Puppet Class: profile::kibana::httpd_proxy

Defined in:

modules/profile/manifests/kibana/httpd_proxy.pp

Overview

Class: profile::kibana::httpd_proxy

Provisions Authentication for Kibana

Parameters:

• $vhost: Apache vhost name

• $serveradmin: Email address for contacting server administrator

• $auth_type: Vhost auth type. One of ldap, local, none

• $require_ssl: Require SSL connection to vhost?

• $auth_realm: HTTP basic auth realm description

• $auth_file: Path to htpasswd file for $auth_type == 'local'

• $ldap_authurl: AuthLDAPURL for $auth_type == 'ldap'

• $ldap_binddn: AuthLDAPBindDN for $auth_type == 'ldap'

• $ldap_groups: List of ldap-group names for $auth_type == 'ldap'

Parameters:

• vhost (String) (defaults to: lookup('profile::kibana::httpd_proxy::vhost'))
• serveradmin (String) (defaults to: lookup('profile::kibana::httpd_proxy::serveradmin'))
• auth_type (Enum['ldap','local','none']) (defaults to: lookup('profile::kibana::httpd_proxy::auth_type'))
• require_ssl (Boolean) (defaults to: lookup('profile::kibana::httpd_proxy::require_ssl', { 'default_value' => true }))
• auth_realm (Optional[String]) (defaults to: lookup('profile::kibana::httpd_proxy::auth_realm', { 'default_value' => undef }))
• auth_file (Optional[String]) (defaults to: lookup('profile::kibana::httpd_proxy::auth_file', { 'default_value' => undef }))
• ldap_authurl (Optional[String]) (defaults to: lookup('profile::kibana::httpd_proxy::ldap_authurl', { 'default_value' => undef }))
• ldap_binddn (Optional[String]) (defaults to: lookup('profile::kibana::httpd_proxy::ldap_binddn', { 'default_value' => undef }))
• ldap_groups (Optional[Array[String]]) (defaults to: lookup('profile::kibana::httpd_proxy::ldap_groups', { 'default_value' => [] }))

# File 'modules/profile/manifests/kibana/httpd_proxy.pp', line 18

class profile::kibana::httpd_proxy (
    String $vhost                          = lookup('profile::kibana::httpd_proxy::vhost'),
    String $serveradmin                    = lookup('profile::kibana::httpd_proxy::serveradmin'),
    Enum['ldap','local','none'] $auth_type = lookup('profile::kibana::httpd_proxy::auth_type'),
    Boolean $require_ssl                   = lookup('profile::kibana::httpd_proxy::require_ssl', { 'default_value' => true }),
    Optional[String] $auth_realm           = lookup('profile::kibana::httpd_proxy::auth_realm', { 'default_value' => undef }),
    Optional[String] $auth_file            = lookup('profile::kibana::httpd_proxy::auth_file', { 'default_value' => undef }),
    Optional[String] $ldap_authurl         = lookup('profile::kibana::httpd_proxy::ldap_authurl', { 'default_value' => undef }),
    Optional[String] $ldap_binddn          = lookup('profile::kibana::httpd_proxy::ldap_binddn', { 'default_value' => undef }),
    Optional[Array[String]] $ldap_groups   = lookup('profile::kibana::httpd_proxy::ldap_groups', { 'default_value' => [] }),
) {
    $httpd_base_modules = ['proxy_http',
                        'proxy',
                        'alias',
                        'headers',
                        'rewrite']

    if $auth_type == 'ldap' {
        $httpd_extra_modules = ['authnz_ldap']
        include ::passwords::ldap::production

        # FIXME: move this into hiera config
        $ldap_bindpass = $passwords::ldap::production::proxypass

    } elsif $auth_type == 'local' {
        $httpd_extra_modules = ['authz_groupfile', 'authz_user']

    } elsif $auth_type == 'none' {
        $httpd_extra_modules = []

    }

    $httpd_modules = concat($httpd_base_modules, $httpd_extra_modules)

    class { '::httpd':
        modules => $httpd_modules,
    }

    $apache_auth = template("profile/kibana/httpd_proxy/apache-auth-${auth_type}.erb")

    if $auth_type != 'none' {
      ferm::service { 'kibana_frontend':
          proto   => 'tcp',
          port    => 80,
          notrack => true,
          srange  => '$DOMAIN_NETWORKS',
      }
    }

    httpd::site { $vhost:
        content => template('profile/kibana/httpd_proxy/apache.conf.erb'),
    }
}