opuppet/module-nginx
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge pull request #227 from 3flex/validations

Browse source 
Validations for all parameters in the public classes
This commit is contained in:
James Fryman 2014-01-08 08:40:06 -08:00
commit e0dbf1173c
15 changed files with 334 additions and 75 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
manifests/config.pp
View file

@ -34,6 +34,11 @@ class nginx::config(
$http_access_log = $nginx::params::nx_http_access_log,
$proxy_buffer_size = $nginx::params::nx_proxy_buffer_size,
) inherits nginx::params {
if $caller_module_name != $module_name {
warning("${name} is deprecated as a public API of the ${module_name} module and should no longer be directly included in the manifest.")
}
File {
owner => 'root',
group => 'root',

41
manifests/init.pp
View file

@ -60,6 +60,44 @@ class nginx (
include stdlib
if (!is_string($worker_processes)) and (!is_integer($worker_processes)) {
fail('$worker_processes must be be an integer or have value "auto".')
}
if (!is_integer($worker_connections)) {
fail('$worker_connections must be an integer.')
}
validate_string($package_name)
validate_string($package_ensure)
validate_string($package_source)
validate_array($proxy_set_header)
validate_string($proxy_http_version)
validate_bool($confd_purge)
if ($proxy_cache_path != false) {
validate_string($proxy_cache_path)
}
if (!is_integer($proxy_cache_levels)) {
fail('$proxy_cache_levels must be an integer.')
}
validate_string($proxy_cache_keys_zone)
validate_string($proxy_cache_max_size)
validate_string($proxy_cache_inactive)
validate_bool($configtest_enable)
validate_string($service_restart)
validate_bool($mail)
validate_string($server_tokens)
validate_string($client_max_body_size)
validate_string($proxy_buffers)
validate_string($proxy_buffer_size)
if ($http_cfg_append != false) {
validate_hash($http_cfg_append)
}
validate_string($nginx_error_log)
validate_string($http_access_log)
validate_hash($nginx_upstreams)
validate_hash($nginx_vhosts)
validate_hash($nginx_locations)
validate_bool($manage_repo)
class { 'nginx::package':
package_name => $package_name,
package_source => $package_source,
@ -95,11 +133,8 @@ class nginx (
service_restart => $service_restart,
}
validate_hash($nginx_upstreams)
create_resources('nginx::resource::upstream', $nginx_upstreams)
validate_hash($nginx_vhosts)
create_resources('nginx::resource::vhost', $nginx_vhosts)
validate_hash($nginx_locations)
create_resources('nginx::resource::location', $nginx_locations)
# Allow the end user to establish relationships to the "main" class

5
manifests/package.pp
View file

@ -19,6 +19,11 @@ class nginx::package(
$package_ensure = 'present',
$manage_repo = true,
) {
if $caller_module_name != $module_name {
warning("${name} is deprecated as a public API of the ${module_name} module and should no longer be directly included in the manifest.")
}
anchor { 'nginx::package::begin': }
anchor { 'nginx::package::end': }

5
manifests/package/debian.pp
View file

@ -19,6 +19,11 @@ class nginx::package::debian(
$package_source = 'nginx',
$package_ensure = 'present'
) {
if $caller_module_name != $module_name {
warning("${name} is deprecated as a public API of the ${module_name} module and should no longer be directly included in the manifest.")
}
$distro = downcase($::operatingsystem)
package { $package_name:

4
manifests/package/redhat.pp
View file

@ -19,6 +19,10 @@ class nginx::package::redhat (
$package_name = 'nginx',
) {
if $caller_module_name != $module_name {
warning("${name} is deprecated as a public API of the ${module_name} module and should no longer be directly included in the manifest.")
}
case $::operatingsystem {
'fedora': {
# nginx.org does not supply RPMs for fedora

5
manifests/package/suse.pp
View file

@ -16,6 +16,11 @@
#
# This class file is not called directly
class nginx::package::suse {
if $caller_module_name != $module_name {
warning("${name} is deprecated as a public API of the ${module_name} module and should no longer be directly included in the manifest.")
}
$suse_packages = [
'nginx-0.8', 'apache2', 'apache2-itk', 'apache2-utils', 'gd', 'libapr1',
'libapr-util1', 'libjpeg62', 'libpng14-14', 'libxslt', 'rubygem-daemon_controller',

5
manifests/params.pp
View file

@ -14,6 +14,11 @@
#
# This class file is not called directly
class nginx::params {
if $caller_module_name != $module_name {
warning("${name} is deprecated as a public API of the ${module_name} module and should no longer be directly included in the manifest.")
}
$nx_temp_dir = '/tmp'
$nx_run_dir = '/var/nginx'

77
manifests/resource/location.pp
View file

@ -130,12 +130,85 @@ define nginx::resource::location (
notify => Class['nginx::service'],
}
validate_re($ensure, '^(present|absent)$',
"${ensure} is not supported for ensure. Allowed values are 'present' and 'absent'.")
validate_string($location)
if ($vhost != undef) {
validate_string($vhost)
}
if ($www_root != undef) {
validate_string($www_root)
}
if ($autoindex != undef) {
validate_string($autoindex)
}
validate_array($index_files)
if ($proxy != undef) {
validate_string($proxy)
}
validate_string($proxy_read_timeout)
if ($fastcgi != undef) {
validate_string($fastcgi)
}
validate_string($fastcgi_params)
if ($fastcgi_script != undef) {
validate_string($fastcgi_script)
}
if ($fastcgi_split_path != undef) {
validate_string($fastcgi_split_path)
}
validate_bool($ssl)
validate_bool($ssl_only)
if ($location_alias != undef) {
validate_string($location_alias)
}
if ($location_allow != undef) {
validate_array($location_allow)
}
if ($location_deny != undef) {
validate_array($location_deny)
}
if ($option != undef) {
warning('The $option parameter has no effect and is deprecated.')
}
if ($stub_status != undef) {
validate_bool($stub_status)
}
if ($location_custom_cfg != undef) {
validate_hash($location_custom_cfg)
}
if ($location_cfg_prepend != undef) {
validate_hash($location_cfg_prepend)
}
if ($location_cfg_append != undef) {
validate_hash($location_cfg_append)
}
if ($try_files != undef) {
validate_array($try_files)
}
if ($proxy_cache != false) {
validate_string($proxy_cache)
}
if ($proxy_cache_valid != false) {
validate_string($proxy_cache_valid)
}
if ($proxy_method != undef) {
validate_string($proxy_method)
}
if ($proxy_set_body != undef) {
validate_string($proxy_set_body)
}
if ($auth_basic != undef) {
validate_string($auth_basic)
}
if ($auth_basic_user_file != undef) {
validate_string($auth_basic_user_file)
}
if !is_integer($priority) {
fail("$priority must be an integer.")
fail('$priority must be an integer.')
}
if ($priority < 401) or ($priority > 599) {
fail("$priority must be in the range 401-599. It was set to ${priority}.")
fail('$priority must be in the range 401-599.')
}
# # Shared Variables

36
manifests/resource/mailhost.pp
View file

@ -43,7 +43,7 @@
# }
define nginx::resource::mailhost (
$listen_port,
$ensure = 'enable',
$ensure = 'present',
$listen_ip = '*',
$listen_options = undef,
$ipv6_enable = false,
@ -65,6 +65,40 @@ define nginx::resource::mailhost (
mode => '0644',
}
if !is_integer($listen_port) {
fail('$listen_port must be an integer.')
}
validate_re($ensure, '^(present|absent)$',
"${ensure} is not supported for ensure. Allowed values are 'present' and 'absent'.")
validate_string($listen_ip)
if ($listen_options != undef) {
validate_string($listen_options)
}
validate_bool($ipv6_enable)
validate_string($ipv6_listen_ip)
if !is_integer($ipv6_listen_port) {
fail('$ipv6_listen_port must be an integer.')
}
validate_string($ipv6_listen_options)
validate_bool($ssl)
if ($ssl_cert != undef) {
validate_string($ssl_cert)
}
if ($ssl_key != undef) {
validate_string($ssl_key)
}
if ($ssl_port != undef) and (!is_integer($ssl_port)) {
fail('$ssl_port must be an integer.')
}
validate_re($starttls, '^(on|only|off)$',
"${starttls} is not supported for starttls. Allowed values are 'on', 'only' and 'off'.")
if ($protocol != undef) {
validate_string($protocol)
}
if ($auth_http != undef) {
validate_string($auth_http)
}
validate_string($xclient)
validate_array($server_name)
$config_file = "${nginx::config::nx_conf_dir}/conf.mail.d/${name}.conf"

8
manifests/resource/upstream.pp
View file

@ -41,6 +41,14 @@ define nginx::resource::upstream (
$ensure = 'present',
$upstream_cfg_prepend = undef,
) {
validate_array($members)
validate_re($ensure, '^(present|absent)$',
"${ensure} is not supported for ensure. Allowed values are 'present' and 'absent'.")
if ($upstream_cfg_prepend != undef) {
validate_hash($upstream_cfg_prepend)
}
File {
owner => 'root',
group => 'root',

111
manifests/resource/vhost.pp
View file

@ -114,7 +114,7 @@
# ssl_key => '/tmp/server.pem',
# }
define nginx::resource::vhost (
$ensure = 'enable',
$ensure = 'present',
$listen_ip = '*',
$listen_port = '80',
$listen_options = undef,
@ -174,20 +174,42 @@ define nginx::resource::vhost (
$use_default_location = true,
) {
validate_re($ensure, '^(present|absent)$',
"${ensure} is not supported for ensure. Allowed values are 'present' and 'absent'.")
validate_string($listen_ip)
if !is_integer($listen_port) {
fail('$listen_port must be an integer.')
}
if ($listen_options != undef) {
validate_string($listen_options)
}
validate_array($location_allow)
validate_array($location_deny)
validate_array($proxy_set_header)
validate_array($index_files)
validate_array($server_name)
validate_bool($ipv6_enable)
validate_string($ipv6_listen_ip)
if !is_integer($ipv6_listen_port) {
fail('$ipv6_listen_port must be an integer.')
}
validate_string($ipv6_listen_options)
if ($add_header != undef) {
validate_hash($add_header)
}
validate_bool($ssl)
if ($ssl_cert != undef) {
validate_string($ssl_cert)
}
if ($ssl_dhparam != undef) {
validate_string($ssl_dhparam)
}
if ($resolver != undef) {
validate_string($resolver)
if ($ssl_key != undef) {
validate_string($ssl_key)
}
if !is_integer($ssl_port) {
fail('$ssl_port must be an integer.')
}
validate_string($ssl_protocols)
validate_string($ssl_ciphers)
validate_string($ssl_cache)
validate_bool($ssl_stapling)
if ($ssl_stapling_file != undef) {
validate_string($ssl_stapling_file)
@ -199,6 +221,83 @@ define nginx::resource::vhost (
if ($ssl_trusted_cert != undef) {
validate_string($ssl_trusted_cert)
}
validate_string($spdy)
if ($proxy != undef) {
validate_string($proxy)
}
validate_string($proxy_read_timeout)
validate_array($proxy_set_header)
if ($proxy_cache != false) {
validate_string($proxy_cache)
}
if ($proxy_cache_valid != false) {
validate_string($proxy_cache_valid)
}
if ($proxy_method != undef) {
validate_string($proxy_method)
}
if ($proxy_set_body != undef) {
validate_string($proxy_set_body)
}
if ($resolver != undef) {
validate_string($resolver)
}
if ($fastcgi != undef) {
validate_string($fastcgi)
}
validate_string($fastcgi_params)
if ($fastcgi_script != undef) {
validate_string($fastcgi_script)
}
validate_array($index_files)
if ($autoindex != undef) {
validate_string($autoindex)
}
validate_array($server_name)
if ($www_root != undef) {
validate_string($www_root)
}
validate_bool($rewrite_www_to_non_www)
if ($rewrite_to_https != undef) {
validate_bool($rewrite_to_https)
}
if ($location_custom_cfg != undef) {
validate_hash($location_custom_cfg)
}
if ($location_cfg_prepend != undef) {
validate_hash($location_cfg_prepend)
}
if ($location_cfg_append != undef) {
validate_hash($location_cfg_append)
}
if ($try_files != undef) {
validate_array($try_files)
}
if ($auth_basic != undef) {
validate_string($auth_basic)
}
if ($auth_basic_user_file != undef) {
validate_string($auth_basic_user_file)
}
if ($vhost_cfg_prepend != undef) {
validate_hash($vhost_cfg_prepend)
}
if ($vhost_cfg_append != undef) {
validate_hash($vhost_cfg_append)
}
if ($include_files != undef) {
validate_array($include_files)
}
if ($access_log != undef) {
validate_string($access_log)
}
if ($error_log != undef) {
validate_string($error_log)
}
if ($passenger_cgi_param != undef) {
validate_hash($passenger_cgi_param)
}
validate_bool($use_default_location)
# Variables
$vhost_dir = "${nginx::config::nx_conf_dir}/sites-available"

5
manifests/service.pp
View file

@ -17,6 +17,11 @@ class nginx::service(
$configtest_enable = $nginx::params::nx_configtest_enable,
$service_restart = $nginx::params::nx_service_restart
) {
if $caller_module_name != $module_name {
warning("${name} is deprecated as a public API of the ${module_name} module and should no longer be directly included in the manifest.")
}
service { 'nginx':
ensure => running,
enable => true,

34
spec/defines/resource_location_spec.rb
View file

@ -69,24 +69,12 @@ describe 'nginx::resource::location' do
:value => 'value',
:match => ' proxy_method value;',
},
{
:title => 'should not set proxy_method',
:attr => 'proxy_method',
:value => false,
:notmatch => /proxy_method/,
},
{
:title => 'should set proxy_set_body',
:attr => 'proxy_set_body',
:value => 'value',
:match => ' proxy_set_body value;',
},
{
:title => 'should not set proxy_set_body',
:attr => 'proxy_set_body',
:value => false,
:notmatch => /proxy_set_body/,
},
{
:title => 'should set proxy_pass',
:attr => 'proxy',
@ -130,7 +118,7 @@ describe 'nginx::resource::location' do
:location => 'location',
:proxy => 'proxy_value',
:vhost => 'vhost1',
:proxy_cache => true,
:proxy_cache => 'true',
:proxy_cache_valid => '10m',
} end
@ -264,12 +252,6 @@ describe 'nginx::resource::location' do
:value => 'value',
:match => ' fastcgi_split_path_info value;'
},
{
:title => 'should not set fastcgi_split_path',
:attr => 'fastcgi_split_path',
:value => false,
:notmatch => /fastcgi_split_path_info/
},
{
:title => 'should set try_file(s)',
:attr => 'try_files',
@ -306,7 +288,7 @@ describe 'nginx::resource::location' do
},
].each do |param|
context "when #{param[:attr]} is #{param[:value]}" do
let :default_params do { :location => 'location', :fastcgi => true, :vhost => 'vhost1' } end
let :default_params do { :location => 'location', :fastcgi => 'localhost:9000', :vhost => 'vhost1' } end
let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
it { should contain_concat__fragment("vhost1-500-#{params[:location]}") }
@ -444,8 +426,8 @@ describe 'nginx::resource::location' do
end
context 'attribute resources' do
context 'when fastcgi => true' do
let :params do { :fastcgi => true, :vhost => 'vhost1' } end
context 'when fastcgi => "localhost:9000"' do
let :params do { :fastcgi => 'localhost:9000', :vhost => 'vhost1' } end
it { should contain_file('/etc/nginx/fastcgi_params').with_mode('0770') }
end
@ -474,18 +456,18 @@ describe 'nginx::resource::location' do
end
context 'when auth_basic_user_file => true' do
let :params do { :auth_basic_user_file => true, :vhost => 'vhost1', :www_root => '/', } end
let :params do { :auth_basic_user_file => '/path/to/file', :vhost => 'vhost1', :www_root => '/', } end
it { should contain_file("/etc/nginx/rspec-test_htpasswd") }
end
context 'when ensure => absent' do
let :params do {
:www_root => true,
:www_root => '/',
:vhost => 'vhost1',
:ensure => 'absent',
:ssl => true,
:auth_basic_user_file => true,
:auth_basic_user_file => '/path/to/file',
} end
it { should contain_file("/etc/nginx/rspec-test_htpasswd").with_ensure('absent') }
@ -511,7 +493,7 @@ describe 'nginx::resource::location' do
let :params do {
:vhost => 'vhost1',
:www_root => '/',
:proxy => true,
:proxy => 'http://localhost:8000/uri/',
} end
it { expect { should contain_class('nginx::resource::location') }.to raise_error(Puppet::Error, /Cannot define both directory and proxy in a virtual host/) }

36
spec/defines/resource_mailhost_spec.rb
View file

@ -48,7 +48,7 @@ describe 'nginx::resource::mailhost' do
{
:title => 'should set the IPv4 listen port',
:attr => 'listen_port',
:value => '45',
:value => 45,
:match => ' listen *:45;',
},
{
@ -78,7 +78,7 @@ describe 'nginx::resource::mailhost' do
{
:title => 'should set the IPv6 listen port',
:attr => 'ipv6_listen_port',
:value => '45',
:value => 45,
:match => ' listen [::]:45 default ipv6only=on;',
},
{
@ -87,12 +87,6 @@ describe 'nginx::resource::mailhost' do
:value => 'spdy',
:match => ' listen [::]:80 spdy ipv6only=on;',
},
{
:title => 'should not set the IPv6 listen options',
:attr => 'ipv6_listen_options',
:value => false,
:match => ' listen [::]:80 ipv6only=on;',
},
{
:title => 'should set servername(s)',
:attr => 'server_name',
@ -120,11 +114,29 @@ describe 'nginx::resource::mailhost' do
{
:title => 'should set starttls',
:attr => 'starttls',
:value => 'test-starttls',
:match => ' starttls test-starttls;',
:value => 'on',
:match => ' starttls on;',
},
{
:title => 'should set starttls',
:attr => 'starttls',
:value => 'only',
:match => ' starttls only;',
},
{
:title => 'should not enable SSL',
:attr => 'starttls',
:value => 'off',
:notmatch => / ssl_session_timeout 5m;/,
},
].each do |param|
context "when #{param[:attr]} is #{param[:value]}" do
let :default_params do {
:listen_port => 25,
:ipv6_enable => true,
:ssl_cert => 'dummy.crt',
:ssl_key => 'dummy.key',
} end
let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
it { should contain_concat__fragment("#{title}-header") }
@ -156,7 +168,7 @@ describe 'nginx::resource::mailhost' do
{
:title => 'should not enable SSL',
:attr => 'starttls',
:value => false,
:value => 'off',
:notmatch => / ssl_session_timeout 5m;/,
},
{
@ -222,7 +234,7 @@ describe 'nginx::resource::mailhost' do
{
:title => 'should set the IPv6 listen port',
:attr => 'ipv6_listen_port',
:value => '45',
:value => 45,
:match => ' listen [::]:45 default ipv6only=on;',
},
{

32
spec/defines/resource_vhost_spec.rb
View file

@ -7,7 +7,7 @@ describe 'nginx::resource::vhost' do
let :default_params do
{
:www_root => '/',
:ipv6_enable => 'true',
:ipv6_enable => true,
}
end
let :facts do
@ -58,7 +58,7 @@ describe 'nginx::resource::vhost' do
{
:title => 'should set the IPv4 listen port',
:attr => 'listen_port',
:value => '45',
:value => 45,
:match => ' listen *:45;',
},
{
@ -67,12 +67,6 @@ describe 'nginx::resource::vhost' do
:value => 'spdy default',
:match => ' listen *:80 spdy default;',
},
{
:title => 'should enable IPv6',
:attr => 'ipv6_enable',
:value => 'true',
:match => ' listen [::]:80 default ipv6only=on;',
},
{
:title => 'should enable IPv6',
:attr => 'ipv6_enable',
@ -94,7 +88,7 @@ describe 'nginx::resource::vhost' do
{
:title => 'should set the IPv6 listen port',
:attr => 'ipv6_listen_port',
:value => '45',
:value => 45,
:match => ' listen [::]:45 default ipv6only=on;',
},
{
@ -278,7 +272,7 @@ describe 'nginx::resource::vhost' do
{
:title => 'should set the IPv4 SSL listen port',
:attr => 'ssl_port',
:value => '45',
:value => 45,
:match => ' listen *:45 ssl;',
},
{
@ -299,18 +293,6 @@ describe 'nginx::resource::vhost' do
:value => 'default',
:match => ' listen *:443 ssl default;',
},
{
:title => 'should not set the IPv4 listen options',
:attr => 'listen_options',
:value => false,
:match => ' listen *:443 ssl;',
},
{
:title => 'should enable IPv6',
:attr => 'ipv6_enable',
:value => 'true',
:match => ' listen [::]:443 ssl default ipv6only=on;',
},
{
:title => 'should enable IPv6',
:attr => 'ipv6_enable',
@ -332,7 +314,7 @@ describe 'nginx::resource::vhost' do
{
:title => 'should set the IPv6 listen port',
:attr => 'ssl_port',
:value => '45',
:value => 45,
:match => ' listen [::]:45 ssl default ipv6only=on;',
},
{
@ -539,9 +521,9 @@ describe 'nginx::resource::vhost' do
it { should contain_nginx__resource__location("#{title}-default").with_location_cfg_append({ 'key' => 'value' }) }
end
context 'when fastcgi => true' do
context 'when fastcgi => "localhost:9000"' do
let :params do default_params.merge({
:fastcgi => true,
:fastcgi => 'localhost:9000',
}) end
it { should contain_file('/etc/nginx/fastcgi_params').with_mode('0770') }