Puppet Class: profile::superset::proxy

Defined in:
modules/profile/manifests/superset/proxy.pp

Overview

Class profile::superset::proxy

Sets up a WMF HTTP LDAP auth proxy.

Parameters:

  • ldap_config (Hash) (defaults to: lookup('ldap', Hash, hash, {}))
  • x_forwarded_proto (String) (defaults to: lookup('profile::superset::proxy::x_forwarded_proto', {'default_value' => 'https'}))
  • enable_cas (Boolean) (defaults to: lookup('profile::superset::enable_cas'))
  • ferm_srange (String) (defaults to: lookup('profile::superset::proxy::ferm_srange', {'default_value' => '$CACHES'}))
  • server_name (String) (defaults to: lookup('profile::superset::server_name'))


5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
# File 'modules/profile/manifests/superset/proxy.pp', line 5

class profile::superset::proxy (
    Hash $ldap_config          = lookup('ldap', Hash, hash, {}),
    String $x_forwarded_proto  = lookup('profile::superset::proxy::x_forwarded_proto', {'default_value' => 'https'}),
    Boolean $enable_cas        = lookup('profile::superset::enable_cas'),
    String $ferm_srange        = lookup('profile::superset::proxy::ferm_srange', {'default_value' => '$CACHES'}),
    String $server_name        = lookup('profile::superset::server_name'),
) {

    require ::profile::analytics::httpd::utils

    include ::profile::prometheus::apache_exporter

    class { '::httpd':
        modules => ['proxy_http',
                    'proxy',
                    'headers',
                    'auth_basic',
                    'authnz_ldap']
    }

    if $enable_cas {
        profile::idp::client::httpd::site { $server_name:
            vhost_content    => 'profile/idp/client/httpd-superset.erb',
            proxied_as_https => true,
            vhost_settings   => { 'x-forwarded-proto' => $x_forwarded_proto },
            required_groups  => [
                'cn=ops,ou=groups,dc=wikimedia,dc=org',
                'cn=wmf,ou=groups,dc=wikimedia,dc=org',
                'cn=nda,ou=groups,dc=wikimedia,dc=org',
            ]
        }
    } else {
        class { '::passwords::ldap::production': }
        $proxypass = $passwords::ldap::production::proxypass
        $ldap_server_primary = $ldap_config['ro-server']
        $ldap_server_fallback = $ldap_config['ro-server-fallback']

        httpd::site { $server_name:
            content => template('profile/superset/proxy/superset.wikimedia.org.erb'),
            require => File['/var/www/health_check'],
        }
    }

    ferm::service { 'superset-http':
        proto  => 'tcp',
        port   => '80',
        srange => $ferm_srange,
    }
}