Arbitrary apache conf (#3293)

Add ability to add arbitrary vhost and location directives
through 2 seperate configurations in ood_portal.yml.

ood-portal-generator/lib/ood_portal_generator/view.rb

@@ -47,6 +47,10 @@ def initialize(opts = {})
       @map_fail_uri     = opts.fetch(:map_fail_uri, nil)
       @pun_stage_cmd    = opts.fetch(:pun_stage_cmd, "sudo /opt/ood/nginx_stage/sbin/nginx_stage")
 
+      # custom directives
+      @custom_vhost_directives     = opts.fetch(:custom_vhost_directives, [])
+      @custom_location_directives  = opts.fetch(:custom_location_directives, [])
+
       # Maintenance configuration
       @use_maintenance          = opts.fetch(:use_maintenance, true)
       @maintenance_ip_allowlist = Array(opts.fetch(:maintenance_ip_allowlist, nil) || opts.fetch(:maintenance_ip_whitelist, []))

ood-portal-generator/share/ood_portal_example.yml

@@ -162,6 +162,22 @@
 #  - 'AuthType openid-connect'
 #  - 'Require valid-user'
 
+# List of custom apache directives to apply to the entire vhost.
+# Note this is an array of strings.
+# Example:
+#     custom_vhost_directives:
+#       - 'SetEnv SPECIAL_ENV_VAR custom'
+# Default: [] (no custom directives)
+#custom_vhost_directives: []
+
+# List of custom apache directives to apply to the Locations.
+# Note this is an array of strings.
+# Example:
+#     custom_location_directives:
+#       - 'SetEnv SPECIAL_ENV_VAR custom'
+# Default: [] (no custom directives)
+#custom_location_directives: []
+
 # Redirect user to the following URI when accessing root URI
 # Example:
 #     root_uri: '/my_uri'

ood-portal-generator/spec/application_spec.rb

@@ -120,6 +120,18 @@ def test_generate(input, output)
       test_generate('input/no_logs_w_log_config.yml', 'output/no_logs.conf')
     end
 
+    it 'templates custom vhost directives' do
+      test_generate('input/custom_vhost_directives.yml', 'output/custom_vhost_directives.conf')
+    end
+
+    it 'templates custom location directives' do
+      test_generate('input/custom_location_directives.yml', 'output/custom_location_directives.conf')
+    end
+
+    it 'templates custom location and vhost directives' do
+      test_generate('input/custom_directives.yml', 'output/custom_directives.conf')
+    end
+
     it 'generates full OIDC config' do
       config = {
         servername: 'ondemand.example.com',

ood-portal-generator/spec/fixtures/input/custom_directives.yml

@@ -0,0 +1,18 @@
+---
+auth:
+ - 'AuthType openid-connect'
+ - 'Require valid-user'
+
+custom_location_directives:
+  - 'SetEnv SPECIAL_LOCATION_ENV_VAR custom_location'
+  - 'SetEnv SECOND_LOCATION_VAR custom_location2'
+  - '  SetEnv INDENTED_LOCATION_VAR custom_location3'
+
+custom_vhost_directives:
+  - SetEnv SPECIAL_VHOST_ENV_VAR custom_vhost
+  - SetEnv SECOND_VHOST_VAR custom_vhost2
+  - '  SetEnv INDENTED_VHOST_VAR custom_vhost3'
+  - '<Location "/foo">'
+  - '  SetEnv SPECIAL_VHOST_LOCATION_ENV_VAR custom_vhost4'
+  - '</Location>'
+

ood-portal-generator/spec/fixtures/input/custom_location_directives.yml

@@ -0,0 +1,8 @@
+---
+auth:
+ - 'AuthType openid-connect'
+ - 'Require valid-user'
+
+custom_location_directives:
+  - SetEnv SPECIAL_LOCATION_ENV_VAR custom_location
+  - SetEnv SECOND_LOCATION_VAR custom_location2

ood-portal-generator/spec/fixtures/input/custom_vhost_directives.yml

@@ -0,0 +1,9 @@
+---
+auth:
+ - 'AuthType openid-connect'
+ - 'Require valid-user'
+
+custom_vhost_directives:
+  - SetEnv SPECIAL_VHOST_ENV_VAR custom_vhost
+  - SetEnv SECOND_VHOST_VAR custom_vhost2
+

ood-portal-generator/spec/fixtures/ood-portal.conf.all

@@ -115,6 +115,7 @@ Listen 8080
 
   SetEnv OOD_ALLOWED_HOSTS "foo.example.com,test.proxy.name,test.server.name"
 
+
   #
   # Below is used for sub-uri's this Open OnDemand portal supports
   #
@@ -140,6 +141,7 @@ Listen 8080
     AuthType openid-connect
     Require valid-user
 
+
     # ProxyPassReverse implementation
     Header edit Location "^[^/]+//[^/]+" ""
 
@@ -162,6 +164,7 @@ Listen 8080
     AuthType openid-connect
     Require valid-user
 
+
     # ProxyPassReverse implementation
     Header edit Location "^([^/]+//[^/]+)|(?=/)|^([\./]{1,}(?<!/))" "/configured-rnode/%{MATCH_HOST}e/%{MATCH_PORT}e"
 
@@ -185,6 +188,7 @@ Listen 8080
     AuthType openid-connect
     Require valid-user
 
+
     ProxyPreserveHost On
     ProxyAddHeaders On
     ProxyPassReverse "http://localhost/my_pun_apps"
@@ -215,6 +219,7 @@ Listen 8080
     AuthType openid-connect
     Require valid-user
 
+
     LuaHookFixups nginx.lua nginx_handler
   </Location>
 
@@ -240,6 +245,7 @@ Listen 8080
   <Location "/oidc">
     AuthType openid-connect
     Require valid-user
+
   </Location>
 
   # Maintenance location

ood-portal-generator/spec/fixtures/ood-portal.conf.dex

@@ -98,6 +98,7 @@
 
   SetEnv OOD_ALLOWED_HOSTS "8.8.8.8,example.com"
 
+
   #
   # Below is used for sub-uri's this Open OnDemand portal supports
   #
@@ -126,6 +127,7 @@
     AuthType openid-connect
     Require valid-user
 
+
     ProxyPreserveHost On
     ProxyAddHeaders On
     ProxyPassReverse "http://localhost/pun"
@@ -153,6 +155,7 @@
     AuthType openid-connect
     Require valid-user
 
+
     LuaHookFixups nginx.lua nginx_handler
   </Location>
 
@@ -178,6 +181,7 @@
   <Location "/oidc">
     AuthType openid-connect
     Require valid-user
+
   </Location>
 
   # Maintenance location

ood-portal-generator/spec/fixtures/ood-portal.conf.dex-full

@@ -118,6 +118,7 @@
 
   SetEnv OOD_ALLOWED_HOSTS "example.com"
 
+
   #
   # Below is used for sub-uri's this Open OnDemand portal supports
   #
@@ -146,6 +147,7 @@
     AuthType openid-connect
     Require valid-user
 
+
     ProxyPreserveHost On
     ProxyAddHeaders On
     ProxyPassReverse "http://localhost/pun"
@@ -173,6 +175,7 @@
     AuthType openid-connect
     Require valid-user
 
+
     LuaHookFixups nginx.lua nginx_handler
   </Location>
 
@@ -198,6 +201,7 @@
   <Location "/oidc">
     AuthType openid-connect
     Require valid-user
+
   </Location>
 
   # Maintenance location

ood-portal-generator/spec/fixtures/ood-portal.conf.dex-ldap

@@ -118,6 +118,7 @@
 
   SetEnv OOD_ALLOWED_HOSTS "example.com"
 
+
   #
   # Below is used for sub-uri's this Open OnDemand portal supports
   #
@@ -146,6 +147,7 @@
     AuthType openid-connect
     Require valid-user
 
+
     ProxyPreserveHost On
     ProxyAddHeaders On
     ProxyPassReverse "http://localhost/pun"
@@ -173,6 +175,7 @@
     AuthType openid-connect
     Require valid-user
 
+
     LuaHookFixups nginx.lua nginx_handler
   </Location>
 
@@ -198,6 +201,7 @@
   <Location "/oidc">
     AuthType openid-connect
     Require valid-user
+
   </Location>
 
   # Maintenance location

ood-portal-generator/spec/fixtures/ood-portal.conf.dex-no-proxy

@@ -112,6 +112,7 @@
 
   SetEnv OOD_ALLOWED_HOSTS "example.com"
 
+
   #
   # Below is used for sub-uri's this Open OnDemand portal supports
   #
@@ -140,6 +141,7 @@
     AuthType openid-connect
     Require valid-user
 
+
     ProxyPreserveHost On
     ProxyAddHeaders On
     ProxyPassReverse "http://localhost/pun"
@@ -167,6 +169,7 @@
     AuthType openid-connect
     Require valid-user
 
+
     LuaHookFixups nginx.lua nginx_handler
   </Location>
 
@@ -192,6 +195,7 @@
   <Location "/oidc">
     AuthType openid-connect
     Require valid-user
+
   </Location>
 
   # Maintenance location

ood-portal-generator/spec/fixtures/ood-portal.conf.maint_with_ips

@@ -80,6 +80,7 @@
 
   SetEnv OOD_ALLOWED_HOSTS "8.8.8.8,example.com"
 
+
   #
   # Below is used for sub-uri's this Open OnDemand portal supports
   #
@@ -108,6 +109,7 @@
     AuthType openid-connect
     Require valid-user
 
+
     ProxyPreserveHost On
     ProxyAddHeaders On
     ProxyPassReverse "http://localhost/pun"
@@ -135,6 +137,7 @@
     AuthType openid-connect
     Require valid-user
 
+
     LuaHookFixups nginx.lua nginx_handler
   </Location>
 

ood-portal-generator/spec/fixtures/ood-portal.conf.nomaint

@@ -71,6 +71,7 @@
 
   SetEnv OOD_ALLOWED_HOSTS "8.8.8.8,example.com"
 
+
   #
   # Below is used for sub-uri's this Open OnDemand portal supports
   #
@@ -99,6 +100,7 @@
     AuthType openid-connect
     Require valid-user
 
+
     ProxyPreserveHost On
     ProxyAddHeaders On
     ProxyPassReverse "http://localhost/pun"
@@ -126,6 +128,7 @@
     AuthType openid-connect
     Require valid-user
 
+
     LuaHookFixups nginx.lua nginx_handler
   </Location>
 

ood-portal-generator/spec/fixtures/ood-portal.conf.oidc

@@ -100,6 +100,7 @@
 
   SetEnv OOD_ALLOWED_HOSTS "ondemand.example.com"
 
+
   #
   # Below is used for sub-uri's this Open OnDemand portal supports
   #
@@ -128,6 +129,7 @@
     AuthType openid-connect
     Require valid-user
 
+
     ProxyPreserveHost On
     ProxyAddHeaders On
     ProxyPassReverse "http://localhost/pun"
@@ -155,6 +157,7 @@
     AuthType openid-connect
     Require valid-user
 
+
     LuaHookFixups nginx.lua nginx_handler
   </Location>
 
@@ -180,6 +183,7 @@
   <Location "/oidc">
     AuthType openid-connect
     Require valid-user
+
   </Location>
 
   # Maintenance location

ood-portal-generator/spec/fixtures/ood-portal.conf.oidc-ssl

@@ -116,6 +116,7 @@
 
   SetEnv OOD_ALLOWED_HOSTS "ondemand.example.com"
 
+
   #
   # Below is used for sub-uri's this Open OnDemand portal supports
   #
@@ -144,6 +145,7 @@
     AuthType openid-connect
     Require valid-user
 
+
     ProxyPreserveHost On
     ProxyAddHeaders On
     ProxyPassReverse "http://localhost/pun"
@@ -171,6 +173,7 @@
     AuthType openid-connect
     Require valid-user
 
+
     LuaHookFixups nginx.lua nginx_handler
   </Location>
 
@@ -196,6 +199,7 @@
   <Location "/oidc">
     AuthType openid-connect
     Require valid-user
+
   </Location>
 
   # Maintenance location