Merge pull request #905 from mhaskel/1.2.x_update

1.2.x update
redhat-openstack · Oct 21, 2014 · aa0dc96 · aa0dc96
2 parents 3d8f21a + 09ed715
commit aa0dc96
Show file tree

Hide file tree

Showing 22 changed files with 398 additions and 134 deletions.
diff --git a/README.md b/README.md
diff --git a/manifests/balancer.pp b/manifests/balancer.pp
@@ -42,7 +42,6 @@
   $proxy_set = {},
   $collect_exported = true,
 ) {
-  include concat::setup
   include ::apache::mod::proxy_balancer
 
   $target = "${::apache::params::confd_dir}/balancer_${name}.conf"

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -63,6 +63,7 @@
   $server_tokens          = 'OS',
   $server_signature       = 'On',
   $trace_enable           = 'On',
+  $allow_encoded_slashes  = undef,
   $package_ensure         = 'installed',
 ) inherits ::apache::params {
   validate_bool($default_vhost)
@@ -80,6 +81,10 @@
     validate_re($mpm_module, $valid_mpms_re)
   }
 
+  if $allow_encoded_slashes {
+    validate_re($allow_encoded_slashes, '(^on$|^off$|^nodecode$)', "${allow_encoded_slashes} is not permitted for allow_encoded_slashes. Allowed values are 'on', 'off' or 'nodecode'.")
+  }
+
   # NOTE: on FreeBSD it's mpm module's responsibility to install httpd package.
   # NOTE: the same strategy may be introduced for other OSes. For this, you
   # should delete the 'if' block below and modify all MPM modules' manifests

diff --git a/manifests/mod/shib.pp b/manifests/mod/shib.pp
@@ -0,0 +1,15 @@
+class apache::mod::shib (
+  $suppress_warning = false,
+) {
+
+  if $::osfamily == 'RedHat' and ! $suppress_warning {
+    warning('RedHat distributions do not have Apache mod_shib in their default package repositories.')
+  }
+
+  $mod_shib = 'shib2'
+
+  apache::mod {$mod_shib:
+    id => 'mod_shib',
+  }
+
+}
diff --git a/manifests/params.pp b/manifests/params.pp
@@ -65,6 +65,7 @@
     $suphp_addhandler     = 'php5-script'
     $suphp_engine         = 'off'
     $suphp_configpath     = undef
+    # NOTE: The module for Shibboleth is not available to RH/CentOS without an additional repository. http://wiki.aaf.edu.au/tech-info/sp-install-guide
     $mod_packages         = {
       'auth_kerb'   => 'mod_auth_kerb',
       'authnz_ldap' => 'mod_authz_ldap',
@@ -86,6 +87,7 @@
       'suphp'       => 'mod_suphp',
       'xsendfile'   => 'mod_xsendfile',
       'nss'         => 'mod_nss',
+      'shib2'       => 'shibboleth',
     }
     $mod_libs             = {
       'php5' => 'libphp5.so',
@@ -146,6 +148,7 @@
       'suphp'       => 'libapache2-mod-suphp',
       'wsgi'        => 'libapache2-mod-wsgi',
       'xsendfile'   => 'libapache2-mod-xsendfile',
+      'shib2'       => 'libapache2-mod-shib2',
     }
     $mod_libs             = {
       'php5' => 'libphp5.so',
@@ -243,7 +246,6 @@
       # NOTE: 'php' needs to enable APACHE option in make config
       # NOTE: 'dav_svn' needs to enable MOD_DAV_SVN make config
       # NOTE: not sure where the shibboleth should come from
-      # NOTE: don't know where the shibboleth module should come from
       'auth_kerb'  => 'www/mod_auth_kerb2',
       'fcgid'      => 'www/mod_fcgid',
       'passenger'  => 'www/rubygem-passenger',
@@ -254,7 +256,8 @@
       'wsgi'       => 'www/mod_wsgi',
       'dav_svn'    => 'devel/subversion',
       'xsendfile'  => 'www/mod_xsendfile',
-      'rpaf'       => 'www/mod_rpaf2'
+      'rpaf'       => 'www/mod_rpaf2',
+      'shib2'      => 'security/shibboleth2-sp',
     }
     $mod_libs         = {
       'php5' => 'libphp5.so',

diff --git a/manifests/version.pp b/manifests/version.pp
@@ -7,7 +7,7 @@
   $osr_array = split($::operatingsystemrelease,'[\/\.]')
   $distrelease = $osr_array[0]
   if ! $distrelease {
-    fail("Class['apache::params']: Unparsable \$::operatingsystemrelease: ${::operatingsystemrelease}")
+    fail("Class['apache::version']: Unparsable \$::operatingsystemrelease: ${::operatingsystemrelease}")
   }
 
   case $::osfamily {

diff --git a/manifests/vhost.pp b/manifests/vhost.pp
@@ -69,6 +69,7 @@
   $redirect_status             = undef,
   $redirectmatch_status        = undef,
   $redirectmatch_regexp        = undef,
+  $redirectmatch_dest          = undef,
   $rack_base_uris              = undef,
   $headers                     = undef,
   $request_headers             = undef,
@@ -88,6 +89,7 @@
   $wsgi_process_group          = undef,
   $wsgi_script_aliases         = undef,
   $wsgi_pass_authorization     = undef,
+  $wsgi_chunked_request        = undef,
   $custom_fragment             = undef,
   $itk                         = undef,
   $action                      = undef,
@@ -96,7 +98,14 @@
   $fastcgi_dir                 = undef,
   $additional_includes         = [],
   $apache_version              = $::apache::apache_version,
+  $allow_encoded_slashes       = undef,
   $suexec_user_group           = undef,
+  $passenger_app_root          = undef,
+  $passenger_ruby              = undef,
+  $passenger_min_instances     = undef,
+  $passenger_start_timeout     = undef,
+  $passenger_pre_start         = undef,
+  $add_default_charset         = undef,
 ) {
   # The base class must be included first because it is used by parameter defaults
   if ! defined(Class['apache']) {
@@ -122,6 +131,8 @@
     validate_hash($rewrites[0])
   }
 
+  # Input validation begins
+
   if $suexec_user_group {
     validate_re($suexec_user_group, '^\w+ \w+$',
     "${suexec_user_group} is not supported for suexec_user_group.  Must be 'user group'.")
@@ -182,6 +193,12 @@
     validate_string($custom_fragment)
   }
 
+  if $allow_encoded_slashes {
+    validate_re($allow_encoded_slashes, '(^on$|^off$|^nodecode$)', "${allow_encoded_slashes} is not permitted for allow_encoded_slashes. Allowed values are 'on', 'off' or 'nodecode'.")
+  }
+
+  # Input validation ends
+
   if $ssl and $ensure == 'present' {
     include ::apache::mod::ssl
     # Required for the AddType lines.
@@ -200,6 +217,10 @@
     include ::apache::mod::suexec
   }
 
+  if $passenger_app_root or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start {
+    include ::apache::mod::passenger
+  }
+
   # Configure the defaultness of a vhost
   if $priority {
     $priority_real = $priority
@@ -239,6 +260,9 @@
   # Is apache::mod::passenger enabled (or apache::mod['passenger'])
   $passenger_enabled = defined(Apache::Mod['passenger'])
 
+  # Is apache::mod::shib enabled (or apache::mod['shib2'])
+  $shibboleth_enabled = defined(Apache::Mod['shib2'])
+
   # Define log file names
   if $access_log_file {
     $access_log_destination = "${logroot}/${access_log_file}"
@@ -473,6 +497,7 @@
   # - $docroot
   # - $apache_version
   # - $suphp_engine
+  # - $shibboleth_enabled
   if $_directories and ! empty($_directories) {
     concat::fragment { "${name}-directories":
       target  => "${priority_real}-${filename}.conf",
@@ -588,9 +613,11 @@
   # - $redirect_status_a
   # - $redirectmatch_status
   # - $redirectmatch_regexp
+  # - $redirectmatch_dest
   # - $redirectmatch_status_a
   # - $redirectmatch_regexp_a
-  if ($redirect_source and $redirect_dest) or ($redirectmatch_status and $redirectmatch_regexp) {
+  # - $redirectmatch_dest
+  if ($redirect_source and $redirect_dest) or ($redirectmatch_status and $redirectmatch_regexp and $redirectmatch_dest) {
     concat::fragment { "${name}-redirect":
       target  => "${priority_real}-${filename}.conf",
       order   => 150,
@@ -762,6 +789,28 @@
     }
   }
 
+  # Template uses:
+  # - $passenger_app_root
+  # - $passenger_ruby
+  # - $passenger_min_instances
+  # - $passenger_start_timeout
+  # - $passenger_pre_start
+  concat::fragment { "${name}-passenger":
+    target  => "${priority_real}-${filename}.conf",
+    order   => 290,
+    content => template('apache/vhost/_passenger.erb'),
+  }
+
+  # Template uses:
+  # - $add_default_charset
+  if $add_default_charset {
+    concat::fragment { "${name}-charsets":
+      target  => "${priority_real}-${filename}.conf",
+      order   => 300,
+      content => template('apache/vhost/_charsets.erb'),
+    }
+  }
+
   # Template uses no variables
   concat::fragment { "${name}-file_footer":
     target  => "${priority_real}-${filename}.conf",

diff --git a/metadata.json b/metadata.json
@@ -73,7 +73,7 @@
     },
     {
       "name": "puppetlabs/concat",
-      "version_requirement": ">= 1.1.0"
+      "version_requirement": ">= 1.1.1"
     }
   ]
 }
diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb
@@ -768,7 +768,10 @@ class { 'apache': }
         host { 'test.server': ip => '127.0.0.1' }
         apache::vhost { 'test.server':
           docroot    => '/tmp',
-          aliases => [{ alias => '/image', path => '/ftp/pub/image' }],
+          aliases => [
+            { alias       => '/image'    , path => '/ftp/pub/image' }   ,
+            { scriptalias => '/myscript' , path => '/usr/share/myscript' }
+          ],
         }
       EOS
       apply_manifest(pp, :catch_failures => true)
@@ -777,6 +780,7 @@ class { 'apache': }
     describe file("#{$vhost_dir}/25-test.server.conf") do
       it { is_expected.to be_file }
       it { is_expected.to contain 'Alias /image "/ftp/pub/image"' }
+      it { is_expected.to contain 'ScriptAlias /myscript "/usr/share/myscript"' }
     end
   end
 
@@ -1077,7 +1081,8 @@ class { 'apache::mod::wsgi': }
           wsgi_daemon_process_options => {processes => '2'},
           wsgi_process_group          => 'nobody',
           wsgi_script_aliases         => { '/test' => '/test1' },
-    wsgi_pass_authorization     => 'On',
+          wsgi_pass_authorization     => 'On',
+          wsgi_chunked_request        => 'On',
         }
       EOS
       apply_manifest(pp, :catch_failures => true)
@@ -1097,7 +1102,8 @@ class { 'apache::mod::wsgi': }
           wsgi_import_script_options  => { application-group => '%{GLOBAL}', process-group => 'wsgi' },
           wsgi_process_group          => 'nobody',
           wsgi_script_aliases         => { '/test' => '/test1' },
-    wsgi_pass_authorization     => 'On',
+          wsgi_pass_authorization     => 'On',
+          wsgi_chunked_request        => 'On',
         }
       EOS
       apply_manifest(pp, :catch_failures => true)
@@ -1111,6 +1117,7 @@ class { 'apache::mod::wsgi': }
       it { is_expected.to contain 'WSGIProcessGroup nobody' }
       it { is_expected.to contain 'WSGIScriptAlias /test "/test1"' }
       it { is_expected.to contain 'WSGIPassAuthorization On' }
+      it { is_expected.to contain 'WSGIChunkedRequest On' }
     end
   end
 

diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb
@@ -94,6 +94,14 @@
       it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^IncludeOptional "/etc/apache2/conf\.d/\*\.conf"$} }
     end
 
+    context "when specifying slash encoding behaviour" do
+      let :params do
+        { :allow_encoded_slashes => 'nodecode' }
+      end
+
+      it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^AllowEncodedSlashes nodecode$} }
+    end
+
     # Assert that both load files and conf files are placed and symlinked for these mods
     [
       'alias',
@@ -305,6 +313,14 @@
         it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^IncludeOptional "/etc/httpd/conf\.d/\*\.conf"$} }
       end
 
+      context "when specifying slash encoding behaviour" do
+        let :params do
+          { :allow_encoded_slashes => 'nodecode' }
+        end
+
+        it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^AllowEncodedSlashes nodecode$} }
+      end
+
       it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/site\.d/\*"$} }
       it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/mod\.d/\*\.conf"$} }
       it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/mod\.d/\*\.load"$} }

diff --git a/spec/classes/mod/shib_spec.rb b/spec/classes/mod/shib_spec.rb
@@ -0,0 +1,40 @@
+describe 'apache::mod::shib', :type => :class do
+  let :pre_condition do
+    'include apache'
+  end
+  context "on a Debian OS" do
+    let :facts do
+      {
+        :osfamily               => 'Debian',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :lsbdistcodename        => 'squeeze',
+        :operatingsystem        => 'Debian',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :fqdn                   => 'test.example.com',
+      }
+    end
+    describe 'with no parameters' do
+      it { should contain_apache__mod('shib2').with_id('mod_shib') }
+    end
+  end
+  context "on a RedHat OS" do
+    let :facts do
+      {
+        :osfamily               => 'RedHat',
+        :operatingsystemrelease => '6',
+        :concat_basedir         => '/dne',
+        :operatingsystem        => 'RedHat',
+        :id                     => 'root',
+        :kernel                 => 'Linux',
+        :path                   => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+        :fqdn                   => 'test.example.com',
+      }
+    end
+    describe 'with no parameters' do
+      it { should contain_apache__mod('shib2').with_id('mod_shib') }
+    end
+  end
+end