Merge pull request #2540 from gerlingsm/fix/authz

ekohl · web-flow · commit fa927413fcc0 · 2024-04-29T18:05:22.000+02:00
Add missing brackets for function call
diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb
@@ -452,6 +452,25 @@ class { 'apache': }
               auth_require => 'valid-user',
               satisfy => 'Any',
             },
+            {
+              path => '/var/www/files/authz',
+              auth_type => 'Basic',
+              auth_name => 'Basic Auth',
+              authz_core => {
+                require_all => {
+                  require_any => {
+                    require => [
+                      '127.0.0.1'
+                      '10.10.10.10'
+                    ],
+                    require_all => {
+                      auth_user_file => ['/var/www/htpasswd'],
+                      require => ['valid-user'],
+                    },
+                  },
+                }
+              }
+            },
           ],
         }
         file { '/var/www/files/foo':
@@ -463,6 +482,9 @@ class { 'apache': }
         file { '/var/www/files/baz':
           ensure => directory,
         }
+        file { '/var/www/files/authz':
+          ensure => directory,
+        }
         file { '/var/www/files/foo/index.html':
           ensure  => file,
           content => "Hello World\\n",
@@ -475,6 +497,10 @@ class { 'apache': }
           ensure  => file,
           content => "Hello World\\n",
         }
+        file { '/var/www/files/authz/index.html':
+          ensure  => file,
+          content => "Hello World\\n",
+        }
         file { '/var/www/htpasswd':
           ensure  => file,
           content => "login:IZ7jMcLSx0oQk", # "password" as password
@@ -499,6 +525,10 @@ class { 'apache': }
           expect(result.stderr).to match(%r{curl: \(22\) The requested URL returned error: 401})
           expect(result.exit_code).to eq 22
           expect(run_shell('/usr/bin/curl -sSf -u login:password files.example.net:80/baz/index.html').stdout).to eq("Hello World\n")
+          result = run_shell('/usr/bin/curl -sSf files.example.net:80/authz/index.html', expect_failures: true)
+          expect(result.stderr).to match(%r{curl: \(22\) The requested URL returned error: 401})
+          expect(result.exit_code).to eq 22
+          expect(run_shell('/usr/bin/curl -sSf -u login:password files.example.net:80/authz/index.html').stdout).to eq("Hello World\n")
         end
       end
     end
diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb
@@ -316,6 +316,24 @@
                   'mellon_cond' => ['isMemberOf "cn=example-access,ou=Groups,o=example,o=com" [MAP]'],
                   'mellon_session_length' => '300'
                 },
+                {
+                  'path' => '/secure',
+                  'provider' => 'location',
+                  'auth_type' => 'Basic',
+                  'authz_core' => {
+                    'require_all' => {
+                      'require_any' => {
+                        'require' => ['user superadmin'],
+                        'require_all' => {
+                          'require' => ['group admins', 'ldap-group "cn=Administrators,o=Airius"'],
+                        },
+                      },
+                      'require_none' => {
+                        'require' => ['group temps', 'ldap-group "cn=Temporary Employees,o=Airius"']
+                      }
+                    }
+                  }
+                },
               ],
               'error_log' => false,
               'error_log_file' => 'httpd_error_log',
@@ -630,6 +648,7 @@
               .with_content(%r{^\s+Require valid-user$})
               .with_content(%r{^\s+Require all denied$})
               .with_content(%r{^\s+Require all granted$})
+              .with_content(%r{^\s+Require user superadmin$})
               .with_content(%r{^\s+<RequireAll>$})
               .with_content(%r{^\s+</RequireAll>$})
               .with_content(%r{^\s+Require all-valid1$})
diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb
@@ -548,7 +548,7 @@
     <%= directory['custom_fragment'] %>
     <%- end -%>
     <%- if directory['authz_core'] -%>
-      <%= scope.call_function('epp',["apache/vhost/_authz_core.epp", 'authz_core_config' => scope.call_function('apache::authz_core_config', directory['authz_core'])]) -%>
+      <%= scope.call_function('epp',["apache/vhost/_authz_core.epp", 'authz_core_config' => scope.call_function('apache::authz_core_config', [ directory['authz_core'] ]) ]) -%>
     <%- end -%>
     <%- if directory['gssapi'] -%>
       <%= scope.call_function('epp',["apache/vhost/_gssapi.epp", directory['gssapi']]) -%>
