Merge pull request #2450 from edx/revert-2322-smarnach/selective-http-auth

Revert ff670ea8

playbooks/roles/nginx/defaults/main.yml

@@ -113,28 +113,3 @@ nginx_cfg:
 
 NGINX_ROBOT_RULES: [ ]
 NGINX_EDXAPP_EMBARGO_CIDRS: []
-
-CERTS_ENABLE_BASIC_AUTH: "{{ COMMON_ENABLE_BASIC_AUTH }}"
-ECOMMERCE_ENABLE_BASIC_AUTH: "{{ COMMON_ENABLE_BASIC_AUTH }}"
-EDXAPP_CMS_ENABLE_BASIC_AUTH: "{{ COMMON_ENABLE_BASIC_AUTH }}"
-EDXAPP_LMS_ENABLE_BASIC_AUTH: "{{ COMMON_ENABLE_BASIC_AUTH }}"
-EDXAPP_LMS_PREVIEW_ENABLE_BASIC_AUTH: "{{ COMMON_ENABLE_BASIC_AUTH }}"
-KIBANA_ENABLE_BASIC_AUTH: "{{ COMMON_ENABLE_BASIC_AUTH }}"
-ORA_ENABLE_BASIC_AUTH: "{{ COMMON_ENABLE_BASIC_AUTH }}"
-PROGRAMS_ENABLE_BASIC_AUTH: "{{ COMMON_ENABLE_BASIC_AUTH }}"
-XQUEUE_ENABLE_BASIC_AUTH: "{{ COMMON_ENABLE_BASIC_AUTH }}"
-XSERVER_ENABLE_BASIC_AUTH: "{{ COMMON_ENABLE_BASIC_AUTH }}"
-
-NGINX_CREATE_HTPASSWD_FILE: >
-  {{
-    CERTS_ENABLE_BASIC_AUTH or
-    ECOMMERCE_ENABLE_BASIC_AUTH or
-    EDXAPP_CMS_ENABLE_BASIC_AUTH or
-    EDXAPP_LMS_ENABLE_BASIC_AUTH or
-    EDXAPP_LMS_PREVIEW_ENABLE_BASIC_AUTH or
-    KIBANA_ENABLE_BASIC_AUTH or
-    ORA_ENABLE_BASIC_AUTH or
-    PROGRAMS_ENABLE_BASIC_AUTH or
-    XQUEUE_ENABLE_BASIC_AUTH or
-    XSERVER_ENABLE_BASIC_AUTH
-  }}

playbooks/roles/nginx/tasks/main.yml

@@ -135,7 +135,7 @@
     name={{ COMMON_HTPASSWD_USER }}
     password={{ COMMON_HTPASSWD_PASS }}
     path={{ nginx_htpasswd_file }}
-  when: NGINX_CREATE_HTPASSWD_FILE
+  when: COMMON_ENABLE_BASIC_AUTH
 
 - name: Create nginx log file location (just in case)
   file: >

playbooks/roles/nginx/templates/edx/app/nginx/sites-available/basic-auth.j2

+{% if COMMON_ENABLE_BASIC_AUTH %}
      satisfy any;
 
      allow 127.0.0.1;
@@ -16,3 +17,4 @@
 
      index index.html
      proxy_set_header X-Forwarded-Proto https;
+{% endif %}

playbooks/roles/nginx/templates/edx/app/nginx/sites-available/certs.j2

@@ -3,9 +3,8 @@ server {
 
   location / {
     root {{ CERTS_WEB_ROOT }};
-    {% if CERTS_ENABLE_BASIC_AUTH %}
-      {% include "basic-auth.j2" %}
-    {% endif %}
+    {% include "basic-auth.j2" %}
     try_files $uri $uri/valid.html =404;
   }
 }
+

playbooks/roles/nginx/templates/edx/app/nginx/sites-available/cms.j2

@@ -74,9 +74,7 @@ error_page {{ k }} {{ v }};
   }
 
   location / {
-    {% if EDXAPP_CMS_ENABLE_BASIC_AUTH %}
-      {% include "basic-auth.j2" %}
-    {% endif %}
+    {% include "basic-auth.j2" %}
     try_files $uri @proxy_to_cms_app;
   }
 

playbooks/roles/nginx/templates/edx/app/nginx/sites-available/ecommerce.j2

@@ -38,9 +38,6 @@ server {
   }
 
   location / {
-    {% if ECOMMERCE_ENABLE_BASIC_AUTH %}
-      {% include "basic-auth.j2" %}
-    {% endif %}
     try_files $uri @proxy_to_app;
   }
 

playbooks/roles/nginx/templates/edx/app/nginx/sites-available/kibana.j2

@@ -31,9 +31,7 @@ server {
   error_log {{ nginx_log_dir }}/kibana.error.log error;
 
   # Access restriction
-  {% if KIBANA_ENABLE_BASIC_AUTH %}
-    {% include "basic-auth.j2" %}
-  {% endif %}
+  {% include "basic-auth.j2" %}
 
   # Set image format types to expire in a very long time
   location ~* ^.+\.(jpg|jpeg|gif|png|ico)$ {

playbooks/roles/nginx/templates/edx/app/nginx/sites-available/lms-preview.j2

@@ -37,9 +37,8 @@ server {
   }
 
   location / {
-    {% if EDXAPP_LMS_PREVIEW_ENABLE_BASIC_AUTH %}
-      {% include "basic-auth.j2" %}
-    {% endif %}
+
+    {% include "basic-auth.j2" %}
     try_files $uri @proxy_to_lms-preview_app;
   }
 

playbooks/roles/nginx/templates/edx/app/nginx/sites-available/lms.j2

@@ -93,9 +93,7 @@ error_page {{ k }} {{ v }};
   }
 
   location / {
-    {% if EDXAPP_LMS_ENABLE_BASIC_AUTH %}
-      {% include "basic-auth.j2" %}
-    {% endif %}
+    {% include "basic-auth.j2" %}
     {% if NGINX_EDXAPP_EMBARGO_CIDRS -%}
     if ( $embargo ) {
       rewrite ^ /embargo;
@@ -169,9 +167,7 @@ error_page {{ k }} {{ v }};
     error_page  503 = /server/rate-limit.html;
     {%- endif -%}
 
-    {% if EDXAPP_LMS_ENABLE_BASIC_AUTH %}
-      {%- include "basic-auth.j2" %}
-    {% endif %}
+    {%- include "basic-auth.j2" %}
     try_files $uri @proxy_to_lms_app;
   }
 

playbooks/roles/nginx/templates/edx/app/nginx/sites-available/ora.j2

@@ -8,9 +8,8 @@ server {
   listen {{ ORA_NGINX_PORT }} default_server;
 
   location / {
-    {% if ORA_ENABLE_BASIC_AUTH %}
-      {% include "basic-auth.j2" %}
-    {% endif %}
+
+    {% include "basic-auth.j2" %}
     try_files $uri @proxy_to_app;
   }
 

playbooks/roles/nginx/templates/edx/app/nginx/sites-available/programs.j2

@@ -38,9 +38,6 @@ server {
   }
 
   location / {
-    {% if PROGRAMS_ENABLE_BASIC_AUTH %}
-      {% include "basic-auth.j2" %}
-    {% endif %}
     try_files $uri @proxy_to_app;
   }
 

playbooks/roles/nginx/templates/edx/app/nginx/sites-available/xqueue.j2

@@ -8,9 +8,7 @@ server {
   listen {{ XQUEUE_NGINX_PORT }} default_server;
 
   location / {
-    {% if XQUEUE_ENABLE_BASIC_AUTH %}
-      {% include "basic-auth.j2" %}
-    {% endif %}
+    {% include "basic-auth.j2" %}
     try_files $uri @proxy_to_app;
   }
 

playbooks/roles/nginx/templates/edx/app/nginx/sites-available/xserver.j2

@@ -18,9 +18,7 @@ server {
   listen {{ XSERVER_NGINX_PORT }} default_server;
 
   location / {
-    {% if XSERVER_ENABLE_BASIC_AUTH %}
-      {% include "basic-auth.j2" %}
-    {% endif %}
+    {% include "basic-auth.j2" %}
     try_files $uri @proxy_to_app;
   }