Add support for allow and deny directive on streamhost

voxpupuli · Dec 18, 2024 · b27e457 · b27e457
1 parent 071c48d
commit b27e457
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 6 deletions.
diff --git a/manifests/resource/streamhost.pp b/manifests/resource/streamhost.pp
@@ -47,6 +47,10 @@
 #   nginx::resource::streamhost { 'test2.local':
 #     ensure   => present,
 #   }
+# @param allow
+#   Locations to allow connections from
+# @param deny
+#   Locations to deny connections from
 #
 define nginx::resource::streamhost (
   Enum['absent', 'present'] $ensure            = 'present',
@@ -66,6 +70,8 @@
   String $owner                                = $nginx::global_owner,
   String $group                                = $nginx::global_group,
   String $mode                                 = $nginx::global_mode,
+  Array $allow                                 = [],
+  Array $deny                                  = [],
 ) {
   if ! defined(Class['nginx']) {
     fail('You must include the nginx base class before using any defined resources')

diff --git a/spec/defines/resource_stream_spec.rb b/spec/defines/resource_stream_spec.rb
@@ -112,6 +112,18 @@
               value: ['203.0.113.1', '203.0.113.2'],
               match: %r{\s+resolver\s+203.0.113.1 203.0.113.2;}
             },
+            {
+              title: 'should set allow(s)',
+              attr: 'allow',
+              value: ['203.0.113.1', '203.0.113.2'],
+              match: %r{\s+allow\s+203.0.113.1;}
+            },
+            {
+              title: 'should set deny(s)',
+              attr: 'deny',
+              value: ['203.0.113.1', '203.0.113.2'],
+              match: %r{\s+deny\s+203.0.113.1;}
+            },
             {
               title: 'should contain raw_prepend directives',
               attr: 'raw_prepend',

diff --git a/templates/streamhost/streamhost.erb b/templates/streamhost/streamhost.erb
@@ -22,15 +22,26 @@ server {
   resolver              <% @resolver.each do |res| %> <%= res %><% end %>;
 <%- end -%>
 
-  <% Array(@raw_prepend).each do |line| -%>
-    <%= line %>
-  <% end %>
+<% if @allow -%>
+  <%- @allow.flatten.uniq.each do |allow_rule| -%>
+  allow <%= allow_rule %>;
+  <%- end -%>
+<% end -%>
+<% if @deny -%>
+  <%- @deny.uniq.each do |deny_rule| -%>
+  deny <%= deny_rule %>;
+  <%- end -%>
+<% end -%>
+
+<% Array(@raw_prepend).each do |line| -%>
+<%= line %>
+<% end %>
 
   proxy_timeout         <%= @proxy_read_timeout %>;
   proxy_connect_timeout <%= @proxy_connect_timeout %>;
   proxy_pass            <%= @proxy %>;
 
-  <% Array(@raw_append).each do |line| -%>
-    <%= line %>
-  <% end -%>
+<% Array(@raw_append).each do |line| -%>
+<%= line %>
+<% end -%>
 }