├── templates ├── squid.conf.cache.erb ├── squid.conf.send_hit.erb ├── squid.conf.http_access.erb ├── squid.conf.snmp_access.erb ├── squid.conf.ssl_bump.erb ├── squid.conf.access_log.epp ├── squid.conf.icp_access.erb ├── squid.conf.acl.erb ├── squid.conf.sslproxy_cert_error.erb ├── squid.conf.auth_param.erb ├── squid.conf.port.epp ├── squid.conf.extra_config_section.erb ├── squid.conf.refresh_pattern.epp ├── squid.conf.snmp_port.epp ├── squid.conf.cache_dir.epp └── squid.conf.header.erb ├── .sync.yml ├── .msync.yml ├── types ├── size.pp ├── pkgensure.pp └── action │ └── sslbump.pp ├── .rubocop.yml ├── .github ├── labeler.yml ├── workflows │ ├── labeler.yml │ ├── ci.yml │ ├── release.yml │ └── prepare_release.yml ├── PULL_REQUEST_TEMPLATE.md ├── ISSUE_TEMPLATE.md └── release.yml ├── manifests ├── install.pp ├── service.pp ├── https_port.pp ├── ssl_bump.pp ├── icp_access.pp ├── cache.pp ├── send_hit.pp ├── sslproxy_cert_error.pp ├── acl.pp ├── snmp_access.pp ├── snmp_port.pp ├── access_log.pp ├── http_access.pp ├── auth_param.pp ├── cache_dir.pp ├── params.pp ├── extra_config_section.pp ├── refresh_pattern.pp ├── http_port.pp ├── config.pp └── init.pp ├── .puppet-lint.rc ├── .fixtures.yml ├── .editorconfig ├── spec ├── spec_helper_acceptance.rb ├── type_aliases │ └── squid_size_spec.rb ├── spec_helper.rb ├── defines │ ├── https_port_spec.rb │ ├── access_log_spec.rb │ ├── ssl_bump_spec.rb │ ├── icp_access_spec.rb │ ├── acl_spec.rb │ ├── sslproxy_cert_error_spec.rb │ ├── snmp_port_spec.rb │ ├── cache_spec.rb │ ├── send_hit_spec.rb │ ├── http_access_spec.rb │ ├── snmp_access_spec.rb │ ├── auth_param_spec.rb │ ├── refresh_pattern_spec.rb │ ├── cache_dir_spec.rb │ ├── extra_config_section_spec.rb │ └── http_port_spec.rb ├── acceptance │ └── class_spec.rb └── classes │ └── init_spec.rb ├── .gitignore ├── LICENSE ├── .pmtignore ├── Gemfile ├── Rakefile ├── HISTORY.md ├── .overcommit.yml ├── metadata.json ├── CHANGELOG.md └── README.md /templates/squid.conf.cache.erb: -------------------------------------------------------------------------------- 1 | # <%= @comment %> 2 | cache <%= @action %> <%= @value %> 3 | 4 | -------------------------------------------------------------------------------- /templates/squid.conf.send_hit.erb: -------------------------------------------------------------------------------- 1 | # <%= @comment %> 2 | send_hit <%= @action %> <%= @value %> 3 | 4 | -------------------------------------------------------------------------------- /templates/squid.conf.http_access.erb: -------------------------------------------------------------------------------- 1 | # <%= @comment %> 2 | http_access <%= @action %> <%= @value %> 3 | 4 | -------------------------------------------------------------------------------- /templates/squid.conf.snmp_access.erb: -------------------------------------------------------------------------------- 1 | # <%= @comment %> 2 | snmp_access <%= @action %> <%= @value %> 3 | 4 | -------------------------------------------------------------------------------- /.sync.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # unmanaged as installing puppet-systemd 3 | spec/spec_helper_acceptance.rb: 4 | unmanaged: true 5 | -------------------------------------------------------------------------------- /templates/squid.conf.ssl_bump.erb: -------------------------------------------------------------------------------- 1 | # ssl_bump fragment for <%= @value %> 2 | ssl_bump <%= @action %> <%= @value %> 3 | 4 | -------------------------------------------------------------------------------- /templates/squid.conf.access_log.epp: -------------------------------------------------------------------------------- 1 | # access_log fragment for <%= $module %> 2 | access_log <%= $module %>:<%= $entry %> 3 | -------------------------------------------------------------------------------- /templates/squid.conf.icp_access.erb: -------------------------------------------------------------------------------- 1 | # icp_access fragment for <%= @value %> 2 | icp_access <%= @action %> <%= @value %> 3 | 4 | -------------------------------------------------------------------------------- /templates/squid.conf.acl.erb: -------------------------------------------------------------------------------- 1 | # <%= @comment %> 2 | <% @entries.sort.each do |e| -%> 3 | acl <%= @aclname %> <%= @type %> <%= e %> 4 | <% end -%> 5 | 6 | -------------------------------------------------------------------------------- /templates/squid.conf.sslproxy_cert_error.erb: -------------------------------------------------------------------------------- 1 | # sslproxy_cert_error fragment for <%= @value %> 2 | sslproxy_cert_error <%= @action %> <%= @value %> 3 | 4 | -------------------------------------------------------------------------------- /templates/squid.conf.auth_param.erb: -------------------------------------------------------------------------------- 1 | # auth_param fragment for <%= @scheme %> 2 | <% @entries.sort.each do |e| -%> 3 | auth_param <%= @scheme %> <%= e %> 4 | <% end -%> 5 | -------------------------------------------------------------------------------- /.msync.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Managed by modulesync - DO NOT EDIT 3 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 4 | 5 | modulesync_config_version: '10.4.0' 6 | -------------------------------------------------------------------------------- /types/size.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Custom type containing the numeral value and the unit of messurement (Kilo-, Mega-, or Gigabyte) 3 | type Squid::Size = Pattern[/^\d+ [KMG]B$/] 4 | -------------------------------------------------------------------------------- /.rubocop.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Managed by modulesync - DO NOT EDIT 3 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 4 | 5 | inherit_gem: 6 | voxpupuli-test: rubocop.yml 7 | -------------------------------------------------------------------------------- /.github/labeler.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Managed by modulesync - DO NOT EDIT 3 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 4 | 5 | skip-changelog: 6 | - head-branch: ['^release-*', 'release'] 7 | -------------------------------------------------------------------------------- /manifests/install.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Installs the squid package 3 | # @api private 4 | class squid::install { 5 | package { $squid::package_name: 6 | ensure => $squid::package_ensure, 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /.puppet-lint.rc: -------------------------------------------------------------------------------- 1 | # Managed by modulesync - DO NOT EDIT 2 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 3 | 4 | --fail-on-warnings 5 | --no-parameter_documentation-check 6 | --no-parameter_types-check 7 | -------------------------------------------------------------------------------- /types/pkgensure.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Custom type representing package status and/or version 3 | type Squid::PkgEnsure = Variant[ 4 | Pattern[/^\d.*/], 5 | Enum['present', 'latest', 'absent', 'purged', 'held', 'installed'], 6 | ] 7 | -------------------------------------------------------------------------------- /.fixtures.yml: -------------------------------------------------------------------------------- 1 | --- 2 | fixtures: 3 | repositories: 4 | concat: https://github.com/puppetlabs/puppetlabs-concat.git 5 | selinux: https://github.com/voxpupuli/puppet-selinux.git 6 | stdlib: https://github.com/puppetlabs/puppetlabs-stdlib.git 7 | -------------------------------------------------------------------------------- /types/action/sslbump.pp: -------------------------------------------------------------------------------- 1 | # @summary Possible SSLBump options 2 | # 3 | type Squid::Action::SslBump = Enum[ 4 | 'bump', 5 | 'client-first', 6 | 'none', 7 | 'peek', 8 | 'peek-and-splice', 9 | 'server-first', 10 | 'splice', 11 | 'stare', 12 | 'terminate', 13 | ] 14 | -------------------------------------------------------------------------------- /templates/squid.conf.port.epp: -------------------------------------------------------------------------------- 1 | <%- | String $title, 2 | String $protocol, 3 | String $host_port, 4 | Optional[String[1]] $options, 5 | | -%> 6 | # fragment for <%= $protocol %>_port <%= $title %> 7 | <%= $protocol %>_port <%= $host_port %><% if $options { %> <%= $options %><% } %> 8 | 9 | -------------------------------------------------------------------------------- /manifests/service.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Manages the Squid daemon 3 | # @api private 4 | class squid::service inherits squid { 5 | service { $squid::service_name: 6 | ensure => $squid::ensure_service, 7 | enable => $squid::enable_service, 8 | restart => $squid::service_restart, 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | # editorconfig.org 2 | 3 | # Managed by modulesync - DO NOT EDIT 4 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 5 | 6 | root = true 7 | 8 | [*] 9 | charset = utf-8 10 | end_of_line = lf 11 | indent_size = 2 12 | tab_width = 2 13 | indent_style = space 14 | insert_final_newline = true 15 | trim_trailing_whitespace = true 16 | -------------------------------------------------------------------------------- /spec/spec_helper_acceptance.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'voxpupuli/acceptance/spec_helper_acceptance' 4 | 5 | configure_beaker do |host| 6 | on host, 'puppet module install puppet-systemd', acceptable_exit_codes: [0, 1] if fact('os.family') == 'RedHat' && fact('os.release.major') != '7' 7 | end 8 | 9 | Dir['./spec/support/acceptance/**/*.rb'].sort.each { |f| require f } 10 | -------------------------------------------------------------------------------- /templates/squid.conf.extra_config_section.erb: -------------------------------------------------------------------------------- 1 | # <%= @comment %> 2 | <% if @config_entries.is_a?(Array) -%> 3 | <% @config_entries.each do |i| -%> 4 | <% i.each do |k, v| -%> 5 | <% v.each do |v2| -%> 6 | <%= k %> <%= v2 %> 7 | <% end -%> 8 | <% end -%> 9 | <% end -%> 10 | <% else -%> 11 | <% @config_entries.each do |k,v| -%> 12 | <%= k %> <%= v.is_a?(Array) ? v.join(' ') : v %> 13 | <% end -%> 14 | <% end -%> 15 | 16 | -------------------------------------------------------------------------------- /templates/squid.conf.refresh_pattern.epp: -------------------------------------------------------------------------------- 1 | <%- | 2 | String $comment, 3 | Boolean $case_sensitive, 4 | String[1] $pattern, 5 | Integer $max, 6 | Integer $min, 7 | Integer $percent, 8 | Optional[String[1]] $options, 9 | | -%> 10 | # <%= $comment %> 11 | refresh_pattern <% unless $case_sensitive { %>-i <% } %><%= $pattern %> <%= $min %> <%= $percent %>% <%= $max %><% if $options { %> <%= $options %><% } %> 12 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Managed by modulesync - DO NOT EDIT 2 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 3 | 4 | /pkg/ 5 | /Gemfile.lock 6 | /Gemfile.local 7 | /vendor/ 8 | /.vendor/ 9 | /spec/fixtures/manifests/ 10 | /spec/fixtures/modules/ 11 | /.vagrant/ 12 | /.bundle/ 13 | /.ruby-version 14 | /coverage/ 15 | /log/ 16 | /.idea/ 17 | /.dependencies/ 18 | /.librarian/ 19 | /Puppetfile.lock 20 | *.iml 21 | .*.sw? 22 | /.yardoc/ 23 | /Guardfile 24 | bolt-debug.log 25 | .rerun.json 26 | -------------------------------------------------------------------------------- /.github/workflows/labeler.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Managed by modulesync - DO NOT EDIT 3 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 4 | 5 | name: "Pull Request Labeler" 6 | 7 | # yamllint disable-line rule:truthy 8 | on: 9 | pull_request_target: {} 10 | 11 | permissions: 12 | contents: read 13 | pull-requests: write 14 | 15 | jobs: 16 | labeler: 17 | permissions: 18 | contents: read 19 | pull-requests: write 20 | runs-on: ubuntu-latest 21 | steps: 22 | - uses: actions/labeler@v5 23 | -------------------------------------------------------------------------------- /templates/squid.conf.snmp_port.epp: -------------------------------------------------------------------------------- 1 | <%- | 2 | Variant[Stdlib::Port,Pattern[/\A\d+\z/]] $port, 3 | Optional[String[1]] $options = undef, 4 | Optional[Integer] $process_number = undef, 5 | | -%> 6 | # fragment for snmp_port <%= $port %> 7 | <% if $process_number { -%> 8 | if ${process_number} = <%= $process_number %> 9 | <% } -%> 10 | <% if $options { -%> 11 | snmp_port <%= $port %> <%= $options %> 12 | <% } else { -%> 13 | snmp_port <%= $port %> 14 | <% } -%> 15 | <% if $process_number { -%> 16 | endif 17 | <% } -%> 18 | 19 | 20 | -------------------------------------------------------------------------------- /templates/squid.conf.cache_dir.epp: -------------------------------------------------------------------------------- 1 | <%- | 2 | String[1] $path, 3 | String[1] $type, 4 | Optional[String[1]] $options = undef, 5 | Optional[Integer] $process_number = undef, 6 | | -%> 7 | # fragment for cache_dir <%= $path %> 8 | <% if $process_number { -%> 9 | if ${process_number} = <%= $process_number %> 10 | <% } -%> 11 | <% if $options { -%> 12 | cache_dir <%= $type %> <%= $path %> <%= $options %> 13 | <% } else { -%> 14 | cache_dir <%= $type %> <%= $path %> 15 | <% } -%> 16 | <% if $process_number { -%> 17 | endif 18 | <% } -%> 19 | 20 | 21 | -------------------------------------------------------------------------------- /.github/workflows/ci.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Managed by modulesync - DO NOT EDIT 3 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 4 | 5 | name: CI 6 | 7 | # yamllint disable-line rule:truthy 8 | on: 9 | pull_request: {} 10 | push: 11 | branches: 12 | - main 13 | - master 14 | 15 | concurrency: 16 | group: ${{ github.ref_name }} 17 | cancel-in-progress: true 18 | 19 | permissions: 20 | contents: read 21 | 22 | jobs: 23 | puppet: 24 | name: Puppet 25 | uses: voxpupuli/gha-puppet/.github/workflows/beaker.yml@v4 26 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Puppet Squid Module 2 | 3 | Copyright (C) 2016 CERN 4 | 5 | Licensed under the Apache License, Version 2.0 (the "License"); 6 | you may not use this file except in compliance with the License. 7 | You may obtain a copy of the License at 8 | 9 | http://www.apache.org/licenses/LICENSE-2.0 10 | 11 | Unless required by applicable law or agreed to in writing, software 12 | distributed under the License is distributed on an "AS IS" BASIS, 13 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | See the License for the specific language governing permissions and 15 | limitations under the License. 16 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | 9 | #### Pull Request (PR) description 10 | 13 | 14 | #### This Pull Request (PR) fixes the following issues 15 | 21 | -------------------------------------------------------------------------------- /.pmtignore: -------------------------------------------------------------------------------- 1 | # Managed by modulesync - DO NOT EDIT 2 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 3 | 4 | /docs/ 5 | /pkg/ 6 | /Gemfile 7 | /Gemfile.lock 8 | /Gemfile.local 9 | /vendor/ 10 | /.vendor/ 11 | /spec/ 12 | /Rakefile 13 | /.vagrant/ 14 | /.bundle/ 15 | /.ruby-version 16 | /coverage/ 17 | /log/ 18 | /.idea/ 19 | /.dependencies/ 20 | /.github/ 21 | /.librarian/ 22 | /Puppetfile.lock 23 | /Puppetfile 24 | *.iml 25 | /.editorconfig 26 | /.fixtures.yml 27 | /.gitignore 28 | /.msync.yml 29 | /.overcommit.yml 30 | /.pmtignore 31 | /.rspec 32 | /.rspec_parallel 33 | /.rubocop.yml 34 | /.sync.yml 35 | .*.sw? 36 | /.yardoc/ 37 | /.yardopts 38 | /Dockerfile 39 | /HISTORY.md 40 | -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Managed by modulesync - DO NOT EDIT 3 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 4 | 5 | name: Release 6 | 7 | # yamllint disable-line rule:truthy 8 | on: 9 | push: 10 | tags: 11 | - '*' 12 | 13 | permissions: 14 | contents: write 15 | 16 | jobs: 17 | release: 18 | name: Release 19 | uses: voxpupuli/gha-puppet/.github/workflows/release.yml@v3 20 | with: 21 | allowed_owner: 'voxpupuli' 22 | secrets: 23 | # Configure secrets here: 24 | # https://docs.github.com/en/actions/security-guides/encrypted-secrets 25 | username: ${{ secrets.PUPPET_FORGE_USERNAME }} 26 | api_key: ${{ secrets.PUPPET_FORGE_API_KEY }} 27 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | 10 | 11 | ## Affected Puppet, Ruby, OS and module versions/distributions 12 | 13 | - Puppet: 14 | - Ruby: 15 | - Distribution: 16 | - Module version: 17 | 18 | ## How to reproduce (e.g Puppet code you use) 19 | 20 | ## What are you seeing 21 | 22 | ## What behaviour did you expect instead 23 | 24 | ## Output log 25 | 26 | ## Any additional information you'd like to impart 27 | -------------------------------------------------------------------------------- /manifests/https_port.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Defines https_port entries for a squid server. Results are the same with http_port and ssl set to `true`. 3 | # @see 4 | # http://www.squid-cache.org/Doc/config/https_port/ 5 | # @param port 6 | # defaults to the namevar and is the port number. 7 | # @param options 8 | # A string to specify any options to add to the https_port line. 9 | # @param order 10 | # Order can be used to configure where in `squid.conf`this configuration section should occur. 11 | define squid::https_port ( 12 | Variant[Pattern[/\d+/], Integer] $port = $title, 13 | Optional[String[1]] $options = undef, 14 | String $order = '05', 15 | ) { 16 | squid::http_port { "${port}": # lint:ignore:only_variable_string 17 | ssl => true, 18 | options => $options, 19 | order => $order, 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | # Managed by modulesync - DO NOT EDIT 2 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 3 | 4 | source ENV['GEM_SOURCE'] || 'https://rubygems.org' 5 | 6 | group :test do 7 | gem 'voxpupuli-test', '~> 13.0', :require => false 8 | gem 'puppet_metadata', '~> 5.0', :require => false 9 | end 10 | 11 | group :development do 12 | gem 'guard-rake', :require => false 13 | gem 'overcommit', '>= 0.39.1', :require => false 14 | end 15 | 16 | group :system_tests do 17 | gem 'voxpupuli-acceptance', '~> 4.0', :require => false 18 | end 19 | 20 | group :release do 21 | gem 'voxpupuli-release', '~> 5.0', :require => false 22 | end 23 | 24 | gem 'rake', :require => false 25 | 26 | gem 'openvox', ENV.fetch('OPENVOX_GEM_VERSION', [">= 7", "< 9"]), :require => false, :groups => [:test] 27 | 28 | # vim: syntax=ruby 29 | -------------------------------------------------------------------------------- /spec/type_aliases/squid_size_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'Squid::Size' do 6 | it { is_expected.to allow_value('1 KB') } 7 | it { is_expected.to allow_value('1 MB') } 8 | it { is_expected.to allow_value('10 KB') } 9 | it { is_expected.to allow_value('9876543210 KB') } 10 | it { is_expected.to allow_value('1 GB') } 11 | it { is_expected.not_to allow_value('-1 KB') } 12 | it { is_expected.not_to allow_value('1 kB') } 13 | it { is_expected.not_to allow_value('1 Kb') } 14 | it { is_expected.not_to allow_value('1 Mb') } 15 | it { is_expected.not_to allow_value('1 KBB') } 16 | it { is_expected.not_to allow_value('a KBB') } 17 | it { is_expected.not_to allow_value('1KB') } 18 | it { is_expected.not_to allow_value('1 gb') } 19 | it { is_expected.not_to allow_value('1 Gb') } 20 | end 21 | -------------------------------------------------------------------------------- /spec/spec_helper.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | # Managed by modulesync - DO NOT EDIT 4 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 5 | 6 | # puppetlabs_spec_helper will set up coverage if the env variable is set. 7 | # We want to do this if lib exists and it hasn't been explicitly set. 8 | ENV['COVERAGE'] ||= 'yes' if Dir.exist?(File.expand_path('../lib', __dir__)) 9 | 10 | require 'voxpupuli/test/spec_helper' 11 | 12 | RSpec.configure do |c| 13 | c.facterdb_string_keys = false 14 | end 15 | 16 | add_mocked_facts! 17 | 18 | if File.exist?(File.join(__dir__, 'default_module_facts.yml')) 19 | facts = YAML.safe_load(File.read(File.join(__dir__, 'default_module_facts.yml'))) 20 | facts&.each do |name, value| 21 | add_custom_fact name.to_sym, value 22 | end 23 | end 24 | Dir['./spec/support/spec/**/*.rb'].sort.each { |f| require f } 25 | -------------------------------------------------------------------------------- /.github/workflows/prepare_release.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Managed by modulesync - DO NOT EDIT 3 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 4 | 5 | name: 'Prepare Release' 6 | 7 | on: 8 | workflow_dispatch: 9 | inputs: 10 | version: 11 | description: 'Module version to be released. Must be a valid semver string without leading v. (1.2.3)' 12 | required: false 13 | 14 | permissions: 15 | contents: write 16 | pull-requests: write 17 | 18 | jobs: 19 | release_prep: 20 | uses: 'voxpupuli/gha-puppet/.github/workflows/prepare_release.yml@v3' 21 | with: 22 | version: ${{ github.event.inputs.version }} 23 | allowed_owner: 'voxpupuli' 24 | secrets: 25 | # Configure secrets here: 26 | # https://docs.github.com/en/actions/security-guides/encrypted-secrets 27 | github_pat: '${{ secrets.PCCI_PAT_RELEASE_PREP }}' 28 | -------------------------------------------------------------------------------- /manifests/ssl_bump.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Defines ssl_bump entries for a squid server. 3 | # @see 4 | # http://www.squid-cache.org/Doc/config/ssl_bump/ 5 | # @example 6 | # squid::ssl_bump { 'all': 7 | # action => 'bump', 8 | # } 9 | # 10 | # Adds a squid.conf line 11 | # ssl_bump bump all 12 | # 13 | # @param title 14 | # The name of acl the ssl_bump rule is applied to 15 | # @param action 16 | # The type of the ssl_bump, must be defined, e.g bump, peek, .. 17 | # @param order 18 | # Order can be used to configure where in `squid.conf`this configuration section should occur. 19 | define squid::ssl_bump ( 20 | Squid::Action::SslBump $action = 'bump', 21 | String $value = $title, 22 | String $order = '05', 23 | ) { 24 | concat::fragment { "squid_ssl_bump_${action}_${value}": 25 | target => $squid::config, 26 | content => template('squid/squid.conf.ssl_bump.erb'), 27 | order => "25-${order}-${action}", 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /.github/release.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Managed by modulesync - DO NOT EDIT 3 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 4 | 5 | # https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes 6 | 7 | changelog: 8 | exclude: 9 | labels: 10 | - duplicate 11 | - invalid 12 | - modulesync 13 | - question 14 | - skip-changelog 15 | - wont-fix 16 | - wontfix 17 | 18 | categories: 19 | - title: Breaking Changes 🛠 20 | labels: 21 | - backwards-incompatible 22 | 23 | - title: New Features 🎉 24 | labels: 25 | - enhancement 26 | 27 | - title: Bug Fixes 🐛 28 | labels: 29 | - bug 30 | 31 | - title: Documentation Updates 📚 32 | labels: 33 | - documentation 34 | - docs 35 | 36 | - title: Dependency Updates ⬆️ 37 | labels: 38 | - dependencies 39 | 40 | - title: Other Changes 41 | labels: 42 | - "*" 43 | -------------------------------------------------------------------------------- /manifests/icp_access.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Defines icp_access entries for a squid server. 3 | # @see http://www.squid-cache.org/Doc/config/icp_access/ 4 | # @example 5 | # squid::icp_access { 'our_networks hosts': 6 | # action => 'allow', 7 | # } 8 | # 9 | # Adds a squid.conf line 10 | # icp_access allow our_networks hosts 11 | # 12 | # @param action 13 | # Must be `deny` or `allow`. By default it is allow. The squid.conf file is ordered so by default 14 | # all allows appear before all denys. This can be overidden with the `order` parameter. 15 | # @param order 16 | # Order can be used to configure where in `squid.conf`this configuration section should occur. 17 | define squid::icp_access ( 18 | Enum['allow', 'deny'] $action = 'allow', 19 | String $value = $title, 20 | String $order = '05', 21 | ) { 22 | concat::fragment { "squid_icp_access_${value}": 23 | target => $squid::config, 24 | content => template('squid/squid.conf.icp_access.erb'), 25 | order => "30-${order}-${action}", 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /Rakefile: -------------------------------------------------------------------------------- 1 | # Managed by modulesync - DO NOT EDIT 2 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 3 | 4 | begin 5 | require 'voxpupuli/test/rake' 6 | rescue LoadError 7 | # only available if gem group test is installed 8 | end 9 | 10 | begin 11 | require 'voxpupuli/acceptance/rake' 12 | rescue LoadError 13 | # only available if gem group acceptance is installed 14 | end 15 | 16 | begin 17 | require 'voxpupuli/release/rake_tasks' 18 | rescue LoadError 19 | # only available if gem group releases is installed 20 | else 21 | GCGConfig.user = 'voxpupuli' 22 | GCGConfig.project = 'puppet-squid' 23 | end 24 | 25 | desc "Run main 'test' task and report merged results to coveralls" 26 | task test_with_coveralls: [:test] do 27 | if Dir.exist?(File.expand_path('../lib', __FILE__)) 28 | require 'coveralls/rake/task' 29 | Coveralls::RakeTask.new 30 | Rake::Task['coveralls:push'].invoke 31 | else 32 | puts 'Skipping reporting to coveralls. Module has no lib dir' 33 | end 34 | end 35 | 36 | # vim: syntax=ruby 37 | -------------------------------------------------------------------------------- /manifests/cache.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Defines cache entries for a squid server. 3 | # @see 4 | # http://www.squid-cache.org/Doc/config/cache/ 5 | # @example 6 | # squid::cache { 'our_network_hosts_acl': 7 | # action => 'deny', 8 | # comment => 'Our networks hosts are denied for caching', 9 | # } 10 | # 11 | # Adds a squid.conf line: 12 | # #Our networks hosts denied for caching 13 | # cache deny our_network_hosts_acl 14 | # @param action 15 | # Allow/deny caching for $title 16 | # @param comment 17 | # Cache entry's preceding comment 18 | # @param order 19 | # Order can be used to configure where in `squid.conf`this configuration section should occur. 20 | define squid::cache ( 21 | Enum['allow', 'deny'] $action = 'allow', 22 | String $value = $title, 23 | String $order = '05', 24 | String $comment = "cache fragment for ${value}" 25 | ) { 26 | concat::fragment { "squid_cache_${value}": 27 | target => $squid::config, 28 | content => template('squid/squid.conf.cache.erb'), 29 | order => "21-${order}-${action}", 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /manifests/send_hit.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Defines send_hit for a squid server. 3 | # @see 4 | # http://www.squid-cache.org/Doc/config/send_hit/ 5 | # @example 6 | # squid:::send_hit{'PragmaNoCache': 7 | # action => 'deny', 8 | # } 9 | # 10 | # Adds the following squid.conf line: 11 | # send_hit deny PragmaNoCache 12 | # 13 | # @param value 14 | # Defaults to the `namevar`. The rule to allow or deny. 15 | # @param action 16 | # Must one of `deny` or `allow` 17 | # @param order 18 | # Order can be used to configure where in `squid.conf`this configuration section should occur. 19 | # @param comment 20 | # A preceeding comment to add to the configuration file. 21 | define squid::send_hit ( 22 | Enum['allow', 'deny'] $action = 'allow', 23 | String $value = $title, 24 | String $order = '05', 25 | String $comment = "send_hit fragment for ${value}" 26 | ) { 27 | concat::fragment { "squid_send_hit_${value}": 28 | target => $squid::config, 29 | content => template('squid/squid.conf.send_hit.erb'), 30 | order => "21-${order}-${action}", 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /spec/defines/https_port_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'squid::https_port' do 6 | on_supported_os.each do |os, facts| 7 | context "on #{os}" do 8 | let(:facts) do 9 | facts 10 | end 11 | let :pre_condition do 12 | ' class{"squid": 13 | config => "/tmp/squid.conf" 14 | } 15 | ' 16 | end 17 | let(:title) { '4000' } 18 | let(:params) do 19 | { 20 | options: 'some options' 21 | } 22 | end 23 | 24 | it 'uses `squid::http_port` with `ssl` set to true' do 25 | is_expected.to contain_squid__http_port('4000').with_ssl(true) 26 | end 27 | 28 | it 'passes options to `squid::http_port`' do 29 | is_expected.to contain_squid__http_port('4000').with_options('some options') 30 | end 31 | 32 | it 'results in the correct concat fragment being created' do 33 | is_expected.to contain_concat_fragment('squid_https_port_4000').with_content(%r{^https_port\s+4000\ssome options\s*$}) 34 | end 35 | end 36 | end 37 | end 38 | -------------------------------------------------------------------------------- /manifests/sslproxy_cert_error.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Defines sslproxy_cert_error entries for a squid server. 3 | # @see 4 | # http://www.squid-cache.org/Doc/config/sslproxy_cert_error/ 5 | # @example 6 | # squid::sslproxy_cert_error { 'all': 7 | # action => 'allow', 8 | # } 9 | # 10 | # Adds a squid.conf line 11 | # sslproxy_cert_error allow all 12 | # 13 | # @param value 14 | # Defaults to the `namevar` the rule to allow or deny. 15 | # @param action 16 | # Must be `deny` or `allow`. By default it is allow. The squid.conf file is ordered so by default 17 | # all allows appear before all denys. This can be overidden with the `order` parameter. 18 | # @param order 19 | # Order can be used to configure where in `squid.conf`this configuration section should occur. 20 | define squid::sslproxy_cert_error ( 21 | Enum['allow', 'deny'] $action = 'allow', 22 | String $value = $title, 23 | String $order = '05', 24 | ) { 25 | concat::fragment { "squid_sslproxy_cert_error_${action}_${value}": 26 | target => $squid::config, 27 | content => template('squid/squid.conf.sslproxy_cert_error.erb'), 28 | order => "35-${order}-${action}", 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /manifests/acl.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Defines acl entries for a squid server. 3 | # @see 4 | # http://www.squid-cache.org/Doc/config/acl/ 5 | # @example create an ACL 'remote_urls' containing two entries 6 | # squid::acl { 'remote_urls': 7 | # type => 'url_regex', 8 | # entries => ['http://example.org/path', 9 | # 'http://example.com/anotherpath'], 10 | # } 11 | # 12 | # @param type 13 | # The acltype of the acl, must be defined, e.g url_regex, urlpath_regex, port, .. 14 | # @param aclname 15 | # The name of acl, defaults to the `title`. 16 | # @param entries 17 | # An array of acl entries, multiple members results in multiple lines in squid.conf. 18 | # @param order 19 | # Each ACL has an order `05` by default this can be specified if order of ACL definition matters. 20 | define squid::acl ( 21 | String $type, 22 | String $aclname = $title, 23 | Array $entries = [], 24 | String $order = '05', 25 | String $comment = "acl fragment for ${aclname}", 26 | ) { 27 | $type_cleaned = regsubst($type,':','','G') 28 | 29 | concat::fragment { "squid_acl_${aclname}": 30 | target => $squid::config, 31 | content => template('squid/squid.conf.acl.erb'), 32 | order => "10-${order}-${type_cleaned}", 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /manifests/snmp_access.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Defines snmp_access entries for a squid server. 3 | # @see 4 | # http://www.squid-cache.org/Doc/config/snmp_access/ 5 | # @example 6 | # squid::snmp_access { 'monitoring hosts': 7 | # action => 'allow', 8 | # } 9 | # 10 | # Adds a squid.conf line 11 | # # snmp_access fragment for monitoring hosts 12 | # snmp_access allow monitoring hosts 13 | # 14 | # @example 15 | # squid::snmp_access { 'monitoring hosts': 16 | # action => 'allow', 17 | # comment => 'Our monitoring hosts are allowed', 18 | # } 19 | # Adds a squid.conf line: 20 | # # Our monitoring hosts are allowed 21 | # snmp_access allow monitoring hosts 22 | # 23 | # @param action 24 | # Allow or deny access for $title 25 | # @param order 26 | # Order can be used to configure where in `squid.conf`this configuration section should occur. 27 | # @param comment 28 | # snmp_access entry's preceding comment 29 | define squid::snmp_access ( 30 | Enum['allow', 'deny'] $action = 'allow', 31 | String $value = $title, 32 | String $order = '05', 33 | String $comment = "snmp_access fragment for ${value}" 34 | ) { 35 | concat::fragment { "squid_snmp_access_${value}": 36 | target => $squid::config, 37 | content => template('squid/squid.conf.snmp_access.erb'), 38 | order => "20-${order}-${action}", 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /manifests/snmp_port.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Defines snmp_port entries for a squid server. 3 | # @see 4 | # http://www.squid-cache.org/Doc/config/snmp_port/ 5 | # @example 6 | # squid::snmp_port { '1000': 7 | # process_number => 3 8 | # } 9 | # 10 | # Results in a squid configuration of 11 | # if ${process_number} = 3 12 | # snmp_port 1000 13 | # endif 14 | # 15 | # @param port 16 | # Defaults to the namevar and is the port number. 17 | # @param options 18 | # A string to specify any options for the default. 19 | # @param process_number 20 | # If set to and integer the snmp\_port is enabled only for a particular squid thread. Defaults to undef. 21 | # @param order 22 | # Order can be used to configure where in `squid.conf`this configuration section should occur. 23 | define squid::snmp_port ( 24 | Variant[Pattern[/\d+/], Stdlib::Port] $port = $title, 25 | Optional[String[1]] $options = undef, 26 | String $order = '05', 27 | Optional[Integer] $process_number = undef, 28 | ) { 29 | concat::fragment { "squid_snmp_port_${port}": 30 | target => $squid::config, 31 | content => epp('squid/squid.conf.snmp_port.epp', { 32 | 'port' => $port, 33 | 'options' => $options, 34 | 'process_number' => $process_number, 35 | }), 36 | order => "40-${order}", 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /spec/defines/access_log_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'squid::access_log' do 6 | on_supported_os.each do |os, facts| 7 | context "on #{os}" do 8 | let(:facts) do 9 | facts 10 | end 11 | let :pre_condition do 12 | ' class{"squid": 13 | config => "/tmp/squid.conf" 14 | } 15 | ' 16 | end 17 | let(:title) { 'myaccess_log' } 18 | 19 | context 'when parameters are set' do 20 | let(:params) do 21 | { 22 | module: 'syslog', 23 | entries: %w[foo bar], 24 | order: '57', 25 | } 26 | end 27 | 28 | it { 29 | is_expected.to contain_concat_fragment('squid_access_log_myaccess_log_foo').with( 30 | { 31 | 'target' => '/tmp/squid.conf', 32 | 'content' => %r{^access_log syslog:foo$}, 33 | 'order' => '38-57-syslog', 34 | } 35 | ) 36 | } 37 | 38 | it { 39 | is_expected.to contain_concat_fragment('squid_access_log_myaccess_log_bar').with( 40 | { 41 | 'target' => '/tmp/squid.conf', 42 | 'content' => %r{^access_log syslog:bar$}, 43 | 'order' => '38-57-syslog', 44 | } 45 | ) 46 | } 47 | end 48 | end 49 | end 50 | end 51 | -------------------------------------------------------------------------------- /manifests/access_log.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Defines access_log entries for a squid server. 3 | # @see 4 | # http://www.squid-cache.org/Doc/config/access_log/ 5 | # 6 | # @example Adds a squid.conf line: 7 | # squid::access_log: syslog:daemon squid hasRequest 8 | # 9 | # squid::access_log: { 'myAccessLog' : 10 | # module => 'syslog' 11 | # entries => [ 12 | # 'place daemon' 13 | # 'logformat squid' 14 | # 'acl hasRequest' 15 | # ], 16 | # } 17 | # 18 | # @param module 19 | # Location of access log 20 | # 21 | # @param entries 22 | # Access log entry's preceding comment 23 | # 24 | # @param order 25 | # Order can be used to configure where in `squid.conf`this configuration section should occur. 26 | # 27 | define squid::access_log ( 28 | Enum['none', 'stdio', 'daemon', 'syslog', 'udp', 'tcp'] $module, 29 | Variant[String[1], Array[String[1]]] $entries, 30 | String[1] $access_log_name = $title, 31 | String[1] $order = '50', 32 | ) { 33 | any2array($entries).each |$entry| { 34 | concat::fragment { "squid_access_log_${access_log_name}_${entry}": 35 | target => $squid::config, 36 | content => epp('squid/squid.conf.access_log.epp', { 'module' => $module, 'entry' => $entry }), 37 | order => "38-${order}-${module}", 38 | } 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /manifests/http_access.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Defines http_access entries for a squid server. 3 | # @see 4 | # https://github.com/puppetlabs/puppetlabs-docker/blob/master/REFERENCE.md 5 | # @example 6 | # squid::http_access { 'our_networks hosts': 7 | # action => 'allow', 8 | # } 9 | # 10 | # Adds a squid.conf line 11 | # # http_access fragment for out_networks hosts 12 | # http_access allow our_networks hosts 13 | # 14 | # @example 15 | # squid::http_access { 'our_networks hosts': 16 | # action => 'allow', 17 | # comment => 'Our networks hosts are allowed', 18 | # } 19 | # 20 | # Adds a squid.conf line 21 | # # Our networks hosts are allowed 22 | # http_access allow our_networks hosts 23 | # @param title 24 | # The name of the ACL the rule is applied to 25 | # @param action 26 | # allow or deny access for $title 27 | # @param order 28 | # Order can be used to configure where in `squid.conf`this configuration section should occur. 29 | # @param comment 30 | # http_access entry's preceding comment 31 | define squid::http_access ( 32 | Enum['allow', 'deny'] $action = 'allow', 33 | String $value = $title, 34 | String $order = '05', 35 | String $comment = "http_access fragment for ${value}" 36 | ) { 37 | concat::fragment { "squid_http_access_${value}": 38 | target => $squid::config, 39 | content => template('squid/squid.conf.http_access.erb'), 40 | order => "20-${order}-${action}", 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /HISTORY.md: -------------------------------------------------------------------------------- 1 | ## [v0.5.0](https://github.com/voxpupuli/puppet-squid/tree/v0.5.0) (2017-03-30) 2 | 3 | * Add beaker acceptance tests 4 | * An optional $comment param for http_access and acl (#47) 5 | * Add support for freebsd 6 | 7 | ## 2017-01-12 - Release 0.4.0 8 | 9 | Last release with Puppet 3 support! 10 | * Fix minor syntax issue in README example code 11 | * rubocop: fix RSpec/ImplicitExpect 12 | * adds logformat directive to squid.conf header 13 | * adds test for ::logformat parameter 14 | * Added ssl_bump and sslproxy_cert_error support 15 | * Added support for icp_access Squid conf setting 16 | * Fix ordering issue with missing squid user for cache_dir 17 | 18 | ## 2016-09-19 - Release 0.3.0 19 | * Add `https_port` defined type. 20 | * Add `extra_config_section` permits extra random configuration. 21 | * The `auth_params` defintions now appear before ACLs as it should. 22 | * New parameters to specify owner of configuration, daemon name 23 | and executer to control cache directory. 24 | * Addition of debian and ubuntu support. 25 | 26 | ## 2016-06-01 - Release 0.2.2 27 | * Correct documentation examples. 28 | 29 | ## 2016-06-01 - Release 0.2.1 30 | 31 | * All defined types can now be loaded as a hash to *init* and 32 | so can be loaded easily from hiera. 33 | e.g 34 | ``` 35 | class{'squid: 36 | http_ports => {'10000' => { options => 'accel vhost'}, 37 | '3000' => {}, 38 | } 39 | ``` 40 | 41 | ## 2016-04-18 - Release 0.1.1 42 | 43 | * Add tags to module metadata. 44 | 45 | ## 2016-04-13 - Release 0.1.0 46 | -------------------------------------------------------------------------------- /manifests/auth_param.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Defines auth_param entries for a squid server. 3 | # @see 4 | # http://www.squid-cache.org/Doc/config/auth_param/ 5 | # @example 6 | # squid::auth_param { 'basic auth_param': 7 | # scheme => 'basic', 8 | # entries => [ 9 | # 'program /usr/lib64/squid/basic_ncsa_auth /etc/squid/.htpasswd', 10 | # 'children 5', 11 | # 'realm Squid Basic Authentication', 12 | # 'credentialsttl 5 hours', 13 | # ], 14 | # } 15 | # would result in multi entry squid auth_param: 16 | # auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/.htpasswd 17 | # auth_param basic children 5 18 | # auth_param basic realm Squid Basic Authentication 19 | # auth_param basic credentialsttl 5 hours 20 | # 21 | # @param scheme 22 | # The scheme used for authentication must be defined. Valid values are 'basic', 'digest', 'negotiate' and 'ntlm'. 23 | # @param entries 24 | # An array of entries, multiple members results in multiple lines in squid.conf 25 | # @param order 26 | # Order can be used to configure where in `squid.conf`this configuration section should occur. 27 | define squid::auth_param ( 28 | Enum['basic', 'digest', 'negotiate', 'ntlm'] $scheme, 29 | Array $entries, 30 | String $auth_param_name = $title, 31 | String $order = '40', 32 | ) { 33 | concat::fragment { "squid_auth_param_${auth_param_name}": 34 | target => $squid::config, 35 | content => template('squid/squid.conf.auth_param.erb'), 36 | order => "05-${order}-${scheme}", 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /.overcommit.yml: -------------------------------------------------------------------------------- 1 | # Managed by modulesync - DO NOT EDIT 2 | # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ 3 | # 4 | # Hooks are only enabled if you take action. 5 | # 6 | # To enable the hooks run: 7 | # 8 | # ``` 9 | # bundle exec overcommit --install 10 | # # ensure .overcommit.yml does not harm to you and then 11 | # bundle exec overcommit --sign 12 | # ``` 13 | # 14 | # (it will manage the .git/hooks directory): 15 | # 16 | # Examples howto skip a test for a commit or push: 17 | # 18 | # ``` 19 | # SKIP=RuboCop git commit 20 | # SKIP=PuppetLint git commit 21 | # SKIP=RakeTask git push 22 | # ``` 23 | # 24 | # Don't invoke overcommit at all: 25 | # 26 | # ``` 27 | # OVERCOMMIT_DISABLE=1 git commit 28 | # ``` 29 | # 30 | # Read more about overcommit: https://github.com/brigade/overcommit 31 | # 32 | # To manage this config yourself in your module add 33 | # 34 | # ``` 35 | # .overcommit.yml: 36 | # unmanaged: true 37 | # ``` 38 | # 39 | # to your modules .sync.yml config 40 | --- 41 | PreCommit: 42 | RuboCop: 43 | enabled: true 44 | description: 'Runs rubocop on modified files only' 45 | command: ['bundle', 'exec', 'rubocop'] 46 | RakeTarget: 47 | enabled: true 48 | description: 'Runs lint on modified files only' 49 | targets: 50 | - 'lint' 51 | command: ['bundle', 'exec', 'rake'] 52 | YamlSyntax: 53 | enabled: true 54 | JsonSyntax: 55 | enabled: true 56 | TrailingWhitespace: 57 | enabled: true 58 | 59 | PrePush: 60 | RakeTarget: 61 | enabled: true 62 | description: 'Run rake targets' 63 | targets: 64 | - 'validate' 65 | - 'test' 66 | - 'rubocop' 67 | command: ['bundle', 'exec', 'rake'] 68 | -------------------------------------------------------------------------------- /spec/defines/ssl_bump_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'squid::ssl_bump' do 6 | on_supported_os.each do |os, facts| 7 | context "on #{os}" do 8 | let(:facts) do 9 | facts 10 | end 11 | let :pre_condition do 12 | ' class{"squid": 13 | config => "/tmp/squid.conf" 14 | } 15 | ' 16 | end 17 | let(:title) { 'myrule' } 18 | 19 | context 'when parameters are unset' do 20 | it { is_expected.to contain_concat_fragment('squid_ssl_bump_bump_myrule').with_target('/tmp/squid.conf') } 21 | it { is_expected.to contain_concat_fragment('squid_ssl_bump_bump_myrule').with_order('25-05-bump') } 22 | it { is_expected.to contain_concat_fragment('squid_ssl_bump_bump_myrule').with_content(%r{^ssl_bump\s+bump\s+myrule$}) } 23 | end 24 | 25 | context 'when parameters are set' do 26 | let(:params) do 27 | { 28 | action: 'peek', 29 | value: 'step1', 30 | order: '08' 31 | } 32 | end 33 | 34 | it { is_expected.to contain_concat_fragment('squid_ssl_bump_peek_step1').with_target('/tmp/squid.conf') } 35 | it { is_expected.to contain_concat_fragment('squid_ssl_bump_peek_step1').with_order('25-08-peek') } 36 | it { is_expected.to contain_concat_fragment('squid_ssl_bump_peek_step1').with_content(%r{^ssl_bump\s+peek\s+step1$}) } 37 | end 38 | 39 | context 'with unknown action' do 40 | let(:params) do 41 | { 42 | action: 'unknown_action' 43 | } 44 | end 45 | 46 | it { is_expected.to compile.and_raise_error(%r{parameter 'action' expects a match}) } 47 | end 48 | end 49 | end 50 | end 51 | -------------------------------------------------------------------------------- /spec/defines/icp_access_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'squid::icp_access' do 6 | on_supported_os.each do |os, facts| 7 | context "on #{os}" do 8 | let(:facts) do 9 | facts 10 | end 11 | let :pre_condition do 12 | ' class{"squid": 13 | config => "/tmp/squid.conf" 14 | } 15 | ' 16 | end 17 | let(:title) { 'myrule' } 18 | 19 | context 'when parameters are unset' do 20 | it { is_expected.to contain_concat_fragment('squid_icp_access_myrule').with_target('/tmp/squid.conf') } 21 | it { is_expected.to contain_concat_fragment('squid_icp_access_myrule').with_order('30-05-allow') } 22 | it { is_expected.to contain_concat_fragment('squid_icp_access_myrule').with_content(%r{^icp_access\s+allow\s+myrule$}) } 23 | end 24 | 25 | context 'when parameters are set' do 26 | let(:params) do 27 | { 28 | action: 'deny', 29 | value: 'this and that', 30 | order: '08' 31 | } 32 | end 33 | 34 | it { is_expected.to contain_concat_fragment('squid_icp_access_this and that').with_target('/tmp/squid.conf') } 35 | it { is_expected.to contain_concat_fragment('squid_icp_access_this and that').with_order('30-08-deny') } 36 | it { is_expected.to contain_concat_fragment('squid_icp_access_this and that').with_content(%r{^icp_access\s+deny\s+this and that$}) } 37 | end 38 | 39 | context 'with unknown action' do 40 | let(:params) do 41 | { 42 | action: 'unknown_action' 43 | } 44 | end 45 | 46 | it { is_expected.to compile.and_raise_error(%r{parameter 'action' expects a match}) } 47 | end 48 | end 49 | end 50 | end 51 | -------------------------------------------------------------------------------- /spec/defines/acl_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'squid::acl' do 6 | on_supported_os.each do |os, facts| 7 | context "on #{os}" do 8 | let(:facts) do 9 | facts 10 | end 11 | let :pre_condition do 12 | ' class{"squid": 13 | config => "/tmp/squid.conf" 14 | } 15 | ' 16 | end 17 | let(:title) { 'myacl' } 18 | 19 | context 'when parameters are set' do 20 | let(:params) do 21 | { 22 | type: 'urlregex', 23 | order: '07', 24 | entries: ['http://example.org/', 'http://example.com/'], 25 | comment: 'Example company website' 26 | } 27 | end 28 | 29 | it { is_expected.to contain_concat_fragment('squid_acl_myacl').with_target('/tmp/squid.conf') } 30 | it { is_expected.to contain_concat_fragment('squid_acl_myacl').with_order('10-07-urlregex') } 31 | it { is_expected.to contain_concat_fragment('squid_acl_myacl').with_content(%r{^acl\s+myacl\s+urlregex\shttp://example.org/$}) } 32 | it { is_expected.to contain_concat_fragment('squid_acl_myacl').with_content(%r{^acl\s+myacl\s+urlregex\shttp://example.com/$}) } 33 | it { is_expected.to contain_concat_fragment('squid_acl_myacl').with_content(%r{^# Example company website$}) } 34 | end 35 | 36 | context 'when type contains special characters, a :' do 37 | let(:params) do 38 | { 39 | type: 'ssl::servername', 40 | order: '07', 41 | entries: ['.foo.bar'], 42 | comment: 'Example company website' 43 | } 44 | end 45 | 46 | it { is_expected.to contain_concat_fragment('squid_acl_myacl').with_order('10-07-sslservername') } 47 | end 48 | end 49 | end 50 | end 51 | -------------------------------------------------------------------------------- /spec/defines/sslproxy_cert_error_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'squid::sslproxy_cert_error' do 6 | on_supported_os.each do |os, facts| 7 | context "on #{os}" do 8 | let(:facts) do 9 | facts 10 | end 11 | let :pre_condition do 12 | ' class{"squid": 13 | config => "/tmp/squid.conf" 14 | } 15 | ' 16 | end 17 | let(:title) { 'myrule' } 18 | 19 | context 'when parameters are unset' do 20 | it { is_expected.to contain_concat_fragment('squid_sslproxy_cert_error_allow_myrule').with_target('/tmp/squid.conf') } 21 | it { is_expected.to contain_concat_fragment('squid_sslproxy_cert_error_allow_myrule').with_order('35-05-allow') } 22 | it { is_expected.to contain_concat_fragment('squid_sslproxy_cert_error_allow_myrule').with_content(%r{^sslproxy_cert_error\s+allow\s+myrule$}) } 23 | end 24 | 25 | context 'when parameters are set' do 26 | let(:params) do 27 | { 28 | action: 'deny', 29 | value: 'this and that', 30 | order: '08' 31 | } 32 | end 33 | 34 | it { is_expected.to contain_concat_fragment('squid_sslproxy_cert_error_deny_this and that').with_target('/tmp/squid.conf') } 35 | it { is_expected.to contain_concat_fragment('squid_sslproxy_cert_error_deny_this and that').with_order('35-08-deny') } 36 | it { is_expected.to contain_concat_fragment('squid_sslproxy_cert_error_deny_this and that').with_content(%r{^sslproxy_cert_error\s+deny\s+this and that$}) } 37 | end 38 | 39 | context 'with unknown action' do 40 | let(:params) do 41 | { 42 | action: 'unknown_action' 43 | } 44 | end 45 | 46 | it { is_expected.to compile.and_raise_error(%r{parameter 'action' expects a match}) } 47 | end 48 | end 49 | end 50 | end 51 | -------------------------------------------------------------------------------- /spec/defines/snmp_port_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'squid::snmp_port' do 6 | on_supported_os.each do |os, facts| 7 | context "on #{os}" do 8 | let(:facts) do 9 | facts 10 | end 11 | let :pre_condition do 12 | ' class{"squid": 13 | config => "/tmp/squid.conf" 14 | } 15 | ' 16 | end 17 | let(:title) { '1000' } 18 | 19 | context 'when parameters are unset' do 20 | it { is_expected.to contain_concat_fragment('squid_snmp_port_1000').with_target('/tmp/squid.conf') } 21 | it { is_expected.to contain_concat_fragment('squid_snmp_port_1000').with_order('40-05') } 22 | it { is_expected.to contain_concat_fragment('squid_snmp_port_1000').with_content(%r{^snmp_port\s+1000$}) } 23 | it { is_expected.to contain_concat_fragment('squid_snmp_port_1000').without_content(%r{^endif$}) } 24 | it { is_expected.to contain_concat_fragment('squid_snmp_port_1000').without_content(%r{^if \${process_number}$}) } 25 | end 26 | 27 | context 'when parameters are set' do 28 | let(:params) do 29 | { 30 | port: 2000, 31 | options: 'special for 2000', 32 | order: '08', 33 | process_number: 3 34 | } 35 | end 36 | 37 | it { is_expected.to contain_concat_fragment('squid_snmp_port_2000').with_target('/tmp/squid.conf') } 38 | it { is_expected.to contain_concat_fragment('squid_snmp_port_2000').with_order('40-08') } 39 | it { is_expected.to contain_concat_fragment('squid_snmp_port_2000').with_content(%r{^snmp_port\s+2000\s+special for 2000$}) } 40 | it { is_expected.to contain_concat_fragment('squid_snmp_port_2000').with_content(%r{^if \${process_number} = 3$}) } 41 | it { is_expected.to contain_concat_fragment('squid_snmp_port_2000').with_content(%r{^endif$}) } 42 | end 43 | end 44 | end 45 | end 46 | -------------------------------------------------------------------------------- /spec/acceptance/class_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper_acceptance' 4 | 5 | describe 'squid class' do 6 | context 'configure http_access with default service type' do 7 | it 'works idempotently with no errors' do 8 | pp = <<~EOS 9 | class { 'squid':} 10 | squid::http_port{'3128':} 11 | squid::acl{'our_networks': 12 | type => src, 13 | entries => ['all'], 14 | } 15 | squid::http_access{'our_networks': 16 | action => 'allow', 17 | comment => 'Our networks hosts are allowed', 18 | } 19 | EOS 20 | # Run it twice and test for idempotency 21 | apply_manifest(pp, catch_failures: true) 22 | apply_manifest(pp, catch_changes: true) 23 | end 24 | end 25 | 26 | context 'configure http_access with simple service type' do 27 | it 'works idempotently with no errors' do 28 | pp = <<-EOS 29 | class { 'squid':} 30 | squid::http_port{'3128':} 31 | squid::acl{'our_networks': 32 | type => src, 33 | entries => ['all'], 34 | } 35 | squid::http_access{'our_networks': 36 | action => 'allow', 37 | comment => 'Our networks hosts are allowed', 38 | } 39 | EOS 40 | # Run it twice and test for idempotency 41 | apply_manifest(pp, catch_failures: true) 42 | apply_manifest(pp, catch_changes: true) 43 | end 44 | 45 | describe package('squid') do 46 | it { is_expected.to be_installed } 47 | end 48 | 49 | describe service('squid') do 50 | it { is_expected.to be_running } 51 | it { is_expected.to be_enabled } 52 | end 53 | 54 | describe file('/etc/squid/squid.conf') do 55 | it { is_expected.to be_file } 56 | it { is_expected.to contain(%r{^http_access allow our_networks\s*$}) } 57 | it { is_expected.to contain(%r{^http_port 3128\s*$}) } 58 | it { is_expected.to contain(%r{^acl our_networks src all\s*$}) } 59 | end 60 | end 61 | end 62 | -------------------------------------------------------------------------------- /spec/defines/cache_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'squid::cache' do 6 | on_supported_os.each do |os, facts| 7 | context "on #{os}" do 8 | let(:facts) do 9 | facts 10 | end 11 | let :pre_condition do 12 | ' class{"squid": 13 | config => "/tmp/squid.conf" 14 | } 15 | ' 16 | end 17 | let(:title) { 'myrule' } 18 | 19 | context 'when parameters are unset' do 20 | it { is_expected.to contain_concat_fragment('squid_cache_myrule').with_target('/tmp/squid.conf') } 21 | it { is_expected.to contain_concat_fragment('squid_cache_myrule').with_order('21-05-allow') } 22 | it { is_expected.to contain_concat_fragment('squid_cache_myrule').with_content(%r{^cache\s+allow\s+myrule$}) } 23 | it { is_expected.to contain_concat_fragment('squid_cache_myrule').with_content(%r{^# cache fragment for myrule$}) } 24 | end 25 | 26 | context 'when parameters are set' do 27 | let(:params) do 28 | { 29 | action: 'deny', 30 | value: 'this and that', 31 | order: '08', 32 | comment: 'Deny this and that' 33 | } 34 | end 35 | 36 | it { is_expected.to contain_concat_fragment('squid_cache_this and that').with_target('/tmp/squid.conf') } 37 | it { is_expected.to contain_concat_fragment('squid_cache_this and that').with_order('21-08-deny') } 38 | it { is_expected.to contain_concat_fragment('squid_cache_this and that').with_content(%r{^cache\s+deny\s+this and that$}) } 39 | it { is_expected.to contain_concat_fragment('squid_cache_this and that').with_content(%r{^# Deny this and that$}) } 40 | end 41 | 42 | context 'with unknown action' do 43 | let(:params) do 44 | { 45 | action: 'unknown_action' 46 | } 47 | end 48 | 49 | it { is_expected.to compile.and_raise_error(%r{parameter 'action' expects a match}) } 50 | end 51 | end 52 | end 53 | end 54 | -------------------------------------------------------------------------------- /spec/defines/send_hit_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'squid::send_hit' do 6 | on_supported_os.each do |os, facts| 7 | context "on #{os}" do 8 | let(:facts) do 9 | facts 10 | end 11 | let :pre_condition do 12 | ' class{"squid": 13 | config => "/tmp/squid.conf" 14 | } 15 | ' 16 | end 17 | let(:title) { 'myrule' } 18 | 19 | context 'when parameters are unset' do 20 | it { is_expected.to contain_concat_fragment('squid_send_hit_myrule').with_target('/tmp/squid.conf') } 21 | it { is_expected.to contain_concat_fragment('squid_send_hit_myrule').with_order('21-05-allow') } 22 | it { is_expected.to contain_concat_fragment('squid_send_hit_myrule').with_content(%r{^send_hit\s+allow\s+myrule$}) } 23 | it { is_expected.to contain_concat_fragment('squid_send_hit_myrule').with_content(%r{^# send_hit fragment for myrule$}) } 24 | end 25 | 26 | context 'when parameters are set' do 27 | let(:params) do 28 | { 29 | action: 'deny', 30 | value: 'this and that', 31 | order: '03', 32 | comment: 'send_hit this and that' 33 | } 34 | end 35 | 36 | it { is_expected.to contain_concat_fragment('squid_send_hit_this and that').with_target('/tmp/squid.conf') } 37 | it { is_expected.to contain_concat_fragment('squid_send_hit_this and that').with_order('21-03-deny') } 38 | it { is_expected.to contain_concat_fragment('squid_send_hit_this and that').with_content(%r{^send_hit\s+deny\s+this and that$}) } 39 | it { is_expected.to contain_concat_fragment('squid_send_hit_this and that').with_content(%r{^# send_hit this and that$}) } 40 | end 41 | 42 | context 'with unknown action' do 43 | let(:params) do 44 | { 45 | action: 'unknown_action' 46 | } 47 | end 48 | 49 | it { is_expected.to compile.and_raise_error(%r{parameter 'action' expects a match}) } 50 | end 51 | end 52 | end 53 | end 54 | -------------------------------------------------------------------------------- /spec/defines/http_access_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'squid::http_access' do 6 | on_supported_os.each do |os, facts| 7 | context "on #{os}" do 8 | let(:facts) do 9 | facts 10 | end 11 | let :pre_condition do 12 | ' class{"squid": 13 | config => "/tmp/squid.conf" 14 | } 15 | ' 16 | end 17 | let(:title) { 'myrule' } 18 | 19 | context 'when parameters are unset' do 20 | it { is_expected.to contain_concat_fragment('squid_http_access_myrule').with_target('/tmp/squid.conf') } 21 | it { is_expected.to contain_concat_fragment('squid_http_access_myrule').with_order('20-05-allow') } 22 | it { is_expected.to contain_concat_fragment('squid_http_access_myrule').with_content(%r{^http_access\s+allow\s+myrule$}) } 23 | it { is_expected.to contain_concat_fragment('squid_http_access_myrule').with_content(%r{^# http_access fragment for myrule$}) } 24 | end 25 | 26 | context 'when parameters are set' do 27 | let(:params) do 28 | { 29 | action: 'deny', 30 | value: 'this and that', 31 | order: '08', 32 | comment: 'Deny this and that' 33 | } 34 | end 35 | 36 | it { is_expected.to contain_concat_fragment('squid_http_access_this and that').with_target('/tmp/squid.conf') } 37 | it { is_expected.to contain_concat_fragment('squid_http_access_this and that').with_order('20-08-deny') } 38 | it { is_expected.to contain_concat_fragment('squid_http_access_this and that').with_content(%r{^http_access\s+deny\s+this and that$}) } 39 | it { is_expected.to contain_concat_fragment('squid_http_access_this and that').with_content(%r{^# Deny this and that$}) } 40 | end 41 | 42 | context 'with unknown action' do 43 | let(:params) do 44 | { 45 | action: 'unknown_action' 46 | } 47 | end 48 | 49 | it { is_expected.to compile.and_raise_error(%r{parameter 'action' expects a match}) } 50 | end 51 | end 52 | end 53 | end 54 | -------------------------------------------------------------------------------- /spec/defines/snmp_access_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'squid::snmp_access' do 6 | on_supported_os.each do |os, facts| 7 | context "on #{os}" do 8 | let(:facts) do 9 | facts 10 | end 11 | let :pre_condition do 12 | ' class{"squid": 13 | config => "/tmp/squid.conf" 14 | } 15 | ' 16 | end 17 | let(:title) { 'myrule' } 18 | 19 | context 'when parameters are unset' do 20 | it { is_expected.to contain_concat_fragment('squid_snmp_access_myrule').with_target('/tmp/squid.conf') } 21 | it { is_expected.to contain_concat_fragment('squid_snmp_access_myrule').with_order('20-05-allow') } 22 | it { is_expected.to contain_concat_fragment('squid_snmp_access_myrule').with_content(%r{^snmp_access\s+allow\s+myrule$}) } 23 | it { is_expected.to contain_concat_fragment('squid_snmp_access_myrule').with_content(%r{^# snmp_access fragment for myrule$}) } 24 | end 25 | 26 | context 'when parameters are set' do 27 | let(:params) do 28 | { 29 | action: 'deny', 30 | value: 'this and that', 31 | order: '08', 32 | comment: 'Deny this and that' 33 | } 34 | end 35 | 36 | it { is_expected.to contain_concat_fragment('squid_snmp_access_this and that').with_target('/tmp/squid.conf') } 37 | it { is_expected.to contain_concat_fragment('squid_snmp_access_this and that').with_order('20-08-deny') } 38 | it { is_expected.to contain_concat_fragment('squid_snmp_access_this and that').with_content(%r{^snmp_access\s+deny\s+this and that$}) } 39 | it { is_expected.to contain_concat_fragment('squid_snmp_access_this and that').with_content(%r{^# Deny this and that$}) } 40 | end 41 | 42 | context 'with unknown action' do 43 | let(:params) do 44 | { 45 | action: 'unknown_action' 46 | } 47 | end 48 | 49 | it { is_expected.to compile.and_raise_error(%r{parameter 'action' expects a match}) } 50 | end 51 | end 52 | end 53 | end 54 | -------------------------------------------------------------------------------- /metadata.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "puppet-squid", 3 | "version": "6.0.1-rc0", 4 | "author": "Vox Pupuli", 5 | "summary": "configure squid caching proxy", 6 | "license": "Apache-2.0", 7 | "source": "https://github.com/voxpupuli/puppet-squid", 8 | "project_page": "https://github.com/voxpupuli/puppet-squid", 9 | "issues_url": "https://github.com/voxpupuli/puppet-squid/issues", 10 | "tags": [ 11 | "squid", 12 | "cache", 13 | "http", 14 | "web" 15 | ], 16 | "requirements": [ 17 | { 18 | "name": "openvox", 19 | "version_requirement": ">= 8.19.0 < 9.0.0" 20 | } 21 | ], 22 | "dependencies": [ 23 | { 24 | "name": "puppet-selinux", 25 | "version_requirement": ">= 1.0.0 < 6.0.0" 26 | }, 27 | { 28 | "name": "puppetlabs-concat", 29 | "version_requirement": ">= 1.2.5 < 10.0.0" 30 | }, 31 | { 32 | "name": "puppetlabs-stdlib", 33 | "version_requirement": ">= 4.25.0 < 10.0.0" 34 | } 35 | ], 36 | "operatingsystem_support": [ 37 | { 38 | "operatingsystem": "CentOS", 39 | "operatingsystemrelease": [ 40 | "9" 41 | ] 42 | }, 43 | { 44 | "operatingsystem": "FreeBSD", 45 | "operatingsystemrelease": [ 46 | "13", 47 | "14" 48 | ] 49 | }, 50 | { 51 | "operatingsystem": "AlmaLinux", 52 | "operatingsystemrelease": [ 53 | "8", 54 | "9" 55 | ] 56 | }, 57 | { 58 | "operatingsystem": "Rocky", 59 | "operatingsystemrelease": [ 60 | "8", 61 | "9" 62 | ] 63 | }, 64 | { 65 | "operatingsystem": "OracleLinux", 66 | "operatingsystemrelease": [ 67 | "8", 68 | "9" 69 | ] 70 | }, 71 | { 72 | "operatingsystem": "Debian", 73 | "operatingsystemrelease": [ 74 | "11", 75 | "12" 76 | ] 77 | }, 78 | { 79 | "operatingsystem": "RedHat", 80 | "operatingsystemrelease": [ 81 | "8", 82 | "9" 83 | ] 84 | }, 85 | { 86 | "operatingsystem": "Ubuntu", 87 | "operatingsystemrelease": [ 88 | "22.04", 89 | "24.04" 90 | ] 91 | } 92 | ] 93 | } 94 | -------------------------------------------------------------------------------- /templates/squid.conf.header.erb: -------------------------------------------------------------------------------- 1 | # 2 | # squid.conf.header.erb file fragment generated with puppet. 3 | # 4 | 5 | cache_mem <%= @cache_mem %> 6 | 7 | <% unless @memory_cache_shared.nil? -%> 8 | memory_cache_shared <%= (@memory_cache_shared == 'on' || @memory_cache_shared == true)?'on':'off' %> 9 | 10 | <% end -%> 11 | maximum_object_size_in_memory <%= @maximum_object_size_in_memory %> 12 | 13 | <% if @cache_replacement_policy -%> 14 | cache_replacement_policy <%= @cache_replacement_policy %> 15 | <% end -%> 16 | <% if @memory_replacement_policy -%> 17 | memory_replacement_policy <%= @memory_replacement_policy %> 18 | <% end -%> 19 | 20 | <% if @logformat -%> 21 | <%- [@logformat].flatten.each do |logformat_line| -%> 22 | logformat <%= logformat_line %> 23 | <%- end -%> 24 | <% end -%> 25 | <% unless @buffered_logs.nil? -%> 26 | buffered_logs <%= @buffered_logs?'on':'off' %> 27 | <% end -%> 28 | 29 | <% if @coredump_dir -%> 30 | coredump_dir <%= @coredump_dir %> 31 | 32 | <% end -%> 33 | 34 | <% if @error_directory -%> 35 | error_directory <%= @error_directory %> 36 | <% end -%> 37 | <% if @err_page_stylesheet -%> 38 | err_page_stylesheet <%= @err_page_stylesheet %> 39 | <% end -%> 40 | 41 | <% if @max_filedescriptors -%> 42 | max_filedescriptors <%= @max_filedescriptors %> 43 | 44 | <% end -%> 45 | <% if @workers -%> 46 | workers <%= @workers %> 47 | 48 | <% end -%> 49 | 50 | <% if @snmp_incoming_address -%> 51 | snmp_incoming_address <%= @snmp_incoming_address %> 52 | <% end -%> 53 | <% if @visible_hostname -%> 54 | visible_hostname <%= @visible_hostname %> 55 | <% end -%> 56 | <% unless @via.nil? -%> 57 | via <%= @via?'on':'off' %> 58 | <% end -%> 59 | <% unless @httpd_suppress_version_string.nil? -%> 60 | httpd_suppress_version_string <%= @httpd_suppress_version_string?'on':'off' %> 61 | <% end -%> 62 | <% if [true, false].include? @forwarded_for -%> 63 | forwarded_for <%= @forwarded_for?'on':'off' %> 64 | <% elsif !@forwarded_for.nil? -%> 65 | forwarded_for <%= @forwarded_for %> 66 | <% end -%> 67 | 68 | <% if @url_rewrite_program -%> 69 | url_rewrite_program <%= @url_rewrite_program %> 70 | <% if @url_rewrite_children -%> 71 | url_rewrite_children <%= @url_rewrite_children %> <%= @url_rewrite_child_options%> 72 | <% end -%> 73 | <% end -%> 74 | -------------------------------------------------------------------------------- /manifests/cache_dir.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Defines cache_dir entries for a squid server. 3 | # @see 4 | # http://www.squid-cache.org/Doc/config/cache_dir/ 5 | # @example 6 | # squid::cache_dir { '/data': 7 | # type => 'ufs', 8 | # options => '15000 32 256 min-size=32769', 9 | # process_number => 2, 10 | # } 11 | # Results in the squid configuration of 12 | # 13 | # if ${processor} = 2 14 | # cache_dir ufs 15000 32 256 min-size=32769 15 | # endif 16 | # 17 | # @param type 18 | # The type of cache, e.g ufs. defaults to `ufs`. 19 | # @param path 20 | # Defaults to the namevar, file path to cache. 21 | # @param options 22 | # String of options for the cache. 23 | # @param process_number 24 | # If specfied as an integer the cache will be wrapped 25 | # in a `if $proceess_number` statement so the cache will be used by only 26 | # one process. Default is undef. 27 | # @param manage_dir 28 | # If true puppet will attempt to create the 29 | # directory, if false you will have to create it yourself. Make sure the 30 | # directory has the correct owner, group and mode. Defaults to true. 31 | # @param order 32 | # Order can be used to configure where in `squid.conf`this configuration section should occur. 33 | define squid::cache_dir ( 34 | String $type = ufs, 35 | String $path = $title, 36 | Optional[String[1]] $options = undef, 37 | Optional[Integer] $process_number = undef, 38 | String $order = '05', 39 | Boolean $manage_dir = true, 40 | ) { 41 | concat::fragment { "squid_cache_dir_${path}": 42 | target => $squid::config, 43 | content => epp('squid/squid.conf.cache_dir.epp', 44 | { 45 | 'process_number' => $process_number, 46 | 'path' => $path, 47 | 'type' => $type, 48 | 'options' => $options, 49 | } 50 | ), 51 | order => "50-${order}", 52 | } 53 | 54 | if $manage_dir { 55 | file { $path: 56 | ensure => directory, 57 | owner => $squid::daemon_user, 58 | group => $squid::daemon_group, 59 | mode => '0750', 60 | require => Package[$squid::package_name], 61 | } 62 | } 63 | 64 | if fact('os.selinux.enabled') { 65 | selinux::fcontext { "selinux fcontext squid_cache_t ${path}": 66 | seltype => 'squid_cache_t', 67 | pathspec => "${path}(/.*)?", 68 | require => File[$path], 69 | notify => Selinux::Exec_restorecon["selinux restorecon ${path}"], 70 | } 71 | selinux::exec_restorecon { "selinux restorecon ${path}": 72 | path => $path, 73 | refreshonly => true, 74 | } 75 | } 76 | } 77 | -------------------------------------------------------------------------------- /manifests/params.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # This class manages Squid parameters 3 | # @api private 4 | class squid::params { 5 | $ensure_service = 'running' 6 | $enable_service = true 7 | $cache_mem = '256 MB' 8 | $visible_hostname = undef 9 | $via = undef 10 | $httpd_suppress_version_string = undef 11 | $forwarded_for = undef 12 | $memory_cache_shared = undef 13 | $cache_replacement_policy = undef 14 | $memory_replacement_policy = undef 15 | $maximum_object_size_in_memory = '512 KB' 16 | $coredump_dir = undef 17 | $max_filedescriptors = undef 18 | $workers = undef 19 | $acls = undef 20 | $cache = undef 21 | $http_access = undef 22 | $send_hit = undef 23 | $icp_access = undef 24 | $auth_params = undef 25 | $http_ports = undef 26 | $https_ports = undef 27 | $url_rewrite_program = undef 28 | $url_rewrite_children = undef 29 | $url_rewrite_child_options = undef 30 | $refresh_patterns = undef 31 | $snmp_incoming_address = undef 32 | $snmp_ports = undef 33 | $snmp_access = undef 34 | $ssl_bump = undef 35 | $sslproxy_cert_error = undef 36 | $cache_dirs = undef 37 | $buffered_logs = undef 38 | $logformat = undef 39 | $error_directory = undef 40 | $err_page_stylesheet = undef 41 | $service_restart = undef 42 | $package_ensure = 'present' 43 | $package_name = 'squid' 44 | $service_name = 'squid' 45 | $config_user = 'root' 46 | $squid_bin_path = '/usr/sbin/squid' 47 | $access_log = 'daemon:/var/log/squid/access.log squid' 48 | 49 | case $facts['os']['name'] { 50 | /^(Debian|Ubuntu)$/: { 51 | $config = '/etc/squid/squid.conf' 52 | $config_group = 'root' 53 | $daemon_user = 'proxy' 54 | $daemon_group = 'proxy' 55 | } 56 | 'FreeBSD': { 57 | $config = '/usr/local/etc/squid/squid.conf' 58 | $config_group = 'squid' 59 | $daemon_user = 'squid' 60 | $daemon_group = 'squid' 61 | } 62 | default: { 63 | $config = '/etc/squid/squid.conf' 64 | $config_group = 'squid' 65 | $daemon_user = 'squid' 66 | $daemon_group = 'squid' 67 | } 68 | } 69 | } 70 | -------------------------------------------------------------------------------- /spec/defines/auth_param_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'squid::auth_param' do 6 | on_supported_os.each do |os, facts| 7 | context "on #{os}" do 8 | let(:facts) do 9 | facts 10 | end 11 | let :pre_condition do 12 | ' class{"squid": 13 | config => "/tmp/squid.conf" 14 | } 15 | ' 16 | end 17 | let(:title) { 'auth' } 18 | 19 | context 'when parameters are set with scheme basic' do 20 | entries = ['program /usr/lib64/squid/basic_ncsa_auth /etc/squid/.htpasswd', 21 | 'children 5', 22 | 'realm Squid Basic Authentication', 23 | 'credentialsttl 5 hours'] 24 | 25 | let(:params) do 26 | { 27 | scheme: 'basic', 28 | order: '07', 29 | entries: entries 30 | } 31 | end 32 | 33 | it { is_expected.to contain_concat__fragment('squid_auth_param_auth').with_target('/tmp/squid.conf') } 34 | it { is_expected.to contain_concat__fragment('squid_auth_param_auth').with_order('05-07-basic') } 35 | 36 | entries.each do |entry| 37 | it { is_expected.to contain_concat__fragment('squid_auth_param_auth').with_content(%r{auth_param basic #{entry}}) } 38 | end 39 | end 40 | 41 | context 'when parameters are set with scheme digest' do 42 | entries = ['program /usr/lib64/squid/basic_ncsa_auth /etc/squid/.htpasswd', 43 | 'children 5', 44 | 'realm Squid Digest Authentication', 45 | 'credentialsttl 5 hours'] 46 | 47 | let(:params) do 48 | { 49 | scheme: 'digest', 50 | order: '08', 51 | entries: entries 52 | } 53 | end 54 | 55 | it { is_expected.to contain_concat__fragment('squid_auth_param_auth').with_target('/tmp/squid.conf') } 56 | it { is_expected.to contain_concat__fragment('squid_auth_param_auth').with_order('05-08-digest') } 57 | 58 | entries.each do |entry| 59 | it { is_expected.to contain_concat__fragment('squid_auth_param_auth').with_content(%r{auth_param digest #{entry}}) } 60 | end 61 | end 62 | 63 | context 'when parameters are set with unknown scheme' do 64 | entries = ['program /usr/lib64/squid/basic_ncsa_auth /etc/squid/.htpasswd'] 65 | 66 | let(:params) do 67 | { 68 | scheme: 'unknown_scheme', 69 | order: '09', 70 | entries: entries 71 | } 72 | end 73 | 74 | it { is_expected.to compile.and_raise_error(%r{parameter 'scheme' expects a match}) } 75 | end 76 | end 77 | end 78 | end 79 | -------------------------------------------------------------------------------- /spec/defines/refresh_pattern_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'squid::refresh_pattern' do 6 | on_supported_os.each do |os, facts| 7 | context "on #{os}" do 8 | let(:facts) do 9 | facts 10 | end 11 | let :pre_condition do 12 | ' class{"squid": 13 | config => "/tmp/squid.conf" 14 | } 15 | ' 16 | end 17 | 18 | context 'when parameters are set' do 19 | let(:title) { 'my_pattern' } 20 | let(:params) do 21 | { 22 | order: '06', 23 | max: 10_080, 24 | min: 1440, 25 | percent: 20, 26 | comment: 'Refresh Patterns' 27 | } 28 | end 29 | 30 | fname = 'squid_refresh_pattern_my_pattern' 31 | it { is_expected.to contain_concat_fragment(fname).with_target('/tmp/squid.conf') } 32 | it { is_expected.to contain_concat_fragment(fname).with_order('45-06') } 33 | it { is_expected.to contain_concat_fragment(fname).with_content(%r{^refresh_pattern\s+my_pattern\s+1440\s+20%\s+10080$}) } 34 | end 35 | 36 | context 'when parameters are set and options' do 37 | let(:title) { 'my_pattern' } 38 | let(:params) do 39 | { 40 | order: '06', 41 | max: 10_080, 42 | min: 1440, 43 | percent: 20, 44 | options: 'override-expire ignore-no-cache', 45 | comment: 'Refresh Patterns' 46 | } 47 | end 48 | 49 | fname = 'squid_refresh_pattern_my_pattern' 50 | it { is_expected.to contain_concat_fragment(fname).with_target('/tmp/squid.conf') } 51 | it { is_expected.to contain_concat_fragment(fname).with_order('45-06') } 52 | it { is_expected.to contain_concat_fragment(fname).with_content(%r{^refresh_pattern\s+my_pattern\s+1440\s+20%\s+10080\s+override-expire\s+ignore-no-cache$}) } 53 | end 54 | 55 | context 'when parameters are set and case insensitive' do 56 | let(:title) { 'case_insensitive' } 57 | let(:params) do 58 | { 59 | case_sensitive: false, 60 | comment: 'Refresh Patterns', 61 | max: 0, 62 | min: 0, 63 | order: '07', 64 | percent: 0 65 | } 66 | end 67 | 68 | fname = 'squid_refresh_pattern_case_insensitive' 69 | it { is_expected.to contain_concat_fragment(fname).with_target('/tmp/squid.conf') } 70 | it { is_expected.to contain_concat_fragment(fname).with_order('45-07') } 71 | it { is_expected.to contain_concat_fragment(fname).with_content(%r{^refresh_pattern\s+-i\s+case_insensitive\s+0\s+0%\s+0$}) } 72 | end 73 | end 74 | end 75 | end 76 | -------------------------------------------------------------------------------- /manifests/extra_config_section.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # The `extra_config_section` defiend type can be used for configuration directives that have not been exposed individually in this module. 3 | # 4 | # @example Using a hash of config_entries: 5 | # squid::extra_config_section { 'mail settings': 6 | # order => '60', 7 | # config_entries => { 8 | # 'mail_from' => 'squid@example.com', 9 | # 'mail_program' => 'mail', 10 | # }, 11 | # } 12 | # 13 | # Results in a squid configuration of 14 | # # mail settings 15 | # mail_from squid@example.com 16 | # mail_program mail 17 | # 18 | # @example Using an array of config_entries: 19 | # squid::extra_config_section { 'ssl_bump settings': 20 | # order => '60', 21 | # config_entries => { 22 | # 'ssl_bump' => ['server-first', 'all'], 23 | # 'sslcrtd_program' => ['/usr/lib64/squid/ssl_crtd', '-s', '/var/lib/ssl_db', '-M', '4MB'], 24 | # 'sslcrtd_children' => ['8', 'startup=1', 'idle=1'], 25 | # } 26 | # } 27 | # 28 | # Results in a squid configuration of: 29 | # # ssl_bump settings 30 | # ssl_bump server-first all 31 | # sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB 32 | # sslcrtd_children 8 startup=1 idle=1 33 | # 34 | # @example Using an array of hashes of config_entries: 35 | # squid::extra_config_section { 'always_directs': 36 | # order => '60', 37 | # config_entries => [{ 38 | # 'always_direct' => ['deny www.reallyreallybadplace.com', 39 | # 'allow my-good-dst', 40 | # 'allow my-other-good-dst'], 41 | # }], 42 | # } 43 | # 44 | # Results in a squid configuration of 45 | # # always_directs 46 | # always_direct deny www.reallyreallybadplace.com 47 | # always_direct allow my-good-dst 48 | # always_direct allow my-other-good-dst 49 | # 50 | # @param comment 51 | # Defaults to the namevar and is used as a section comment in `squid.conf`. 52 | # @param config_entries 53 | # A hash of configuration entries to create in this section. The hash key is the name of the configuration directive. 54 | # The value is either a string, or an array of strings to use as the configuration directive options. 55 | # @param order 56 | # Order can be used to configure where in `squid.conf` this configuration section should occur. 57 | define squid::extra_config_section ( 58 | String $comment = $title, 59 | Variant[Array,Hash] $config_entries = {}, 60 | String $order = '60', 61 | ) { 62 | concat::fragment { "squid_extra_config_section_${comment}": 63 | target => $squid::config, 64 | content => template('squid/squid.conf.extra_config_section.erb'), 65 | order => "${order}-${comment}", 66 | } 67 | } 68 | -------------------------------------------------------------------------------- /manifests/refresh_pattern.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Defines refresh_pattern entries for a squid server. 3 | # @see http://www.squid-cache.org/Doc/config/refresh_pattern/ 4 | # @example 5 | # squid::refresh_pattern { '^ftp:': 6 | # min => 1440, 7 | # max => 10080, 8 | # percent => 20, 9 | # order => 60, 10 | # } 11 | # 12 | # squid::refresh_pattern { '(/cgi-bin/|\?)': 13 | # case_sensitive => false, 14 | # min => 0, 15 | # max => 0, 16 | # percent => 0, 17 | # order => 61, 18 | # } 19 | # 20 | # would result in the following squid refresh patterns: 21 | # # refresh_pattern fragment for ^ftp 22 | # refresh_pattern ^ftp: 1440 20% 10080 23 | # # refresh_pattern fragment for (/cgi-bin/|\?) 24 | # refresh_pattern (/cgi-bin/|\?) -i 0 0% 0 25 | # 26 | # 27 | # @example YAML example 28 | # squid::refresh_patterns: 29 | # '^ftp': 30 | # max: 10080 31 | # min: 1440 32 | # percent: 20 33 | # order: '60' 34 | # '^gopher': 35 | # max: 1440 36 | # min: 1440 37 | # percent: 0 38 | # order: '61' 39 | # '(/cgi-bin/|\?)': 40 | # case_sensitive: false 41 | # max: 0 42 | # min: 0 43 | # percent: 0 44 | # order: '62' 45 | # '.': 46 | # max: 4320 47 | # min: 0 48 | # percent: 20 49 | # order: '63' 50 | # 51 | # @param case_sensitive 52 | # If true (default) the regex is case sensitive, when false the case insensitive flag '-i' is added to the pattern 53 | # @param comment 54 | # Comment added before refresh rule, defaults to refresh_pattern fragment for `title` 55 | # @param min 56 | # Must be defined, the time (in minutes) an object without an explicit expiry time should be considered fresh. 57 | # @param max 58 | # Must be defined, the upper limit (in minutes) on how long objects without an explicit expiry time will be considered fresh. 59 | # @param percent 60 | # Must be defined, is a percentage of the objects age (time since last modification age) 61 | # @param options 62 | # See squid documentation for available options. 63 | # @param order 64 | # Each refresh_pattern has an order `05` by default this can be specified if order of refresh_pattern definition matters. 65 | define squid::refresh_pattern ( 66 | Integer $max, 67 | Integer $min, 68 | Integer $percent, 69 | Boolean $case_sensitive = true, 70 | Optional[String[1]] $options = undef, 71 | String $order = '05', 72 | String $pattern = $title, 73 | String $comment = "refresh_pattern fragment for ${pattern}", 74 | ) { 75 | concat::fragment { "squid_refresh_pattern_${pattern}": 76 | target => $squid::config, 77 | content => epp('squid/squid.conf.refresh_pattern.epp', { 78 | 'comment' => $comment, 79 | 'case_sensitive' => $case_sensitive, 80 | 'pattern' => $pattern, 81 | 'max' => $max, 82 | 'min' => $min, 83 | 'options' => $options, 84 | 'percent' => $percent, 85 | }), 86 | order => "45-${order}", 87 | } 88 | } 89 | -------------------------------------------------------------------------------- /manifests/http_port.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Defines http_port entries for a squid server. 3 | # By setting optional `ssl` parameter to `true` will create https_port entries instead. 4 | # @see 5 | # http://www.squid-cache.org/Doc/config/http_port/ 6 | # @example 7 | # squid::http_port { '10000': 8 | # options => 'accel vhost' 9 | # } 10 | # squid::http_port { '10001': 11 | # ssl => true, 12 | # options => 'cert=/etc/squid/ssl_cert/server.cert key=/etc/squid/ssl_cert/server.key' 13 | # } 14 | # squid::http_port { '127.0.0.1:3128': 15 | # } 16 | # 17 | # Results in a squid configuration of: 18 | # http_port 10000 accel vhost 19 | # https_port 10001 cert=/etc/squid/ssl_cert/server.cert key=/etc/squid/ssl_cert/server.key 20 | # http_port 127.0.0.1:3128 21 | # @param title 22 | # The title/namevar may be in the form `port` or `host:port` to provide the below values. Otherwise, 23 | # specify `port` explicitly, and `host` if desired. 24 | # @param port 25 | # Defaults to the port of the namevar and is the port number to listen on. 26 | # @param host 27 | # Defaults to the host part of the namevar and is the interface to listen on. If not specified, Squid listens on all interfaces. 28 | # @param options 29 | # A string to specify any options for the default. 30 | # @param ssl 31 | # When set to `true` creates https_port entries. Defaults to `false`. 32 | # @param order 33 | # Order can be used to configure where in `squid.conf`this configuration section should occur. 34 | define squid::http_port ( 35 | Optional[Stdlib::Port] $port = undef, 36 | Optional[Stdlib::Host] $host = undef, 37 | Boolean $ssl = false, 38 | Optional[String[1]] $options = undef, 39 | String $order = '05', 40 | ) { 41 | $_title = String($title) 42 | 43 | # Try to extract host/port from title if neither were specified as 44 | # parameters. Allowed formats: host:port and port. 45 | if $host == undef and $port == undef and $_title =~ /^(?:(.+):)?(\d+)$/ { 46 | $_host = $1 47 | if $_host !~ Optional[Stdlib::Host] { 48 | fail("invalid host \"${_host}\" determined from title") 49 | } 50 | 51 | $_port = Integer($2) 52 | if $_port !~ Stdlib::Port { 53 | fail("invalid port \"${_port}\" determined from title") 54 | } 55 | } else { 56 | $_host = $host 57 | $_port = $port 58 | } 59 | 60 | if $_port == undef { 61 | fail('port parameter was not specified and could not be determined from title') 62 | } 63 | 64 | $_host_port = $_host ? { 65 | undef => String($_port), 66 | Stdlib::IP::Address::V6 => "[${_host}]:${_port}", 67 | default => "${_host}:${_port}", 68 | } 69 | 70 | $protocol = $ssl ? { 71 | true => 'https', 72 | default => 'http', 73 | } 74 | 75 | concat::fragment { "squid_${protocol}_port_${_title}": 76 | target => $squid::config, 77 | content => epp('squid/squid.conf.port.epp', 78 | { 79 | title => $_title, 80 | protocol => $protocol, 81 | host_port => $_host_port, 82 | options => $options, 83 | } 84 | ), 85 | order => "30-${order}", 86 | } 87 | 88 | if fact('os.selinux.enabled') { 89 | ensure_resource('selinux::port', "selinux port squid_port_t ${_port}", 90 | { 91 | ensure => 'present', 92 | seltype => 'squid_port_t', 93 | protocol => 'tcp', 94 | port => $_port, 95 | } 96 | ) 97 | } 98 | } 99 | -------------------------------------------------------------------------------- /spec/defines/cache_dir_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'squid::cache_dir' do 6 | on_supported_os.each do |os, facts| 7 | context "on #{os}" do 8 | let(:facts) do 9 | facts 10 | end 11 | let :pre_condition do 12 | ' class{"squid": 13 | config => "/tmp/squid.conf" 14 | } 15 | ' 16 | end 17 | let(:title) { '/data' } 18 | 19 | context 'when parameters are set' do 20 | let(:params) do 21 | { 22 | type: 'special', 23 | order: '07', 24 | process_number: 2, 25 | options: 'my options for special type' 26 | } 27 | end 28 | 29 | it { is_expected.to contain_concat_fragment('squid_cache_dir_/data').with_target('/tmp/squid.conf') } 30 | it { is_expected.to contain_concat_fragment('squid_cache_dir_/data').with_order('50-07') } 31 | it { is_expected.to contain_concat_fragment('squid_cache_dir_/data').with_content(%r{^cache_dir special /data my options for special type$}) } 32 | it { is_expected.to contain_concat_fragment('squid_cache_dir_/data').with_content(%r{^endif$}) } 33 | it { is_expected.to contain_concat_fragment('squid_cache_dir_/data').with_content(%r{^if \${process_number} = 2$}) } 34 | it { is_expected.to contain_file('/data').with_ensure('directory') } 35 | 36 | case facts[:os]['name'] 37 | when 'Debian' 38 | context 'when on Debian' do 39 | it { is_expected.to contain_file('/data').with_owner('proxy') } 40 | it { is_expected.to contain_file('/data').with_group('proxy') } 41 | end 42 | when 'Ubuntu' 43 | context 'when on Ubuntu' do 44 | it { is_expected.to contain_file('/data').with_owner('proxy') } 45 | it { is_expected.to contain_file('/data').with_group('proxy') } 46 | end 47 | else 48 | context 'when on any other non-debian OS' do 49 | it { is_expected.to contain_file('/data').with_owner('squid') } 50 | it { is_expected.to contain_file('/data').with_group('squid') } 51 | end 52 | end 53 | end 54 | 55 | context 'when parameters are set excluding process_number' do 56 | let(:params) do 57 | { 58 | type: 'special', 59 | order: '07', 60 | options: 'my options for special type' 61 | } 62 | end 63 | 64 | it { is_expected.to contain_concat_fragment('squid_cache_dir_/data').with_target('/tmp/squid.conf') } 65 | it { is_expected.to contain_concat_fragment('squid_cache_dir_/data').with_order('50-07') } 66 | it { is_expected.to contain_concat_fragment('squid_cache_dir_/data').with_content(%r{^cache_dir special /data my options for special type$}) } 67 | it { is_expected.to contain_concat_fragment('squid_cache_dir_/data').without_content(%r{^endif$}) } 68 | it { is_expected.to contain_concat_fragment('squid_cache_dir_/data').without_content(%r{^if \${process_number}$}) } 69 | end 70 | 71 | context 'when parameters are set excluding options' do 72 | let(:params) do 73 | { 74 | type: 'special', 75 | order: '07', 76 | } 77 | end 78 | 79 | it { is_expected.to contain_concat_fragment('squid_cache_dir_/data').with_target('/tmp/squid.conf') } 80 | it { is_expected.to contain_concat_fragment('squid_cache_dir_/data').with_order('50-07') } 81 | it { is_expected.to contain_concat_fragment('squid_cache_dir_/data').with_content(%r{^cache_dir special /data$}) } 82 | it { is_expected.to contain_concat_fragment('squid_cache_dir_/data').without_content(%r{^endif$}) } 83 | it { is_expected.to contain_concat_fragment('squid_cache_dir_/data').without_content(%r{^if \${process_number}$}) } 84 | end 85 | end 86 | end 87 | end 88 | -------------------------------------------------------------------------------- /spec/defines/extra_config_section_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'squid::extra_config_section' do 6 | on_supported_os.each do |os, facts| 7 | context "on #{os}" do 8 | let(:facts) do 9 | facts 10 | end 11 | let(:pre_condition) do 12 | ' class{"squid": 13 | config => "/tmp/squid.conf" 14 | } 15 | ' 16 | end 17 | let(:title) { 'my config section' } 18 | 19 | context 'when config entry parameters are strings' do 20 | let(:params) do 21 | { 22 | config_entries: { 23 | 'ssl_bump' => 'server-first all', 24 | 'sslcrtd_program' => '/usr/lib64/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB', 25 | 'sslcrtd_children' => '8 startup=1 idle=1' 26 | } 27 | } 28 | end 29 | 30 | expected_config_section = %(# my config section\n) 31 | expected_config_section += %(ssl_bump server-first all\n) 32 | expected_config_section += %(sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB\n) 33 | expected_config_section += %(sslcrtd_children 8 startup=1 idle=1\n) 34 | expected_config_section += %(\n) 35 | 36 | it { is_expected.to contain_concat_fragment('squid_extra_config_section_my config section').with_target('/tmp/squid.conf') } 37 | it { is_expected.to contain_concat_fragment('squid_extra_config_section_my config section').with_order('60-my config section') } 38 | 39 | it 'config section' do 40 | content = catalogue.resource('concat_fragment', 'squid_extra_config_section_my config section').send(:parameters)[:content] 41 | expect(content).to match(expected_config_section) 42 | end 43 | end 44 | 45 | context 'when config entry parameters are arrays' do 46 | let(:params) do 47 | { 48 | config_entries: { 49 | 'ssl_bump' => %w[server-first all], 50 | 'sslcrtd_program' => ['/usr/lib64/squid/ssl_crtd', '-s', '/var/lib/ssl_db', '-M', '4MB'], 51 | 'sslcrtd_children' => ['8', 'startup=1', 'idle=1'] 52 | } 53 | } 54 | end 55 | 56 | expected_config_section = %(# my config section\n) 57 | expected_config_section += %(ssl_bump server-first all\n) 58 | expected_config_section += %(sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB\n) 59 | expected_config_section += %(sslcrtd_children 8 startup=1 idle=1\n) 60 | expected_config_section += %(\n) 61 | 62 | it 'config section' do 63 | content = catalogue.resource('concat_fragment', 'squid_extra_config_section_my config section').send(:parameters)[:content] 64 | expect(content).to match(expected_config_section) 65 | end 66 | end 67 | 68 | context 'when config entry parameters are arrays of hashes' do 69 | let(:params) do 70 | { 71 | config_entries: [{ 72 | 'always_direct' => ['deny www.reallyreallybadplace.com', 73 | 'allow my-good-dst', 74 | 'allow my-other-good-dst'] 75 | }] 76 | } 77 | end 78 | 79 | expected_config_section = %(# my config section\n) 80 | expected_config_section += %(always_direct deny www.reallyreallybadplace.com\n) 81 | expected_config_section += %(always_direct allow my-good-dst\n) 82 | expected_config_section += %(always_direct allow my-other-good-dst\n) 83 | expected_config_section += %(\n) 84 | 85 | it 'config section' do 86 | content = catalogue.resource('concat_fragment', 'squid_extra_config_section_my config section').send(:parameters)[:content] 87 | expect(content).to match(expected_config_section) 88 | end 89 | end 90 | end 91 | end 92 | end 93 | -------------------------------------------------------------------------------- /spec/defines/http_port_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'squid::http_port' do 6 | on_supported_os.each do |os, facts| 7 | context "on #{os}" do 8 | let(:facts) do 9 | facts 10 | end 11 | let :pre_condition do 12 | ' class{"squid": 13 | config => "/tmp/squid.conf" 14 | } 15 | ' 16 | end 17 | 18 | context 'when parameters are unset' do 19 | let(:title) { '1000' } 20 | 21 | it { is_expected.to contain_concat_fragment('squid_http_port_1000').with_target('/tmp/squid.conf') } 22 | it { is_expected.to contain_concat_fragment('squid_http_port_1000').with_order('30-05') } 23 | it { is_expected.to contain_concat_fragment('squid_http_port_1000').with_content(%r{^http_port\s+1000$}) } 24 | end 25 | 26 | context 'with garbage title and no parameters' do 27 | let(:title) { 'garbage' } 28 | 29 | it { is_expected.not_to compile } 30 | end 31 | 32 | context 'when host:port title is set' do 33 | let(:title) { '127.0.0.1:1500' } 34 | 35 | it { is_expected.to contain_concat_fragment('squid_http_port_127.0.0.1:1500').with_content(%r{^http_port\s+127\.0\.0\.1:1500$}) } 36 | end 37 | 38 | context 'with invalid port (non-numeric) in host:port title' do 39 | let(:title) { 'my:test' } 40 | 41 | it { is_expected.not_to compile } 42 | end 43 | 44 | context 'with invalid port (out of range) in host:port title' do 45 | let(:title) { 'my:100000' } 46 | 47 | it { is_expected.not_to compile } 48 | end 49 | 50 | context 'with "host: port" invalid title' do 51 | let(:title) { 'host: 1600' } 52 | 53 | it { is_expected.not_to compile } 54 | end 55 | 56 | context 'with ".host:port" invalid title' do 57 | let(:title) { '.host:1600' } 58 | 59 | it { is_expected.not_to compile } 60 | end 61 | 62 | context 'with host:port title and port arg' do 63 | let(:title) { 'host:1650' } 64 | let(:params) do 65 | { 66 | port: 1650 67 | } 68 | end 69 | 70 | # Ignore the host part of the title if a port is specified 71 | it { is_expected.to contain_concat_fragment('squid_http_port_host:1650').with_content(%r{^http_port\s+1650$}) } 72 | end 73 | 74 | context 'with IPv6' do 75 | let(:title) { 'ipv6_host' } 76 | let(:params) do 77 | { 78 | host: '2001:db8::1', 79 | port: 1650, 80 | } 81 | end 82 | 83 | # Wrap IPv6 addresses in square brackets 84 | it { is_expected.to contain_concat_fragment('squid_http_port_ipv6_host').with_content(%r{^http_port\s+\[2001:db8::1\]:1650$}) } 85 | end 86 | 87 | context 'without a port specified' do 88 | let(:title) { 'garbage' } 89 | let(:params) do 90 | { 91 | host: 'host' 92 | } 93 | end 94 | 95 | it { is_expected.not_to compile } 96 | end 97 | 98 | context 'when host and port parameters are set' do 99 | let(:title) { 'test' } 100 | let(:params) do 101 | { 102 | port: 1700, 103 | host: '127.0.0.1' 104 | } 105 | end 106 | 107 | it { is_expected.to contain_concat_fragment('squid_http_port_test').with_content(%r{^http_port\s+127\.0\.0\.1:1700$}) } 108 | end 109 | 110 | context 'when parameters are set' do 111 | let(:title) { 'my:test' } # Arguments shoud override title 112 | let(:params) do 113 | { 114 | port: 2000, 115 | options: 'special for 2000', 116 | order: '08' 117 | } 118 | end 119 | 120 | it { is_expected.to contain_concat_fragment('squid_http_port_my:test').with_target('/tmp/squid.conf') } 121 | it { is_expected.to contain_concat_fragment('squid_http_port_my:test').with_order('30-08') } 122 | it { is_expected.to contain_concat_fragment('squid_http_port_my:test').with_content(%r{^http_port\s+2000\s+special for 2000$}) } 123 | end 124 | 125 | context 'with host overriding invalid title' do 126 | let(:title) { 'my:test' } 127 | let(:params) do 128 | { 129 | port: 2100, 130 | host: 'host' 131 | } 132 | end 133 | 134 | it { is_expected.to contain_concat_fragment('squid_http_port_my:test').with_content(%r{^http_port\s+host:2100$}) } 135 | end 136 | 137 | context 'when ssl => true' do 138 | let(:title) { '3000' } 139 | let(:params) do 140 | { 141 | ssl: true 142 | } 143 | end 144 | 145 | it { is_expected.to contain_concat_fragment('squid_https_port_3000').with_content(%r{^https_port\s+3000$}) } 146 | end 147 | end 148 | end 149 | end 150 | -------------------------------------------------------------------------------- /manifests/config.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Configure the system to use squid 3 | # config is included in the main class `squid` 4 | # for parameters see `squid` class 5 | # @api private 6 | class squid::config ( 7 | $config = $squid::config, 8 | $config_user = $squid::config_user, 9 | $config_group = $squid::config_group, 10 | $cache_mem = $squid::cache_mem, 11 | $cache_replacement_policy = $squid::cache_replacement_policy, 12 | $memory_replacement_policy = $squid::memory_replacement_policy, 13 | $visible_hostname = $squid::visible_hostname, 14 | $via = $squid::via, 15 | $httpd_suppress_version_string = $squid::httpd_suppress_version_string, 16 | $forwarded_for = $squid::forwarded_for, 17 | $memory_cache_shared = $squid::memory_cache_shared, 18 | $maximum_object_size_in_memory = $squid::maximum_object_size_in_memory, 19 | $access_log = $squid::access_log, 20 | $buffered_logs = $squid::buffered_logs, 21 | $coredump_dir = $squid::coredump_dir, 22 | $max_filedescriptors = $squid::max_filedescriptors, 23 | $error_directory = $squid::error_directory, 24 | $err_page_stylesheet = $squid::err_page_stylesheet, 25 | $workers = $squid::workers, 26 | $acls = $squid::acls, 27 | $http_access = $squid::http_access, 28 | $send_hit = $squid::send_hit, 29 | $snmp_access = $squid::snmp_access, 30 | $icp_access = $squid::icp_access, 31 | $auth_params = $squid::auth_params, 32 | $http_ports = $squid::http_ports, 33 | $https_ports = $squid::https_ports, 34 | $url_rewrite_program = $squid::url_rewrite_program, 35 | $url_rewrite_children = $squid::url_rewrite_children, 36 | $url_rewrite_child_options = $squid::url_rewrite_child_options, 37 | $refresh_patterns = $squid::refresh_patterns, 38 | $snmp_incoming_address = $squid::snmp_incoming_address, 39 | $snmp_ports = $squid::snmp_ports, 40 | $ssl_bump = $squid::ssl_bump, 41 | $sslproxy_cert_error = $squid::sslproxy_cert_error, 42 | $cache_dirs = $squid::cache_dirs, 43 | $cache = $squid::cache, 44 | $extra_config_sections = $squid::extra_config_sections, 45 | $squid_bin_path = $squid::squid_bin_path, 46 | ) inherits squid { 47 | concat { $config: 48 | ensure => present, 49 | owner => $config_user, 50 | group => $config_group, 51 | mode => '0640', 52 | validate_cmd => "${squid_bin_path} -k parse -f %", 53 | } 54 | 55 | concat::fragment { 'squid_header': 56 | target => $config, 57 | content => template('squid/squid.conf.header.erb'), 58 | order => '01', 59 | } 60 | 61 | if $acls { 62 | create_resources('squid::acl', $acls) 63 | } 64 | if $access_log { 65 | if $access_log =~ Hash { 66 | # Use create_resources if $access_log is a hash 67 | create_resources('squid::access_log', $access_log) 68 | } else { 69 | any2array($access_log). each |$log| { 70 | if $log =~ String { 71 | # Use regsubst to extract the module and the remaining entries 72 | $module = regsubst($log, '^(\w+):.*$', '\1') 73 | $entries = regsubst($log, '^\w+:(.*)$', '\1') 74 | # Create a single access_log resource using the extracted module and entries 75 | squid::access_log { "${module}-${entries.md5}": 76 | module => $module, 77 | entries => $entries, 78 | } 79 | } else { 80 | $access_log_name = if $log['entries'] =~ String { 81 | "${log['module']}-${log['entries'].md5}" 82 | } else { 83 | pick($log['access_log_name'], "${log['module']}-${log['entries'][0].md5}") 84 | } 85 | squid::access_log { $access_log_name: 86 | module => $log['module'], 87 | entries => $log['entries'], 88 | } 89 | } 90 | } 91 | } 92 | } 93 | if $http_access { 94 | create_resources('squid::http_access', $http_access) 95 | } 96 | if $send_hit { 97 | create_resources('squid::send_hit', $send_hit) 98 | } 99 | if $snmp_access { 100 | create_resources('squid::snmp_access', $snmp_access) 101 | } 102 | if $icp_access { 103 | create_resources('squid::icp_access', $icp_access) 104 | } 105 | if $auth_params { 106 | create_resources('squid::auth_param', $auth_params) 107 | } 108 | if $http_ports { 109 | create_resources('squid::http_port', $http_ports) 110 | } 111 | if $https_ports { 112 | create_resources('squid::https_port', $https_ports) 113 | } 114 | if $snmp_ports { 115 | create_resources('squid::snmp_port', $snmp_ports) 116 | } 117 | if $cache_dirs { 118 | create_resources('squid::cache_dir', $cache_dirs) 119 | } 120 | if $cache { 121 | create_resources('squid::cache', $cache) 122 | } 123 | if $refresh_patterns { 124 | create_resources('squid::refresh_pattern', $refresh_patterns) 125 | } 126 | if $ssl_bump { 127 | create_resources('squid::ssl_bump', $ssl_bump) 128 | } 129 | if $sslproxy_cert_error { 130 | create_resources('squid::sslproxy_cert_error', $sslproxy_cert_error) 131 | } 132 | create_resources('squid::extra_config_section', $extra_config_sections) 133 | } 134 | -------------------------------------------------------------------------------- /manifests/init.pp: -------------------------------------------------------------------------------- 1 | # @summary 2 | # Module for configuring the squid caching service. 3 | # The module will set the SELINUX-context for the cache_dir and port, needs puppet-selinux 4 | # 5 | # @example The set up a simple squid server with a cache to forward http port 80 requests. 6 | # class { 'squid': 7 | # http_ports => { '3128' => {} }, 8 | # } 9 | # squid::acl { 'Safe_ports': 10 | # type => port, 11 | # entries => ['80'], 12 | # } 13 | # squid::http_access { 'Safe_ports': 14 | # action => allow, 15 | # } 16 | # squid::http_access{ '!Safe_ports': 17 | # action => deny, 18 | # } 19 | # 20 | # @param ensure_service 21 | # The ensure value of the squid service, defaults to `running`. 22 | # 23 | # @param enable_service 24 | # The enable value of the squid service, defaults to `true`. 25 | # 26 | # @param config 27 | # Location of squid.conf file, defaults to `/etc/squid/squid.conf`. 28 | # 29 | # @param config_user 30 | # User which owns the config file, default depends on `$operatingsystem` 31 | # 32 | # @param config_group 33 | # Group which owns the config file, default depends on `$operatingsystem` 34 | # 35 | # @param daemon_user 36 | # User which runs the squid daemon, this is used for ownership of the cache directory, default depends on `$operatingsystem` 37 | # 38 | # @param daemon_group 39 | # Group which runs the squid daemon, this is used for ownership of the cache directory, default depends on `$operatingsystem` 40 | # 41 | # @param cache_mem 42 | # Defaults to `256 MB`. http://www.squid-cache.org/Doc/config/cache_mem/ 43 | # 44 | # @param cache_replacement_policy 45 | # Defaults to undef. http://www.squid-cache.org/Doc/config/cache_replacement_policy/ 46 | # 47 | # @param memory_replacement_policy 48 | # Defaults to undef. http://www.squid-cache.org/Doc/config/memory_replacement_policy/ 49 | # 50 | # @param memory_cache_shared 51 | # Defaults to undef. http://www.squid-cache.org/Doc/config/memory_cache_shared/. 52 | # 53 | # @param maximum_object_size_in_memory 54 | # Defaults to `512 KB`. http://www.squid-cache.org/Doc/config/maximum_object_size_in_memory/ 55 | # 56 | # @param url_rewrite_program 57 | # Defaults to undef http://www.squid-cache.org/Doc/config/url_rewrite_program/ 58 | # 59 | # @param url_rewrite_children 60 | # Defaults to undef http://www.squid-cache.org/Doc/config/url_rewrite_children/ 61 | # 62 | # @param url_rewrite_child_options 63 | # Defaults to undef http://www.squid-cache.org/Doc/config/url_rewrite_children/ 64 | # 65 | # @param access_log 66 | # Defaults to `daemon:/var/logs/squid/access.log squid`. May be passed an Array. http://www.squid-cache.org/Doc/config/access_log/ 67 | # 68 | # @example 69 | # class { 'squid': 70 | # access_log => [ 71 | # 'daemon:/var/logs/squid/access.log squid', 72 | # { 73 | # module => 'syslog', 74 | # entries => ['daemon.info squid', 'local0 squid'], 75 | # }, 76 | # ], 77 | # } 78 | # 79 | # @param coredump_dir 80 | # Defaults to undef. http://www.squid-cache.org/Doc/config/coredump_dir/ 81 | # 82 | # @param error_directory 83 | # Defaults to undef. http://www.squid-cache.org/Doc/config/error_directory/ 84 | # 85 | # @param err_page_stylesheet 86 | # Defaults to undef. http://www.squid-cache.org/Doc/config/err_page_stylesheet/ 87 | # 88 | # @param package_name 89 | # Name of the squid package to manage, default depends on `$operatingsystem` 90 | # 91 | # @param package_ensure 92 | # Package status and/or version, default to present 93 | # 94 | # @param service_name 95 | # Name of the squid service to manage, default depends on `$operatingsystem` 96 | # 97 | # @param max_filedescriptors 98 | # Defaults to undef. http://www.squid-cache.org/Doc/config/max_filedescriptors/ 99 | # 100 | # @param workers 101 | # Defaults to undef. http://www.squid-cache.org/Doc/config/workers/ 102 | # 103 | # @param snmp_incoming_address 104 | # Defaults to undef. Can be set to an IP address to only listen for snmp requests on an individual interface. http://www.squid-cache.org/Doc/config/snmp_incoming_address/ 105 | # 106 | # @param buffered_logs 107 | # Defaults to undef. http://www.squid-cache.org/Doc/config/buffered_logs/ 108 | # 109 | # @param acls 110 | # Defaults to undef. If you pass in a hash of acl entries, they will be defined automatically. http://www.squid-cache.org/Doc/config/acl/ 111 | # 112 | # @param visible_hostname 113 | # Defaults to undef. http://www.squid-cache.org/Doc/config/visible_hostname/ 114 | # 115 | # @param via 116 | # Defaults to undef. http://www.squid-cache.org/Doc/config/via/ 117 | # 118 | # @param httpd_suppress_version_string 119 | # Defaults to undef. http://www.squid-cache.org/Doc/config/httpd_suppress_version_string/ 120 | # 121 | # @param forwarded_for 122 | # Defaults to undef. supported values are "on", "off", "transparent", "delete", "truncate". http://www.squid-cache.org/Doc/config/forwarded_for/ 123 | # 124 | # @param http_access 125 | # Defaults to undef. If you pass in a hash of http_access entries, they will be defined automatically. http://www.squid-cache.org/Doc/config/http_access/ 126 | # 127 | # @param http_ports 128 | # Defaults to undef. If you pass in a hash of http_port entries, they will be defined automatically. http://www.squid-cache.org/Doc/config/http_port/ 129 | # 130 | # @param https_ports 131 | # Defaults to undef. If you pass in a hash of https_port entries, they will be defined automatically. http://www.squid-cache.org/Doc/config/https_port/ 132 | # 133 | # @param icp_access 134 | # Defaults to undef. If you pass in a hash of icp_access entries, they will be defined automatically. http://www.squid-cache.org/Doc/config/icp_access/ 135 | # 136 | # @param logformat 137 | # Defaults to undef. If you pass in a logformat String, it will be defined automatically. May be passed an Array. http://www.squid-cache.org/Doc/config/logformat/ 138 | # 139 | # @param refresh_patterns 140 | # Defaults to undef. If you pass a hash of refresh_pattern entires, they will be defined automatically. http://www.squid-cache.org/Doc/config/refresh_pattern/ 141 | # 142 | # @param snmp_ports 143 | # Defaults to undef. If you pass in a hash of snmp_port entries, they will be defined automatically. http://www.squid-cache.org/Doc/config/snmp_port/ 144 | # 145 | # @param send_hit 146 | # Defaults to undef. If you pass in a hash of send_hit entries, they will be defined automatically. http://www.squid-cache.org/Doc/config/send_hit/ 147 | # 148 | # @param cache_dirs 149 | # Defaults to undef. If you pass in a hash of cache_dir entries, they will be defined automatically. http://www.squid-cache.org/Doc/config/cache_dir/ 150 | # 151 | # @param ssl_bump 152 | # Defaults to undef. If you pass in a hash of ssl_bump entries, they will be defined automatically. http://www.squid-cache.org/Doc/config/ssl_bump/ 153 | # 154 | # @param sslproxy_cert_error 155 | # Defaults to undef. If you pass in a hash of sslproxy_cert_error entries, they will be defined automatically. http://www.squid-cache.org/Doc/config/sslproxy_cert_error/ 156 | # 157 | # @param extra_config_sections 158 | # Defaults to empty hash. If you pass in a hash of `extra_config_section` resources, they will be defined automatically. 159 | # 160 | # @param service_restart 161 | # Defaults to undef. Overrides service resource restart command to be executed. 162 | # It can be used to perform a soft reload of the squid service. 163 | # 164 | # @param squid_bin_path 165 | # Path to the squid binary, default depends on `$operatingsystem` 166 | # 167 | # @example 168 | # class { 'squid': 169 | # cache_mem => '512 MB', 170 | # workers => 3, 171 | # coredump_dir => '/var/spool/squid', 172 | # } 173 | # 174 | # @example 175 | # class { 'squid': 176 | # cache_mem => '512 MB', 177 | # workers => 3, 178 | # coredump_dir => '/var/spool/squid', 179 | # acls => { 'remote_urls' => { 180 | # type => 'url_regex', 181 | # entries => ['http://example.org/path', 182 | # 'http://example.com/anotherpath'], 183 | # }, 184 | # }, 185 | # http_access => { 'our_networks hosts' => { action => 'allow', }}, 186 | # http_ports => { '10000' => { options => 'accel vhost', }}, 187 | # snmp_ports => { '1000' => { process_number => 3, }}, 188 | # cache_dirs => { '/data/' => { type => 'ufs', options => '15000 32 256 min-size=32769', process_number => 2 }}, 189 | # url_rewrite_program => '/usr/bin/squidguard -c /etc/squidguard/squidguard.conf', 190 | # url_rewrite_children => 12, 191 | # url_rewrite_child_options => startup=1, 192 | # } 193 | # 194 | class squid ( 195 | Variant[ 196 | String[1], 197 | Array[Variant[String[1],Hash]], 198 | Hash[String[1],Hash] 199 | ] $access_log = $squid::params::access_log, 200 | Squid::Size $cache_mem = $squid::params::cache_mem, 201 | String $config = $squid::params::config, 202 | String $config_group = $squid::params::config_group, 203 | String $config_user = $squid::params::config_user, 204 | String $daemon_group = $squid::params::daemon_group, 205 | String $daemon_user = $squid::params::daemon_user, 206 | Boolean $enable_service = $squid::params::enable_service, 207 | String $ensure_service = $squid::params::ensure_service, 208 | Squid::Size $maximum_object_size_in_memory = $squid::params::maximum_object_size_in_memory, 209 | String $package_name = $squid::params::package_name, 210 | Squid::PkgEnsure $package_ensure = $squid::params::package_ensure, 211 | String $service_name = $squid::params::service_name, 212 | Stdlib::Absolutepath $squid_bin_path = $squid::params::squid_bin_path, 213 | Optional[Stdlib::Absolutepath] $error_directory = $squid::params::error_directory, 214 | Optional[Stdlib::Absolutepath] $err_page_stylesheet = $squid::params::err_page_stylesheet, 215 | Optional[String] $cache_replacement_policy = $squid::params::cache_replacement_policy, 216 | Optional[String] $memory_replacement_policy = $squid::params::memory_replacement_policy, 217 | Optional[Boolean] $httpd_suppress_version_string = $squid::params::httpd_suppress_version_string, 218 | Optional[Variant[Enum['on', 'off', 'transparent', 'delete', 'truncate'], Boolean]] $forwarded_for = $squid::params::forwarded_for, 219 | Optional[String] $visible_hostname = $squid::params::visible_hostname, 220 | Optional[Boolean] $via = $squid::params::via, 221 | Optional[Hash] $acls = $squid::params::acls, 222 | Optional[Hash] $auth_params = $squid::params::auth_params, 223 | Optional[Hash] $cache_dirs = $squid::params::cache_dirs, 224 | Optional[Hash] $cache = $squid::params::cache, 225 | Optional[String] $coredump_dir = $squid::params::coredump_dir, 226 | Optional[String] $url_rewrite_program = $squid::params::url_rewrite_program, 227 | Optional[Integer] $url_rewrite_children = $squid::params::url_rewrite_children, 228 | Optional[String] $url_rewrite_child_options = $squid::params::url_rewrite_child_options, 229 | Hash $extra_config_sections = {}, 230 | Optional[Hash] $http_access = $squid::params::http_access, 231 | Optional[Hash] $send_hit = $squid::params::send_hit, 232 | Optional[Hash] $snmp_access = $squid::params::snmp_access, 233 | Optional[Hash] $http_ports = $squid::params::http_ports, 234 | Optional[Hash] $https_ports = $squid::params::https_ports, 235 | Optional[Hash] $icp_access = $squid::params::icp_access, 236 | Optional[Variant[String, Array[String]]] $logformat = $squid::params::logformat, 237 | Optional[Boolean] $buffered_logs = $squid::params::buffered_logs, 238 | Optional[Integer] $max_filedescriptors = $squid::params::max_filedescriptors, 239 | Optional[Variant[Enum['on', 'off'], Boolean]] $memory_cache_shared = $squid::params::memory_cache_shared, 240 | Optional[Hash] $refresh_patterns = $squid::params::refresh_patterns, 241 | Optional[Stdlib::Ip::Address] $snmp_incoming_address = $squid::params::snmp_incoming_address, 242 | Optional[Hash] $snmp_ports = $squid::params::snmp_ports, 243 | Optional[Hash] $ssl_bump = $squid::params::ssl_bump, 244 | Optional[Hash] $sslproxy_cert_error = $squid::params::sslproxy_cert_error, 245 | Optional[Integer] $workers = $squid::params::workers, 246 | Optional[String] $service_restart = $squid::params::service_restart, 247 | ) inherits squid::params { 248 | contain squid::install 249 | contain squid::config 250 | contain squid::service 251 | 252 | Class['squid::install'] 253 | -> Class['squid::config'] 254 | ~> Class['squid::service'] 255 | } 256 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | All notable changes to this project will be documented in this file. 4 | Each new release typically also includes the latest modulesync defaults. 5 | These should not affect the functionality of the module. 6 | 7 | ## [v6.0.0](https://github.com/voxpupuli/puppet-squid/tree/v6.0.0) (2025-06-08) 8 | 9 | [Full Changelog](https://github.com/voxpupuli/puppet-squid/compare/v5.1.0...v6.0.0) 10 | 11 | **Breaking changes:** 12 | 13 | - Drop Debian 10 [\#209](https://github.com/voxpupuli/puppet-squid/pull/209) ([lbetz](https://github.com/lbetz)) 14 | - Drop Ubuntu 20.04 support [\#208](https://github.com/voxpupuli/puppet-squid/pull/208) ([lbetz](https://github.com/lbetz)) 15 | - Drop FreeBSD 11 support [\#207](https://github.com/voxpupuli/puppet-squid/pull/207) ([lbetz](https://github.com/lbetz)) 16 | - Drop FreeBSD 10 support [\#206](https://github.com/voxpupuli/puppet-squid/pull/206) ([lbetz](https://github.com/lbetz)) 17 | - Drop CentOS 8 support [\#204](https://github.com/voxpupuli/puppet-squid/pull/204) ([lbetz](https://github.com/lbetz)) 18 | - Drop EL7 support [\#203](https://github.com/voxpupuli/puppet-squid/pull/203) ([lbetz](https://github.com/lbetz)) 19 | - Drop Ubuntu 18.04 support [\#198](https://github.com/voxpupuli/puppet-squid/pull/198) ([zilchms](https://github.com/zilchms)) 20 | 21 | **Implemented enhancements:** 22 | 23 | - Moving access\_log addition below acls in squid.conf [\#217](https://github.com/voxpupuli/puppet-squid/pull/217) ([lbetz](https://github.com/lbetz)) 24 | - Add freebsd14 [\#216](https://github.com/voxpupuli/puppet-squid/pull/216) ([lbetz](https://github.com/lbetz)) 25 | - Add Debian 12 [\#215](https://github.com/voxpupuli/puppet-squid/pull/215) ([lbetz](https://github.com/lbetz)) 26 | - Add Ubuntu 24.04 support [\#214](https://github.com/voxpupuli/puppet-squid/pull/214) ([lbetz](https://github.com/lbetz)) 27 | - Add FreeBSD 13 support [\#213](https://github.com/voxpupuli/puppet-squid/pull/213) ([lbetz](https://github.com/lbetz)) 28 | - Add Debian 11 support [\#212](https://github.com/voxpupuli/puppet-squid/pull/212) ([lbetz](https://github.com/lbetz)) 29 | - Add RedHat 9 support [\#211](https://github.com/voxpupuli/puppet-squid/pull/211) ([lbetz](https://github.com/lbetz)) 30 | - Add OracleLinux 9 support [\#210](https://github.com/voxpupuli/puppet-squid/pull/210) ([lbetz](https://github.com/lbetz)) 31 | - puppet-selinux: support for 5.x [\#202](https://github.com/voxpupuli/puppet-squid/pull/202) ([lbetz](https://github.com/lbetz)) 32 | - metadata.json: Add OpenVox [\#199](https://github.com/voxpupuli/puppet-squid/pull/199) ([jstraw](https://github.com/jstraw)) 33 | - Add Ubuntu 20.04 and 22.04 support [\#197](https://github.com/voxpupuli/puppet-squid/pull/197) ([zilchms](https://github.com/zilchms)) 34 | - Add EL9 support [\#185](https://github.com/voxpupuli/puppet-squid/pull/185) ([bastelfreak](https://github.com/bastelfreak)) 35 | 36 | **Closed issues:** 37 | 38 | - Dependencies blocking upgrade of other modules [\#201](https://github.com/voxpupuli/puppet-squid/issues/201) 39 | - no option for squid configuration directive 'hosts\_file' [\#165](https://github.com/voxpupuli/puppet-squid/issues/165) 40 | 41 | **Merged pull requests:** 42 | 43 | - Remove legacy top-scope syntax [\#188](https://github.com/voxpupuli/puppet-squid/pull/188) ([smortex](https://github.com/smortex)) 44 | 45 | ## [v5.1.0](https://github.com/voxpupuli/puppet-squid/tree/v5.1.0) (2023-07-13) 46 | 47 | [Full Changelog](https://github.com/voxpupuli/puppet-squid/compare/v5.0.0...v5.1.0) 48 | 49 | **Implemented enhancements:** 50 | 51 | - Add AlmaLinux/Rocky support [\#184](https://github.com/voxpupuli/puppet-squid/pull/184) ([bastelfreak](https://github.com/bastelfreak)) 52 | 53 | **Merged pull requests:** 54 | 55 | - Allow puppet-selinux 4.x [\#183](https://github.com/voxpupuli/puppet-squid/pull/183) ([smortex](https://github.com/smortex)) 56 | - Allow puppetlabs-concat 9.x [\#182](https://github.com/voxpupuli/puppet-squid/pull/182) ([smortex](https://github.com/smortex)) 57 | 58 | ## [v5.0.0](https://github.com/voxpupuli/puppet-squid/tree/v5.0.0) (2023-07-12) 59 | 60 | [Full Changelog](https://github.com/voxpupuli/puppet-squid/compare/v4.0.0...v5.0.0) 61 | 62 | **Breaking changes:** 63 | 64 | - Drop EOL Debian 9 and Ubuntu 16.04 [\#177](https://github.com/voxpupuli/puppet-squid/pull/177) ([traylenator](https://github.com/traylenator)) 65 | - Drop Puppet 6 support [\#176](https://github.com/voxpupuli/puppet-squid/pull/176) ([bastelfreak](https://github.com/bastelfreak)) 66 | 67 | **Implemented enhancements:** 68 | 69 | - Add Puppet 8 support [\#180](https://github.com/voxpupuli/puppet-squid/pull/180) ([bastelfreak](https://github.com/bastelfreak)) 70 | - puppetlabs/stdlib: Allow 9.x [\#179](https://github.com/voxpupuli/puppet-squid/pull/179) ([bastelfreak](https://github.com/bastelfreak)) 71 | 72 | **Closed issues:** 73 | 74 | - Puppet 7 support [\#172](https://github.com/voxpupuli/puppet-squid/issues/172) 75 | - Request release of v3.0.1 [\#168](https://github.com/voxpupuli/puppet-squid/issues/168) 76 | 77 | ## [v4.0.0](https://github.com/voxpupuli/puppet-squid/tree/v4.0.0) (2022-12-19) 78 | 79 | [Full Changelog](https://github.com/voxpupuli/puppet-squid/compare/v3.0.0...v4.0.0) 80 | 81 | **Breaking changes:** 82 | 83 | - Drop Puppet 5; Add Puppet 7 support [\#164](https://github.com/voxpupuli/puppet-squid/pull/164) ([bastelfreak](https://github.com/bastelfreak)) 84 | - Drop EL6 support [\#159](https://github.com/voxpupuli/puppet-squid/pull/159) ([ekohl](https://github.com/ekohl)) 85 | 86 | **Implemented enhancements:** 87 | 88 | - Allow multiple logformat directives in squid.conf [\#167](https://github.com/voxpupuli/puppet-squid/pull/167) ([gcoxmoz](https://github.com/gcoxmoz)) 89 | 90 | **Merged pull requests:** 91 | 92 | - Avoid Type=notify for squid service in github CI [\#170](https://github.com/voxpupuli/puppet-squid/pull/170) ([traylenator](https://github.com/traylenator)) 93 | - Remove default empty string parameters [\#169](https://github.com/voxpupuli/puppet-squid/pull/169) ([traylenator](https://github.com/traylenator)) 94 | - Allow up-to-date dependencies [\#160](https://github.com/voxpupuli/puppet-squid/pull/160) ([smortex](https://github.com/smortex)) 95 | 96 | ## [v3.0.0](https://github.com/voxpupuli/puppet-squid/tree/v3.0.0) (2020-09-29) 97 | 98 | [Full Changelog](https://github.com/voxpupuli/puppet-squid/compare/v2.2.2...v3.0.0) 99 | 100 | **Breaking changes:** 101 | 102 | - Drop EOL Debian 8 [\#155](https://github.com/voxpupuli/puppet-squid/pull/155) ([bastelfreak](https://github.com/bastelfreak)) 103 | - drop Ubuntu 14.04 support [\#139](https://github.com/voxpupuli/puppet-squid/pull/139) ([bastelfreak](https://github.com/bastelfreak)) 104 | 105 | **Implemented enhancements:** 106 | 107 | - Add support Debian 10, Ubuntu 18.04 and EL8 [\#145](https://github.com/voxpupuli/puppet-squid/pull/145) ([ekohl](https://github.com/ekohl)) 108 | - support forwarded for [\#137](https://github.com/voxpupuli/puppet-squid/pull/137) ([ssanden](https://github.com/ssanden)) 109 | - Change the way SELinux is applied for portnumbers [\#135](https://github.com/voxpupuli/puppet-squid/pull/135) ([ralfbosz](https://github.com/ralfbosz)) 110 | 111 | **Fixed bugs:** 112 | 113 | - Add missing package state values [\#142](https://github.com/voxpupuli/puppet-squid/pull/142) ([ph1ll](https://github.com/ph1ll)) 114 | 115 | **Closed issues:** 116 | 117 | - Duplicate HTTP Port Declarations For Different Bind IPs Produces SELinux Duplicate Resource Declaration Error [\#120](https://github.com/voxpupuli/puppet-squid/issues/120) 118 | 119 | **Merged pull requests:** 120 | 121 | - Puppet-lint fixes [\#153](https://github.com/voxpupuli/puppet-squid/pull/153) ([alexjfisher](https://github.com/alexjfisher)) 122 | - Allow multiple access\_log directives in squid.conf [\#151](https://github.com/voxpupuli/puppet-squid/pull/151) ([gcoxmoz](https://github.com/gcoxmoz)) 123 | - add typedef and class documentation [\#148](https://github.com/voxpupuli/puppet-squid/pull/148) ([TillHein](https://github.com/TillHein)) 124 | - Use voxpupuli-acceptance [\#147](https://github.com/voxpupuli/puppet-squid/pull/147) ([ekohl](https://github.com/ekohl)) 125 | - delete legacy travis directory [\#143](https://github.com/voxpupuli/puppet-squid/pull/143) ([bastelfreak](https://github.com/bastelfreak)) 126 | - Remove duplicate CONTRIBUTING.md file [\#140](https://github.com/voxpupuli/puppet-squid/pull/140) ([dhoppe](https://github.com/dhoppe)) 127 | - Clean up acceptance spec helper [\#138](https://github.com/voxpupuli/puppet-squid/pull/138) ([ekohl](https://github.com/ekohl)) 128 | 129 | ## [v2.2.2](https://github.com/voxpupuli/puppet-squid/tree/v2.2.2) (2019-06-17) 130 | 131 | [Full Changelog](https://github.com/voxpupuli/puppet-squid/compare/v2.2.1...v2.2.2) 132 | 133 | **Merged pull requests:** 134 | 135 | - Allow puppet-selinux 3.x [\#133](https://github.com/voxpupuli/puppet-squid/pull/133) ([ekohl](https://github.com/ekohl)) 136 | 137 | ## [v2.2.1](https://github.com/voxpupuli/puppet-squid/tree/v2.2.1) (2019-05-31) 138 | 139 | [Full Changelog](https://github.com/voxpupuli/puppet-squid/compare/v2.2.0...v2.2.1) 140 | 141 | **Merged pull requests:** 142 | 143 | - allow puppetlabs-concat 6.x [\#131](https://github.com/voxpupuli/puppet-squid/pull/131) ([mmoll](https://github.com/mmoll)) 144 | 145 | ## [v2.2.0](https://github.com/voxpupuli/puppet-squid/tree/v2.2.0) (2019-05-21) 146 | 147 | [Full Changelog](https://github.com/voxpupuli/puppet-squid/compare/v2.1.0...v2.2.0) 148 | 149 | **Implemented enhancements:** 150 | 151 | - Override service restart command [\#127](https://github.com/voxpupuli/puppet-squid/pull/127) ([Wiston999](https://github.com/Wiston999)) 152 | - Control package status and version [\#126](https://github.com/voxpupuli/puppet-squid/pull/126) ([Wiston999](https://github.com/Wiston999)) 153 | 154 | **Merged pull requests:** 155 | 156 | - Allow puppet-selinux 2.x [\#128](https://github.com/voxpupuli/puppet-squid/pull/128) ([ekohl](https://github.com/ekohl)) 157 | - Allow `puppetlabs/stdlib` 6.x [\#125](https://github.com/voxpupuli/puppet-squid/pull/125) ([alexjfisher](https://github.com/alexjfisher)) 158 | 159 | ## [v2.1.0](https://github.com/voxpupuli/puppet-squid/tree/v2.1.0) (2019-05-03) 160 | 161 | [Full Changelog](https://github.com/voxpupuli/puppet-squid/compare/v2.0.0...v2.1.0) 162 | 163 | **Implemented enhancements:** 164 | 165 | - Validate squid config before applying changes [\#123](https://github.com/voxpupuli/puppet-squid/pull/123) ([alexjfisher](https://github.com/alexjfisher)) 166 | 167 | ## [v2.0.0](https://github.com/voxpupuli/puppet-squid/tree/v2.0.0) (2019-02-06) 168 | 169 | [Full Changelog](https://github.com/voxpupuli/puppet-squid/compare/v1.1.0...v2.0.0) 170 | 171 | **Breaking changes:** 172 | 173 | - modulesync 2.5.1 and drop Puppet4 [\#118](https://github.com/voxpupuli/puppet-squid/pull/118) ([bastelfreak](https://github.com/bastelfreak)) 174 | - support listening on specific interfaces; changed params in squid::http\_port{} [\#103](https://github.com/voxpupuli/puppet-squid/pull/103) ([tequeter](https://github.com/tequeter)) 175 | - Fix `url_rewrite_program` [\#101](https://github.com/voxpupuli/puppet-squid/pull/101) ([SourceDoctor](https://github.com/SourceDoctor)) 176 | 177 | **Implemented enhancements:** 178 | 179 | - Added 'manage\_dir' parameter to cache\_dir [\#116](https://github.com/voxpupuli/puppet-squid/pull/116) ([GeorgeCox](https://github.com/GeorgeCox)) 180 | - Add a Squid::Size type [\#112](https://github.com/voxpupuli/puppet-squid/pull/112) ([ekohl](https://github.com/ekohl)) 181 | - modulesync 2.2.0 and allow puppet 6.x [\#109](https://github.com/voxpupuli/puppet-squid/pull/109) ([bastelfreak](https://github.com/bastelfreak)) 182 | - Allow puppetlabs/stdlib 5.x and puppetlabs/concat 5.x [\#106](https://github.com/voxpupuli/puppet-squid/pull/106) ([bastelfreak](https://github.com/bastelfreak)) 183 | 184 | **Closed issues:** 185 | 186 | - ssl::server\_name syntax error [\#117](https://github.com/voxpupuli/puppet-squid/issues/117) 187 | - cache\_dir on mounted filesystem [\#108](https://github.com/voxpupuli/puppet-squid/issues/108) 188 | 189 | **Merged pull requests:** 190 | 191 | - Use strings not symbols with beaker-puppet `fact()` [\#111](https://github.com/voxpupuli/puppet-squid/pull/111) ([alexjfisher](https://github.com/alexjfisher)) 192 | - Update README.md [\#110](https://github.com/voxpupuli/puppet-squid/pull/110) ([AndreasPfaffeneder](https://github.com/AndreasPfaffeneder)) 193 | - drop EOL OSs; fix puppet version range [\#100](https://github.com/voxpupuli/puppet-squid/pull/100) ([bastelfreak](https://github.com/bastelfreak)) 194 | - use gitrepos in .fixtures.yml [\#99](https://github.com/voxpupuli/puppet-squid/pull/99) ([bastelfreak](https://github.com/bastelfreak)) 195 | 196 | ## [v1.1.0](https://github.com/voxpupuli/puppet-squid/tree/v1.1.0) (2018-05-16) 197 | 198 | [Full Changelog](https://github.com/voxpupuli/puppet-squid/compare/v1.0.0...v1.1.0) 199 | 200 | **Implemented enhancements:** 201 | 202 | - Add `visible_hostname`, `via`, `httpd_suppress_version_string` and `forwarded_for` parameters [\#81](https://github.com/voxpupuli/puppet-squid/pull/81) ([SourceDoctor](https://github.com/SourceDoctor)) 203 | - add url\_rewrite feature [\#78](https://github.com/voxpupuli/puppet-squid/pull/78) ([SourceDoctor](https://github.com/SourceDoctor)) 204 | 205 | **Closed issues:** 206 | 207 | - puppet/selinux missing as requirement [\#95](https://github.com/voxpupuli/puppet-squid/issues/95) 208 | 209 | **Merged pull requests:** 210 | 211 | - Fixes \#95 adds declare puppet-selinux dep [\#97](https://github.com/voxpupuli/puppet-squid/pull/97) ([traylenator](https://github.com/traylenator)) 212 | - Rely on beaker-hostgenerator for docker nodesets [\#96](https://github.com/voxpupuli/puppet-squid/pull/96) ([ekohl](https://github.com/ekohl)) 213 | - increase max concat module version [\#94](https://github.com/voxpupuli/puppet-squid/pull/94) ([TomRitserveldt](https://github.com/TomRitserveldt)) 214 | 215 | ## [v1.0.0](https://github.com/voxpupuli/puppet-squid/tree/v1.0.0) (2018-03-28) 216 | 217 | [Full Changelog](https://github.com/voxpupuli/puppet-squid/compare/v0.6.1...v1.0.0) 218 | 219 | **Breaking changes:** 220 | 221 | - Remove spurious ':' from refresh\_pattern template [\#87](https://github.com/voxpupuli/puppet-squid/pull/87) ([ralfbosz](https://github.com/ralfbosz)) 222 | 223 | **Implemented enhancements:** 224 | 225 | - Syntax check when restarting. [\#76](https://github.com/voxpupuli/puppet-squid/issues/76) 226 | - This commit applies a restorecon when using SELINUX [\#91](https://github.com/voxpupuli/puppet-squid/pull/91) ([ralfbosz](https://github.com/ralfbosz)) 227 | - New defined type squid::send\_hit [\#90](https://github.com/voxpupuli/puppet-squid/pull/90) ([traylenator](https://github.com/traylenator)) 228 | - Fixes \#8 Set selinux context of cache\_dir and ports. [\#89](https://github.com/voxpupuli/puppet-squid/pull/89) ([ralfbosz](https://github.com/ralfbosz)) 229 | - Allow Cache Replacement Policy to be configured [\#84](https://github.com/voxpupuli/puppet-squid/pull/84) ([SourceDoctor](https://github.com/SourceDoctor)) 230 | - Define Stylesheet and language for Squid Errorpage [\#83](https://github.com/voxpupuli/puppet-squid/pull/83) ([SourceDoctor](https://github.com/SourceDoctor)) 231 | - enable buffered logs [\#82](https://github.com/voxpupuli/puppet-squid/pull/82) ([SourceDoctor](https://github.com/SourceDoctor)) 232 | - add caching store control [\#80](https://github.com/voxpupuli/puppet-squid/pull/80) ([SourceDoctor](https://github.com/SourceDoctor)) 233 | - Snmp access [\#79](https://github.com/voxpupuli/puppet-squid/pull/79) ([SourceDoctor](https://github.com/SourceDoctor)) 234 | 235 | **Closed issues:** 236 | 237 | - Support extra\_config\_section to take random configuration [\#31](https://github.com/voxpupuli/puppet-squid/issues/31) 238 | - Set selinux file context on cache directory [\#8](https://github.com/voxpupuli/puppet-squid/issues/8) 239 | 240 | **Merged pull requests:** 241 | 242 | - Add snmp\_incoming\_address parameter [\#86](https://github.com/voxpupuli/puppet-squid/pull/86) ([alexjfisher](https://github.com/alexjfisher)) 243 | - Remove EOL operatingsystems [\#75](https://github.com/voxpupuli/puppet-squid/pull/75) ([ekohl](https://github.com/ekohl)) 244 | - Sanitise type [\#73](https://github.com/voxpupuli/puppet-squid/pull/73) ([ekohl](https://github.com/ekohl)) 245 | - Run acceptance tests on Debian 9 [\#69](https://github.com/voxpupuli/puppet-squid/pull/69) ([ekohl](https://github.com/ekohl)) 246 | - enable all auth\_param types [\#66](https://github.com/voxpupuli/puppet-squid/pull/66) ([quielb](https://github.com/quielb)) 247 | 248 | ## [v0.6.1](https://github.com/voxpupuli/puppet-squid/tree/v0.6.1) (2017-11-15) 249 | 250 | [Full Changelog](https://github.com/voxpupuli/puppet-squid/compare/v0.6.0...v0.6.1) 251 | 252 | **Merged pull requests:** 253 | 254 | - release 0.6.1 [\#72](https://github.com/voxpupuli/puppet-squid/pull/72) ([bastelfreak](https://github.com/bastelfreak)) 255 | - add missing secret to travis config [\#71](https://github.com/voxpupuli/puppet-squid/pull/71) ([bastelfreak](https://github.com/bastelfreak)) 256 | 257 | ## [v0.6.0](https://github.com/voxpupuli/puppet-squid/tree/v0.6.0) (2017-11-15) 258 | 259 | [Full Changelog](https://github.com/voxpupuli/puppet-squid/compare/v0.5.0...v0.6.0) 260 | 261 | **Breaking changes:** 262 | 263 | - Convert to puppet 4/5 data types [\#58](https://github.com/voxpupuli/puppet-squid/pull/58) ([matonb](https://github.com/matonb)) 264 | 265 | **Implemented enhancements:** 266 | 267 | - added debian 9 param defaults [\#60](https://github.com/voxpupuli/puppet-squid/pull/60) ([ssanden](https://github.com/ssanden)) 268 | - When specifying the extra\_config\_sections as an array [\#45](https://github.com/voxpupuli/puppet-squid/pull/45) ([ralfbosz](https://github.com/ralfbosz)) 269 | 270 | **Merged pull requests:** 271 | 272 | - release 0.6.0 [\#70](https://github.com/voxpupuli/puppet-squid/pull/70) ([bastelfreak](https://github.com/bastelfreak)) 273 | - Fix the tests [\#67](https://github.com/voxpupuli/puppet-squid/pull/67) ([ekohl](https://github.com/ekohl)) 274 | - Clean up docs [\#62](https://github.com/voxpupuli/puppet-squid/pull/62) ([alex-harvey-z3q](https://github.com/alex-harvey-z3q)) 275 | - Add refresh\_pattern defined type [\#57](https://github.com/voxpupuli/puppet-squid/pull/57) ([matonb](https://github.com/matonb)) 276 | - Use ruby 2.4.1 for beaker tests [\#56](https://github.com/voxpupuli/puppet-squid/pull/56) ([traylenator](https://github.com/traylenator)) 277 | - Modulesync 0.21.3 [\#55](https://github.com/voxpupuli/puppet-squid/pull/55) ([traylenator](https://github.com/traylenator)) 278 | 279 | ## [v0.5.0](https://github.com/voxpupuli/puppet-squid/tree/v0.5.0) (2017-03-30) 280 | 281 | * Add beaker acceptance tests 282 | * An optional $comment param for http_access and acl (#47) 283 | * Add support for freebsd 284 | 285 | ## 2017-01-12 - Release 0.4.0 286 | 287 | Last release with Puppet 3 support! 288 | * Fix minor syntax issue in README example code 289 | * rubocop: fix RSpec/ImplicitExpect 290 | * adds logformat directive to squid.conf header 291 | * adds test for ::logformat parameter 292 | * Added ssl_bump and sslproxy_cert_error support 293 | * Added support for icp_access Squid conf setting 294 | * Fix ordering issue with missing squid user for cache_dir 295 | 296 | ## 2016-09-19 - Release 0.3.0 297 | * Add `https_port` defined type. 298 | * Add `extra_config_section` permits extra random configuration. 299 | * The `auth_params` defintions now appear before ACLs as it should. 300 | * New parameters to specify owner of configuration, daemon name 301 | and executer to control cache directory. 302 | * Addition of debian and ubuntu support. 303 | 304 | ## 2016-06-01 - Release 0.2.2 305 | * Correct documentation examples. 306 | 307 | ## 2016-06-01 - Release 0.2.1 308 | 309 | * All defined types can now be loaded as a hash to *init* and 310 | so can be loaded easily from hiera. 311 | e.g 312 | ``` 313 | class{'squid: 314 | http_ports => {'10000' => { options => 'accel vhost'}, 315 | '3000' => {}, 316 | } 317 | ``` 318 | 319 | ## 2016-04-18 - Release 0.1.1 320 | 321 | * Add tags to module metadata. 322 | 323 | ## 2016-04-13 - Release 0.1.0 324 | 325 | 326 | \* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* 327 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Puppet module for Squid 2 | ======================= 3 | 4 | [![Build Status](https://travis-ci.org/voxpupuli/puppet-squid.png?branch=master)](https://travis-ci.org/voxpupuli/puppet-squid) 5 | [![Code Coverage](https://coveralls.io/repos/github/voxpupuli/puppet-squid/badge.svg?branch=master)](https://coveralls.io/github/voxpupuli/puppet-squid) 6 | [![Puppet Forge](https://img.shields.io/puppetforge/v/puppet/squid.svg)](https://forge.puppetlabs.com/puppet/squid) 7 | [![Puppet Forge - downloads](https://img.shields.io/puppetforge/dt/puppet/squid.svg)](https://forge.puppetlabs.com/puppet/squid) 8 | [![Puppet Forge - endorsement](https://img.shields.io/puppetforge/e/puppet/squid.svg)](https://forge.puppetlabs.com/puppet/squid) 9 | [![Puppet Forge - scores](https://img.shields.io/puppetforge/f/puppet/squid.svg)](https://forge.puppetlabs.com/puppet/squid) 10 | 11 | Description 12 | ----------- 13 | 14 | Puppet module for configuring the squid caching service. 15 | 16 | Usage 17 | ----- 18 | 19 | The set up a simple squid server with a cache to forward 20 | http port 80 requests. 21 | 22 | ```puppet 23 | class { 'squid': 24 | http_ports => { '3128' => {} }, 25 | } 26 | squid::acl { 'Safe_ports': 27 | type => port, 28 | entries => ['80'], 29 | } 30 | squid::http_access { 'Safe_ports': 31 | action => allow, 32 | } 33 | squid::http_access{ '!Safe_ports': 34 | action => deny, 35 | } 36 | ``` 37 | This module will set the SELINUX-context for the cache_dir and/or port, requires [puppet-selinux](https://github.com/voxpupuli/puppet-selinux) 38 | 39 | ### Parameters for squid Class 40 | Parameters to the squid class almost map 1 to 1 to squid.conf parameters themselves. 41 | 42 | * `ensure_service` The ensure value of the squid service, defaults to `running`. 43 | * `enable_service` The enable value of the squid service, defaults to `true`. 44 | * `config` Location of squid.conf file, defaults to `/etc/squid/squid.conf`. 45 | * `config_user` user which owns the config file, default depends on `$operatingsystem` 46 | * `config_group` group which owns the config file, default depends on `$operatingsystem` 47 | * `daemon_user` user which runs the squid daemon, this is used for ownership of the cache directory, default depends on `$operatingsystem` 48 | * `daemon_group` group which runs the squid daemon, this is used for ownership of the cache directory, default depends on `$operatingsystem` 49 | * `cache_mem` defaults to `256 MB`. [cache_mem docs](http://www.squid-cache.org/Doc/config/cache_mem/). 50 | * `cache_replacement_policy` defaults to undef. [cache_replacement_policy docs](http://www.squid-cache.org/Doc/config/cache_replacement_policy/). 51 | * `memory_replacement_policy` defaults to undef. [memory_replacement_policy docs](http://www.squid-cache.org/Doc/config/memory_replacement_policy/). 52 | * `memory_cache_shared` defaults to undef. [memory_cache_shared docs](http://www.squid-cache.org/Doc/config/memory_cache_shared/). 53 | * `maximum_object_size_in_memory` defaults to `512 KB`. [maximum_object_size_in_memory docs](http://www.squid-cache.org/Doc/config/maximum_object_size_in_memory/) 54 | 55 | * `url_rewrite_program` defaults to undef [url_rewrite_program_docs](http://www.squid-cache.org/Doc/config/url_rewrite_program/) 56 | * `url_rewrite_children` defaults to undef [url_rewrite_children_docs](http://www.squid-cache.org/Doc/config/url_rewrite_children/) 57 | * `url_rewrite_child_options` defaults to undef [url_rewrite_child_options_docs](http://www.squid-cache.org/Doc/config/url_rewrite_children/) 58 | * `access_log` defaults to `daemon:/var/logs/squid/access.log squid`. [access_log docs](http://www.squid-cache.org/Doc/config/access_log/) 59 | * `coredump_dir` defaults to undef. [coredump_dir docs](http://www.squid-cache.org/Doc/config/coredump_dir/). 60 | * `error_directory` defaults to undef. [error_directory](http://www.squid-cache.org/Doc/config/error_directory/). 61 | * `err_page_stylesheet` defaults to undef. [err_page_stylesheet](http://www.squid-cache.org/Doc/config/err_page_stylesheet/). 62 | * `package_name` name of the squid package to manage, default depends on `$operatingsystem` 63 | * `package_ensure` package status and/or version, default to present 64 | * `service_name` name of the squid service to manage, default depends on `$operatingsystem` 65 | * `max_filedescriptors` defaults to undef. [max_filedescriptors docs](http://www.squid-cache.org/Doc/config/max_filedescriptors/). 66 | * `workers` defaults to undef. [workers docs](http://www.squid-cache.org/Doc/config/workers/). 67 | * `snmp_incoming_address` defaults to undef. Can be set to an IP address to only listen for snmp requests on an individual interface. [snmp_incoming_address](http://www.squid-cache.org/Doc/config/snmp_incoming_address/). 68 | * `buffered_logs` defaults to undef. [buffered_logs docs](http://www.squid-cache.org/Doc/config/buffered_logs/). 69 | * `acls` defaults to undef. If you pass in a hash of acl entries, they will be defined automatically. [acl entries](http://www.squid-cache.org/Doc/config/acl/). 70 | * `visible_hostname` defaults to undef. [visible_hostname docs](http://www.squid-cache.org/Doc/config/visible_hostname/) 71 | * `via` defaults to undef. [via docs](http://www.squid-cache.org/Doc/config/via/) 72 | * `httpd_suppress_version_string` defaults to undef. [httpd_suppress_version_string docs](http://www.squid-cache.org/Doc/config/httpd_suppress_version_string/) 73 | * `forwarded_for` defaults to undef. supported values are "on", "off", "transparent", "delete", "truncate". [forwarded_for docs](http://www.squid-cache.org/Doc/config/forwarded_for/) 74 | * `http_access` defaults to undef. If you pass in a hash of http_access entries, they will be defined automatically. [http_access entries](http://www.squid-cache.org/Doc/config/http_access/). 75 | * `http_ports` defaults to undef. If you pass in a hash of http_port entries, they will be defined automatically. [http_port entries](http://www.squid-cache.org/Doc/config/http_port/). 76 | * `https_ports` defaults to undef. If you pass in a hash of https_port entries, they will be defined automatically. [https_port entries](http://www.squid-cache.org/Doc/config/https_port/). 77 | * `icp_access` defaults to undef. If you pass in a hash of icp_access entries, they will be defined automatically. [icp_access entries](http://www.squid-cache.org/Doc/config/icp_access/). 78 | * `logformat` defaults to undef. If you pass in a String (or Array of Strings), they will be defined automatically. [logformat entries](http://www.squid-cache.org/Doc/config/logformat/). 79 | * `refresh_patterns` defaults to undef. If you pass a hash of refresh_pattern entires, they will be defined automatically. [refresh_pattern entries](http://www.squid-cache.org/Doc/config/refresh_pattern/). 80 | * `snmp_ports` defaults to undef. If you pass in a hash of snmp_port entries, they will be defined automatically. [snmp_port entries](http://www.squid-cache.org/Doc/config/snmp_port/). 81 | * `send_hit` defaults to undef. If you pass in a hash of send_hit entries, they will be defined automatically. [send_hit entries](http://www.squid-cache.org/Doc/config/send_hit/). 82 | * `cache_dirs` defaults to undef. If you pass in a hash of cache_dir entries, they will be defined automatically. [cache_dir entries](http://www.squid-cache.org/Doc/config/cache_dir/). 83 | * `ssl_bump` defaults to undef. If you pass in a hash of ssl_bump entries, they will be defined automatically. [ssl_bump entries](http://www.squid-cache.org/Doc/config/ssl_bump/). 84 | * `sslproxy_cert_error` defaults to undef. If you pass in a hash of sslproxy_cert_error entries, they will be defined automatically. [sslproxy_cert_error entries](http://www.squid-cache.org/Doc/config/sslproxy_cert_error/). 85 | * `extra_config_sections` defaults to empty hash. If you pass in a hash of `extra_config_section` resources, they will be defined automatically. 86 | * `service_restart` defaults to undef. Overrides service resource restart command to be executed. It can be used to perform a soft reload of the squid service. 87 | * `squid_bin_path` path to the squid binary, default depends on `$operatingsystem` 88 | 89 | ```puppet 90 | class { 'squid': 91 | cache_mem => '512 MB', 92 | workers => 3, 93 | coredump_dir => '/var/spool/squid', 94 | } 95 | ``` 96 | 97 | ```puppet 98 | class { 'squid': 99 | cache_mem => '512 MB', 100 | workers => 3, 101 | coredump_dir => '/var/spool/squid', 102 | acls => { 'remote_urls' => { 103 | type => 'url_regex', 104 | entries => ['http://example.org/path', 105 | 'http://example.com/anotherpath'], 106 | }, 107 | }, 108 | http_access => { 'our_networks hosts' => { action => 'allow', }}, 109 | http_ports => { '10000' => { options => 'accel vhost', }}, 110 | snmp_ports => { '1000' => { process_number => 3, }}, 111 | cache_dirs => { '/data/' => { type => 'ufs', options => '15000 32 256 min-size=32769', process_number => 2 }}, 112 | url_rewrite_program => '/usr/bin/squidguard -c /etc/squidguard/squidguard.conf', 113 | url_rewrite_children => 12, 114 | url_rewrite_child_options => startup=1, 115 | } 116 | ``` 117 | 118 | The acls, http_access, http_ports, snmp_port, cache_dirs lines above are equivalent to their examples below. 119 | 120 | ### Defined Type squid::acl 121 | Defines [acl entries](http://www.squid-cache.org/Doc/config/acl/) for a squid server. 122 | 123 | ```puppet 124 | squid::acl { 'remote_urls': 125 | type => 'url_regex', 126 | entries => ['http://example.org/path', 127 | 'http://example.com/anotherpath'], 128 | } 129 | ``` 130 | 131 | would result in a multi entry squid acl 132 | 133 | ``` 134 | acl remote_urls url_regex http://example.org/path 135 | acl remote_urls url_regex http://example.com/anotherpath 136 | ``` 137 | 138 | These may be defined as a hash passed to squid 139 | 140 | #### Parameters for Type squid::acl 141 | * `type` The acltype of the acl, must be defined, e.g url_regex, urlpath_regex, port, .. 142 | * `aclname` The name of acl, defaults to the `title`. 143 | * `entries` An array of acl entries, multiple members results in multiple lines in squid.conf. 144 | * `order` Each ACL has an order `05` by default this can be specified if order of ACL definition matters. 145 | 146 | ### Defined Type squid::cache\_dir 147 | Defines [cache_dir entries](http://www.squid-cache.org/Doc/config/cache_dir/) for a squid server. 148 | 149 | ```puppet 150 | squid::cache_dir { '/data': 151 | type => 'ufs', 152 | options => '15000 32 256 min-size=32769', 153 | process_number => 2, 154 | } 155 | ``` 156 | 157 | Results in the squid configuration of 158 | 159 | ``` 160 | if ${processor} = 2 161 | cache_dir ufs 15000 32 256 min-size=32769 162 | endif 163 | ``` 164 | 165 | #### Parameters for Type squid::cache\_dir 166 | * `type` the type of cache, e.g ufs. defaults to `ufs`. 167 | * `path` defaults to the namevar, file path to cache. 168 | * `options` String of options for the cache. Defaults to empty string. 169 | * `process_number` if specfied as an integer the cache will be wrapped 170 | in a `if $proceess_number` statement so the cache will be used by only 171 | one process. Default is undef. 172 | * `manage_dir` Boolean value, if true puppet will attempt to create the 173 | directory, if false you will have to create it yourself. Make sure the 174 | directory has the correct owner, group and mode. Defaults to true. 175 | 176 | ### Defined Type squid::cache 177 | Defines [cache entries](http://www.squid-cache.org/Doc/config/cache/) for a squid server. 178 | 179 | ```puppet 180 | squid::cache { 'our_network_hosts_acl': 181 | action => 'deny', 182 | comment => 'Our networks hosts are denied for caching', 183 | } 184 | ``` 185 | 186 | Adds a squid.conf line 187 | 188 | ``` 189 | # Our networks hosts denied for caching 190 | cache deny our_network_hosts_acl 191 | ``` 192 | 193 | ### Defined Type squid::http\_access 194 | Defines [http_access entries](http://www.squid-cache.org/Doc/config/http_access/) for a squid server. 195 | 196 | ```puppet 197 | squid::http_access { 'our_networks hosts': 198 | action => 'allow', 199 | } 200 | ``` 201 | 202 | Adds a squid.conf line 203 | 204 | ``` 205 | # http_access fragment for out_networks hosts 206 | http_access allow our_networks hosts 207 | ``` 208 | 209 | ```puppet 210 | squid::http_access { 'our_networks hosts': 211 | action => 'allow', 212 | comment => 'Our networks hosts are allowed', 213 | } 214 | ``` 215 | 216 | Adds a squid.conf line 217 | 218 | ``` 219 | # Our networks hosts are allowed 220 | http_access allow our_networks hosts 221 | ``` 222 | 223 | ### Define Type squid::send\_hit 224 | Defines [send_hit](http://www.squid-cache.org/Doc/config/send_hit/) for a squid server. 225 | 226 | ```puppet 227 | squid:::send_hit{'PragmaNoCache': 228 | action => 'deny', 229 | } 230 | ``` 231 | 232 | Adds a squid.conf line 233 | 234 | ``` 235 | send_hit deny PragmaNoCache 236 | ``` 237 | 238 | #### Parameters for Type squid::send\hit 239 | `value` defaults to the `namevar`. The rule to allow or deny. 240 | `action` must one of `deny` or `allow` 241 | `order` by default is 05. 242 | `comment` A comment to add to the configuration file. 243 | 244 | ### Defined Type squid::snmp\_access 245 | Defines [snmp_access entries](http://www.squid-cache.org/Doc/config/snmp_access/) for a squid server. 246 | 247 | ```puppet 248 | squid::snmp_access { 'monitoring hosts': 249 | action => 'allow', 250 | } 251 | ``` 252 | 253 | Adds a squid.conf line 254 | 255 | ``` 256 | # snmp_access fragment for monitoring hosts 257 | snmp_access allow monitoring hosts 258 | ``` 259 | 260 | ```puppet 261 | squid::snmp_access { 'monitoring hosts': 262 | action => 'allow', 263 | comment => 'Our monitoring hosts are allowed', 264 | } 265 | ``` 266 | 267 | Adds a squid.conf line 268 | 269 | ``` 270 | # Our monitoring hosts are allowed 271 | snmp_access allow monitoring hosts 272 | ``` 273 | 274 | These may be defined as a hash passed to squid 275 | 276 | ### Defined Type squid::icp\_access 277 | Defines [icp_access entries](http://www.squid-cache.org/Doc/config/icp_access/) for a squid server. 278 | 279 | ```puppet 280 | squid::icp_access { 'our_networks hosts': 281 | action => 'allow', 282 | } 283 | ``` 284 | 285 | Adds a squid.conf line 286 | 287 | ``` 288 | icp_access allow our_networks hosts 289 | ``` 290 | 291 | These may be defined as a hash passed to squid 292 | 293 | #### Parameters for Type squid::http\_allow 294 | * `value` defaults to the `namevar` the rule to allow or deny. 295 | * `action` must be `deny` or `allow`. By default it is allow. The squid.conf file is ordered so by default 296 | all allows appear before all denys. This can be overidden with the `order` parameter. 297 | * `order` by default is `05` 298 | 299 | ### Defined Type Squid::Http\_port 300 | Defines [http_port entries](http://www.squid-cache.org/Doc/config/http_port/) for a squid server. 301 | By setting optional `ssl` parameter to `true` will create [https_port entries](http://www.squid-cache.org/Doc/config/https_port/) instead. 302 | 303 | ```puppet 304 | squid::http_port { '10000': 305 | options => 'accel vhost' 306 | } 307 | squid::http_port { '10001': 308 | ssl => true, 309 | options => 'cert=/etc/squid/ssl_cert/server.cert key=/etc/squid/ssl_cert/server.key' 310 | } 311 | squid::http_port { '127.0.0.1:3128': 312 | } 313 | ``` 314 | 315 | Results in a squid configuration of 316 | 317 | ``` 318 | http_port 10000 accel vhost 319 | https_port 10001 cert=/etc/squid/ssl_cert/server.cert key=/etc/squid/ssl_cert/server.key 320 | http_port 127.0.0.1:3128 321 | ``` 322 | 323 | #### Parameters for Type squid::http\_port 324 | * The title/namevar may be in the form `port` or `host:port` to provide the below values. Otherwise, 325 | specify `port` explicitly, and `host` if desired. 326 | * `port` defaults to the port of the namevar and is the port number to listen on. 327 | * `host` defaults to the host part of the namevar and is the interface to listen on. If not specified, 328 | Squid listens on all interfaces. 329 | * `options` A string to specify any options for the default. By default and empty string. 330 | * `ssl` A boolean. When set to `true` creates [https_port entries](http://www.squid-cache.org/Doc/config/https_port/). Defaults to `false`. 331 | 332 | ### Defined Type Squid::Https\_port 333 | Defines [https_port entries](http://www.squid-cache.org/Doc/config/https_port/) for a squid server. 334 | As an alternative to using the Squid::Http\_port defined type with `ssl` set to `true`, you can use this type instead. The result is the same. Internally this type uses Squid::Http\_port to create the configuration entries. 335 | 336 | #### Parameters for Type squid::https\_port 337 | * `port` defaults to the namevar and is the port number. 338 | * `options` A string to specify any options to add to the https_port line. Defaults to an empty string. 339 | 340 | ### Defined Type squid::url_rewrite_program 341 | Defines [url_rewrite_program](http://www.squid-cache.org/Doc/config/url_rewrite_program/) for a squid server. 342 | 343 | ```puppet 344 | squid::url_rewrite_program { '/usr/bin/squidGuard -c /etc/squidguard/squidGuard.conf': 345 | children => 8, 346 | child_options => 'startup=0 idle=1 concurrency=0', 347 | } 348 | ``` 349 | 350 | would result in the following squid url rewrite program 351 | 352 | ``` 353 | url_rewrite_program /usr/bin/squidGuard -c /etc/squidguard/squidGuard.conf 354 | url_rewrite_children 8 startup=0 idle=1 concurrency=0 355 | ``` 356 | 357 | ### Defined Type squid::refresh_pattern 358 | Defines [refresh_pattern entries](http://www.squid-cache.org/Doc/config/refresh_pattern/) for a squid server. 359 | 360 | ```puppet 361 | squid::refresh_pattern { '^ftp:': 362 | min => 1440, 363 | max => 10080, 364 | percent => 20, 365 | order => 60, 366 | } 367 | 368 | squid::refresh_pattern { '(/cgi-bin/|\?)': 369 | case_sensitive => false, 370 | min => 0, 371 | max => 0, 372 | percent => 0, 373 | order => 61, 374 | } 375 | ``` 376 | 377 | would result in the following squid refresh patterns 378 | 379 | ``` 380 | # refresh_pattern fragment for ^ftp 381 | refresh_pattern ^ftp: 1440 20% 10080 382 | # refresh_pattern fragment for (/cgi-bin/|\?) 383 | refresh_pattern (/cgi-bin/|\?) -i 0 0% 0 384 | ``` 385 | 386 | These may be defined as a hash passed to squid 387 | 388 | YAML example: 389 | ``` 390 | squid::refresh_patterns: 391 | '^ftp': 392 | max: 10080 393 | min: 1440 394 | percent: 20 395 | order: '60' 396 | '^gopher': 397 | max: 1440 398 | min: 1440 399 | percent: 0 400 | order: '61' 401 | '(/cgi-bin/|\?)': 402 | case_sensitive: false 403 | max: 0 404 | min: 0 405 | percent: 0 406 | order: '62' 407 | '.': 408 | max: 4320 409 | min: 0 410 | percent: 20 411 | order: '63' 412 | ``` 413 | 414 | #### Parameters for Type squid::refresh_pattern 415 | * `case_sensitive` Boolean value, if true (default) the regex is case sensitive, when false the case insensitive flag '-i' is added to the pattern 416 | * `comment` Comment added before refresh rule, defaults to refresh_pattern fragment for `title` 417 | * `min` Must be defined, the time (in minutes) an object without an explicit expiry time should be considered fresh. 418 | * `max` Must be defined, the upper limit (in minutes) on how long objects without an explicit expiry time will be considered fresh. 419 | * `percent` Must be defined, is a percentage of the objects age (time since last modification age) 420 | * `options` See squid documentation for available options. 421 | * `order` Each refresh_pattern has an order `05` by default this can be specified if order of refresh_pattern definition matters. 422 | 423 | ### Defined Type Squid::Snmp\_port 424 | Defines [snmp_port entries](http://www.squid-cache.org/Doc/config/snmp_port/) for a squid server. 425 | 426 | ```puppet 427 | squid::snmp_port { '1000': 428 | process_number => 3 429 | } 430 | ``` 431 | 432 | Results in a squid configuration of 433 | 434 | ``` 435 | if ${process_number} = 3 436 | snmp_port 1000 437 | endif 438 | ``` 439 | 440 | #### Parameters for Type squid::http\_port 441 | * `port` defaults to the namevar and is the port number. 442 | * `options` A string to specify any options for the default. By default and empty string. 443 | * `process_number` If set to and integer the snmp\_port is enabled only for 444 | a particular squid thread. Defaults to undef. 445 | 446 | ### Defined Type squid::auth\_param 447 | Defines [auth_param entries](http://www.squid-cache.org/Doc/config/auth_param/) for a squid server. 448 | 449 | ```puppet 450 | squid::auth_param { 'basic auth_param': 451 | scheme => 'basic', 452 | entries => [ 453 | 'program /usr/lib64/squid/basic_ncsa_auth /etc/squid/.htpasswd', 454 | 'children 5', 455 | 'realm Squid Basic Authentication', 456 | 'credentialsttl 5 hours', 457 | ], 458 | } 459 | ``` 460 | 461 | would result in multi entry squid auth_param 462 | 463 | ``` 464 | auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/.htpasswd 465 | auth_param basic children 5 466 | auth_param basic realm Squid Basic Authentication 467 | auth_param basic credentialsttl 5 hours 468 | ``` 469 | 470 | These may be defined as a hash passed to squid 471 | 472 | #### Parameters for Type squid::auth_param 473 | * `scheme` the scheme used for authentication must be defined 474 | * `entries` An array of entries, multiple members results in multiple lines in squid.conf 475 | * `order` by default is '40' 476 | 477 | ### Defined Type squid::ssl\_bump 478 | Defines [ssl_bump entries](http://www.squid-cache.org/Doc/config/ssl_bump/) for a squid server. 479 | 480 | ```puppet 481 | squid::ssl_bump { 'all': 482 | action => 'bump', 483 | } 484 | ``` 485 | 486 | Adds a squid.conf line 487 | 488 | ``` 489 | ssl_bump bump all 490 | ``` 491 | 492 | These may be defined as a hash passed to squid 493 | 494 | #### Parameters for Type squid::ssl\_bump 495 | * `value` The type of the ssl_bump, must be defined, e.g bump, peek, .. 496 | * `action` The name of acl, defaults to `bump`. 497 | * `order` by default is `05` 498 | 499 | ### Defined Type squid::sslproxy\_cert\_error 500 | Defines [sslproxy_cert_error entries](http://www.squid-cache.org/Doc/config/sslproxy_cert_error/) for a squid server. 501 | 502 | ```puppet 503 | squid::sslproxy_cert_error { 'all': 504 | action => 'allow', 505 | } 506 | ``` 507 | 508 | Adds a squid.conf line 509 | 510 | ``` 511 | sslproxy_cert_error allow all 512 | ``` 513 | 514 | These may be defined as a hash passed to squid 515 | 516 | #### Parameters for Type squid::sslproxy\_cert\_error 517 | * `value` defaults to the `namevar` the rule to allow or deny. 518 | * `action` must be `deny` or `allow`. By default it is allow. The squid.conf file is ordered so by default 519 | all allows appear before all denys. This can be overidden with the `order` parameter. 520 | * `order` by default is `05` 521 | 522 | ### Defined Type squid::extra\_config\_section 523 | Squid has a large number of configuration directives. Not all of these have been exposed individually in this module. For those that haven't, the `extra_config_section` defined type can be used. 524 | 525 | Using a hash of config_entries: 526 | 527 | ```puppet 528 | squid::extra_config_section { 'mail settings': 529 | order => '60', 530 | config_entries => { 531 | 'mail_from' => 'squid@example.com', 532 | 'mail_program' => 'mail', 533 | }, 534 | } 535 | ``` 536 | 537 | Results in a squid configuration of 538 | 539 | ``` 540 | # mail settings 541 | mail_from squid@example.com 542 | mail_program mail 543 | ``` 544 | 545 | Using an array of config_entries: 546 | 547 | ```puppet 548 | squid::extra_config_section { 'ssl_bump settings': 549 | order => '60', 550 | config_entries => { 551 | 'ssl_bump' => ['server-first', 'all'], 552 | 'sslcrtd_program' => ['/usr/lib64/squid/ssl_crtd', '-s', '/var/lib/ssl_db', '-M', '4MB'], 553 | 'sslcrtd_children' => ['8', 'startup=1', 'idle=1'], 554 | } 555 | } 556 | ``` 557 | 558 | Results in a squid configuration of 559 | 560 | ``` 561 | # ssl_bump settings 562 | ssl_bump server-first all 563 | sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB 564 | sslcrtd_children 8 startup=1 idle=1 565 | ``` 566 | 567 | Using an array of hashes of config_entries: 568 | 569 | ```puppet 570 | squid::extra_config_section { 'always_directs': 571 | order => '60', 572 | config_entries => [{ 573 | 'always_direct' => ['deny www.reallyreallybadplace.com', 574 | 'allow my-good-dst', 575 | 'allow my-other-good-dst'], 576 | }], 577 | } 578 | ``` 579 | 580 | Results in a squid configuration of 581 | 582 | ``` 583 | # always_directs 584 | always_direct deny www.reallyreallybadplace.com 585 | always_direct allow my-good-dst 586 | always_direct allow my-other-good-dst 587 | ``` 588 | 589 | #### Parameters for Type squid::extra\_config\_section 590 | * `comment` defaults to the namevar and is used as a section comment in `squid.conf`. 591 | * `config_entries` A hash of configuration entries to create in this section. The hash key is the name of the configuration directive. The value is either a string, or an array of strings to use as the configuration directive options. 592 | * `order` by default is '60'. It can be used to configure where in `squid.conf` this configuration section should occur. 593 | -------------------------------------------------------------------------------- /spec/classes/init_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | describe 'squid' do 5 | on_supported_os.each do |os, facts| 6 | context "on #{os}" do 7 | let(:facts) do 8 | facts 9 | end 10 | 11 | let(:etc_dir) do 12 | facts[:kernel] == 'FreeBSD' ? '/usr/local/etc' : '/etc' 13 | end 14 | 15 | let(:config_group) do 16 | facts[:os]['family'] == 'Debian' ? 'root' : 'squid' 17 | end 18 | 19 | context 'with defaults for all parameters' do 20 | it { is_expected.to contain_class('squid') } 21 | it { is_expected.to contain_class('squid::install') } 22 | it { is_expected.to contain_class('squid::config') } 23 | it { is_expected.to contain_class('squid::service') } 24 | 25 | it { is_expected.to contain_package('squid').with_ensure('present') } 26 | it { is_expected.to contain_service('squid').with_ensure('running') } 27 | it { is_expected.to contain_concat("#{etc_dir}/squid/squid.conf").with_group(config_group) } 28 | it { is_expected.to contain_concat("#{etc_dir}/squid/squid.conf").with_owner('root') } 29 | it { is_expected.to contain_concat("#{etc_dir}/squid/squid.conf").with_validate_cmd('/usr/sbin/squid -k parse -f %') } 30 | it { is_expected.to contain_concat_fragment('squid_header').with_target("#{etc_dir}/squid/squid.conf") } 31 | it { is_expected.to contain_concat_fragment('squid_header').with_content(%r{^cache_mem\s+256 MB$}) } 32 | it { is_expected.to contain_concat_fragment('squid_header').with_content(%r{^maximum_object_size_in_memory\s+512 KB$}) } 33 | it { is_expected.to contain_concat_fragment('squid_header').without_content(%r{^memory_cache_shared}) } 34 | it { is_expected.to contain_concat_fragment('squid_header').without_content(%r{^cache_replacement_policy}) } 35 | it { is_expected.to contain_concat_fragment('squid_header').without_content(%r{^memory_replacement_policy}) } 36 | it { is_expected.to contain_concat_fragment('squid_header').without_content(%r{^coredump_dir}) } 37 | it { is_expected.to contain_concat_fragment('squid_header').without_content(%r{^max_filedescriptors}) } 38 | it { is_expected.to contain_concat_fragment('squid_header').without_content(%r{^workers}) } 39 | it { is_expected.to contain_concat_fragment('squid_header').without_content(%r{^error_directory}) } 40 | it { is_expected.to contain_concat_fragment('squid_header').without_content(%r{^err_page_stylesheet}) } 41 | 42 | it { 43 | is_expected.to contain_squid__access_log('daemon-827b3dcc2c0a5f9e0f8647f5acf60379').with( 44 | { 45 | 'module' => 'daemon', 46 | 'entries' => '/var/log/squid/access.log squid', 47 | } 48 | ) 49 | } 50 | end 51 | 52 | context 'with all parameters set' do 53 | let :params do 54 | { 55 | config: '/tmp/squid.conf', 56 | cache_mem: '1024 MB', 57 | memory_cache_shared: 'on', 58 | visible_hostname: 'testhost', 59 | via: false, 60 | httpd_suppress_version_string: true, 61 | forwarded_for: false, 62 | logformat: 'squid %tl.%03tu %6tr %>a %Ss/%03Hs', 63 | access_log: { foo: { module: 'daemon', entries: %w[bar baz] } }, 64 | coredump_dir: '/tmp/core', 65 | max_filedescriptors: 1000, 66 | workers: 8, 67 | url_rewrite_program: '/some/test/program', 68 | url_rewrite_children: 16, 69 | url_rewrite_child_options: 'testoption=a' 70 | } 71 | end 72 | 73 | it { is_expected.to contain_concat_fragment('squid_header').with_target('/tmp/squid.conf') } 74 | it { is_expected.to contain_concat_fragment('squid_header').with_content(%r{^cache_mem\s+1024 MB$}) } 75 | it { is_expected.to contain_concat_fragment('squid_header').with_content(%r{^memory_cache_shared\s+on$}) } 76 | it { is_expected.to contain_concat_fragment('squid_header').with_content(%r{^visible_hostname\s+testhost$}) } 77 | it { is_expected.to contain_concat_fragment('squid_header').with_content(%r{^via\s+off$}) } 78 | it { is_expected.to contain_concat_fragment('squid_header').with_content(%r{^httpd_suppress_version_string\s+on$}) } 79 | it { is_expected.to contain_concat_fragment('squid_header').with_content(%r{^forwarded_for\s+off$}) } 80 | it { is_expected.to contain_concat_fragment('squid_header').with_content(%r{^logformat\s+squid %tl.%03tu %6tr %>a %Ss/%03Hs$}) } 81 | it { is_expected.to contain_concat_fragment('squid_header').with_content(%r{^coredump_dir\s+/tmp/core$}) } 82 | it { is_expected.to contain_concat_fragment('squid_header').with_content(%r{^max_filedescriptors\s+1000$}) } 83 | it { is_expected.to contain_concat_fragment('squid_header').with_content(%r{^workers\s+8$}) } 84 | it { is_expected.to contain_concat_fragment('squid_header').with_content(%r{^url_rewrite_program\s+/some/test/program$}) } 85 | it { is_expected.to contain_concat_fragment('squid_header').with_content(%r{^url_rewrite_children\s+16\stestoption=a$}) } 86 | 87 | it { 88 | is_expected.to contain_squid__access_log('foo').with( 89 | { 90 | 'module' => 'daemon', 91 | 'entries' => %w[bar baz], 92 | } 93 | ) 94 | } 95 | end 96 | 97 | context 'with logformat parameter set to an array' do 98 | let :params do 99 | { 100 | config: '/tmp/squid.conf', 101 | logformat: ['squid_test_1 %ts.%03tu %6tr', 'squid_test_2 %ts.%03tu duration=%tr'] 102 | } 103 | end 104 | 105 | it { is_expected.to contain_concat_fragment('squid_header').with_content(%r{^logformat\s+squid_test_1 %ts.%03tu %6tr$}) } 106 | it { is_expected.to contain_concat_fragment('squid_header').with_content(%r{^logformat\s+squid_test_2 %ts.%03tu duration=%tr$}) } 107 | end 108 | 109 | context 'with access_log parameter set to an array' do 110 | let :params do 111 | { 112 | config: '/tmp/squid.conf', 113 | access_log: ['daemon:foo', { module: 'syslog', entries: %w[foo bar] }] 114 | } 115 | end 116 | 117 | it { 118 | is_expected.to contain_squid__access_log('daemon-acbd18db4cc2f85cedef654fccc4a4d8').with( 119 | { 120 | 'module' => 'daemon', 121 | 'entries' => 'foo', 122 | } 123 | ) 124 | } 125 | 126 | it { 127 | is_expected.to contain_squid__access_log('syslog-acbd18db4cc2f85cedef654fccc4a4d8').with( 128 | { 129 | 'module' => 'syslog', 130 | 'entries' => %w[foo bar], 131 | } 132 | ) 133 | } 134 | end 135 | 136 | context 'with buffered_logs parameter set to true' do 137 | let :params do 138 | { 139 | config: '/tmp/squid.conf', 140 | buffered_logs: true 141 | } 142 | end 143 | 144 | it { is_expected.to contain_concat_fragment('squid_header').with_content(%r{^buffered_logs\s+on$}) } 145 | end 146 | 147 | context 'with buffered_logs parameter set to false' do 148 | let :params do 149 | { 150 | config: '/tmp/squid.conf', 151 | buffered_logs: false 152 | } 153 | end 154 | 155 | it { is_expected.to contain_concat_fragment('squid_header').with_content(%r{^buffered_logs\s+off$}) } 156 | end 157 | 158 | context 'with memory_cache_shared parameter set to true' do 159 | let :params do 160 | { 161 | config: '/tmp/squid.conf', 162 | memory_cache_shared: true 163 | } 164 | end 165 | 166 | it { is_expected.to contain_concat_fragment('squid_header').with_content(%r{^memory_cache_shared\s+on$}) } 167 | end 168 | 169 | context 'with error_directory parameter set to /some/path/file' do 170 | let :params do 171 | { 172 | config: '/tmp/squid.conf', 173 | error_directory: '/some/path/file' 174 | } 175 | end 176 | 177 | it { is_expected.to contain_concat_fragment('squid_header').with_content(%r{^error_directory\s+/some/path/file$}) } 178 | end 179 | 180 | context 'with err_page_stylesheet parameter set to /some/path/file' do 181 | let :params do 182 | { 183 | config: '/tmp/squid.conf', 184 | err_page_stylesheet: '/some/path/file' 185 | } 186 | end 187 | 188 | it { is_expected.to contain_concat_fragment('squid_header').with_content(%r{^err_page_stylesheet\s+/some/path/file$}) } 189 | end 190 | 191 | context 'with memory_cache_shared parameter set to on' do 192 | let :params do 193 | { 194 | config: '/tmp/squid.conf', 195 | memory_cache_shared: 'on' 196 | } 197 | end 198 | 199 | it { is_expected.to contain_concat_fragment('squid_header').with_content(%r{^memory_cache_shared\s+on$}) } 200 | end 201 | 202 | context 'with memory_cache_shared parameter set to false' do 203 | let :params do 204 | { 205 | config: '/tmp/squid.conf', 206 | memory_cache_shared: false 207 | } 208 | end 209 | 210 | it { is_expected.to contain_concat_fragment('squid_header').with_content(%r{^memory_cache_shared\s+off$}) } 211 | end 212 | 213 | context 'with memory_cache_shared parameter set to off' do 214 | let :params do 215 | { 216 | config: '/tmp/squid.conf', 217 | memory_cache_shared: 'off' 218 | } 219 | end 220 | 221 | it { is_expected.to contain_concat_fragment('squid_header').with_content(%r{^memory_cache_shared\s+off$}) } 222 | end 223 | 224 | context 'with forwarded_for parameter set to off' do 225 | let :params do 226 | { 227 | config: '/tmp/squid.conf', 228 | forwarded_for: 'off' 229 | } 230 | end 231 | 232 | it { is_expected.to contain_concat_fragment('squid_header').with_content(%r{^forwarded_for\s+off$}) } 233 | end 234 | 235 | context 'with forwarded_for parameter set to on' do 236 | let :params do 237 | { 238 | config: '/tmp/squid.conf', 239 | forwarded_for: 'on' 240 | } 241 | end 242 | 243 | it { is_expected.to contain_concat_fragment('squid_header').with_content(%r{^forwarded_for\s+on$}) } 244 | end 245 | 246 | context 'with forwarded_for parameter set to delete' do 247 | let :params do 248 | { 249 | config: '/tmp/squid.conf', 250 | forwarded_for: 'delete' 251 | } 252 | end 253 | 254 | it { is_expected.to contain_concat_fragment('squid_header').with_content(%r{^forwarded_for\s+delete$}) } 255 | end 256 | 257 | context 'with forwarded_for parameter set to transparent' do 258 | let :params do 259 | { 260 | config: '/tmp/squid.conf', 261 | forwarded_for: 'transparent' 262 | } 263 | end 264 | 265 | it { is_expected.to contain_concat_fragment('squid_header').with_content(%r{^forwarded_for\s+transparent$}) } 266 | end 267 | 268 | context 'with cache_replacement_policy parameter set to LRU' do 269 | let :params do 270 | { 271 | config: '/tmp/squid.conf', 272 | cache_replacement_policy: 'LRU' 273 | } 274 | end 275 | 276 | it { is_expected.to contain_concat_fragment('squid_header').with_content(%r{^cache_replacement_policy\s+LRU$}) } 277 | end 278 | 279 | context 'with memory_replacement_policy parameter set to LRU' do 280 | let :params do 281 | { 282 | config: '/tmp/squid.conf', 283 | memory_replacement_policy: 'LRU' 284 | } 285 | end 286 | 287 | it { is_expected.to contain_concat_fragment('squid_header').with_content(%r{^memory_replacement_policy\s+LRU$}) } 288 | end 289 | 290 | context 'with one acl parameter set' do 291 | let :params do 292 | { 293 | config: '/tmp/squid.conf', 294 | acls: { 295 | 'myacl' => { 296 | 'type' => 'urlregex', 297 | 'order' => '07', 298 | 'entries' => ['http://example.org/', 'http://example.com/'] 299 | } 300 | } 301 | } 302 | end 303 | 304 | it { is_expected.to contain_concat_fragment('squid_header').with_target('/tmp/squid.conf') } 305 | it { is_expected.to contain_concat_fragment('squid_acl_myacl').with_order('10-07-urlregex') } 306 | it { is_expected.to contain_concat_fragment('squid_acl_myacl').with_content(%r{^acl\s+myacl\s+urlregex\shttp://example.org/$}) } 307 | it { is_expected.to contain_concat_fragment('squid_acl_myacl').with_content(%r{^# acl fragment for myacl$}) } 308 | end 309 | 310 | context 'with two acl parameters set' do 311 | let :params do 312 | { 313 | config: '/tmp/squid.conf', 314 | acls: { 315 | 'myacl' => { 316 | 'type' => 'urlregex', 317 | 'order' => '07', 318 | 'entries' => ['http://example.org/', 'http://example.com/'] 319 | }, 320 | 'mysecondacl' => { 321 | 'type' => 'urlregex', 322 | 'order' => '08', 323 | 'entries' => ['http://example2.org/', 'http://example2.com/'] 324 | } 325 | } 326 | } 327 | end 328 | 329 | it { is_expected.to contain_concat_fragment('squid_header').with_target('/tmp/squid.conf') } 330 | it { is_expected.to contain_concat_fragment('squid_acl_myacl').with_order('10-07-urlregex') } 331 | it { is_expected.to contain_concat_fragment('squid_acl_myacl').with_content(%r{^acl\s+myacl\s+urlregex\shttp://example.org/$}) } 332 | it { is_expected.to contain_concat_fragment('squid_acl_myacl').with_content(%r{^acl\s+myacl\s+urlregex\shttp://example.com/$}) } 333 | it { is_expected.to contain_concat_fragment('squid_acl_mysecondacl').with_order('10-08-urlregex') } 334 | it { is_expected.to contain_concat_fragment('squid_acl_mysecondacl').with_content(%r{^acl\s+mysecondacl\s+urlregex\shttp://example2.org/$}) } 335 | it { is_expected.to contain_concat_fragment('squid_acl_mysecondacl').with_content(%r{^acl\s+mysecondacl\s+urlregex\shttp://example2.com/$}) } 336 | end 337 | 338 | context 'with one http_access parameter set' do 339 | let :params do 340 | { 341 | config: '/tmp/squid.conf', 342 | http_access: { 343 | 'myrule' => { 344 | 'action' => 'deny', 345 | 'value' => 'this and that', 346 | 'order' => '08' 347 | } 348 | } 349 | } 350 | end 351 | 352 | it { is_expected.to contain_concat_fragment('squid_header').with_target('/tmp/squid.conf') } 353 | it { is_expected.to contain_concat_fragment('squid_http_access_this and that').with_target('/tmp/squid.conf') } 354 | it { is_expected.to contain_concat_fragment('squid_http_access_this and that').with_order('20-08-deny') } 355 | it { is_expected.to contain_concat_fragment('squid_http_access_this and that').with_content(%r{^http_access\s+deny\s+this and that$}) } 356 | end 357 | 358 | context 'with one send_hit parameter set' do 359 | let :params do 360 | { 361 | config: '/tmp/squid.conf', 362 | send_hit: { 363 | 'myacl' => { 364 | 'action' => 'deny', 365 | 'value' => 'this and that', 366 | 'order' => '08' 367 | } 368 | } 369 | } 370 | end 371 | 372 | it { is_expected.to contain_concat_fragment('squid_header').with_target('/tmp/squid.conf') } 373 | it { is_expected.to contain_concat_fragment('squid_send_hit_this and that').with_target('/tmp/squid.conf') } 374 | it { is_expected.to contain_concat_fragment('squid_send_hit_this and that').with_order('21-08-deny') } 375 | it { is_expected.to contain_concat_fragment('squid_send_hit_this and that').with_content(%r{^send_hit\s+deny\s+this and that$}) } 376 | end 377 | 378 | context 'with two http_access parameters set' do 379 | let :params do 380 | { 381 | config: '/tmp/squid.conf', 382 | http_access: { 383 | 'myrule' => { 384 | 'action' => 'deny', 385 | 'value' => 'this and that', 386 | 'order' => '08' 387 | }, 388 | 'secondrule' => { 389 | 'action' => 'deny', 390 | 'value' => 'this too', 391 | 'order' => '09', 392 | 'comment' => 'Deny this and too' 393 | } 394 | } 395 | 396 | } 397 | end 398 | 399 | it { is_expected.to contain_concat_fragment('squid_header').with_target('/tmp/squid.conf') } 400 | it { is_expected.to contain_concat_fragment('squid_http_access_this and that').with_target('/tmp/squid.conf') } 401 | it { is_expected.to contain_concat_fragment('squid_http_access_this and that').with_order('20-08-deny') } 402 | it { is_expected.to contain_concat_fragment('squid_http_access_this and that').with_content(%r{^http_access\s+deny\s+this and that$}) } 403 | it { is_expected.to contain_concat_fragment('squid_http_access_this and that').with_content(%r{^# http_access fragment for this and that$}) } 404 | it { is_expected.to contain_concat_fragment('squid_http_access_this too').with_target('/tmp/squid.conf') } 405 | it { is_expected.to contain_concat_fragment('squid_http_access_this too').with_order('20-09-deny') } 406 | it { is_expected.to contain_concat_fragment('squid_http_access_this too').with_content(%r{^http_access\s+deny\s+this too$}) } 407 | it { is_expected.to contain_concat_fragment('squid_http_access_this too').with_content(%r{^# Deny this and too$}) } 408 | end 409 | 410 | context 'with two snmp_access parameters set' do 411 | let :params do 412 | { 413 | config: '/tmp/squid.conf', 414 | snmp_access: { 415 | 'myrule' => { 416 | 'action' => 'deny', 417 | 'value' => 'this and that', 418 | 'order' => '08' 419 | }, 420 | 'secondrule' => { 421 | 'action' => 'deny', 422 | 'value' => 'this too', 423 | 'order' => '09', 424 | 'comment' => 'Deny this and too' 425 | } 426 | } 427 | 428 | } 429 | end 430 | 431 | it { is_expected.to contain_concat_fragment('squid_header').with_target('/tmp/squid.conf') } 432 | it { is_expected.to contain_concat_fragment('squid_snmp_access_this and that').with_target('/tmp/squid.conf') } 433 | it { is_expected.to contain_concat_fragment('squid_snmp_access_this and that').with_order('20-08-deny') } 434 | it { is_expected.to contain_concat_fragment('squid_snmp_access_this and that').with_content(%r{^snmp_access\s+deny\s+this and that$}) } 435 | it { is_expected.to contain_concat_fragment('squid_snmp_access_this and that').with_content(%r{^# snmp_access fragment for this and that$}) } 436 | it { is_expected.to contain_concat_fragment('squid_snmp_access_this too').with_target('/tmp/squid.conf') } 437 | it { is_expected.to contain_concat_fragment('squid_snmp_access_this too').with_order('20-09-deny') } 438 | it { is_expected.to contain_concat_fragment('squid_snmp_access_this too').with_content(%r{^snmp_access\s+deny\s+this too$}) } 439 | it { is_expected.to contain_concat_fragment('squid_snmp_access_this too').with_content(%r{^# Deny this and too$}) } 440 | end 441 | 442 | context 'with one ssl_bump parameter set' do 443 | let :params do 444 | { 445 | config: '/tmp/squid.conf', 446 | ssl_bump: { 447 | 'myrule' => { 448 | 'action' => 'bump', 449 | 'value' => 'step1', 450 | 'order' => '08' 451 | } 452 | } 453 | } 454 | end 455 | 456 | it { is_expected.to contain_concat_fragment('squid_header').with_target('/tmp/squid.conf') } 457 | it { is_expected.to contain_concat_fragment('squid_ssl_bump_bump_step1').with_target('/tmp/squid.conf') } 458 | it { is_expected.to contain_concat_fragment('squid_ssl_bump_bump_step1').with_order('25-08-bump') } 459 | it { is_expected.to contain_concat_fragment('squid_ssl_bump_bump_step1').with_content(%r{^ssl_bump\s+bump\s+step1$}) } 460 | end 461 | 462 | context 'with one sslproxy_cert_error parameter set' do 463 | let :params do 464 | { 465 | config: '/tmp/squid.conf', 466 | sslproxy_cert_error: { 467 | 'myrule' => { 468 | 'action' => 'allow', 469 | 'value' => 'all', 470 | 'order' => '08' 471 | } 472 | } 473 | } 474 | end 475 | 476 | it { is_expected.to contain_concat_fragment('squid_header').with_target('/tmp/squid.conf') } 477 | it { is_expected.to contain_concat_fragment('squid_sslproxy_cert_error_allow_all').with_target('/tmp/squid.conf') } 478 | it { is_expected.to contain_concat_fragment('squid_sslproxy_cert_error_allow_all').with_order('35-08-allow') } 479 | it { is_expected.to contain_concat_fragment('squid_sslproxy_cert_error_allow_all').with_content(%r{^sslproxy_cert_error\s+allow\s+all$}) } 480 | end 481 | 482 | context 'with one icp_access parameter set' do 483 | let :params do 484 | { 485 | config: '/tmp/squid.conf', 486 | icp_access: { 487 | 'myrule' => { 488 | 'action' => 'deny', 489 | 'value' => 'this and that', 490 | 'order' => '08' 491 | } 492 | } 493 | } 494 | end 495 | 496 | it { is_expected.to contain_concat_fragment('squid_header').with_target('/tmp/squid.conf') } 497 | it { is_expected.to contain_concat_fragment('squid_icp_access_this and that').with_target('/tmp/squid.conf') } 498 | it { is_expected.to contain_concat_fragment('squid_icp_access_this and that').with_order('30-08-deny') } 499 | it { is_expected.to contain_concat_fragment('squid_icp_access_this and that').with_content(%r{^icp_access\s+deny\s+this and that$}) } 500 | end 501 | 502 | context 'with two icp_access parameters set' do 503 | let :params do 504 | { 505 | config: '/tmp/squid.conf', 506 | icp_access: { 507 | 'myrule' => { 508 | 'action' => 'deny', 509 | 'value' => 'this and that', 510 | 'order' => '08' 511 | }, 512 | 'secondrule' => { 513 | 'action' => 'deny', 514 | 'value' => 'this too', 515 | 'order' => '09' 516 | } 517 | } 518 | 519 | } 520 | end 521 | 522 | it { is_expected.to contain_concat_fragment('squid_header').with_target('/tmp/squid.conf') } 523 | it { is_expected.to contain_concat_fragment('squid_icp_access_this and that').with_target('/tmp/squid.conf') } 524 | it { is_expected.to contain_concat_fragment('squid_icp_access_this and that').with_order('30-08-deny') } 525 | it { is_expected.to contain_concat_fragment('squid_icp_access_this and that').with_content(%r{^icp_access\s+deny\s+this and that$}) } 526 | it { is_expected.to contain_concat_fragment('squid_icp_access_this too').with_target('/tmp/squid.conf') } 527 | it { is_expected.to contain_concat_fragment('squid_icp_access_this too').with_order('30-09-deny') } 528 | it { is_expected.to contain_concat_fragment('squid_icp_access_this too').with_content(%r{^icp_access\s+deny\s+this too$}) } 529 | end 530 | 531 | context 'with http_port parameters set' do 532 | let :params do 533 | { config: '/tmp/squid.conf', 534 | http_ports: { 2000 => { 'options' => 'special for 2000' } } } 535 | end 536 | 537 | it { is_expected.to contain_concat_fragment('squid_header').with_target('/tmp/squid.conf') } 538 | it { is_expected.to contain_concat_fragment('squid_http_port_2000').with_order('30-05') } 539 | it { is_expected.to contain_concat_fragment('squid_http_port_2000').with_content(%r{^http_port\s+2000\s+special for 2000$}) } 540 | end 541 | 542 | context 'with https_port parameters set' do 543 | let :params do 544 | { config: '/tmp/squid.conf', 545 | https_ports: { 2001 => { 'options' => 'special for 2001' } } } 546 | end 547 | 548 | it { is_expected.to contain_concat_fragment('squid_header').with_target('/tmp/squid.conf') } 549 | it { is_expected.to contain_concat_fragment('squid_https_port_2001').with_order('30-05') } 550 | it { is_expected.to contain_concat_fragment('squid_https_port_2001').with_content(%r{^https_port\s+2001\s+special for 2001$}) } 551 | end 552 | 553 | if facts[:osfamily] == 'RedHat' 554 | context 'with http_port parameters set + SELINUX' do 555 | let :params do 556 | { config: '/tmp/squid.conf', 557 | http_ports: { 2000 => { 'options' => 'special for 2000' } } } 558 | end 559 | let(:facts) { override_facts(super(), os: { selinux: { enabled: true } }) } 560 | 561 | it { is_expected.to contain_concat_fragment('squid_header').with_target('/tmp/squid.conf') } 562 | it { is_expected.to contain_concat_fragment('squid_http_port_2000').with_order('30-05') } 563 | it { is_expected.to contain_concat_fragment('squid_http_port_2000').with_content(%r{^http_port\s+2000\s+special for 2000$}) } 564 | it { is_expected.to contain_selinux__port('selinux port squid_port_t 2000').with('ensure' => 'present', 'seltype' => 'squid_port_t', 'protocol' => 'tcp', 'port' => '2000') } 565 | end 566 | 567 | context 'with https_port parameters set' do 568 | let :params do 569 | { config: '/tmp/squid.conf', 570 | https_ports: { 2001 => { 'options' => 'special for 2001' } } } 571 | end 572 | let(:facts) { override_facts(super(), os: { selinux: { enabled: true } }) } 573 | 574 | it { is_expected.to contain_concat_fragment('squid_header').with_target('/tmp/squid.conf') } 575 | it { is_expected.to contain_concat_fragment('squid_https_port_2001').with_order('30-05') } 576 | it { is_expected.to contain_concat_fragment('squid_https_port_2001').with_content(%r{^https_port\s+2001\s+special for 2001$}) } 577 | it { is_expected.to contain_selinux__port('selinux port squid_port_t 2001').with('ensure' => 'present', 'seltype' => 'squid_port_t', 'protocol' => 'tcp', 'port' => '2001') } 578 | end 579 | 580 | context 'with duplicate ports on different ip' do 581 | let :params do 582 | { config: '/tmp/squid.conf', 583 | http_ports: { 'ipA' => { 'port' => 3128, 'host' => '192.168.1.10' }, 'ipB' => { 'port' => 3128, 'host' => '192.168.1.11' } } } 584 | end 585 | 586 | let(:facts) { override_facts(super(), os: { selinux: { enabled: true } }) } 587 | 588 | it { is_expected.to contain_concat_fragment('squid_header').with_target('/tmp/squid.conf') } 589 | it { is_expected.to contain_concat_fragment('squid_http_port_ipA').with_order('30-05') } 590 | it { is_expected.to contain_concat_fragment('squid_http_port_ipA').with_content(%r{http_port\s+192.168.1.10:3128}) } 591 | it { is_expected.to contain_concat_fragment('squid_http_port_ipB').with_order('30-05') } 592 | it { is_expected.to contain_concat_fragment('squid_http_port_ipB').with_content(%r{http_port\s+192.168.1.11:3128}) } 593 | it { is_expected.to contain_selinux__port('selinux port squid_port_t 3128').with('ensure' => 'present', 'seltype' => 'squid_port_t', 'protocol' => 'tcp', 'port' => '3128') } 594 | end 595 | 596 | context 'with cache_dir parameters set + SELINUX' do 597 | let :params do 598 | { config: '/tmp/squid.conf', 599 | cache_dirs: { '/data' => { 'type' => 'special', 600 | 'options' => 'my options for special type' } } } 601 | end 602 | let(:facts) { override_facts(super(), os: { selinux: { enabled: true } }) } 603 | 604 | it { is_expected.to contain_concat_fragment('squid_header').with_target('/tmp/squid.conf') } 605 | it { is_expected.to contain_file('/data').with_ensure('directory') } 606 | it { is_expected.to contain_selinux__fcontext('selinux fcontext squid_cache_t /data').with('seltype' => 'squid_cache_t', 'pathspec' => '/data(/.*)?') } 607 | it { is_expected.to contain_selinux__exec_restorecon('selinux restorecon /data').with('path' => '/data') } 608 | end 609 | end 610 | 611 | context 'with snmp_incoming_address parameter set' do 612 | let :params do 613 | { 614 | config: '/tmp/squid.conf', 615 | snmp_incoming_address: '4.2.2.2' 616 | } 617 | end 618 | 619 | it { is_expected.to contain_concat_fragment('squid_header').with_content(%r{^snmp_incoming_address\s+4\.2\.2\.2$}) } 620 | end 621 | 622 | context 'with snmp_port parameters set' do 623 | let :params do 624 | { config: '/tmp/squid.conf', 625 | snmp_ports: { 2000 => { 'options' => 'special for 2000', 626 | 'process_number' => 3 } } } 627 | end 628 | 629 | it { is_expected.to contain_concat_fragment('squid_header').with_target('/tmp/squid.conf') } 630 | it { is_expected.to contain_concat_fragment('squid_snmp_port_2000').with_content(%r{^snmp_port\s+2000\s+special for 2000$}) } 631 | it { is_expected.to contain_concat_fragment('squid_snmp_port_2000').with_content(%r{^if \${process_number} = 3$}) } 632 | it { is_expected.to contain_concat_fragment('squid_snmp_port_2000').with_content(%r{^endif$}) } 633 | end 634 | 635 | context 'with cache_dir parameters set' do 636 | let :params do 637 | { config: '/tmp/squid.conf', 638 | cache_dirs: { '/data' => { 'type' => 'special', 639 | 'options' => 'my options for special type' } } } 640 | end 641 | 642 | it { is_expected.to contain_concat_fragment('squid_header').with_target('/tmp/squid.conf') } 643 | it { is_expected.to contain_file('/data').with_ensure('directory') } 644 | end 645 | 646 | context 'with extra_config_sections parameter set' do 647 | let :params do 648 | { 649 | config: '/tmp/squid.conf', 650 | extra_config_sections: { 651 | 'mail settings' => { 652 | 'order' => '22', 653 | 'config_entries' => { 654 | 'mail_from' => 'squid@example.com', 655 | 'mail_program' => 'mail' 656 | } 657 | }, 658 | 'other settings' => { 659 | 'order' => '42', 660 | 'config_entries' => { 661 | 'dns_timeout' => '5 seconds' 662 | } 663 | } 664 | } 665 | } 666 | end 667 | 668 | it { is_expected.to contain_concat_fragment('squid_header').with_target('/tmp/squid.conf') } 669 | it { is_expected.to contain_squid__extra_config_section('mail settings') } 670 | it { is_expected.to contain_squid__extra_config_section('other settings') } 671 | it { is_expected.to contain_concat_fragment('squid_extra_config_section_mail settings').with_content(%r{^mail_from\s+squid@example\.com$}) } 672 | it { is_expected.to contain_concat_fragment('squid_extra_config_section_mail settings').with_content(%r{^mail_program\s+mail$}) } 673 | it { is_expected.to contain_concat_fragment('squid_extra_config_section_other settings').with_content(%r{^dns_timeout\s+5 seconds$}) } 674 | end 675 | end 676 | end 677 | end 678 | --------------------------------------------------------------------------------