opuppet/module-nginx
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

add ssl_verify_client parameter

Browse source
This commit is contained in:
Rafael Chicoli 2016-04-11 13:35:19 +02:00
parent f13fdc02a0
commit e43d8dca86
3 changed files with 8 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
manifests/resource/vhost.pp
View file

@ -53,6 +53,7 @@
# for SSL Support. This is not generated by this module. # for SSL Support. This is not generated by this module.
# [*ssl_client_cert*] - Pre-generated SSL Certificate file to reference # [*ssl_client_cert*] - Pre-generated SSL Certificate file to reference
# for client verify SSL Support. This is not generated by this module. # for client verify SSL Support. This is not generated by this module.
# [*ssl_verify_client*] - Enables verification of client certificates.
# [*ssl_crl*] - String: Specifies CRL path in file system # [*ssl_crl*] - String: Specifies CRL path in file system
# [*ssl_dhparam*] - This directive specifies a file containing # [*ssl_dhparam*] - This directive specifies a file containing
# Diffie-Hellman key agreement protocol cryptographic parameters, in PEM # Diffie-Hellman key agreement protocol cryptographic parameters, in PEM
@ -191,6 +192,7 @@ define nginx::resource::vhost (
$ssl_listen_option = true, $ssl_listen_option = true,
$ssl_cert = undef, $ssl_cert = undef,
$ssl_client_cert = undef, $ssl_client_cert = undef,
$ssl_verify_client = 'on',
$ssl_dhparam = undef, $ssl_dhparam = undef,
$ssl_key = undef, $ssl_key = undef,
$ssl_port = 443, $ssl_port = 443,
@ -322,6 +324,9 @@ define nginx::resource::vhost (
if ($ssl_client_cert != undef) { if ($ssl_client_cert != undef) {
validate_string($ssl_client_cert) validate_string($ssl_client_cert)
} }
if ($ssl_verify_client != undef) {
validate_string($ssl_verify_client)
}
if ($ssl_crl != undef) { if ($ssl_crl != undef) {
validate_string($ssl_crl) validate_string($ssl_crl)
} }

3
spec/defines/resource_vhost_spec.rb
View file

@ -922,12 +922,13 @@ describe 'nginx::resource::vhost' do
:ssl_key => 'dummy.key', :ssl_key => 'dummy.key',
:ssl_cert => 'dummy.cert', :ssl_cert => 'dummy.cert',
:ssl_client_cert => 'client.cert', :ssl_client_cert => 'client.cert',
:ssl_verify_client => 'optional',
}) end }) end
it { is_expected.to contain_nginx__resource__location("#{title}-default").with_ssl_only(true) } it { is_expected.to contain_nginx__resource__location("#{title}-default").with_ssl_only(true) }
it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{access_log\s+/var/log/nginx/ssl-www\.rspec\.example\.com\.access\.log combined;}) } it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{access_log\s+/var/log/nginx/ssl-www\.rspec\.example\.com\.access\.log combined;}) }
it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{error_log\s+/var/log/nginx/ssl-www\.rspec\.example\.com\.error\.log}) } it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{error_log\s+/var/log/nginx/ssl-www\.rspec\.example\.com\.error\.log}) }
it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{ssl_verify_client on;}) } it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{ssl_verify_client\s+optional;}) }
end end
context 'when passenger_cgi_param is set' do context 'when passenger_cgi_param is set' do
let :params do default_params.merge({ let :params do default_params.merge({

2
templates/vhost/vhost_ssl_settings.erb
View file

@ -4,7 +4,7 @@
ssl_certificate_key <%= @ssl_key %>; ssl_certificate_key <%= @ssl_key %>;
<% if defined? @ssl_client_cert -%> <% if defined? @ssl_client_cert -%>
ssl_client_certificate <%= @ssl_client_cert %>; ssl_client_certificate <%= @ssl_client_cert %>;
ssl_verify_client on; ssl_verify_client <%= @ssl_verify_client %>;
<% end -%> <% end -%>
<% if defined? @ssl_dhparam -%> <% if defined? @ssl_dhparam -%>
ssl_dhparam <%= @ssl_dhparam %>; ssl_dhparam <%= @ssl_dhparam %>;