Unable to set auth_basic for "alias" location type

[jmswick]

I've been working on an nginx host that has a default auth_basic for the vhost. However, I am needing to add a single location with auth_basic off so that it can have a health check for a load balancer infront of it.

However, when setting auth_basic to 'off' I get the following error due to puppet treating 'off' as 'false':

Info: Loading facts
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: false is not a string.  It looks to be a FalseClass at /etc/puppet/modules/modules/nginx/manifests/resource/location.pp:255 on node mynode.mydomain.net
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

Due to this check in location.pp:

  if ($auth_basic != undef) {
    validate_string($auth_basic)
  }

[3flex]

@jmswick are you setting the value off in hiera?

YAML treats several values as boolean, so when you set off in your YAML file it converts to boolean before being passed to Hiera & Puppet. Quote the value to make YAML treat it as a string: "off"

[jmswick]

Yes, I am setting it in heira and I tried quoting it in several different ways, which eliminated the error, but I still didn't get a "auth_basic off" in the nginx config on the system. (I should have stated that from the beginning too.)

If I have time today I'll try to recreate this in a vagrant test VM so that I can provide the config. One change is that we are using eyaml so that we can encrypt specific yaml entries, so that could be enough of a difference. Our vagrant test setup doesn't use eyaml so that should help to narrow it down.

[3flex]

Can you post your manifest for the location resource?

auth_basic is currently supported in some but not all location types.

[jmswick]

Hi,
Here's the yaml config for nginx from the test I just did:

nginx::confd_purge: true
nginx::vhost_purge: true
nginx::nginx_upstreams:
  'testapp':
    members:
      - localhost:8900
nginx::nginx_vhosts:
  'testapp':
    proxy: 'http://testapp'
    proxy_read_timeout: '300s'
    proxy_set_header:
      - 'Host $host'
    auth_basic: 'TestApp'
    auth_basic_user_file: '/etc/nginx/testapp.htpasswd'
nginx::nginx_locations:
  'testapp-healthchk':
    vhost: 'testapp'
    location: '/healthchk'
    auth_basic: "off"
    location_alias: '/tmp/healthck'
  'testapp-csv-outputs':
    vhost: 'testapp'
    location: '/testapp-csv-outputs'
    auth_basic: 'TestApp Outputs'
    auth_basic_user_file: '/etc/nginx/testapp.htpasswd'
    autoindex: 'on'
    location_alias: '/tmp/csv/'

It generated this /etc/nginx/sites-enabled/testapp.conf file:

server {
  listen                *:80;

  server_name           testapp;
  auth_basic           "TestApp";
  auth_basic_user_file /etc/nginx/testapp.htpasswd;

  proxy_set_header        Host $host;
    index  index.html index.htm index.php;

  access_log            /var/log/nginx/testapp.access.log;
  error_log             /var/log/nginx/testapp.error.log;

  location /healthchk {

    alias      /tmp/healthck;
  }
  location /testapp-csv-outputs {

    alias      /tmp/csv/;
    autoindex on;
  }
  location / {

    proxy_pass          http://testapp;
    proxy_read_timeout  300s;
    proxy_connect_timeout  90;
    proxy_redirect  off;
    proxy_set_header        Host $host;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
  }
}

[3flex]

Right now auth_basic isn't supported when you set location_alias for a location.

I've updated the issue title to better reflect this problem.

[jmswick]

Thank you. I hadn't dug that far into the module to see that case.

[jmswick]

Thank you. I do get the expected nginx config now and a basic test works as a proof of concept.