From 2d58357042e7681ae169d01e1a403cc805627037 Mon Sep 17 00:00:00 2001 From: Yoann Laissus Date: Sun, 15 Jun 2014 11:13:40 +0200 Subject: [PATCH] Add the Satisfy parameter to the directory fragment. --- README.md | 14 ++++++ spec/acceptance/vhost_spec.rb | 78 ++++++++++++++++++++++++++++++++ spec/defines/vhost_spec.rb | 10 ++++ templates/vhost/_directories.erb | 3 ++ 4 files changed, 105 insertions(+) diff --git a/README.md b/README.md index 385130df3..d66092b39 100644 --- a/README.md +++ b/README.md @@ -1413,6 +1413,20 @@ Sets the order of processing Allow and Deny statements as per [Apache core docum } ``` +######`satisfy` + +Sets a `Satisfy` directive as per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#satisfy). **Deprecated:** This parameter is being deprecated due to a change in Apache. It will only work with Apache 2.2 and lower. + +```puppet + apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + satisfy => 'Any', + } + ], + } + ######`sethandler` Sets a `SetHandler` directive as per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#sethandler). An example: diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index c43d3f9e9..38f40f791 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -297,6 +297,84 @@ class { 'apache': } shell("/usr/bin/curl -sSf files.example.net:80/server-status?auto").stdout.should match(/Scoreboard: /) end end + + describe 'Satisfy and Auth directive' do + it 'should configure a vhost with Satisfy and Auth directive' do + pp = <<-EOS + class { 'apache': } + host { 'files.example.net': ip => '127.0.0.1', } + apache::vhost { 'files.example.net': + docroot => '/var/www/files', + directories => [ + { + path => '/var/www/files/foo', + auth_type => 'Basic', + auth_name => 'Basic Auth', + auth_user_file => '/var/www/htpasswd', + auth_require => "valid-user", + }, + { + path => '/var/www/files/bar', + auth_type => 'Basic', + auth_name => 'Basic Auth', + auth_user_file => '/var/www/htpasswd', + auth_require => 'valid-user', + satisfy => 'Any', + }, + { + path => '/var/www/files/baz', + allow => 'from 10.10.10.10', + auth_type => 'Basic', + auth_name => 'Basic Auth', + auth_user_file => '/var/www/htpasswd', + auth_require => 'valid-user', + satisfy => 'Any', + }, + ], + } + file { '/var/www/files/foo': + ensure => directory, + } + file { '/var/www/files/bar': + ensure => directory, + } + file { '/var/www/files/baz': + ensure => directory, + } + file { '/var/www/files/foo/index.html': + ensure => file, + content => "Hello World\\n", + } + file { '/var/www/files/bar/index.html': + ensure => file, + content => "Hello World\\n", + } + file { '/var/www/files/baz/index.html': + ensure => file, + content => "Hello World\\n", + } + file { '/var/www/htpasswd': + ensure => file, + content => "login:IZ7jMcLSx0oQk", # "password" as password + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service($service_name) do + it { should be_enabled } + it { should be_running } + end + + it 'should answer to files.example.net' do + shell("/usr/bin/curl -sSf files.example.net:80/foo/index.html", {:acceptable_exit_codes => 22}).stderr.should match(/curl: \(22\) The requested URL returned error: 401/) + shell("/usr/bin/curl -sSf -u login:password files.example.net:80/foo/index.html").stdout.should eq("Hello World\n") + shell("/usr/bin/curl -sSf files.example.net:80/bar/index.html").stdout.should eq("Hello World\n") + shell("/usr/bin/curl -sSf -u login:password files.example.net:80/bar/index.html").stdout.should eq("Hello World\n") + shell("/usr/bin/curl -sSf files.example.net:80/baz/index.html", {:acceptable_exit_codes => 22}).stderr.should match(/curl: \(22\) The requested URL returned error: 401/) + shell("/usr/bin/curl -sSf -u login:password files.example.net:80/baz/index.html").stdout.should eq("Hello World\n") + end + end end case fact('lsbdistcodename') diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 4037b3011..90a779854 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -717,6 +717,11 @@ 'order' => 'deny,yned', 'passenger_enabled' => 'onf', 'sethandler' => 'None', + 'auth_type' => 'Basic', + 'auth_name' => 'Basic Auth', + 'auth_user_file' => '/opt/app/htpasswd', + 'auth_require' => 'valid-user', + 'satisfy' => 'Any', }, :match => [ /^ $/, @@ -728,6 +733,11 @@ /^ Order deny,yned$/, /^ SetHandler None$/, /^ PassengerEnabled onf$/, + /^ AuthType Basic$/, + /^ AuthName "Basic Auth"$/, + /^ AuthUserFile \/opt\/app\/htpasswd$/, + /^ Require valid-user$/, + /^ Satisfy Any$/, /^ <\/Directory>$/, ], }, diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index f4307c761..ea2db8bdc 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -63,6 +63,9 @@ <%- else -%> Allow from all <%- end -%> + <%- if directory['satisfy'] and directory['satisfy'] != '' -%> + Satisfy <%= directory['satisfy'] %> + <%- end -%> <%- end -%> <%- if directory['addhandlers'] and ! directory['addhandlers'].empty? -%> <%- [directory['addhandlers']].flatten.compact.each do |addhandler| -%>