Skip to content

Commit

Permalink
Add ability to configure auth backends and classes
Browse files Browse the repository at this point in the history
  • Loading branch information
Scnaeg committed Jun 25, 2024
1 parent 94c6335 commit 5539ac7
Show file tree
Hide file tree
Showing 3 changed files with 95 additions and 3 deletions.
11 changes: 11 additions & 0 deletions manifests/init.pp
Original file line number Diff line number Diff line change
Expand Up @@ -121,6 +121,12 @@
# @param remote_user_environ_name
# Django remote user environment variable
#
# @param authentication_backends
# List uf used authentication backends
#
# @param rest_framework_default_authentication_classes
# List of used REST framework default authentication classes
#
# @param allowed_import_path
# Allowed paths that pulp can use for content imports, or sync from using file:// protocol
#
Expand Down Expand Up @@ -239,6 +245,11 @@
Array[Stdlib::Absolutepath] $allowed_export_path = [],
Pulpcore::ChecksumTypes $allowed_content_checksums = ['sha224', 'sha256', 'sha384', 'sha512'],
String[1] $remote_user_environ_name = 'HTTP_REMOTE_USER',
Array[String[1]] $authentication_backends = ['pulpcore.app.authentication.PulpNoCreateRemoteUserBackend'],
Array[String[1]] $rest_framework_default_authentication_classes = [
'rest_framework.authentication.SessionAuthentication',
'pulpcore.app.authentication.PulpRemoteUserAuthentication',
],
Integer[0] $worker_count = min(8, $facts['processors']['count']),
Optional[Integer[0]] $worker_ttl = undef,
Boolean $service_enable = true,
Expand Down
80 changes: 80 additions & 0 deletions spec/acceptance/settings_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,86 @@ class { 'pulpcore':
end
end

describe 'AUTHENTICATION_BACKENDS setting' do
context 'default AUTHENTICATION_BACKENDS' do
it_behaves_like 'an idempotent resource' do
let(:manifest) do
<<-PUPPET
include pulpcore
PUPPET
end
end

describe file('/etc/pulp/settings.py') do
it { is_expected.to be_file }
its(:content) { is_expected.to match(/^AUTHENTICATION_BACKENDS = \["pulpcore.app.authentication.PulpNoCreateRemoteUserBackend"\]$/) }
end
end

context 'AUTHENTICATION_BACKENDS set' do
it_behaves_like 'an idempotent resource' do
let(:manifest) do
<<-PUPPET
class { 'pulpcore':
authentication_backends => [
'django.contrib.auth.backends.ModelBackend',
'pulpcore.app.authentication.PulpNoCreateRemoteUserBackend',
],
}
PUPPET
end
end

describe file('/etc/pulp/settings.py') do
it { is_expected.to be_file }
its(:content) { is_expected.to match(/^AUTHENTICATION_BACKENDS = \["django.contrib.auth.backends.ModelBackend", "pulpcore.app.authentication.PulpNoCreateRemoteUserBackend"\]$/) }
end
end
end

describe 'REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES setting' do
context 'default REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES' do
it_behaves_like 'an idempotent resource' do
let(:manifest) do
<<-PUPPET
include pulpcore
PUPPET
end
end

describe file('/etc/pulp/settings.py') do
it { is_expected.to be_file }
its(:content) { is_expected.to match(/^REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES = \($/) }
its(:content) { is_expected.to match(/^ 'rest_framework.authentication.SessionAuthentication',$/) }
its(:content) { is_expected.to match(/^ 'pulpcore.app.authentication.PulpRemoteUserAuthentication',$/) }
end
end

context 'REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES set' do
it_behaves_like 'an idempotent resource' do
let(:manifest) do
<<-PUPPET
class { 'pulpcore':
rest_framework_default_authentication_classes => [
'rest_framework.authentication.BasicAuthentication',
'rest_framework.authentication.SessionAuthentication',
'pulpcore.app.authentication.PulpRemoteUserAuthentication'
],
}
PUPPET
end
end

describe file('/etc/pulp/settings.py') do
it { is_expected.to be_file }
its(:content) { is_expected.to match(/^REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES = \($/) }
its(:content) { is_expected.to match(/^ 'rest_framework.authentication.BasicAuthentication',$/) }
its(:content) { is_expected.to match(/^ 'rest_framework.authentication.SessionAuthentication',$/) }
its(:content) { is_expected.to match(/^ 'pulpcore.app.authentication.PulpRemoteUserAuthentication',$/) }
end
end
end

describe 'IMPORT_WORKERS_PERCENT setting' do
context 'default IMPORT_WORKERS_PERCENT' do
it_behaves_like 'an idempotent resource' do
Expand Down
7 changes: 4 additions & 3 deletions templates/settings.py.erb
Original file line number Diff line number Diff line change
Expand Up @@ -50,11 +50,12 @@ FILE_UPLOAD_TEMP_DIR = "<%= scope['pulpcore::cache_dir'] %>"
WORKING_DIRECTORY = "<%= scope['pulpcore::cache_dir'] %>"

REMOTE_USER_ENVIRON_NAME = '<%= scope['pulpcore::remote_user_environ_name'] %>'
AUTHENTICATION_BACKENDS = ['pulpcore.app.authentication.PulpNoCreateRemoteUserBackend']
AUTHENTICATION_BACKENDS = <%= scope['pulpcore::authentication_backends'] %>

REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES = (
'rest_framework.authentication.SessionAuthentication',
'pulpcore.app.authentication.PulpRemoteUserAuthentication'
<% scope['pulpcore::rest_framework_default_authentication_classes'].each do |authclass| -%>
'<%= authclass %>',
<% end -%>
)

ALLOWED_IMPORT_PATHS = <%= scope['pulpcore::allowed_import_path'] %>
Expand Down

0 comments on commit 5539ac7

Please sign in to comment.