Commit 62e6d78e authored by Scott Barthelemy's avatar Scott Barthelemy

Remove manifest config/webui.pp, parameters about proxy access and update tests

parent 9c134474
# @summary Configures port and redirect overrides for the IPA server web UI.
#
# @example
# include freeipa::config::webui
#
# @api private
#
class freeipa::config::webui {
assert_private()
if $freeipa::webui_enable_proxy {
#ref: https://www.redhat.com/archives/freeipa-users/2016-June/msg00128.html
$proxy_server_internal_fqdn = $freeipa::ipa_server_fqdn
$proxy_server_external_fqdn = $freeipa::webui_proxy_external_fqdn
$proxy_https_port = $freeipa::webui_proxy_https_port
$proxy_server_external_fqdn_and_port = "${proxy_server_external_fqdn}:${proxy_https_port}"
$proxy_internal_uri = "https://${proxy_server_internal_fqdn}"
$proxy_external_uri = "https://${proxy_server_external_fqdn}:${proxy_https_port}"
$proxy_server_name = "https://${freeipa::ipa_server_fqdn}:${proxy_https_port}"
$proxy_referrer_regex = regsubst(
$proxy_external_uri,
'\.',
'\.',
'G',
)
file_line { 'webui_additional_https_port_listener':
ensure => present,
path => '/etc/httpd/conf.d/nss.conf',
line => "Listen ${proxy_https_port}",
after => 'Listen\ 443',
notify => Service['httpd'],
}
file { '/etc/httpd/conf.d/ipa-rewrite.conf':
ensure => present,
replace => true,
content => template('freeipa/ipa-rewrite.conf.erb'),
notify => Service['httpd'],
}
file { '/etc/httpd/conf.d/ipa-webui-proxy.conf':
ensure => present,
replace => true,
content => template('freeipa/ipa-webui-proxy.conf.erb'),
notify => Service['httpd'],
}
}
if $freeipa::webui_disable_kerberos {
file_line{'disable_kerberos_via_if_1':
ensure => present,
path => '/etc/httpd/conf.d/ipa.conf',
line => " <If \"%{HTTP_HOST} != '${proxy_server_external_fqdn_and_port}'\">",
notify => Service['httpd'],
after => '^<Location\ "/ipa">$',
}
file_line{'disable_kerberos_via_if_2':
ensure => present,
path => '/etc/httpd/conf.d/ipa.conf',
line => ' </If>',
notify => Service['httpd'],
after => 'ErrorDocument\ 401\ /ipa/errors/unauthorized.html',
}
}
}
......@@ -14,8 +14,6 @@
# enable_hostname => true,
# manage_host_entry => true,
# install_epel => true,
# webui_disable_kerberos => true,
# webui_enable_proxy => true,
# humanadmins => { foo => { password => 'secret123', ensure => 'present'}, bar => { password => 'secret123', ensure => 'present'} },
# }
#
......@@ -58,14 +56,6 @@
# @param server_install_ldaputils If true, then the ldaputils packages are installed if ipa_role is not set to client.
# @param sssd_package_name Name of the sssd package.
# @param sssdtools_package_name Name of the sssdtools package.
# @param webui_disable_kerberos If true, then /etc/httpd/conf.d/ipa.conf is written to exclude kerberos support for incoming
# requests whose HTTP_HOST variable match the parameter 'webio_proxy_external_fqdn'. This allows the IPA Web UI to work on a
# proxied port, while allowing IPA client access to function as normal.
# @param webui_enable_proxy If true, then httpd is configured to act as a reverse proxy for the IPA Web UI. This allows
# the Web UI to be accessed from different ports and hostnames than the default.
# This is necessary to allow the WebUI to be accessed behind a reverse proxy when using nonstandard ports.
# @param webui_proxy_external_fqdn The public or external FQDN used to access the IPA Web UI behind the reverse proxy.
# @param webui_proxy_https_port The HTTPS port to use for the reverse proxy. Cannot be 443.
# @param humanadmins Hash of admin accounts in freeipa. Uses the following schema : Hash[ String[1], Struct[{ password => String[1], Optional[ensure] => Enum['present','absent']}]]
#
class freeipa (
......@@ -111,10 +101,6 @@ class freeipa (
Boolean $server_install_ldaputils = true,
String $sssd_package_name = 'sssd-common',
String $sssdtools_package_name = 'sssd-tools',
Boolean $webui_disable_kerberos = false,
Boolean $webui_enable_proxy = false,
Stdlib::Fqdn $webui_proxy_external_fqdn = 'localhost',
String $webui_proxy_https_port = '8440',
) {
if $facts['kernel'] != 'Linux' or $facts['osfamily'] == 'Windows' {
......
......@@ -86,8 +86,6 @@ class freeipa::install::server {
{ensure => 'running'},
)
contain 'freeipa::config::webui'
service { 'ipa':
ensure => 'running',
enable => true,
......
......@@ -18,8 +18,6 @@ describe 'freeipa class' do
enable_manage_admins => true,
manage_host_entry => true,
install_epel => true,
webui_disable_kerberos => true,
webui_enable_proxy => true,
ipa_master_fqdn => 'ipa-server-1.example.lan',
humanadmins => {
foo => {
......@@ -114,8 +112,6 @@ describe 'freeipa class' do
enable_hostname => true,
manage_host_entry => true,
install_epel => true,
webui_disable_kerberos => true,
webui_enable_proxy => true,
ipa_master_fqdn => 'ipa-server-1.example.lan',
}
EOS
......@@ -232,8 +228,6 @@ describe 'freeipa class' do
enable_manage_admins => true,
manage_host_entry => true,
install_epel => true,
webui_disable_kerberos => true,
webui_enable_proxy => true,
ipa_master_fqdn => 'ipa-server-1.example.lan',
humanadmins => {
foo => {
......
require 'spec_helper'
describe 'freeipa::config::webui' do
on_supported_os.each do |os, os_facts|
context "on #{os}" do
let(:pre_condition) do
manifest = <<-EOS
class{ 'freeipa' :
ipa_role => 'master',
ipa_master_fqdn => 'master.example.lan',
ipa_server_fqdn => 'foo.example.lan',
domain => 'example.lan',
password_usedto_joindomain => 'foobartest',
puppet_admin_password => 'foobartest',
directory_services_password => 'foobartest',
ip_address => '10.10.10.35',
}
EOS
manifest
end
let(:facts) { os_facts }
it { is_expected.to compile }
end
end
end
......@@ -24,7 +24,6 @@ describe 'freeipa', type: :class do
it { is_expected.to contain_class('freeipa::install::server') }
it { is_expected.to contain_class('freeipa::install::sssd') }
it { is_expected.to contain_class('freeipa::install::server::master') }
it { is_expected.to contain_class('freeipa::config::webui') }
it { is_expected.not_to contain_class('freeipa::install::autofs') }
it { is_expected.not_to contain_class('freeipa::install::server::replica') }
......@@ -60,7 +59,6 @@ describe 'freeipa', type: :class do
it { is_expected.to contain_class('freeipa::install::server') }
it { is_expected.to contain_class('freeipa::install::sssd') }
it { is_expected.to contain_class('freeipa::install::server::replica') }
it { is_expected.to contain_class('freeipa::config::webui') }
it { is_expected.not_to contain_class('freeipa::install::autofs') }
it { is_expected.not_to contain_class('freeipa::install::server::master') }
......@@ -102,7 +100,6 @@ describe 'freeipa', type: :class do
it { is_expected.not_to contain_class('freeipa::install::server') }
it { is_expected.not_to contain_class('freeipa::install::server::master') }
it { is_expected.not_to contain_class('freeipa::install::server::replica') }
it { is_expected.not_to contain_class('freeipa::config::webui') }
if facts[:os]['family'] == 'Debian'
it { is_expected.to contain_package('freeipa-client') }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment