Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

location_allow and location_deny support. #131

Merged
merged 1 commit into from
Sep 4, 2013
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions manifests/resource/location.pp
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@
# [*ensure*] - Enables or disables the specified location (present|absent)
# [*vhost*] - Defines the default vHost for this location entry to include with
# [*location*] - Specifies the URI associated with this location entry
# [*location_allow*] - Array: Locations to allow connections from.
# [*location_deny*] - Array: Locations to deny connections from.
# [*www_root*] - Specifies the location on disk for files to be read from. Cannot be set in conjunction with $proxy
# [*index_files*] - Default index files for NGINX to read when traversing a directory
# [*proxy*] - Proxy server(s) for a location to connect to. Accepts a single value, can be used in conjunction
Expand Down Expand Up @@ -82,6 +84,8 @@
$ssl = false,
$ssl_only = false,
$location_alias = undef,
$location_allow = undef,
$location_deny = undef,
$option = undef,
$stub_status = undef,
$location_custom_cfg = undef,
Expand Down
43 changes: 26 additions & 17 deletions manifests/resource/vhost.pp
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@
# [*listen_ip*] - Default IP Address for NGINX to listen with this vHost on. Defaults to all interfaces (*)
# [*listen_port*] - Default IP Port for NGINX to listen with this vHost on. Defaults to TCP 80
# [*listen_options*] - Extra options for listen directive like 'default' to catchall. Undef by default.
# [*location_allow*] - Array: Locations to allow connections from.
# [*location_deny*] - Array: Locations to deny connections from.
# [*ipv6_enable*] - BOOL value to enable/disable IPv6 support (false|true). Module will check to see if IPv6
# support exists on your system before enabling.
# [*ipv6_listen_ip*] - Default IPv6 Address for NGINX to listen with this vHost on. Defaults to all interfaces (::)
Expand Down Expand Up @@ -64,6 +66,8 @@
$listen_ip = '*',
$listen_port = '80',
$listen_options = undef,
$location_allow = [],
$location_deny = [],
$ipv6_enable = false,
$ipv6_listen_ip = '::',
$ipv6_listen_port = '80',
Expand Down Expand Up @@ -101,6 +105,9 @@
$include_files = undef
) {

validate_array($location_allow)
validate_array($location_deny)

File {
ensure => $ensure ? {
'absent' => absent,
Expand Down Expand Up @@ -144,23 +151,25 @@

# Create the default location reference for the vHost
nginx::resource::location {"${name}-default":
ensure => $ensure,
vhost => $name,
ssl => $ssl,
ssl_only => $ssl_only,
location => '/',
proxy => $proxy,
proxy_read_timeout => $proxy_read_timeout,
proxy_cache => $proxy_cache,
proxy_cache_valid => $proxy_cache_valid,
fastcgi => $fastcgi,
fastcgi_params => $fastcgi_params,
fastcgi_script => $fastcgi_script,
try_files => $try_files,
www_root => $www_root,
index_files => $index_files,
location_custom_cfg => $location_custom_cfg,
notify => Class['nginx::service'],
ensure => $ensure,
vhost => $name,
ssl => $ssl,
ssl_only => $ssl_only,
location => '/',
location_allow => $location_allow,
location_deny => $location_deny,
proxy => $proxy,
proxy_read_timeout => $proxy_read_timeout,
proxy_cache => $proxy_cache,
proxy_cache_valid => $proxy_cache_valid,
fastcgi => $fastcgi,
fastcgi_params => $fastcgi_params,
fastcgi_script => $fastcgi_script,
try_files => $try_files,
www_root => $www_root,
index_files => $index_files,
location_custom_cfg => $location_custom_cfg,
notify => Class['nginx::service'],
}

# Support location_cfg_prepend and location_cfg_append on default location created by vhost
Expand Down
25 changes: 25 additions & 0 deletions spec/defines/nginx__resource__vhost_spec.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
require 'spec_helper'

describe 'nginx::resource::vhost' do

describe 'applies allow and deny rules' do
let (:title) { 'test' }
let (:params) {{
:www_root => '/var/www/nginx',
:location_allow => ['10.0.0.1', 'host1'],
:location_deny => ['host2', '10.0.0.2']
}}

it 'applies location_allow rules' do
should contain_file('/nginx.d/test-500-test-default').with({
'content' => /allow 10.0.0.1\n allow host1/
})
end
it 'applies location_deny rules' do
should contain_file('/nginx.d/test-500-test-default').with({
'content' => /deny host2\n deny 10.0.0.2/
})
end
end

end
6 changes: 6 additions & 0 deletions templates/vhost/vhost_location_directory.erb
Original file line number Diff line number Diff line change
@@ -1,4 +1,10 @@
location <%= @location %> {
<% if @location_allow -%><% @location_allow.each do |allow_rule| -%>
allow <%= allow_rule %>
<% end -%><% end -%>
<% if @location_deny -%><% @location_deny.each do |deny_rule| -%>
deny <%= deny_rule %>
<% end -%><% end -%>
<% if @location_cfg_prepend -%><% @location_cfg_prepend.sort_by {|k,v| k}.each do |key,value| -%>
<%= key %> <%= value %>;
<% end -%><% end -%>
Expand Down