Merge pull request puppetlabs#109 from jpogran/ticket/master/MODULES-5229-iis-site-authentication

glennsarti · web-flow · commit e1fe249a2cfd · 2018-02-01T11:38:07.000+08:00
(MODULES-5229) Add authenticationinfo to iis_site
diff --git a/README.md b/README.md
@@ -776,6 +776,24 @@ iis_site {'mysite'
 }
 ```
 
+##### `authenticationinfo`
+
+Enable and disable authentication schemas. The available schemas are: anonymous, basic, clientCertificateMapping, digest, iisClientCertificateMapping, windows.
+
+###### Example
+
+```
+iis_site { 'test_site':
+  ensure          => 'started',
+  physicalpath    => 'C:\\inetpub\\tmp',
+  applicationpool => 'DefaultAppPool',
+  authenticationinfo => {
+    'basic'     => true,
+    'anonymous' => false,
+  },
+}
+```
+
 ### iis_virtual_directory
 
 Allows creation of a new IIS Virtual Directory and configuration of virtual directory parameters.
diff --git a/lib/puppet/provider/iis_site/webadministration.rb b/lib/puppet/provider/iis_site/webadministration.rb
@@ -49,7 +49,17 @@ def update
 
     cmd << self.class.ps_script_content('serviceautostartprovider', @resource)
 
-
+    if @resource[:authenticationinfo]
+      @resource[:authenticationinfo].each do |auth,enable|
+        args = Array.new
+        args << "-Filter 'system.webserver/security/authentication/#{auth}Authentication'"
+        args << "-PSPath 'IIS:\\'"
+        args << "-Location '#{@resource[:name]}'"
+        args << "-Name enabled"
+        args << "-Value #{@resource[:authenticationinfo][auth]}"
+        cmd << "Set-WebConfigurationProperty #{args.join(' ')} -ErrorAction Stop\n"
+      end
+    end
 
     inst_cmd = cmd.join
 
@@ -108,6 +118,9 @@ def self.prefetch(resources)
     sites = instances
     resources.keys.each do |site|
       if !sites.nil? && provider = sites.find { |s| s.name == site }
+        if !resources[site]['authenticationinfo'].nil?
+          resources[site]['authenticationinfo'] = provider.authenticationinfo.merge(resources[site]['authenticationinfo'])
+        end
         resources[site].provider = provider
       end
     end
@@ -142,6 +155,7 @@ def self.instances
         binding.delete('certificatestorename') unless binding['protocol'] == 'https'
       end
       site['limits'] = {} if site['limits'].nil?
+      site['authenticationinfo'] = {} if site['authenticationinfo'].nil?
 
       site_hash[:ensure]               = site['state'].downcase
       site_hash[:name]                 = site['name']
@@ -158,6 +172,7 @@ def self.instances
       site_hash[:logformat]            = site['logformat']
       site_hash[:logflags]             = site['logextfileflags'].split(/,\s*/).sort
       site_hash[:preloadenabled]       = to_bool(site['preloadenabled']) unless site['preloadenabled'].nil?
+      site_hash[:authenticationinfo]   = site['authenticationinfo']
 
       new(site_hash)
     end
diff --git a/lib/puppet/provider/templates/webadministration/_getwebsites.ps1.erb b/lib/puppet/provider/templates/webadministration/_getwebsites.ps1.erb
@@ -7,6 +7,20 @@ Get-WebSite | % {
     $preloadenabled = [string](Get-ItemProperty -Path "IIS:\Sites\$($name)" -Name 'applicationDefaults.preloadEnabled' -ErrorAction 'Continue').Value
   }
 
+  $authenticationTypes = @(
+    'anonymous',
+    'basic',
+    'clientCertificateMapping',
+    'digest',
+    'iisClientCertificateMapping',
+    'windows'
+  )
+  $authenticationTypes | Foreach-Object -Begin { $info = @{} } -Process {
+    $p = Get-WebConfiguration -Filter "system.webserver/security/authentication/$($_)Authentication" -PSPath "IIS:\sites\$($name)"
+    $info["$($_)"] = $p.enabled
+  }
+  $authenticationinfo = New-Object -TypeName PSObject -Property $info
+
   New-Object -TypeName PSObject -Property @{
     name             = [string]$_.Name
     physicalpath     = [string]$_.PhysicalPath
@@ -29,6 +43,7 @@ Get-WebSite | % {
       maxconnections     = [int64]$_.limits.maxconnections
       connectiontimeout  = [int]$_.limits.connectiontimeout.totalseconds
     }
+    authenticationinfo   = $authenticationinfo
     logformat            = [string]$_.LogFile.logFormat
     logpath              = [string]$_.LogFile.directory
     logperiod            = [string]$_.LogFile.period
diff --git a/lib/puppet/type/iis_site.rb b/lib/puppet/type/iis_site.rb
@@ -1,5 +1,6 @@
 require 'puppet/parameter/boolean'
 require_relative '../../puppet_x/puppetlabs/iis/property/name'
+require_relative '../../puppet_x/puppetlabs/iis/property/hash'
 
 Puppet::Type.newtype(:iis_site) do
   @doc = "Create a new IIS website."
@@ -314,6 +315,18 @@ def insync?(is)
     end
   end
 
+  newproperty(:authenticationinfo) do
+    desc 'Enable and disable authentication schemas. Note: some schemas require additional Windows features to be installed, for example windows authentication. This type does not ensure a given feature is installed before attempting to configure it.'
+    valid_schemas = ['anonymous', 'basic', 'clientCertificateMapping',
+                      'digest', 'iisClientCertificateMapping', 'windows']
+    validate do |value|
+      fail "#{self.name.to_s} should be a Hash" unless value.is_a? ::Hash
+      unless (value.keys & valid_schemas) == value.keys
+          fail("All schemas must specify any of the following: anonymous, basic, clientCertificateMapping, digest, iisClientCertificateMapping, or windows")
+      end
+    end
+  end
+
   autorequire(:iis_application_pool) { self[:applicationpool] }
 
   validate do
diff --git a/spec/acceptance/iis_site_spec.rb b/spec/acceptance/iis_site_spec.rb
@@ -189,6 +189,32 @@
       end
     end
 
+    context 'when setting' do
+      describe 'authenticationinfo' do
+        before(:all) do
+          @site_name = SecureRandom.hex(10)
+          create_path('C:\inetpub\tmp')
+          @manifest  = <<-HERE
+            iis_site { '#{@site_name}':
+              ensure          => 'started',
+              physicalpath    => 'C:\\inetpub\\tmp',
+              applicationpool => 'DefaultAppPool',
+              authenticationinfo => {
+                'basic'     => true,
+                'anonymous' => false,
+              },
+            }
+          HERE
+        end
+
+        it_behaves_like 'an idempotent resource'
+
+        after(:all) do
+          remove_all_sites
+        end
+      end
+    end
+
     # TestRail ID: C100071
     context 'can change site state from' do
       context 'stopped to started' do
diff --git a/spec/unit/puppet/type/iis_site_spec.rb b/spec/unit/puppet/type/iis_site_spec.rb
@@ -58,6 +58,28 @@
     end
   end
 
+  context "property: authenticationinfo" do
+    it "requires a hash or array of hashes" do
+      expect {
+        resource[:authenticationinfo] = "hi"
+      }.to raise_error(Puppet::Error, /Hash/)
+      expect {
+        resource[:authenticationinfo] = ["hi"]
+      }.to raise_error(Puppet::Error, /Hash/)
+    end
+    it "requires any of the schemas" do
+      expect {
+        resource[:authenticationinfo] = { 'wakka' => 'fdskjfndslk' }
+      }.to raise_error(Puppet::Error, /schema/)
+    end
+    it "allows valid syntax" do
+      resource[:authenticationinfo] = {
+        'basic' => true,
+        'anonymous' => false,
+      }
+    end
+  end
+
   context "property :bindings" do
     it "requires a hash or array of hashes" do
       expect {
