From 5539ac79b23abea8562051ba52909facca1e2398 Mon Sep 17 00:00:00 2001 From: Beat Gaetzi Date: Tue, 18 Jun 2024 10:34:39 +0200 Subject: [PATCH] Add ability to configure auth backends and classes --- manifests/init.pp | 11 +++++ spec/acceptance/settings_spec.rb | 80 ++++++++++++++++++++++++++++++++ templates/settings.py.erb | 7 +-- 3 files changed, 95 insertions(+), 3 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 25af6561..37b26d4d 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -121,6 +121,12 @@ # @param remote_user_environ_name # Django remote user environment variable # +# @param authentication_backends +# List uf used authentication backends +# +# @param rest_framework_default_authentication_classes +# List of used REST framework default authentication classes +# # @param allowed_import_path # Allowed paths that pulp can use for content imports, or sync from using file:// protocol # @@ -239,6 +245,11 @@ Array[Stdlib::Absolutepath] $allowed_export_path = [], Pulpcore::ChecksumTypes $allowed_content_checksums = ['sha224', 'sha256', 'sha384', 'sha512'], String[1] $remote_user_environ_name = 'HTTP_REMOTE_USER', + Array[String[1]] $authentication_backends = ['pulpcore.app.authentication.PulpNoCreateRemoteUserBackend'], + Array[String[1]] $rest_framework_default_authentication_classes = [ + 'rest_framework.authentication.SessionAuthentication', + 'pulpcore.app.authentication.PulpRemoteUserAuthentication', + ], Integer[0] $worker_count = min(8, $facts['processors']['count']), Optional[Integer[0]] $worker_ttl = undef, Boolean $service_enable = true, diff --git a/spec/acceptance/settings_spec.rb b/spec/acceptance/settings_spec.rb index 623a708a..4c0816e5 100644 --- a/spec/acceptance/settings_spec.rb +++ b/spec/acceptance/settings_spec.rb @@ -87,6 +87,86 @@ class { 'pulpcore': end end +describe 'AUTHENTICATION_BACKENDS setting' do + context 'default AUTHENTICATION_BACKENDS' do + it_behaves_like 'an idempotent resource' do + let(:manifest) do + <<-PUPPET + include pulpcore + PUPPET + end + end + + describe file('/etc/pulp/settings.py') do + it { is_expected.to be_file } + its(:content) { is_expected.to match(/^AUTHENTICATION_BACKENDS = \["pulpcore.app.authentication.PulpNoCreateRemoteUserBackend"\]$/) } + end + end + + context 'AUTHENTICATION_BACKENDS set' do + it_behaves_like 'an idempotent resource' do + let(:manifest) do + <<-PUPPET + class { 'pulpcore': + authentication_backends => [ + 'django.contrib.auth.backends.ModelBackend', + 'pulpcore.app.authentication.PulpNoCreateRemoteUserBackend', + ], + } + PUPPET + end + end + + describe file('/etc/pulp/settings.py') do + it { is_expected.to be_file } + its(:content) { is_expected.to match(/^AUTHENTICATION_BACKENDS = \["django.contrib.auth.backends.ModelBackend", "pulpcore.app.authentication.PulpNoCreateRemoteUserBackend"\]$/) } + end + end +end + +describe 'REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES setting' do + context 'default REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES' do + it_behaves_like 'an idempotent resource' do + let(:manifest) do + <<-PUPPET + include pulpcore + PUPPET + end + end + + describe file('/etc/pulp/settings.py') do + it { is_expected.to be_file } + its(:content) { is_expected.to match(/^REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES = \($/) } + its(:content) { is_expected.to match(/^ 'rest_framework.authentication.SessionAuthentication',$/) } + its(:content) { is_expected.to match(/^ 'pulpcore.app.authentication.PulpRemoteUserAuthentication',$/) } + end + end + + context 'REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES set' do + it_behaves_like 'an idempotent resource' do + let(:manifest) do + <<-PUPPET + class { 'pulpcore': + rest_framework_default_authentication_classes => [ + 'rest_framework.authentication.BasicAuthentication', + 'rest_framework.authentication.SessionAuthentication', + 'pulpcore.app.authentication.PulpRemoteUserAuthentication' + ], + } + PUPPET + end + end + + describe file('/etc/pulp/settings.py') do + it { is_expected.to be_file } + its(:content) { is_expected.to match(/^REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES = \($/) } + its(:content) { is_expected.to match(/^ 'rest_framework.authentication.BasicAuthentication',$/) } + its(:content) { is_expected.to match(/^ 'rest_framework.authentication.SessionAuthentication',$/) } + its(:content) { is_expected.to match(/^ 'pulpcore.app.authentication.PulpRemoteUserAuthentication',$/) } + end + end +end + describe 'IMPORT_WORKERS_PERCENT setting' do context 'default IMPORT_WORKERS_PERCENT' do it_behaves_like 'an idempotent resource' do diff --git a/templates/settings.py.erb b/templates/settings.py.erb index 145dd942..d33425a1 100644 --- a/templates/settings.py.erb +++ b/templates/settings.py.erb @@ -50,11 +50,12 @@ FILE_UPLOAD_TEMP_DIR = "<%= scope['pulpcore::cache_dir'] %>" WORKING_DIRECTORY = "<%= scope['pulpcore::cache_dir'] %>" REMOTE_USER_ENVIRON_NAME = '<%= scope['pulpcore::remote_user_environ_name'] %>' -AUTHENTICATION_BACKENDS = ['pulpcore.app.authentication.PulpNoCreateRemoteUserBackend'] +AUTHENTICATION_BACKENDS = <%= scope['pulpcore::authentication_backends'] %> REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES = ( - 'rest_framework.authentication.SessionAuthentication', - 'pulpcore.app.authentication.PulpRemoteUserAuthentication' +<% scope['pulpcore::rest_framework_default_authentication_classes'].each do |authclass| -%> + '<%= authclass %>', +<% end -%> ) ALLOWED_IMPORT_PATHS = <%= scope['pulpcore::allowed_import_path'] %>