From fd5376481ff43b53fbade39237900b25ce6adf44 Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <tkajinam@redhat.com>
Date: Fri, 1 Jul 2022 16:18:26 +0900
Subject: [PATCH] Expose headers option of apache::vhost

The headers option in apache::vhost is required in some case, for
example when adding the X-XSS-Protection header. This change allows
customizing the option for the api vhost.

This change also adds support for request_headers so that both request
headers and response headers can customized.

Change-Id: I3f0777ec48dd0196ad82b902ab2c3f54cf170717
---
 manifests/wsgi/apache.pp                      | 26 ++++++++++++++-----
 .../apache-headers-61aa1ceb5012239f.yaml      |  5 ++++
 spec/classes/watcher_wsgi_apache_spec.rb      |  8 +++++-
 3 files changed, 31 insertions(+), 8 deletions(-)
 create mode 100644 releasenotes/notes/apache-headers-61aa1ceb5012239f.yaml

diff --git a/manifests/wsgi/apache.pp b/manifests/wsgi/apache.pp
index 71e65f6..fe3b7f8 100644
--- a/manifests/wsgi/apache.pp
+++ b/manifests/wsgi/apache.pp
@@ -78,13 +78,21 @@
 #     apache::vhost ssl parameters.
 #     Optional. Default to apache::vhost 'ssl_*' defaults.
 #
-# [*custom_wsgi_process_options*]
-#   (optional) gives you the oportunity to add custom process options or to
-#   overwrite the default options for the WSGI main process.
-#   eg. to use a virtual python environment for the WSGI process
-#   you could set it to:
-#   { python-path => '/my/python/virtualenv' }
-#   Defaults to {}
+#   [*custom_wsgi_process_options*]
+#     (optional) gives you the oportunity to add custom process options or to
+#     overwrite the default options for the WSGI main process.
+#     eg. to use a virtual python environment for the WSGI process
+#     you could set it to:
+#     { python-path => '/my/python/virtualenv' }
+#     Defaults to {}
+#
+#   [*headers*]
+#     (optional) Headers for the vhost.
+#     Defaults to undef
+#
+#   [*request_headers*]
+#     (optional) Modifies collected request headers in various ways.
+#     Defaults to undef
 #
 # == Dependencies
 #
@@ -117,6 +125,8 @@ class watcher::wsgi::apache (
   $access_log_format           = false,
   $error_log_file              = undef,
   $custom_wsgi_process_options = {},
+  $headers                     = undef,
+  $request_headers             = undef,
 ) {
 
   include watcher::deps
@@ -148,6 +158,8 @@ class watcher::wsgi::apache (
     wsgi_script_dir             => $::watcher::params::watcher_wsgi_script_path,
     wsgi_script_file            => 'app',
     wsgi_script_source          => $::watcher::params::watcher_wsgi_script_source,
+    headers                     => $headers,
+    request_headers             => $request_headers,
     access_log_file             => $access_log_file,
     access_log_format           => $access_log_format,
     error_log_file              => $error_log_file,
diff --git a/releasenotes/notes/apache-headers-61aa1ceb5012239f.yaml b/releasenotes/notes/apache-headers-61aa1ceb5012239f.yaml
new file mode 100644
index 0000000..5880003
--- /dev/null
+++ b/releasenotes/notes/apache-headers-61aa1ceb5012239f.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    The ``watcher::wsgi::apache`` class now supports customizing
+    request/response headers added by apache.
diff --git a/spec/classes/watcher_wsgi_apache_spec.rb b/spec/classes/watcher_wsgi_apache_spec.rb
index 64be0cd..4e3e5d2 100644
--- a/spec/classes/watcher_wsgi_apache_spec.rb
+++ b/spec/classes/watcher_wsgi_apache_spec.rb
@@ -19,13 +19,15 @@ describe 'watcher::wsgi::apache' do
         :wsgi_script_dir             => platform_params[:wsgi_script_path],
         :wsgi_script_file            => 'app',
         :wsgi_script_source          => platform_params[:wsgi_script_source],
+        :headers                     => nil,
+        :request_headers             => nil,
         :access_log_file             => false,
         :access_log_format           => false,
         :custom_wsgi_process_options => {},
       )}
     end
 
-    context 'when overriding parameters using different ports' do
+    context 'when overriding parameters' do
       let :params do
         {
           :servername                  => 'dummy.host',
@@ -40,6 +42,8 @@ describe 'watcher::wsgi::apache' do
           :custom_wsgi_process_options => {
             'python_path' => '/my/python/path',
           },
+          :headers                     => ['set X-XSS-Protection "1; mode=block"'],
+          :request_headers             => ['set Content-Type "application/json"'],
         }
       end
       it { is_expected.to contain_class('watcher::params') }
@@ -59,6 +63,8 @@ describe 'watcher::wsgi::apache' do
         :wsgi_script_dir             => platform_params[:wsgi_script_path],
         :wsgi_script_file            => 'app',
         :wsgi_script_source          => platform_params[:wsgi_script_source],
+        :headers                     => ['set X-XSS-Protection "1; mode=block"'],
+        :request_headers             => ['set Content-Type "application/json"'],
         :access_log_file             => '/var/log/httpd/access_log',
         :access_log_format           => 'some format',
         :error_log_file              => '/var/log/httpd/error_log',