diff --git a/manifests/resource/streamhost.pp b/manifests/resource/streamhost.pp index 35c6c0f38..b2b6a4883 100644 --- a/manifests/resource/streamhost.pp +++ b/manifests/resource/streamhost.pp @@ -47,6 +47,10 @@ # nginx::resource::streamhost { 'test2.local': # ensure => present, # } +# @param allow +# Locations to allow connections from +# @param deny +# Locations to deny connections from # define nginx::resource::streamhost ( Enum['absent', 'present'] $ensure = 'present', @@ -66,6 +70,8 @@ String $owner = $nginx::global_owner, String $group = $nginx::global_group, String $mode = $nginx::global_mode, + Array $allow = [], + Array $deny = [], ) { if ! defined(Class['nginx']) { fail('You must include the nginx base class before using any defined resources') diff --git a/spec/defines/resource_stream_spec.rb b/spec/defines/resource_stream_spec.rb index 8508cf6dd..a20e3bf23 100644 --- a/spec/defines/resource_stream_spec.rb +++ b/spec/defines/resource_stream_spec.rb @@ -112,6 +112,18 @@ value: ['203.0.113.1', '203.0.113.2'], match: %r{\s+resolver\s+203.0.113.1 203.0.113.2;} }, + { + title: 'should set allow(s)', + attr: 'allow', + value: ['203.0.113.1', '203.0.113.2'], + match: %r{\s+allow\s+203.0.113.1;} + }, + { + title: 'should set deny(s)', + attr: 'deny', + value: ['203.0.113.1', '203.0.113.2'], + match: %r{\s+deny\s+203.0.113.1;} + }, { title: 'should contain raw_prepend directives', attr: 'raw_prepend', diff --git a/templates/streamhost/streamhost.erb b/templates/streamhost/streamhost.erb index e9549c42b..31caa1227 100644 --- a/templates/streamhost/streamhost.erb +++ b/templates/streamhost/streamhost.erb @@ -22,15 +22,26 @@ server { resolver <% @resolver.each do |res| %> <%= res %><% end %>; <%- end -%> - <% Array(@raw_prepend).each do |line| -%> - <%= line %> - <% end %> +<% if @allow -%> + <%- @allow.flatten.uniq.each do |allow_rule| -%> + allow <%= allow_rule %>; + <%- end -%> +<% end -%> +<% if @deny -%> + <%- @deny.uniq.each do |deny_rule| -%> + deny <%= deny_rule %>; + <%- end -%> +<% end -%> + +<% Array(@raw_prepend).each do |line| -%> +<%= line %> +<% end %> proxy_timeout <%= @proxy_read_timeout %>; proxy_connect_timeout <%= @proxy_connect_timeout %>; proxy_pass <%= @proxy %>; - <% Array(@raw_append).each do |line| -%> - <%= line %> - <% end -%> +<% Array(@raw_append).each do |line| -%> +<%= line %> +<% end -%> }