Allow customizing apache::vhost parameters for SSL vhost

This change introduces the new ssl_extra_params parameter, which allows overriding apache::vhost parameters for SSL vhost. This parameter behaves like the existing extra_params parameter, but affects only the SSL vhost. When this parameter is NOT set, then the extra_params parameter affects both non-SSL vhost and SSL vhost. Change-Id: I88fc341f6970006b03cc796117e2fb8f46e87a52 (cherry picked from commit fa7b8c6d4a) (cherry picked from commit c2dd9078e6) (cherry picked from commit f19fc003ec)
2022-04-05 08:56:13 +09:00 · 2022-04-05 08:56:13 +09:00 · 6fc4f4d38a
parent 9a6961d551
commit 6fc4f4d38a
3 changed files with 71 additions and 22 deletions
--- a/manifests/wsgi/apache.pp
+++ b/manifests/wsgi/apache.pp
@ -75,6 +75,11 @@
 #   (optional) A hash of extra parameters for apache::wsgi class.
 #   Defaults to {}
 #
+# [*ssl_extra_params*]
+#   (optional) A hash of extra parameters for apache::wsgi class. This is used
+#   for SSL vhost and overrides $extra_params.
+#   Defaults to undef
+#
 # [*redirect_type*]
 #   (optional) What type of redirect to use when redirecting an http request
 #   for a user. This should be either 'temp' or 'permanent'. Setting this value
@ -126,6 +131,7 @@ class horizon::wsgi::apache (
  $vhost_conf_name             = 'horizon_vhost',
  $vhost_ssl_conf_name         = 'horizon_ssl_vhost',
  $extra_params                = {},
+  $ssl_extra_params            = undef,
  $redirect_type               = 'permanent',
  $root_url                    = $::horizon::params::root_url,
  $root_path                   = "${::horizon::params::static_path}/openstack-dashboard",
@ -297,26 +303,39 @@ class horizon::wsgi::apache (
    $redirectmatch_url_real = $root_url_real ? { '' => undef, '/' => undef, default => $redirect_url }
  }

-  ensure_resource('apache::vhost', $vhost_conf_name, merge ($default_vhost_conf, $extra_params, {
-    wsgi_daemon_process => hash([$::horizon::params::wsgi_group, $wsgi_daemon_process_options])
-    }, {
-    redirectmatch_regexp => $redirectmatch_regexp_real,
-    redirectmatch_dest   => $redirectmatch_url_real,
-    options              => ['-Indexes', '+FollowSymLinks','+MultiViews'],
-  }))
-  ensure_resource('apache::vhost', $vhost_ssl_conf_name, merge ($default_vhost_conf, $extra_params, {
-    wsgi_daemon_process => hash(['horizon-ssl', $wsgi_daemon_process_options]),
-    }, {
-    access_log_file      => 'horizon_ssl_access.log',
-    error_log_file       => 'horizon_ssl_error.log',
-    priority             => $priority,
-    ssl                  => true,
-    port                 => $https_port,
-    ensure               => $ensure_ssl_vhost,
-    wsgi_process_group   => 'horizon-ssl',
-    redirectmatch_regexp => $root_url_real ? { '' => undef, '/' => undef, default => '^/$' },
-    redirectmatch_dest   => $root_url_real ? { '' => undef, '/' => undef, default => $root_url_real },
-    options              => ['-Indexes', '+FollowSymLinks','+MultiViews'],
-  }))
+  ensure_resource('apache::vhost', $vhost_conf_name, merge(
+    $default_vhost_conf,
+    $extra_params,
+    {
+      wsgi_daemon_process => hash([$::horizon::params::wsgi_group, $wsgi_daemon_process_options])
+    },
+    {
+      redirectmatch_regexp => $redirectmatch_regexp_real,
+      redirectmatch_dest   => $redirectmatch_url_real,
+      options              => ['-Indexes', '+FollowSymLinks','+MultiViews'],
+    }
+  ))
+
+
+  $ssl_extra_params_real = pick_default($ssl_extra_params, $extra_params)
+  ensure_resource('apache::vhost', $vhost_ssl_conf_name, merge(
+    $default_vhost_conf,
+    $ssl_extra_params_real,
+    {
+      wsgi_daemon_process => hash(['horizon-ssl', $wsgi_daemon_process_options]),
+    },
+    {
+      access_log_file      => 'horizon_ssl_access.log',
+      error_log_file       => 'horizon_ssl_error.log',
+      priority             => $priority,
+      ssl                  => true,
+      port                 => $https_port,
+      ensure               => $ensure_ssl_vhost,
+      wsgi_process_group   => 'horizon-ssl',
+      redirectmatch_regexp => $root_url_real ? { '' => undef, '/' => undef, default => '^/$' },
+      redirectmatch_dest   => $root_url_real ? { '' => undef, '/' => undef, default => $root_url_real },
+      options              => ['-Indexes', '+FollowSymLinks','+MultiViews'],
+    }
+  ))

 }
--- a/releasenotes/notes/wsgi-ssl_extra_params-f775a56966c5d475.yaml
+++ b/releasenotes/notes/wsgi-ssl_extra_params-f775a56966c5d475.yaml
@ -0,0 +1,6 @@
+---
+features:
+  - |
+    The new ``horizon::wsgi::apache::ssl_extra_params`` parameter has been
+    added. This parameter affects only ssl vhost and overrides
+    the ``extra_params`` parameter when set.
--- a/spec/classes/horizon_wsgi_apache_spec.rb
+++ b/spec/classes/horizon_wsgi_apache_spec.rb
@ -231,7 +231,7 @@ describe 'horizon::wsgi::apache' do
        params.merge!({
          :extra_params  => {
            'add_listen' => false,
-            'docroot' => '/tmp'
+            'docroot'    => '/tmp'
          },
        })
      end
@ -240,6 +240,30 @@ describe 'horizon::wsgi::apache' do
        :add_listen => false,
        :docroot    => '/tmp'
      )}
+      it { should contain_apache__vhost('horizon_ssl_vhost').with(
+        :add_listen => false,
+        :docroot    => '/tmp'
+      )}
+    end
+
+    context 'with ssl extra parameters' do
+      before do
+        params.merge!({
+          :extra_params  => {
+            'docroot' => '/root1'
+          },
+          :ssl_extra_params  => {
+            'docroot' => '/root2'
+          },
+        })
+      end
+
+      it { should contain_apache__vhost('horizon_vhost').with(
+        :docroot => '/root1'
+      )}
+      it { should contain_apache__vhost('horizon_ssl_vhost').with(
+        :docroot => '/root2'
+      )}
    end

    context 'with root_url set to /' do