From fa246a7a866a477f0276364d2f75f3a44713d340 Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Tue, 26 Sep 2017 17:27:31 +0000
Subject: [PATCH] odcs - Require a valid oidc user for POST PATCH PUT and
 DELETE.

---
 .../frontend/templates/etc/httpd/conf.d/odcs.conf.j2   | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/roles/odcs/frontend/templates/etc/httpd/conf.d/odcs.conf.j2 b/roles/odcs/frontend/templates/etc/httpd/conf.d/odcs.conf.j2
index 7188644cea..43e093f5e2 100644
--- a/roles/odcs/frontend/templates/etc/httpd/conf.d/odcs.conf.j2
+++ b/roles/odcs/frontend/templates/etc/httpd/conf.d/odcs.conf.j2
@@ -36,8 +36,16 @@ OIDCOAuthIntrospectionEndpointParams token_type_hint=Bearer
             {{ 'Require ip ' ~ odcs_allowed_hosts|join(' ') }}
             {% endif %}
         </RequireAny>
-        {% endif %}
         Require all granted
+        {% else %}
+        AuthType openid-connect
+        <Limit GET HEAD OPTIONS>
+            Require all granted
+        </Limit>
+        <Limit POST PATCH PUT DELETE>
+            Require valid-user
+        </Limit>
+        {% endif %}
     </RequireAll>
 </Directory>