Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Convert some templates to EPP #1568

Merged
merged 2 commits into from
Aug 31, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 24 additions & 8 deletions REFERENCE.md
Original file line number Diff line number Diff line change
Expand Up @@ -3005,41 +3005,57 @@ Default value: `[$name]`

##### <a name="-nginx--resource--mailhost--raw_prepend"></a>`raw_prepend`

Data type: `Optional[Variant[Array, String]]`
Data type: `Variant[Array[String], String]`

A single string, or an array of strings to prepend to the server directive
(after mailhost_cfg_prepend directive). NOTE: YOU are responsible for a
semicolon on each line that requires one.

Default value: `undef`
Default value: `[]`

##### <a name="-nginx--resource--mailhost--raw_append"></a>`raw_append`

Data type: `Optional[Variant[Array, String]]`
Data type: `Variant[Array[String], String]`

A single string, or an array of strings to append to the server directive
(after mailhost_cfg_append directive). NOTE: YOU are responsible for a
semicolon on each line that requires one.

Default value: `undef`
Default value: `[]`

##### <a name="-nginx--resource--mailhost--mailhost_cfg_append"></a>`mailhost_cfg_append`

Data type: `Optional[Hash]`
Data type:

```puppet
Hash[String, Variant[
String,
Array[String],
Hash[String, Variant[String, Array[String]]],
]]
```

It expects a hash with custom directives to put after everything else
inside server

Default value: `undef`
Default value: `{}`

##### <a name="-nginx--resource--mailhost--mailhost_cfg_prepend"></a>`mailhost_cfg_prepend`

Data type: `Optional[Hash]`
Data type:

```puppet
Hash[String, Variant[
String,
Array[String],
Hash[String, Variant[String, Array[String]]],
]]
```

It expects a hash with custom directives to put before everything else
inside server

Default value: `undef`
Default value: `{}`

##### <a name="-nginx--resource--mailhost--auth_http_header"></a>`auth_http_header`

Expand Down
107 changes: 97 additions & 10 deletions manifests/resource/mailhost.pp
Original file line number Diff line number Diff line change
Expand Up @@ -72,9 +72,9 @@
# for authorization.
# @param xclient
# Whether to use xclient for smtp
# @param proxy_protocol
# @param proxy_protocol
# Wheter to use proxy_protocol
# @param proxy_smtp_auth
# @param proxy_smtp_auth
# Wheter to use proxy_smtp_auth
# @param imap_auth
# Sets permitted methods of authentication for IMAP clients.
Expand Down Expand Up @@ -170,23 +170,38 @@
Optional[Array] $pop3_capabilities = undef,
Optional[String] $smtp_auth = undef,
Optional[Array] $smtp_capabilities = undef,
Optional[Variant[Array, String]] $raw_prepend = undef,
Optional[Variant[Array, String]] $raw_append = undef,
Optional[Hash] $mailhost_cfg_prepend = undef,
Optional[Hash] $mailhost_cfg_append = undef,
Comment on lines -173 to -176
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm fine with merging this, but should we mark it as backwards-incompatible because of the type changes?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good question, as far as I am concerned, it looks like the previous data types where too relaxed and allowed to provide configuration that would cause nginx to fail to start. Existing valid config should still be valid so I would not mark it as backwards incompatible, and if we find some corner cases that used to be valid and are now broken, we can quickly issue a new patch release to fix these.

String $proxy_pass_error_message = 'off',
Array $server_name = [$name]
Array $server_name = [$name],
Variant[Array[String], String] $raw_prepend = [],
Variant[Array[String], String] $raw_append = [],
Hash[String, Variant[
String,
Array[String],
Hash[String, Variant[String, Array[String]]],
]] $mailhost_cfg_prepend = {},
Hash[String, Variant[
String,
Array[String],
Hash[String, Variant[String, Array[String]]],
]] $mailhost_cfg_append = {},
) {
if ! defined(Class['nginx']) {
fail('You must include the nginx base class before using any defined resources')
}

# Add IPv6 Logic Check - Nginx service will not start if ipv6 is enabled
# and support does not exist for it in the kernel.
if ($ipv6_enable and !$facts['networking']['ip6']) {
$has_ipaddress6 = ($facts.get('networking.ip6') =~ Stdlib::IP::Address::V6)
if ($ipv6_enable and !$has_ipaddress6) {
warning('nginx: IPv6 support is not enabled or configured properly')
}

if $ipv6_enable and $has_ipaddress6 {
$_ipv6_listen_ip = Array($ipv6_listen_ip, true)
} else {
$_ipv6_listen_ip = []
}

# Check to see if SSL Certificates are properly defined.
if ($ssl or $starttls == 'on' or $starttls == 'only') {
if ($ssl_cert == undef) or ($ssl_key == undef) {
Expand All @@ -197,6 +212,53 @@
$config_dir = "${nginx::conf_dir}/conf.mail.d"
$config_file = "${config_dir}/${name}.conf"

# Pre-render some common parts
$mailhost_prepend = epp('nginx/prepend_append.epp', {
cfg_xpend => $mailhost_cfg_prepend,
raw_xpend => Array($raw_prepend, true),
})
$mailhost_append = epp('nginx/prepend_append.epp', {
cfg_xpend => $mailhost_cfg_append,
raw_xpend => Array($raw_append, true),
})

$mailhost_ssl_settings = epp('nginx/mailhost/mailhost_ssl_settings.epp', {
ssl_cert => $ssl_cert,
ssl_ciphers => $ssl_ciphers,
ssl_client_cert => $ssl_client_cert,
ssl_crl => $ssl_crl,
ssl_dhparam => $ssl_dhparam,
ssl_ecdh_curve => $ssl_ecdh_curve,
ssl_key => $ssl_key,
ssl_password_file => $ssl_password_file,
ssl_prefer_server_ciphers => $ssl_prefer_server_ciphers,
ssl_protocols => $ssl_protocols,
ssl_session_cache => $ssl_session_cache,
ssl_session_ticket_key => $ssl_session_ticket_key,
ssl_session_tickets => $ssl_session_tickets,
ssl_session_timeout => $ssl_session_timeout,
ssl_trusted_cert => $ssl_trusted_cert,
ssl_verify_depth => $ssl_verify_depth,
})

$mailhost_common = epp('nginx/mailhost/mailhost_common.epp', {
auth_http => $auth_http,
auth_http_header => $auth_http_header,
imap_auth => $imap_auth,
imap_capabilities => $imap_capabilities,
imap_client_buffer => $imap_client_buffer,
pop3_auth => $pop3_auth,
pop3_capabilities => $pop3_capabilities,
protocol => $protocol,
proxy_pass_error_message => $proxy_pass_error_message,
proxy_protocol => $proxy_protocol,
proxy_smtp_auth => $proxy_smtp_auth,
server_name => $server_name,
smtp_auth => $smtp_auth,
smtp_capabilities => $smtp_capabilities,
xclient => $xclient,
})

concat { $config_file:
ensure => $ensure,
owner => 'root',
Expand All @@ -210,17 +272,42 @@
if $ssl_port == undef or $listen_port != $ssl_port {
concat::fragment { "${name}-header":
target => $config_file,
content => template('nginx/mailhost/mailhost.erb'),
order => '001',
content => epp('nginx/mailhost/mailhost.epp', {
ipv6_listen_ip => $_ipv6_listen_ip,
ipv6_listen_options => $ipv6_listen_options,
ipv6_listen_port => $ipv6_listen_port,
listen_ip => Array($listen_ip, true),
listen_options => $listen_options,
listen_port => $listen_port,
mailhost_append => $mailhost_append,
mailhost_common => $mailhost_common,
mailhost_prepend => $mailhost_prepend,
mailhost_ssl_settings => $mailhost_ssl_settings,
nginx_version => $nginx::nginx_version,
starttls => $starttls,
}),
}
}

# Create SSL File Stubs if SSL is enabled
if $ssl {
concat::fragment { "${name}-ssl":
target => $config_file,
content => template('nginx/mailhost/mailhost_ssl.erb'),
order => '700',
content => epp('nginx/mailhost/mailhost_ssl.epp', {
ipv6_listen_ip => $_ipv6_listen_ip,
ipv6_listen_options => $ipv6_listen_options,
ipv6_listen_port => $ipv6_listen_port,
listen_ip => Array($listen_ip, true),
listen_options => $listen_options,
mailhost_append => $mailhost_append,
mailhost_common => $mailhost_common,
mailhost_prepend => $mailhost_prepend,
mailhost_ssl_settings => $mailhost_ssl_settings,
nginx_version => $nginx::nginx_version,
ssl_port => $ssl_port,
}),
}
}
}
2 changes: 0 additions & 2 deletions spec/default_module_facts.yml

This file was deleted.

97 changes: 72 additions & 25 deletions spec/defines/resource_mailhost_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,8 @@
on_supported_os.each do |os, facts|
context "on #{os} with Facter #{facts[:facterversion]} and Puppet #{facts[:puppetversion]}" do
let(:facts) do
facts
# Explicitly define the IPv6 address facts
override_facts(facts, networking: { ip6: '2001:db8::c0:ffee' })
end
let(:title) { 'www.rspec.example.com' }
let :default_params do
Expand Down Expand Up @@ -152,7 +153,19 @@
notmatch: %r{ ssl_session_timeout 5m;}
},
{
title: 'should contain raw_prepend directives',
title: 'should contain raw_prepend directives (String)',
attr: 'raw_prepend',
value: 'test value;',
match: [' test value;']
},
{
title: 'should contain raw_append directives (String)',
attr: 'raw_append',
value: 'test value;',
match: [' test value;']
},
{
title: 'should contain raw_prepend directives (Array)',
attr: 'raw_prepend',
value: [
'if (a) {',
Expand All @@ -162,7 +175,7 @@
match: %r{^\s+if \(a\) \{\n\s++b;\n\s+\}}
},
{
title: 'should contain raw_append directives',
title: 'should contain raw_append directives (Array)',
attr: 'raw_append',
value: [
'if (a) {',
Expand All @@ -174,23 +187,45 @@
{
title: 'should contain ordered prepended directives',
attr: 'mailhost_cfg_prepend',
value: { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'], 'test3' => 'test value 3' },
value: {
'test1' => 'test value 1',
'test2' => ['test value 2a', 'test value 2b'],
'test3' => {
'subkey 3a' => 'subvalue 3a',
'subkey 3b' => ['subvalue 3b1', 'subvalue 3b2'],
},
'test4' => 'test value 4',
},
match: [
' test1 test value 1;',
' test2 test value 2a;',
' test2 test value 2b;',
' test3 test value 3;'
' test3 subkey 3a subvalue 3a;',
' test3 subkey 3b subvalue 3b1;',
' test3 subkey 3b subvalue 3b2;',
' test4 test value 4;',
]
},
{
title: 'should contain ordered appended directives',
attr: 'mailhost_cfg_append',
value: { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'], 'test3' => 'test value 3' },
value: {
'test1' => 'test value 1',
'test2' => ['test value 2a', 'test value 2b'],
'test3' => {
'subkey 3a' => 'subvalue 3a',
'subkey 3b' => ['subvalue 3b1', 'subvalue 3b2'],
},
'test4' => 'test value 4',
},
match: [
' test1 test value 1;',
' test2 test value 2a;',
' test2 test value 2b;',
' test3 test value 3;'
' test3 subkey 3a subvalue 3a;',
' test3 subkey 3b subvalue 3b1;',
' test3 subkey 3b subvalue 3b2;',
' test4 test value 4;',
]
}
].each do |param|
Expand Down Expand Up @@ -641,6 +676,7 @@
end
end
end

context 'on nginx 1.16' do
let(:params) do
{
Expand Down Expand Up @@ -744,15 +780,6 @@
it { is_expected.to contain_concat__fragment("#{title}-header") }
end

context 'when listen_port != "ssl_port"' do
let :params do
default_params.merge(listen_port: 80,
ssl_port: 443)
end

it { is_expected.to contain_concat__fragment("#{title}-header") }
end

context 'when listen_port == ssl_port' do
let :params do
default_params.merge(listen_port: 80,
Expand All @@ -762,15 +789,6 @@
it { is_expected.not_to contain_concat__fragment("#{title}-header") }
end

context 'when listen_port == "ssl_port"' do
let :params do
default_params.merge(listen_port: 80,
ssl_port: 80)
end

it { is_expected.not_to contain_concat__fragment("#{title}-header") }
end

context 'when ssl => true' do
let :params do
default_params.merge(ensure: 'absent',
Expand All @@ -793,6 +811,35 @@
it { is_expected.not_to contain_concat__fragment("#{title}-ssl") }
end
end

context 'without IPv6 address present' do
let(:params) do
{
listen_port: 25,
ssl_port: 587,
ipv6_enable: true,
ssl: true,
ssl_cert: 'dummy.crt',
ssl_key: 'dummy.key'
}
end
let(:facts) do
facts.reject do |k, v|
(k == :ipaddress6) or
(k == :networking and v.keys.include? 'ip6')
end
end

it do
is_expected.to contain_concat__fragment("#{title}-header").
without_content(%r{^ listen \[::\]:25 default ipv6only=on;})
end

it do
is_expected.to contain_concat__fragment("#{title}-ssl").
without_content(%r{^ listen \[::\]:587 default ipv6only=on;})
end
end
end
end
end
Expand Down
Loading
Loading