From 5a91c7d22d3ba88dd7a488e8d26145ccc294571c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Jeanneret?= <cjeanner@redhat.com>
Date: Fri, 28 Feb 2020 08:08:26 +0100
Subject: [PATCH] Reflect openstacklib options for apache::vhost resources

It was discovered that Directory Index was enabled by default, leading
to potential leak of data.

A patch was done in puppet-openstacklib[1], but horizon doesn't use this
common lib, meaning it wasn't properly fixed.

[1] change id Icba53f4e32237556608f4cb6dcd9da1a71705c19

Related-Bug: #1854442
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1729423

Change-Id: Ife921f8409f58b70c5da4c344e330eec56669e20
(cherry picked from commit 7ec0c090ebdce9f48dbfa073c9427761c1a5ef11)
(cherry picked from commit bacf1cb9e5b8c914b1dc5826b4b9b4f749a13160)
---
 manifests/wsgi/apache.pp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/manifests/wsgi/apache.pp b/manifests/wsgi/apache.pp
index 4d16b685..3b00c67b 100644
--- a/manifests/wsgi/apache.pp
+++ b/manifests/wsgi/apache.pp
@@ -267,6 +267,7 @@ class horizon::wsgi::apache (
   ensure_resource('apache::vhost', $vhost_conf_name, merge ($default_vhost_conf, $extra_params, {
     redirectmatch_regexp => $redirectmatch_regexp_real,
     redirectmatch_dest   => $redirectmatch_url_real,
+    options              => ['-Indexes', '+FollowSymLinks','+MultiViews'],
   }))
   ensure_resource('apache::vhost', $vhost_ssl_conf_name, merge ($default_vhost_conf, $extra_params, {
     access_log_file      => 'horizon_ssl_access.log',
@@ -279,6 +280,7 @@ class horizon::wsgi::apache (
     wsgi_process_group   => 'horizon-ssl',
     redirectmatch_regexp => $root_url ? { '' => undef, '/' => undef, default => '^/$' },
     redirectmatch_dest   => $root_url ? { '' => undef, '/' => undef, default => $root_url },
+    options              => ['-Indexes', '+FollowSymLinks','+MultiViews'],
   }))
 
 }