Add ability to be built as dynamic module

davidjb · davidjb · commit 4bb74147b7b3 · 2016-03-31T11:38:31.000+10:00
diff --git a/.travis.yml b/.travis.yml
@@ -4,8 +4,10 @@ compilers:
   - gcc
 env:
   # Don't use `NGINX` as the variable name or Nginx won't daemonise
-  - SHIB_NGINX_VERSION=1.9.13
-  - SHIB_NGINX_VERSION=1.8.1
+  - SHIB_NGINX_VERSION=1.9.13 SHIB_DYNAMIC_MODULE=true
+  - SHIB_NGINX_VERSION=1.9.13 SHIB_DYNAMIC_MODULE=false
+  - SHIB_NGINX_VERSION=1.8.1 SHIB_DYNAMIC_MODULE=true
+  - SHIB_NGINX_VERSION=1.8.1 SHIB_DYNAMIC_MODULE=false
 sudo: false
 addons:
   apt:
@@ -25,10 +27,16 @@ before_install:
 install:
   - wget -O - http://nginx.org/download/nginx-${SHIB_NGINX_VERSION}.tar.gz | tar -xzf -
   - cd nginx-${SHIB_NGINX_VERSION}
-  - git clone https://github.com/openresty/headers-more-nginx-module.git -b v0.29
-  - ./configure --with-debug --add-module=.. --add-module=./headers-more-nginx-module
+  - git clone https://github.com/openresty/headers-more-nginx-module.git -b v0.30rc1
+  - |
+    if [ "$SHIB_DYNAMIC_MODULE" = true ]; then
+      ./configure --with-debug --add-dynamic-module=.. --add-dynamic-module=./headers-more-nginx-module
+    else
+      ./configure --with-debug --add-module=.. --add-module=./headers-more-nginx-module
+    fi
   - make
   - export PATH=$(pwd)/objs:$PATH
+  - export SHIB_MODULE_PATH=$(pwd)/objs
   - cd ..
 script:
   - PERL5LIB=$HOME/perl5/lib/perl5 TEST_NGINX_VERBOSE=true prove -v
diff --git a/README.rst b/README.rst
@@ -1,4 +1,4 @@
-Shibboleth auth request module for nginx
+Shibboleth auth request module for Nginx
 ========================================
 
 .. image:: https://travis-ci.org/nginx-shib/nginx-http-shibboleth.svg?branch=master
@@ -27,6 +27,9 @@ same ``location`` block is untested and not advised.
 Read more about the `Behaviour`_ below and consult `Configuration`_ for
 important notes on avoiding spoofing if using headers for attributes.
 
+For further information on why this is a dedicated module, see
+http://forum.nginx.org/read.php?2,238523,238523#msg-238523
+
 Directives
 ----------
 
@@ -107,14 +110,32 @@ shib_request_use_headers on|off
 Installation
 ------------
 
-To compile nginx with this module, use the::
+This module can either be compiled statically or dynamically, since the
+introduction of `dynamic modules
+<https://www.nginx.com/resources/wiki/extending/converting/>`_ in Nginx
+1.9.11.  The practical upshot of dynamic modules is that they can be loaded,
+as opposed to static modules which are permanently present and enabled.
 
-    --add-module <path>
 
-option when you ``configure`` nginx.
+To compile Nginx with this module dynamically, pass the following option to
+``./configure`` when building Nginx::
 
-For further information on why this is a dedicated module, see
-http://forum.nginx.org/read.php?2,238523,238523#msg-238523
+    --add-dynamic-module=<path>
+
+You will need to explicitly load the module in your ``nginx.conf`` by
+including::
+
+    load_module /path/to/modules/ngx_http_shibboleth_module.so;
+
+and reloading Nginx.
+
+To compile Nginx with this module statically, pass the following option to
+``./configure`` when building Nginx::
+
+    --add-module=<path>
+
+No additional loading is required as the module is built-in with this
+configuration.
 
 
 Configuration
@@ -266,10 +287,10 @@ on aspects like the `blocks()` function.
 Integration tests are run automatically with Travis CI but
 also be run manually (requires Perl & CPAN to be installed)::
 
-    cd nginx-shibboleth-auth
+    cd nginx-http-shibboleth
     cpanm --notest --local-lib=$HOME/perl5 Test::Nginx
-    # nginx must be present in path and built with debugging symbols
-    prove
+    # nginx must be present in PATH and built with debugging symbols
+    PERL5LIB=$HOME/perl5/lib/perl5 prove
 
 Versioning
 ----------
diff --git a/config b/config
@@ -1,3 +1,12 @@
 ngx_addon_name=ngx_http_shibboleth_module
-HTTP_MODULES="$HTTP_MODULES ngx_http_shibboleth_module"
-NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_http_shibboleth_module.c"
+
+if test -n "$ngx_module_link"; then
+    ngx_module_type=HTTP
+    ngx_module_name=ngx_http_shibboleth_module
+    ngx_module_srcs="$ngx_addon_dir/ngx_http_shibboleth_module.c"
+
+    . auto/module
+else
+    HTTP_MODULES="$HTTP_MODULES ngx_http_shibboleth_module"
+    NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_http_shibboleth_module.c"
+fi
diff --git a/t/shibboleth.t b/t/shibboleth.t
@@ -7,9 +7,18 @@ use Test::Nginx::Socket;
 repeat_each(1);
 
 # Each `TEST` in __DATA__ below generates a block for each pattern match
-# count
+# count. Increase the magic number accordingly if adding new tests or
+# expanding checks in existing tests (this will add more blocks).
 plan tests => repeat_each() * (50);
 
+# Populate config for the dynamic module, if requested
+our $main_config = '';
+my $SHIB_DYNAMIC_MODULE = $ENV{'SHIB_DYNAMIC_MODULE'};
+if ($SHIB_DYNAMIC_MODULE && $SHIB_DYNAMIC_MODULE eq 'true') {
+    my $SHIB_MODULE_PATH = $ENV{'SHIB_MODULE_PATH'} ? $ENV{'SHIB_MODULE_PATH'} : 'modules';
+    $main_config = "load_module $SHIB_MODULE_PATH/ngx_http_headers_more_filter_module.so;
+                    load_module $SHIB_MODULE_PATH/ngx_http_shibboleth_module.so;";
+}
 
 our $config = <<'_EOC_';
         # 401 must be returned with WWW-Authenticate header
@@ -148,6 +157,7 @@ __DATA__
 
 === TEST 1: Testing 401 response
 --- config eval: $::config
+--- main_config eval: $::main_config
 --- request
 GET /test1
 --- error_code: 401
@@ -159,6 +169,7 @@ qr/\[(warn|error|crit|alert|emerg)\]/
 
 === TEST 2: Testing 401 response with main request header
 --- config eval: $::config
+--- main_config eval: $::main_config
 --- request
 GET /test2
 --- error_code: 401
@@ -171,6 +182,7 @@ qr/\[(warn|error|crit|alert|emerg)\]/
 
 === TEST 3: Testing 403 response with main request header
 --- config eval: $::config
+--- main_config eval: $::main_config
 --- request
 GET /test3
 --- error_code: 403
@@ -182,6 +194,7 @@ qr/\[(warn|error|crit|alert|emerg)\]/
 
 === TEST 4: Testing 403 response with main request header
 --- config eval: $::config
+--- main_config eval: $::main_config
 --- request
 GET /test4
 --- error_code: 403
@@ -193,6 +206,7 @@ qr/\[(warn|error|crit|alert|emerg)\]/
 
 === TEST 5: Testing redirection with in-built header addition
 --- config eval: $::config
+--- main_config eval: $::main_config
 --- request
 GET /test5
 --- error_code: 301
@@ -205,6 +219,7 @@ qr/\[(warn|error|crit|alert|emerg)\]/
 
 === TEST 6: Testing redirection with subrequest header manipulation in main request
 --- config eval: $::config
+--- main_config eval: $::main_config
 --- request
 GET /test6
 --- error_code: 301
@@ -218,6 +233,7 @@ qr/\[(warn|error|crit|alert|emerg)\]/
 
 === TEST 7: Testing successful auth, no leaked variables
 --- config eval: $::config
+--- main_config eval: $::main_config
 --- user_files
 >>> test7
 Hello, world
@@ -237,6 +253,7 @@ qr/copied header/
 
 === TEST 8: Testing successful auth, no leaked variables, main request headers set
 --- config eval: $::config
+--- main_config eval: $::main_config
 --- user_files
 >>> test8
 Hello, world
@@ -257,6 +274,7 @@ qr/shib request authorizer copied header:/
 
 === TEST 9: Testing no auth with correct headers; subrequest header changes are ignored
 --- config eval: $::config
+--- main_config eval: $::main_config
 --- request
 GET /test9
 --- error_code: 403
@@ -270,6 +288,7 @@ qr/\[(warn|error|crit|alert|emerg)\]/
 
 === TEST 10: Testing no auth with overwritten headers; subrequest header changes are ignored
 --- config eval: $::config
+--- main_config eval: $::main_config
 --- request
 GET /test10
 --- error_code: 403
@@ -283,6 +302,7 @@ qr/\[(warn|error|crit|alert|emerg)\]/
 
 === TEST 11: Testing successful auth, no leaked variables, no headers set
 --- config eval: $::config
+--- main_config eval: $::main_config
 --- user_files
 >>> test11
 Hello, world
