From ce2c70c8d0c9a7c6998527a5cabe74987aa71a03 Mon Sep 17 00:00:00 2001 From: Gordon Bleux Date: Thu, 7 Oct 2021 21:13:26 +0200 Subject: [PATCH] make directory mode configurable for X_tmp_path nginx manages the directory permissions on its own, so the default value is undef to avoid conflicts. --- REFERENCE.md | 70 ++++++++++++++++++++++++++------------ manifests/config.pp | 4 +-- manifests/init.pp | 14 ++++++++ spec/classes/nginx_spec.rb | 46 +++++++++++++++++++++++++ 4 files changed, 111 insertions(+), 23 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index 7a61fb202..6f44d2cc0 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -78,7 +78,12 @@ The following parameters are available in the `nginx` class: * [`service_config_check`](#service_config_check) * [`service_config_check_command`](#service_config_check_command) * [`reset_timedout_connection`](#reset_timedout_connection) +* [`nginx_snippets`](#nginx_snippets) +* [`nginx_snippets_defaults`](#nginx_snippets_defaults) +* [`proxy_temp_mode`](#proxy_temp_mode) +* [`proxy_temp_path`](#proxy_temp_path) * [`client_body_temp_path`](#client_body_temp_path) +* [`client_body_temp_mode`](#client_body_temp_mode) * [`confd_only`](#confd_only) * [`confd_purge`](#confd_purge) * [`conf_dir`](#conf_dir) @@ -99,9 +104,7 @@ The following parameters are available in the `nginx` class: * [`nginx_error_log`](#nginx_error_log) * [`nginx_error_log_severity`](#nginx_error_log_severity) * [`pid`](#pid) -* [`proxy_temp_path`](#proxy_temp_path) * [`root_group`](#root_group) -* [`run_dir`](#run_dir) * [`sites_available_owner`](#sites_available_owner) * [`sites_available_group`](#sites_available_group) * [`sites_available_mode`](#sites_available_mode) @@ -306,13 +309,53 @@ with the non-standard code 444. Default value: ``undef`` +##### `nginx_snippets` + +Data type: `Hash` + +Specifies a hash from which to generate `nginx::resource::snippet` resources. + +Default value: `{}` + +##### `nginx_snippets_defaults` + +Data type: `Hash` + +Can be used to define default values for the parameter `nginx_snippets`. + +Default value: `{}` + +##### `proxy_temp_mode` + +Data type: `Optional[Stdlib::Filemode]` + +Permissions for the $proxy_temp_path file resource. + +Default value: ``undef`` + +##### `proxy_temp_path` + +Data type: `Optional[Stdlib::Absolutepath]` + +Directory for storing temporary files with data received from proxied servers. + +Default value: ``undef`` + ##### `client_body_temp_path` -Data type: `Variant[Stdlib::Absolutepath, Boolean]` +Data type: `Optional[Stdlib::Absolutepath]` +Directory for storing temporary files holding client request bodies. +Default value: ``undef`` -Default value: `$nginx::params::client_body_temp_path` +##### `client_body_temp_mode` + +Data type: `Optional[Stdlib::Filemode]` + +Permissions for the $client_body_temp_path file resource. + +Default value: ``undef`` ##### `confd_only` @@ -474,14 +517,6 @@ Data type: `Any` Default value: `$nginx::params::pid` -##### `proxy_temp_path` - -Data type: `Variant[Stdlib::Absolutepath, Boolean]` - - - -Default value: `$nginx::params::proxy_temp_path` - ##### `root_group` Data type: `Any` @@ -490,14 +525,6 @@ Data type: `Any` Default value: `$nginx::params::root_group` -##### `run_dir` - -Data type: `Any` - - - -Default value: `$nginx::params::run_dir` - ##### `sites_available_owner` Data type: `Any` @@ -1076,6 +1103,7 @@ Default value: `[ 'Host $host', 'X-Real-IP $remote_addr', 'X-Forwarded-For $proxy_add_x_forwarded_for', + 'X-Forwarded-Host $host', 'X-Forwarded-Proto $scheme', 'Proxy ""', ]` @@ -2793,7 +2821,7 @@ Default value: `'off'` ##### `protocol` -Data type: `Optional[Enum['imap', 'pop3', 'smtp']]` +Data type: `Optional[Enum['imap', 'pop3', 'sieve', 'smtp']]` Mail protocol to use diff --git a/manifests/config.pp b/manifests/config.pp index 84cd151c6..2a7d1e9fe 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -205,7 +205,7 @@ file { $client_body_temp_path: ensure => directory, owner => $daemon_user, - mode => '0700', + mode => $nginx::client_body_temp_mode, } } @@ -213,7 +213,7 @@ file { $proxy_temp_path: ensure => directory, owner => $daemon_user, - mode => '0700', + mode => $nginx::proxy_temp_mode, } } diff --git a/manifests/init.pp b/manifests/init.pp index 1d8cbae3b..f98997483 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -44,9 +44,22 @@ # @param nginx_snippets_defaults # Can be used to define default values for the parameter `nginx_snippets`. # +# @param proxy_temp_mode +# Permissions for the $proxy_temp_path file resource. +# +# @param proxy_temp_path +# Directory for storing temporary files with data received from proxied servers. +# +# @param client_body_temp_path +# Directory for storing temporary files holding client request bodies. +# +# @param client_body_temp_mode +# Permissions for the $client_body_temp_path file resource. +# class nginx ( ### START Nginx Configuration ### Optional[Stdlib::Absolutepath] $client_body_temp_path = undef, + Optional[Stdlib::Filemode] $client_body_temp_mode = undef, Boolean $confd_only = false, Boolean $confd_purge = false, $conf_dir = $nginx::params::conf_dir, @@ -68,6 +81,7 @@ Nginx::ErrorLogSeverity $nginx_error_log_severity = 'error', $pid = $nginx::params::pid, Optional[Stdlib::Absolutepath] $proxy_temp_path = undef, + Optional[Stdlib::Filemode] $proxy_temp_mode = undef, $root_group = $nginx::params::root_group, $sites_available_owner = $nginx::params::sites_available_owner, $sites_available_group = $nginx::params::sites_available_group, diff --git a/spec/classes/nginx_spec.rb b/spec/classes/nginx_spec.rb index 39dfe999e..64b549db1 100644 --- a/spec/classes/nginx_spec.rb +++ b/spec/classes/nginx_spec.rb @@ -1372,6 +1372,52 @@ it { is_expected.to contain_file('/var/log/nginx').with(mode: '0771') } end + context 'when proxy_temp_path is non-default' do + let(:params) { { proxy_temp_path: '/tmp/nginx_proxy' } } + + it do + is_expected.to contain_file('/tmp/nginx_proxy'). + without('mode') + end + end + + context 'when proxy_temp_mode is non-default' do + let(:params) do + { + proxy_temp_path: '/tmp/nginx_proxy', + proxy_temp_mode: '0771', + } + end + + it do + is_expected.to contain_file('/tmp/nginx_proxy'). + with_mode('0771') + end + end + + context 'when client_body_temp_path is non-default' do + let(:params) { { client_body_temp_path: '/tmp/nginx_client' } } + + it do + is_expected.to contain_file('/tmp/nginx_client'). + without('mode') + end + end + + context 'when client_body_temp_mode is non-default' do + let(:params) do + { + client_body_temp_path: '/tmp/nginx_client', + client_body_temp_mode: '0771', + } + end + + it do + is_expected.to contain_file('/tmp/nginx_client'). + with_mode('0771') + end + end + context 'when gzip is non-default (on) test gzip defaults' do let(:params) { { gzip: 'on' } }