From 72299ab60d71c376a98aa0992809b4310b740baa Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <tkajinam@redhat.com>
Date: Wed, 29 Jun 2022 11:50:25 +0900
Subject: [PATCH] Expose headers option of apache::vhost

The headers option in apache::vhost is required in some case, for
example when adding the X-XSS-Protection header. This change allows
customizing the option for the api vhost.

This change also adds support for request_headers so that both request
headers and response headers can customized.

Change-Id: I0e78f2183ffe14c310ee5c5632c203258c8c85cd
---
 manifests/wsgi/apache.pp                         | 14 +++++++++++++-
 .../notes/apache-headers-8e291ff07e486d85.yaml   |  6 ++++++
 spec/classes/barbican_wsgi_apache_spec.rb        | 16 +++++++++++-----
 3 files changed, 30 insertions(+), 6 deletions(-)
 create mode 100644 releasenotes/notes/apache-headers-8e291ff07e486d85.yaml

diff --git a/manifests/wsgi/apache.pp b/manifests/wsgi/apache.pp
index 21a966d1..dc48d497 100644
--- a/manifests/wsgi/apache.pp
+++ b/manifests/wsgi/apache.pp
@@ -93,6 +93,14 @@
 #   { python-path => '/my/python/virtualenv' }
 #   Defaults to {}
 #
+# [*headers*]
+#   (optional) Headers for the vhost.
+#   Defaults to undef
+#
+# [*request_headers*]
+#   (optional) Modifies collected request headers in various ways.
+#   Defaults to undef
+#
 # [*vhost_custom_fragment*]
 #   (optional) Passes a string of custom configuration
 #   directives to be placed at the end of the vhost configuration.
@@ -127,6 +135,8 @@ class barbican::wsgi::apache (
   $access_log_format           = false,
   $error_log_file              = undef,
   $custom_wsgi_process_options = {},
+  $headers                     = undef,
+  $request_headers             = undef,
   $vhost_custom_fragment       = undef,
 ) {
 
@@ -160,9 +170,11 @@ class barbican::wsgi::apache (
     wsgi_script_dir             => $::barbican::params::barbican_wsgi_script_path,
     wsgi_script_file            => 'main',
     wsgi_script_source          => $::barbican::params::barbican_wsgi_script_source,
+    headers                     => $headers,
+    request_headers             => $request_headers,
+    custom_wsgi_process_options => $custom_wsgi_process_options,
     access_log_file             => $access_log_file,
     access_log_format           => $access_log_format,
     error_log_file              => $error_log_file,
-    custom_wsgi_process_options => $custom_wsgi_process_options,
   }
 }
diff --git a/releasenotes/notes/apache-headers-8e291ff07e486d85.yaml b/releasenotes/notes/apache-headers-8e291ff07e486d85.yaml
new file mode 100644
index 00000000..af42d414
--- /dev/null
+++ b/releasenotes/notes/apache-headers-8e291ff07e486d85.yaml
@@ -0,0 +1,6 @@
+---
+features:
+  - |
+    The ``barbican::wsgi::apache`` class now supports customizing
+    request/response headers added by apache.
+
diff --git a/spec/classes/barbican_wsgi_apache_spec.rb b/spec/classes/barbican_wsgi_apache_spec.rb
index 4af8e1a3..ef1846cc 100644
--- a/spec/classes/barbican_wsgi_apache_spec.rb
+++ b/spec/classes/barbican_wsgi_apache_spec.rb
@@ -38,13 +38,15 @@ describe 'barbican::wsgi::apache' do
         :wsgi_script_dir             => platform_params[:wsgi_script_path],
         :wsgi_script_file            => 'main',
         :wsgi_script_source          => '/usr/bin/barbican-wsgi-api',
+        :headers                     => nil,
+        :request_headers             => nil,
+        :custom_wsgi_process_options => {},
         :access_log_file             => false,
         :access_log_format           => false,
-        :custom_wsgi_process_options => {},
       )}
     end
 
-    context 'when overriding parameters using different ports' do
+    context 'when overriding parameters' do
       let :params do
         {
           :servername                  => 'dummy.host',
@@ -59,6 +61,8 @@ describe 'barbican::wsgi::apache' do
           :custom_wsgi_process_options => {
             'python_path' => '/my/python/path',
           },
+          :headers                     => ['set X-XSS-Protection "1; mode=block"'],
+          :request_headers             => ['set Content-Type "application/json"'],
           :vhost_custom_fragment       => 'Timeout 99',
         }
       end
@@ -80,12 +84,14 @@ describe 'barbican::wsgi::apache' do
         :wsgi_script_dir             => platform_params[:wsgi_script_path],
         :wsgi_script_file            => 'main',
         :wsgi_script_source          => '/usr/bin/barbican-wsgi-api',
-        :access_log_file             => '/var/log/httpd/access_log',
-        :access_log_format           => 'some format',
-        :error_log_file              => '/var/log/httpd/error_log',
+        :headers                     => ['set X-XSS-Protection "1; mode=block"'],
+        :request_headers             => ['set Content-Type "application/json"'],
         :custom_wsgi_process_options => {
           'python_path' => '/my/python/path',
         },
+        :access_log_file             => '/var/log/httpd/access_log',
+        :access_log_format           => 'some format',
+        :error_log_file              => '/var/log/httpd/error_log',
       )}
     end
   end