support listening on specific interfaces

This allows "http_port host:port" configuration constructs, instead of just specifying the port and listening on all interfaces. Pre-1.0.0 versions used to allow "host:port" as port/title arg, because the input wasn't sufficiently checked.
voxpupuli · Jul 19, 2018 · 798001c · 798001c
1 parent d12f963
commit 798001c
Show file tree

Hide file tree

Showing 4 changed files with 93 additions and 17 deletions.
diff --git a/README.md b/README.md
@@ -323,17 +323,24 @@ squid::http_port { '10001':
   ssl     => true,
   options => 'cert=/etc/squid/ssl_cert/server.cert key=/etc/squid/ssl_cert/server.key'
 }
+squid::http_port { '127.0.0.1:3128':
+}
 ```
 
 Results in a squid configuration of
 
 ```
 http_port 10000 accel vhost
 https_port 10001 cert=/etc/squid/ssl_cert/server.cert key=/etc/squid/ssl_cert/server.key
+http_port 127.0.0.1:3128
 ```
 
 #### Parameters for Type squid::http\_port
-* `port` defaults to the namevar and is the port number.
+* The title/namevar may be in the form `port` or `host:port` to provide the below values. Otherwise,
+  specify `port` explicitely, and `host` if desired.
+* `port` defaults to the port of the namevar and is the port number to listen on.
+* `host` defaults to the host part of the namevar and is the interface to listen on. If not specified,
+  Squid listens on all interfaces.
 * `options` A string to specify any options for the default. By default and empty string.
 * `ssl` A boolean.  When set to `true` creates [https_port entries](http://www.squid-cache.org/Doc/config/https_port/).  Defaults to `false`.
 

diff --git a/manifests/http_port.pp b/manifests/http_port.pp
@@ -1,24 +1,42 @@
 define squid::http_port (
-  Variant[Pattern[/\d+/], Integer]
-          $port    = $title,
-  Boolean $ssl     = false,
-  String  $options = '',
-  String  $order   = '05',
+  Optional[Integer] $port    = undef,
+  Optional[String]  $host    = undef,
+  Boolean           $ssl     = false,
+  String            $options = '',
+  String            $order   = '05',
 ) {
 
+  if $port == undef {
+    if $title =~ /^(?:.+:)?(\d+)$/ {
+      $_port = Integer($1)
+    } else {
+      fail("port couldn't be determined from title nor args")
+    }
+  } else {
+    $_port = $port
+  }
+
+  # Only grab the host from the title if no port arg given and the title is
+  # very likely to mean host:port. This should be backward-compatible with
+  # client code from before this feature was introduced.
+  if $port == undef and $host == undef and $title =~ /^(.+):\d+$/ {
+    $_host = $1
+  } else {
+    $_host = $host # May be undef
+  }
+
   $protocol = $ssl ? {
     true    => 'https',
     default => 'http',
   }
 
-  concat::fragment{"squid_${protocol}_port_${port}":
+  concat::fragment{"squid_${protocol}_port_${title}":
     target  => $squid::config,
     content => template('squid/squid.conf.port.erb'),
     order   => "30-${order}",
   }
 
   if $facts['selinux'] == true {
-    $_port = Integer($port)
     selinux::port{"selinux port squid_port_t ${_port}":
       ensure   => 'present',
       seltype  => 'squid_port_t',

diff --git a/spec/defines/http_port_spec.rb b/spec/defines/http_port_spec.rb
@@ -12,25 +12,69 @@
          }
         '
       end
-      let(:title) { '1000' }
 
       context 'when parameters are unset' do
+        let(:title) { '1000' }
         it { is_expected.to contain_concat_fragment('squid_http_port_1000').with_target('/tmp/squid.conf') }
         it { is_expected.to contain_concat_fragment('squid_http_port_1000').with_order('30-05') }
         it { is_expected.to contain_concat_fragment('squid_http_port_1000').with_content(%r{^http_port\s+1000\s*$}) }
       end
+      context 'when host:port title is set' do
+        let(:title) { '127.0.0.1:1500' }
+        it { is_expected.to contain_concat_fragment('squid_http_port_127.0.0.1:1500').with_content(%r{^http_port\s+127\.0\.0\.1:1500\s*$}) }
+      end
+      context 'with invalid port in host:port title' do
+        let(:title) { 'my:test' }
+        it { should_not compile }
+      end
+      context 'with "host: port" invalid title' do
+        let(:title) { 'host: 1600' }
+        it { should_not compile }
+      end
+      context 'with host:port title and port arg' do
+        let(:title) { 'host:1650' }
+        let(:params) do
+          {
+            port: 1650,
+          }
+        end
+        # Ignore the host part of the title if a port is specified
+        it { is_expected.to contain_concat_fragment('squid_http_port_host:1650').with_content(%r{^http_port\s+1650\s*$}) }
+      end
+      context 'when host and port parameters are set' do
+        let(:title) { 'test' }
+        let(:params) do
+          {
+            port: 1700,
+            host: '127.0.0.1'
+          }
+        end
+        it { is_expected.to contain_concat_fragment('squid_http_port_test').with_content(%r{^http_port\s+127\.0\.0\.1:1700\s*$}) }
+      end
       context 'when parameters are set' do
+        let(:title) { 'my:test' } # Arguments shoud override title
+        let(:params) do
+          {
+            port:    2000,
+            options: 'special for 2000',
+            order:   '08'
+          }
+        end
+
+        it { is_expected.to contain_concat_fragment('squid_http_port_my:test').with_target('/tmp/squid.conf') }
+        it { is_expected.to contain_concat_fragment('squid_http_port_my:test').with_order('30-08') }
+        it { is_expected.to contain_concat_fragment('squid_http_port_my:test').with_content(%r{^http_port\s+2000\s+special for 2000$}) }
+      end
+      context 'with host overriding invalid title' do
+        let(:title) { 'my:test' }
         let(:params) do
           {
-            port: 2000,
-            options:  'special for 2000',
-            order: '08'
+            port:    2100,
+            host:    'host',
           }
         end
 
-        it { is_expected.to contain_concat_fragment('squid_http_port_2000').with_target('/tmp/squid.conf') }
-        it { is_expected.to contain_concat_fragment('squid_http_port_2000').with_order('30-08') }
-        it { is_expected.to contain_concat_fragment('squid_http_port_2000').with_content(%r{^http_port\s+2000\s+special for 2000$}) }
+        it { is_expected.to contain_concat_fragment('squid_http_port_my:test').with_content(%r{^http_port\s+host:2100\s*$}) }
       end
       context 'when ssl => true' do
         let(:title) { '3000' }

diff --git a/templates/squid.conf.port.erb b/templates/squid.conf.port.erb
@@ -1,3 +1,10 @@
-# fragment for <%= @protocol %>_port <%= @port %>
-<%= @protocol %>_port <%= @port %> <%= @options %>
+<%
+  if @_host == nil then
+    host_port = @_port
+  else
+    host_port = "#{@_host}:#{@_port}"
+  end
+-%>
+# fragment for <%= @protocol %>_port <%= host_port %>
+<%= @protocol %>_port <%= host_port %> <%= @options %>