From d4da8f8effedc30cbf75e52a94ac163d265703b6 Mon Sep 17 00:00:00 2001 From: Alex Pica Date: Sun, 13 Apr 2014 05:12:19 +0300 Subject: [PATCH 1/2] Use md5 for location concat filenames --- .gitignore | 1 + manifests/resource/location.pp | 138 ++++++++++++++++++++------------- 2 files changed, 85 insertions(+), 54 deletions(-) diff --git a/.gitignore b/.gitignore index 02eab4884..91807af63 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,4 @@ pkg/ pkg/ Gemfile.lock spec/fixtures/ +/metadata.json diff --git a/manifests/resource/location.pp b/manifests/resource/location.pp index 7989f5050..0528e29da 100644 --- a/manifests/resource/location.pp +++ b/manifests/resource/location.pp @@ -101,46 +101,45 @@ # } define nginx::resource::location ( - $ensure = present, - $location = $name, - $vhost = undef, - $www_root = undef, - $autoindex = undef, - $index_files = [ + $ensure = present, + $location = $name, + $vhost = undef, + $www_root = undef, + $autoindex = undef, + $index_files = [ 'index.html', 'index.htm', 'index.php'], - $proxy = undef, - $proxy_redirect = $nginx::params::nx_proxy_redirect, - $proxy_read_timeout = $nginx::params::nx_proxy_read_timeout, - $proxy_connect_timeout = $nginx::params::nx_proxy_connect_timeout, - $proxy_set_header = $nginx::params::nx_proxy_set_header, - $fastcgi = undef, - $fastcgi_params = '/etc/nginx/fastcgi_params', - $fastcgi_script = undef, - $fastcgi_split_path = undef, - $ssl = false, - $ssl_only = false, - $location_alias = undef, - $location_allow = undef, - $location_deny = undef, - $option = undef, - $stub_status = undef, - $location_custom_cfg = undef, - $location_cfg_prepend = undef, - $location_cfg_append = undef, - $location_custom_cfg_prepend = undef, - $location_custom_cfg_append = undef, - $try_files = undef, - $proxy_cache = false, - $proxy_cache_valid = false, - $proxy_method = undef, - $proxy_set_body = undef, - $auth_basic = undef, - $auth_basic_user_file = undef, - $rewrite_rules = [], - $priority = 500 -) { + $proxy = undef, + $proxy_redirect = $nginx::params::nx_proxy_redirect, + $proxy_read_timeout = $nginx::params::nx_proxy_read_timeout, + $proxy_connect_timeout = $nginx::params::nx_proxy_connect_timeout, + $proxy_set_header = $nginx::params::nx_proxy_set_header, + $fastcgi = undef, + $fastcgi_params = '/etc/nginx/fastcgi_params', + $fastcgi_script = undef, + $fastcgi_split_path = undef, + $ssl = false, + $ssl_only = false, + $location_alias = undef, + $location_allow = undef, + $location_deny = undef, + $option = undef, + $stub_status = undef, + $location_custom_cfg = undef, + $location_cfg_prepend = undef, + $location_cfg_append = undef, + $location_custom_cfg_prepend = undef, + $location_custom_cfg_append = undef, + $try_files = undef, + $proxy_cache = false, + $proxy_cache_valid = false, + $proxy_method = undef, + $proxy_set_body = undef, + $auth_basic = undef, + $auth_basic_user_file = undef, + $rewrite_rules = [], + $priority = 500) { File { owner => 'root', group => 'root', @@ -148,19 +147,22 @@ notify => Class['nginx::service'], } - validate_re($ensure, '^(present|absent)$', - "${ensure} is not supported for ensure. Allowed values are 'present' and 'absent'.") + validate_re($ensure, '^(present|absent)$', "${ensure} is not supported for ensure. Allowed values are 'present' and 'absent'.") validate_string($location) + if ($vhost != undef) { validate_string($vhost) } + if ($www_root != undef) { validate_string($www_root) } + if ($autoindex != undef) { validate_string($autoindex) } validate_array($index_files) + if ($proxy != undef) { validate_string($proxy) } @@ -168,90 +170,114 @@ validate_string($proxy_read_timeout) validate_string($proxy_connect_timeout) validate_array($proxy_set_header) + if ($fastcgi != undef) { validate_string($fastcgi) } validate_string($fastcgi_params) + if ($fastcgi_script != undef) { validate_string($fastcgi_script) } + if ($fastcgi_split_path != undef) { validate_string($fastcgi_split_path) } validate_bool($ssl) validate_bool($ssl_only) + if ($location_alias != undef) { validate_string($location_alias) } + if ($location_allow != undef) { validate_array($location_allow) } + if ($location_deny != undef) { validate_array($location_deny) } + if ($option != undef) { warning('The $option parameter has no effect and is deprecated.') } + if ($stub_status != undef) { validate_bool($stub_status) } + if ($location_custom_cfg != undef) { validate_hash($location_custom_cfg) } + if ($location_cfg_prepend != undef) { validate_hash($location_cfg_prepend) } + if ($location_cfg_append != undef) { validate_hash($location_cfg_append) } + if ($try_files != undef) { validate_array($try_files) } + if ($proxy_cache != false) { validate_string($proxy_cache) } + if ($proxy_cache_valid != false) { validate_string($proxy_cache_valid) } + if ($proxy_method != undef) { validate_string($proxy_method) } + if ($proxy_set_body != undef) { validate_string($proxy_set_body) } + if ($auth_basic != undef) { validate_string($auth_basic) } + if ($auth_basic_user_file != undef) { validate_string($auth_basic_user_file) } + if !is_integer($priority) { fail('$priority must be an integer.') } validate_array($rewrite_rules) + if ($priority < 401) or ($priority > 899) { fail('$priority must be in the range 401-899.') } # # Shared Variables - $ensure_real = $ensure ? { + $ensure_real = $ensure ? { 'absent' => absent, default => file, } - $vhost_sanitized = regsubst($vhost, ' ', '_', 'G') - $config_file = "${nginx::config::nx_conf_dir}/sites-available/${vhost_sanitized}.conf" + $vhost_sanitized = regsubst($vhost, ' ', '_', 'G') + $config_file = "${nginx::config::nx_conf_dir}/sites-available/${vhost_sanitized}.conf" $location_sanitized_tmp = regsubst($location, '\/', '_', 'G') - $location_sanitized = regsubst($location_sanitized_tmp, '\\', '_', 'G') + $location_sanitized = regsubst($location_sanitized_tmp, '\\', '_', 'G') - ## Check for various error conditions + # # Check for various error conditions if ($vhost == undef) { fail('Cannot create a location reference without attaching to a virtual host') } - if (($www_root == undef) and ($proxy == undef) and ($location_alias == undef) and ($stub_status == undef) and ($fastcgi == undef) and ($location_custom_cfg == undef)) { - fail('Cannot create a location reference without a www_root, proxy, location_alias, fastcgi, stub_status, or location_custom_cfg defined') + + if (($www_root == undef) and ($proxy == undef) and ($location_alias == undef) and ($stub_status == undef) and ($fastcgi == undef) + and ($location_custom_cfg == undef)) { + fail('Cannot create a location reference without a www_root, proxy, location_alias, fastcgi, stub_status, or location_custom_cfg defined' + ) } + if (($www_root != undef) and ($proxy != undef)) { fail('Cannot define both directory and proxy in a virtual host') } @@ -279,9 +305,12 @@ } } - ## Create stubs for vHost File Fragment Pattern + # # Create stubs for vHost File Fragment Pattern if ($ssl_only != true) { - concat::fragment { "${vhost_sanitized}-${priority}-${location_sanitized}": + + $tmpFile=md5("${vhost_sanitized}-${priority}-${location_sanitized}") + + concat::fragment {"${tmpFile}" : ensure => present, target => $config_file, content => $content_real, @@ -289,10 +318,13 @@ } } - ## Only create SSL Specific locations if $ssl is true. + # # Only create SSL Specific locations if $ssl is true. if ($ssl == true) { $ssl_priority = $priority + 300 - concat::fragment {"${vhost_sanitized}-${ssl_priority}-${location_sanitized}-ssl": + + $sslTmpFile = md5("${vhost_sanitized}-${ssl_priority}-${location_sanitized}-ssl") + + concat::fragment { "${sslTmpFile}": ensure => present, target => $config_file, content => $content_real, @@ -301,11 +333,9 @@ } if ($auth_basic_user_file != undef) { - #Generate htpasswd with provided file-locations + # Generate htpasswd with provided file-locations file { "${nginx::params::nx_conf_dir}/${location_sanitized}_htpasswd": ensure => $ensure, mode => '0644', source => $auth_basic_user_file, - } - } -} + } \ No newline at end of file From 0e27ce101e76f49c47dfaa610dff65bd3793c953 Mon Sep 17 00:00:00 2001 From: Alex Date: Sun, 13 Apr 2014 05:29:20 +0300 Subject: [PATCH 2/2] Use md5 hash for the location temp files --- manifests/resource/location.pp | 139 ++++++++++++++------------------- 1 file changed, 58 insertions(+), 81 deletions(-) diff --git a/manifests/resource/location.pp b/manifests/resource/location.pp index 0528e29da..dba7aaf1c 100644 --- a/manifests/resource/location.pp +++ b/manifests/resource/location.pp @@ -101,45 +101,46 @@ # } define nginx::resource::location ( - $ensure = present, - $location = $name, - $vhost = undef, - $www_root = undef, - $autoindex = undef, - $index_files = [ + $ensure = present, + $location = $name, + $vhost = undef, + $www_root = undef, + $autoindex = undef, + $index_files = [ 'index.html', 'index.htm', 'index.php'], - $proxy = undef, - $proxy_redirect = $nginx::params::nx_proxy_redirect, - $proxy_read_timeout = $nginx::params::nx_proxy_read_timeout, - $proxy_connect_timeout = $nginx::params::nx_proxy_connect_timeout, - $proxy_set_header = $nginx::params::nx_proxy_set_header, - $fastcgi = undef, - $fastcgi_params = '/etc/nginx/fastcgi_params', - $fastcgi_script = undef, - $fastcgi_split_path = undef, - $ssl = false, - $ssl_only = false, - $location_alias = undef, - $location_allow = undef, - $location_deny = undef, - $option = undef, - $stub_status = undef, - $location_custom_cfg = undef, - $location_cfg_prepend = undef, - $location_cfg_append = undef, - $location_custom_cfg_prepend = undef, - $location_custom_cfg_append = undef, - $try_files = undef, - $proxy_cache = false, - $proxy_cache_valid = false, - $proxy_method = undef, - $proxy_set_body = undef, - $auth_basic = undef, - $auth_basic_user_file = undef, - $rewrite_rules = [], - $priority = 500) { + $proxy = undef, + $proxy_redirect = $nginx::params::nx_proxy_redirect, + $proxy_read_timeout = $nginx::params::nx_proxy_read_timeout, + $proxy_connect_timeout = $nginx::params::nx_proxy_connect_timeout, + $proxy_set_header = $nginx::params::nx_proxy_set_header, + $fastcgi = undef, + $fastcgi_params = '/etc/nginx/fastcgi_params', + $fastcgi_script = undef, + $fastcgi_split_path = undef, + $ssl = false, + $ssl_only = false, + $location_alias = undef, + $location_allow = undef, + $location_deny = undef, + $option = undef, + $stub_status = undef, + $location_custom_cfg = undef, + $location_cfg_prepend = undef, + $location_cfg_append = undef, + $location_custom_cfg_prepend = undef, + $location_custom_cfg_append = undef, + $try_files = undef, + $proxy_cache = false, + $proxy_cache_valid = false, + $proxy_method = undef, + $proxy_set_body = undef, + $auth_basic = undef, + $auth_basic_user_file = undef, + $rewrite_rules = [], + $priority = 500 +) { File { owner => 'root', group => 'root', @@ -147,22 +148,19 @@ notify => Class['nginx::service'], } - validate_re($ensure, '^(present|absent)$', "${ensure} is not supported for ensure. Allowed values are 'present' and 'absent'.") + validate_re($ensure, '^(present|absent)$', + "${ensure} is not supported for ensure. Allowed values are 'present' and 'absent'.") validate_string($location) - if ($vhost != undef) { validate_string($vhost) } - if ($www_root != undef) { validate_string($www_root) } - if ($autoindex != undef) { validate_string($autoindex) } validate_array($index_files) - if ($proxy != undef) { validate_string($proxy) } @@ -170,114 +168,90 @@ validate_string($proxy_read_timeout) validate_string($proxy_connect_timeout) validate_array($proxy_set_header) - if ($fastcgi != undef) { validate_string($fastcgi) } validate_string($fastcgi_params) - if ($fastcgi_script != undef) { validate_string($fastcgi_script) } - if ($fastcgi_split_path != undef) { validate_string($fastcgi_split_path) } validate_bool($ssl) validate_bool($ssl_only) - if ($location_alias != undef) { validate_string($location_alias) } - if ($location_allow != undef) { validate_array($location_allow) } - if ($location_deny != undef) { validate_array($location_deny) } - if ($option != undef) { warning('The $option parameter has no effect and is deprecated.') } - if ($stub_status != undef) { validate_bool($stub_status) } - if ($location_custom_cfg != undef) { validate_hash($location_custom_cfg) } - if ($location_cfg_prepend != undef) { validate_hash($location_cfg_prepend) } - if ($location_cfg_append != undef) { validate_hash($location_cfg_append) } - if ($try_files != undef) { validate_array($try_files) } - if ($proxy_cache != false) { validate_string($proxy_cache) } - if ($proxy_cache_valid != false) { validate_string($proxy_cache_valid) } - if ($proxy_method != undef) { validate_string($proxy_method) } - if ($proxy_set_body != undef) { validate_string($proxy_set_body) } - if ($auth_basic != undef) { validate_string($auth_basic) } - if ($auth_basic_user_file != undef) { validate_string($auth_basic_user_file) } - if !is_integer($priority) { fail('$priority must be an integer.') } validate_array($rewrite_rules) - if ($priority < 401) or ($priority > 899) { fail('$priority must be in the range 401-899.') } # # Shared Variables - $ensure_real = $ensure ? { + $ensure_real = $ensure ? { 'absent' => absent, default => file, } - $vhost_sanitized = regsubst($vhost, ' ', '_', 'G') - $config_file = "${nginx::config::nx_conf_dir}/sites-available/${vhost_sanitized}.conf" + $vhost_sanitized = regsubst($vhost, ' ', '_', 'G') + $config_file = "${nginx::config::nx_conf_dir}/sites-available/${vhost_sanitized}.conf" $location_sanitized_tmp = regsubst($location, '\/', '_', 'G') - $location_sanitized = regsubst($location_sanitized_tmp, '\\', '_', 'G') + $location_sanitized = regsubst($location_sanitized_tmp, '\\', '_', 'G') - # # Check for various error conditions + ## Check for various error conditions if ($vhost == undef) { fail('Cannot create a location reference without attaching to a virtual host') } - - if (($www_root == undef) and ($proxy == undef) and ($location_alias == undef) and ($stub_status == undef) and ($fastcgi == undef) - and ($location_custom_cfg == undef)) { - fail('Cannot create a location reference without a www_root, proxy, location_alias, fastcgi, stub_status, or location_custom_cfg defined' - ) + if (($www_root == undef) and ($proxy == undef) and ($location_alias == undef) and ($stub_status == undef) and ($fastcgi == undef) and ($location_custom_cfg == undef)) { + fail('Cannot create a location reference without a www_root, proxy, location_alias, fastcgi, stub_status, or location_custom_cfg defined') } - if (($www_root != undef) and ($proxy != undef)) { fail('Cannot define both directory and proxy in a virtual host') } @@ -305,12 +279,12 @@ } } - # # Create stubs for vHost File Fragment Pattern + ## Create stubs for vHost File Fragment Pattern if ($ssl_only != true) { $tmpFile=md5("${vhost_sanitized}-${priority}-${location_sanitized}") - - concat::fragment {"${tmpFile}" : + + concat::fragment { "${tmpFile}": ensure => present, target => $config_file, content => $content_real, @@ -318,13 +292,14 @@ } } - # # Only create SSL Specific locations if $ssl is true. + ## Only create SSL Specific locations if $ssl is true. if ($ssl == true) { + $ssl_priority = $priority + 300 - $sslTmpFile = md5("${vhost_sanitized}-${ssl_priority}-${location_sanitized}-ssl") - - concat::fragment { "${sslTmpFile}": + $sslTmpFile=md5("${vhost_sanitized}-${ssl_priority}-${location_sanitized}-ssl") + + concat::fragment {"${sslTmpFile}": ensure => present, target => $config_file, content => $content_real, @@ -333,9 +308,11 @@ } if ($auth_basic_user_file != undef) { - # Generate htpasswd with provided file-locations + #Generate htpasswd with provided file-locations file { "${nginx::params::nx_conf_dir}/${location_sanitized}_htpasswd": ensure => $ensure, mode => '0644', source => $auth_basic_user_file, - } \ No newline at end of file + } + } +}