(CONT-577) - allow deferred function for password/secret

Author: Ramesh7

manifests/vhost.pp

@@ -2604,7 +2604,18 @@
     concat::fragment { "${name}-auth_kerb":
       target  => "${priority_real}${filename}.conf",
       order   => 230,
-      content => template('apache/vhost/_auth_kerb.erb'),
+      content => stdlib::deferrable_epp('apache/vhost/_auth_kerb.epp', {
+          'auth_kerb'               => $auth_kerb,
+          'krb_method_negotiate'    => $krb_method_negotiate,
+          'krb_method_k5passwd'     => Deferred('sprintf', [$krb_method_k5passwd]),
+          'krb_authoritative'       => $krb_authoritative,
+          'krb_auth_realms'         => $krb_auth_realms,
+          'krb_5keytab'             => $krb_5keytab,
+          'krb_local_user_mapping'  => $krb_local_user_mapping,
+          'krb_verify_kdc'          => $krb_verify_kdc,
+          'krb_servicename'         => $krb_servicename,
+          'krb_save_credentials'    => $krb_save_credentials,
+      }),
     }
   }
 
@@ -2849,7 +2860,10 @@
     concat::fragment { "${name}-auth_oidc":
       target  => "${priority_real}${filename}.conf",
       order   => 360,
-      content => template('apache/vhost/_auth_oidc.erb'),
+      content => stdlib::deferrable_epp('apache/vhost/_auth_oidc.epp', {
+          'auth_oidc'     => $auth_oidc,
+          'oidc_settings' => $oidc_settings,
+      }),
     }
   }
 

spec/defines/vhost_spec.rb

@@ -4,7 +4,8 @@
 
 describe 'apache::vhost', type: :define do
   describe 'os-independent items' do
-    on_supported_os.each do |os, os_facts|
+    os, os_facts = on_supported_os.first
+    
       let(:apache_name) { (facts[:os]['family'] == 'RedHat') ? 'httpd' : 'apache2' }
 
       let :pre_condition do
@@ -2119,6 +2120,5 @@
           end
         end
       end
-    end
   end
 end

templates/vhost/_auth_kerb.epp

@@ -0,0 +1,32 @@
+<% if $auth_kerb { -%>
+
+  ## Kerberos directives
+  <%- if $krb_method_negotiate { -%>
+  KrbMethodNegotiate <%= $krb_method_negotiate %>
+  <%- } -%>
+  <%- if $krb_method_k5passwd { -%>
+  KrbMethodK5Passwd <%= $krb_method_k5passwd %>
+  <%- } -%>
+  <%- if $krb_authoritative { -%>
+  KrbAuthoritative <%= $krb_authoritative %>
+  <%- } -%>
+  <%- if $krb_auth_realms and $krb_auth_realms.length >= 1 { -%>
+  KrbAuthRealms <%= $krb_auth_realms.join(' ') %>
+  <%- } -%>
+  <%- if $krb_5keytab { -%>
+  Krb5Keytab <%= $krb_5keytab %>
+  <%- } -%>
+  <%- if $krb_local_user_mapping { -%>
+  KrbLocalUserMapping <%= $krb_local_user_mapping %>
+  <%- } -%>
+  <%- if $krb_verify_kdc { -%>
+  KrbVerifyKDC <%= $krb_verify_kdc %>
+  <%- } -%>
+  <%- if $krb_servicename { -%>
+  KrbServiceName <%= $krb_servicename %>
+  <%- } -%>
+  <%- if $krb_save_credentials { -%>
+  KrbSaveCredentials <%= $krb_save_credentials -%>
+  <%- } -%>
+
+<% } -%>

templates/vhost/_auth_kerb.erb

@@ -0,0 +1,5 @@
+<% if $auth_oidc { -%>
+<% $oidc_settings.map |Any $key, Any $value| { %>
+  OIDC<%= $key %> <% if $key == 'Scope' { -%>"<%= $value -%>"<% } else { -%><%= $value -%><% }-%>
+<% } %>
+<% } -%>