diff --git a/manifests/init.pp b/manifests/init.pp index 66c5e1bb6..5ae3916c0 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -26,150 +26,150 @@ # } class nginx ( ### START Nginx Configuration ### - $client_body_temp_path = $nginx::params::client_body_temp_path, - Boolean $confd_only = false, - Boolean $confd_purge = false, - $conf_dir = $nginx::params::conf_dir, - Optional[Enum['on', 'off']] $daemon = undef, - $daemon_user = $nginx::params::daemon_user, - $daemon_group = undef, - Array[String] $dynamic_modules = [], - $global_owner = $nginx::params::global_owner, - $global_group = $nginx::params::global_group, - $global_mode = $nginx::params::global_mode, - $log_dir = $nginx::params::log_dir, - $log_group = $nginx::params::log_group, - $log_mode = '0750', - Variant[String, Array[String]] $http_access_log = "${log_dir}/${::nginx::params::http_access_log_file}", - $http_format_log = undef, - Variant[String, Array[String]] $nginx_error_log = "${log_dir}/${::nginx::params::nginx_error_log_file}", - Nginx::ErrorLogSeverity $nginx_error_log_severity = 'error', - $pid = $nginx::params::pid, - $proxy_temp_path = $nginx::params::proxy_temp_path, - $root_group = $nginx::params::root_group, - $run_dir = $nginx::params::run_dir, - $sites_available_owner = $nginx::params::sites_available_owner, - $sites_available_group = $nginx::params::sites_available_group, - $sites_available_mode = $nginx::params::sites_available_mode, - Boolean $super_user = $nginx::params::super_user, - $temp_dir = $nginx::params::temp_dir, - Boolean $server_purge = false, + String[1] $client_body_temp_path = $::nginx::params::client_body_temp_path, + Boolean $confd_only = false, + Boolean $confd_purge = false, + String[1] $conf_dir = $::nginx::params::conf_dir, + Optional[Nginx::Toggle] $daemon = undef, + String[1] $daemon_user = $::nginx::params::daemon_user, + Optional[String[1]] $daemon_group = undef, + Array[String[1]] $dynamic_modules = [], + String[1] $global_owner = $::nginx::params::global_owner, + String[1] $global_group = $::nginx::params::global_group, + Stdlib::Filemode $global_mode = $::nginx::params::global_mode, + String[1] $log_dir = $::nginx::params::log_dir, + String[1] $log_group = $::nginx::params::log_group, + Stdlib::Filemode $log_mode = '0750', + Variant[String[1], Array[String[1]]] $http_access_log = "${log_dir}/${::nginx::params::http_access_log_file}", + Optional[String[1]] $http_format_log = undef, + Variant[String[1], Array[String[1]]] $nginx_error_log = "${log_dir}/${::nginx::params::nginx_error_log_file}", + Nginx::ErrorLogSeverity $nginx_error_log_severity = 'error', + Variant[String[1], Boolean] $pid = $::nginx::params::pid, + String[1] $proxy_temp_path = $::nginx::params::proxy_temp_path, + String[1] $root_group = $::nginx::params::root_group, + Stdlib::Unixpath $run_dir = $::nginx::params::run_dir, + String[1] $sites_available_owner = $::nginx::params::sites_available_owner, + String[1] $sites_available_group = $::nginx::params::sites_available_group, + Stdlib::Filemode $sites_available_mode = $::nginx::params::sites_available_mode, + Boolean $super_user = $::nginx::params::super_user, + String[1] $temp_dir = $::nginx::params::temp_dir, + Boolean $server_purge = false, # Primary Templates - $conf_template = 'nginx/conf.d/nginx.conf.erb', + String[1] $conf_template = 'nginx/conf.d/nginx.conf.erb', ### START Nginx Configuration ### - $accept_mutex = 'on', - $accept_mutex_delay = '500ms', - $client_body_buffer_size = '128k', - String $client_max_body_size = '10m', - $client_body_timeout = '60s', - $send_timeout = '60s', - $lingering_timeout = '5s', - Optional[Enum['on', 'off']] $etag = undef, - Optional[String] $events_use = undef, - String $fastcgi_cache_inactive = '20m', - Optional[String] $fastcgi_cache_key = undef, - String $fastcgi_cache_keys_zone = 'd3:100m', - String $fastcgi_cache_levels = '1', - String $fastcgi_cache_max_size = '500m', - Optional[String] $fastcgi_cache_path = undef, - Optional[String] $fastcgi_cache_use_stale = undef, - $gzip = 'on', - $gzip_buffers = undef, - $gzip_comp_level = 1, - $gzip_disable = 'msie6', - $gzip_min_length = 20, - $gzip_http_version = 1.1, - $gzip_proxied = 'off', - $gzip_types = undef, - $gzip_vary = 'off', - Optional[Variant[Hash, Array]] $http_cfg_prepend = undef, - Optional[Variant[Hash, Array]] $http_cfg_append = undef, - Optional[Variant[Array[String], String]] $http_raw_prepend = undef, - Optional[Variant[Array[String], String]] $http_raw_append = undef, - $http_tcp_nodelay = 'on', - $http_tcp_nopush = 'off', - $keepalive_timeout = '65s', - $keepalive_requests = '100', - $log_format = {}, - Boolean $mail = false, - Boolean $stream = false, - String $multi_accept = 'off', - Integer $names_hash_bucket_size = 64, - Integer $names_hash_max_size = 512, - $nginx_cfg_prepend = false, - String $proxy_buffers = '32 4k', - String $proxy_buffer_size = '8k', - String $proxy_cache_inactive = '20m', - String $proxy_cache_keys_zone = 'd2:100m', - String $proxy_cache_levels = '1', - String $proxy_cache_max_size = '500m', - Optional[Variant[Hash, String]] $proxy_cache_path = undef, - Optional[Integer] $proxy_cache_loader_files = undef, - Optional[String] $proxy_cache_loader_sleep = undef, - Optional[String] $proxy_cache_loader_threshold = undef, - Optional[Enum['on', 'off']] $proxy_use_temp_path = undef, - $proxy_connect_timeout = '90s', - Integer $proxy_headers_hash_bucket_size = 64, - Optional[String] $proxy_http_version = undef, - $proxy_read_timeout = '90s', - $proxy_redirect = undef, - $proxy_send_timeout = '90s', - Array $proxy_set_header = [ + Nginx::Toggle $accept_mutex = 'on', + Nginx::Duration $accept_mutex_delay = '500ms', + String[1] $client_body_buffer_size = '128k', + String[1] $client_max_body_size = '10m', + Nginx::Duration $client_body_timeout = '60s', + Nginx::Duration $send_timeout = '60s', + Nginx::Duration $lingering_timeout = '5s', + Optional[Nginx::Toggle] $etag = undef, + Optional[String[1]] $events_use = undef, + Nginx::Duration $fastcgi_cache_inactive = '20m', + Optional[String[1]] $fastcgi_cache_key = undef, + String[1] $fastcgi_cache_keys_zone = 'd3:100m', + String[1] $fastcgi_cache_levels = '1', + String[1] $fastcgi_cache_max_size = '500m', + Optional[String[1]] $fastcgi_cache_path = undef, + Optional[String[1]] $fastcgi_cache_use_stale = undef, + Nginx::Toggle $gzip = 'on', + Optional[String[1]] $gzip_buffers = undef, + Integer[1,9] $gzip_comp_level = 1, + String[1] $gzip_disable = 'msie6', + String[1] $gzip_min_length = '20', + Enum['1.0', '1.1'] $gzip_http_version = '1.1', + String[1] $gzip_proxied = 'off', + Optional[Variant[Array[String[1]], String[1]]] $gzip_types = undef, + Nginx::Toggle $gzip_vary = 'off', + Optional[Nginx::Directives] $http_cfg_prepend = undef, + Optional[Nginx::Directives] $http_cfg_append = undef, + Optional[Variant[Array[String[1]], String[1]]] $http_raw_prepend = undef, + Optional[Variant[Array[String[1]], String[1]]] $http_raw_append = undef, + Nginx::Toggle $http_tcp_nodelay = 'on', + Optional[Nginx::Toggle] $http_tcp_nopush = undef, + Nginx::Duration $keepalive_timeout = '65s', + String[1] $keepalive_requests = '100', + Hash[String[1],String] $log_format = {}, + Boolean $mail = false, + Boolean $stream = false, + Nginx::Toggle $multi_accept = 'off', + Integer $names_hash_bucket_size = 64, + Integer $names_hash_max_size = 512, + Optional[Nginx::Directives] $nginx_cfg_prepend = undef, + String[1] $proxy_buffers = '32 4k', + String[1] $proxy_buffer_size = '8k', + Nginx::Duration $proxy_cache_inactive = '20m', + String[1] $proxy_cache_keys_zone = 'd2:100m', + String[1] $proxy_cache_levels = '1', + String[1] $proxy_cache_max_size = '500m', + Optional[Variant[Hash[String[1],String], String[1]]] $proxy_cache_path = undef, + Optional[Integer] $proxy_cache_loader_files = undef, + Optional[String[1]] $proxy_cache_loader_sleep = undef, + Optional[String[1]] $proxy_cache_loader_threshold = undef, + Optional[Nginx::Toggle] $proxy_use_temp_path = undef, + Nginx::Duration $proxy_connect_timeout = '90s', + Integer $proxy_headers_hash_bucket_size = 64, + Optional[Enum['1.0', '1.1']] $proxy_http_version = undef, + Nginx::Duration $proxy_read_timeout = '90s', + Optional[String[1]] $proxy_redirect = undef, + Nginx::Duration $proxy_send_timeout = '90s', + Array[String[1]] $proxy_set_header = [ 'Host $host', 'X-Real-IP $remote_addr', 'X-Forwarded-For $proxy_add_x_forwarded_for', 'Proxy ""', ], - Array $proxy_hide_header = [], - Array $proxy_pass_header = [], - Array $proxy_ignore_header = [], - $sendfile = 'on', - String $server_tokens = 'on', - $spdy = 'off', - $http2 = 'off', - $ssl_stapling = 'off', - $types_hash_bucket_size = '512', - $types_hash_max_size = '1024', - Integer $worker_connections = 1024, - Enum['on', 'off'] $ssl_prefer_server_ciphers = 'on', - Variant[Integer, Enum['auto']] $worker_processes = 1, - Integer $worker_rlimit_nofile = 1024, - $ssl_protocols = 'TLSv1 TLSv1.1 TLSv1.2', - $ssl_ciphers = 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS', # lint:ignore:140chars - Optional[Stdlib::Unixpath] $ssl_dhparam = undef, + Array[String[1]] $proxy_hide_header = [], + Array[String[1]] $proxy_pass_header = [], + Array[String[1]] $proxy_ignore_header = [], + Optional[Nginx::Toggle] $sendfile = undef, + String[1] $server_tokens = 'on', + Boolean $spdy = false, + Boolean $http2 = false, + Nginx::Toggle $ssl_stapling = 'off', + Integer $types_hash_bucket_size = 512, + Integer $types_hash_max_size = 1024, + Integer $worker_connections = 1024, + Nginx::Toggle $ssl_prefer_server_ciphers = 'on', + Variant[Integer, Enum['auto']] $worker_processes = 1, + Integer $worker_rlimit_nofile = 1024, + String[1] $ssl_protocols = 'TLSv1 TLSv1.1 TLSv1.2', + String[1] $ssl_ciphers = 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS', # lint:ignore:140chars + Optional[String[1]] $ssl_dhparam = undef, ### START Package Configuration ### - $package_ensure = present, - $package_name = $nginx::params::package_name, - $package_source = 'nginx', - $package_flavor = undef, - $manage_repo = $nginx::params::manage_repo, - Optional[String] $repo_release = undef, - $passenger_package_ensure = 'present', + String[1] $package_ensure = present, + String[1] $package_name = $::nginx::params::package_name, + String[1] $package_source = 'nginx', + Optional[String[1]] $package_flavor = undef, + Boolean $manage_repo = $::nginx::params::manage_repo, + Optional[String[1]] $repo_release = undef, + String[1] $passenger_package_ensure = 'present', ### END Package Configuration ### ### START Service Configuation ### - $service_ensure = running, - $service_flags = undef, - $service_restart = undef, - $service_name = 'nginx', - $service_manage = true, + Enum['running', 'absent', 'stopped', 'undef'] $service_ensure = running, + Optional[String[1]] $service_flags = undef, + Optional[String[1]] $service_restart = undef, + String[1] $service_name = 'nginx', + Boolean $service_manage = true, ### END Service Configuration ### ### START Hiera Lookups ### - $geo_mappings = {}, - $string_mappings = {}, - $nginx_locations = {}, - $nginx_locations_defaults = {}, - $nginx_mailhosts = {}, - $nginx_mailhosts_defaults = {}, - $nginx_streamhosts = {}, - $nginx_upstreams = {}, - $nginx_servers = {}, - $nginx_servers_defaults = {}, - Boolean $purge_passenger_repo = true, + Hash $geo_mappings = {}, + Hash $string_mappings = {}, + Hash $nginx_locations = {}, + Hash $nginx_locations_defaults = {}, + Hash $nginx_mailhosts = {}, + Hash $nginx_mailhosts_defaults = {}, + Hash $nginx_streamhosts = {}, + Hash $nginx_upstreams = {}, + Hash $nginx_servers = {}, + Hash $nginx_servers_defaults = {}, + Boolean $purge_passenger_repo = true, ### END Hiera Lookups ### ) inherits nginx::params { diff --git a/manifests/resource/geo.pp b/manifests/resource/geo.pp index e8d120c75..dc63609de 100644 --- a/manifests/resource/geo.pp +++ b/manifests/resource/geo.pp @@ -53,14 +53,14 @@ define nginx::resource::geo ( - Hash $networks, - Optional[String] $default = undef, - Enum['present', 'absent'] $ensure = 'present', - Boolean $ranges = false, - Optional[String] $address = undef, - Optional[String] $delete = undef, - Optional[Array] $proxies = undef, - Optional[Boolean] $proxy_recursive = undef + Hash[Stdlib::IP::Address,String[1]] $networks, + Optional[String[1]] $default = undef, + Enum['present', 'absent'] $ensure = 'present', + Boolean $ranges = false, + Optional[String[1]] $address = undef, + Optional[Stdlib::IP::Address] $delete = undef, + Optional[Array[Stdlib::IP::Address]] $proxies = undef, + Boolean $proxy_recursive = false ) { if ! defined(Class['nginx']) { diff --git a/manifests/resource/location.pp b/manifests/resource/location.pp index 7ceed6685..92be9016e 100644 --- a/manifests/resource/location.pp +++ b/manifests/resource/location.pp @@ -160,71 +160,71 @@ # } define nginx::resource::location ( - Enum['present', 'absent'] $ensure = present, - Boolean $internal = false, - String $location = $name, - String $server = undef, - Optional[String] $www_root = undef, - Optional[String] $autoindex = undef, - Array $index_files = [ + Enum['present', 'absent'] $ensure = present, + Boolean $internal = false, + String $location = $name, + String $server = undef, + Optional[String[1]] $www_root = undef, + Optional[Nginx::Toggle] $autoindex = undef, + Array[String[1]] $index_files = [ 'index.html', 'index.htm', 'index.php'], - Optional[String] $proxy = undef, - Optional[String] $proxy_redirect = $nginx::proxy_redirect, - String $proxy_read_timeout = $nginx::proxy_read_timeout, - String $proxy_connect_timeout = $nginx::proxy_connect_timeout, - String $proxy_send_timeout = $nginx::proxy_send_timeout, - Array $proxy_set_header = $nginx::proxy_set_header, - Array $proxy_hide_header = $nginx::proxy_hide_header, - Array $proxy_pass_header = $nginx::proxy_pass_header, - Array $proxy_ignore_header = $nginx::proxy_ignore_header, - Optional[String] $proxy_next_upstream = undef, - Optional[String] $fastcgi = undef, - Optional[String] $fastcgi_index = undef, - Optional[Hash] $fastcgi_param = undef, - String $fastcgi_params = "${::nginx::conf_dir}/fastcgi.conf", - Optional[String] $fastcgi_script = undef, - Optional[String] $fastcgi_split_path = undef, - Optional[String] $uwsgi = undef, - Optional[Hash] $uwsgi_param = undef, - String $uwsgi_params = "${nginx::config::conf_dir}/uwsgi_params", - Optional[String] $uwsgi_read_timeout = undef, - Boolean $ssl = false, - Boolean $ssl_only = false, - Optional[String] $location_alias = undef, - Optional[Enum['any', 'all']] $location_satisfy = undef, - Optional[Array] $location_allow = undef, - Optional[Array] $location_deny = undef, - Optional[Boolean ] $stub_status = undef, - Optional[Variant[String, Array]] $raw_prepend = undef, - Optional[Variant[String, Array]] $raw_append = undef, - Optional[Hash] $location_custom_cfg = undef, - Optional[Hash] $location_cfg_prepend = undef, - Optional[Hash] $location_cfg_append = undef, - Optional[Hash] $location_custom_cfg_prepend = undef, - Optional[Hash] $location_custom_cfg_append = undef, - Optional[Array] $include = undef, - Optional[Array] $try_files = undef, - Optional[String] $proxy_cache = undef, - Optional[String] $proxy_cache_key = undef, - Optional[String] $proxy_cache_use_stale = undef, - Optional[Enum['on', 'off']] $proxy_cache_lock = undef, - Optional[Variant[Array, String]] $proxy_cache_valid = undef, - Optional[Variant[Array, String]] $proxy_cache_bypass = undef, - Optional[String] $proxy_method = undef, - Optional[String] $proxy_http_version = undef, - Optional[String] $proxy_set_body = undef, - Optional[Enum['on', 'off']] $proxy_buffering = undef, - Optional[String] $auth_basic = undef, - Optional[String] $auth_basic_user_file = undef, - Optional[String] $auth_request = undef, - Array $rewrite_rules = [], - Integer[401,599] $priority = 500, - Boolean $mp4 = false, - Boolean $flv = false, - Optional[String] $expires = undef, - Hash $add_header = {}, + Optional[Stdlib::Httpurl] $proxy = undef, + Optional[String[1]] $proxy_redirect = $::nginx::proxy_redirect, + Nginx::Duration $proxy_read_timeout = $::nginx::proxy_read_timeout, + Nginx::Duration $proxy_connect_timeout = $::nginx::proxy_connect_timeout, + Nginx::Duration $proxy_send_timeout = $::nginx::proxy_send_timeout, + Array[String[1]] $proxy_set_header = $::nginx::proxy_set_header, + Array[String[1]] $proxy_hide_header = $::nginx::proxy_hide_header, + Array[String[1]] $proxy_pass_header = $::nginx::proxy_pass_header, + Array[String[1]] $proxy_ignore_header = $::nginx::proxy_ignore_header, + Optional[String] $proxy_next_upstream = undef, + Optional[String] $fastcgi = undef, + Optional[String[1]] $fastcgi_index = undef, + Optional[Hash[String[1],String[1]]] $fastcgi_param = undef, + String[1] $fastcgi_params = "${::nginx::conf_dir}/fastcgi.conf", + Optional[String[1]] $fastcgi_script = undef, + Optional[String[1]] $fastcgi_split_path = undef, + Optional[String] $uwsgi = undef, + Optional[Hash[String[1],String]] $uwsgi_param = undef, + String[1] $uwsgi_params = "${nginx::config::conf_dir}/uwsgi_params", + Optional[Nginx::Duration] $uwsgi_read_timeout = undef, + Boolean $ssl = false, + Boolean $ssl_only = false, + Optional[String[1]] $location_alias = undef, + Optional[Enum['any', 'all']] $location_satisfy = undef, + Optional[Array[String]] $location_allow = undef, + Optional[Array[String]] $location_deny = undef, + Boolean $stub_status = false, + Optional[Variant[String, Array[String]]] $raw_prepend = undef, + Optional[Variant[String, Array[String]]] $raw_append = undef, + Optional[Nginx::Directives] $location_custom_cfg = undef, + Optional[Nginx::Directives] $location_cfg_prepend = undef, + Optional[Nginx::Directives] $location_cfg_append = undef, + Optional[Nginx::Directives] $location_custom_cfg_prepend = undef, + Optional[Nginx::Directives] $location_custom_cfg_append = undef, + Optional[Array[String]] $include = undef, + Optional[Array[String]] $try_files = undef, + Optional[String] $proxy_cache = undef, + Optional[String] $proxy_cache_key = undef, + Optional[String] $proxy_cache_use_stale = undef, + Optional[Nginx::Toggle] $proxy_cache_lock = undef, + Optional[Variant[Array[String], String]] $proxy_cache_valid = undef, + Optional[Variant[Array[String], String]] $proxy_cache_bypass = undef, + Optional[String] $proxy_method = undef, + Optional[Enum['1.0','1.1']] $proxy_http_version = undef, + Optional[String[1]] $proxy_set_body = undef, + Optional[Nginx::Toggle] $proxy_buffering = undef, + Optional[String[1]] $auth_basic = undef, + Optional[String[1]] $auth_basic_user_file = undef, + Optional[String[1]] $auth_request = undef, + Array[String[3]] $rewrite_rules = [], + Integer[401,599] $priority = 500, + Boolean $mp4 = false, + Boolean $flv = false, + Optional[String[1]] $expires = undef, + Hash[String[1],String] $add_header = {}, ) { if ! defined(Class['nginx']) { diff --git a/manifests/resource/mailhost.pp b/manifests/resource/mailhost.pp index ffaca8c9e..edfacade3 100644 --- a/manifests/resource/mailhost.pp +++ b/manifests/resource/mailhost.pp @@ -77,50 +77,50 @@ # } # define nginx::resource::mailhost ( - Integer $listen_port, - Enum['absent', 'present'] $ensure = 'present', - Variant[Array[String], String] $listen_ip = '*', - Optional[String] $listen_options = undef, - Boolean $ipv6_enable = false, - Variant[Array[String], String] $ipv6_listen_ip = '::', - Integer $ipv6_listen_port = 80, - String $ipv6_listen_options = 'default ipv6only=on', - Boolean $ssl = false, - Optional[String] $ssl_cert = undef, - String $ssl_ciphers = $nginx::ssl_ciphers, - Optional[String] $ssl_client_cert = undef, - Optional[String] $ssl_crl = undef, - Optional[String] $ssl_dhparam = $nginx::ssl_dhparam, - Optional[String] $ssl_ecdh_curve = undef, - Optional[String] $ssl_key = undef, - Optional[String] $ssl_password_file = undef, - Optional[Integer] $ssl_port = undef, - Enum['on', 'off'] $ssl_prefer_server_ciphers = $nginx::ssl_prefer_server_ciphers, - String $ssl_protocols = $nginx::ssl_protocols, - Optional[String] $ssl_session_cache = undef, - Optional[String] $ssl_session_ticket_key = undef, - Optional[String] $ssl_session_tickets = undef, - String $ssl_session_timeout = '5m', - Optional[String] $ssl_trusted_cert = undef, - Optional[Integer] $ssl_verify_depth = undef, - Enum['on', 'off', 'only'] $starttls = 'off', - $protocol = undef, - Optional[String] $auth_http = undef, - Optional[String] $auth_http_header = undef, - String $xclient = 'on', - Optional[String] $imap_auth = undef, - Optional[Array] $imap_capabilities = undef, - Optional[String] $imap_client_buffer = undef, - Optional[String] $pop3_auth = undef, - Optional[Array] $pop3_capabilities = undef, - Optional[String] $smtp_auth = undef, - Optional[Array] $smtp_capabilities = undef, - Optional[Variant[Array, String]] $raw_prepend = undef, - Optional[Variant[Array, String]] $raw_append = undef, - Optional[Hash] $mailhost_cfg_prepend = undef, - Optional[Hash] $mailhost_cfg_append = undef, - String $proxy_pass_error_message = 'off', - Array $server_name = [$name] + Stdlib::Port $listen_port, + Enum['absent', 'present'] $ensure = 'present', + Variant[Enum['*'], Array[Stdlib::Ipv4], Stdlib::Ipv4] $listen_ip = '*', + Optional[String[1]] $listen_options = undef, + Boolean $ipv6_enable = false, + Variant[Array[Stdlib::Ipv6], Stdlib::Ipv6] $ipv6_listen_ip = '::', + Stdlib::Port $ipv6_listen_port = 80, + String $ipv6_listen_options = 'default ipv6only=on', + Boolean $ssl = false, + Optional[String[1]] $ssl_cert = undef, + String $ssl_ciphers = $::nginx::ssl_ciphers, + Optional[String[1]] $ssl_client_cert = undef, + Optional[String[1]] $ssl_crl = undef, + Optional[String[1]] $ssl_dhparam = $::nginx::ssl_dhparam, + Optional[String[1]] $ssl_ecdh_curve = undef, + Optional[String[1]] $ssl_key = undef, + Optional[String[1]] $ssl_password_file = undef, + Optional[Stdlib::Port] $ssl_port = undef, + Nginx::Toggle $ssl_prefer_server_ciphers = $::nginx::ssl_prefer_server_ciphers, + String $ssl_protocols = $::nginx::ssl_protocols, + Optional[String[1]] $ssl_session_cache = undef, + Optional[String[1]] $ssl_session_ticket_key = undef, + Optional[Nginx::Toggle] $ssl_session_tickets = undef, + Nginx::Duration $ssl_session_timeout = '5m', + Optional[String[1]] $ssl_trusted_cert = undef, + Optional[Integer] $ssl_verify_depth = undef, + Enum['on', 'off', 'only'] $starttls = 'off', + Optional[Enum['imap', 'pop3', 'smtp']] $protocol = undef, + Optional[String[1]] $auth_http = undef, + Optional[String[1]] $auth_http_header = undef, + Nginx::Toggle $xclient = 'on', + Optional[String[1]] $imap_auth = undef, + Optional[Array[String[1]]] $imap_capabilities = undef, + Optional[String[2]] $imap_client_buffer = undef, + Optional[String[1]] $pop3_auth = undef, + Optional[Array[String[1]]] $pop3_capabilities = undef, + Optional[String[1]] $smtp_auth = undef, + Optional[Array[String[1]]] $smtp_capabilities = undef, + Optional[Variant[Array[String[1]], String[1]]] $raw_prepend = undef, + Optional[Variant[Array[String[1]], String[1]]] $raw_append = undef, + Optional[Nginx::Directives] $mailhost_cfg_prepend = undef, + Optional[Nginx::Directives] $mailhost_cfg_append = undef, + Nginx::Toggle $proxy_pass_error_message = 'off', + Array[Stdlib::Host] $server_name = [$name] ) { if ! defined(Class['nginx']) { diff --git a/manifests/resource/map.pp b/manifests/resource/map.pp index 592bdd02d..9251d7ea9 100644 --- a/manifests/resource/map.pp +++ b/manifests/resource/map.pp @@ -73,11 +73,11 @@ define nginx::resource::map ( String[2] $string, - Variant[Array, Hash] $mappings, - Optional[String] $default = undef, - Enum['absent', 'present'] $ensure = 'present', - Array[String] $include_files = [], - Boolean $hostnames = false + Variant[Array[Hash[String[1],String]], Hash[String[1],String]] $mappings, + Optional[String[1]] $default = undef, + Enum['absent', 'present'] $ensure = 'present', + Array[String[1]] $include_files = [], + Boolean $hostnames = false ) { if ! defined(Class['nginx']) { fail('You must include the nginx base class before using any defined resources') diff --git a/manifests/resource/server.pp b/manifests/resource/server.pp index d6853c684..610be27ee 100644 --- a/manifests/resource/server.pp +++ b/manifests/resource/server.pp @@ -140,127 +140,127 @@ # ssl_key => '/tmp/server.pem', # } define nginx::resource::server ( - Enum['absent', 'present'] $ensure = 'present', - Variant[Array, String] $listen_ip = '*', - Integer $listen_port = 80, - Optional[String] $listen_options = undef, - Boolean $listen_unix_socket_enable = false, - Variant[Array[Stdlib::Absolutepath], Stdlib::Absolutepath] $listen_unix_socket = '/var/run/nginx.sock', - Optional[String] $listen_unix_socket_options = undef, - Optional[Enum['any', 'all']] $location_satisfy = undef, - Array $location_allow = [], - Array $location_deny = [], - Boolean $ipv6_enable = false, - Variant[Array, String] $ipv6_listen_ip = '::', - Integer $ipv6_listen_port = 80, - String $ipv6_listen_options = 'default ipv6only=on', - Optional[Hash] $add_header = undef, - Boolean $ssl = false, - Boolean $ssl_listen_option = true, - Optional[Variant[String, Boolean]] $ssl_cert = undef, - Optional[String] $ssl_client_cert = undef, - String $ssl_verify_client = 'on', - Optional[String] $ssl_dhparam = $nginx::ssl_dhparam, - Optional[String] $ssl_ecdh_curve = undef, - Boolean $ssl_redirect = false, - Optional[Integer] $ssl_redirect_port = undef, - Optional[Variant[String, Boolean]] $ssl_key = undef, - Integer $ssl_port = 443, - Enum['on', 'off'] $ssl_prefer_server_ciphers = $nginx::ssl_prefer_server_ciphers, - String $ssl_protocols = $nginx::ssl_protocols, - $ssl_buffer_size = undef, - String $ssl_ciphers = $nginx::ssl_ciphers, - String $ssl_cache = 'shared:SSL:10m', - Optional[String] $ssl_crl = undef, - Boolean $ssl_stapling = false, - Optional[String] $ssl_stapling_file = undef, - Optional[String] $ssl_stapling_responder = undef, - Boolean $ssl_stapling_verify = false, - String $ssl_session_timeout = '5m', - Optional[String] $ssl_session_tickets = undef, - Optional[String] $ssl_session_ticket_key = undef, - Optional[String] $ssl_trusted_cert = undef, - Optional[Integer] $ssl_verify_depth = undef, - String $spdy = $nginx::spdy, - $http2 = $nginx::http2, - Optional[String] $proxy = undef, - Optional[String]$proxy_redirect = undef, - String $proxy_read_timeout = $nginx::proxy_read_timeout, - String $proxy_send_timeout = $nginx::proxy_send_timeout, - $proxy_connect_timeout = $nginx::proxy_connect_timeout, - Array[String] $proxy_set_header = $nginx::proxy_set_header, - Array[String] $proxy_hide_header = $nginx::proxy_hide_header, - Array[String] $proxy_pass_header = $nginx::proxy_pass_header, - Optional[String] $proxy_cache = undef, - Optional[String] $proxy_cache_key = undef, - Optional[String] $proxy_cache_use_stale = undef, - Optional[Variant[Array[String], String]] $proxy_cache_valid = undef, - Optional[Enum['on', 'off']] $proxy_cache_lock = undef, - Optional[Variant[Array[String], String]] $proxy_cache_bypass = undef, - Optional[String] $proxy_method = undef, - Optional[String] $proxy_http_version = undef, - Optional[String] $proxy_set_body = undef, - Optional[String] $proxy_buffering = undef, - Array $resolver = [], - Optional[String] $fastcgi = undef, - Optional[String] $fastcgi_index = undef, - $fastcgi_param = undef, - String $fastcgi_params = "${::nginx::conf_dir}/fastcgi.conf", - Optional[String] $fastcgi_script = undef, - Optional[String] $uwsgi = undef, - String $uwsgi_params = "${nginx::config::conf_dir}/uwsgi_params", - Optional[String] $uwsgi_read_timeout = undef, - Array $index_files = [ + Enum['absent', 'present'] $ensure = 'present', + Variant[Enum['*'], Array[Stdlib::Ipv4], Stdlib::Ipv4] $listen_ip = '*', + Stdlib::Port $listen_port = 80, + Optional[String[1]] $listen_options = undef, + Boolean $listen_unix_socket_enable = false, + Variant[Array[String[1]], String[1]] $listen_unix_socket = '/var/run/nginx.sock', + Optional[String[1]] $listen_unix_socket_options = undef, + Optional[Enum['any', 'all']] $location_satisfy = undef, + Array[String[1]] $location_allow = [], + Array[String[1]] $location_deny = [], + Boolean $ipv6_enable = false, + Variant[Array[Stdlib::Ipv6], Stdlib::Ipv6] $ipv6_listen_ip = '::', + Stdlib::Port $ipv6_listen_port = 80, + String[1] $ipv6_listen_options = 'default ipv6only=on', + Optional[Hash[String[1],String]] $add_header = undef, + Boolean $ssl = false, + Boolean $ssl_listen_option = true, + Optional[String[1]] $ssl_cert = undef, + Optional[String[1]] $ssl_client_cert = undef, + Enum['on', 'off', 'optional', 'optional_no_ca'] $ssl_verify_client = 'on', + Optional[String[1]] $ssl_dhparam = $::nginx::ssl_dhparam, + Optional[String[1]] $ssl_ecdh_curve = undef, + Boolean $ssl_redirect = false, + Optional[Stdlib::Port] $ssl_redirect_port = undef, + Optional[String[1]] $ssl_key = undef, + Stdlib::Port $ssl_port = 443, + Nginx::Toggle $ssl_prefer_server_ciphers = $::nginx::ssl_prefer_server_ciphers, + String[1] $ssl_protocols = $::nginx::ssl_protocols, + Optional[String[1]] $ssl_buffer_size = undef, + String[1] $ssl_ciphers = $::nginx::ssl_ciphers, + String[1] $ssl_cache = 'shared:SSL:10m', + Optional[String[1]] $ssl_crl = undef, + Boolean $ssl_stapling = false, + Optional[String[1]] $ssl_stapling_file = undef, + Optional[Pattern[/^http:\/\//]] $ssl_stapling_responder = undef, + Boolean $ssl_stapling_verify = false, + Nginx::Duration $ssl_session_timeout = '5m', + Optional[Nginx::Toggle] $ssl_session_tickets = undef, + Optional[String[1]] $ssl_session_ticket_key = undef, + Optional[String[1]] $ssl_trusted_cert = undef, + Optional[Integer] $ssl_verify_depth = undef, + Boolean $spdy = $::nginx::spdy, + Boolean $http2 = $::nginx::http2, + Optional[Stdlib::Httpurl] $proxy = undef, + Optional[String[1]] $proxy_redirect = undef, + Nginx::Duration $proxy_read_timeout = $::nginx::proxy_read_timeout, + Nginx::Duration $proxy_send_timeout = $::nginx::proxy_send_timeout, + Nginx::Duration $proxy_connect_timeout = $::nginx::proxy_connect_timeout, + Array[String[1]] $proxy_set_header = $::nginx::proxy_set_header, + Array[String[1]] $proxy_hide_header = $::nginx::proxy_hide_header, + Array[String[1]] $proxy_pass_header = $::nginx::proxy_pass_header, + Optional[String[1]] $proxy_cache = undef, + Optional[String[1]] $proxy_cache_key = undef, + Optional[String[1]] $proxy_cache_use_stale = undef, + Optional[Variant[Array[String[1]], String[1]]] $proxy_cache_valid = undef, + Optional[Nginx::Toggle] $proxy_cache_lock = undef, + Optional[Variant[Array[String], String]] $proxy_cache_bypass = undef, + Optional[String[1]] $proxy_method = undef, + Optional[Enum['1.0','1.1']] $proxy_http_version = undef, + Optional[String] $proxy_set_body = undef, + Optional[Nginx::Toggle] $proxy_buffering = undef, + Array[String[1]] $resolver = [], + Optional[String[1]] $fastcgi = undef, + Optional[String[1]] $fastcgi_index = undef, + Optional[Hash[String[1],String]] $fastcgi_param = undef, + String[1] $fastcgi_params = "${::nginx::conf_dir}/fastcgi.conf", + Optional[String[1]] $fastcgi_script = undef, + Optional[String[1]] $uwsgi = undef, + String[1] $uwsgi_params = "${nginx::config::conf_dir}/uwsgi_params", + Optional[Nginx::Duration] $uwsgi_read_timeout = undef, + Array[String[1]] $index_files = [ 'index.html', 'index.htm', 'index.php'], - Optional[String] $autoindex = undef, - Array[String] $server_name = [$name], - Optional[String] $www_root = undef, - Boolean $rewrite_www_to_non_www = false, - Optional[Hash] $location_custom_cfg = undef, - Optional[Hash] $location_cfg_prepend = undef, - Optional[Hash] $location_cfg_append = undef, - Optional[Hash] $location_custom_cfg_prepend = undef, - Optional[Hash] $location_custom_cfg_append = undef, - Optional[Array[String]] $try_files = undef, - Optional[String] $auth_basic = undef, - Optional[String] $auth_basic_user_file = undef, - Optional[String] $auth_request = undef, - Optional[String] $client_body_timeout = undef, - Optional[String] $client_header_timeout = undef, - $client_max_body_size = undef, - Optional[Variant[Array[String], String]] $raw_prepend = undef, - Optional[Variant[Array[String], String]] $raw_append = undef, - Optional[Variant[Array[String], String]] $location_raw_prepend = undef, - Optional[Variant[Array[String], String]] $location_raw_append = undef, - Optional[Hash] $server_cfg_prepend = undef, - Optional[Hash] $server_cfg_append = undef, - Optional[Hash] $server_cfg_ssl_prepend = undef, - Optional[Hash] $server_cfg_ssl_append = undef, - Optional[Array[String]] $include_files = undef, - Optional[Variant[String, Array]] $access_log = undef, - Optional[Variant[String, Array]] $error_log = undef, - $format_log = 'combined', - Optional[Hash] $passenger_cgi_param = undef, - Optional[Hash] $passenger_set_header = undef, - Optional[Hash] $passenger_env_var = undef, - Optional[Variant[Array[String], String]] $passenger_pre_start = undef, - Optional[String] $log_by_lua = undef, - Optional[String] $log_by_lua_file = undef, - $use_default_location = true, - $rewrite_rules = [], - $string_mappings = {}, - $geo_mappings = {}, - Optional[String] $gzip_types = undef, - String $owner = $nginx::global_owner, - String $group = $nginx::global_group, - String $mode = $nginx::global_mode, - Boolean $maintenance = false, - String $maintenance_value = 'return 503', - $error_pages = undef, - Hash $locations = {}, - Hash $locations_defaults = {} + Optional[Nginx::Toggle] $autoindex = undef, + Array[String[1]] $server_name = [$name], + Optional[String[1]] $www_root = undef, + Boolean $rewrite_www_to_non_www = false, + Optional[Nginx::Directives] $location_custom_cfg = undef, + Optional[Nginx::Directives] $location_cfg_prepend = undef, + Optional[Nginx::Directives] $location_cfg_append = undef, + Optional[Nginx::Directives] $location_custom_cfg_prepend = undef, + Optional[Nginx::Directives] $location_custom_cfg_append = undef, + Optional[Array[String[1]]] $try_files = undef, + Optional[String[1]] $auth_basic = undef, + Optional[String[1]] $auth_basic_user_file = undef, + Optional[String[1]] $auth_request = undef, + Optional[Nginx::Duration] $client_body_timeout = undef, + Optional[Nginx::Duration] $client_header_timeout = undef, + Optional[String[1]] $client_max_body_size = undef, + Optional[Variant[Array[String[1]], String[1]]] $raw_prepend = undef, + Optional[Variant[Array[String[1]], String[1]]] $raw_append = undef, + Optional[Variant[Array[String[1]], String[1]]] $location_raw_prepend = undef, + Optional[Variant[Array[String[1]], String[1]]] $location_raw_append = undef, + Optional[Nginx::Directives] $server_cfg_prepend = undef, + Optional[Nginx::Directives] $server_cfg_append = undef, + Optional[Nginx::Directives] $server_cfg_ssl_prepend = undef, + Optional[Nginx::Directives] $server_cfg_ssl_append = undef, + Optional[Array[String[1]]] $include_files = undef, + Optional[Variant[String[1], Array[String[1]]]] $access_log = undef, + Optional[Variant[String[1], Array[String[1]]]] $error_log = undef, + String[1] $format_log = 'combined', + Optional[Hash[String[1],String]] $passenger_cgi_param = undef, + Optional[Hash[String[1],String]] $passenger_set_header = undef, + Optional[Hash[String[1],String]] $passenger_env_var = undef, + Optional[Variant[Array[String[1]], String[1]]] $passenger_pre_start = undef, + Optional[String[1]] $log_by_lua = undef, + Optional[String[1]] $log_by_lua_file = undef, + Boolean $use_default_location = true, + Array[String[1]] $rewrite_rules = [], + Hash $string_mappings = {}, + Hash $geo_mappings = {}, + Optional[String[1]] $gzip_types = undef, + String[1] $owner = $::nginx::global_owner, + String[1] $group = $::nginx::global_group, + Stdlib::Filemode $mode = $::nginx::global_mode, + Boolean $maintenance = false, + String[1] $maintenance_value = 'return 503', + Optional[Hash[String[1],String]] $error_pages = undef, + Hash $locations = {}, + Hash $locations_defaults = {} ) { if ! defined(Class['nginx']) { @@ -302,10 +302,10 @@ # Check to see if SSL Certificates are properly defined. if $ssl { if $ssl_cert == undef { - fail('nginx: ssl_cert must be set to false or to a fully qualified path') + warning('nginx: ssl enabled but ssl_cert undef') } if $ssl_key == undef { - fail('nginx: ssl_key must be set to false or to a fully qualified path') + warning('nginx: ssl enabled but ssl_key undef') } } diff --git a/manifests/resource/streamhost.pp b/manifests/resource/streamhost.pp index 5d43c8f76..1cdcfcf83 100644 --- a/manifests/resource/streamhost.pp +++ b/manifests/resource/streamhost.pp @@ -47,23 +47,23 @@ # ensure => present, # } define nginx::resource::streamhost ( - Enum['absent', 'present'] $ensure = 'present', - Variant[Array, String] $listen_ip = '*', - Integer $listen_port = 80, - Optional[String] $listen_options = undef, - Boolean $ipv6_enable = false, - Variant[Array, String] $ipv6_listen_ip = '::', - Integer $ipv6_listen_port = 80, - String $ipv6_listen_options = 'default ipv6only=on', - $proxy = undef, - String $proxy_read_timeout = $nginx::proxy_read_timeout, - $proxy_connect_timeout = $nginx::proxy_connect_timeout, - Array $resolver = [], - $raw_prepend = undef, - $raw_append = undef, - String $owner = $nginx::global_owner, - String $group = $nginx::global_group, - String $mode = $nginx::global_mode, + Enum['absent', 'present'] $ensure = 'present', + Variant[Enum['*'], Array[String[1]], String[1]] $listen_ip = '*', + Stdlib::Port $listen_port = 80, + Optional[String[1]] $listen_options = undef, + Boolean $ipv6_enable = false, + Variant[Array[Stdlib::Ipv6], Stdlib::Ipv6] $ipv6_listen_ip = '::', + Stdlib::Port $ipv6_listen_port = 80, + String[1] $ipv6_listen_options = 'default ipv6only=on', + Optional[String[1]] $proxy = undef, + Nginx::Duration $proxy_read_timeout = $::nginx::proxy_read_timeout, + Nginx::Duration $proxy_connect_timeout = $::nginx::proxy_connect_timeout, + Array[String[1]] $resolver = [], + Optional[Variant[Array[String[1]], String[1]]] $raw_prepend = undef, + Optional[Variant[Array[String[1]], String[1]]] $raw_append = undef, + String[1] $owner = $::nginx::global_owner, + String[1] $group = $::nginx::global_group, + Stdlib::Filemode $mode = $::nginx::global_mode, ) { if ! defined(Class['nginx']) { diff --git a/manifests/resource/upstream.pp b/manifests/resource/upstream.pp index 91dac6ccd..5c271a859 100644 --- a/manifests/resource/upstream.pp +++ b/manifests/resource/upstream.pp @@ -41,14 +41,14 @@ # upstream_cfg_prepend => $my_config, # } define nginx::resource::upstream ( - Optional[Array] $members = undef, - $members_tag = undef, - Enum['present', 'absent'] $ensure = 'present', - Optional[Hash] $upstream_cfg_append = undef, - Optional[Hash] $upstream_cfg_prepend = undef, - $upstream_fail_timeout = '10s', - $upstream_max_fails = undef, - Enum['http', 'stream'] $upstream_context = 'http', + Optional[Array[String[1]]] $members = undef, + Optional[String[1]] $members_tag = undef, + Enum['present', 'absent'] $ensure = 'present', + Optional[Nginx::Directives] $upstream_cfg_append = undef, + Optional[Nginx::Directives] $upstream_cfg_prepend = undef, + Nginx::Duration $upstream_fail_timeout = '10s', + Optional[Integer] $upstream_max_fails = undef, + Enum['http', 'stream'] $upstream_context = 'http', ) { if ! defined(Class['nginx']) { diff --git a/manifests/resource/upstream/member.pp b/manifests/resource/upstream/member.pp index 7ce6ea5a9..a8a1ea5c7 100644 --- a/manifests/resource/upstream/member.pp +++ b/manifests/resource/upstream/member.pp @@ -35,11 +35,11 @@ # } # define nginx::resource::upstream::member ( - $upstream, - $server, - Enum['present', 'absent'] $ensure = 'present', - Integer $port = 80, - $upstream_fail_timeout = '10s', + String[1] $upstream, + Optional[Array[String[1]]] $server, + Enum['present', 'absent'] $ensure = 'present', + Stdlib::Port $port = 80, + String[Nginx::Duration] $upstream_fail_timeout = '10s', ) { if ! defined(Class['nginx']) { fail('You must include the nginx base class before using any defined resources') diff --git a/manifests/service.pp b/manifests/service.pp index 0572fc114..fc13cd95e 100644 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -14,11 +14,11 @@ # # This class file is not called directly class nginx::service( - $service_restart = $nginx::service_restart, - $service_ensure = $nginx::service_ensure, - $service_name = $nginx::service_name, - $service_flags = $nginx::service_flags, - $service_manage = $nginx::service_manage, + Optional[String[1]] $service_restart = $::nginx::service_restart, + Enum['running', 'absent', 'stopped', 'undef'] $service_ensure = $::nginx::service_ensure, + String[1] $service_name = $::nginx::service_name, + Optional[String[1]] $service_flags = $::nginx::service_flags, + Boolean $service_manage = $::nginx::service_manage, ) { assert_private() diff --git a/spec/classes/nginx_spec.rb b/spec/classes/nginx_spec.rb index 8ea73703d..4b7d5c026 100644 --- a/spec/classes/nginx_spec.rb +++ b/spec/classes/nginx_spec.rb @@ -444,7 +444,7 @@ title: 'should set pid', attr: 'pid', value: '/path/to/pid', - match: 'pid /path/to/pid;' + match: 'pid /path/to/pid;' }, { title: 'should not set pid', @@ -540,15 +540,21 @@ match: ' access_log /var/log/nginx/access.log mycustomformat;' }, { - title: 'should set sendfile', + title: 'should set sendfile on', attr: 'sendfile', value: 'on', match: ' sendfile on;' }, + { + title: 'should set sendfile off', + attr: 'sendfile', + value: 'off', + match: ' sendfile off;' + }, { title: 'should not set sendfile', attr: 'sendfile', - value: false, + value: :undef, notmatch: %r{sendfile} }, { @@ -812,12 +818,6 @@ 'test1 test value 3;' ] }, - { - title: 'should set pid', - attr: 'pid', - value: '/path/to/pid', - match: 'pid /path/to/pid;' - }, { title: 'should set mail', attr: 'mail', @@ -851,7 +851,7 @@ { title: 'should not set proxy_http_version', attr: 'proxy_http_version', - value: nil, + value: :undef, notmatch: 'proxy_http_version' }, { diff --git a/spec/defines/resource_location_spec.rb b/spec/defines/resource_location_spec.rb index 6bf866889..16d813935 100644 --- a/spec/defines/resource_location_spec.rb +++ b/spec/defines/resource_location_spec.rb @@ -187,7 +187,7 @@ } ].each do |param| context "when #{param[:attr]} is #{param[:value]}" do - let(:default_params) { { location: 'location', proxy: 'proxy_value', server: 'server1' } } + let(:default_params) { { location: 'location', proxy: 'http://proxy_value', server: 'server1' } } let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)) } @@ -264,7 +264,7 @@ } ].each do |param| context "when #{param[:attr]} is #{param[:value]}" do - let(:default_params) { { location: 'location', proxy: 'proxy_value', server: 'server1' } } + let(:default_params) { { location: 'location', proxy: 'http://proxy_value', server: 'server1' } } let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)) } @@ -817,26 +817,26 @@ { title: 'should set proxy_pass', attr: 'proxy', - value: 'value', - match: %r{^\s+proxy_pass\s+value;} + value: 'http://proxy_value', + match: %r{^\s+proxy_pass\s+http\:\/\/proxy_value;} }, { title: 'should set proxy_read_timeout', attr: 'proxy_read_timeout', - value: 'value', - match: %r{\s+proxy_read_timeout\s+value;} + value: '30s', + match: %r{\s+proxy_read_timeout\s+30s;} }, { title: 'should set proxy_connect_timeout', attr: 'proxy_connect_timeout', - value: 'value', - match: %r{\s+proxy_connect_timeout\s+value;} + value: '30s', + match: %r{\s+proxy_connect_timeout\s+30s;} }, { title: 'should set proxy_read_timeout', attr: 'proxy_read_timeout', - value: 'value', - match: %r{\s+proxy_read_timeout\s+value;} + value: '30s', + match: %r{\s+proxy_read_timeout\s+30s;} }, { title: 'should set proxy headers', @@ -868,8 +868,8 @@ { title: 'should set proxy_http_version', attr: 'proxy_http_version', - value: 'value', - match: %r{\s+proxy_http_version\s+value;} + value: '1.1', + match: %r{\s+proxy_http_version\s+1.1;} }, { title: 'should set proxy_method', @@ -891,7 +891,7 @@ } ].each do |param| context "when #{param[:attr]} is #{param[:value]}" do - let(:default_params) { { location: 'location', proxy: 'proxy_value', server: 'server1' } } + let(:default_params) { { location: 'location', proxy: 'http://proxy_value', server: 'server1' } } let(:params) { default_params.merge(param[:attr].to_sym => param[:value]) } it { is_expected.to contain_concat__fragment('server1-500-' + Digest::MD5.hexdigest(params[:location].to_s)) } @@ -917,7 +917,7 @@ let :params do { location: 'location', - proxy: 'proxy_value', + proxy: 'http://proxy_value', server: 'server1', proxy_cache: 'true', proxy_cache_valid: '10m' diff --git a/spec/defines/resource_mailhost_spec.rb b/spec/defines/resource_mailhost_spec.rb index ee67e9275..50631d58c 100644 --- a/spec/defines/resource_mailhost_spec.rb +++ b/spec/defines/resource_mailhost_spec.rb @@ -89,14 +89,14 @@ { title: 'should set protocol', attr: 'protocol', - value: 'test-protocol', - match: ' protocol test-protocol;' + value: 'imap', + match: ' protocol imap;' }, { title: 'should set xclient', attr: 'xclient', - value: 'test-xclient', - match: ' xclient test-xclient;' + value: 'on', + match: ' xclient on;' }, { title: 'should set auth_http', @@ -526,14 +526,14 @@ { title: 'should set protocol', attr: 'protocol', - value: 'test-protocol', - match: ' protocol test-protocol;' + value: 'pop3', + match: ' protocol pop3;' }, { title: 'should set xclient', attr: 'xclient', - value: 'test-xclient', - match: ' xclient test-xclient;' + value: 'off', + match: ' xclient off;' }, { title: 'should set auth_http', diff --git a/spec/defines/resource_server_spec.rb b/spec/defines/resource_server_spec.rb index bf2784a08..294cfc26c 100644 --- a/spec/defines/resource_server_spec.rb +++ b/spec/defines/resource_server_spec.rb @@ -194,14 +194,14 @@ { title: 'should set the client_body_timeout', attr: 'client_body_timeout', - value: 'value', - match: %r{^\s+client_body_timeout\s+value;} + value: '10s', + match: %r{^\s+client_body_timeout\s+10s;} }, { title: 'should set the client_header_timeout', attr: 'client_header_timeout', - value: 'value', - match: %r{^\s+client_header_timeout\s+value;} + value: '10s', + match: %r{^\s+client_header_timeout\s+10s;} }, { title: 'should set the gzip_types', @@ -461,25 +461,25 @@ { title: 'should set SPDY', attr: 'spdy', - value: 'on', + value: true, match: %r{\s+listen\s+\*:443 ssl spdy;} }, { title: 'should not set SPDY', attr: 'spdy', - value: 'off', + value: false, match: %r{\s+listen\s+\*:443 ssl;} }, { title: 'should set HTTP2', attr: 'http2', - value: 'on', + value: true, match: %r{\s+listen\s+\*:443 ssl http2;} }, { title: 'should not set HTTP2', attr: 'http2', - value: 'off', + value: false, match: %r{\s+listen\s+\*:443 ssl;} }, { @@ -641,14 +641,14 @@ { title: 'should set the client_body_timeout', attr: 'client_body_timeout', - value: 'value', - match: %r{^\s+client_body_timeout\s+value;} + value: '10s', + match: %r{^\s+client_body_timeout\s+10s;} }, { title: 'should set the client_header_timeout', attr: 'client_header_timeout', - value: 'value', - match: %r{^\s+client_header_timeout\s+value;} + value: '10s', + match: %r{^\s+client_header_timeout\s+10s;} }, { title: 'should set the gzip_types', @@ -987,7 +987,7 @@ end context 'SSL cert and key are both set to false' do - let(:params) { { ssl: true, ssl_cert: false, ssl_key: false } } + let(:params) { { ssl: true, ssl_cert: :undef, ssl_key: :undef } } it { is_expected.to contain_concat__fragment("#{title}-ssl-header").without_content(%r{ssl_certificate}) } it { is_expected.to contain_concat__fragment("#{title}-ssl-header").without_content(%r{ssl_certificate_key}) } diff --git a/templates/conf.d/nginx.conf.erb b/templates/conf.d/nginx.conf.erb index 3e96f2490..ba26520b6 100644 --- a/templates/conf.d/nginx.conf.erb +++ b/templates/conf.d/nginx.conf.erb @@ -18,7 +18,7 @@ worker_rlimit_nofile <%= @worker_rlimit_nofile %>; <% end -%> <% if @pid -%> -pid <%= @pid %>; +pid <%= @pid %>; <% end -%> <% if @nginx_error_log.is_a?(Array) -%> <%- @nginx_error_log.each do |log_item| -%> @@ -82,12 +82,13 @@ http { access_log <%= @http_access_log %><% if @http_format_log %> <%= @http_format_log%><% end %>; <% end -%> -<% if @sendfile == 'on' -%> - sendfile on; - <%- if @http_tcp_nopush == 'on' -%> - tcp_nopush on; - <%- end -%> +<% if @sendfile -%> + sendfile <%= @sendfile %>; +<% end -%> +<%- if @http_tcp_nopush -%> + tcp_nopush <%= @http_tcp_nopush %>; <% end -%> + server_tokens <%= @server_tokens %>; types_hash_max_size <%= @types_hash_max_size %>; diff --git a/templates/server/server_ssl_header.erb b/templates/server/server_ssl_header.erb index 1f6fc88f6..d483bebd8 100644 --- a/templates/server/server_ssl_header.erb +++ b/templates/server/server_ssl_header.erb @@ -4,10 +4,10 @@ server { <%- if @listen_ip.is_a?(Array) then -%> <%- @listen_ip.each do |ip| -%> - listen <%= ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>; + listen <%= ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if @http2 %> http2<% end %><% if @spdy %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>; <%- end -%> <%- else -%> - listen <%= @listen_ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>; + listen <%= @listen_ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if @http2 %> http2<% end %><% if @spdy %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>; <%- end -%> <%= scope.function_template(["nginx/server/server_ssl_ipv6_listen.erb"]) %> server_name www.<%= s.gsub(/^www\./, '') %>; @@ -22,10 +22,10 @@ server { server { <%- if @listen_ip.is_a?(Array) then -%> <%- @listen_ip.each do |ip| -%> - listen <%= ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>; + listen <%= ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if @http2 %> http2<% end %><% if @spdy %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>; <%- end -%> <%- else -%> - listen <%= @listen_ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>; + listen <%= @listen_ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if @http2 %> http2<% end %><% if @spdy %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>; <%- end -%> <%= scope.function_template(["nginx/server/server_ssl_ipv6_listen.erb"]) %> server_name <%= @rewrite_www_to_non_www ? @server_name.join(" ").gsub(/(^| )(www\.)?(?=[a-z0-9])/, '') : @server_name.join(" ") %>; diff --git a/templates/server/server_ssl_ipv6_listen.erb b/templates/server/server_ssl_ipv6_listen.erb index 48c5206cf..5d682954c 100644 --- a/templates/server/server_ssl_ipv6_listen.erb +++ b/templates/server/server_ssl_ipv6_listen.erb @@ -2,9 +2,9 @@ <%- if @ipv6_enable -%> <%- if @ipv6_listen_ip.is_a?(Array) then -%> <%- @ipv6_listen_ip.each do |ipv6| -%> - listen [<%= ipv6 %>]:<%= @ssl_port %> ssl<% if @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>; + listen [<%= ipv6 %>]:<%= @ssl_port %> ssl<% if @http2 %> http2<% end %><% if @spdy %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>; <%- end -%> <%- else -%> - listen [<%= @ipv6_listen_ip %>]:<%= @ssl_port %> ssl<% if @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>; + listen [<%= @ipv6_listen_ip %>]:<%= @ssl_port %> ssl<% if @http2 %> http2<% end %><% if @spdy %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>; <%- end -%> <%- end -%> diff --git a/types/directives.pp b/types/directives.pp new file mode 100644 index 000000000..460b23c28 --- /dev/null +++ b/types/directives.pp @@ -0,0 +1 @@ +type Nginx::Directives = Variant[Hash[String[1],Variant[Hash[String[1], Variant[Array[String], String]], String, Array[String]]],Array[Array[String]]] diff --git a/types/duration.pp b/types/duration.pp new file mode 100644 index 000000000..699f2de36 --- /dev/null +++ b/types/duration.pp @@ -0,0 +1 @@ +type Nginx::Duration = Pattern[/^((\d+y)?\s?(\d+M)?\s?(\d+w)?\s?(\d+d)?\s?(\d+h)?\s?(\d+m)?\s?(\d+s)?\s?(\d+ms)?\s?|\d+)$/] diff --git a/types/toggle.pp b/types/toggle.pp new file mode 100644 index 000000000..e1040cfd6 --- /dev/null +++ b/types/toggle.pp @@ -0,0 +1 @@ +type Nginx::Toggle = Enum['on','off']