Drop dependency on certs::foreman_proxy from container class

Signed-off-by: Eric D. Helms <[email protected]>

Author: ehelms

manifests/container.pp

@@ -10,21 +10,22 @@
 #   the content base url.
 # @param pulpcore_https_vhost
 #   The name of the Apache https vhost for Pulpcore
+# @param cname
+#   Common name to check for authentication against
 class foreman_proxy_content::container (
   String $location_prefix = '/pulpcore_registry',
   String $registry_v1_path = '/v1/',
   String $registry_v2_path = '/v2/',
   String $pulpcore_https_vhost = 'pulpcore-https',
+  Stdlib::Fqdn $cname = $facts['networking']['fqdn'],
 ) {
-  include certs::foreman_proxy
-
   $context = {
     'directories'  => [
       {
         'provider'        => 'location',
         'path'            => "${location_prefix}${registry_v2_path}",
         'request_headers' => ["set SSL_CLIENT_S_DN \"admin\""],
-        'requires'        => ["expr %{tolower:%{SSL_CLIENT_S_DN_CN}} == \"${certs::foreman_proxy::hostname.downcase}\""]
+        'requires'        => ["expr %{tolower:%{SSL_CLIENT_S_DN_CN}} == \"${cname.downcase}\""]
       },
     ],
     'proxy_pass' => [

manifests/init.pp

@@ -253,6 +253,7 @@
     unless $shared_with_foreman_vhost {
       class { 'foreman_proxy_content::container':
         pulpcore_https_vhost => $apache_https_vhost,
+        cname                => $certs::foreman_proxy::hostname,
       }
 
       class { 'foreman_proxy::plugin::container_gateway':

spec/classes/foreman_proxy_content__container_spec.rb

@@ -29,15 +29,23 @@
       end
 
       describe 'with explicit parameters' do
-        let(:params) { { location_prefix: '/other_pulpcore_registry', registry_v1_path: '/vr1/', registry_v2_path: '/vr2/', pulpcore_https_vhost: 'rhsm-pulpcore-reverse-proxy-443' } }
+        let(:params) do
+          {
+            location_prefix: '/other_pulpcore_registry',
+            registry_v1_path: '/vr1/',
+            registry_v2_path: '/vr2/',
+            pulpcore_https_vhost: 'rhsm-pulpcore-reverse-proxy-443',
+            cname: 'anoTHeR.example.COM',
+          }
+        end
 
         it { is_expected.to compile.with_all_deps }
         it do
           is_expected.to contain_apache__vhost__fragment('pulp-https-container')
             .with_vhost('rhsm-pulpcore-reverse-proxy-443')
             .with_priority('10')
             .with_content(%r{^\s+<Location "/other_pulpcore_registry/vr2/">$})
-            .with_content(%r{^\s+Require expr %\{tolower:%\{SSL_CLIENT_S_DN_CN\}\} == "foo.example.com"$})
+            .with_content(%r{^\s+Require expr %\{tolower:%\{SSL_CLIENT_S_DN_CN\}\} == "another.example.com"$})
             .with_content(%r{^\s+RequestHeader set SSL_CLIENT_S_DN "admin"$})
             .with_content(%r{^\s+</Location>$})
             .with_content(%r{^\s+ProxyPass /vr1/ https://foo\.example\.com:8443/container_gateway/vr1/$})