Skip to content

Commit

Permalink
Convert mailhost templates to EPP
Browse files Browse the repository at this point in the history
  • Loading branch information
@jay7x
jay7x committed Jul 23, 2023
1 parent c79ca10 commit 38e2edb
Show file tree
Hide file tree
Showing 13 changed files with 400 additions and 240 deletions.
32 changes: 24 additions & 8 deletions REFERENCE.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3005,41 +3005,57 @@ Default value: `[$name]`

##### <a name="-nginx--resource--mailhost--raw_prepend"></a>`raw_prepend`

Data type: `Optional[Variant[Array, String]]`
Data type: `Variant[Array[String], String]`

A single string, or an array of strings to prepend to the server directive
(after mailhost_cfg_prepend directive). NOTE: YOU are responsible for a
semicolon on each line that requires one.

Default value: `undef`
Default value: `[]`

##### <a name="-nginx--resource--mailhost--raw_append"></a>`raw_append`

Data type: `Optional[Variant[Array, String]]`
Data type: `Variant[Array[String], String]`

A single string, or an array of strings to append to the server directive
(after mailhost_cfg_append directive). NOTE: YOU are responsible for a
semicolon on each line that requires one.

Default value: `undef`
Default value: `[]`

##### <a name="-nginx--resource--mailhost--mailhost_cfg_append"></a>`mailhost_cfg_append`

Data type: `Optional[Hash]`
Data type:

```puppet
Hash[String, Variant[
String,
Array[String],
Hash[String, Variant[String, Array[String]]],
]]
```

It expects a hash with custom directives to put after everything else
inside server

Default value: `undef`
Default value: `{}`

##### <a name="-nginx--resource--mailhost--mailhost_cfg_prepend"></a>`mailhost_cfg_prepend`

Data type: `Optional[Hash]`
Data type:

```puppet
Hash[String, Variant[
String,
Array[String],
Hash[String, Variant[String, Array[String]]],
]]
```

It expects a hash with custom directives to put before everything else
inside server

Default value: `undef`
Default value: `{}`

##### <a name="-nginx--resource--mailhost--auth_http_header"></a>`auth_http_header`

Expand Down
107 changes: 97 additions & 10 deletions manifests/resource/mailhost.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,9 +72,9 @@
# for authorization.
# @param xclient
# Whether to use xclient for smtp
# @param proxy_protocol
# @param proxy_protocol
# Wheter to use proxy_protocol
# @param proxy_smtp_auth
# @param proxy_smtp_auth
# Wheter to use proxy_smtp_auth
# @param imap_auth
# Sets permitted methods of authentication for IMAP clients.
Expand Down Expand Up @@ -170,23 +170,38 @@
Optional[Array] $pop3_capabilities = undef,
Optional[String] $smtp_auth = undef,
Optional[Array] $smtp_capabilities = undef,
Optional[Variant[Array, String]] $raw_prepend = undef,
Optional[Variant[Array, String]] $raw_append = undef,
Optional[Hash] $mailhost_cfg_prepend = undef,
Optional[Hash] $mailhost_cfg_append = undef,
String $proxy_pass_error_message = 'off',
Array $server_name = [$name]
Array $server_name = [$name],
Variant[Array[String], String] $raw_prepend = [],
Variant[Array[String], String] $raw_append = [],
Hash[String, Variant[
String,
Array[String],
Hash[String, Variant[String, Array[String]]],
]] $mailhost_cfg_prepend = {},
Hash[String, Variant[
String,
Array[String],
Hash[String, Variant[String, Array[String]]],
]] $mailhost_cfg_append = {},
) {
if ! defined(Class['nginx']) {
fail('You must include the nginx base class before using any defined resources')
}

# Add IPv6 Logic Check - Nginx service will not start if ipv6 is enabled
# and support does not exist for it in the kernel.
if ($ipv6_enable and !$facts['networking']['ip6']) {
$has_ipaddress6 = ($facts.get('networking.ip6') =~ Stdlib::IP::Address::V6)
if ($ipv6_enable and !$has_ipaddress6) {
warning('nginx: IPv6 support is not enabled or configured properly')
}

if $ipv6_enable and $has_ipaddress6 {
$_ipv6_listen_ip = Array($ipv6_listen_ip, true)
} else {
$_ipv6_listen_ip = []
}

# Check to see if SSL Certificates are properly defined.
if ($ssl or $starttls == 'on' or $starttls == 'only') {
if ($ssl_cert == undef) or ($ssl_key == undef) {
Expand All @@ -197,6 +212,53 @@
$config_dir = "${nginx::conf_dir}/conf.mail.d"
$config_file = "${config_dir}/${name}.conf"

# Pre-render some common parts
$mailhost_prepend = epp('nginx/prepend_append.epp', {
cfg_xpend => $mailhost_cfg_prepend,
raw_xpend => Array($raw_prepend, true),
})
$mailhost_append = epp('nginx/prepend_append.epp', {
cfg_xpend => $mailhost_cfg_append,
raw_xpend => Array($raw_append, true),
})

$mailhost_ssl_settings = epp('nginx/mailhost/mailhost_ssl_settings.epp', {
ssl_cert => $ssl_cert,
ssl_ciphers => $ssl_ciphers,
ssl_client_cert => $ssl_client_cert,
ssl_crl => $ssl_crl,
ssl_dhparam => $ssl_dhparam,
ssl_ecdh_curve => $ssl_ecdh_curve,
ssl_key => $ssl_key,
ssl_password_file => $ssl_password_file,
ssl_prefer_server_ciphers => $ssl_prefer_server_ciphers,
ssl_protocols => $ssl_protocols,
ssl_session_cache => $ssl_session_cache,
ssl_session_ticket_key => $ssl_session_ticket_key,
ssl_session_tickets => $ssl_session_tickets,
ssl_session_timeout => $ssl_session_timeout,
ssl_trusted_cert => $ssl_trusted_cert,
ssl_verify_depth => $ssl_verify_depth,
})

$mailhost_common = epp('nginx/mailhost/mailhost_common.epp', {
auth_http => $auth_http,
auth_http_header => $auth_http_header,
imap_auth => $imap_auth,
imap_capabilities => $imap_capabilities,
imap_client_buffer => $imap_client_buffer,
pop3_auth => $pop3_auth,
pop3_capabilities => $pop3_capabilities,
protocol => $protocol,
proxy_pass_error_message => $proxy_pass_error_message,
proxy_protocol => $proxy_protocol,
proxy_smtp_auth => $proxy_smtp_auth,
server_name => $server_name,
smtp_auth => $smtp_auth,
smtp_capabilities => $smtp_capabilities,
xclient => $xclient,
})

concat { $config_file:
ensure => $ensure,
owner => 'root',
Expand All @@ -210,17 +272,42 @@
if $ssl_port == undef or $listen_port != $ssl_port {
concat::fragment { "${name}-header":
target => $config_file,
content => template('nginx/mailhost/mailhost.erb'),
order => '001',
content => epp('nginx/mailhost/mailhost.epp', {
ipv6_listen_ip => $_ipv6_listen_ip,
ipv6_listen_options => $ipv6_listen_options,
ipv6_listen_port => $ipv6_listen_port,
listen_ip => Array($listen_ip, true),
listen_options => $listen_options,
listen_port => $listen_port,
mailhost_append => $mailhost_append,
mailhost_common => $mailhost_common,
mailhost_prepend => $mailhost_prepend,
mailhost_ssl_settings => $mailhost_ssl_settings,
nginx_version => $nginx::nginx_version,
starttls => $starttls,
}),
}
}

# Create SSL File Stubs if SSL is enabled
if $ssl {
concat::fragment { "${name}-ssl":
target => $config_file,
content => template('nginx/mailhost/mailhost_ssl.erb'),
order => '700',
content => epp('nginx/mailhost/mailhost_ssl.epp', {
ipv6_listen_ip => $_ipv6_listen_ip,
ipv6_listen_options => $ipv6_listen_options,
ipv6_listen_port => $ipv6_listen_port,
listen_ip => Array($listen_ip, true),
listen_options => $listen_options,
mailhost_append => $mailhost_append,
mailhost_common => $mailhost_common,
mailhost_prepend => $mailhost_prepend,
mailhost_ssl_settings => $mailhost_ssl_settings,
nginx_version => $nginx::nginx_version,
ssl_port => $ssl_port,
}),
}
}
}
2 changes: 0 additions & 2 deletions spec/default_module_facts.yml
View file

This file was deleted.

79 changes: 72 additions & 7 deletions spec/defines/resource_mailhost_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,8 @@
on_supported_os.each do |os, facts|
context "on #{os} with Facter #{facts[:facterversion]} and Puppet #{facts[:puppetversion]}" do
let(:facts) do
facts
# Explicitly define the IPv6 address facts
override_facts(facts, networking: { ip6: '2001:db8::c0:ffee' })
end
let(:title) { 'www.rspec.example.com' }
let :default_params do
Expand Down Expand Up @@ -152,7 +153,19 @@
notmatch: %r{ ssl_session_timeout 5m;}
},
{
title: 'should contain raw_prepend directives',
title: 'should contain raw_prepend directives (String)',
attr: 'raw_prepend',
value: 'test value;',
match: [' test value;']
},
{
title: 'should contain raw_append directives (String)',
attr: 'raw_append',
value: 'test value;',
match: [' test value;']
},
{
title: 'should contain raw_prepend directives (Array)',
attr: 'raw_prepend',
value: [
'if (a) {',
Expand All @@ -162,7 +175,7 @@
match: %r{^\s+if \(a\) \{\n\s++b;\n\s+\}}
},
{
title: 'should contain raw_append directives',
title: 'should contain raw_append directives (Array)',
attr: 'raw_append',
value: [
'if (a) {',
Expand All @@ -174,23 +187,45 @@
{
title: 'should contain ordered prepended directives',
attr: 'mailhost_cfg_prepend',
value: { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'], 'test3' => 'test value 3' },
value: {
'test1' => 'test value 1',
'test2' => ['test value 2a', 'test value 2b'],
'test3' => {
'subkey 3a' => 'subvalue 3a',
'subkey 3b' => ['subvalue 3b1', 'subvalue 3b2'],
},
'test4' => 'test value 4',
},
match: [
' test1 test value 1;',
' test2 test value 2a;',
' test2 test value 2b;',
' test3 test value 3;'
' test3 subkey 3a subvalue 3a;',
' test3 subkey 3b subvalue 3b1;',
' test3 subkey 3b subvalue 3b2;',
' test4 test value 4;',
]
},
{
title: 'should contain ordered appended directives',
attr: 'mailhost_cfg_append',
value: { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'], 'test3' => 'test value 3' },
value: {
'test1' => 'test value 1',
'test2' => ['test value 2a', 'test value 2b'],
'test3' => {
'subkey 3a' => 'subvalue 3a',
'subkey 3b' => ['subvalue 3b1', 'subvalue 3b2'],
},
'test4' => 'test value 4',
},
match: [
' test1 test value 1;',
' test2 test value 2a;',
' test2 test value 2b;',
' test3 test value 3;'
' test3 subkey 3a subvalue 3a;',
' test3 subkey 3b subvalue 3b1;',
' test3 subkey 3b subvalue 3b2;',
' test4 test value 4;',
]
}
].each do |param|
Expand Down Expand Up @@ -641,6 +676,7 @@
end
end
end

context 'on nginx 1.16' do
let(:params) do
{
Expand Down Expand Up @@ -775,6 +811,35 @@
it { is_expected.not_to contain_concat__fragment("#{title}-ssl") }
end
end

context 'without IPv6 address present' do
let(:params) do
{
listen_port: 25,
ssl_port: 587,
ipv6_enable: true,
ssl: true,
ssl_cert: 'dummy.crt',
ssl_key: 'dummy.key'
}
end
let(:facts) do
facts.reject do |k, v|
(k == :ipaddress6) or
(k == :networking and v.keys.include? 'ip6')
end
end

it do
is_expected.to contain_concat__fragment("#{title}-header").
without_content(%r{^ listen \[::\]:25 default ipv6only=on;})
end

it do
is_expected.to contain_concat__fragment("#{title}-ssl").
without_content(%r{^ listen \[::\]:587 default ipv6only=on;})
end
end
end
end
end
Expand Down
35 changes: 35 additions & 0 deletions templates/mailhost/mailhost.epp
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
<%- |
Array[String] $ipv6_listen_ip,
String $ipv6_listen_options,
Stdlib::Port $ipv6_listen_port,
Array[String] $listen_ip,
Optional[String] $listen_options,
Stdlib::Port $listen_port,
String $mailhost_append,
String[1] $mailhost_common,
String $mailhost_prepend,
String[1] $mailhost_ssl_settings,
String[1] $nginx_version,
Enum['on', 'off', 'only'] $starttls,
| -%>
# MANAGED BY PUPPET
server {
<%= $mailhost_prepend -%>
<%- $listen_ip.each |$ip| { -%>
listen <%= $ip %>:<%= $listen_port %><% if $listen_options { %> <%= $listen_options %><% } %>;
<%- } -%>
<%- $ipv6_listen_ip.each |$ipv6| { -%>
listen [<%= $ipv6 %>]:<%= $ipv6_listen_port %> <% if $ipv6_listen_options { %><%= $ipv6_listen_options %><% } %>;
<%- } -%>
<%= $mailhost_common -%>

<%- if versioncmp($nginx_version, '1.15.0') < 0 { -%>
ssl off;
<% } %>
starttls <%= $starttls %>;

<% if $starttls != 'off' { %>
<%= $mailhost_ssl_settings -%>
<%- } -%>
<%= $mailhost_append -%>
}
Loading

0 comments on commit 38e2edb

Please sign in to comment.