Add ssl_user_name vhost parameter

Matt Dainty · Matt Dainty · commit bdaaf97e4f06 · 2020-11-26T10:16:14.000Z
Maps to SSLUserName directive.
diff --git a/manifests/vhost.pp b/manifests/vhost.pp
@@ -1673,6 +1673,9 @@
 #   Can be used to set the [SSLStaplingReturnResponderErrors](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingreturnrespondererrors) directive.<br />
 #   This parameter only applies to Apache 2.4 or higher and is ignored on older versions.
 #
+# @param ssl_user_name
+#   Sets the [SSLUserName](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslusername) directive.
+#
 # @param use_canonical_name
 #   Specifies whether to use the [`UseCanonicalName directive`](https://httpd.apache.org/docs/2.4/mod/core.html#usecanonicalname),
 #   which allows you to configure how the server determines it's own name and port.
@@ -1767,6 +1770,7 @@
   Optional[Boolean] $ssl_stapling                                                   = undef,
   $ssl_stapling_timeout                                                             = undef,
   $ssl_stapling_return_errors                                                       = undef,
+  Optional[String] $ssl_user_name                                                   = undef,
   $priority                                                                         = undef,
   Boolean $default_vhost                                                            = false,
   $servername                                                                       = $name,
diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb
@@ -85,6 +85,7 @@
               'ssl_proxyengine'             => true,
               'ssl_proxy_cipher_suite'      => 'HIGH',
               'ssl_proxy_protocol'          => 'TLSv1.2',
+              'ssl_user_name'               => 'SSL_CLIENT_S_DN_CN',
               'priority'                    => '30',
               'default_vhost'               => true,
               'servername'                  => 'example.com',
@@ -1027,6 +1028,11 @@
               content: %r{^\s+SSLOpenSSLConfCmd\s+DHParameters "foo.pem"$},
             )
           }
+          it {
+            is_expected.to contain_concat__fragment('rspec.example.com-ssl').with(
+              content: %r{^\s+SSLUserName\s+SSL_CLIENT_S_DN_CN$},
+            )
+          }
           it { is_expected.to contain_concat__fragment('rspec.example.com-sslproxy') }
           it {
             is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with(
diff --git a/templates/vhost/_ssl.erb b/templates/vhost/_ssl.erb
@@ -52,4 +52,7 @@
   <%- if (not @ssl_stapling_return_errors.nil?) && (scope.function_versioncmp([@apache_version, '2.4']) >= 0) -%>
   SSLStaplingReturnResponderErrors <%= scope.call_function('apache::bool2httpd', [@ssl_stapling_return_errors]) %>
   <%- end -%>
+  <%- if @ssl_user_name -%>
+  SSLUserName             <%= @ssl_user_name %>
+  <%- end -%>
 <% end -%>
