Merge pull request #2423 from ic248/main

Add MellonSetEnv support
puppetlabs · Jul 20, 2023 · 9436c0a · 9436c0a
2 parents 7cfe947 + 6de78a4
commit 9436c0a
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 0 deletions.
diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb
@@ -301,6 +301,21 @@
                   'ssl_verify_client' => 'optional',
                   'ssl_verify_depth' => 10
                 },
+                {
+                  'path' => '/private_2',
+                  'provider' => 'location',
+                  'mellon_enable' => 'auth',
+                  'mellon_sp_private_key_file' => '/etc/httpd/mellon/example.com_mellon.key',
+                  'mellon_sp_cert_file' => '/etc/httpd/mellon/example.com_mellon.crt',
+                  'mellon_sp_metadata_file' => '/etc/httpd/mellon/example.com_sp_mellon.xml',
+                  'mellon_idp_metadata_file' => '/etc/httpd/mellon/example.com_idp_mellon.xml',
+                  'mellon_set_env' => { 'isMemberOf' => 'urn:oid:1.3.6.1.4.1.5923.1.5.1.1' },
+                  'mellon_set_env_no_prefix' => { 'isMemberOf' => 'urn:oid:1.3.6.1.4.1.5923.1.5.1.1' },
+                  'mellon_user' => 'urn:oid:0.9.2342.19200300.100.1.1',
+                  'mellon_saml_response_dump' => 'Off',
+                  'mellon_cond' => ['isMemberOf "cn=example-access,ou=Groups,o=example,o=com" [MAP]'],
+                  'mellon_session_length' => '300'
+                },
               ],
               'error_log' => false,
               'error_log_file' => 'httpd_error_log',
@@ -613,6 +628,7 @@
           it { is_expected.to contain_concat__fragment('rspec.example.com-itk') }
           it { is_expected.to contain_concat__fragment('rspec.example.com-fallbackresource') }
 
+          # rubocop:disable RSpec/ExampleLength
           it {
             expect(subject).to contain_concat__fragment('rspec.example.com-directories')
               .with_content(%r{^\s+<Proxy "\*">$})
@@ -721,7 +737,18 @@
               .with_content(%r{^\s+GssapiUseSessions\sOn$})
               .with_content(%r{^\s+SSLVerifyClient\soptional$})
               .with_content(%r{^\s+SSLVerifyDepth\s10$})
+              .with_content(%r{^\s+MellonEnable\s"auth"$})
+              .with_content(%r{^\s+MellonSPPrivateKeyFile\s"/etc/httpd/mellon/example\.com_mellon\.key"$})
+              .with_content(%r{^\s+MellonSPCertFile\s"/etc/httpd/mellon/example\.com_mellon\.crt"$})
+              .with_content(%r{^\s+MellonSPMetadataFile\s"/etc/httpd/mellon/example\.com_sp_mellon\.xml"$})
+              .with_content(%r{^\s+MellonIDPMetadataFile\s"/etc/httpd/mellon/example\.com_idp_mellon\.xml"$})
+              .with_content(%r{^\s+MellonSetEnv\s"isMemberOf"\s"urn:oid:1\.3\.6\.1\.4\.1\.5923\.1\.5\.1\.1"$})
+              .with_content(%r{^\s+MellonSetEnvNoPrefix\s"isMemberOf"\s"urn:oid:1\.3\.6\.1\.4\.1\.5923\.1\.5\.1\.1"$})
+              .with_content(%r{^\s+MellonUser\s"urn:oid:0\.9\.2342\.19200300\.100\.1\.1"$})
+              .with_content(%r{^\s+MellonCond\sisMemberOf\s"cn=example-access,ou=Groups,o=example,o=com"\s\[MAP\]$})
+              .with_content(%r{^\s+MellonSessionLength\s"300"$})
           }
+          # rubocop:enable RSpec/ExampleLength
 
           it { is_expected.to contain_concat__fragment('rspec.example.com-additional_includes') }
 

diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb
@@ -428,6 +428,11 @@
       <%- if directory['mellon_idp_metadata_file'] -%>
     MellonIDPMetadataFile "<%= directory['mellon_idp_metadata_file'] %>"
       <%- end -%>
+      <%- if directory['mellon_set_env'] -%>
+        <%- directory['mellon_set_env'].each do |key, value| -%>
+    MellonSetEnv "<%= key %>" "<%= value %>"
+        <%- end -%>
+      <%- end -%>
       <%- if directory['mellon_set_env_no_prefix'] -%>
         <%- directory['mellon_set_env_no_prefix'].each do |key, value| -%>
     MellonSetEnvNoPrefix "<%= key %>" "<%= value %>"