From 2154002e7350e55f741894101fa4d1926a55397e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bernhard=20Th=C3=BCsch?= Date: Thu, 25 Feb 2016 18:30:21 +0100 Subject: [PATCH] Add "satisfy" option to the location section https://www.nginx.com/resources/admin-guide/restricting-access/ http://nginx.org/en/docs/http/ngx_http_core_module.html?&_ga=1.238118336.1949645469.1456390584#satisfy --- manifests/resource/location.pp | 6 ++++++ manifests/resource/vhost.pp | 7 +++++++ spec/defines/resource_location_spec.rb | 6 ++++++ templates/vhost/location_header.erb | 3 +++ 4 files changed, 22 insertions(+) diff --git a/manifests/resource/location.pp b/manifests/resource/location.pp index 115f5b7..3b410ff 100644 --- a/manifests/resource/location.pp +++ b/manifests/resource/location.pp @@ -11,6 +11,7 @@ # entry to include with # [*location*] - Specifies the URI associated with this location # entry +# [*location_satisfy*] - Allows access if all (all) or at least one (any) of the auth modules allow access. # [*location_allow*] - Array: Locations to allow connections from. # [*location_deny*] - Array: Locations to deny connections from. # [*www_root*] - Specifies the location on disk for files to be @@ -156,6 +157,7 @@ define nginx::resource::location ( $ssl = false, $ssl_only = false, $location_alias = undef, + $location_satisfy = undef, $location_allow = undef, $location_deny = undef, $option = undef, @@ -239,6 +241,10 @@ define nginx::resource::location ( if ($location_alias != undef) { validate_string($location_alias) } + if ($location_satisfy != undef) { + validate_re($location_satisfy, '^(any|all)$', + "${$location_satisfy} is not supported for location_satisfy. Allowed values are 'any' and 'all'.") + } if ($location_allow != undef) { validate_array($location_allow) } diff --git a/manifests/resource/vhost.pp b/manifests/resource/vhost.pp index 28d172f..0584f6b 100644 --- a/manifests/resource/vhost.pp +++ b/manifests/resource/vhost.pp @@ -17,6 +17,7 @@ # vHost on. Defaults to UNIX /var/run/nginx.sock # [*listen_unix_socket_options*] - Extra options for listen directive like # 'default' to catchall. Undef by default. +# [*location_satisfy*] - Allows access if all (all) or at least one (any) of the auth modules allow access. # [*location_allow*] - Array: Locations to allow connections from. # [*location_deny*] - Array: Locations to deny connections from. # [*ipv6_enable*] - BOOL value to enable/disable IPv6 support @@ -178,6 +179,7 @@ define nginx::resource::vhost ( $listen_unix_socket_enable = false, $listen_unix_socket = '/var/run/nginx.sock', $listen_unix_socket_options = undef, + $location_satisfy = undef, $location_allow = [], $location_deny = [], $ipv6_enable = false, @@ -290,6 +292,10 @@ define nginx::resource::vhost ( if ($listen_unix_socket_options != undef) { validate_string($listen_unix_socket_options) } + if ($location_satisfy != undef) { + validate_re($location_satisfy, '^(any|all)$', + "${$location_satisfy} is not supported for location_satisfy. Allowed values are 'any' and 'all'.") + } validate_array($location_allow) validate_array($location_deny) validate_bool($ipv6_enable) @@ -557,6 +563,7 @@ define nginx::resource::vhost ( ssl => $ssl, ssl_only => $ssl_only, location => '/', + location_satisfy => $location_satisfy, location_allow => $location_allow, location_deny => $location_deny, proxy => $proxy, diff --git a/spec/defines/resource_location_spec.rb b/spec/defines/resource_location_spec.rb index b230774..bdb1243 100644 --- a/spec/defines/resource_location_spec.rb +++ b/spec/defines/resource_location_spec.rb @@ -70,6 +70,12 @@ describe 'nginx::resource::location' do :value => true, :match => ' flv;' }, + { + :title => 'should set location_satisfy', + :attr => 'location_satisfy', + :value => 'any', + :match => ' satisfy any;' + }, { :title => 'should set location_allow', :attr => 'location_allow', diff --git a/templates/vhost/location_header.erb b/templates/vhost/location_header.erb index ce9943c..97ea8ba 100644 --- a/templates/vhost/location_header.erb +++ b/templates/vhost/location_header.erb @@ -9,6 +9,9 @@ <% if @flv -%> flv; <% end -%> +<% if @location_satisfy -%> + satisfy <%= @location_satisfy -%>; +<% end -%> <% if @location_allow -%> <%- @location_allow.each do |allow_rule| -%> allow <%= allow_rule %>;