Merge pull request #149 from arioch/file_auth

Add apache file auth support
voxpupuli · Sep 17, 2017 · 951f21c · 951f21c
2 parents 88b8c97 + 315ca43
commit 951f21c
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 3 deletions.
diff --git a/manifests/apache/vhost.pp b/manifests/apache/vhost.pp
@@ -68,7 +68,7 @@
 #   No default ($::puppetboard::params::ldap_url)
 #
 # [*ldap_bind_authoritative]
-#   (string) Determines if other authentication providers are used 
+#   (string) Determines if other authentication providers are used
 #            when a user can be mapped to a DN but the server cannot bind with the credentials
 #   No default ($::puppetboard::params::ldap_bind_authoritative)
 class puppetboard::apache::vhost (
@@ -87,8 +87,15 @@
   $ldap_bind_dn             = $::puppetboard::params::ldap_bind_dn,
   $ldap_bind_password       = $::puppetboard::params::ldap_bind_password,
   $ldap_url                 = $::puppetboard::params::ldap_url,
-  $ldap_bind_authoritative  = $::puppetboard::params::ldap_bind_authoritative
-
+  $ldap_bind_authoritative  = $::puppetboard::params::ldap_bind_authoritative,
+  $enable_file_auth         = $::puppetboard::params::enable_file_auth,
+  $file_auth_allowoverride  = $::puppetboard::params::file_auth_allowoverride,
+  $file_auth_basic_provider = $::puppetboard::params::file_auth_basic_provider,
+  $file_auth_name           = $::puppetboard::params::file_auth_name,
+  $file_auth_options        = $::puppetboard::params::file_auth_options,
+  $file_auth_require        = $::puppetboard::params::file_auth_require,
+  $file_auth_type           = $::puppetboard::params::file_auth_type,
+  $file_auth_user_file      = $::puppetboard::params::file_auth_user_file,
 ) inherits ::puppetboard::params {
 
   $docroot = "${basedir}/puppetboard"
@@ -133,7 +140,24 @@
     $ldap_additional_includes = undef
     $ldap_require = undef
   }
+
+  if $enable_file_auth {
+    $directories = [
+      {
+        'allowoverride'       => $file_auth_allowoverride,
+        'auth_basic_provider' => $file_auth_basic_provider,
+        'auth_name'           => $file_auth_name,
+        'auth_require'        => $file_auth_require,
+        'auth_type'           => $file_auth_type,
+        'auth_user_file'      => $file_auth_user_file,
+        'options'             => $file_auth_options,
+        'path'                => $docroot,
+      },
+    ]
+  }
+
   ::apache::vhost { $vhost_name:
+    directories                 => $directories,
     port                        => $port,
     docroot                     => $docroot,
     ssl                         => $ssl,

diff --git a/manifests/params.pp b/manifests/params.pp
@@ -67,4 +67,12 @@
   $ldap_bind_password = undef
   $ldap_url = undef
   $ldap_bind_authoritative = undef
+  $enable_file_auth = false
+  $file_auth_allowoverride = 'None'
+  $file_auth_basic_provider = 'file'
+  $file_auth_name = 'PuppetBoard'
+  $file_auth_options = 'Indexes FollowSymLinks MultiViews'
+  $file_auth_require = 'user puppetboard pboard puppet'
+  $file_auth_type = 'Basic'
+  $file_auth_user_file = "${basedir}/.htpasswd"
 }