From 37641fcdf19731ce09a677bc80d3b2dd67402de5 Mon Sep 17 00:00:00 2001
From: Philip Henning <mail@philip-henning.com>
Date: Fri, 12 Jul 2019 20:14:46 +0200
Subject: [PATCH] Add auth_request_set directive (#154)

---
 README.md                      | 14 +++++++++++++-
 defaults/main.yml              | 14 +++++++++++++-
 templates/http/default.conf.j2 | 13 +++++++++++++
 3 files changed, 39 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 749fb62..80b428b 100644
--- a/README.md
+++ b/README.md
@@ -345,6 +345,9 @@ nginx_main_template:
   stream_enable: false
   http_global_autoindex: false
   #auth_request_http: /auth
+  #auth_request_set_http:
+    #name: $auth_user
+    #value: $upstream_http_x_user
 
 # Enable creating dynamic templated NGINX HTTP configuration files.
 # Defaults will not produce a valid configuration. Instead they are meant to showcase
@@ -365,6 +368,9 @@ nginx_http_template:
     auth_basic_user_file: null
     try_files: $uri $uri/index.html $uri.html =404
     #auth_request: /auth
+    #auth_request_set:
+      #name: $auth_user
+      #value: $upstream_http_x_user
     add_headers:
       strict_transport_security:
         name: Strict-Transport-Security
@@ -406,6 +412,9 @@ nginx_http_template:
           auth_basic_user_file: null
           try_files: $uri $uri/index.html $uri.html =404
           #auth_request: /auth
+          #auth_request_set:
+            #name: $auth_user
+            #value: $upstream_http_x_user
           #returns:
             #return302:
               #code: 302
@@ -498,7 +507,10 @@ nginx_http_template:
           auth_basic: null
           auth_basic_user_file: null
           try_files: $uri $uri/index.html $uri.html =404
-          #auth_req: /auth
+          #auth_request: /auth
+          #auth_request_set:
+            #name: $auth_user
+            #value: $upstream_http_x_user
           #returns:
             #return302:
               #code: 302
diff --git a/defaults/main.yml b/defaults/main.yml
index 8946e01..070d94b 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -157,6 +157,9 @@ nginx_main_template:
   stream_enable: false
   http_global_autoindex: false
   #auth_request_http: /auth
+  #auth_request_set_http:
+    #name: $auth_user
+    #value: $upstream_http_x_user
 
 # Enable creating dynamic templated NGINX HTTP configuration files.
 # Defaults will not produce a valid configuration. Instead they are meant to showcase
@@ -177,6 +180,9 @@ nginx_http_template:
     auth_basic_user_file: null
     try_files: $uri $uri/index.html $uri.html =404
     #auth_request: /auth
+    #auth_request_set:
+      #name: $auth_user
+      #value: $upstream_http_x_user
     add_headers:
       strict_transport_security:
         name: Strict-Transport-Security
@@ -218,6 +224,9 @@ nginx_http_template:
           auth_basic_user_file: null
           try_files: $uri $uri/index.html $uri.html =404
           #auth_request: /auth
+          #auth_request_set:
+            #name: $auth_user
+            #value: $upstream_http_x_user
           #returns:
             #return302:
               #code: 302
@@ -310,7 +319,10 @@ nginx_http_template:
           auth_basic: null
           auth_basic_user_file: null
           try_files: $uri $uri/index.html $uri.html =404
-          #auth_req: /auth
+          #auth_request: /auth
+          #auth_request_set:
+            #name: $auth_user
+            #value: $upstream_http_x_user
           #returns:
             #return302:
               #code: 302
diff --git a/templates/http/default.conf.j2 b/templates/http/default.conf.j2
index 2e5dded..347dfb9 100644
--- a/templates/http/default.conf.j2
+++ b/templates/http/default.conf.j2
@@ -48,6 +48,9 @@ proxy_temp_path {{ item.value.reverse_proxy.proxy_temp_path.path }} {{ item.valu
 {% if item.value.auth_request_http is defined %}
 auth_request {{ item.value.auth_request_http }};
 {% endif %}
+{% if item.value.auth_request_set_http is defined %}
+auth_request_set {{ item.value.auth_request_set_http.name }} {{ item.value.auth_request_set_http.value }};
+{% endif %}
 
 server {
 {% if item.value.ssl is defined and item.value.ssl %}
@@ -111,6 +114,9 @@ server {
 {% if item.value.auth_request is defined %}
     auth_request {{ item.value.auth_request }};
 {% endif %}
+{% if item.value.auth_request_set is defined %}
+    auth_request_set {{ item.value.auth_request_set.name }} {{ item.value.auth_request_set.value }};
+{% endif %}
 
 {% if item.value.reverse_proxy is defined and item.value.reverse_proxy %}
 {% for location in item.value.reverse_proxy.locations %}
@@ -126,6 +132,9 @@ server {
 {% if item.value.reverse_proxy.locations[location].auth_request is defined %}
         auth_request {{ item.value.reverse_proxy.locations[location].auth_request }};
 {% endif %}
+{% if item.value.reverse_proxy.locations[location].auth_request_set is defined %}
+        auth_request_set {{ item.value.reverse_proxy.locations[location].auth_request_set.name }} {{ item.value.reverse_proxy.locations[location].auth_request_set.value }};
+{% endif %}
 {% if item.value.reverse_proxy.locations[location].auth_basic is defined and item.value.reverse_proxy.locations[location].auth_basic %}
         auth_basic "{{ item.value.reverse_proxy.locations[location].auth_basic }}";
 {% endif %}
@@ -274,6 +283,10 @@ server {
 {% if item.value.web_server.locations[location].auth_request is defined %}
         auth_request {{ item.value.web_server.locations[location].auth_request }};
 {% endif %}
+{% if item.value.web_server.locations[location].auth_request_set is defined %}
+        auth_request_set {{ item.value.web_server.locations[location].auth_request_set.name }} {{ item.value.web_server.locations[location].auth_request_set.value }};
+{% endif %}
+
     }
 {% endfor %}
 {% if item.value.web_server.http_demo_conf %}