Our nginx_location role supports the auth: sram option to configure SRAM auth via the REMOTE_USER header. We could check if this actually works by using ansible.builtin.get_url to get the <workspace_fqdn>/<configured_location_with_sram_auth> and seeing if we get the expected redirect or 403. This would make sure that accidental misconfigurations don't end up exposing a workspace without auth.
This could be either in addition to the require_src_nginx role check, or replace it.
Our
nginx_locationrole supports theauth: sramoption to configure SRAM auth via the REMOTE_USER header. We could check if this actually works by usingansible.builtin.get_urlto get the<workspace_fqdn>/<configured_location_with_sram_auth>and seeing if we get the expected redirect or 403. This would make sure that accidental misconfigurations don't end up exposing a workspace without auth.This could be either in addition to the
require_src_nginxrole check, or replace it.