diff options
| author | Pascal Terjan <pterjan@gmail.com> | 2016-02-07 13:18:50 +0100 |
|---|---|---|
| committer | Olivier Blin <dev@blino.org> | 2016-02-07 13:59:29 +0100 |
| commit | d1231434e7aaa67247e031e67536c700dc2cebf1 (patch) | |
| tree | 33de870bbe6ba1d15039542a620ffa7051dc2b1a /modules/buildsystem | |
| parent | f7598c059717dcec44486be9747af8fe5221f208 (diff) | |
| download | puppet-d1231434e7aaa67247e031e67536c700dc2cebf1.tar puppet-d1231434e7aaa67247e031e67536c700dc2cebf1.tar.gz puppet-d1231434e7aaa67247e031e67536c700dc2cebf1.tar.bz2 puppet-d1231434e7aaa67247e031e67536c700dc2cebf1.tar.xz puppet-d1231434e7aaa67247e031e67536c700dc2cebf1.zip | |
Switch to Apache 2.4 auth config for repository vhost
Diffstat (limited to 'modules/buildsystem')
| -rw-r--r-- | modules/buildsystem/manifests/var/distros.pp | 3 | ||||
| -rw-r--r-- | modules/buildsystem/templates/vhost_repository.conf | 27 |
2 files changed, 21 insertions, 9 deletions
diff --git a/modules/buildsystem/manifests/var/distros.pp b/modules/buildsystem/manifests/var/distros.pp index aa303191..72b386cc 100644 --- a/modules/buildsystem/manifests/var/distros.pp +++ b/modules/buildsystem/manifests/var/distros.pp @@ -75,7 +75,8 @@ # # list of IP or hostnames allowed to access this distro on the # # repository. If you don't want to filter allowed IPs, don't set # # this value -# 'repo_allow_from' => [ '127.0.0.1', '10.0.0.1', ".${::domain}" ], +# 'repo_allow_from_ips' => [ '127.0.0.1', '10.0.0.1' ], +# 'repo_allow_from_domains' => [ ".${::domain}" ], # Optionally, the distribution can be based on the repos from an other # distribution. In this example we're saying that the distribution is # based on 2/core/release and 2/core/updates. diff --git a/modules/buildsystem/templates/vhost_repository.conf b/modules/buildsystem/templates/vhost_repository.conf index d16cdb63..45ebaf32 100644 --- a/modules/buildsystem/templates/vhost_repository.conf +++ b/modules/buildsystem/templates/vhost_repository.conf @@ -23,7 +23,21 @@ distros = scope.lookupvar('buildsystem::var::distros::distros') <%- distros.keys.sort.each{|distroname| distro = distros[distroname] - allow_from = distro['repo_allow_from'] != nil ? distro['repo_allow_from'] : [ 'all' ] + if distro['repo_allow_from_ips'] != nil || distro['repo_allow_from_domains'] != nil then + access_requires = [ 'all denied' ] + if distro['repo_allow_from_ips'] != nil then + for allow in distro['repo_allow_from_ips'] do + access_requires << 'ip ' + allow + end + end + if distro['repo_allow_from_domains'] != nil then + for allow in distro['repo_allow_from_domains'] do + access_requires << 'host ' + allow + end + end + else + access_requires = [ 'all granted' ] + end %> Alias /bootstrap/<%= distroname %>/ "<%= bootstrap_reporoot %>/<%= distroname %>/" @@ -33,11 +47,10 @@ distros = scope.lookupvar('buildsystem::var::distros::distros') <Directory <%= bootstrap_reporoot %>/<%= distroname %>> Header append Cache-Control "public, must-revalidate" - Order deny,allow <%- - for allow in allow_from do + for req in access_requires do -%> - Allow from <%= allow %> + Require <%= req %> <%- end -%> @@ -46,12 +59,10 @@ distros = scope.lookupvar('buildsystem::var::distros::distros') <Directory <%= mirror_reporoot %>/<%= distroname %>> Header append Cache-Control "public, must-revalidate" - Order deny,allow - Deny from all <%- - for allow in allow_from do + for req in access_requires do -%> - Allow from <%= allow %> + Require <%= req %> <%- end -%> |