voxpupuli · jfryman · Jun 16, 2014 · Jun 12, 2014 · Jun 13, 2014
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -82,6 +82,8 @@
   $worker_connections             = $nginx::params::nx_worker_connections,
   $worker_processes               = $nginx::params::nx_worker_processes,
   $worker_rlimit_nofile           = $nginx::params::nx_worker_rlimit_nofile,
+  $geo_mappings                   = {},
+  $string_mappings                = {},
 ) inherits nginx::params {
 
   include stdlib
@@ -158,6 +160,9 @@
   validate_string($proxy_headers_hash_bucket_size)
   validate_bool($super_user)
 
+  validate_hash($string_mappings)
+  validate_hash($geo_mappings)
+
   class { 'nginx::package':
     package_name   => $package_name,
     package_source => $package_source,
@@ -219,6 +224,8 @@
   create_resources('nginx::resource::vhost', $nginx_vhosts)
   create_resources('nginx::resource::location', $nginx_locations)
   create_resources('nginx::resource::mailhost', $nginx_mailhosts)
+  create_resources('nginx::resource::map', $string_mappings)
+  create_resources('nginx::resource::geo', $geo_mappings)
 
   # Allow the end user to establish relationships to the "main" class
   # and preserve the relationship to the implementation classes through

diff --git a/manifests/resource/geo.pp b/manifests/resource/geo.pp
@@ -0,0 +1,90 @@
+# define: nginx::resource::geo
+#
+# This definition creates a new geo mapping entry for NGINX
+#
+# Parameters:
+#   [*networks*]        - Hash of geo lookup keys and resultant values
+#   [*default*]         - Sets the resulting value if the source value fails to
+#                         match any of the variants.
+#   [*ensure*]          - Enables or disables the specified location
+#   [*ranges*]          - Indicates that lookup keys (network addresses) are
+#                         specified as ranges.
+#   [*address*]         - Nginx defaults to using $remote_addr for testing.
+#                         This allows you to override that with another variable
+#                         name (automatically prefixed with $)
+#   [*delete*]          - deletes the specified network (see: geo module docs)
+#   [*proxy_recursive*] - Changes the behavior of address acquisition when
+#                         specifying trusted proxies via 'proxies' directive
+#   [*proxies*]         - Hash of network->value mappings.
+
+# Actions:
+#
+# Requires:
+#
+# Sample Usage:
+#
+#  nginx::resource::geo { 'client_network':
+#    ensure          => present,
+#    ranges          => false,
+#    default         => extra,
+#    proxy_recursive => false,
+#    proxies         => [ '192.168.99.99' ],
+#    networks        => {
+#      '10.0.0.0/8'     => 'intra',
+#      '172.16.0.0/12'  => 'intra',
+#      '192.168.0.0/16' => 'intra',
+#    }
+#  }
+#
+# Sample Hiera usage:
+#
+#  nginx::geos:
+#    client_network:
+#      ensure: present
+#      ranges: false
+#      default: 'extra'
+#      proxy_recursive: false
+#      proxies:
+#         - 192.168.99.99
+#      networks:
+#        '10.0.0.0/8': 'intra'
+#        '172.16.0.0/12': 'intra'
+#        '192.168.0.0/16': 'intra'
+
+
+define nginx::resource::geo (
+  $networks,
+  $default         = undef,
+  $ensure          = 'present',
+  $ranges          = false,
+  $address         = undef,
+  $delete          = undef,
+  $proxies         = undef,
+  $proxy_recursive = undef
+) {
+
+  validate_hash($networks)
+  validate_bool($ranges)
+  validate_re($ensure, '^(present|absent)$',
+    "Invalid ensure value '${ensure}'. Expected 'present' or 'absent'")
+  if ($default != undef) { validate_string($default) }
+  if ($address != undef) { validate_string($address) }
+  if ($delete != undef) { validate_string($delete) }
+  if ($proxies != undef) { validate_array($proxies) }
+  if ($proxy_recursive != undef) { validate_bool($proxy_recursive) }
+
+  File {
+    owner => 'root',
+    group => 'root',
+    mode  => '0644',
+  }
+
+  file { "${nginx::params::nx_conf_dir}/conf.d/${name}-geo.conf":
+    ensure  => $ensure ? {
+      'absent' => absent,
+      default  => 'file',
+    },
+    content => template('nginx/conf.d/geo.erb'),
+    notify  => Class['nginx::service'],
+  }
+}
diff --git a/manifests/resource/map.pp b/manifests/resource/map.pp
@@ -0,0 +1,74 @@
+# define: nginx::resource::map
+#
+# This definition creates a new mapping entry for NGINX
+#
+# Parameters:
+#   [*ensure*]     - Enables or disables the specified location (present|absent)
+#   [*default*]    - Sets the resulting value if the source values fails to
+#                    match any of the variants.
+#   [*string*]     - Source string or variable to provide mapping for
+#   [*mappings*]   - Hash of map lookup keys and resultant values
+#   [*hostnames*]  - Indicates that source values can be hostnames with a
+#                    prefix or suffix mask.
+
+# Actions:
+#
+# Requires:
+#
+# Sample Usage:
+#
+#  nginx::resource::map { 'backend_pool':
+#    ensure    => present,
+#    hostnames => true,
+#    default   => 'ny-pool-1,
+#    string    => '$http_host',
+#    mappings  => {
+#      '*.nyc.example.com' => 'ny-pool-1',
+#      '*.sf.example.com'  => 'sf-pool-1',
+#    }
+#  }
+#
+# Sample Hiera usage:
+#
+#  nginx::maps:
+#    client_network:
+#      ensure: present
+#      hostnames: true
+#      default: 'ny-pool-1'
+#      string: $http_host
+#      mappings:
+#        '*.nyc.example.com': 'ny-pool-1'
+#        '*.sf.example.com': 'sf-pool-1'
+
+
+define nginx::resource::map (
+  $string,
+  $mappings,
+  $default    = undef,
+  $ensure     = 'present',
+  $hostnames  = false
+) {
+  validate_string($string)
+  validate_re($string, '^.{2,}$',
+    "Invalid string value [${string}]. Expected a minimum of 2 characters.")
+  validate_hash($mappings)
+  validate_bool($hostnames)
+  validate_re($ensure, '^(present|absent)$',
+    "Invalid ensure value '${ensure}'. Expected 'present' or 'absent'")
+  if ($default != undef) { validate_string($default) }
+
+  File {
+    owner => 'root',
+    group => 'root',
+    mode  => '0644',
+  }
+
+  file { "${nginx::params::nx_conf_dir}/conf.d/${name}-map.conf":
+    ensure  => $ensure ? {
+      'absent' => absent,
+      default  => 'file',
+    },
+    content => template('nginx/conf.d/map.erb'),
+    notify  => Class['nginx::service'],
+  }
+}
diff --git a/manifests/resource/vhost.pp b/manifests/resource/vhost.pp
@@ -194,6 +194,8 @@
   $log_by_lua_file        = undef,
   $use_default_location   = true,
   $rewrite_rules          = [],
+  $string_mappings        = {},
+  $geo_mappings           = {},
 ) {
 
   validate_re($ensure, '^(present|absent)$',
@@ -332,6 +334,8 @@
   }
   validate_bool($use_default_location)
   validate_array($rewrite_rules)
+  validate_hash($string_mappings)
+  validate_hash($geo_mappings)
 
   # Variables
   $vhost_dir = "${nginx::config::nx_conf_dir}/sites-available"
@@ -555,4 +559,7 @@
     require => Concat[$config_file],
     notify  => Service['nginx'],
   }
+
+  create_resources('nginx::resource::map', $string_mappings)
+  create_resources('nginx::resource::geo', $geo_mappings)
 }
diff --git a/spec/defines/resource_geo_spec.rb b/spec/defines/resource_geo_spec.rb
@@ -0,0 +1,128 @@
+require 'spec_helper'
+
+describe 'nginx::resource::geo' do
+  let :title do
+    'client_network'
+  end
+
+  let :default_params do
+    {
+      :default  => 'extra',
+      :networks => {
+        '172.16.0.0/12'  => 'intra',
+        '192.168.0.0/16' => 'intra',
+        '10.0.0.0/8'     => 'intra',
+      },
+      :proxies => [ '1.2.3.4', '4.3.2.1' ]
+    }
+  end
+
+  let :facts do
+    {
+      :osfamily        => 'RedHat',
+      :operatingsystem => 'CentOS',
+    }
+  end
+
+  let :pre_condition do
+    [
+      'include ::nginx::params',
+    ]
+  end
+
+  describe 'os-independent items' do
+    describe 'basic assumptions' do
+      let :params do default_params end
+
+      it { should contain_file("/etc/nginx/conf.d/#{title}-geo.conf").with(
+        {
+          'owner'   => 'root',
+          'group'   => 'root',
+          'mode'    => '0644',
+          'ensure'  => 'file',
+          'content' => /geo \$#{title}/,
+        }
+      )}
+    end
+
+    describe "geo.conf template content" do
+      [
+        {
+          :title => 'should set address',
+          :attr  => 'address',
+          :value => '$remote_addr',
+          :match => 'geo $remote_addr $client_network {'
+        },
+        {
+          :title => 'should set ranges',
+          :attr  => 'ranges',
+          :value => true,
+          :match => '  ranges;'
+        },
+        {
+          :title => 'should set default',
+          :attr  => 'default',
+          :value => 'extra',
+          :match => [ '  default extra;' ],
+        },
+        {
+          :title => 'should contain ordered network directives',
+          :attr  => 'networks',
+          :value => {
+            '192.168.0.0/16' => 'intra',
+            '172.16.0.0/12'  => 'intra',
+            '10.0.0.0/8'     => 'intra',
+          },
+          :match => [
+            '  10.0.0.0/8 intra;',
+            '  172.16.0.0/12 intra;',
+            '  192.168.0.0/16 intra;',
+          ],
+        },
+        {
+          :title => 'should set multiple proxies',
+          :attr  => 'proxies',
+          :value => [ '1.2.3.4', '4.3.2.1' ],
+          :match => [
+            '  proxy 1.2.3.4;',
+            '  proxy 4.3.2.1;'
+          ]
+        },
+        {
+          :title => 'should set proxy_recursive',
+          :attr  => 'proxy_recursive',
+          :value => true,
+          :match => '  proxy_recursive;'
+        },
+        {
+          :title => 'should set delete',
+          :attr  => 'delete',
+          :value => '192.168.0.0/16',
+          :match => '  delete 192.168.0.0/16;'
+        },
+      ].each do |param|
+        context "when #{param[:attr]} is #{param[:value]}" do
+          let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
+
+          it { should contain_file("/etc/nginx/conf.d/#{title}-geo.conf").with_mode('0644') }
+          it param[:title] do
+            verify_contents(subject, "/etc/nginx/conf.d/#{title}-geo.conf", Array(param[:match]))
+            Array(param[:notmatch]).each do |item|
+              should contain_file("/etc/nginx/conf.d/#{title}-geo.conf").without_content(item)
+            end
+          end
+        end
+      end
+
+      context 'when ensure => absent' do
+        let :params do default_params.merge(
+          {
+            :ensure => 'absent'
+          }
+        ) end
+
+        it { should contain_file("/etc/nginx/conf.d/#{title}-geo.conf").with_ensure('absent') }
+      end
+    end
+  end
+end