From 5297605ad402e4eabaf046bdc27537dbd6460b7f Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <kajinamit@oss.nttdata.com>
Date: Tue, 9 Jul 2024 21:49:14 +0900
Subject: [PATCH] Support [DEFAULT] cors_expose_headers

... so that all options rleated to CORS can be customized.

Change-Id: If93fc6b7c16afb5e422f2e7cc6063769d9ce46fe
---
 manifests/proxy.pp                            | 27 ++++++++++++-------
 ...-cors_expose_headers-7ff397892879ff91.yaml |  4 +++
 spec/classes/swift_proxy_spec.rb              |  5 +++-
 3 files changed, 25 insertions(+), 11 deletions(-)
 create mode 100644 releasenotes/notes/proxy-cors_expose_headers-7ff397892879ff91.yaml

diff --git a/manifests/proxy.pp b/manifests/proxy.pp
index 5637a190..dae92224 100644
--- a/manifests/proxy.pp
+++ b/manifests/proxy.pp
@@ -123,15 +123,20 @@
 #    Configures log_name for swift proxy-server.
 #    Optional. Defaults to proxy-server
 #
-# [*cors_allow_origin*]
-#   (optional) Origins to be allowed to make Cross Origin Requests.
-#   A comma separated list of full url (http://foo.bar:1234,https://foo.bar)
-#   Defaults to $facts['os_service_default'].
+#  [*cors_allow_origin*]
+#    (optional) Origins to be allowed to make Cross Origin Requests.
+#    A comma separated list of full url (http://foo.bar:1234,https://foo.bar)
+#    Defaults to $facts['os_service_default'].
 #
-# [*strict_cors_mode*]
-#   (optional) If True (default) then CORS requests are only allowed if their
-#   Origin header matches an allowed origin. Otherwise, any Origin is allowed.
-#   Defaults to $facts['os_service_default'].
+#  [*strict_cors_mode*]
+#    (optional) If True (default) then CORS requests are only allowed if their
+#    Origin header matches an allowed origin. Otherwise, any Origin is allowed.
+#    Defaults to $facts['os_service_default'].
+#
+#  [*cors_expose_headers*]
+#    (optional) List of headers to expose through Access-Control-Expose-Headers,
+#    in addition to the defaults and any headers set in container metadata.
+#    Defaults to $facts['os_service_default'].
 #
 #  [*service_provider*]
 #    (optional)
@@ -173,6 +178,7 @@ class swift::proxy(
   $log_name                                = 'proxy-server',
   $cors_allow_origin                       = $facts['os_service_default'],
   $strict_cors_mode                        = $facts['os_service_default'],
+  $cors_expose_headers                     = $facts['os_service_default'],
   $object_chunk_size                       = $facts['os_service_default'],
   $client_chunk_size                       = $facts['os_service_default'],
   $max_containers_per_account              = $facts['os_service_default'],
@@ -267,8 +273,9 @@ class swift::proxy(
   }
 
   swift_proxy_config {
-    'DEFAULT/cors_allow_origin': value => join(any2array($cors_allow_origin), ',');
-    'DEFAULT/strict_cors_mode':  value => $strict_cors_mode;
+    'DEFAULT/cors_allow_origin':   value => join(any2array($cors_allow_origin), ',');
+    'DEFAULT/strict_cors_mode':    value => $strict_cors_mode;
+    'DEFAULT/cors_expose_headers': value => join(any2array($cors_expose_headers), ',');
   }
 
   if $write_affinity {
diff --git a/releasenotes/notes/proxy-cors_expose_headers-7ff397892879ff91.yaml b/releasenotes/notes/proxy-cors_expose_headers-7ff397892879ff91.yaml
new file mode 100644
index 00000000..ea885db1
--- /dev/null
+++ b/releasenotes/notes/proxy-cors_expose_headers-7ff397892879ff91.yaml
@@ -0,0 +1,4 @@
+---
+features:
+  - |
+    The new ``swift::proxy::cors_expose_headers`` parameter has been added.
diff --git a/spec/classes/swift_proxy_spec.rb b/spec/classes/swift_proxy_spec.rb
index 0dc23c8e..48633879 100644
--- a/spec/classes/swift_proxy_spec.rb
+++ b/spec/classes/swift_proxy_spec.rb
@@ -89,6 +89,7 @@ describe 'swift::proxy' do
         it { should contain_swift_proxy_config('app:proxy-server/recoverable_node_timeout').with_value('<SERVICE DEFAULT>') }
         it { should contain_swift_proxy_config('DEFAULT/cors_allow_origin').with_value('<SERVICE DEFAULT>') }
         it { should contain_swift_proxy_config('DEFAULT/strict_cors_mode').with_value('<SERVICE DEFAULT>') }
+        it { should contain_swift_proxy_config('DEFAULT/cors_expose_headers').with_value('<SERVICE DEFAULT>') }
 
         it { should contain_service('swift-proxy-server').with_require([
           'Class[Swift::Proxy::Catch_errors]',
@@ -150,7 +151,8 @@ describe 'swift::proxy' do
               :node_timeout               => '20',
               :recoverable_node_timeout   => '15',
               :cors_allow_origin          => ['http://foo.bar:1234', 'https://foo.bar'],
-              :strict_cors_mode           => true
+              :strict_cors_mode           => true,
+              :cors_expose_headers        => ['header-a', 'header-b'],
             }
           end
 
@@ -186,6 +188,7 @@ describe 'swift::proxy' do
           it { should contain_swift_proxy_config('app:proxy-server/recoverable_node_timeout').with_value('15') }
           it { should contain_swift_proxy_config('DEFAULT/cors_allow_origin').with_value('http://foo.bar:1234,https://foo.bar') }
           it { should contain_swift_proxy_config('DEFAULT/strict_cors_mode').with_value('true') }
+          it { should contain_swift_proxy_config('DEFAULT/cors_expose_headers').with_value('header-a,header-b') }
         end
 
         describe "when log udp port is set" do