Add ability to configure auth backends and classes

manifests/init.pp

@@ -121,6 +121,12 @@
 # @param remote_user_environ_name
 #   Django remote user environment variable
 #
+# @param authentication_backends
+#   List of used authentication backends
+#
+# @param rest_framework_default_authentication_classes
+#   List of used REST framework default authentication classes
+#
 # @param allowed_import_path
 #   Allowed paths that pulp can use for content imports, or sync from using file:// protocol
 #
@@ -239,6 +245,11 @@
   Array[Stdlib::Absolutepath] $allowed_export_path = [],
   Pulpcore::ChecksumTypes $allowed_content_checksums = ['sha224', 'sha256', 'sha384', 'sha512'],
   String[1] $remote_user_environ_name = 'HTTP_REMOTE_USER',
+  Array[String[1]] $authentication_backends = ['pulpcore.app.authentication.PulpNoCreateRemoteUserBackend'],
+  Array[String[1]] $rest_framework_default_authentication_classes = [
+    'rest_framework.authentication.SessionAuthentication',
+    'pulpcore.app.authentication.PulpRemoteUserAuthentication',
+  ],
   Integer[0] $worker_count = min(8, $facts['processors']['count']),
   Optional[Integer[0]] $worker_ttl = undef,
   Boolean $service_enable = true,

spec/acceptance/settings_spec.rb

@@ -87,6 +87,95 @@ class { 'pulpcore':
   end
 end
 
+describe 'AUTHENTICATION_BACKENDS setting' do
+  context 'default AUTHENTICATION_BACKENDS' do
+    it_behaves_like 'an idempotent resource' do
+      let(:manifest) do
+        <<-PUPPET
+        include pulpcore
+        PUPPET
+      end
+    end
+
+    describe file('/etc/pulp/settings.py') do
+      it { is_expected.to be_file }
+      its(:content) { is_expected.to include('AUTHENTICATION_BACKENDS = ["pulpcore.app.authentication.PulpNoCreateRemoteUserBackend"]') }
+    end
+  end
+
+  context 'AUTHENTICATION_BACKENDS set' do
+    it_behaves_like 'an idempotent resource' do
+      let(:manifest) do
+        <<-PUPPET
+        class { 'pulpcore':
+          authentication_backends => [
+            'django.contrib.auth.backends.ModelBackend',
+            'pulpcore.app.authentication.PulpNoCreateRemoteUserBackend',
+          ],
+        }
+        PUPPET
+      end
+    end
+
+    describe file('/etc/pulp/settings.py') do
+      it { is_expected.to be_file }
+      its(:content) { is_expected.to include('AUTHENTICATION_BACKENDS = ["django.contrib.auth.backends.ModelBackend", "pulpcore.app.authentication.PulpNoCreateRemoteUserBackend"]') }
+    end
+  end
+end
+
+describe 'REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES setting' do
+  context 'default REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES' do
+    it_behaves_like 'an idempotent resource' do
+      let(:manifest) do
+        <<-PUPPET
+        include pulpcore
+        PUPPET
+      end
+    end
+
+    describe file('/etc/pulp/settings.py') do
+      it { is_expected.to be_file }
+      its(:content) do
+        is_expected.to include <<~EXPECTED
+          REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES = (
+              'rest_framework.authentication.SessionAuthentication',
+              'pulpcore.app.authentication.PulpRemoteUserAuthentication',
+          )
+        EXPECTED
+      end
+    end
+  end
+
+  context 'REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES set' do
+    it_behaves_like 'an idempotent resource' do
+      let(:manifest) do
+        <<-PUPPET
+        class { 'pulpcore':
+          rest_framework_default_authentication_classes => [
+            'rest_framework.authentication.BasicAuthentication',
+            'rest_framework.authentication.SessionAuthentication',
+            'pulpcore.app.authentication.PulpRemoteUserAuthentication',
+          ],
+        }
+        PUPPET
+      end
+    end
+
+    describe file('/etc/pulp/settings.py') do
+      it { is_expected.to be_file }
+        is_expected.to include <<~EXPECTED
+          REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES = (
+              'rest_framework.authentication.BasicAuthentication',
+              'rest_framework.authentication.SessionAuthentication',
+              'pulpcore.app.authentication.PulpRemoteUserAuthentication',
+          )
+        EXPECTED
+      end
+    end
+  end
+end
+
 describe 'IMPORT_WORKERS_PERCENT setting' do
   context 'default IMPORT_WORKERS_PERCENT' do
     it_behaves_like 'an idempotent resource' do

templates/settings.py.erb

@@ -50,11 +50,12 @@ FILE_UPLOAD_TEMP_DIR = "<%= scope['pulpcore::cache_dir'] %>"
 WORKING_DIRECTORY = "<%= scope['pulpcore::cache_dir'] %>"
 
 REMOTE_USER_ENVIRON_NAME = '<%= scope['pulpcore::remote_user_environ_name'] %>'
-AUTHENTICATION_BACKENDS = ['pulpcore.app.authentication.PulpNoCreateRemoteUserBackend']
+AUTHENTICATION_BACKENDS = <%= scope['pulpcore::authentication_backends'] %>
 
 REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES = (
-    'rest_framework.authentication.SessionAuthentication',
-    'pulpcore.app.authentication.PulpRemoteUserAuthentication'
+<% scope['pulpcore::rest_framework_default_authentication_classes'].each do |authclass| -%>
+    '<%= authclass %>',
+<% end -%>
 )
 
 ALLOWED_IMPORT_PATHS = <%= scope['pulpcore::allowed_import_path'] %>