From 8f6bc169bbb75cfd33ca7627d2502336c0604dfa Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <tkajinam@redhat.com>
Date: Thu, 30 Jun 2022 08:41:14 +0900
Subject: [PATCH] Expose headers option of apache::vhost

The headers option in apache::vhost is required in some case, for
example when adding the X-XSS-Protection header. This change allows
customizing the option for the api vhost.

This change also adds support for request_headers so that both request
headers and response headers can customized.

Change-Id: Iaa9627fe8ff3439a9662704c2008ff0e93717ae3
---
 manifests/wsgi/apache.pp                         | 12 ++++++++++++
 .../notes/apache-headers-8753dd9186b29c0a.yaml   |  5 +++++
 spec/classes/designate_wsgi_apache_spec.rb       | 16 +++++++++++-----
 3 files changed, 28 insertions(+), 5 deletions(-)
 create mode 100644 releasenotes/notes/apache-headers-8753dd9186b29c0a.yaml

diff --git a/manifests/wsgi/apache.pp b/manifests/wsgi/apache.pp
index 9ca74b37..54d8c160 100644
--- a/manifests/wsgi/apache.pp
+++ b/manifests/wsgi/apache.pp
@@ -85,6 +85,14 @@
 #   { python-path => '/my/python/virtualenv' }
 #   Defaults to {}
 #
+# [*headers*]
+#   (Optional) Headers for the vhost.
+#   Defaults to undef
+#
+# [*request_headers*]
+#   (Optional) Modifies collected request headers in various ways.
+#   Defaults to undef
+#
 # [*vhost_custom_fragment*]
 #   (optional) Passes a string of custom configuration
 #   directives to be placed at the end of the vhost configuration.
@@ -116,6 +124,8 @@ class designate::wsgi::apache (
   $access_log_format           = false,
   $error_log_file              = undef,
   $custom_wsgi_process_options = {},
+  $headers                     = undef,
+  $request_headers             = undef,
   $vhost_custom_fragment       = undef,
 ) {
 
@@ -149,6 +159,8 @@ class designate::wsgi::apache (
     wsgi_script_dir             => $::designate::params::designate_wsgi_script_path,
     wsgi_script_file            => 'app',
     wsgi_script_source          => $::designate::params::designate_wsgi_script_source,
+    headers                     => $headers,
+    request_headers             => $request_headers,
     access_log_file             => $access_log_file,
     access_log_format           => $access_log_format,
     error_log_file              => $error_log_file,
diff --git a/releasenotes/notes/apache-headers-8753dd9186b29c0a.yaml b/releasenotes/notes/apache-headers-8753dd9186b29c0a.yaml
new file mode 100644
index 00000000..442551b1
--- /dev/null
+++ b/releasenotes/notes/apache-headers-8753dd9186b29c0a.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    The ``designate::wsgi::apache`` class now supports customizing
+    request/response headers added by apache.
diff --git a/spec/classes/designate_wsgi_apache_spec.rb b/spec/classes/designate_wsgi_apache_spec.rb
index f996763d..f07b9751 100644
--- a/spec/classes/designate_wsgi_apache_spec.rb
+++ b/spec/classes/designate_wsgi_apache_spec.rb
@@ -19,13 +19,15 @@ describe 'designate::wsgi::apache' do
         :wsgi_script_dir             => platform_params[:wsgi_script_path],
         :wsgi_script_file            => 'app',
         :wsgi_script_source          => platform_params[:wsgi_script_source],
-        :custom_wsgi_process_options => {},
         :access_log_file             => false,
         :access_log_format           => false,
+        :custom_wsgi_process_options => {},
+        :headers                     => nil,
+        :request_headers             => nil,
       )}
     end
 
-    context 'when overriding parameters using different ports' do
+    context 'when overriding parameters' do
       let :params do
         {
           :servername                  => 'dummy.host',
@@ -34,12 +36,14 @@ describe 'designate::wsgi::apache' do
           :ssl                         => true,
           :wsgi_process_display_name   => 'designate',
           :workers                     => 37,
-          :custom_wsgi_process_options => {
-            'python_path' => '/my/python/path',
-          },
           :access_log_file             => '/var/log/httpd/access_log',
           :access_log_format           => 'some format',
           :error_log_file              => '/var/log/httpd/error_log',
+          :custom_wsgi_process_options => {
+            'python_path' => '/my/python/path',
+          },
+          :headers                     => ['set X-XSS-Protection "1; mode=block"'],
+          :request_headers             => ['set Content-Type "application/json"'],
           :vhost_custom_fragment       => 'Timeout 99'
         }
       end
@@ -61,6 +65,8 @@ describe 'designate::wsgi::apache' do
         :wsgi_script_dir             => platform_params[:wsgi_script_path],
         :wsgi_script_file            => 'app',
         :wsgi_script_source          => platform_params[:wsgi_script_source],
+        :headers                     => ['set X-XSS-Protection "1; mode=block"'],
+        :request_headers             => ['set Content-Type "application/json"'],
         :custom_wsgi_process_options => {
           'python_path' => '/my/python/path',
         },