modules/adblockplus/manifests/web/fileserver/repository.pp - Issue 29795567: #11371 - Password protection for fileserver repositories

Delta Between Two Patch Sets: modules/adblockplus/manifests/web/fileserver/repository.pp

Issue 29795567: #11371 - Password protection for fileserver repositories (Closed)

Left Patch Set: Created May 31, 2018, 4:19 p.m.

Right Patch Set: For comment 7 Created June 5, 2018, 6:47 p.m.

Left:
Right:

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

Left: Side by side diff | Download
Right: Side by side diff | Download

LEFT	RIGHT
1 # == Type: adblockplus::web::fileserver::repository	1 # == Type: adblockplus::web::fileserver::repository

2 #	2 #

3 # Manage a repository on a fileserver.	3 # Manage a repository on a fileserver.

4 #	4 #

5 # A repository is a site where a group of people can upload and artifacts.	5 # A repository is a site where a group of people can upload and artifacts.

6 #	6 #

7 # In its current form, a repository is simply a directory exposed on a web	7 # In its current form, a repository is simply a directory exposed on a web

8 # server. This may evolve to make use of more advanced repositories in the	8 # server. This may evolve to make use of more advanced repositories in the

9 # future (proxy to repository manager, or 3rd-party service, etc).	9 # future (proxy to repository manager, or 3rd-party service, etc).

10 #	10 #

11 # === parameters:	11 # === parameters:

12 #	12 #

13 # [ensure]	13 # [ensure]

14 # Whether to set up the repository or not. Removing repositories is not	14 # Whether to set up the repository or not. Removing repositories is not

15 # supported.	15 # supported.

16 #	16 #

17 # [users]	17 # [users]

18 # System users that should be created and added to the group that has	18 # System users that should be created and added to the group that has

19 # write permissions for the repository directory	19 # write permissions for the repository directory

20 #	20 #

21 # [auth_users]	21 # [auth_file]

22 # Array of users in the form of user:hash, used for http basic authentication	22 # Overwrite the default options of the authentication file used for basic

	23 # http authentication for nginx.

23 #	24 #

24 define adblockplus::web::fileserver::repository (	25 define adblockplus::web::fileserver::repository (

25 $ensure = 'present',	26 $ensure = 'present',

26 $users = {},	27 $users = {},

27 $auth_users = [],	28 $auth_file = undef,

28 ){	29 ){

29	30

30 $repositories_directory = "$adblockplus::directory/fileserver"	31 $repositories_directory = "$adblockplus::directory/fileserver"

31 $repository_directory = "$repositories_directory/$name"	32 $repository_directory = "$repositories_directory/$name"

32 $group_name = "www-$name"	33 $group_name = "www-$name"

33 $repository_host = $name ? {	34 $repository_host = $name ? {

34 'www' => "$adblockplus::web::fileserver::domain",	35 'www' => "$adblockplus::web::fileserver::domain",

35 default => "$name.$adblockplus::web::fileserver::domain",	36 default => "$name.$adblockplus::web::fileserver::domain",

36 }	37 }

37 $auth_file = "$adblockplus::directory/${name}_htpasswd"	38 $auth_filename = "${::adblockplus::directory}/htpasswd/${name}"

38	39

39 nginx::hostconfig{ "$repository_host":	40 nginx::hostconfig {"$repository_host":

40 content => template("adblockplus/web/fileserver.conf.erb"),	41 content => template("adblockplus/web/fileserver.conf.erb"),

41 is_default => false,	42 is_default => false,

42 certificate => $adblockplus::web::fileserver::certificate,	43 certificate => $adblockplus::web::fileserver::certificate,

43 private_key => $adblockplus::web::fileserver::private_key,	44 private_key => $adblockplus::web::fileserver::private_key,

44 log => 'access_log_fileserver',	45 log => 'access_log_fileserver',

45 }	46 }

46	47

47 file {"$auth_file":	48 if $auth_file != undef {

48 ensure => ensure_file_state($ensure),	49 ensure_resource('file', $auth_filename, merge({

49 content => inline_template('<%= @auth_users.join("\n") if @auth_users %>')	50 ensure => ensure_file_state($ensure),

	51 }, $auth_file))

50 }	52 }

51	53

52 group {"$group_name":	54 group {"$group_name":

53 ensure => $ensure,	55 ensure => $ensure,

54 }	56 }

55	57

56 file {"$repository_directory":	58 file {"$repository_directory":

57 ensure => ensure_directory_state($ensure),	59 ensure => ensure_directory_state($ensure),

58 group => $group_name,	60 group => $group_name,

59 mode => '0775',	61 mode => '0775',

(...skipping 11 matching lines...) Expand all Loading...
71	73

72 realize(File[$adblockplus::directory])	74 realize(File[$adblockplus::directory])

73	75

74 file {"/var/www/$repository_host":	76 file {"/var/www/$repository_host":

75 ensure => ensure_symlink_state($ensure),	77 ensure => ensure_symlink_state($ensure),

76 target => "$repository_directory",	78 target => "$repository_directory",

77 require => File["$repository_directory"],	79 require => File["$repository_directory"],

78 }	80 }

79 }	81 }

80	82

LEFT	RIGHT