From da1de3aafcc85cc3c53ffab1b6f029303c81c553 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Harald=20Jens=C3=A5s?= <hjensas@redhat.com>
Date: Mon, 19 Nov 2018 23:21:44 +0100
Subject: [PATCH] Apache - Use net_cidr_map for proxy_ips

Change I68e064d23ec5d43f59146d974cae604d2c5fdb52 makes
NetCidrMapValue a list of ip networks.

Pass the list of cidr's from the ApacheNetwork entry in
the cidr map to 'apache::mod::remoteip::proxy_ips:'.

Partial: blueprint tripleo-routed-networks-templates
Change-Id: Ieb6aff9889136f0ccbec32e36b46140aa7826019
---
 puppet/services/apache.j2.yaml | 12 ++++--------
 tools/yaml-validate.py         |  3 +++
 2 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/puppet/services/apache.j2.yaml b/puppet/services/apache.j2.yaml
index fbdf3d3fcf..81a9baa2c9 100644
--- a/puppet/services/apache.j2.yaml
+++ b/puppet/services/apache.j2.yaml
@@ -90,17 +90,13 @@ outputs:
             apache::trace_enable: 'Off'
             apache::server_signature: 'Off'
             apache::server_tokens: 'Prod'
-            apache_remote_proxy_ips_network:
-              # TODO(hjensas): Replace with get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, ApacheNetwork]}
-              str_replace:
-                template:
-                  "%{hiera('$NETWORK_subnet')}"
-                params:
-                  $NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]}
             apache::mod::prefork::maxclients: { get_param: ApacheMaxRequestWorkers }
             apache::mod::prefork::serverlimit: { get_param: ApacheServerLimit }
             apache::mod::remoteip::proxy_ips:
-              - "%{hiera('apache_remote_proxy_ips_network')}"
+              get_param:
+                - ServiceData
+                - net_cidr_map
+                - {get_param: [ServiceNetMap, ApacheNetwork]}
           - if:
             - internal_tls_enabled
             -
diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py
index a8690a8e13..d1ff13e0b0 100755
--- a/tools/yaml-validate.py
+++ b/tools/yaml-validate.py
@@ -909,6 +909,9 @@ def validate_service_hiera_interpol(f, tpl):
             # Omit if external deploy tasks in the path
             if 'external_deploy_tasks' in path:
                 continue
+            # Omit apache remoteip proxy_ips
+            if 'apache::mod::remoteip::proxy_ips' in path:
+                continue
 
             # Omit if not a part of {get_param: [ServiceNetMap ...
             if not enter_lists and path[-1] != 'get_param':