Merge branch 'fnerdwq-needed-features'

Closes #417
2014-09-15 23:12:46 -04:00 · 2014-09-15 23:12:46 -04:00 · 50f9e19770
commit 50f9e19770
parent a5592d4303 ad391f67bf
5 changed files with 20 additions and 6 deletions
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -62,6 +62,7 @@ class nginx (
  $nginx_mailhosts                = {},
  $nginx_upstreams                = {},
  $nginx_vhosts                   = {},
+  $nginx_vhosts_defaults          = {},
  $package_ensure                 = $nginx::params::package_ensure,
  $package_name                   = $nginx::params::package_name,
  $package_source                 = $nginx::params::package_source,
@ -173,6 +174,7 @@ class nginx (
  validate_string($http_access_log)
  validate_hash($nginx_upstreams)
  validate_hash($nginx_vhosts)
+  validate_hash($nginx_vhosts_defaults)
  validate_hash($nginx_locations)
  validate_hash($nginx_mailhosts)
  validate_bool($manage_repo)
@ -261,7 +263,7 @@ class nginx (
  }

  create_resources('nginx::resource::upstream', $nginx_upstreams)
-  create_resources('nginx::resource::vhost', $nginx_vhosts)
+  create_resources('nginx::resource::vhost', $nginx_vhosts, $nginx_vhosts_defaults)
  create_resources('nginx::resource::location', $nginx_locations)
  create_resources('nginx::resource::mailhost', $nginx_mailhosts)
  create_resources('nginx::resource::map', $string_mappings)
--- a/manifests/resource/vhost.pp
+++ b/manifests/resource/vhost.pp
@ -65,6 +65,8 @@
 #     extension.
 #   [*ssl_stapling_verify*] - Bool: Enables or disables verification of
 #     OCSP responses by the server. Defaults to false.
+#   [*ssl_session_timeout*] - String: Specifies a time during which a client
+#     may reuse the session parameters stored in a cache. Defaults to 5m.
 #   [*ssl_trusted_cert*]    - String: Specifies a file with trusted CA
 #     certificates in the PEM format used to verify client certificates and
 #     OCSP responses if ssl_stapling is enabled.
@ -170,6 +172,7 @@ define nginx::resource::vhost (
  $ssl_stapling_file      = undef,
  $ssl_stapling_responder = undef,
  $ssl_stapling_verify    = false,
+  $ssl_session_timeout    = '5m',
  $ssl_trusted_cert       = undef,
  $spdy                   = $nginx::config::spdy,
  $proxy                  = undef,
@ -275,6 +278,7 @@ define nginx::resource::vhost (
    validate_string($ssl_stapling_responder)
  }
  validate_bool($ssl_stapling_verify)
+  validate_string($ssl_session_timeout)
  if ($ssl_trusted_cert != undef) {
    validate_string($ssl_trusted_cert)
  }
--- a/spec/classes/nginx_spec.rb
+++ b/spec/classes/nginx_spec.rb
@ -3,10 +3,11 @@ require 'spec_helper'
 describe 'nginx' do
  let :params do
    {
-      :nginx_upstreams => { 'upstream1' => { 'members' => ['localhost:3000']} },
-      :nginx_vhosts    => { 'test2.local' => { 'www_root' => '/' } },
-      :nginx_locations => { 'test2.local' => { 'vhost' => 'test2.local', 'www_root' => '/'} },
-      :nginx_mailhosts => { 'smtp.test2.local' => { 'auth_http' => 'server2.example/cgi-bin/auth', 'protocol' => 'smtp', 'listen_port' => 587} }
+      :nginx_upstreams       => { 'upstream1' => { 'members' => ['localhost:3000']} },
+      :nginx_vhosts          => { 'test2.local' => { 'www_root' => '/' } },
+      :nginx_vhosts_defaults => { 'listen_options' => 'default_server' },
+      :nginx_locations       => { 'test2.local' => { 'vhost' => 'test2.local', 'www_root' => '/'} },
+      :nginx_mailhosts       => { 'smtp.test2.local' => { 'auth_http' => 'server2.example/cgi-bin/auth', 'protocol' => 'smtp', 'listen_port' => 587} }
    }
  end

@ -23,6 +24,7 @@ describe 'nginx' do
    it { is_expected.to contain_class("nginx::params") }
    it { is_expected.to contain_nginx__resource__upstream("upstream1") }
    it { is_expected.to contain_nginx__resource__vhost("test2.local") }
+    it { is_expected.to contain_nginx__resource__vhost("test2.local").with_listen_options('default_server') }
    it { is_expected.to contain_nginx__resource__location("test2.local") }
    it { is_expected.to contain_nginx__resource__mailhost("smtp.test2.local") }
  end
--- a/spec/defines/resource_vhost_spec.rb
+++ b/spec/defines/resource_vhost_spec.rb
@ -432,6 +432,12 @@ describe 'nginx::resource::vhost' do
          :value => 'shared:SSL:1m',
          :match => '  ssl_session_cache         shared:SSL:1m;',
        },
+        {
+          :title => 'should set the SSL timeout',
+          :attr  => 'ssl_session_timeout',
+          :value => '30m',
+          :match => '  ssl_session_timeout       30m;',
+        },
        {
          :title => 'should set the SSL protocols',
          :attr  => 'ssl_protocols',
--- a/templates/vhost/vhost_ssl_header.erb
+++ b/templates/vhost/vhost_ssl_header.erb
@ -21,7 +21,7 @@ server {
  ssl_dhparam               <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.dh.pem;
 <% end -%>
  ssl_session_cache         <%= @ssl_cache %>;
-  ssl_session_timeout       5m;
+  ssl_session_timeout       <%= @ssl_session_timeout %>;
  ssl_protocols             <%= @ssl_protocols %>;
  ssl_ciphers               <%= @ssl_ciphers %>;
  ssl_prefer_server_ciphers on;