Skip to content

Commit

Permalink
Add support for mod_auth_cas module configuration
Browse files Browse the repository at this point in the history
  • Loading branch information
pcfens committed Feb 12, 2015
1 parent fbfc2de commit bbe6d29
Show file tree
Hide file tree
Showing 5 changed files with 155 additions and 2 deletions.
8 changes: 7 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -520,6 +520,7 @@ There are many `apache::mod::[name]` classes within this module that can be decl
* `actions`
* `alias`
* `auth_basic`
* `auth_cas`* (see [`apache::mod::auth_cas`](#class-apachemodauthcas) below)
* `auth_kerb`
* `authnz_ldap`*
* `autoindex`
Expand Down Expand Up @@ -578,7 +579,7 @@ Modules noted with a * indicate that the module has settings and, thus, a templa

The modules mentioned above, and other Apache modules that have templates, cause template files to be dropped along with the mod install. The module will not work without the template. Any module without a template installs the package but drops no files.

####Class: `apache::mod::event
####Class: `apache::mod::event`

Installs and manages mpm_event module.

Expand All @@ -592,6 +593,11 @@ To configure the event thread limit:
}
```

####Class: `apache::mod::auth_cas`

Installs and manages mod_auth_cas. The parameters `cas_login_url` and `cas_validate_url` are required.

Full documentation on mod_auth_cas is available from [JASIG](https://github.com/Jasig/mod_auth_cas).

####Class: `apache::mod::info`

Expand Down
48 changes: 48 additions & 0 deletions manifests/mod/auth_cas.pp
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
class apache::mod::auth_cas (
$cas_login_url,
$cas_validate_url,
$cas_cookie_path = $::apache::params::cas_cookie_path,
$cas_version = 2,
$cas_debug = 'Off',
$cas_validate_depth = undef,
$cas_certificate_path = undef,
$cas_proxy_validate_url = undef,
$cas_root_proxied_as = undef,
$cas_cookie_entropy = undef,
$cas_timeout = undef,
$cas_idle_timeout = undef,
$cas_cache_clean_interval = undef,
$cas_cookie_domain = undef,
$cas_cookie_http_only = undef,
$cas_authoritative = undef,
$suppress_warning = false,
) {

validate_string($cas_login_url, $cas_validate_url, $cas_cookie_path)

if $::osfamily == 'RedHat' and ! $suppress_warning {
warning('RedHat distributions do not have Apache mod_auth_cas in their default package repositories.')
}

::apache::mod { 'auth_cas': }

file { $cas_cookie_path:
ensure => directory,
before => File['auth_cas.conf'],
mode => '0750',
owner => $apache::user,
group => $apache::group,
}

# Template uses
# - All variables beginning with cas_
file { 'auth_cas.conf':
ensure => file,
path => "${::apache::mod_dir}/auth_cas.conf",
content => template('apache/mod/auth_cas.conf.erb'),
require => [ Exec["mkdir ${::apache::mod_dir}"], ],
before => File[$::apache::mod_dir],
notify => Service['httpd'],
}

}
7 changes: 6 additions & 1 deletion manifests/params.pp
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,9 @@
$suphp_engine = 'off'
$suphp_configpath = undef
# NOTE: The module for Shibboleth is not available to RH/CentOS without an additional repository. http://wiki.aaf.edu.au/tech-info/sp-install-guide
# NOTE: The auth_cas module isn't available to RH/CentOS without enabling EPEL.
$mod_packages = {
'auth_cas' => 'mod_auth_cas',
'auth_kerb' => 'mod_auth_kerb',
'authnz_ldap' => $::apache::version::distrelease ? {
'7' => 'mod_ldap',
Expand Down Expand Up @@ -110,11 +112,12 @@
'7' => '/usr/share/httpd/error',
default => '/var/www/error'
}
if $::osfamily == "RedHat" {
if $::osfamily == 'RedHat' {
$wsgi_socket_prefix = '/var/run/wsgi'
} else {
$wsgi_socket_prefix = undef
}
$cas_cookie_path = '/var/cache/mod_auth_cas/'
$modsec_crs_package = 'mod_security_crs'
$modsec_crs_path = '/usr/lib/modsecurity.d'
$modsec_dir = '/etc/httpd/modsecurity.d'
Expand Down Expand Up @@ -169,6 +172,7 @@
$suphp_engine = 'off'
$suphp_configpath = '/etc/php5/apache2'
$mod_packages = {
'auth_cas' => 'libapache2-mod-auth-cas',
'auth_kerb' => 'libapache2-mod-auth-kerb',
'dav_svn' => 'libapache2-svn',
'fastcgi' => 'libapache2-mod-fastcgi',
Expand Down Expand Up @@ -198,6 +202,7 @@
$mime_support_package = 'mime-support'
$mime_types_config = '/etc/mime.types'
$docroot = '/var/www'
$cas_cookie_path = '/var/cache/apache2/mod_auth_cas/'
$modsec_crs_package = 'modsecurity-crs'
$modsec_crs_path = '/usr/share/modsecurity-crs'
$modsec_dir = '/etc/modsecurity'
Expand Down
54 changes: 54 additions & 0 deletions spec/classes/mod/auth_cas_spec.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
require 'spec_helper'

describe 'apache::mod::auth_cas', :type => :class do
let :params do
{
:cas_login_url => 'https://cas.example.com/login',
:cas_validate_url => 'https://cas.example.com/validate',
}
end

let :pre_condition do
'include ::apache'
end

context "on a Debian OS", :compile do
let :facts do
{
:id => 'root',
:kernel => 'Linux',
:lsbdistcodename => 'squeeze',
:osfamily => 'Debian',
:operatingsystem => 'Debian',
:operatingsystemrelease => '6',
:path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
:concat_basedir => '/dne',
:is_pe => false,
}
end
it { is_expected.to contain_class("apache::params") }
it { is_expected.to contain_apache__mod("auth_cas") }
it { is_expected.to contain_package("libapache2-mod-auth-cas") }
it { is_expected.to contain_file("auth_cas.conf").with_path('/etc/apache2/mods-available/auth_cas.conf') }
it { is_expected.to contain_file("/var/cache/apache2/mod_auth_cas/").with_owner('www-data') }
end
context "on a RedHat OS", :compile do
let :facts do
{
:id => 'root',
:kernel => 'Linux',
:osfamily => 'RedHat',
:operatingsystem => 'RedHat',
:operatingsystemrelease => '6',
:path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
:concat_basedir => '/dne',
:is_pe => false,
}
end
it { is_expected.to contain_class("apache::params") }
it { is_expected.to contain_apache__mod("auth_cas") }
it { is_expected.to contain_package("mod_auth_cas") }
it { is_expected.to contain_file("auth_cas.conf").with_path('/etc/httpd/conf.d/auth_cas.conf') }
it { is_expected.to contain_file("/var/cache/mod_auth_cas/").with_owner('apache') }
end
end
40 changes: 40 additions & 0 deletions templates/mod/auth_cas.conf.erb
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
CASCookiePath <%= @cas_cookie_path %>
CASLoginURL <%= @cas_login_url %>
CASValidateURL <%= @cas_validate_url %>

CASVersion <%= @cas_version %>
CASDebug <%= @cas_debug %>

<% if @cas_certificate_path -%>
CASCertificatePath <%= @cas_certificate_path %>
<% end -%>
<% if @cas_proxy_validate_url -%>
CASProxyValidateURL <%= @cas_proxy_validate_url %>
<% end -%>
<% if @cas_validate_depth -%>
CASValidateDepth <%= @cas_validate_depth %>
<% end -%>
<% if @cas_root_proxied_as -%>
CASRootProxiedAs <%= @cas_root_proxied_as %>
<% end -%>
<% if @cas_cookie_entropy -%>
CASCookieEntropy <%= @cas_cookie_entropy %>
<% end -%>
<% if @cas_timeout -%>
CASTimeout <%= @cas_timeout %>
<% end -%>
<% if @cas_idle_timeout -%>
CASIdleTimeout <%= @cas_idle_timeout %>
<% end -%>
<% if @cas_cache_clean_interval -%>
CASCacheCleanInterval <%= @cas_cache_clean_interval %>
<% end -%>
<% if @cas_cookie_domain -%>
CASCookieDomain <%= @cas_cookie_domain %>
<% end -%>
<% if @cas_cookie_http_only -%>
CASCookieHttpOnly <%= @cas_cookie_http_only %>
<% end -%>
<% if @cas_authoritative -%>
CASAuthoritative <%= @cas_authoritative %>
<% end -%>

0 comments on commit bbe6d29

Please sign in to comment.