+ @if ($isValidating)
+ @endif
@else
@endif
@@ -208,32 +329,34 @@ class="w-full input opacity-50 cursor-not-allowed"
@if ($server->isSentinelLive())
- Save
- Restart
+ Save
+ Restart
Sentinel Logs
- Logs
+ Logs
@else
- Save
- Sync
+ Save
+ Sync
Sentinel Logs
- Logs
+ Logs
@endif
@@ -242,14 +365,14 @@ class="w-full input opacity-50 cursor-not-allowed"
+ label="Enable Sentinel" :disabled="$isValidating" />
@if ($server->isSentinelEnabled())
@if (isDev())
+ label="Enable Sentinel (with debug)" instantSave :disabled="$isValidating" />
@endif
+ id="isMetricsEnabled" label="Enable Metrics" :disabled="$isValidating" />
@else
@if (isDev())
isSentinelEnabled())
+ label="Sentinel token" required helper="Token for Sentinel." :disabled="$isValidating" />
Regenerate
+ wire:click="regenerateSentinelToken" :disabled="$isValidating">Regenerate
+ helper="URL to your Coolify instance. If it is empty that means you do not have a FQDN set for your Coolify instance."
+ :disabled="$isValidating" />
+ helper="Interval used for gathering metrics. Lower values result in more disk space usage."
+ :disabled="$isValidating" />
+ helper="Number of days to retain metrics data for." :disabled="$isValidating" />
+ helper="Interval at which metrics data is sent to the collector."
+ :disabled="$isValidating" />
@endif
diff --git a/resources/views/livewire/server/validate-and-install.blade.php b/resources/views/livewire/server/validate-and-install.blade.php
index 814f81652..572da85e8 100644
--- a/resources/views/livewire/server/validate-and-install.blade.php
+++ b/resources/views/livewire/server/validate-and-install.blade.php
@@ -123,6 +123,9 @@
@isset($error)
{!! $error !!}
+
+ Retry Validation
+
@endisset
@endif
diff --git a/resources/views/livewire/terminal/index.blade.php b/resources/views/livewire/terminal/index.blade.php
index aed2ef55d..0d6e7c559 100644
--- a/resources/views/livewire/terminal/index.blade.php
+++ b/resources/views/livewire/terminal/index.blade.php
@@ -17,7 +17,7 @@
@if ($servers->count() > 0)
@else
diff --git a/routes/web.php b/routes/web.php
index fd2ed8730..703f80ab5 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -14,6 +14,7 @@
use App\Livewire\Notifications\Pushover as NotificationPushover;
use App\Livewire\Notifications\Slack as NotificationSlack;
use App\Livewire\Notifications\Telegram as NotificationTelegram;
+use App\Livewire\Notifications\Webhook as NotificationWebhook;
use App\Livewire\Profile\Index as ProfileIndex;
use App\Livewire\Project\Application\Configuration as ApplicationConfiguration;
use App\Livewire\Project\Application\Deployment\Index as DeploymentIndex;
@@ -34,12 +35,15 @@
use App\Livewire\Project\Shared\ScheduledTask\Show as ScheduledTaskShow;
use App\Livewire\Project\Show as ProjectShow;
use App\Livewire\Security\ApiTokens;
+use App\Livewire\Security\CloudInitScripts;
+use App\Livewire\Security\CloudTokens;
use App\Livewire\Security\PrivateKey\Index as SecurityPrivateKeyIndex;
use App\Livewire\Security\PrivateKey\Show as SecurityPrivateKeyShow;
use App\Livewire\Server\Advanced as ServerAdvanced;
use App\Livewire\Server\CaCertificate\Show as CaCertificateShow;
use App\Livewire\Server\Charts as ServerCharts;
use App\Livewire\Server\CloudflareTunnel;
+use App\Livewire\Server\CloudProviderToken\Show as CloudProviderTokenShow;
use App\Livewire\Server\Delete as DeleteServer;
use App\Livewire\Server\Destinations as ServerDestinations;
use App\Livewire\Server\DockerCleanup;
@@ -125,6 +129,7 @@
Route::get('/discord', NotificationDiscord::class)->name('notifications.discord');
Route::get('/slack', NotificationSlack::class)->name('notifications.slack');
Route::get('/pushover', NotificationPushover::class)->name('notifications.pushover');
+ Route::get('/webhook', NotificationWebhook::class)->name('notifications.webhook');
});
Route::prefix('storages')->group(function () {
@@ -247,6 +252,7 @@
Route::get('/', ServerShow::class)->name('server.show');
Route::get('/advanced', ServerAdvanced::class)->name('server.advanced');
Route::get('/private-key', PrivateKeyShow::class)->name('server.private-key');
+ Route::get('/cloud-provider-token', CloudProviderTokenShow::class)->name('server.cloud-provider-token');
Route::get('/ca-certificate', CaCertificateShow::class)->name('server.ca-certificate');
Route::get('/resources', ResourcesShow::class)->name('server.resources');
Route::get('/cloudflare-tunnel', CloudflareTunnel::class)->name('server.cloudflare-tunnel');
@@ -271,6 +277,8 @@
// Route::get('/security/private-key/new', SecurityPrivateKeyCreate::class)->name('security.private-key.create');
Route::get('/security/private-key/{private_key_uuid}', SecurityPrivateKeyShow::class)->name('security.private-key.show');
+ Route::get('/security/cloud-tokens', CloudTokens::class)->name('security.cloud-tokens');
+ Route::get('/security/cloud-init-scripts', CloudInitScripts::class)->name('security.cloud-init-scripts');
Route::get('/security/api-tokens', ApiTokens::class)->name('security.api-tokens');
});
diff --git a/tests/Feature/CloudInitScriptTest.php b/tests/Feature/CloudInitScriptTest.php
new file mode 100644
index 000000000..881f0071c
--- /dev/null
+++ b/tests/Feature/CloudInitScriptTest.php
@@ -0,0 +1,101 @@
+ 'test-server',
+ 'server_type' => 'cx11',
+ 'image' => 1,
+ 'location' => 'nbg1',
+ 'start_after_create' => true,
+ 'ssh_keys' => [123],
+ 'public_net' => [
+ 'enable_ipv4' => true,
+ 'enable_ipv6' => true,
+ ],
+ ];
+
+ // Add cloud-init script if provided
+ if (! empty($cloudInitScript)) {
+ $params['user_data'] = $cloudInitScript;
+ }
+
+ expect($params)
+ ->toHaveKey('user_data')
+ ->and($params['user_data'])->toBe("#!/bin/bash\necho 'Hello World'");
+});
+
+it('validates cloud-init script is not included when empty', function () {
+ $cloudInitScript = null;
+ $params = [
+ 'name' => 'test-server',
+ 'server_type' => 'cx11',
+ 'image' => 1,
+ 'location' => 'nbg1',
+ 'start_after_create' => true,
+ 'ssh_keys' => [123],
+ 'public_net' => [
+ 'enable_ipv4' => true,
+ 'enable_ipv6' => true,
+ ],
+ ];
+
+ // Add cloud-init script if provided
+ if (! empty($cloudInitScript)) {
+ $params['user_data'] = $cloudInitScript;
+ }
+
+ expect($params)->not->toHaveKey('user_data');
+});
+
+it('validates cloud-init script is not included when empty string', function () {
+ $cloudInitScript = '';
+ $params = [
+ 'name' => 'test-server',
+ 'server_type' => 'cx11',
+ 'image' => 1,
+ 'location' => 'nbg1',
+ 'start_after_create' => true,
+ 'ssh_keys' => [123],
+ 'public_net' => [
+ 'enable_ipv4' => true,
+ 'enable_ipv6' => true,
+ ],
+ ];
+
+ // Add cloud-init script if provided
+ if (! empty($cloudInitScript)) {
+ $params['user_data'] = $cloudInitScript;
+ }
+
+ expect($params)->not->toHaveKey('user_data');
+});
+
+it('validates cloud-init script with multiline content', function () {
+ $cloudInitScript = "#cloud-config\n\npackages:\n - nginx\n - git\n\nruncmd:\n - systemctl start nginx";
+ $params = [
+ 'name' => 'test-server',
+ 'server_type' => 'cx11',
+ 'image' => 1,
+ 'location' => 'nbg1',
+ 'start_after_create' => true,
+ 'ssh_keys' => [123],
+ 'public_net' => [
+ 'enable_ipv4' => true,
+ 'enable_ipv6' => true,
+ ],
+ ];
+
+ // Add cloud-init script if provided
+ if (! empty($cloudInitScript)) {
+ $params['user_data'] = $cloudInitScript;
+ }
+
+ expect($params)
+ ->toHaveKey('user_data')
+ ->and($params['user_data'])->toContain('#cloud-config')
+ ->and($params['user_data'])->toContain('packages:')
+ ->and($params['user_data'])->toContain('runcmd:');
+});
diff --git a/tests/Feature/HetznerServerCreationTest.php b/tests/Feature/HetznerServerCreationTest.php
new file mode 100644
index 000000000..c939c0041
--- /dev/null
+++ b/tests/Feature/HetznerServerCreationTest.php
@@ -0,0 +1,136 @@
+ $enableIpv4,
+ 'enable_ipv6' => $enableIpv6,
+ ];
+
+ expect($publicNet)->toBe([
+ 'enable_ipv4' => true,
+ 'enable_ipv6' => true,
+ ]);
+});
+
+it('validates public_net configuration with IPv4 only', function () {
+ $enableIpv4 = true;
+ $enableIpv6 = false;
+
+ $publicNet = [
+ 'enable_ipv4' => $enableIpv4,
+ 'enable_ipv6' => $enableIpv6,
+ ];
+
+ expect($publicNet)->toBe([
+ 'enable_ipv4' => true,
+ 'enable_ipv6' => false,
+ ]);
+});
+
+it('validates public_net configuration with IPv6 only', function () {
+ $enableIpv4 = false;
+ $enableIpv6 = true;
+
+ $publicNet = [
+ 'enable_ipv4' => $enableIpv4,
+ 'enable_ipv6' => $enableIpv6,
+ ];
+
+ expect($publicNet)->toBe([
+ 'enable_ipv4' => false,
+ 'enable_ipv6' => true,
+ ]);
+});
+
+it('validates IP address selection prefers IPv4 when both are enabled', function () {
+ $enableIpv4 = true;
+ $enableIpv6 = true;
+
+ $hetznerServer = [
+ 'public_net' => [
+ 'ipv4' => ['ip' => '1.2.3.4'],
+ 'ipv6' => ['ip' => '2001:db8::1'],
+ ],
+ ];
+
+ $ipAddress = null;
+ if ($enableIpv4 && isset($hetznerServer['public_net']['ipv4']['ip'])) {
+ $ipAddress = $hetznerServer['public_net']['ipv4']['ip'];
+ } elseif ($enableIpv6 && isset($hetznerServer['public_net']['ipv6']['ip'])) {
+ $ipAddress = $hetznerServer['public_net']['ipv6']['ip'];
+ }
+
+ expect($ipAddress)->toBe('1.2.3.4');
+});
+
+it('validates IP address selection uses IPv6 when only IPv6 is enabled', function () {
+ $enableIpv4 = false;
+ $enableIpv6 = true;
+
+ $hetznerServer = [
+ 'public_net' => [
+ 'ipv4' => ['ip' => '1.2.3.4'],
+ 'ipv6' => ['ip' => '2001:db8::1'],
+ ],
+ ];
+
+ $ipAddress = null;
+ if ($enableIpv4 && isset($hetznerServer['public_net']['ipv4']['ip'])) {
+ $ipAddress = $hetznerServer['public_net']['ipv4']['ip'];
+ } elseif ($enableIpv6 && isset($hetznerServer['public_net']['ipv6']['ip'])) {
+ $ipAddress = $hetznerServer['public_net']['ipv6']['ip'];
+ }
+
+ expect($ipAddress)->toBe('2001:db8::1');
+});
+
+it('validates SSH key array merging logic with Coolify key', function () {
+ $coolifyKeyId = 123;
+ $selectedHetznerKeys = [];
+
+ $sshKeys = array_merge(
+ [$coolifyKeyId],
+ $selectedHetznerKeys
+ );
+ $sshKeys = array_unique($sshKeys);
+ $sshKeys = array_values($sshKeys);
+
+ expect($sshKeys)->toBe([123])
+ ->and(count($sshKeys))->toBe(1);
+});
+
+it('validates SSH key array merging with additional Hetzner keys', function () {
+ $coolifyKeyId = 123;
+ $selectedHetznerKeys = [456, 789];
+
+ $sshKeys = array_merge(
+ [$coolifyKeyId],
+ $selectedHetznerKeys
+ );
+ $sshKeys = array_unique($sshKeys);
+ $sshKeys = array_values($sshKeys);
+
+ expect($sshKeys)->toBe([123, 456, 789])
+ ->and(count($sshKeys))->toBe(3);
+});
+
+it('validates deduplication when Coolify key is also in selected keys', function () {
+ $coolifyKeyId = 123;
+ $selectedHetznerKeys = [123, 456, 789];
+
+ $sshKeys = array_merge(
+ [$coolifyKeyId],
+ $selectedHetznerKeys
+ );
+ $sshKeys = array_unique($sshKeys);
+ $sshKeys = array_values($sshKeys);
+
+ expect($sshKeys)->toBe([123, 456, 789])
+ ->and(count($sshKeys))->toBe(3);
+});
diff --git a/tests/Unit/CloudInitScriptValidationTest.php b/tests/Unit/CloudInitScriptValidationTest.php
new file mode 100644
index 000000000..bb4657502
--- /dev/null
+++ b/tests/Unit/CloudInitScriptValidationTest.php
@@ -0,0 +1,76 @@
+toBeFalse()
+ ->and($hasValue)->toBeFalse();
+});
+
+it('validates cloud-init script name is required when saving', function () {
+ $saveScript = true;
+ $scriptName = 'My Installation Script';
+
+ $isNameRequired = $saveScript;
+ $hasName = ! empty($scriptName);
+
+ expect($isNameRequired)->toBeTrue()
+ ->and($hasName)->toBeTrue();
+});
+
+it('validates cloud-init script description is optional', function () {
+ $scriptDescription = null;
+
+ $isDescriptionRequired = false;
+ $hasDescription = ! empty($scriptDescription);
+
+ expect($isDescriptionRequired)->toBeFalse()
+ ->and($hasDescription)->toBeFalse();
+});
+
+it('validates save_cloud_init_script must be boolean', function () {
+ $saveCloudInitScript = true;
+
+ expect($saveCloudInitScript)->toBeBool();
+});
+
+it('validates save_cloud_init_script defaults to false', function () {
+ $saveCloudInitScript = false;
+
+ expect($saveCloudInitScript)->toBeFalse();
+});
+
+it('validates cloud-init script can be a bash script', function () {
+ $cloudInitScript = "#!/bin/bash\napt-get update\napt-get install -y nginx";
+
+ expect($cloudInitScript)->toBeString()
+ ->and($cloudInitScript)->toContain('#!/bin/bash');
+});
+
+it('validates cloud-init script can be cloud-config yaml', function () {
+ $cloudInitScript = "#cloud-config\npackages:\n - nginx\n - git";
+
+ expect($cloudInitScript)->toBeString()
+ ->and($cloudInitScript)->toContain('#cloud-config');
+});
+
+it('validates script name max length is 255 characters', function () {
+ $scriptName = str_repeat('a', 255);
+
+ expect(strlen($scriptName))->toBe(255)
+ ->and(strlen($scriptName))->toBeLessThanOrEqual(255);
+});
+
+it('validates script name exceeding 255 characters should be invalid', function () {
+ $scriptName = str_repeat('a', 256);
+
+ $isValid = strlen($scriptName) <= 255;
+
+ expect($isValid)->toBeFalse()
+ ->and(strlen($scriptName))->toBeGreaterThan(255);
+});
diff --git a/tests/Unit/DatalistComponentTest.php b/tests/Unit/DatalistComponentTest.php
new file mode 100644
index 000000000..12699c30a
--- /dev/null
+++ b/tests/Unit/DatalistComponentTest.php
@@ -0,0 +1,68 @@
+required)->toBeFalse()
+ ->and($component->disabled)->toBeFalse()
+ ->and($component->readonly)->toBeFalse()
+ ->and($component->multiple)->toBeFalse()
+ ->and($component->instantSave)->toBeFalse()
+ ->and($component->defaultClass)->toBe('input');
+});
+
+it('uses provided id', function () {
+ $component = new Datalist(id: 'test-datalist');
+
+ expect($component->id)->toBe('test-datalist');
+});
+
+it('accepts multiple selection mode', function () {
+ $component = new Datalist(multiple: true);
+
+ expect($component->multiple)->toBeTrue();
+});
+
+it('accepts instantSave parameter', function () {
+ $component = new Datalist(instantSave: 'customSave');
+
+ expect($component->instantSave)->toBe('customSave');
+});
+
+it('accepts placeholder', function () {
+ $component = new Datalist(placeholder: 'Select an option...');
+
+ expect($component->placeholder)->toBe('Select an option...');
+});
+
+it('accepts autofocus', function () {
+ $component = new Datalist(autofocus: true);
+
+ expect($component->autofocus)->toBeTrue();
+});
+
+it('accepts disabled state', function () {
+ $component = new Datalist(disabled: true);
+
+ expect($component->disabled)->toBeTrue();
+});
+
+it('accepts readonly state', function () {
+ $component = new Datalist(readonly: true);
+
+ expect($component->readonly)->toBeTrue();
+});
+
+it('accepts authorization properties', function () {
+ $component = new Datalist(
+ canGate: 'update',
+ canResource: 'resource',
+ autoDisable: false
+ );
+
+ expect($component->canGate)->toBe('update')
+ ->and($component->canResource)->toBe('resource')
+ ->and($component->autoDisable)->toBeFalse();
+});
diff --git a/tests/Unit/HetznerDeletionFailedNotificationTest.php b/tests/Unit/HetznerDeletionFailedNotificationTest.php
new file mode 100644
index 000000000..6cb9f0bb3
--- /dev/null
+++ b/tests/Unit/HetznerDeletionFailedNotificationTest.php
@@ -0,0 +1,114 @@
+toBeInstanceOf(HetznerDeletionFailed::class)
+ ->and($notification->hetznerServerId)->toBe(12345)
+ ->and($notification->teamId)->toBe(1)
+ ->and($notification->errorMessage)->toBe('Hetzner API error: Server not found');
+});
+
+it('uses hetzner_deletion_failed event for channels', function () {
+ $notification = new HetznerDeletionFailed(
+ hetznerServerId: 12345,
+ teamId: 1,
+ errorMessage: 'Test error'
+ );
+
+ $mockNotifiable = Mockery::mock();
+ $mockNotifiable->shouldReceive('getEnabledChannels')
+ ->with('hetzner_deletion_failed')
+ ->once()
+ ->andReturn([]);
+
+ $channels = $notification->via($mockNotifiable);
+
+ expect($channels)->toBeArray();
+});
+
+it('generates correct mail content', function () {
+ $notification = new HetznerDeletionFailed(
+ hetznerServerId: 67890,
+ teamId: 1,
+ errorMessage: 'Connection timeout'
+ );
+
+ $mail = $notification->toMail();
+
+ expect($mail->subject)->toBe('Coolify: [ACTION REQUIRED] Failed to delete Hetzner server #67890')
+ ->and($mail->view)->toBe('emails.hetzner-deletion-failed')
+ ->and($mail->viewData['hetznerServerId'])->toBe(67890)
+ ->and($mail->viewData['errorMessage'])->toBe('Connection timeout');
+});
+
+it('generates correct discord content', function () {
+ $notification = new HetznerDeletionFailed(
+ hetznerServerId: 11111,
+ teamId: 1,
+ errorMessage: 'API rate limit exceeded'
+ );
+
+ $discord = $notification->toDiscord();
+
+ expect($discord->title)->toContain('Failed to delete Hetzner server')
+ ->and($discord->description)->toContain('#11111')
+ ->and($discord->description)->toContain('API rate limit exceeded')
+ ->and($discord->description)->toContain('may still exist in your Hetzner Cloud account');
+});
+
+it('generates correct telegram content', function () {
+ $notification = new HetznerDeletionFailed(
+ hetznerServerId: 22222,
+ teamId: 1,
+ errorMessage: 'Invalid token'
+ );
+
+ $telegram = $notification->toTelegram();
+
+ expect($telegram)->toBeArray()
+ ->and($telegram)->toHaveKey('message')
+ ->and($telegram['message'])->toContain('#22222')
+ ->and($telegram['message'])->toContain('Invalid token')
+ ->and($telegram['message'])->toContain('ACTION REQUIRED');
+});
+
+it('generates correct pushover content', function () {
+ $notification = new HetznerDeletionFailed(
+ hetznerServerId: 33333,
+ teamId: 1,
+ errorMessage: 'Network error'
+ );
+
+ $pushover = $notification->toPushover();
+
+ expect($pushover->title)->toBe('Hetzner Server Deletion Failed')
+ ->and($pushover->level)->toBe('error')
+ ->and($pushover->message)->toContain('#33333')
+ ->and($pushover->message)->toContain('Network error');
+});
+
+it('generates correct slack content', function () {
+ $notification = new HetznerDeletionFailed(
+ hetznerServerId: 44444,
+ teamId: 1,
+ errorMessage: 'Permission denied'
+ );
+
+ $slack = $notification->toSlack();
+
+ expect($slack->title)->toContain('Hetzner Server Deletion Failed')
+ ->and($slack->description)->toContain('#44444')
+ ->and($slack->description)->toContain('Permission denied');
+});
diff --git a/tests/Unit/HetznerSshKeysTest.php b/tests/Unit/HetznerSshKeysTest.php
new file mode 100644
index 000000000..06c6b06e6
--- /dev/null
+++ b/tests/Unit/HetznerSshKeysTest.php
@@ -0,0 +1,53 @@
+toBe([123, 456, 789])
+ ->and(count($sshKeys))->toBe(3);
+});
+
+it('removes duplicate SSH key IDs', function () {
+ $coolifyKeyId = 123;
+ $selectedHetznerKeys = [123, 456, 789]; // User also selected Coolify key
+
+ // Simulate the merge and deduplication logic
+ $sshKeys = array_merge(
+ [$coolifyKeyId],
+ $selectedHetznerKeys
+ );
+ $sshKeys = array_unique($sshKeys);
+ $sshKeys = array_values($sshKeys);
+
+ expect($sshKeys)->toBe([123, 456, 789])
+ ->and(count($sshKeys))->toBe(3);
+});
+
+it('works with no selected Hetzner keys', function () {
+ $coolifyKeyId = 123;
+ $selectedHetznerKeys = [];
+
+ // Simulate the merge logic
+ $sshKeys = array_merge(
+ [$coolifyKeyId],
+ $selectedHetznerKeys
+ );
+
+ expect($sshKeys)->toBe([123])
+ ->and(count($sshKeys))->toBe(1);
+});
+
+it('validates SSH key IDs are integers', function () {
+ $selectedHetznerKeys = [456, 789, 1011];
+
+ foreach ($selectedHetznerKeys as $keyId) {
+ expect($keyId)->toBeInt();
+ }
+});
diff --git a/tests/Unit/Rules/ValidCloudInitYamlTest.php b/tests/Unit/Rules/ValidCloudInitYamlTest.php
new file mode 100644
index 000000000..f3ea906af
--- /dev/null
+++ b/tests/Unit/Rules/ValidCloudInitYamlTest.php
@@ -0,0 +1,174 @@
+validate('script', $script, function ($message) use (&$valid) {
+ $valid = false;
+ });
+
+ expect($valid)->toBeTrue();
+});
+
+it('accepts valid cloud-config YAML without header', function () {
+ $rule = new ValidCloudInitYaml;
+ $valid = true;
+
+ $script = <<<'YAML'
+users:
+ - name: demo
+ groups: sudo
+packages:
+ - nginx
+YAML;
+
+ $rule->validate('script', $script, function ($message) use (&$valid) {
+ $valid = false;
+ });
+
+ expect($valid)->toBeTrue();
+});
+
+it('accepts valid bash script with shebang', function () {
+ $rule = new ValidCloudInitYaml;
+ $valid = true;
+
+ $script = <<<'BASH'
+#!/bin/bash
+apt update
+apt install -y nginx
+systemctl start nginx
+BASH;
+
+ $rule->validate('script', $script, function ($message) use (&$valid) {
+ $valid = false;
+ });
+
+ expect($valid)->toBeTrue();
+});
+
+it('accepts empty or null script', function () {
+ $rule = new ValidCloudInitYaml;
+ $valid = true;
+
+ $rule->validate('script', '', function ($message) use (&$valid) {
+ $valid = false;
+ });
+
+ expect($valid)->toBeTrue();
+
+ $rule->validate('script', null, function ($message) use (&$valid) {
+ $valid = false;
+ });
+
+ expect($valid)->toBeTrue();
+});
+
+it('rejects invalid YAML format', function () {
+ $rule = new ValidCloudInitYaml;
+ $valid = true;
+ $errorMessage = '';
+
+ $script = <<<'YAML'
+#cloud-config
+users:
+ - name: demo
+ groups: sudo
+ invalid_indentation
+packages:
+ - nginx
+YAML;
+
+ $rule->validate('script', $script, function ($message) use (&$valid, &$errorMessage) {
+ $valid = false;
+ $errorMessage = $message;
+ });
+
+ expect($valid)->toBeFalse();
+ expect($errorMessage)->toContain('YAML');
+});
+
+it('rejects script that is neither bash nor valid YAML', function () {
+ $rule = new ValidCloudInitYaml;
+ $valid = true;
+ $errorMessage = '';
+
+ $script = <<<'INVALID'
+this is not valid YAML
+ and has invalid indentation:
+ - item
+ without proper structure {
+INVALID;
+
+ $rule->validate('script', $script, function ($message) use (&$valid, &$errorMessage) {
+ $valid = false;
+ $errorMessage = $message;
+ });
+
+ expect($valid)->toBeFalse();
+ expect($errorMessage)->toContain('bash script');
+});
+
+it('accepts complex cloud-config with multiple sections', function () {
+ $rule = new ValidCloudInitYaml;
+ $valid = true;
+
+ $script = <<<'YAML'
+#cloud-config
+users:
+ - name: coolify
+ groups: sudo, docker
+ shell: /bin/bash
+ sudo: ['ALL=(ALL) NOPASSWD:ALL']
+ ssh_authorized_keys:
+ - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ...
+
+packages:
+ - docker.io
+ - docker-compose
+ - git
+ - curl
+
+package_update: true
+package_upgrade: true
+
+runcmd:
+ - systemctl enable docker
+ - systemctl start docker
+ - usermod -aG docker coolify
+ - echo "Server setup complete"
+
+write_files:
+ - path: /etc/docker/daemon.json
+ content: |
+ {
+ "log-driver": "json-file",
+ "log-opts": {
+ "max-size": "10m",
+ "max-file": "3"
+ }
+ }
+YAML;
+
+ $rule->validate('script', $script, function ($message) use (&$valid) {
+ $valid = false;
+ });
+
+ expect($valid)->toBeTrue();
+});
diff --git a/tests/Unit/ValidHostnameTest.php b/tests/Unit/ValidHostnameTest.php
new file mode 100644
index 000000000..859262c3e
--- /dev/null
+++ b/tests/Unit/ValidHostnameTest.php
@@ -0,0 +1,74 @@
+validate('server_name', $hostname, function () use (&$failCalled) {
+ $failCalled = true;
+ });
+
+ expect($failCalled)->toBeFalse();
+})->with([
+ 'simple hostname' => 'myserver',
+ 'hostname with hyphen' => 'my-server',
+ 'hostname with numbers' => 'server123',
+ 'hostname starting with number' => '123server',
+ 'all numeric hostname' => '12345',
+ 'fqdn' => 'server.example.com',
+ 'subdomain' => 'web.app.example.com',
+ 'max label length' => str_repeat('a', 63),
+ 'max total length' => str_repeat('a', 63).'.'.str_repeat('b', 63).'.'.str_repeat('c', 63).'.'.str_repeat('d', 59),
+]);
+
+it('rejects invalid RFC 1123 hostnames', function (string $hostname, string $expectedError) {
+ $rule = new ValidHostname;
+ $failCalled = false;
+ $errorMessage = '';
+
+ $rule->validate('server_name', $hostname, function ($message) use (&$failCalled, &$errorMessage) {
+ $failCalled = true;
+ $errorMessage = $message;
+ });
+
+ expect($failCalled)->toBeTrue();
+ expect($errorMessage)->toContain($expectedError);
+})->with([
+ 'uppercase letters' => ['MyServer', 'lowercase letters (a-z), numbers (0-9), hyphens (-), and dots (.)'],
+ 'underscore' => ['my_server', 'lowercase letters (a-z), numbers (0-9), hyphens (-), and dots (.)'],
+ 'starts with hyphen' => ['-myserver', 'cannot start or end with a hyphen'],
+ 'ends with hyphen' => ['myserver-', 'cannot start or end with a hyphen'],
+ 'starts with dot' => ['.myserver', 'cannot start or end with a dot'],
+ 'ends with dot' => ['myserver.', 'cannot start or end with a dot'],
+ 'consecutive dots' => ['my..server', 'consecutive dots'],
+ 'too long total' => [str_repeat('a', 254), 'must not exceed 253 characters'],
+ 'label too long' => [str_repeat('a', 64), 'must be 1-63 characters'],
+ 'empty label' => ['my..server', 'consecutive dots'],
+ 'special characters' => ['my@server', 'lowercase letters (a-z), numbers (0-9), hyphens (-), and dots (.)'],
+ 'space' => ['my server', 'lowercase letters (a-z), numbers (0-9), hyphens (-), and dots (.)'],
+ 'shell metacharacters' => ['my;server', 'lowercase letters (a-z), numbers (0-9), hyphens (-), and dots (.)'],
+]);
+
+it('accepts empty hostname', function () {
+ $rule = new ValidHostname;
+ $failCalled = false;
+
+ $rule->validate('server_name', '', function () use (&$failCalled) {
+ $failCalled = true;
+ });
+
+ expect($failCalled)->toBeFalse();
+});
+
+it('trims whitespace before validation', function () {
+ $rule = new ValidHostname;
+ $failCalled = false;
+
+ $rule->validate('server_name', ' myserver ', function () use (&$failCalled) {
+ $failCalled = true;
+ });
+
+ expect($failCalled)->toBeFalse();
+});