Allow and Deny directives...

[kristvanbesien]

The nginx documentation has this example:

location / {
    deny  192.168.1.1;
    allow 192.168.1.0/24;
    allow 10.1.1.0/16;
    allow 2001:0db8::/32;
    deny  all;
}

How would I implement this with this module and hiera?

I though I could do something like this:

nginx::nginx_vhosts_defaults:
  vhost_cfg_prepend:
    deny:    192.168.1.1
    allow:   192.168.1.0/24
    allow:   10.1.1.0/16
    allow:   2001:0db8::/32
    deny:  all

This gives however:

server {
  ...
  allow 2001:0db8::/32;
  deny all;
 ...
}

This appears to be because of an implementation choice. I think this could be done better. For example with a "access" parameter that uses an array of pairs, and preserves order, so you could do something in hiera like this:

nginx::nginx_vhosts_defaults: 
  access:
    -
      - deny
      - 192.168.1.1
    - 
      - allow
      - 192.168.1.0/24
    - 
      - deny
      - all

[tux-o-matic]

@kristvanbesien you can simplify your Hiera configuration without the need to do a new release of this module. Feed "vhost_cfg_prepend" a hash with two keys "allow" and "deny", these keys take an array of strings.

vhost_cfg_prepend:
  allow:
    - 192.168.1.1
    - 10.0.0.0/8
  deny:
    - all

[wyardley]

I think @tux-o-matic's solution should work. I'm going to close this; let me know if anyone thinks this still needs to be open.