Merge pull request #30 from Oefenweb/pr-27

Add Support for ACL and Rsprep definitions
Oefenweb · Sep 19, 2016 · 7a7f607 · 7a7f607
2 parents 77e8b11 + e47fc36
commit 7a7f607
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -105,6 +105,11 @@ Set up (the latest version of) [HAProxy](http://www.haproxy.org/) in Ubuntu syst
 * `haproxy_listen.{n}.redirect`: [optional]: Return an HTTP redirection if/unless a condition is matched
 * `haproxy_listen.{n}.redirect.{n}.string`: [required]: The complete line to be added. Any space or known delimiter must be escaped using a backslash (`'\'`) (in version < 1.6)
 * `haproxy_listen.{n}.redirect.{n}.cond`: [optional]: A condition to apply this rule
+* `haproxy_listen.{n}.acl`: [optional]: Create an ACL check which can be later used in evaluations/conditionals
+* `haproxy_listen.{n}.acl.{n}.string`: [required]: ACL entry to be used in conditional check later
+* `haproxy_listen.{n}.rsprep`: [optional]: Response regexp edit definition
+* `haproxy_listen.{n}.rsprep.{n}.string`: [required]: Regexp definition to be used on response
+* `haproxy_listen.{n}.rsprep.{n}.cond`: [optional]: A condition to apply this rule
 
 * `haproxy_frontend`: [default: `[]`]: Front-end declarations
 * `haproxy_frontend.{n}.name`: [required]: The name of the section (e.g. `https`)
@@ -140,6 +145,11 @@ Set up (the latest version of) [HAProxy](http://www.haproxy.org/) in Ubuntu syst
 * `haproxy_frontend.{n}.redirect`: [optional]: Return an HTTP redirection if/unless a condition is matched
 * `haproxy_frontend.{n}.redirect.{n}.string`: [required]: The complete line to be added. Any space or known delimiter must be escaped using a backslash (`'\'`) (in version < 1.6)
 * `haproxy_frontend.{n}.redirect.{n}.cond`: [optional]: A condition to apply this rule
+* `haproxy_frontend.{n}.acl`: [optional]: Create an ACL check which can be later used in evaluations/conditionals
+* `haproxy_frontend.{n}.acl.{n}.string`: [required]: ACL entry to be used in conditional check later
+* `haproxy_frontend.{n}.rsprep`: [optional]: Response regexp edit definition
+* `haproxy_frontend.{n}.rsprep.{n}.string`: [required]: Regexp definition to be used on response
+* `haproxy_frontend.{n}.rsprep.{n}.cond`: [optional]: A condition to apply this rule
 
 * `haproxy_backend`: [default: `[]`]: Back-end declarations
 * `haproxy_backend.{n}.name`: [required]: The name of the section (e.g. `webservers`)
@@ -340,6 +350,8 @@ None
           - 2
           - 3
           - 4
+        acl:
+          - string: secure dst_port eq 443
         mode: http
         server:
           - name: "{{ inventory_hostname }}"
@@ -348,6 +360,9 @@ None
               - send-proxy
         rspadd:
           - string: 'Strict-Transport-Security:\ max-age=15768000'
+        rsprep:
+          - string: '^Set-Cookie:\ (.*) Set-Cookie:\ \1;\ Secure'
+            cond: if secure
 
     haproxy_frontend:
       - name: http

diff --git a/templates/etc/haproxy/frontend.cfg.j2 b/templates/etc/haproxy/frontend.cfg.j2
@@ -31,6 +31,10 @@ frontend {{ frontend.name }}
   timeout {{ timeout.type }} {{ timeout.timeout }}
 {% endfor %}
 
+{% for acl in frontend.acl | default([]) %}
+  acl {{ acl.string }}
+{% endfor %}
+
 {% for capture in frontend.capture | default([]) %}
   capture {{ capture.type }} {{ capture.name }} len {{ capture.length }}
 {% endfor %}
@@ -50,6 +54,11 @@ frontend {{ frontend.name }}
 
 {% endfor %}
 
+{% for rsprep in frontend.rsprep | default([]) %}
+  rsprep {{ rsprep.string }}{% if rsprep.cond is defined %} {{ rsprep.cond }}{% endif %}
+
+{% endfor %}
+
 {% for redirect in frontend.redirect | default([]) %}
   redirect {{ redirect.string }}{% if redirect.cond is defined %} {{ redirect.cond }}{% endif %}
 

diff --git a/templates/etc/haproxy/listen.cfg.j2 b/templates/etc/haproxy/listen.cfg.j2
@@ -39,6 +39,10 @@ listen {{ listen.name }}
   timeout {{ timeout.type }} {{ timeout.timeout }}
 {% endfor %}
 
+{% for acl in listen.acl | default([]) %}
+  acl {{ acl.string }}
+{% endfor %}
+
 {% for capture in listen.capture | default([]) %}
   capture {{ capture.type }} {{ capture.name }} len {{ capture.length }}
 {% endfor %}
@@ -78,6 +82,11 @@ listen {{ listen.name }}
 
 {% endfor %}
 
+{% for rsprep in listen.rsprep | default([]) %}
+  rsprep {{ rsprep.string }}{% if rsprep.cond is defined %} {{ rsprep.cond }}{% endif %}
+
+{% endfor %}
+
 {% for redirect in listen.redirect | default([]) %}
   redirect {{ redirect.string }}{% if redirect.cond is defined %} {{ redirect.cond }}{% endif %}