Automatically include modules used in vhost directories

ekohl · ekohl · commit 10a3e5f7435a · 2022-06-28T12:24:17.000+02:00
The data passed to the directories parameter of apache::vhost often
implies a module should be present. This change inspects the passed data
and automatically includes modules if needed. This makes it easier to
use via Hiera while disabling all default mods.

Because of this change one acceptance test becomes obsolete: it no
longer fails and just works.
diff --git a/manifests/vhost.pp b/manifests/vhost.pp
@@ -2366,6 +2366,40 @@
   # - $suphp_engine
   # - $shibboleth_enabled
   if $_directories and ! empty($_directories) and $ensure == 'present' {
+    $_directories.each |Hash $directory| {
+      if 'auth_basic_authoritative' in $directory or 'auth_basic_fake' in $directory or 'auth_basic_provider' in $directory {
+        include apache::mod::auth_basic
+      }
+
+      if 'auth_user_file' in $directory {
+        include apache::mod::authn_file
+      }
+
+      if 'auth_group_file' in $directory {
+        include apache::mod::authz_groupfile
+      }
+
+      if 'gssapi' in $directory {
+        include apache::mod::auth_gssapi
+      }
+
+      if $directory['provider'] and $directory['provider'] =~ 'location' and ('proxy_pass' in $directory or 'proxy_pass_match' in $directory) {
+        include apache::mod::proxy_http
+      }
+
+      if 'request_headers' in $directory {
+        include apache::mod::headers
+      }
+
+      if 'rewrites' in $directory {
+        include apache::mod::rewrite
+      }
+
+      if 'setenv' in $directory {
+        include apache::mod::setenv
+      }
+    }
+
     concat::fragment { "${name}-directories":
       target  => "${priority_real}${filename}.conf",
       order   => 60,
diff --git a/spec/acceptance/default_mods_spec.rb b/spec/acceptance/default_mods_spec.rb
@@ -22,47 +22,6 @@ class { 'apache':
     end
   end
 
-  unless os[:family] == 'sles' && os[:release].to_i >= 12
-    describe 'no default mods and failing' do
-      before :all do
-        pp = <<-PP
-        include apache::params
-        class { 'apache': default_mods => false, service_ensure => stopped, }
-        PP
-        apply_manifest(pp)
-      end
-      # Using puppet_apply as a helper
-      pp = <<-MANIFEST
-          class { 'apache':
-            default_mods => false,
-          }
-          apache::vhost { 'defaults.example.com':
-            docroot     => '#{apache_hash['doc_root']}/defaults',
-            aliases     => [
-              {
-                alias => '/css',
-                path  => '#{apache_hash['doc_root']}/css',
-              },
-            ],
-            directories => [
-            {
-                'path'            => "#{apache_hash['doc_root']}/admin",
-                'auth_basic_fake' => 'demo demopass',
-              }
-            ],
-            setenv      => 'TEST1 one',
-          }
-      MANIFEST
-      it 'applies with errors' do
-        apply_manifest(pp, expect_failures: true)
-      end
-    end
-
-    describe service(apache_hash['service_name']) do
-      it { is_expected.not_to be_running }
-    end
-  end
-
   describe 'alternative default mods' do
     # Using puppet_apply as a helper
     let(:pp) do
diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb
@@ -199,6 +199,8 @@
                   'path'                => '/',
                   'provider'            => 'location',
                   'auth_ldap_referrals' => 'off',
+                  'auth_group_file'     => '/path/to/authz_group_file',
+                  'setenv'              => ['SPECIAL_PATH /foo/bin'],
                 },
                 {
                   'path'       => '/proxy',
@@ -577,6 +579,10 @@
                                                               'mode' => '0600')
           }
           it { is_expected.to contain_class('apache::mod::alias') }
+          it { is_expected.to contain_class('apache::mod::auth_basic') }
+          it { is_expected.to contain_class('apache::mod::authn_file') }
+          it { is_expected.to contain_class('apache::mod::authz_groupfile') }
+          it { is_expected.to contain_class('apache::mod::auth_gssapi') }
           it { is_expected.to contain_class('apache::mod::env') }
           it { is_expected.to contain_class('apache::mod::fastcgi') }
           it { is_expected.to contain_class('apache::mod::filter') }
@@ -586,6 +592,7 @@
           it { is_expected.to contain_class('apache::mod::proxy') }
           it { is_expected.to contain_class('apache::mod::proxy_http') }
           it { is_expected.to contain_class('apache::mod::rewrite') }
+          it { is_expected.to contain_class('apache::mod::setenv') }
           it { is_expected.to contain_class('apache::mod::setenvif') }
           it { is_expected.to contain_class('apache::mod::suexec') }
           it { is_expected.to contain_class('apache::mod::vhost_alias') }
