diff --git a/manifests/plugin/container.pp b/manifests/plugin/container.pp index c1587ae..f79029e 100644 --- a/manifests/plugin/container.pp +++ b/manifests/plugin/container.pp @@ -21,6 +21,16 @@ ], 'request_headers' => $pulpcore::apache::api_default_request_headers + $pulpcore::apache::api_additional_request_headers, }, + { + 'provider' => 'location', + 'path' => $location_prefix, + 'proxy_pass' => [ + { + 'url' => $pulpcore::apache::api_base_url, + }, + ], + 'request_headers' => $pulpcore::apache::api_default_request_headers + $pulpcore::apache::api_additional_request_headers, + }, ], 'proxy_pass' => [ { @@ -31,7 +41,7 @@ } pulpcore::plugin { 'container': - config => 'TOKEN_AUTH_DISABLED=True', + config => "TOKEN_AUTH_DISABLED=True\nFLATPAK_INDEX=True", https_content => epp('pulpcore/apache-fragment.epp', $context), } } diff --git a/spec/classes/plugin_container_spec.rb b/spec/classes/plugin_container_spec.rb index fc30726..852fc25 100644 --- a/spec/classes/plugin_container_spec.rb +++ b/spec/classes/plugin_container_spec.rb @@ -13,7 +13,8 @@ .that_subscribes_to('Class[Pulpcore::Install]') .that_notifies(['Class[Pulpcore::Database]', 'Class[Pulpcore::Service]']) is_expected.to contain_package('pulpcore-plugin(container)') - is_expected.to contain_concat__fragment('plugin-container').with_content("\n# container plugin settings\nTOKEN_AUTH_DISABLED=True") + is_expected.to contain_concat__fragment('plugin-container') + .with_content("\n# container plugin settings\nTOKEN_AUTH_DISABLED=True\nFLATPAK_INDEX=True") is_expected.to contain_pulpcore__apache__fragment('plugin-container') is_expected.not_to contain_apache__vhost__fragment('pulpcore-http-plugin-container') is_expected.to contain_apache__vhost__fragment('pulpcore-https-plugin-container') @@ -28,6 +29,13 @@ ProxyPassReverse unix:///run/pulpcore-api.sock|http://pulpcore-api/v2/ + + RequestHeader unset REMOTE-USER + RequestHeader unset REMOTE_USER + ProxyPass unix:///run/pulpcore-api.sock|http://pulpcore-api + ProxyPassReverse unix:///run/pulpcore-api.sock|http://pulpcore-api + + ProxyPass /pulp/container/ unix:///run/pulpcore-content.sock|http://pulpcore-content/pulp/container/ ProxyPassReverse /pulp/container/ unix:///run/pulpcore-content.sock|http://pulpcore-content/pulp/container/ APACHE_CONFIG @@ -57,6 +65,14 @@ class {'pulpcore': ProxyPassReverse unix:///run/pulpcore-api.sock|http://pulpcore-api/v2/ + + RequestHeader unset REMOTE-USER + RequestHeader unset REMOTE_USER + RequestHeader set REMOTE-USER "admin" "expr=%{SSL_CLIENT_S_DN_CN} == 'foreman.example.com'" + ProxyPass unix:///run/pulpcore-api.sock|http://pulpcore-api + ProxyPassReverse unix:///run/pulpcore-api.sock|http://pulpcore-api + + ProxyPass /pulp/container/ unix:///run/pulpcore-content.sock|http://pulpcore-content/pulp/container/ ProxyPassReverse /pulp/container/ unix:///run/pulpcore-content.sock|http://pulpcore-content/pulp/container/ APACHE_CONFIG