openstack/puppet-nova
Code Issues Proposed changes

Expose headers option of apache::vhost

Browse Source 
The headers option in apache::vhost is required in some case, for
example when adding the X-XSS-Protection header. This change allows
customizing the option for the api vhost.

This change also adds support for request_headers so that both request
headers and response headers can customized.

Change-Id: I23568d804f97c804f8883b49690f77d2119c4b87
This commit is contained in:
Takashi Kajinami 2022-07-01 10:56:03 +09:00
parent 4466f7cde6
commit 34351eacda
5 changed files with 44 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
manifests/wsgi/apache_api.pp
View File

@ -90,6 +90,14 @@
# { python-path => '/my/python/virtualenv' }
# Defaults to {}
#
# [*headers*]
# (optional) Headers for the vhost.
# Defaults to undef
#
# [*request_headers*]
# (optional) Modifies collected request headers in various ways.
# Defaults to undef
#
# [*vhost_custom_fragment*]
# (optional) Passes a string of custom configuration
# directives to be placed at the end of the vhost configuration.
@ -126,6 +134,8 @@ class nova::wsgi::apache_api (
$access_log_format = false,
$error_log_file = undef,
$custom_wsgi_process_options = {},
$headers = undef,
$request_headers = undef,
$vhost_custom_fragment = undef,
) {
@ -160,6 +170,8 @@ class nova::wsgi::apache_api (
wsgi_script_dir => $::nova::params::nova_wsgi_script_path,
wsgi_script_file => 'nova-api',
wsgi_script_source => $::nova::params::nova_api_wsgi_script_source,
headers => $headers,
request_headers => $request_headers,
custom_wsgi_process_options => $custom_wsgi_process_options,
access_log_file => $access_log_file,
access_log_format => $access_log_format,

12
manifests/wsgi/apache_metadata.pp
View File

@ -76,6 +76,14 @@
# { python-path => '/my/python/virtualenv' }
# Defaults to {}
#
# [*headers*]
# (optional) Headers for the vhost.
# Defaults to undef
#
# [*request_headers*]
# (optional) Modifies collected request headers in various ways.
# Defaults to undef
#
# [*vhost_custom_fragment*]
# (optional) Passes a string of custom configuration
# directives to be placed at the end of the vhost configuration.
@ -113,6 +121,8 @@ class nova::wsgi::apache_metadata (
$access_log_format = false,
$error_log_file = undef,
$custom_wsgi_process_options = {},
$headers = undef,
$request_headers = undef,
$vhost_custom_fragment = undef,
) {
@ -155,6 +165,8 @@ class nova::wsgi::apache_metadata (
wsgi_script_dir => $::nova::params::nova_wsgi_script_path,
wsgi_script_file => 'nova-metadata-api',
wsgi_script_source => $::nova::params::nova_metadata_wsgi_script_source,
headers => $headers,
request_headers => $request_headers,
custom_wsgi_process_options => $custom_wsgi_process_options,
access_log_file => $access_log_file,
access_log_format => $access_log_format,

6
releasenotes/notes/apache-headers-16bebb9da1fb6cb6.yaml Normal file
View File

@ -0,0 +1,6 @@
---
features:
- |
The ``nova::wsgi::apache_api`` class and
the ``nova::wsgi::apache_metadata`` class now support customizing
request/response headers added by apache.

8
spec/classes/nova_wsgi_apache_api_spec.rb
View File

@ -28,6 +28,8 @@ describe 'nova::wsgi::apache_api' do
:wsgi_script_dir => platform_params[:wsgi_script_path],
:wsgi_script_file => 'nova-api',
:wsgi_script_source => platform_params[:api_wsgi_script_source],
:headers => nil,
:request_headers => nil,
:custom_wsgi_process_options => {},
:access_log_file => false,
:access_log_format => false,
@ -35,7 +37,7 @@ describe 'nova::wsgi::apache_api' do
)}
end
context 'when overriding parameters using different ports' do
context 'when overriding parameters' do
let :pre_condition do
"include nova
class { 'nova::keystone::authtoken':
@ -58,6 +60,8 @@ describe 'nova::wsgi::apache_api' do
:custom_wsgi_process_options => {
'python_path' => '/my/python/path',
},
:headers => ['set X-XSS-Protection "1; mode=block"'],
:request_headers => ['set Content-Type "application/json"'],
:access_log_file => '/var/log/httpd/access_log',
:access_log_format => 'some format',
:error_log_file => '/var/log/httpd/error_log'
@ -82,6 +86,8 @@ describe 'nova::wsgi::apache_api' do
:wsgi_script_dir => platform_params[:wsgi_script_path],
:wsgi_script_file => 'nova-api',
:wsgi_script_source => platform_params[:api_wsgi_script_source],
:headers => ['set X-XSS-Protection "1; mode=block"'],
:request_headers => ['set Content-Type "application/json"'],
:custom_wsgi_process_options => {
'python_path' => '/my/python/path',
},

8
spec/classes/nova_wsgi_apache_metadata_spec.rb
View File

@ -26,6 +26,8 @@ describe 'nova::wsgi::apache_metadata' do
:wsgi_script_dir => platform_params[:wsgi_script_path],
:wsgi_script_file => 'nova-metadata-api',
:wsgi_script_source => platform_params[:metadata_wsgi_script_source],
:headers => nil,
:request_headers => nil,
:custom_wsgi_process_options => {},
:access_log_file => false,
:access_log_format => false,
@ -33,7 +35,7 @@ describe 'nova::wsgi::apache_metadata' do
)}
end
context 'when overriding parameters using different ports' do
context 'when overriding parameters' do
let :pre_condition do
"include nova
class { 'nova::keystone::authtoken':
@ -54,6 +56,8 @@ describe 'nova::wsgi::apache_metadata' do
:custom_wsgi_process_options => {
'python_path' => '/my/python/path',
},
:headers => ['set X-XSS-Protection "1; mode=block"'],
:request_headers => ['set Content-Type "application/json"'],
:access_log_file => '/var/log/httpd/access_log',
:access_log_format => 'some format',
:error_log_file => '/var/log/httpd/error_log'
@ -78,6 +82,8 @@ describe 'nova::wsgi::apache_metadata' do
:wsgi_script_dir => platform_params[:wsgi_script_path],
:wsgi_script_file => 'nova-metadata-api',
:wsgi_script_source => platform_params[:metadata_wsgi_script_source],
:headers => ['set X-XSS-Protection "1; mode=block"'],
:request_headers => ['set Content-Type "application/json"'],
:custom_wsgi_process_options => {
'python_path' => '/my/python/path',
},