Add auth_request_set directive (#154)

2019-07-12 20:14:46 +02:00 · 2019-07-12 20:14:46 +02:00 · 37641fcdf1
commit 37641fcdf1
parent 43fdafe1b1
3 changed files with 39 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -345,6 +345,9 @@ nginx_main_template:
  stream_enable: false
  http_global_autoindex: false
  #auth_request_http: /auth
+  #auth_request_set_http:
+    #name: $auth_user
+    #value: $upstream_http_x_user

 # Enable creating dynamic templated NGINX HTTP configuration files.
 # Defaults will not produce a valid configuration. Instead they are meant to showcase
@ -365,6 +368,9 @@ nginx_http_template:
    auth_basic_user_file: null
    try_files: $uri $uri/index.html $uri.html =404
    #auth_request: /auth
+    #auth_request_set:
+      #name: $auth_user
+      #value: $upstream_http_x_user
    add_headers:
      strict_transport_security:
        name: Strict-Transport-Security
@ -406,6 +412,9 @@ nginx_http_template:
          auth_basic_user_file: null
          try_files: $uri $uri/index.html $uri.html =404
          #auth_request: /auth
+          #auth_request_set:
+            #name: $auth_user
+            #value: $upstream_http_x_user
          #returns:
            #return302:
              #code: 302
@ -498,7 +507,10 @@ nginx_http_template:
          auth_basic: null
          auth_basic_user_file: null
          try_files: $uri $uri/index.html $uri.html =404
-          #auth_req: /auth
+          #auth_request: /auth
+          #auth_request_set:
+            #name: $auth_user
+            #value: $upstream_http_x_user
          #returns:
            #return302:
              #code: 302
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -157,6 +157,9 @@ nginx_main_template:
  stream_enable: false
  http_global_autoindex: false
  #auth_request_http: /auth
+  #auth_request_set_http:
+    #name: $auth_user
+    #value: $upstream_http_x_user

 # Enable creating dynamic templated NGINX HTTP configuration files.
 # Defaults will not produce a valid configuration. Instead they are meant to showcase
@ -177,6 +180,9 @@ nginx_http_template:
    auth_basic_user_file: null
    try_files: $uri $uri/index.html $uri.html =404
    #auth_request: /auth
+    #auth_request_set:
+      #name: $auth_user
+      #value: $upstream_http_x_user
    add_headers:
      strict_transport_security:
        name: Strict-Transport-Security
@ -218,6 +224,9 @@ nginx_http_template:
          auth_basic_user_file: null
          try_files: $uri $uri/index.html $uri.html =404
          #auth_request: /auth
+          #auth_request_set:
+            #name: $auth_user
+            #value: $upstream_http_x_user
          #returns:
            #return302:
              #code: 302
@ -310,7 +319,10 @@ nginx_http_template:
          auth_basic: null
          auth_basic_user_file: null
          try_files: $uri $uri/index.html $uri.html =404
-          #auth_req: /auth
+          #auth_request: /auth
+          #auth_request_set:
+            #name: $auth_user
+            #value: $upstream_http_x_user
          #returns:
            #return302:
              #code: 302
--- a/templates/http/default.conf.j2
+++ b/templates/http/default.conf.j2
@ -48,6 +48,9 @@ proxy_temp_path {{ item.value.reverse_proxy.proxy_temp_path.path }} {{ item.valu
 {% if item.value.auth_request_http is defined %}
 auth_request {{ item.value.auth_request_http }};
 {% endif %}
+{% if item.value.auth_request_set_http is defined %}
+auth_request_set {{ item.value.auth_request_set_http.name }} {{ item.value.auth_request_set_http.value }};
+{% endif %}

 server {
 {% if item.value.ssl is defined and item.value.ssl %}
@ -111,6 +114,9 @@ server {
 {% if item.value.auth_request is defined %}
    auth_request {{ item.value.auth_request }};
 {% endif %}
+{% if item.value.auth_request_set is defined %}
+    auth_request_set {{ item.value.auth_request_set.name }} {{ item.value.auth_request_set.value }};
+{% endif %}

 {% if item.value.reverse_proxy is defined and item.value.reverse_proxy %}
 {% for location in item.value.reverse_proxy.locations %}
@ -126,6 +132,9 @@ server {
 {% if item.value.reverse_proxy.locations[location].auth_request is defined %}
        auth_request {{ item.value.reverse_proxy.locations[location].auth_request }};
 {% endif %}
+{% if item.value.reverse_proxy.locations[location].auth_request_set is defined %}
+        auth_request_set {{ item.value.reverse_proxy.locations[location].auth_request_set.name }} {{ item.value.reverse_proxy.locations[location].auth_request_set.value }};
+{% endif %}
 {% if item.value.reverse_proxy.locations[location].auth_basic is defined and item.value.reverse_proxy.locations[location].auth_basic %}
        auth_basic "{{ item.value.reverse_proxy.locations[location].auth_basic }}";
 {% endif %}
@ -274,6 +283,10 @@ server {
 {% if item.value.web_server.locations[location].auth_request is defined %}
        auth_request {{ item.value.web_server.locations[location].auth_request }};
 {% endif %}
+{% if item.value.web_server.locations[location].auth_request_set is defined %}
+        auth_request_set {{ item.value.web_server.locations[location].auth_request_set.name }} {{ item.value.web_server.locations[location].auth_request_set.value }};
+{% endif %}
+
    }
 {% endfor %}
 {% if item.value.web_server.http_demo_conf %}