Add ability for handling more than one 'Allow from'-directive in _dir…

…ectories.erb
xbezdick · May 26, 2014 · 88408f1 · 88408f1
1 parent 81069bc
commit 88408f1
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -1135,7 +1135,7 @@ Sets [AddHandler](http://httpd.apache.org/docs/current/mod/mod_mime.html#addhand
 
 ######`allow`
 
-Sets an [Allow](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow) directive, which groups authorizations based on hostnames or IPs. **Deprecated:** This parameter is being deprecated due to a change in Apache. It will only work with Apache 2.2 and lower. 
+Sets an [Allow](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow) directive, which groups authorizations based on hostnames or IPs. **Deprecated:** This parameter is being deprecated due to a change in Apache. It will only work with Apache 2.2 and lower. You can use it as a single string for one rule or as an array for more than one.
 
 ```puppet
     apache::vhost { 'sample.example.net':

diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb
@@ -214,7 +214,10 @@ class { 'apache': }
           if versioncmp($apache::apache_version, '2.4') >= 0 {
             $_files_match_directory = { 'path' => 'private.html$', 'provider' => 'filesmatch', 'require' => 'all denied' }
           } else {
-            $_files_match_directory = { 'path' => 'private.html$', 'provider' => 'filesmatch', 'deny' => 'from all' }
+            $_files_match_directory = [ 
+              { 'path' => 'private.html$', 'provider' => 'filesmatch', 'deny' => 'from all' },
+              { 'path' => '/bar/bar.html', 'provider' => 'location', allow => [ 'from 127.0.0.1', ] },
+            ]
           }
 
           $_directories = [
@@ -238,6 +241,13 @@ class { 'apache': }
             ensure  => file,
             content => "Hello World\\n",
           }
+          file { '/var/www/files/bar':
+            ensure => directory,
+          }
+          file { '/var/www/files/bar/bar.html':
+            ensure  => file,
+            content => "Hello Bar\\n",
+          }
           host { 'files.example.net': ip => '127.0.0.1', }
         EOS
         apply_manifest(pp, :catch_failures => true)
@@ -252,6 +262,7 @@ class { 'apache': }
         shell("/usr/bin/curl -sSf files.example.net:80/").stdout.should eq("Hello World\n")
         shell("/usr/bin/curl -sSf files.example.net:80/foo/").stdout.should eq("Hello Foo\n")
         shell("/usr/bin/curl -sSf files.example.net:80/private.html", {:acceptable_exit_codes => 22}).stderr.should match(/curl: \(22\) The requested URL returned error: 403/)
+        shell("/usr/bin/curl -sSf files.example.net:80/bar/bar.html").stdout.should eq("Hello Bar\n")
       end
     end
 

diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb
@@ -50,7 +50,13 @@
     Deny <%= directory['deny'] %>
       <%- end -%>
       <%- if directory['allow'] and ! [ false, 'false', '' ].include?(directory['allow']) -%>
+        <%- if directory['allow'].kind_of?(Array) -%>
+          <%- Array(directory['allow']).each do |access| -%>
+    Allow <%=  access %>
+        <%- end -%>
+      <%- else -%>
     Allow <%= directory['allow'] %>
+      <%- end -%>
       <%- elsif [ 'from all', 'from All' ].include?(directory['deny']) -%>
       <%- elsif ! directory['deny'] and [ false, 'false', '' ].include?(directory['allow']) -%>
     Deny from all