+    end
+  end
+
+  describe directory('/var/log/nginx') do
+    it { should exist }
+    it { should be_directory }
+    its('mode') { should cmp '0755' }
+  end
+end
+
+control 'nginx-config-02' do
+  impact 1.0
+  title 'Nginx Default Configuration Files'
+  desc 'Ensure default configuration files are not present'
+
+  %w(default.conf example_ssl.conf).each do |config|
+    describe file("/etc/nginx/conf.d/#{config}") do
+      it { should_not exist }
+    end
+  end
+end
+
+control 'nginx-config-03' do
+  impact 1.0
+  title 'Nginx Main Configuration'
+  desc 'Verify the main nginx.conf configuration'
+
+  process_owner = case os.family
+                  when 'debian'
+                    'www-data'
+                  else
+                    'nginx'
+                  end
+
+  describe file('/etc/nginx/nginx.conf') do
+    it { should exist }
+    it { should be_file }
+    its('owner') { should eq 'root' }
+    its('group') { should eq 'root' }
+    its('content') { should match(/user\s+#{process_owner};/) }
+    its('content') { should include 'worker_processes      auto;' }
+    its('content') { should include 'pid                   /run/nginx.pid;' }
+    its('content') { should include 'worker_connections  1024;' }
+    its('content') { should include 'sendfile            on;' }
+    its('content') { should include 'tcp_nopush          on;' }
+    its('content') { should include 'tcp_nodelay         on;' }
+    its('content') { should include 'keepalive_timeout   65;' }
+    its('content') { should include 'types_hash_max_size 2048;' }
+  end
+end
+
+control 'nginx-config-04' do
+  impact 1.0
+  title 'Nginx Site Configurations'
+  desc 'Verify various site configuration files'
+
+  describe file('/etc/nginx/conf.http.d/default-site.conf') do
+    it { should exist }
+    it { should be_file }
+    its('owner') { should eq 'root' }
+    its('group') { should eq 'root' }
+    its('content') { should include 'listen       80;' }
+    its('content') { should include 'access_log   /var/log/nginx/localhost.access.log;' }
+    case os.family
+    when 'redhat'
+      its('content') { should include 'root       /usr/share/nginx/html;' }
+    when 'debian'
+      its('content') { should include 'root       /var/www/html;' }
+    end
+  end
+
+  describe file('/etc/nginx/conf.http.d/test_site.conf') do
+    it { should exist }
+    it { should be_file }
+    its('mode') { should cmp '0644' }
+  end
+
+  describe file('/etc/nginx/conf.http.d/test_site_disabled.conf.disabled') do
+    it { should exist }
+    it { should be_file }
+  end
+
+  describe file('/etc/nginx/conf.http.d/foo.conf') do
+    it { should exist }
+    it { should be_file }
+    its('content') { should include '## OVERRIDE FROM TEST COOKBOOK' }
+    its('content') { should include 'upstream bar {' }
+    its('content') { should include '  server localhost:1234;' }
+  end
+end

test/integration/default/controls/service_spec.rb

@@ -0,0 +1,11 @@
+control 'nginx-service-01' do
+  impact 1.0
+  title 'Nginx Service'
+  desc 'Verify that Nginx service is installed, enabled and running'
+
+  describe service('nginx') do
+    it { should be_installed }
+    it { should be_enabled }
+    it { should be_running }
+  end
+end

test/integration/default/inspec.yml

@@ -0,0 +1,7 @@
+---
+name: default
+title: Nginx Suite
+summary: Nginx integration tests
+supports:
+  - os-family: linux
+  - os-family: bsd

test/integration/default_install/controls/instal_spec.rb

@@ -0,0 +1,16 @@
+control 'nginx-package-01' do
+  impact 1.0
+  title 'Nginx Package Installation'
+  desc 'Ensure Nginx package is installed with the correct package name per platform'
+
+  packages = case os.family
+             when 'debian'
+               'nginx-full'
+             else
+               'nginx'
+             end
+
+  describe package(packages) do
+    it { should be_installed }
+  end
+end

test/integration/default_install/inspec.yml

@@ -0,0 +1,10 @@
+---
+name: default_install
+title: Nginx Default Install Suite
+summary: Nginx default installation tests
+depends:
+  - name: default
+    path: test/integration/default
+supports:
+  - os-family: linux
+  - os-family: bsd

test/integration/epel/controls/epel_spec.rb

@@ -0,0 +1,13 @@
+control 'nginx-epel-01' do
+  impact 1.0
+  title 'EPEL Repository'
+  desc 'Ensure EPEL repository is installed for RHEL 7'
+
+  only_if('RHEL 7 only') do
+    os.redhat? && os.release.to_i.eql?(7)
+  end
+
+  describe package('epel-release') do
+    it { should be_installed }
+  end
+end

test/integration/epel/inspec.yml

@@ -0,0 +1,9 @@
+---
+name: epel
+title: Nginx EPEL Suite
+summary: Nginx EPEL repository tests
+depends:
+  - name: default
+    path: test/integration/default
+supports:
+  - os-family: redhat