From cbfd643f6e4aa03a2c14775f51fb8062daf1bfbf Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Sun, 30 Aug 2020 23:11:24 +0200 Subject: [PATCH] Stricter data types --- manifests/init.pp | 22 +++++++++++----------- manifests/resource/location.pp | 2 +- manifests/resource/mailhost.pp | 8 ++++---- manifests/resource/server.pp | 10 +++++----- manifests/resource/streamhost.pp | 8 ++++---- spec/defines/resource_mailhost_spec.rb | 16 ++++++++-------- spec/type_aliases/headers_spec.rb | 8 ++++++++ spec/type_aliases/listen_v4_spec.rb | 11 +++++++++++ spec/type_aliases/listen_v6_spec.rb | 11 +++++++++++ types/headers.pp | 1 + types/listen/v4.pp | 2 ++ types/listen/v6.pp | 2 ++ 12 files changed, 68 insertions(+), 33 deletions(-) create mode 100644 spec/type_aliases/headers_spec.rb create mode 100644 spec/type_aliases/listen_v4_spec.rb create mode 100644 spec/type_aliases/listen_v6_spec.rb create mode 100644 types/headers.pp create mode 100644 types/listen/v4.pp create mode 100644 types/listen/v6.pp diff --git a/manifests/init.pp b/manifests/init.pp index 904db3fc4..30722f50c 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -49,14 +49,14 @@ Variant[Stdlib::Absolutepath, Boolean] $client_body_temp_path = $nginx::params::client_body_temp_path, Boolean $confd_only = false, Boolean $confd_purge = false, - $conf_dir = $nginx::params::conf_dir, + Stdlib::Absolutepath $conf_dir = $nginx::params::conf_dir, Optional[Enum['on', 'off']] $daemon = undef, - $daemon_user = $nginx::params::daemon_user, - $daemon_group = undef, + String[1] $daemon_user = $nginx::params::daemon_user, + Optional[String[1]] $daemon_group = undef, Array[String] $dynamic_modules = [], - $global_owner = $nginx::params::global_owner, - $global_group = $nginx::params::global_group, - $global_mode = $nginx::params::global_mode, + String[1] $global_owner = $nginx::params::global_owner, + String[1] $global_group = $nginx::params::global_group, + Stdlib::Filemode $global_mode = $nginx::params::global_mode, Optional[Variant[String[1], Array[String[1]]]] $limit_req_zone = undef, Stdlib::Absolutepath $log_dir = $nginx::params::log_dir, String[1] $log_user = $nginx::params::log_user, @@ -66,20 +66,20 @@ $http_format_log = undef, Variant[String, Array[String]] $nginx_error_log = "${log_dir}/${nginx::params::nginx_error_log_file}", Nginx::ErrorLogSeverity $nginx_error_log_severity = 'error', - $pid = $nginx::params::pid, + Variant[Stdlib::Absolutepath, Boolean] $pid = $nginx::params::pid, Variant[Stdlib::Absolutepath, Boolean] $proxy_temp_path = $nginx::params::proxy_temp_path, - $root_group = $nginx::params::root_group, - $run_dir = $nginx::params::run_dir, + String[1] $root_group = $nginx::params::root_group, + Stdlib::Absolutepath $run_dir = $nginx::params::run_dir, $sites_available_owner = $nginx::params::sites_available_owner, $sites_available_group = $nginx::params::sites_available_group, $sites_available_mode = $nginx::params::sites_available_mode, Boolean $super_user = $nginx::params::super_user, - $temp_dir = $nginx::params::temp_dir, + Stdlib::Absolutepath $temp_dir = $nginx::params::temp_dir, Boolean $server_purge = false, Boolean $include_modules_enabled = $nginx::params::include_modules_enabled, # Primary Templates - $conf_template = 'nginx/conf.d/nginx.conf.erb', + String[1] $conf_template = 'nginx/conf.d/nginx.conf.erb', ### START Nginx Configuration ### Optional[Enum['on', 'off']] $absolute_redirect = undef, diff --git a/manifests/resource/location.pp b/manifests/resource/location.pp index 096a58265..2ac92de82 100644 --- a/manifests/resource/location.pp +++ b/manifests/resource/location.pp @@ -256,7 +256,7 @@ Boolean $mp4 = false, Boolean $flv = false, Optional[String] $expires = undef, - Hash $add_header = {}, + Nginx::Headers $add_header = {}, Optional[Enum['on', 'off', 'always']] $gzip_static = undef, ) { if ! defined(Class['nginx']) { diff --git a/manifests/resource/mailhost.pp b/manifests/resource/mailhost.pp index cb3fa9c35..46539e089 100644 --- a/manifests/resource/mailhost.pp +++ b/manifests/resource/mailhost.pp @@ -77,10 +77,10 @@ define nginx::resource::mailhost ( Stdlib::Port $listen_port, Enum['absent', 'present'] $ensure = 'present', - Variant[Array[String], String] $listen_ip = '*', + Nginx::Listen::V4 $listen_ip = '*', Optional[String] $listen_options = undef, Boolean $ipv6_enable = false, - Variant[Array[String], String] $ipv6_listen_ip = '::', + Nginx::Listen::V6 $ipv6_listen_ip = '::', Stdlib::Port $ipv6_listen_port = 80, String $ipv6_listen_options = 'default ipv6only=on', Boolean $ssl = false, @@ -102,10 +102,10 @@ Optional[String] $ssl_trusted_cert = undef, Optional[Integer] $ssl_verify_depth = undef, Enum['on', 'off', 'only'] $starttls = 'off', - $protocol = undef, + Optional[Enum['imap', 'pop3', 'smtp']] $protocol = undef, Optional[String] $auth_http = undef, Optional[String] $auth_http_header = undef, - String $xclient = 'on', + Enum['on', 'off'] $xclient = 'on', Optional[String] $imap_auth = undef, Optional[Array] $imap_capabilities = undef, Optional[String] $imap_client_buffer = undef, diff --git a/manifests/resource/server.pp b/manifests/resource/server.pp index 31eee9cfe..450e5c1a9 100644 --- a/manifests/resource/server.pp +++ b/manifests/resource/server.pp @@ -154,8 +154,8 @@ # } define nginx::resource::server ( Enum['absent', 'present'] $ensure = 'present', - Variant[Array, String] $listen_ip = '*', - Integer $listen_port = 80, + Nginx::Listen::V4 $listen_ip = '*', + Stdlib::Port $listen_port = 80, Optional[String] $listen_options = undef, Boolean $listen_unix_socket_enable = false, Variant[Array[Stdlib::Absolutepath], Stdlib::Absolutepath] $listen_unix_socket = '/var/run/nginx.sock', @@ -164,10 +164,10 @@ Array $location_allow = [], Array $location_deny = [], Boolean $ipv6_enable = false, - Variant[Array, String] $ipv6_listen_ip = '::', - Integer $ipv6_listen_port = 80, + Nginx::Listen::V6 $ipv6_listen_ip = '::', + Stdlib::Port $ipv6_listen_port = 80, String $ipv6_listen_options = 'default ipv6only=on', - Hash $add_header = {}, + Nginx::Headers $add_header = {}, Boolean $ssl = false, Boolean $ssl_listen_option = true, Optional[Variant[String, Boolean]] $ssl_cert = undef, diff --git a/manifests/resource/streamhost.pp b/manifests/resource/streamhost.pp index 02db50571..58fa0d9fe 100644 --- a/manifests/resource/streamhost.pp +++ b/manifests/resource/streamhost.pp @@ -48,12 +48,12 @@ # } define nginx::resource::streamhost ( Enum['absent', 'present'] $ensure = 'present', - Variant[Array, String] $listen_ip = '*', - Integer $listen_port = 80, + Nginx::Listen::V4 $listen_ip = '*', + Stdlib::Port $listen_port = 80, Optional[String] $listen_options = undef, Boolean $ipv6_enable = false, - Variant[Array, String] $ipv6_listen_ip = '::', - Integer $ipv6_listen_port = 80, + Nginx::Listen::V6 $ipv6_listen_ip = '::', + Stdlib::Port $ipv6_listen_port = 80, String $ipv6_listen_options = 'default ipv6only=on', $proxy = undef, String $proxy_read_timeout = $nginx::proxy_read_timeout, diff --git a/spec/defines/resource_mailhost_spec.rb b/spec/defines/resource_mailhost_spec.rb index f6812e502..4011a490c 100644 --- a/spec/defines/resource_mailhost_spec.rb +++ b/spec/defines/resource_mailhost_spec.rb @@ -96,14 +96,14 @@ { title: 'should set protocol', attr: 'protocol', - value: 'test-protocol', - match: ' protocol test-protocol;' + value: 'imap', + match: ' protocol imap;' }, { title: 'should set xclient', attr: 'xclient', - value: 'test-xclient', - match: ' xclient test-xclient;' + value: 'off', + match: ' xclient off;' }, { title: 'should set auth_http', @@ -533,14 +533,14 @@ { title: 'should set protocol', attr: 'protocol', - value: 'test-protocol', - match: ' protocol test-protocol;' + value: 'imap', + match: ' protocol imap;' }, { title: 'should set xclient', attr: 'xclient', - value: 'test-xclient', - match: ' xclient test-xclient;' + value: 'off', + match: ' xclient off;' }, { title: 'should set auth_http', diff --git a/spec/type_aliases/headers_spec.rb b/spec/type_aliases/headers_spec.rb new file mode 100644 index 000000000..86d6434ed --- /dev/null +++ b/spec/type_aliases/headers_spec.rb @@ -0,0 +1,8 @@ +require 'spec_helper' + +describe 'Nginx::Headers' do + it { is_expected.to allow_value({ 'header3' => { '' => '\'test value 3\' tv3' }, 'header2' => { 'test value 2' => 'tv2' }, 'header1' => 'test value 1' }) } + it { is_expected.to allow_value({ 'Content-type' => 'application/html' }) } + it { is_expected.not_to allow_value({ 'Content-Type' => '' }) } + it { is_expected.not_to allow_value({ '' => 'application/html' }) } +end diff --git a/spec/type_aliases/listen_v4_spec.rb b/spec/type_aliases/listen_v4_spec.rb new file mode 100644 index 000000000..553d085d1 --- /dev/null +++ b/spec/type_aliases/listen_v4_spec.rb @@ -0,0 +1,11 @@ +require 'spec_helper' + +describe 'Nginx::Listen::V4' do + it { is_expected.to allow_value('*') } + it { is_expected.to allow_value('127.0.0.1') } + it { is_expected.to allow_value('192.0.2.1') } + it { is_expected.to allow_value(['198.51.100.1', '203.0.113.1']) } + it { is_expected.not_to allow_value('192.0.2.1/24') } + it { is_expected.not_to allow_value('::') } + it { is_expected.not_to allow_value('2001:db8::1') } +end diff --git a/spec/type_aliases/listen_v6_spec.rb b/spec/type_aliases/listen_v6_spec.rb new file mode 100644 index 000000000..16be035c1 --- /dev/null +++ b/spec/type_aliases/listen_v6_spec.rb @@ -0,0 +1,11 @@ +require 'spec_helper' + +describe 'Nginx::Listen::V6' do + it { is_expected.to allow_value('::') } + it { is_expected.to allow_value('::1') } + it { is_expected.to allow_value('2001:db8::1') } + it { is_expected.to allow_value(['2001:db8::1', '2001:0db8:ffff:ffff:ffff:ffff:ffff:ffff']) } + it { is_expected.not_to allow_value('2001:db8::/64') } + it { is_expected.not_to allow_value('192.0.2.1') } + it { is_expected.not_to allow_value('*') } +end diff --git a/types/headers.pp b/types/headers.pp new file mode 100644 index 000000000..fdb7568d2 --- /dev/null +++ b/types/headers.pp @@ -0,0 +1 @@ +type Nginx::Headers = Hash[String[1], Variant[String[1], Hash[String, String]]] diff --git a/types/listen/v4.pp b/types/listen/v4.pp new file mode 100644 index 000000000..d906d0c33 --- /dev/null +++ b/types/listen/v4.pp @@ -0,0 +1,2 @@ +# Listen on IPv4 statement +type Nginx::Listen::V4 = Variant[Enum['*'], Array[Stdlib::IP::Address::V4::Nosubnet], Stdlib::IP::Address::V4::Nosubnet] diff --git a/types/listen/v6.pp b/types/listen/v6.pp new file mode 100644 index 000000000..52ca378e9 --- /dev/null +++ b/types/listen/v6.pp @@ -0,0 +1,2 @@ +# Listen on IPv6 statement +type Nginx::Listen::V6 = Variant[Array[Stdlib::IP::Address::V6::Nosubnet], Stdlib::IP::Address::V6::Nosubnet]