From 908d75303dedd9325e43c16892a98bc805d802e5 Mon Sep 17 00:00:00 2001
From: Jim Lamers <jim.lamers@antagonist.nl>
Date: Thu, 8 Dec 2022 15:47:02 +0100
Subject: [PATCH] added support for proxy_protocol

---
 README.md                              | 20 +++++++++---------
 manifests/resource/mailhost.pp         | 28 +++++++++++++++++---------
 spec/acceptance/nginx_mail_spec.rb     |  2 ++
 spec/defines/resource_mailhost_spec.rb | 24 ++++++++++++++++++++++
 templates/mailhost/mailhost_common.erb |  2 ++
 5 files changed, 57 insertions(+), 19 deletions(-)

diff --git a/README.md b/README.md
index f81d1683c..8eb2f990e 100644
--- a/README.md
+++ b/README.md
@@ -83,15 +83,17 @@ class { 'nginx':
 }
 
 nginx::resource::mailhost { 'domain1.example':
-  auth_http   => 'server2.example/cgi-bin/auth',
-  protocol    => 'smtp',
-  listen_port => 587,
-  ssl_port    => 465,
-  starttls    => 'only',
-  xclient     => 'off',
-  ssl         => true,
-  ssl_cert    => '/tmp/server.crt',
-  ssl_key     => '/tmp/server.pem',
+  auth_http       => 'server2.example/cgi-bin/auth',
+  protocol        => 'smtp',
+  listen_port     => 587,
+  ssl_port        => 465,
+  starttls        => 'only',
+  xclient         => 'off',
+  proxy_protocol  => 'off',
+  proxy_smtp_auth => 'off',
+  ssl             => true,
+  ssl_cert        => '/tmp/server.crt',
+  ssl_key         => '/tmp/server.pem',
 }
 ```
 
diff --git a/manifests/resource/mailhost.pp b/manifests/resource/mailhost.pp
index 4eadb449c..fcf764ce9 100644
--- a/manifests/resource/mailhost.pp
+++ b/manifests/resource/mailhost.pp
@@ -72,6 +72,10 @@
 #   for authorization.
 # @param xclient
 #   Whether to use xclient for smtp
+# @param proxy_protocol 
+#   Wheter to use proxy_protocol
+# @param proxy_smtp_auth     
+#   Wheter to use proxy_smtp_auth
 # @param imap_auth
 #   Sets permitted methods of authentication for IMAP clients.
 # @param imap_capabilities
@@ -111,16 +115,18 @@
 #
 # @example SMTP server definition
 #   nginx::resource::mailhost { 'domain1.example':
-#     ensure      => present,
-#     auth_http   => 'server2.example/cgi-bin/auth',
-#     protocol    => 'smtp',
-#     listen_port => 587,
-#     ssl_port    => 465,
-#     starttls    => 'only',
-#     xclient     => 'off',
-#     ssl         => true,
-#     ssl_cert    => '/tmp/server.crt',
-#     ssl_key     => '/tmp/server.pem',
+#     ensure          => present,
+#     auth_http       => 'server2.example/cgi-bin/auth',
+#     protocol        => 'smtp',
+#     listen_port     => 587,
+#     ssl_port        => 465,
+#     starttls        => 'only',
+#     xclient         => 'off',
+#     proxy_protocol  => 'off',
+#     proxy_smtp_auth => 'off',
+#     ssl             => true,
+#     ssl_cert        => '/tmp/server.crt',
+#     ssl_key         => '/tmp/server.pem',
 #   }
 #
 define nginx::resource::mailhost (
@@ -155,6 +161,8 @@
   Optional[String] $auth_http                    = undef,
   Optional[String] $auth_http_header             = undef,
   Enum['on', 'off'] $xclient                     = 'on',
+  Enum['on', 'off'] $proxy_protocol              = 'off',
+  Enum['on', 'off'] $proxy_smtp_auth             = 'off',
   Optional[String] $imap_auth                    = undef,
   Optional[Array] $imap_capabilities             = undef,
   Optional[String] $imap_client_buffer           = undef,
diff --git a/spec/acceptance/nginx_mail_spec.rb b/spec/acceptance/nginx_mail_spec.rb
index 820faabc5..1475471b4 100644
--- a/spec/acceptance/nginx_mail_spec.rb
+++ b/spec/acceptance/nginx_mail_spec.rb
@@ -54,6 +54,8 @@ class { 'nginx':
         ssl_cert    => '/etc/pki/tls/certs/blah.cert',
         ssl_key     => '/etc/pki/tls/private/blah.key',
         xclient     => 'off',
+        proxy_protocol  => 'off',
+        proxy_smtp_auth => 'off',
       }
       "
 
diff --git a/spec/defines/resource_mailhost_spec.rb b/spec/defines/resource_mailhost_spec.rb
index e1c81b74b..c2608b50e 100644
--- a/spec/defines/resource_mailhost_spec.rb
+++ b/spec/defines/resource_mailhost_spec.rb
@@ -109,6 +109,18 @@
               value: 'off',
               match: '  xclient               off;'
             },
+            {
+              title: 'should set proxy_protocol',
+              attr: 'proxy_protocol',
+              value: 'off',
+              match: '  proxy_protocol        off;'
+            },
+            {
+              title: 'should set proxy_smtp_auth',
+              attr: 'proxy_smtp_auth',
+              value: 'off',
+              match: '  proxy_smtp_auth       off;'
+            },
             {
               title: 'should set auth_http',
               attr: 'auth_http',
@@ -551,6 +563,18 @@
               value: 'off',
               match: '  xclient               off;'
             },
+            {
+              title: 'should set proxy_protocol',
+              attr: 'proxy_protocol',
+              value: 'off',
+              match: '  proxy_protocol        off;'
+            },
+            {
+              title: 'should set proxy_smtp_auth',
+              attr: 'proxy_smtp_auth',
+              value: 'off',
+              match: '  proxy_smtp_auth       off;'
+            },
             {
               title: 'should set auth_http',
               attr: 'auth_http',
diff --git a/templates/mailhost/mailhost_common.erb b/templates/mailhost/mailhost_common.erb
index 287dd6d09..0de1b45d0 100644
--- a/templates/mailhost/mailhost_common.erb
+++ b/templates/mailhost/mailhost_common.erb
@@ -3,6 +3,8 @@
   protocol              <%= @protocol %>;
 <% end -%>
   xclient               <%= @xclient %>;
+  proxy_protocol        <%= @proxy_protocol %>;
+  proxy_smtp_auth       <%= @proxy_smtp_auth %>;
 <% if defined? @auth_http -%>
   auth_http             <%= @auth_http %>;
 <% end -%>