CHANGELOG.md

@@ -1,5 +1,15 @@
 # Changelog
 
+## [10.2.0](https://github.com/theforeman/puppet-pulpcore/tree/10.2.0) (2024-08-12)
+
+[Full Changelog](https://github.com/theforeman/puppet-pulpcore/compare/10.1.0...10.2.0)
+
+**Implemented enhancements:**
+
+- Update puppet\_metadata to ~\> 4.0 and voxpupuli-acceptance to ~\> 3.0 [\#347](https://github.com/theforeman/puppet-pulpcore/pull/347) ([archanaserver](https://github.com/archanaserver))
+- Add ability to configure auth backends and classes [\#346](https://github.com/theforeman/puppet-pulpcore/pull/346) ([Scnaeg](https://github.com/Scnaeg))
+- Add AlmaLinux 8 & 9 support [\#345](https://github.com/theforeman/puppet-pulpcore/pull/345) ([archanaserver](https://github.com/archanaserver))
+
 ## [10.1.0](https://github.com/theforeman/puppet-pulpcore/tree/10.1.0) (2024-05-16)
 
 [Full Changelog](https://github.com/theforeman/puppet-pulpcore/compare/10.0.0...10.1.0)

Gemfile

@@ -10,9 +10,9 @@ gem 'kafo_module_lint', {"groups"=>["test"]}
 gem 'puppet-lint-spaceship_operator_without_tag-check', '~> 1.0', {"groups"=>["test"]}
 gem 'voxpupuli-test', '~> 7.0', {"groups"=>["test"]}
 gem 'github_changelog_generator', '>= 1.15.0', {"groups"=>["development"]}
-gem 'puppet_metadata', '~> 3.4'
+gem 'puppet_metadata', '~> 4.0'
 gem 'puppet-blacksmith', '>= 6.0.0', {"groups"=>["development"]}
-gem 'voxpupuli-acceptance', '~> 2.0', {"groups"=>["system_tests"]}
+gem 'voxpupuli-acceptance', '~> 3.0', {"groups"=>["system_tests"]}
 gem 'puppetlabs_spec_helper', {"groups"=>["system_tests"]}
 
 # vim:ft=ruby

manifests/init.pp

@@ -121,6 +121,12 @@
 # @param remote_user_environ_name
 #   Django remote user environment variable
 #
+# @param authentication_backends
+#   List of used authentication backends
+#
+# @param rest_framework_default_authentication_classes
+#   List of used REST framework default authentication classes
+#
 # @param allowed_import_path
 #   Allowed paths that pulp can use for content imports, or sync from using file:// protocol
 #
@@ -239,6 +245,11 @@
   Array[Stdlib::Absolutepath] $allowed_export_path = [],
   Pulpcore::ChecksumTypes $allowed_content_checksums = ['sha224', 'sha256', 'sha384', 'sha512'],
   String[1] $remote_user_environ_name = 'HTTP_REMOTE_USER',
+  Array[String[1]] $authentication_backends = ['pulpcore.app.authentication.PulpNoCreateRemoteUserBackend'],
+  Array[String[1]] $rest_framework_default_authentication_classes = [
+    'rest_framework.authentication.SessionAuthentication',
+    'pulpcore.app.authentication.PulpRemoteUserAuthentication',
+  ],
   Integer[0] $worker_count = min(8, $facts['processors']['count']),
   Optional[Integer[0]] $worker_ttl = undef,
   Boolean $service_enable = true,

metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "theforeman-pulpcore",
-  "version": "10.1.0",
+  "version": "10.2.0",
   "author": "theforeman",
   "summary": "Installs next generation Pulp server",
   "license": "GPL-3.0-or-later",
@@ -49,6 +49,13 @@
         "8",
         "9"
       ]
+    },
+    {
+      "operatingsystem": "AlmaLinux",
+      "operatingsystemrelease": [
+        "8",
+        "9"
+      ]
     }
   ],
   "requirements": [

spec/acceptance/cli_spec.rb

@@ -6,7 +6,7 @@
       <<-PUPPET
       include pulpcore
       class { 'pulpcore::cli':
-        pulpcore_url => "https://${facts['networking']['fqdn']}/",
+        pulpcore_url => "https://${facts['networking']['fqdn']}",
         cert         => "/etc/pulpcore-certs/client-cert.pem",
         key          => "/etc/pulpcore-certs/client-key.pem",
       }
@@ -58,7 +58,7 @@ class { 'pulpcore::cli':
     let(:manifest) do
       <<-PUPPET
       class { 'pulpcore::cli':
-        pulpcore_url => "https://${facts['networking']['fqdn']}/",
+        pulpcore_url => "https://${facts['networking']['fqdn']}",
         username     => "admin",
         password     => "changeme",
       }

spec/acceptance/settings_spec.rb

@@ -87,6 +87,96 @@ class { 'pulpcore':
   end
 end
 
+describe 'AUTHENTICATION_BACKENDS setting' do
+  context 'default AUTHENTICATION_BACKENDS' do
+    it_behaves_like 'an idempotent resource' do
+      let(:manifest) do
+        <<-PUPPET
+        include pulpcore
+        PUPPET
+      end
+    end
+
+    describe file('/etc/pulp/settings.py') do
+      it { is_expected.to be_file }
+      its(:content) { is_expected.to include('AUTHENTICATION_BACKENDS = ["pulpcore.app.authentication.PulpNoCreateRemoteUserBackend"]') }
+    end
+  end
+
+  context 'AUTHENTICATION_BACKENDS set' do
+    it_behaves_like 'an idempotent resource' do
+      let(:manifest) do
+        <<-PUPPET
+        class { 'pulpcore':
+          authentication_backends => [
+            'django.contrib.auth.backends.ModelBackend',
+            'pulpcore.app.authentication.PulpNoCreateRemoteUserBackend',
+          ],
+        }
+        PUPPET
+      end
+    end
+
+    describe file('/etc/pulp/settings.py') do
+      it { is_expected.to be_file }
+      its(:content) { is_expected.to include('AUTHENTICATION_BACKENDS = ["django.contrib.auth.backends.ModelBackend", "pulpcore.app.authentication.PulpNoCreateRemoteUserBackend"]') }
+    end
+  end
+end
+
+describe 'REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES setting' do
+  context 'default REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES' do
+    it_behaves_like 'an idempotent resource' do
+      let(:manifest) do
+        <<-PUPPET
+        include pulpcore
+        PUPPET
+      end
+    end
+
+    describe file('/etc/pulp/settings.py') do
+      it { is_expected.to be_file }
+      its(:content) do
+        is_expected.to include <<~EXPECTED
+          REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES = (
+              'rest_framework.authentication.SessionAuthentication',
+              'pulpcore.app.authentication.PulpRemoteUserAuthentication',
+          )
+        EXPECTED
+      end
+    end
+  end
+
+  context 'REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES set' do
+    it_behaves_like 'an idempotent resource' do
+      let(:manifest) do
+        <<-PUPPET
+        class { 'pulpcore':
+          rest_framework_default_authentication_classes => [
+            'rest_framework.authentication.BasicAuthentication',
+            'rest_framework.authentication.SessionAuthentication',
+            'pulpcore.app.authentication.PulpRemoteUserAuthentication',
+          ],
+        }
+        PUPPET
+      end
+    end
+
+    describe file('/etc/pulp/settings.py') do
+      it { is_expected.to be_file }
+      its(:content) do
+        is_expected.to include <<~EXPECTED
+          REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES = (
+              'rest_framework.authentication.BasicAuthentication',
+              'rest_framework.authentication.SessionAuthentication',
+              'pulpcore.app.authentication.PulpRemoteUserAuthentication',
+          )
+        EXPECTED
+      end
+    end
+  end
+end
+
 describe 'IMPORT_WORKERS_PERCENT setting' do
   context 'default IMPORT_WORKERS_PERCENT' do
     it_behaves_like 'an idempotent resource' do

templates/settings.py.erb

@@ -50,11 +50,12 @@ FILE_UPLOAD_TEMP_DIR = "<%= scope['pulpcore::cache_dir'] %>"
 WORKING_DIRECTORY = "<%= scope['pulpcore::cache_dir'] %>"
 
 REMOTE_USER_ENVIRON_NAME = '<%= scope['pulpcore::remote_user_environ_name'] %>'
-AUTHENTICATION_BACKENDS = ['pulpcore.app.authentication.PulpNoCreateRemoteUserBackend']
+AUTHENTICATION_BACKENDS = <%= scope['pulpcore::authentication_backends'] %>
 
 REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES = (
-    'rest_framework.authentication.SessionAuthentication',
-    'pulpcore.app.authentication.PulpRemoteUserAuthentication'
+<% scope['pulpcore::rest_framework_default_authentication_classes'].each do |authclass| -%>
+    '<%= authclass %>',
+<% end -%>
 )
 
 ALLOWED_IMPORT_PATHS = <%= scope['pulpcore::allowed_import_path'] %>