From 51cfa309452f84682c6ce375ec6f7b37a990e6b4 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Thu, 30 Jun 2022 09:18:23 +0900 Subject: [PATCH] Expose headers option of apache::vhost The headers option in apache::vhost is required in some case, for example when adding the X-XSS-Protection header. This change allows customizing the option for the api vhost. Change-Id: I2c527b5511db04f9daa7f605b565a567599b5431 --- manifests/wsgi/apache.pp | 18 ++++++++++++------ manifests/wsgi/apache_api.pp | 16 +++++++++++----- manifests/wsgi/apache_api_cfn.pp | 18 ++++++++++++------ .../notes/apache-headers-d01de20dc4bb87a8.yaml | 5 +++++ spec/classes/heat_wsgi_apache_api_cfn_spec.rb | 7 ++++--- spec/classes/heat_wsgi_apache_api_spec.rb | 6 ++++-- spec/defines/heat_wsgi_apache_spec.rb | 1 + 7 files changed, 49 insertions(+), 22 deletions(-) create mode 100644 releasenotes/notes/apache-headers-d01de20dc4bb87a8.yaml diff --git a/manifests/wsgi/apache.pp b/manifests/wsgi/apache.pp index 3f3b85ea..ba65270c 100644 --- a/manifests/wsgi/apache.pp +++ b/manifests/wsgi/apache.pp @@ -66,9 +66,6 @@ # apache::vhost ssl parameters. # Optional. Default to apache::vhost 'ssl_*' defaults. # -# [*vhost_custom_fragment*] -# (optional) Additional vhost configuration, if applicable. -# # [*access_log_file*] # The log file name for the virtualhost. # Optional. Defaults to false. @@ -93,10 +90,17 @@ # (optional) Name of the WSGI process display-name. # Defaults to undef # +# [*headers*] +# (optional) Headers for the vhost. +# Defaults to undef +# # [*request_headers*] # (optional) Modifies collected request headers in various ways. # Defaults to undef # +# [*vhost_custom_fragment*] +# (optional) Additional vhost configuration, if applicable. +# # == Dependencies # # requires Class['apache'] & Class['heat'] @@ -123,13 +127,14 @@ define heat::wsgi::apache ( $ssl_certs_dir = undef, $threads = 1, $priority = '10', - $vhost_custom_fragment = undef, $access_log_file = false, $access_log_format = false, $error_log_file = undef, $custom_wsgi_process_options = {}, $wsgi_process_display_name = undef, + $headers = undef, $request_headers = undef, + $vhost_custom_fragment = undef, ) { if $title !~ /^api(|_cfn)$/ { fail('The valid options are api, api_cfn') @@ -157,6 +162,7 @@ define heat::wsgi::apache ( ssl_key => $ssl_key, threads => $threads, user => $::heat::params::user, + vhost_custom_fragment => $vhost_custom_fragment, workers => $workers, wsgi_daemon_process => "heat_${title}", wsgi_process_display_name => $wsgi_process_display_name, @@ -164,12 +170,12 @@ define heat::wsgi::apache ( wsgi_script_dir => $::heat::params::heat_wsgi_script_path, wsgi_script_file => "heat_${title}", wsgi_script_source => getvar("::heat::params::heat_${title}_wsgi_script_source"), + headers => $headers, + request_headers => $request_headers, custom_wsgi_process_options => $custom_wsgi_process_options, allow_encoded_slashes => 'on', - vhost_custom_fragment => $vhost_custom_fragment, access_log_file => $access_log_file, access_log_format => $access_log_format, error_log_file => $error_log_file, - request_headers => $request_headers, } } diff --git a/manifests/wsgi/apache_api.pp b/manifests/wsgi/apache_api.pp index c7f034fc..2bb56c5a 100644 --- a/manifests/wsgi/apache_api.pp +++ b/manifests/wsgi/apache_api.pp @@ -85,14 +85,18 @@ # (optional) Name of the WSGI process display-name. # Defaults to undef # -# [*vhost_custom_fragment*] -# (optional) Additional vhost configuration, if applicable. +# [*headers*] +# (optional) Headers for the vhost. # Defaults to undef # # [*request_headers*] # (optional) Modifies collected request headers in various ways. # Defaults to undef # +# [*vhost_custom_fragment*] +# (optional) Additional vhost configuration, if applicable. +# Defaults to undef +# # == Dependencies # # requires Class['apache'] & Class['heat'] @@ -124,8 +128,9 @@ class heat::wsgi::apache_api ( $error_log_file = undef, $custom_wsgi_process_options = {}, $wsgi_process_display_name = undef, - $vhost_custom_fragment = undef, + $headers = undef, $request_headers = undef, + $vhost_custom_fragment = undef, ) { heat::wsgi::apache { 'api': @@ -143,13 +148,14 @@ class heat::wsgi::apache_api ( ssl_crl => $ssl_crl, ssl_certs_dir => $ssl_certs_dir, threads => $threads, - custom_wsgi_process_options => $custom_wsgi_process_options, priority => $priority, access_log_file => $access_log_file, access_log_format => $access_log_format, error_log_file => $error_log_file, + custom_wsgi_process_options => $custom_wsgi_process_options, wsgi_process_display_name => $wsgi_process_display_name, - vhost_custom_fragment => $vhost_custom_fragment, + headers => $headers, request_headers => $request_headers, + vhost_custom_fragment => $vhost_custom_fragment, } } diff --git a/manifests/wsgi/apache_api_cfn.pp b/manifests/wsgi/apache_api_cfn.pp index 6f6ca9ef..84cd517a 100644 --- a/manifests/wsgi/apache_api_cfn.pp +++ b/manifests/wsgi/apache_api_cfn.pp @@ -85,15 +85,19 @@ # (optional) Name of the WSGI process display-name. # Defaults to undef # -# [*vhost_custom_fragment*] -# (optional) Passes a string of custom configuration -# directives to be placed at the end of the vhost configuration. +# [*headers*] +# (optional) Headers for the vhost. # Defaults to undef # # [*request_headers*] # (optional) Modifies collected request headers in various ways. # Defaults to ['set Content-Type "application/json"'] # +# [*vhost_custom_fragment*] +# (optional) Passes a string of custom configuration +# directives to be placed at the end of the vhost configuration. +# Defaults to undef +# # == Dependencies # # requires Class['apache'] & Class['heat'] @@ -125,9 +129,10 @@ class heat::wsgi::apache_api_cfn ( $error_log_file = undef, $custom_wsgi_process_options = {}, $wsgi_process_display_name = undef, - $vhost_custom_fragment = undef, + $headers = undef, # Enforce content-type, see https://bugs.launchpad.net/tripleo/+bug/1641589 $request_headers = ['set Content-Type "application/json"'], + $vhost_custom_fragment = undef, ) { validate_legacy(Integer, 'validate_integer', $port) @@ -157,12 +162,13 @@ class heat::wsgi::apache_api_cfn ( ssl_certs_dir => $ssl_certs_dir, threads => $threads, priority => $priority, - vhost_custom_fragment => $vhost_custom_fragment, - custom_wsgi_process_options => $custom_wsgi_process_options, access_log_file => $access_log_file, access_log_format => $access_log_format, error_log_file => $error_log_file, + custom_wsgi_process_options => $custom_wsgi_process_options, wsgi_process_display_name => $wsgi_process_display_name, + headers => $headers, request_headers => $request_headers, + vhost_custom_fragment => $vhost_custom_fragment, } } diff --git a/releasenotes/notes/apache-headers-d01de20dc4bb87a8.yaml b/releasenotes/notes/apache-headers-d01de20dc4bb87a8.yaml new file mode 100644 index 00000000..3a144b77 --- /dev/null +++ b/releasenotes/notes/apache-headers-d01de20dc4bb87a8.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + The ``heat::wsgi::apache_api`` class and the ``heat::wsgi::apache_api_cfn`` + class now support customizing response headers added by apache. diff --git a/spec/classes/heat_wsgi_apache_api_cfn_spec.rb b/spec/classes/heat_wsgi_apache_api_cfn_spec.rb index d452ecc7..d3f15074 100644 --- a/spec/classes/heat_wsgi_apache_api_cfn_spec.rb +++ b/spec/classes/heat_wsgi_apache_api_cfn_spec.rb @@ -19,14 +19,15 @@ describe 'heat::wsgi::apache_api_cfn' do :ssl_crl_path => nil, :ssl_certs_dir => nil, :wsgi_process_display_name => nil, + :vhost_custom_fragment => nil, :threads => 1, :priority => 10, + :headers => nil, + :request_headers => ['set Content-Type "application/json"'], :custom_wsgi_process_options => {}, :access_log_file => false, :access_log_format => false, - :vhost_custom_fragment => nil, - :request_headers => ['set Content-Type "application/json"'],) - } + )} end end diff --git a/spec/classes/heat_wsgi_apache_api_spec.rb b/spec/classes/heat_wsgi_apache_api_spec.rb index 148d7aad..2301e1a7 100644 --- a/spec/classes/heat_wsgi_apache_api_spec.rb +++ b/spec/classes/heat_wsgi_apache_api_spec.rb @@ -22,10 +22,12 @@ describe 'heat::wsgi::apache_api' do :vhost_custom_fragment => nil, :threads => 1, :priority => 10, + :headers => nil, + :request_headers => nil, :custom_wsgi_process_options => {}, :access_log_file => false, - :access_log_format => false,) - } + :access_log_format => false, + )} end end diff --git a/spec/defines/heat_wsgi_apache_spec.rb b/spec/defines/heat_wsgi_apache_spec.rb index a8437378..07ad61b5 100644 --- a/spec/defines/heat_wsgi_apache_spec.rb +++ b/spec/defines/heat_wsgi_apache_spec.rb @@ -27,6 +27,7 @@ describe 'heat::wsgi::apache' do 'wsgi_script_dir' => platform_params[:wsgi_script_dir], 'wsgi_script_file' => "heat_#{title}", 'allow_encoded_slashes' => 'on', + 'headers' => nil, 'request_headers' => nil, )} end