Adds option for turning off basic auth for selected service(s)

README.md

@@ -238,7 +238,8 @@ Settings here can overwrite the settings in HAProxy, which are only applied to t
 |BALANCE|load balancing algorithm to use. Possible values include: `roundrobin`, `static-rr`, `source`, `leastconn`. See:[HAProxy:balance](https://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4-balance)|
 |COOKIE|sticky session option. Possible value `SRV insert indirect nocache`. See:[HAProxy:cookie](http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4-cookie)|
 |DEFAULT_SSL_CERT|similar to SSL_CERT, but stores the pem file at `/certs/cert0.pem` as the default ssl certs. If multiple `DEFAULT_SSL_CERT` are specified in linked services and HAProxy, the behavior is undefined|
-|EXCLUDE_PORTS|comma separated port numbers(e.g. 3306, 3307). By default, HAProxy will add all the ports exposed by the application services to the backend routes. You can exclude the ports that you don't want to be routed, like database port|
+|EXCLUDE_BASIC_AUTH|comma separated port numbers(e.g. 3306, 3307). By default, HAProxy will add all the ports exposed by the application services to the backend routes. You can exclude the ports that you don't want to be routed, like database port|
+|EXCLUDE_PORTS|if set(any value) and `HTTP_BASIC_AUTH` global setting is set, no basic auth will be applied to this service.|
 |EXTRA_ROUTE_SETTINGS|a string which is append to the each backend route after the health check,possible value: "send-proxy"|
 |EXTRA_SETTINGS|comma-separated string of extra settings, and each part will be appended to either related backend section or listen session in the configuration file. To escape comma, use `\,`. Possible value: `balance source`|
 |FORCE_SSL|if set(any value) together with ssl termination enabled. HAProxy will redirect HTTP request to HTTPS request.

haproxy/helper/backend_helper.py

@@ -80,7 +80,7 @@ def get_backend_settings(details, service_alias, basic_auth):
     backend_settings.extend(get_hsts_max_age_setting(details, service_alias))
     backend_settings.extend(get_options_setting(details, service_alias))
     backend_settings.extend(get_extra_settings_setting(details, service_alias))
-    backend_settings.extend(get_basic_auth_setting(basic_auth))
+    backend_settings.extend(get_basic_auth_setting(details, basic_auth, service_alias))
 
     return backend_settings, is_sticky
 
@@ -163,9 +163,11 @@ def get_extra_settings_setting(details, service_alias):
     return setting
 
 
-def get_basic_auth_setting(basic_auth):
+def get_basic_auth_setting(details, basic_auth, service_alias):
     setting = []
-    if basic_auth:
+    exclude_basic_auth = get_service_attribute(details, "exclude_basic_auth", service_alias)
+
+    if basic_auth and exclude_basic_auth == None:
         setting.append("acl need_auth http_auth(haproxy_userlist)")
         setting.append("http-request auth realm haproxy_basic_auth if !need_auth")
     return setting

tests/unit/helper/test_backend_helper.py

@@ -199,7 +199,11 @@ def test_get_extra_settings_setting(self):
         self.assertEqual([], get_extra_settings_setting(details, 'web-f'))
 
     def test_get_basic_auth_setting(self):
+        details = {'web-a': {'exclude_basic_auth': 'true'},
+                   'web-b': {}}
+
+        self.assertEqual([], get_basic_auth_setting(details, 'something', 'web-a'))
         self.assertEqual(
             ["acl need_auth http_auth(haproxy_userlist)", "http-request auth realm haproxy_basic_auth if !need_auth"],
-            get_basic_auth_setting('something'))
-        self.assertEqual([], get_basic_auth_setting(""))
+            get_basic_auth_setting(details, 'something', 'web-b'))
+        self.assertEqual([], get_basic_auth_setting(details, "", 'web-b'))