Merge pull request puppetlabs#2078 from traylenator/gssapi

WIP: Support mod_auth_gssapi parameters

Author: adrianiurca

manifests/vhost.pp

@@ -1475,6 +1475,24 @@
 #   }
 #   ```
 # 
+# @param gssapi
+#  Specfies mod_auth_gssapi parameters for particular directories in a virtual host directory
+#  ```puppet
+#   include apache::mod::auth_gssapi
+#   apache::vhost { 'sample.example.net':
+#     docroot     => '/path/to/directory',
+#     directories => [
+#       { path   => '/path/to/different/dir',
+#         gssapi => {
+#           credstore => 'keytab:/foo/bar.keytab',
+#           localname => 'Off',
+#           sslonly   => 'On',
+#         }
+#       },
+#     ],
+#   }
+#   ```
+#
 # @param ssl
 #   Enables SSL for the virtual host. SSL virtual hosts only respond to HTTPS queries.
 #

spec/defines/vhost_spec.rb

@@ -246,6 +246,11 @@
                   'passenger_allow_encoded_slashes'                     => false,
                   'passenger_app_log_file'                              => '/tmp/app.log',
                   'passenger_debugger'                                  => false,
+                  'gssapi'                                              => {
+                    'credstore' => 'keytab:/foo/bar.keytab',
+                    'localname' => 'On',
+                    'sslonly'   => 'Off',
+                  },
                 },
               ],
               'error_log'                   => false,
@@ -921,6 +926,21 @@
               content: %r{^\s+PassengerDebugger\sOff$},
             )
           }
+          it {
+            is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+              content: %r{^\s+GssapiCredStore\skeytab:/foo/bar.keytab$},
+            )
+          }
+          it {
+            is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+              content: %r{^\s+GssapiSSLonly\sOff$},
+            )
+          }
+          it {
+            is_expected.to contain_concat__fragment('rspec.example.com-directories').with(
+              content: %r{^\s+GssapiLocalName\sOn$},
+            )
+          }
           it { is_expected.to contain_concat__fragment('rspec.example.com-additional_includes') }
           it { is_expected.to contain_concat__fragment('rspec.example.com-logging') }
           it {

templates/vhost/_directories.erb

@@ -497,6 +497,9 @@
     <%- if directory['custom_fragment'] -%>
     <%= directory['custom_fragment'] %>
     <%- end -%>
+    <%- if directory['gssapi'] -%>
+      <%= scope.call_function('epp',["apache/vhost/_gssapi.epp", directory['gssapi']]) -%>
+    <%- end -%>
   </<%= provider %>>
     <%- end -%>
   <%- end -%>

templates/vhost/_gssapi.epp

@@ -0,0 +1,16 @@
+<%|
+  # https://github.com/gssapi/mod_auth_gssapi
+  Optional[String[1]]        $credstore = undef,
+  Optional[Enum['On','Off']] $sslonly   = undef,
+  Optional[Enum['On','Off']] $localname = undef,
+|%>
+# mod_auth_gssapi configuration
+<% if $sslonly { -%>
+    GssapiSSLonly <%= $sslonly %>
+<% } -%>
+<% if $localname { -%>
+    GssapiLocalName <%= $localname %>
+<% } -%>
+<% if $credstore { -%>
+    GssapiCredStore <%= $credstore %>
+<% } -%>