Merge pull request #986 from mvisonneau/auth_request

Added auth_request configuration capability in server and location contexts
voxpupuli · Dec 19, 2016 · 360e700 · 360e700
2 parents 72f15f4 + a925c1b
commit 360e700
Show file tree

Hide file tree

Showing 7 changed files with 37 additions and 0 deletions.
diff --git a/manifests/resource/location.pp b/manifests/resource/location.pp
@@ -92,6 +92,7 @@
 #     with HTTP Basic Authentication.
 #   [*auth_basic_user_file*]  - This directive sets the htpasswd filename for
 #     the authentication realm.
+#   [*auth_request*]          - This allows you to specify a custom auth endpoint
 #   [*priority*]              - Location priority. Default: 500. User priority
 #     401-499, 501-599. If the priority is higher than the default priority,
 #     the location will be defined after root, or before root.
@@ -206,6 +207,7 @@
   $proxy_buffering             = undef,
   $auth_basic                  = undef,
   $auth_basic_user_file        = undef,
+  $auth_request                = undef,
   $rewrite_rules               = [],
   $priority                    = 500,
   $mp4                         = false,
@@ -359,6 +361,9 @@
   if ($auth_basic_user_file != undef) {
     validate_string($auth_basic_user_file)
   }
+  if ($auth_request != undef) {
+    validate_string($auth_request)
+  }
   if !is_integer($priority) {
     fail('$priority must be an integer.')
   }

diff --git a/manifests/resource/server.pp b/manifests/resource/server.pp
@@ -123,6 +123,7 @@
 #      password with HTTP Basic Authentication.
 #   [*auth_basic_user_file*]    - This directive sets the htpasswd filename for
 #     the authentication realm.
+#   [*auth_request*]          - This allows you to specify a custom auth endpoint
 #   [*client_max_body_size*]    - This directive sets client_max_body_size.
 #   [*client_body_timeout*]     - Sets how long the server will wait for a
 #      client body. Default is 60s
@@ -275,6 +276,7 @@
   $try_files                    = undef,
   $auth_basic                   = undef,
   $auth_basic_user_file         = undef,
+  $auth_request                 = undef,
   $client_body_timeout          = undef,
   $client_header_timeout        = undef,
   $client_max_body_size         = undef,
@@ -511,6 +513,9 @@
   if ($auth_basic_user_file != undef) {
     validate_string($auth_basic_user_file)
   }
+  if ($auth_request != undef) {
+    validate_string($auth_request)
+  }
   if ($server_cfg_prepend != undef) {
     validate_hash($server_cfg_prepend)
   }

diff --git a/spec/defines/resource_location_spec.rb b/spec/defines/resource_location_spec.rb
@@ -172,6 +172,12 @@
           attr: 'auth_basic_user_file',
           value: 'value',
           match: '    auth_basic_user_file value;'
+        },
+        {
+          title: 'should set auth_request',
+          attr: 'auth_request',
+          value: 'value',
+          match: %r{\s+auth_request\s+value;}
         }
       ].each do |param|
         context "when #{param[:attr]} is #{param[:value]}" do

diff --git a/spec/defines/resource_server_spec.rb b/spec/defines/resource_server_spec.rb
@@ -183,6 +183,12 @@
           value: 'value',
           match: %r{\s+auth_basic_user_file\s+value;}
         },
+        {
+          title: 'should set auth_request',
+          attr: 'auth_request',
+          value: 'value',
+          match: %r{\s+auth_request\s+value;}
+        },
         {
           title: 'should set the client_body_timeout',
           attr: 'client_body_timeout',
@@ -582,6 +588,12 @@
           value: 'value',
           match: %r{\s+auth_basic_user_file\s+"value";}
         },
+        {
+          title: 'should set auth_request',
+          attr: 'auth_request',
+          value: 'value',
+          match: %r{\s+auth_request\s+value;}
+        },
         {
           title: 'should set the client_body_timeout',
           attr: 'client_body_timeout',

diff --git a/templates/server/location_header.erb b/templates/server/location_header.erb
@@ -31,6 +31,9 @@
 <%- if @auth_basic_user_file -%>
     auth_basic_user_file <%= @auth_basic_user_file %>;
 <% end -%>
+<%- if defined? @auth_request -%>
+  auth_request <%= @auth_request %>;
+  <%- end -%>
 <% if @location_custom_cfg_prepend -%>
   <%- @location_custom_cfg_prepend.each do |key,value| -%>
     <%- if value.is_a?(Hash) -%>

diff --git a/templates/server/server_header.erb b/templates/server/server_header.erb
@@ -70,6 +70,9 @@ server {
   auth_basic_user_file <%= @auth_basic_user_file %>;
   <%- end -%>
 <% end -%>
+<%- if defined? @auth_request -%>
+  auth_request <%= @auth_request %>;
+<%- end -%>
 <% if instance_variables.any? { |iv| iv.to_s.include? 'client_' } -%>
   <%- if defined? @client_body_timeout -%>
   client_body_timeout <%= @client_body_timeout %>;

diff --git a/templates/server/server_ssl_header.erb b/templates/server/server_ssl_header.erb
@@ -63,6 +63,9 @@ server {
   auth_basic_user_file      "<%= @auth_basic_user_file %>";
   <% end -%>
 <%- end -%>
+<%- if defined? @auth_request -%>
+  auth_request <%= @auth_request %>;
+<%- end -%>
 <%- if instance_variables.any? { |iv| iv.to_s.include? 'client_' } -%>
   <%- if defined? @client_body_timeout -%>
   client_body_timeout <%= @client_body_timeout %>;