From 822db0e338b180d333b6936215b9330ca1686652 Mon Sep 17 00:00:00 2001
From: "Morten M. Hansen" <mortenh@unity3d.com>
Date: Wed, 1 Jun 2016 21:14:12 +0200
Subject: [PATCH] allow custom options using "extra"

---
 README.rst                      |  1 +
 haproxy/templates/haproxy.jinja | 41 +++++++++++++++++++++++++++++++++
 pillar.example                  |  2 ++
 3 files changed, 44 insertions(+)

diff --git a/README.rst b/README.rst
index e63bc27..820ccd8 100644
--- a/README.rst
+++ b/README.rst
@@ -74,6 +74,7 @@ Currently, only a handful of options can be set using the pillar:
     + port: the port to contact the server on
     + check: set to check to enable checking
 
+- For global, default, frontend, listener, backend and server it is possible to use the "extra" option for more rare settings not mentioned above.
 
 ``haproxy.service``
 -------------------
diff --git a/haproxy/templates/haproxy.jinja b/haproxy/templates/haproxy.jinja
index f6d5728..827f356 100644
--- a/haproxy/templates/haproxy.jinja
+++ b/haproxy/templates/haproxy.jinja
@@ -63,6 +63,15 @@ global
 {%- if 'ssl-default-bind-options' in salt['pillar.get']('haproxy:global', {}) %}
     {{- render_list_of_dictionaries('ssl-default-bind-options', salt['pillar.get']('haproxy:global:ssl-default-bind-options')) }}
 {%- endif %}
+{%- if 'extra' in salt['pillar.get']('haproxy:global', {}) %}
+  {%- if salt['pillar.get']('haproxy:global:extra', {}) is string %}
+    {{ salt['pillar.get']('haproxy:global:extra') }}
+  {%- else %}
+    {%- for line in salt['pillar.get']('haproxy:global:extra') %}
+    {{ line }}
+    {%- endfor %}
+  {%- endif %}
+{%- endif %}
 
 {%- for id, userlist in salt['pillar.get']('haproxy:userlists',  {})|dictsort %}
 #------------------
@@ -125,6 +134,15 @@ defaults
 {%- if 'stats' in salt['pillar.get']('haproxy:defaults', {}) -%}
     {{ render_list_of_dictionaries('stats', salt['pillar.get']('haproxy:defaults:stats')) }}
 {%- endif %}
+{%- if 'extra' in salt['pillar.get']('haproxy:defaults', {}) %}
+  {%- if salt['pillar.get']('haproxy:defaults:extra', {}) is string %}
+    {{ salt['pillar.get']('haproxy:defaults:extra') }}
+  {%- else %}
+    {%- for line in salt['pillar.get']('haproxy:defaults:extra') %}
+    {{ line }}
+    {%- endfor %}
+  {%- endif %}
+{%- endif %}
 {%- if 'errorfiles' in salt['pillar.get']('haproxy:defaults', {}) %}
   {%- for errorfile_name, errorfile in salt['pillar.get']('haproxy:defaults:errorfiles')|dictsort %}
     errorfile {{ errorfile_name }} {{ errorfile }}
@@ -316,6 +334,13 @@ listen {{ listener.get('name', listener_name) }}
     appsession {%- for option in listener.appsession %}  {{ option }}  {%- endfor %}
       {%- endif %}
     {%- endif %}
+    {%- if 'extra' in listener %}
+      {%- if listener.extra is string %}
+    {{ listener.extra }}
+      {%- else %}
+    {%- for line in listerner.extra %}  {{ line }}  {%- endfor %}
+      {%- endif %}
+    {%- endif %}
     {%- if 'defaultserver' in listener %}
     default-server {%- for option, value in listener.defaultserver|dictsort %} {{ ' '.join((option, value|string, '')) }} {%- endfor %}
     {%- endif %}
@@ -402,6 +427,15 @@ frontend {{ frontend.get('name', frontend_name) }}
     {%- if 'stickons' in frontend %}
     {{- render_list_of_dictionaries('stickon', frontend.stickons) }}
     {%- endif %}
+    {%- if 'extra' in frontend %}
+      {%- if frontend.extra is string %}
+    {{ frontend.extra }}
+      {%- else %}
+    {%- for line in frontend.extra %}
+    {{ line }}
+    {%- endfor %}
+      {%- endif %}
+    {%- endif %}
     {%- if 'default_backend' in frontend %}
     default_backend {{ frontend.default_backend }}
     {%- endif %}
@@ -513,6 +547,13 @@ backend {{ backend.get('name', backend_name) }}
     {%- if 'reqreps' in backend %}
     {{- render_list_of_dictionaries('reqrep', backend.reqreps) }}
     {%- endif %}
+    {%- if 'extra' in backend %}
+      {%- if backend.extra is string %}
+    {{ backend.extra }}
+      {%- else %}
+    {%- for line in backend.extra %}  {{ line }}  {%- endfor %}
+      {%- endif %}
+    {%- endif %}
     {%- if 'defaultserver' in backend %}
     default-server {%- for option, value in backend.defaultserver|dictsort %} {{ ' '.join((option, value|string, '')) }} {%- endfor %}
     {%- endif %}
diff --git a/pillar.example b/pillar.example
index 28222f7..e0c9a3f 100644
--- a/pillar.example
+++ b/pillar.example
@@ -127,6 +127,7 @@ haproxy:
         - url_static       path_end       -i .jpg .gif .png .css .js
       use_backends:
         - static-backend  if url_static
+      extra: "rspadd  Strict-Transport-Security:\ max-age=15768000"
     some-services:
       bind:
         - "*:8080"
@@ -139,6 +140,7 @@ haproxy:
       balance: roundrobin
       redirects: 
         - scheme https if !{ ssl_fc }
+      extra: "reqidel ^X-Forwarded-For:"
       servers:
         server1:
           name: server1-its-name