diff --git a/.fixtures.yml b/.fixtures.yml
index 37bc6910f9..68ef109e1b 100644
--- a/.fixtures.yml
+++ b/.fixtures.yml
@@ -1,16 +1,13 @@
+---
fixtures:
repositories:
concat: "https://github.com/puppetlabs/puppetlabs-concat.git"
facts: 'https://github.com/puppetlabs/puppetlabs-facts.git'
portage: "https://github.com/gentoo/puppet-portage.git"
provision: 'https://github.com/puppetlabs/provision.git'
- puppet_agent:
- repo: 'https://github.com/puppetlabs/puppetlabs-puppet_agent.git'
- ref: v4.13.0
+ puppet_agent: 'https://github.com/puppetlabs/puppetlabs-puppet_agent.git'
stdlib: "https://github.com/puppetlabs/puppetlabs-stdlib.git"
- yumrepo_core:
- repo: "https://github.com/puppetlabs/puppetlabs-yumrepo_core.git"
- puppet_version: '>= 6.0.0'
+ yumrepo_core: "https://github.com/puppetlabs/puppetlabs-yumrepo_core.git"
symlinks:
apache: "#{source_dir}"
site_apache: "#{source_dir}/spec/fixtures/site_apache"
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index e6dd8d7bc0..93cd3406b7 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -10,12 +10,12 @@ jobs:
Spec:
uses: "puppetlabs/cat-github-actions/.github/workflows/module_ci.yml@main"
with:
- runs_on: "ubuntu-20.04"
+ runs_on: "ubuntu-24.04"
secrets: "inherit"
Acceptance:
needs: Spec
uses: "puppetlabs/cat-github-actions/.github/workflows/module_acceptance.yml@main"
with:
- runs_on: "ubuntu-20.04"
+ runs_on: "ubuntu-24.04"
secrets: "inherit"
diff --git a/.github/workflows/labeller.yml b/.github/workflows/labeller.yml
deleted file mode 100644
index ee149bf525..0000000000
--- a/.github/workflows/labeller.yml
+++ /dev/null
@@ -1,27 +0,0 @@
-name: Labeller
-
-on:
- issues:
- types:
- - opened
- - labeled
- - unlabeled
- pull_request_target:
- types:
- - opened
- - labeled
- - unlabeled
-
-jobs:
- label:
- runs-on: ubuntu-latest
- steps:
-
- - uses: puppetlabs/community-labeller@v1.0.1
- name: Label issues or pull requests
- with:
- label_name: community
- label_color: '5319e7'
- org_membership: puppetlabs
- fail_if_member: 'true'
- token: ${{ secrets.IAC_COMMUNITY_LABELER }}
diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index 8ea551fa5d..dddcf87b3b 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -9,13 +9,13 @@ jobs:
Spec:
uses: "puppetlabs/cat-github-actions/.github/workflows/module_ci.yml@main"
with:
- runs_on: "ubuntu-20.04"
+ runs_on: "ubuntu-24.04"
secrets: "inherit"
Acceptance:
needs: Spec
uses: "puppetlabs/cat-github-actions/.github/workflows/module_acceptance.yml@main"
with:
- runs_on: "ubuntu-20.04"
+ runs_on: "ubuntu-24.04"
secrets: "inherit"
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 0b7b8a05dd..4b3b80fc80 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -2,7 +2,7 @@ name: "Publish module"
on:
workflow_dispatch:
-
+
jobs:
release:
uses: "puppetlabs/cat-github-actions/.github/workflows/module_release.yml@main"
diff --git a/.gitignore b/.gitignore
index 3f1551212b..2803e566b5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -19,6 +19,7 @@
/spec/fixtures/modules/*
/tmp/
/vendor/
+/.vendor/
/convert_report.txt
/update_report.txt
.DS_Store
@@ -26,3 +27,9 @@
.envrc
/inventory.yaml
/spec/fixtures/litmus_inventory.yaml
+.resource_types
+.modules
+.task_cache.json
+.plan_cache.json
+.rerun.json
+bolt-debug.log
diff --git a/.pdkignore b/.pdkignore
index 862847a72c..84684be63f 100644
--- a/.pdkignore
+++ b/.pdkignore
@@ -19,6 +19,7 @@
/spec/fixtures/modules/*
/tmp/
/vendor/
+/.vendor/
/convert_report.txt
/update_report.txt
.DS_Store
@@ -26,6 +27,12 @@
.envrc
/inventory.yaml
/spec/fixtures/litmus_inventory.yaml
+.resource_types
+.modules
+.task_cache.json
+.plan_cache.json
+.rerun.json
+bolt-debug.log
/.fixtures.yml
/Gemfile
/.gitattributes
diff --git a/.rubocop.yml b/.rubocop.yml
index 7a66e08331..439ea84ee8 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -5,7 +5,7 @@ require:
AllCops:
NewCops: enable
DisplayCopNames: true
- TargetRubyVersion: '2.7'
+ TargetRubyVersion: '2.6'
Include:
- "**/*.rb"
Exclude:
@@ -529,6 +529,8 @@ Lint/DuplicateBranch:
Enabled: false
Lint/DuplicateMagicComment:
Enabled: false
+Lint/DuplicateMatchPattern:
+ Enabled: false
Lint/DuplicateRegexpCharacterClassElement:
Enabled: false
Lint/EmptyBlock:
@@ -645,6 +647,8 @@ Style/ComparableClamp:
Enabled: false
Style/ConcatArrayLiterals:
Enabled: false
+Style/DataInheritance:
+ Enabled: false
Style/DirEmpty:
Enabled: false
Style/DocumentDynamicEvalDefinition:
@@ -713,6 +717,8 @@ Style/RedundantHeredocDelimiterQuotes:
Enabled: false
Style/RedundantInitialize:
Enabled: false
+Style/RedundantLineContinuation:
+ Enabled: false
Style/RedundantSelfAssignmentBranch:
Enabled: false
Style/RedundantStringEscape:
diff --git a/.sync.yml b/.sync.yml
index 44bb97480d..02b5c19ca4 100644
--- a/.sync.yml
+++ b/.sync.yml
@@ -6,11 +6,6 @@
appveyor.yml:
delete: true
-Gemfile:
- optional:
- ":development":
- - gem: github_changelog_generator
- version: '= 1.15.2'
spec/spec_helper.rb:
mock_with: ":rspec"
coverage_report: true
diff --git a/.vscode/extensions.json b/.vscode/extensions.json
index 2f1e4f73a5..6da8d472f8 100644
--- a/.vscode/extensions.json
+++ b/.vscode/extensions.json
@@ -1,6 +1,6 @@
{
"recommendations": [
"puppet.puppet-vscode",
- "rebornix.Ruby"
+ "Shopify.ruby-lsp"
]
}
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1d2c086065..083cf00f1d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,103 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org).
+## [v12.3.1](https://github.com/puppetlabs/puppetlabs-apache/tree/v12.3.1) - 2025-03-31
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v12.3.0...v12.3.1)
+
+### Fixed
+
+- Install mod_http2 on EL if required [#2593](https://github.com/puppetlabs/puppetlabs-apache/pull/2593) ([ekohl](https://github.com/ekohl))
+
+## [v12.3.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v12.3.0) - 2025-03-05
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v12.2.0...v12.3.0)
+
+### Added
+
+- Allow configuring RemoteIPProxyProtocol at VHost level [#2582](https://github.com/puppetlabs/puppetlabs-apache/pull/2582) ([smortex](https://github.com/smortex))
+- (CAT-2100) Add Debian 12 support [#2572](https://github.com/puppetlabs/puppetlabs-apache/pull/2572) ([shubhamshinde360](https://github.com/shubhamshinde360))
+- Feature: Allow to set the verbosity of the debug [#2523](https://github.com/puppetlabs/puppetlabs-apache/pull/2523) ([JGodin-C2C](https://github.com/JGodin-C2C))
+
+### Fixed
+
+- (CAT-2158) Upgrade rexml to address CVE-2024-49761 [#2579](https://github.com/puppetlabs/puppetlabs-apache/pull/2579) ([amitkarsale](https://github.com/amitkarsale))
+- Update types/oidcsettings UserInfoRefreshInterval to allow Integers again [#2578](https://github.com/puppetlabs/puppetlabs-apache/pull/2578) ([gcoxmoz](https://github.com/gcoxmoz))
+
+### Other
+
+- Fix mod_headers load for headers in directory #2590 [#2591](https://github.com/puppetlabs/puppetlabs-apache/pull/2591) ([uoe-pjackson](https://github.com/uoe-pjackson))
+- Adding ModSecurity parameter for audit log format. [#2583](https://github.com/puppetlabs/puppetlabs-apache/pull/2583) ([Tamerz](https://github.com/Tamerz))
+
+## [v12.2.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v12.2.0) - 2024-10-23
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v12.1.0...v12.2.0)
+
+### Added
+
+- Update config parameters to match latest OIDC release and fix typos. … [#2569](https://github.com/puppetlabs/puppetlabs-apache/pull/2569) ([uoe-pjackson](https://github.com/uoe-pjackson))
+- add XForwardedHeaders for oidc_settings [#2541](https://github.com/puppetlabs/puppetlabs-apache/pull/2541) ([trefzer](https://github.com/trefzer))
+- Added cache_disk [#2521](https://github.com/puppetlabs/puppetlabs-apache/pull/2521) ([dploeger](https://github.com/dploeger))
+
+### Fixed
+
+- Fix apache2-mod_php7 not found for SLES-15 [#2568](https://github.com/puppetlabs/puppetlabs-apache/pull/2568) ([Harvey2504](https://github.com/Harvey2504))
+- Add missing brackets for function call [#2540](https://github.com/puppetlabs/puppetlabs-apache/pull/2540) ([gerlingsm](https://github.com/gerlingsm))
+
+## [v12.1.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v12.1.0) - 2024-04-03
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v12.0.3...v12.1.0)
+
+### Added
+
+- vhost: Allow customizing show_diff [#2536](https://github.com/puppetlabs/puppetlabs-apache/pull/2536) ([kajinamit](https://github.com/kajinamit))
+
+### Fixed
+
+- Stop managing mime support package on Debian [#2526](https://github.com/puppetlabs/puppetlabs-apache/pull/2526) ([jcharaoui](https://github.com/jcharaoui))
+
+## [v12.0.3](https://github.com/puppetlabs/puppetlabs-apache/tree/v12.0.3) - 2024-03-02
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v12.0.2...v12.0.3)
+
+### Fixed
+
+- Fix `mod_auth_openidc` parameters [#2525](https://github.com/puppetlabs/puppetlabs-apache/pull/2525) ([smortex](https://github.com/smortex))
+
+## [v12.0.2](https://github.com/puppetlabs/puppetlabs-apache/tree/v12.0.2) - 2024-01-10
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v12.0.1...v12.0.2)
+
+### Fixed
+
+- Correct handling of $serveraliases as string [#2518](https://github.com/puppetlabs/puppetlabs-apache/pull/2518) ([ekohl](https://github.com/ekohl))
+
+## [v12.0.1](https://github.com/puppetlabs/puppetlabs-apache/tree/v12.0.1) - 2024-01-03
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v12.0.0...v12.0.1)
+
+### Fixed
+
+- Fix use_canonical_name directive [#2515](https://github.com/puppetlabs/puppetlabs-apache/pull/2515) ([pebtron](https://github.com/pebtron))
+- Fix extra newline at end of headers [#2514](https://github.com/puppetlabs/puppetlabs-apache/pull/2514) ([smortex](https://github.com/smortex))
+
+## [v12.0.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v12.0.0) - 2024-01-01
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v11.1.0...v12.0.0)
+
+### Changed
+
+- Drop EoL Debian 9 and older code [#2479](https://github.com/puppetlabs/puppetlabs-apache/pull/2479) ([bastelfreak](https://github.com/bastelfreak))
+
+### Added
+
+- `apache::vhost::directories`: switch default from `undef` to empty array [#2507](https://github.com/puppetlabs/puppetlabs-apache/pull/2507) ([bastelfreak](https://github.com/bastelfreak))
+- Add `AllowOverrideList` support [#2486](https://github.com/puppetlabs/puppetlabs-apache/pull/2486) ([yakatz](https://github.com/yakatz))
+
+### Fixed
+
+- Remove useless notice [#2494](https://github.com/puppetlabs/puppetlabs-apache/pull/2494) ([smortex](https://github.com/smortex))
+
## [v11.1.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v11.1.0) - 2023-09-25
[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v11.0.0...v11.1.0)
@@ -21,6 +118,13 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a
[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v10.1.1...v11.0.0)
+### Changed
+
+- (CAT-1449) - Remove deprecated parameters for scriptaliases & passenger [#2470](https://github.com/puppetlabs/puppetlabs-apache/pull/2470) ([Ramesh7](https://github.com/Ramesh7))
+- Remove deprecated classes [#2466](https://github.com/puppetlabs/puppetlabs-apache/pull/2466) ([ekohl](https://github.com/ekohl))
+- Remove deprecated parameters from mod::userdir [#2465](https://github.com/puppetlabs/puppetlabs-apache/pull/2465) ([ekohl](https://github.com/ekohl))
+- (CAT-1424)-Removal of redhat/scientific/oraclelinux 6 for apache module [#2462](https://github.com/puppetlabs/puppetlabs-apache/pull/2462) ([praj1001](https://github.com/praj1001))
+
### Added
- (CAT-1417) Nested require support for authz_core mod [#2460](https://github.com/puppetlabs/puppetlabs-apache/pull/2460) ([Ramesh7](https://github.com/Ramesh7))
@@ -29,15 +133,9 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a
- (CAT-1283) - Enable forensic module [#2442](https://github.com/puppetlabs/puppetlabs-apache/pull/2442) ([Ramesh7](https://github.com/Ramesh7))
- (CAT-1281) - Support to add cipher with respective ssl protocol [#2440](https://github.com/puppetlabs/puppetlabs-apache/pull/2440) ([Ramesh7](https://github.com/Ramesh7))
- feat: add Debian12 Compability [#2439](https://github.com/puppetlabs/puppetlabs-apache/pull/2439) ([Robnarok](https://github.com/Robnarok))
-- Add MellonSetEnv support [#2423](https://github.com/puppetlabs/puppetlabs-apache/pull/2423) ([ic248](https://github.com/ic248))
+- Add MellonSetEnv support [#2423](https://github.com/puppetlabs/puppetlabs-apache/pull/2423) ([](https://github.com/))
- Add the missing mod_authnz_ldap parameters [#2404](https://github.com/puppetlabs/puppetlabs-apache/pull/2404) ([chutzimir](https://github.com/chutzimir))
-### Changed
-- (CAT-1449) - Remove deprecated parameters for scriptaliases & passenger [#2470](https://github.com/puppetlabs/puppetlabs-apache/pull/2470) ([Ramesh7](https://github.com/Ramesh7))
-- Remove deprecated classes [#2466](https://github.com/puppetlabs/puppetlabs-apache/pull/2466) ([ekohl](https://github.com/ekohl))
-- Remove deprecated parameters from mod::userdir [#2465](https://github.com/puppetlabs/puppetlabs-apache/pull/2465) ([ekohl](https://github.com/ekohl))
-- (CAT-1424)-Removal of redhat/scientific/oraclelinux 6 for apache module [#2462](https://github.com/puppetlabs/puppetlabs-apache/pull/2462) ([praj1001](https://github.com/praj1001))
-
### Fixed
- (CAT-1308) Making mod list more restrictive and minor improvements in documentation for default mods override [#2459](https://github.com/puppetlabs/puppetlabs-apache/pull/2459) ([Ramesh7](https://github.com/Ramesh7))
@@ -80,6 +178,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a
[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v9.1.3...v10.0.0)
### Changed
+
- (CONT-772) Puppet 8 support / Drop Puppet 6 [#2405](https://github.com/puppetlabs/puppetlabs-apache/pull/2405) ([LukasAud](https://github.com/LukasAud))
## [v9.1.3](https://github.com/puppetlabs/puppetlabs-apache/tree/v9.1.3) - 2023-04-20
@@ -139,6 +238,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a
[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v8.6.0...v9.0.0)
### Changed
+
- (GH-2291) Further refine types [#2359](https://github.com/puppetlabs/puppetlabs-apache/pull/2359) ([david22swan](https://github.com/david22swan))
- Drop deprecated a2mod type/providers [#2350](https://github.com/puppetlabs/puppetlabs-apache/pull/2350) ([bastelfreak](https://github.com/bastelfreak))
- Drop Apache 2.2 support [#2329](https://github.com/puppetlabs/puppetlabs-apache/pull/2329) ([ekohl](https://github.com/ekohl))
@@ -245,6 +345,18 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a
[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v7.0.0...v8.0.0)
+### Changed
+
+- Drop mod_fastcgi support [#2267](https://github.com/puppetlabs/puppetlabs-apache/pull/2267) ([ekohl](https://github.com/ekohl))
+- Drop suphp support [#2263](https://github.com/puppetlabs/puppetlabs-apache/pull/2263) ([ekohl](https://github.com/ekohl))
+- Use a stricter data type on apache::vhost::aliases [#2253](https://github.com/puppetlabs/puppetlabs-apache/pull/2253) ([ekohl](https://github.com/ekohl))
+- Narrow down Datatypes [#2245](https://github.com/puppetlabs/puppetlabs-apache/pull/2245) ([cocker-cc](https://github.com/cocker-cc))
+- (GH-cat-9) Update module to match current syntax standard [#2235](https://github.com/puppetlabs/puppetlabs-apache/pull/2235) ([david22swan](https://github.com/david22swan))
+- Drop Apache 2.0 compatibility code [#2226](https://github.com/puppetlabs/puppetlabs-apache/pull/2226) ([ekohl](https://github.com/ekohl))
+- (GH-iac-334) Remove code specific to unsupported OSs [#2223](https://github.com/puppetlabs/puppetlabs-apache/pull/2223) ([david22swan](https://github.com/david22swan))
+- Remove warnings and plans to change vhost default naming [#2202](https://github.com/puppetlabs/puppetlabs-apache/pull/2202) ([ekohl](https://github.com/ekohl))
+- Update modsec crs config and template [#2197](https://github.com/puppetlabs/puppetlabs-apache/pull/2197) ([henkworks](https://github.com/henkworks))
+
### Added
- Allow overriding CRS allowed HTTP methods per vhost [#2274](https://github.com/puppetlabs/puppetlabs-apache/pull/2274) ([Vincevrp](https://github.com/Vincevrp))
@@ -263,17 +375,6 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a
- Add support for setting UserDir in Virual Hosts [#2192](https://github.com/puppetlabs/puppetlabs-apache/pull/2192) ([smortex](https://github.com/smortex))
- Add an apache::vhost::proxy define [#2169](https://github.com/puppetlabs/puppetlabs-apache/pull/2169) ([wbclark](https://github.com/wbclark))
-### Changed
-- Drop mod_fastcgi support [#2267](https://github.com/puppetlabs/puppetlabs-apache/pull/2267) ([ekohl](https://github.com/ekohl))
-- Drop suphp support [#2263](https://github.com/puppetlabs/puppetlabs-apache/pull/2263) ([ekohl](https://github.com/ekohl))
-- Use a stricter data type on apache::vhost::aliases [#2253](https://github.com/puppetlabs/puppetlabs-apache/pull/2253) ([ekohl](https://github.com/ekohl))
-- Narrow down Datatypes [#2245](https://github.com/puppetlabs/puppetlabs-apache/pull/2245) ([cocker-cc](https://github.com/cocker-cc))
-- (GH-cat-9) Update module to match current syntax standard [#2235](https://github.com/puppetlabs/puppetlabs-apache/pull/2235) ([david22swan](https://github.com/david22swan))
-- Drop Apache 2.0 compatibility code [#2226](https://github.com/puppetlabs/puppetlabs-apache/pull/2226) ([ekohl](https://github.com/ekohl))
-- (GH-iac-334) Remove code specific to unsupported OSs [#2223](https://github.com/puppetlabs/puppetlabs-apache/pull/2223) ([david22swan](https://github.com/david22swan))
-- Remove warnings and plans to change vhost default naming [#2202](https://github.com/puppetlabs/puppetlabs-apache/pull/2202) ([ekohl](https://github.com/ekohl))
-- Update modsec crs config and template [#2197](https://github.com/puppetlabs/puppetlabs-apache/pull/2197) ([henkworks](https://github.com/henkworks))
-
### Fixed
- Disable mod_php on EL9 [#2277](https://github.com/puppetlabs/puppetlabs-apache/pull/2277) ([ekohl](https://github.com/ekohl))
@@ -292,15 +393,16 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a
[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v6.5.1...v7.0.0)
+### Changed
+
+- Drop Debian < 8 and Ubuntu < 14.04 code [#2189](https://github.com/puppetlabs/puppetlabs-apache/pull/2189) ([ekohl](https://github.com/ekohl))
+- Drop support and compatibility for Debian < 9 and Ubuntu < 16.04 [#2123](https://github.com/puppetlabs/puppetlabs-apache/pull/2123) ([ekohl](https://github.com/ekohl))
+
### Added
- pdksync - (IAC-1751) - Add Support for Rocky 8 [#2196](https://github.com/puppetlabs/puppetlabs-apache/pull/2196) ([david22swan](https://github.com/david22swan))
- Allow `docroot` with `mod_vhost_alias` `virtual_docroot` [#2195](https://github.com/puppetlabs/puppetlabs-apache/pull/2195) ([yakatz](https://github.com/yakatz))
-### Changed
-- Drop Debian < 8 and Ubuntu < 14.04 code [#2189](https://github.com/puppetlabs/puppetlabs-apache/pull/2189) ([ekohl](https://github.com/ekohl))
-- Drop support and compatibility for Debian < 9 and Ubuntu < 16.04 [#2123](https://github.com/puppetlabs/puppetlabs-apache/pull/2123) ([ekohl](https://github.com/ekohl))
-
### Fixed
- Restore Ubuntu 14.04 support in suphp [#2193](https://github.com/puppetlabs/puppetlabs-apache/pull/2193) ([ekohl](https://github.com/ekohl))
@@ -390,6 +492,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a
[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v5.10.0...v6.0.0)
### Changed
+
- pdksync - (MAINT) Remove SLES 11 support [#2132](https://github.com/puppetlabs/puppetlabs-apache/pull/2132) ([sanfrancrisko](https://github.com/sanfrancrisko))
- pdksync - Remove Puppet 5 from testing and bump minimal version to 6.0.0 [#2125](https://github.com/puppetlabs/puppetlabs-apache/pull/2125) ([carabasdaniel](https://github.com/carabasdaniel))
@@ -568,17 +671,18 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a
[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/4.1.0...v5.0.0)
+### Changed
+
+- pdksync - (MODULES-8444) - Raise lower Puppet bound [#1908](https://github.com/puppetlabs/puppetlabs-apache/pull/1908) ([david22swan](https://github.com/david22swan))
+
### Added
- (FM-7923) Implement Puppet Strings [#1916](https://github.com/puppetlabs/puppetlabs-apache/pull/1916) ([eimlav](https://github.com/eimlav))
- Define SCL package name for mod_ldap [#1893](https://github.com/puppetlabs/puppetlabs-apache/pull/1893) ([treydock](https://github.com/treydock))
-### Changed
-- pdksync - (MODULES-8444) - Raise lower Puppet bound [#1908](https://github.com/puppetlabs/puppetlabs-apache/pull/1908) ([david22swan](https://github.com/david22swan))
-
### Fixed
-- (MODULES-9014) Improve SSLSessionTickets handling [#1923](https://github.com/puppetlabs/puppetlabs-apache/pull/1923) ([FredericLespez](https://github.com/FredericLespez))
+- (MODULES-9014) Improve SSLSessionTickets handling [#1923](https://github.com/puppetlabs/puppetlabs-apache/pull/1923) ([FredL69](https://github.com/FredL69))
- (MODULES-8931) Fix stahnma/epel failures [#1914](https://github.com/puppetlabs/puppetlabs-apache/pull/1914) ([eimlav](https://github.com/eimlav))
- Fix wsgi_daemon_process to support hash data type [#1884](https://github.com/puppetlabs/puppetlabs-apache/pull/1884) ([mdechiaro](https://github.com/mdechiaro))
@@ -606,13 +710,14 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a
[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/3.5.0...4.0.0)
+### Changed
+
+- default server_tokens to prod - more secure default [#1746](https://github.com/puppetlabs/puppetlabs-apache/pull/1746) ([juju4](https://github.com/juju4))
+
### Added
- (Modules 8141/Modules 8379) - Addition of support for SLES 15 [#1862](https://github.com/puppetlabs/puppetlabs-apache/pull/1862) ([david22swan](https://github.com/david22swan))
-### Changed
-- default server_tokens to prod - more secure default [#1746](https://github.com/puppetlabs/puppetlabs-apache/pull/1746) ([juju4](https://github.com/juju4))
-
### Fixed
- (MODULES-5990) - conf-enabled defaulted to undef [#1869](https://github.com/puppetlabs/puppetlabs-apache/pull/1869) ([david22swan](https://github.com/david22swan))
@@ -755,6 +860,12 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a
[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/1.11.0...2.0.0)
+### Changed
+
+- MODULES-4824: Update the version compatibility to >= 4.7.0 < 5.0.0 [#1628](https://github.com/puppetlabs/puppetlabs-apache/pull/1628) ([angrox](https://github.com/angrox))
+- Migrate to puppet4 datatypes [#1621](https://github.com/puppetlabs/puppetlabs-apache/pull/1621) ([bastelfreak](https://github.com/bastelfreak))
+- Set default keepalive to On [#1434](https://github.com/puppetlabs/puppetlabs-apache/pull/1434) ([sathieu](https://github.com/sathieu))
+
### Added
- (MODULES-4933) Allow custom UserDir string [#1650](https://github.com/puppetlabs/puppetlabs-apache/pull/1650) ([hunner](https://github.com/hunner))
@@ -786,11 +897,6 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a
- (MODULES-4156) adds RequestHeader directive to vhost template #puppethack [#1573](https://github.com/puppetlabs/puppetlabs-apache/pull/1573) ([eputnam](https://github.com/eputnam))
- add passenger_max_requests option per vhost [#1517](https://github.com/puppetlabs/puppetlabs-apache/pull/1517) ([pulecp](https://github.com/pulecp))
-### Changed
-- MODULES-4824: Update the version compatibility to >= 4.7.0 < 5.0.0 [#1628](https://github.com/puppetlabs/puppetlabs-apache/pull/1628) ([angrox](https://github.com/angrox))
-- Migrate to puppet4 datatypes [#1621](https://github.com/puppetlabs/puppetlabs-apache/pull/1621) ([bastelfreak](https://github.com/bastelfreak))
-- Set default keepalive to On [#1434](https://github.com/puppetlabs/puppetlabs-apache/pull/1434) ([sathieu](https://github.com/sathieu))
-
### Fixed
- Ensure that ProxyPreserveHost is set even when ProxyPass (etc) are not. [#1639](https://github.com/puppetlabs/puppetlabs-apache/pull/1639) ([tpdownes](https://github.com/tpdownes))
@@ -1033,7 +1139,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a
### Added
- Add support for changing mod_nss listen port (vol 2) [#1260](https://github.com/puppetlabs/puppetlabs-apache/pull/1260) ([rexcze-zz](https://github.com/rexcze-zz))
-- (MODULES-2811) Add missing helper lines to spec files [#1256](https://github.com/puppetlabs/puppetlabs-apache/pull/1256) ([alexharv074](https://github.com/alexharv074))
+- (MODULES-2811) Add missing helper lines to spec files [#1256](https://github.com/puppetlabs/puppetlabs-apache/pull/1256) ([alex-harvey-z3q](https://github.com/alex-harvey-z3q))
- Add missing parameters in mod_auth_kerb [#1255](https://github.com/puppetlabs/puppetlabs-apache/pull/1255) ([olivierHa](https://github.com/olivierHa))
- (MODULES-2764) Enclose IPv6 addresses in square brackets [#1248](https://github.com/puppetlabs/puppetlabs-apache/pull/1248) ([Benedikt1992](https://github.com/Benedikt1992))
- (MODULES-2757) Adding if around ServerName in template [#1237](https://github.com/puppetlabs/puppetlabs-apache/pull/1237) ([damonconway](https://github.com/damonconway))
@@ -1065,8 +1171,8 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a
### Fixed
-- (MODULES-2813) Fix deprecation warning in spec_helper.rb [#1258](https://github.com/puppetlabs/puppetlabs-apache/pull/1258) ([alexharv074](https://github.com/alexharv074))
-- (MODULES-2812) Fix deprecation warning in service_spec.rb [#1257](https://github.com/puppetlabs/puppetlabs-apache/pull/1257) ([alexharv074](https://github.com/alexharv074))
+- (MODULES-2813) Fix deprecation warning in spec_helper.rb [#1258](https://github.com/puppetlabs/puppetlabs-apache/pull/1258) ([alex-harvey-z3q](https://github.com/alex-harvey-z3q))
+- (MODULES-2812) Fix deprecation warning in service_spec.rb [#1257](https://github.com/puppetlabs/puppetlabs-apache/pull/1257) ([alex-harvey-z3q](https://github.com/alex-harvey-z3q))
- Fix typo about dynamic AddHandler/AddType [#1254](https://github.com/puppetlabs/puppetlabs-apache/pull/1254) ([olivierHa](https://github.com/olivierHa))
- reduce constraints on regex to fix pe tests [#1231](https://github.com/puppetlabs/puppetlabs-apache/pull/1231) ([tphoney](https://github.com/tphoney))
- Fix ordering issue with conf_file and ports_file [#1230](https://github.com/puppetlabs/puppetlabs-apache/pull/1230) ([MasonM](https://github.com/MasonM))
@@ -1400,6 +1506,11 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a
[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/0.11.0...1.0.0)
+### Changed
+
+- Metadata [#661](https://github.com/puppetlabs/puppetlabs-apache/pull/661) ([apenney](https://github.com/apenney))
+- Apache2.4 support [#552](https://github.com/puppetlabs/puppetlabs-apache/pull/552) ([scottasmith](https://github.com/scottasmith))
+
### Added
- Modifying hierarchy of the Version/Params to fix AWS AMI [#651](https://github.com/puppetlabs/puppetlabs-apache/pull/651) ([jrnt30](https://github.com/jrnt30))
@@ -1411,10 +1522,6 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a
- Ensure socache_shmcb is enabled on all Apache 2.4 OSes [#612](https://github.com/puppetlabs/puppetlabs-apache/pull/612) ([domcleal](https://github.com/domcleal))
- Add WSGIApplicationGroup and WSGIImportScript directives [#606](https://github.com/puppetlabs/puppetlabs-apache/pull/606) ([bodgit](https://github.com/bodgit))
-### Changed
-- Metadata [#661](https://github.com/puppetlabs/puppetlabs-apache/pull/661) ([apenney](https://github.com/apenney))
-- Apache2.4 support [#552](https://github.com/puppetlabs/puppetlabs-apache/pull/552) ([scottasmith](https://github.com/scottasmith))
-
### Fixed
- Add in missing fields to work around a Puppet bug. [#663](https://github.com/puppetlabs/puppetlabs-apache/pull/663) ([apenney](https://github.com/apenney))
@@ -1613,6 +1720,10 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a
[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/0.6.0...0.7.0)
+### Changed
+
+- Refactor module [#182](https://github.com/puppetlabs/puppetlabs-apache/pull/182) ([hunner](https://github.com/hunner))
+
### Added
- Added an 'h' in a typo on default_ssl_vost [#243](https://github.com/puppetlabs/puppetlabs-apache/pull/243) ([Wesseldr](https://github.com/Wesseldr))
@@ -1638,9 +1749,6 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a
- Added apache::mod::rewrite class. [#128](https://github.com/puppetlabs/puppetlabs-apache/pull/128) ([Stubbs](https://github.com/Stubbs))
- Added apache::mod::shib to configure Shibboleth Service Providers [#96](https://github.com/puppetlabs/puppetlabs-apache/pull/96) ([Aethylred](https://github.com/Aethylred))
-### Changed
-- Refactor module [#182](https://github.com/puppetlabs/puppetlabs-apache/pull/182) ([hunner](https://github.com/hunner))
-
### Fixed
- Fix directories template fragment [#233](https://github.com/puppetlabs/puppetlabs-apache/pull/233) ([hunner](https://github.com/hunner))
diff --git a/Gemfile b/Gemfile
index 86e337adbc..539f0765d1 100644
--- a/Gemfile
+++ b/Gemfile
@@ -20,30 +20,31 @@ group :development do
gem "json", '= 2.6.1', require: false if Gem::Requirement.create(['>= 3.1.0', '< 3.1.3']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
gem "json", '= 2.6.3', require: false if Gem::Requirement.create(['>= 3.2.0', '< 4.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
gem "racc", '~> 1.4.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
+ gem "deep_merge", '~> 1.2.2', require: false
gem "voxpupuli-puppet-lint-plugins", '~> 5.0', require: false
- gem "facterdb", '~> 1.18', require: false
- gem "metadata-json-lint", '~> 3.0', require: false
+ gem "facterdb", '~> 1.18', require: false
+ gem "metadata-json-lint", '~> 4.0', require: false
gem "rspec-puppet-facts", '~> 2.0', require: false
- gem "codecov", '~> 0.2', require: false
gem "dependency_checker", '~> 1.0.0', require: false
gem "parallel_tests", '= 3.12.1', require: false
gem "pry", '~> 0.10', require: false
- gem "simplecov-console", '~> 0.5', require: false
+ gem "simplecov-console", '~> 0.9', require: false
gem "puppet-debugger", '~> 1.0', require: false
- gem "rubocop", '= 1.48.1', require: false
+ gem "rubocop", '~> 1.50.0', require: false
gem "rubocop-performance", '= 1.16.0', require: false
gem "rubocop-rspec", '= 2.19.0', require: false
gem "rb-readline", '= 0.5.5', require: false, platforms: [:mswin, :mingw, :x64_mingw]
- gem "github_changelog_generator", '= 1.15.2', require: false
+ gem "rexml", '>= 3.3.9', require: false
end
-group :system_tests do
- gem "puppet_litmus", '~> 1.0', require: false, platforms: [:ruby, :x64_mingw]
- gem "serverspec", '~> 2.41', require: false
-end
-group :release_prep do
+group :development, :release_prep do
gem "puppet-strings", '~> 4.0', require: false
gem "puppetlabs_spec_helper", '~> 7.0', require: false
end
+group :system_tests do
+ gem "puppet_litmus", '~> 1.0', require: false, platforms: [:ruby, :x64_mingw]
+ gem "CFPropertyList", '< 3.0.7', require: false, platforms: [:mswin, :mingw, :x64_mingw]
+ gem "serverspec", '~> 2.41', require: false
+end
puppet_version = ENV['PUPPET_GEM_VERSION']
facter_version = ENV['FACTER_GEM_VERSION']
diff --git a/README.md b/README.md
index 6119fb6983..703fe1a34b 100644
--- a/README.md
+++ b/README.md
@@ -21,6 +21,8 @@
[Limitations]: #limitations
+[License]: #license
+
[Development]: #development
[`AddDefaultCharset`]: https://httpd.apache.org/docs/current/mod/core.html#adddefaultcharset
@@ -861,6 +863,7 @@ COVERAGE=yes bundle exec rake parallel_spec
Acceptance tests for this module leverage [puppet_litmus](https://github.com/puppetlabs/puppet_litmus).
To run the acceptance tests follow the instructions [here](https://puppetlabs.github.io/litmus/Running-acceptance-tests.html). You can also find a tutorial and walkthrough of using Litmus and the PDK on [YouTube](https://www.youtube.com/watch?v=FYfR7ZEGHoE).
+
## License
This codebase is licensed under the Apache2.0 licensing, however due to the nature of the codebase the open source dependencies may also use a combination of [AGPL](https://opensource.org/license/agpl-v3/), [BSD-2](https://opensource.org/license/bsd-2-clause/), [BSD-3](https://opensource.org/license/bsd-3-clause/), [GPL2.0](https://opensource.org/license/gpl-2-0/), [LGPL](https://opensource.org/license/lgpl-3-0/), [MIT](https://opensource.org/license/mit/) and [MPL](https://opensource.org/license/mpl-2-0/) Licensing.
diff --git a/REFERENCE.md b/REFERENCE.md
index ba80e4391b..76106a38a1 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -29,6 +29,7 @@
* [`apache::mod::authz_user`](#apache--mod--authz_user): Installs `mod_authz_user`
* [`apache::mod::autoindex`](#apache--mod--autoindex): Installs `mod_autoindex`
* [`apache::mod::cache`](#apache--mod--cache): Installs `mod_cache`
+* [`apache::mod::cache_disk`](#apache--mod--cache_disk): Installs and configures `mod_cache_disk`.
* [`apache::mod::cgi`](#apache--mod--cgi): Installs `mod_cgi`.
* [`apache::mod::cgid`](#apache--mod--cgid): Installs `mod_cgid`.
* [`apache::mod::cluster`](#apache--mod--cluster): Installs `mod_cluster`.
@@ -1791,6 +1792,153 @@ Installs `mod_cache`
* https://httpd.apache.org/docs/current/mod/mod_cache.html
* for additional documentation.
+#### Parameters
+
+The following parameters are available in the `apache::mod::cache` class:
+
+* [`cache_ignore_headers`](#-apache--mod--cache--cache_ignore_headers)
+* [`cache_default_expire`](#-apache--mod--cache--cache_default_expire)
+* [`cache_max_expire`](#-apache--mod--cache--cache_max_expire)
+* [`cache_ignore_no_lastmod`](#-apache--mod--cache--cache_ignore_no_lastmod)
+* [`cache_header`](#-apache--mod--cache--cache_header)
+* [`cache_lock`](#-apache--mod--cache--cache_lock)
+* [`cache_ignore_cache_control`](#-apache--mod--cache--cache_ignore_cache_control)
+
+##### `cache_ignore_headers`
+
+Data type: `Array[String[1]]`
+
+Specifies HTTP header(s) that should not be stored in the cache.
+
+Default value: `[]`
+
+##### `cache_default_expire`
+
+Data type: `Optional[Integer]`
+
+The default duration to cache a document when no expiry date is specified.
+
+Default value: `undef`
+
+##### `cache_max_expire`
+
+Data type: `Optional[Integer]`
+
+The maximum time in seconds to cache a document
+
+Default value: `undef`
+
+##### `cache_ignore_no_lastmod`
+
+Data type: `Optional[Apache::OnOff]`
+
+Ignore the fact that a response has no Last Modified header.
+
+Default value: `undef`
+
+##### `cache_header`
+
+Data type: `Optional[Apache::OnOff]`
+
+Add an X-Cache header to the response.
+
+Default value: `undef`
+
+##### `cache_lock`
+
+Data type: `Optional[Apache::OnOff]`
+
+Enable the thundering herd lock.
+
+Default value: `undef`
+
+##### `cache_ignore_cache_control`
+
+Data type: `Optional[Apache::OnOff]`
+
+Ignore request to not serve cached content to client
+
+Default value: `undef`
+
+### `apache::mod::cache_disk`
+
+Installs and configures `mod_cache_disk`.
+
+* **See also**
+ * https://httpd.apache.org/docs/2.4/mod/mod_cache_disk.html
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::cache_disk` class:
+
+* [`cache_root`](#-apache--mod--cache_disk--cache_root)
+* [`cache_enable`](#-apache--mod--cache_disk--cache_enable)
+* [`cache_dir_length`](#-apache--mod--cache_disk--cache_dir_length)
+* [`cache_dir_levels`](#-apache--mod--cache_disk--cache_dir_levels)
+* [`cache_max_filesize`](#-apache--mod--cache_disk--cache_max_filesize)
+* [`cache_ignore_headers`](#-apache--mod--cache_disk--cache_ignore_headers)
+* [`configuration_file_name`](#-apache--mod--cache_disk--configuration_file_name)
+
+##### `cache_root`
+
+Data type: `Optional[Stdlib::Absolutepath]`
+
+Defines the name of the directory on the disk to contain cache files.
+Default depends on the Apache version and operating system:
+- Debian: /var/cache/apache2/mod_cache_disk
+- FreeBSD: /var/cache/mod_cache_disk
+- Red Hat: /var/cache/httpd/proxy
+
+Default value: `undef`
+
+##### `cache_enable`
+
+Data type: `Array[String]`
+
+Defines an array of directories to cache, the default is none
+
+Default value: `[]`
+
+##### `cache_dir_length`
+
+Data type: `Optional[Integer]`
+
+The number of characters in subdirectory names
+
+Default value: `undef`
+
+##### `cache_dir_levels`
+
+Data type: `Optional[Integer]`
+
+The number of levels of subdirectories in the cache.
+
+Default value: `undef`
+
+##### `cache_max_filesize`
+
+Data type: `Optional[Integer]`
+
+The maximum size (in bytes) of a document to be placed in the cache
+
+Default value: `undef`
+
+##### `cache_ignore_headers`
+
+Data type: `Optional[String]`
+
+DEPRECATED Ignore request to not serve cached content to client (included for compatibility reasons to support disk_cache)
+
+Default value: `undef`
+
+##### `configuration_file_name`
+
+Data type: `Optional[String]`
+
+DEPRECATED Name of module configuration file (used for the compatibility layer for disk_cache)
+
+Default value: `undef`
+
### `apache::mod::cgi`
Installs `mod_cgi`.
@@ -2078,11 +2226,12 @@ Default value:
Installs and configures `mod_disk_cache`.
-* **Note** On Apache 2.4, mod_cache_disk installed.
+* **Note** Apache 2.2, mod_disk_cache installed. On Apache 2.4, mod_cache_disk installed.
+This class is deprecated, use mode_cache_disk instead
* **See also**
* https://httpd.apache.org/docs/2.4/mod/mod_cache_disk.html
- * for additional documentation.
+ * for additional documentation on version 2.4.
#### Parameters
@@ -2100,7 +2249,6 @@ Defines the name of the directory on the disk to contain cache files.
Default depends on the Apache version and operating system:
- Debian: /var/cache/apache2/mod_cache_disk
- FreeBSD: /var/cache/mod_cache_disk
-- Red Hat: /var/cache/httpd/proxy
Default value: `undef`
@@ -3887,7 +4035,7 @@ The following parameters are available in the `apache::mod::mime` class:
##### `mime_support_package`
-Data type: `String`
+Data type: `Optional[String]`
Name of the MIME package to be installed.
@@ -5924,9 +6072,11 @@ The following parameters are available in the `apache::mod::security` class:
* [`custom_rules_set`](#-apache--mod--security--custom_rules_set)
* [`modsec_dir`](#-apache--mod--security--modsec_dir)
* [`modsec_secruleengine`](#-apache--mod--security--modsec_secruleengine)
+* [`debug_log_level`](#-apache--mod--security--debug_log_level)
* [`audit_log_relevant_status`](#-apache--mod--security--audit_log_relevant_status)
* [`audit_log_parts`](#-apache--mod--security--audit_log_parts)
* [`audit_log_type`](#-apache--mod--security--audit_log_type)
+* [`audit_log_format`](#-apache--mod--security--audit_log_format)
* [`audit_log_storage_dir`](#-apache--mod--security--audit_log_storage_dir)
* [`secpcrematchlimit`](#-apache--mod--security--secpcrematchlimit)
* [`secpcrematchlimitrecursion`](#-apache--mod--security--secpcrematchlimitrecursion)
@@ -6021,6 +6171,14 @@ Configures the rules engine.
Default value: `$apache::params::modsec_secruleengine`
+##### `debug_log_level`
+
+Data type: `Integer[0, 9]`
+
+Configures the debug log level.
+
+Default value: `0`
+
##### `audit_log_relevant_status`
Data type: `String`
@@ -6046,6 +6204,14 @@ Defines the type of audit logging mechanism to be used.
Default value: `$apache::params::modsec_audit_log_type`
+##### `audit_log_format`
+
+Data type: `Enum['Native', 'JSON']`
+
+Defines what format the logs should be written in.
+
+Default value: `'Native'`
+
##### `audit_log_storage_dir`
Data type: `Optional[Stdlib::Absolutepath]`
@@ -7544,6 +7710,7 @@ The following parameters are available in the `apache::vhost` defined type:
* [`error_log_format`](#-apache--vhost--error_log_format)
* [`error_documents`](#-apache--vhost--error_documents)
* [`ensure`](#-apache--vhost--ensure)
+* [`show_diff`](#-apache--vhost--show_diff)
* [`fallbackresource`](#-apache--vhost--fallbackresource)
* [`filters`](#-apache--vhost--filters)
* [`h2_copy_files`](#-apache--vhost--h2_copy_files)
@@ -7752,6 +7919,8 @@ The following parameters are available in the `apache::vhost` defined type:
* [`mdomain`](#-apache--vhost--mdomain)
* [`proxy_requests`](#-apache--vhost--proxy_requests)
* [`userdir`](#-apache--vhost--userdir)
+* [`proxy_protocol`](#-apache--vhost--proxy_protocol)
+* [`proxy_protocol_exceptions`](#-apache--vhost--proxy_protocol_exceptions)
##### `access_log`
@@ -8158,6 +8327,14 @@ Specifies if the virtual host is present or absent.
Default value: `'present'`
+##### `show_diff`
+
+Data type: `Boolean`
+
+Specifies whether to set the show_diff parameter for the file resource.
+
+Default value: `true`
+
##### `fallbackresource`
Data type: `Optional[Variant[Stdlib::Absolutepath, Enum['disabled']]]`
@@ -10672,6 +10849,22 @@ Instances of apache::mod::userdir
Default value: `undef`
+##### `proxy_protocol`
+
+Data type: `Optional[Boolean]`
+
+Enable or disable PROXY protocol handling
+
+Default value: `undef`
+
+##### `proxy_protocol_exceptions`
+
+Data type: `Array[Stdlib::Host]`
+
+Disable processing of PROXY header for certain hosts or networks
+
+Default value: `[]`
+
### `apache::vhost::custom`
The `apache::vhost::custom` defined type is a thin wrapper around the `apache::custom_config` defined type, and simply overrides some of its default settings specific to the virtual host directory in Apache.
@@ -11297,113 +11490,149 @@ Alias of
```puppet
Struct[{
- Optional['RedirectURI'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl, Pattern[/^\/[A-Za-z0-9\-\._%\/]*$/]],
- Optional['CryptoPassphrase'] => String,
- Optional['MetadataDir'] => String,
- Optional['ProviderMetadataURL'] => Stdlib::HTTPSUrl,
- Optional['ProviderIssuer'] => String,
- Optional['ProviderAuthorizationEndpoint'] => Stdlib::HTTPSUrl,
- Optional['ProviderJwksUri'] => Stdlib::HTTPSUrl,
- Optional['ProviderTokenEndpoint'] => Stdlib::HTTPSUrl,
- Optional['ProviderTokenEndpointAuth'] => Enum['client_secret_basic', 'client_secret_post', 'client_secret_jwt', 'private_key_jwt', 'none'],
- Optional['ProviderTokenEndpointParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/],
- Optional['ProviderUserInfoEndpoint'] => Stdlib::HTTPSUrl,
- Optional['ProviderCheckSessionIFrame'] => Stdlib::HTTPSUrl,
- Optional['ProviderEndSessionEndpoint'] => Stdlib::HTTPSUrl,
- Optional['ProviderRevocationEndpoint'] => Stdlib::HTTPSUrl,
- Optional['ProviderBackChannelLogoutSupported'] => Enum['On', 'Off'],
- Optional['ProviderRegistrationEndpointJson'] => String,
- Optional['Scope'] => Pattern[/^\"?[A-Za-z0-9\-\._\s]+\"?$/],
- Optional['AuthRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/],
- Optional['SSLValidateServer'] => Enum['On', 'Off'],
- Optional['UserInfoRefreshInterval'] => Integer,
- Optional['JWKSRefreshInterval'] => Integer,
- Optional['UserInfoTokenMethod'] => Enum['authz_header', 'post_param'],
- Optional['ProviderAuthRequestMethod'] => Enum['GET', 'POST'],
- Optional['PublicKeyFiles'] => String,
- Optional['ResponseType'] => Enum['code', 'id_token', 'id_token token', 'code id_token', 'code token', 'code id_token token'],
- Optional['ResponseMode'] => Enum['fragment', 'query', 'form_post'],
- Optional['ClientID'] => String,
- Optional['ClientSecret'] => String,
- Optional['ClientTokenEndpointCert'] => String,
- Optional['ClientTokenEndpointKey'] => String,
- Optional['ClientName'] => String,
- Optional['ClientContact'] => String,
- Optional['PKCDMethod'] => Enum['plain', 'S256', 'referred_tb'],
- Optional['TokenBindingPolicy'] => Enum['disabled', 'optional', 'required', 'enforced'],
- Optional['ClientJwksUri'] => Stdlib::HTTPSUrl,
- Optional['IDTokenSignedResponseAlg'] => Enum['RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512', 'HS256', 'HS384', 'HS512', 'ES256', 'ES384', 'ES512'],
- Optional['IDTokenEncryptedResponseAlg'] => Enum['RSA1_5', 'A128KW', 'A256KW', 'RSA-OAEP'],
- Optional['IDTokenEncryptedResponseAlg'] => Enum['A128CBC-HS256', 'A256CBC-HS512', 'A256GCM'],
- Optional['UserInfoSignedResposeAlg'] => Enum['RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512', 'HS256', 'HS384', 'HS512', 'ES256', 'ES384', 'ES512'],
- Optional['UserInfoEncryptedResponseAlg'] => Enum['RSA1_5', 'A128KW', 'A256KW', 'RSA-OAEP'],
- Optional['UserInfoEncryptedResponseEnc'] => Enum['A128CBC-HS256', 'A256CBC-HS512', 'A256GCM'],
- Optional['OAuthServerMetadataURL'] => Stdlib::HTTPSUrl,
- Optional['AuthIntrospectionEndpoint'] => Stdlib::HTTPSUrl,
- Optional['OAuthClientID'] => String,
- Optional['OAuthClientSecret'] => String,
- Optional['OAuthIntrospectionEndpointAuth'] => Enum['client_secret_basic', 'client_secret_post', 'client_secret_jwt', 'private_key_jwt', 'bearer_access_token', 'none'],
- Optional['OAuthIntrospectionClientAuthBearerToken'] => String,
- Optional['OAuthIntrospectionEndpointCert'] => String,
- Optional['OAuthIntrospectionEndpointKey'] => String,
- Optional['OAuthIntrospectionEndpointMethod'] => Enum['POST', 'GET'],
- Optional['OAuthIntrospectionEndpointParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/],
- Optional['OAuthIntrospectionTokenParamName'] => String,
- Optional['OAuthTokenExpiryClaim'] => Pattern[/^[A-Za-z0-9\-\._]+\s(absolute|relative)\s(mandatory|optional)$/],
- Optional['OAuthSSLValidateServer'] => Enum['On', 'Off'],
- Optional['OAuthVerifySharedKeys'] => String,
- Optional['OAuthVerifyCertFiles'] => String,
- Optional['OAuthVerifyJwksUri'] => Stdlib::HTTPSUrl,
- Optional['OAuthRemoteUserClaim'] => String,
- Optional['OAuthAcceptTokenAs'] => Pattern[/^((header|post|query|cookie\:[A-Za-z0-9\-\._]+|basic)\s?)+$/],
- Optional['OAuthAccessTokenBindingPolicy'] => Enum['disabled', 'optional', 'required', 'enforced'],
- Optional['Cookie'] => String,
- Optional['SessionCookieChunkSize'] => Integer,
- Optional['CookieHTTPOnly'] => Enum['On', 'Off'],
- Optional['CookieSameSite'] => Enum['On', 'Off'],
- Optional['PassCookies'] => String,
- Optional['StripCookies'] => String,
- Optional['StateMaxNumberOfCookies'] => Pattern[/^[0-9]+\s(false|true)$/],
- Optional['SessionInactivityTimeout'] => Integer,
- Optional['SessionMaxDuration'] => Integer,
- Optional['SessionType'] => Pattern[/^(server-cache(:persistent)?|client-cookie(:persistent)?)$/],
- Optional['SessionCacheFallbackToCookie'] => Enum['On', 'Off'],
- Optional['CacheType'] => Enum['shm', 'memcache', 'file', 'redis'],
- Optional['CacheEncrypt'] => Enum['On', 'Off'],
- Optional['CacheShmMax'] => Integer,
- Optional['CacheShmEntrySizeMax'] => Integer,
- Optional['CacheFileCleanInterval'] => Integer,
- Optional['MemCacheServers'] => String,
- Optional['RedisCacheServer'] => String,
- Optional['RedisCachePassword'] => String,
- Optional['DiscoverURL'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl],
- Optional['HTMLErrorTemplate'] => String,
- Optional['DefaultURL'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl],
- Optional['PathScope'] => Pattern[/^\"?[A-Za-z0-9\-\._\s]+\"?$/],
- Optional['PathAuthRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/],
- Optional['IDTokenIatSlack'] => Integer,
- Optional['ClaimPrefix'] => String,
- Optional['ClaimDelimiter'] => Pattern[/^.$/],
- Optional['RemoteUserClaim'] => String,
- Optional['PassIDTokenAs'] => Pattern[/^((claims|payload|serialized)\s?)+$/],
- Optional['PassUserInfoAs'] => Pattern[/^((claims|json|jwt)\s?)+$/],
- Optional['PassClaimsAs'] => Enum['none', 'headers', 'environment', 'both'],
- Optional['AuthNHeader'] => String,
- Optional['HTTPTimeoutLong'] => Integer,
- Optional['HTTPTimeoutShort'] => Integer,
- Optional['StateTimeout'] => Integer,
- Optional['ScrubRequestHeaders'] => Enum['On', 'Off'],
- Optional['OutgoingProxy'] => String,
- Optional['UnAuthAction'] => Enum['auth', 'pass', '401', '410'],
- Optional['UnAuthzAction'] => Enum['401', '403', 'auth'],
- Optional['PreservePost'] => Enum['On', 'Off'],
- Optional['PassRefreshToken'] => Enum['On', 'Off'],
- Optional['RequestObject'] => String,
- Optional['ProviderMetadataRefreshInterval'] => Integer,
- Optional['InfoHook'] => Pattern[/^((iat|access_token|access_token_expires|id_token|userinfo|refresh_token|session)\s?)+$/],
- Optional['BlackListedClaims'] => String,
- Optional['WhiteListedClaims'] => String,
- Optional['RefreshAccessTokenBeforeExpiry'] => Pattern[/^[0-9]+(\slogout_on_error)?$/],
+ Optional['RedirectURI'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl, Pattern[/^\/[A-Za-z0-9\-\._%\/]*$/]],
+ Optional['CryptoPassphrase'] => String[1],
+ Optional['MetadataDir'] => String[1],
+ Optional['ProviderMetadataURL'] => Stdlib::HTTPSUrl,
+ Optional['ProviderIssuer'] => String[1],
+ Optional['ProviderAuthorizationEndpoint'] => Stdlib::HTTPSUrl,
+ Optional['ProviderJwksUri'] => Stdlib::HTTPSUrl,
+ Optional['ProviderTokenEndpoint'] => Stdlib::HTTPSUrl,
+ Optional['ProviderTokenEndpointAuth'] => Enum['client_secret_basic', 'client_secret_post', 'client_secret_jwt', 'private_key_jwt', 'none'],
+ Optional['ProviderTokenEndpointParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/],
+ Optional['ProviderUserInfoEndpoint'] => Stdlib::HTTPSUrl,
+ Optional['ProviderCheckSessionIFrame'] => Stdlib::HTTPSUrl,
+ Optional['ProviderEndSessionEndpoint'] => Stdlib::HTTPSUrl,
+ Optional['ProviderRevocationEndpoint'] => Stdlib::HTTPSUrl,
+ Optional['ProviderBackChannelLogoutSupported'] => Apache::OnOff,
+ Optional['ProviderRegistrationEndpointJson'] => String[1],
+ Optional['Scope'] => Pattern[/^\"?[A-Za-z0-9\-\._\s]+\"?$/],
+ Optional['AuthRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/],
+ Optional['SSLValidateServer'] => Apache::OnOff ,
+ Optional['UserInfoRefreshInterval'] => Variant[Integer[-1], Pattern[/^[0-9]+(\s+(logout_on_error|authenticate_on_error|502_on_error))?$/]],
+ Optional['JWKSRefreshInterval'] => Integer[-1],
+ Optional['UserInfoTokenMethod'] => Enum['authz_header', 'post_param'],
+ Optional['ProviderAuthRequestMethod'] => Enum['GET', 'POST', 'PAR'],
+ Optional['PublicKeyFiles'] => String[1],
+ Optional['PrivateKeyFiles'] => String[1],
+ Optional['ResponseType'] => Enum['code', 'id_token', 'id_token token', 'code id_token', 'code token', 'code id_token token'],
+ Optional['ResponseMode'] => Enum['fragment', 'query', 'form_post'],
+ Optional['ClientID'] => String[1],
+ Optional['ClientSecret'] => String[1],
+ Optional['ClientTokenEndpointCert'] => String[1],
+ Optional['ClientTokenEndpointKey'] => String[1],
+ Optional['ClientTokenEndpointKeyPassword'] => String[1],
+ Optional['ClientName'] => String[1],
+ Optional['ClientContact'] => String[1],
+ Optional['PKCEMethod'] => Enum['plain', 'S256', 'referred_tb', 'none'],
+ Optional['TokenBindingPolicy'] => Enum['disabled', 'optional', 'required', 'enforced'],
+ Optional['ClientJwksUri'] => Stdlib::HTTPSUrl,
+ Optional['IDTokenSignedResponseAlg'] => Enum['RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512', 'HS256', 'HS384', 'HS512', 'ES256', 'ES384', 'ES512'],
+ Optional['IDTokenEncryptedResponseAlg'] => Enum['RSA1_5', 'A128KW', 'A256KW', 'RSA-OAEP'],
+ Optional['IDTokenEncryptedResponseEnc'] => Enum['A128CBC-HS256', 'A256CBC-HS512', 'A256GCM'],
+ Optional['UserInfoSignedResponseAlg'] => Enum['RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512', 'HS256', 'HS384', 'HS512', 'ES256', 'ES384', 'ES512'],
+ Optional['UserInfoEncryptedResponseAlg'] => Enum['RSA1_5', 'A128KW', 'A256KW', 'RSA-OAEP'],
+ Optional['UserInfoEncryptedResponseEnc'] => Enum['A128CBC-HS256', 'A256CBC-HS512', 'A256GCM'],
+ Optional['OAuthServerMetadataURL'] => Stdlib::HTTPSUrl,
+ Optional['AuthIntrospectionEndpoint'] => Stdlib::HTTPSUrl,
+ Optional['OAuthClientID'] => String[1],
+ Optional['OAuthClientSecret'] => String[1],
+ Optional['OAuthIntrospectionEndpoint'] => String[1],
+ Optional['OAuthIntrospectionEndpointAuth'] => Enum['client_secret_basic', 'client_secret_post', 'client_secret_jwt', 'private_key_jwt', 'bearer_access_token', 'none'],
+ Optional['OAuthIntrospectionClientAuthBearerToken'] => String[1],
+ Optional['OAuthIntrospectionEndpointCert'] => String[1],
+ Optional['OAuthIntrospectionEndpointKey'] => String[1],
+ Optional['OAuthIntrospectionEndpointKeyPassword'] => String[1],
+ Optional['OAuthIntrospectionEndpointMethod'] => Enum['POST', 'GET'],
+ Optional['OAuthIntrospectionEndpointParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/],
+ Optional['OAuthIntrospectionTokenParamName'] => String[1],
+ Optional['OAuthTokenExpiryClaim'] => Pattern[/^[A-Za-z0-9\-\._]+(\s(absolute|relative))?(\s(mandatory|optional))?$/],
+ Optional['OAuthTokenIntrospectionInterval'] => Integer[-1],
+ Optional['OAuthSSLValidateServer'] => Apache::OnOff,
+ Optional['OAuthVerifySharedKeys'] => String[1],
+ Optional['OAuthVerifyCertFiles'] => String[1],
+ Optional['OAuthVerifyJwksUri'] => Stdlib::HTTPSUrl,
+ Optional['OAuthRemoteUserClaim'] => String[1],
+ Optional['OAuthAcceptTokenAs'] => Pattern[/^((header|post|query|cookie\:[A-Za-z0-9\-\._]+|basic)\s?)+$/],
+ Optional['OAuthAccessTokenBindingPolicy'] => Enum['disabled', 'optional', 'required', 'enforced'],
+ Optional['Cookie'] => String[1],
+ Optional['CookieDomain'] => String[1],
+ Optional['CookiePath'] => String[1],
+ Optional['SessionCookieChunkSize'] => Integer[-1],
+ Optional['CookieHTTPOnly'] => Apache::OnOff,
+ Optional['CookieSameSite'] => Apache::OnOff,
+ Optional['PassCookies'] => String[1],
+ Optional['StripCookies'] => String[1],
+ Optional['StateMaxNumberOfCookies'] => Pattern[/^[0-9]+(\s(false|true))?$/],
+ Optional['SessionInactivityTimeout'] => Integer[-1],
+ Optional['SessionMaxDuration'] => Integer[-1],
+ Optional['SessionType'] => Pattern[/^(server-cache(:persistent)?|client-cookie(:persistent|:store_id_token|:persistent:store_id_token)?)$/],
+ Optional['SessionCacheFallbackToCookie'] => Apache::OnOff,
+ Optional['CacheType'] => Enum['shm', 'memcache', 'file', 'redis'],
+ Optional['CacheDir'] => String[1],
+ Optional['CacheEncrypt'] => Apache::OnOff,
+ Optional['CacheShmMax'] => Integer[-1],
+ Optional['CacheShmEntrySizeMax'] => Integer[-1],
+ Optional['CacheFileCleanInterval'] => Integer[-1],
+ Optional['MemCacheServers'] => String[1],
+ Optional['MemCacheConnectionsHMax'] => Integer[-1],
+ Optional['MemCacheConnectionsMin'] => Integer[-1],
+ Optional['MemCacheConnectionsSMax'] => Integer[-1],
+ Optional['MemCacheConnectionsTTL'] => Integer[-1],
+ Optional['RedisCacheServer'] => String[1],
+ Optional['RedisCachePassword'] => String,
+ Optional['RedisCacheConnectTimeout'] => Pattern[/^[0-9]+(\s[0-9]+)?$/],
+ Optional['RedisCacheDatabase'] => Integer[-1],
+ Optional['RedisCacheTimeout'] => Integer[-1],
+ Optional['RedisCacheUsername'] => String[1],
+ Optional['DiscoverURL'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl],
+ Optional['HTMLErrorTemplate'] => String[1],
+ Optional['DefaultURL'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl],
+ Optional['PathScope'] => Pattern[/^\"?[A-Za-z0-9\-\._\s]+\"?$/],
+ Optional['PathAuthRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/],
+ Optional['IDTokenIatSlack'] => Integer[-1],
+ Optional['ClaimPrefix'] => String,
+ Optional['ClaimDelimiter'] => Pattern[/^.$/],
+ Optional['RemoteUserClaim'] => String[1],
+ Optional['PassIDTokenAs'] => Pattern[/^((claims|payload|serialized)\s?)+$/],
+ Optional['PassUserInfoAs'] => Pattern[/^((claims|json(:([A-Za-z0-9\-\._])+)?|(signed_)?jwt(:([A-Za-z0-9\-\._])+)?)\s?)+$/],
+ Optional['PassClaimsAs'] => Pattern[/^(none|headers|environment|both)?\s?(latin1|base64url|none)?$/],
+ Optional['AuthNHeader'] => String[1],
+ Optional['HTTPTimeoutLong'] => Integer[-1],
+ Optional['HTTPTimeoutShort'] => Integer[-1],
+ Optional['StateTimeout'] => Integer[-1],
+ Optional['ScrubRequestHeaders'] => Apache::OnOff,
+ Optional['OutgoingProxy'] => String[1],
+ Optional['UnAuthAction'] => Pattern[/^(auth|pass|401|407|410)(\s.*)?$/],
+ Optional['UnAutzAction'] => Pattern[/^(401|403|302|auth)(\s.*)?$/],
+ Optional['PreservePost'] => Apache::OnOff,
+ Optional['PreservePostTemplates'] => String[1],
+ Optional['PassRefreshToken'] => Apache::OnOff,
+ Optional['RequestObject'] => String[1],
+ Optional['ProviderMetadataRefreshInterval'] => Integer[-1],
+ Optional['InfoHook'] => Pattern[/^((iat|access_token|access_token_expires|id_token|id_token_hint|userinfo|refresh_token|exp|timeout|remote_user|session)\s?)+$/],
+ Optional['BlackListedClaims'] => String[1],
+ Optional['WhiteListedClaims'] => String[1],
+ Optional['RefreshAccessTokenBeforeExpiry'] => Pattern[/^[0-9]+(\s(logout_on_error|authenticate_on_error|502_on_error))?$/],
+ Optional['XForwardedHeaders'] => String[1],
+ Optional['CABundlePath'] => String[1],
+ Optional['DefaultLoggedOutURL'] => String[1],
+ Optional['DPoPMode'] => String[1],
+ Optional['FilterClaimsExpr'] => String[1],
+ Optional['LogoutRequestParams'] => Pattern[/^[^=]+=[^&]+(&[^=]+=[^&]+)*$/],
+ Optional['LogoutXFrameOptions'] => String[1],
+ Optional['MetricsData'] => String[1],
+ Optional['MetricsPublish'] => String[1],
+ Optional['PassAccessToken'] => Apache::OnOff,
+ Optional['ProviderPushedAuthorizationRequestEndpoint'] => Stdlib::HttpUrl,
+ Optional['ProviderSignedJwksUri'] => String[1],
+ Optional['ProviderVerifyCertFiles'] => String[1],
+ Optional['RedirectURLsAllowed'] => String[1],
+ Optional['StateCookiePrefix'] => String,
+ Optional['StateInputHeaders'] => Enum['user-agent', 'x-forwarded-for', 'both', 'none'],
+ Optional['TraceParent'] => Enum['off', 'generate', 'propagate'],
+ Optional['UserInfoClaimsExpr'] => String[1],
+ Optional['ValidateIssuer'] => Apache::OnOff,
}]
```
diff --git a/Rakefile b/Rakefile
index f761e13c04..2df73113cd 100644
--- a/Rakefile
+++ b/Rakefile
@@ -4,88 +4,8 @@ require 'bundler'
require 'puppet_litmus/rake_tasks' if Gem.loaded_specs.key? 'puppet_litmus'
require 'puppetlabs_spec_helper/rake_tasks'
require 'puppet-syntax/tasks/puppet-syntax'
-require 'github_changelog_generator/task' if Gem.loaded_specs.key? 'github_changelog_generator'
require 'puppet-strings/tasks' if Gem.loaded_specs.key? 'puppet-strings'
-def changelog_user
- return unless Rake.application.top_level_tasks.include? "changelog"
- returnVal = nil || JSON.load(File.read('metadata.json'))['author']
- raise "unable to find the changelog_user in .sync.yml, or the author in metadata.json" if returnVal.nil?
- puts "GitHubChangelogGenerator user:#{returnVal}"
- returnVal
-end
-
-def changelog_project
- return unless Rake.application.top_level_tasks.include? "changelog"
-
- returnVal = nil
- returnVal ||= begin
- metadata_source = JSON.load(File.read('metadata.json'))['source']
- metadata_source_match = metadata_source && metadata_source.match(%r{.*\/([^\/]*?)(?:\.git)?\Z})
-
- metadata_source_match && metadata_source_match[1]
- end
-
- raise "unable to find the changelog_project in .sync.yml or calculate it from the source in metadata.json" if returnVal.nil?
-
- puts "GitHubChangelogGenerator project:#{returnVal}"
- returnVal
-end
-
-def changelog_future_release
- return unless Rake.application.top_level_tasks.include? "changelog"
- returnVal = "v%s" % JSON.load(File.read('metadata.json'))['version']
- raise "unable to find the future_release (version) in metadata.json" if returnVal.nil?
- puts "GitHubChangelogGenerator future_release:#{returnVal}"
- returnVal
-end
-
PuppetLint.configuration.send('disable_relative')
PuppetLint.configuration.send('disable_anchor_resource')
PuppetLint.configuration.send('disable_140chars')
-
-
-if Gem.loaded_specs.key? 'github_changelog_generator'
- GitHubChangelogGenerator::RakeTask.new :changelog do |config|
- raise "Set CHANGELOG_GITHUB_TOKEN environment variable eg 'export CHANGELOG_GITHUB_TOKEN=valid_token_here'" if Rake.application.top_level_tasks.include? "changelog" and ENV['CHANGELOG_GITHUB_TOKEN'].nil?
- config.user = "#{changelog_user}"
- config.project = "#{changelog_project}"
- config.since_tag = "3.2.0"
- config.future_release = "#{changelog_future_release}"
- config.exclude_labels = ['maintenance']
- config.header = "# Change log\n\nAll notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org)."
- config.add_pr_wo_labels = true
- config.issues = false
- config.merge_prefix = "### UNCATEGORIZED PRS; LABEL THEM ON GITHUB"
- config.configure_sections = {
- "Changed" => {
- "prefix" => "### Changed",
- "labels" => ["backwards-incompatible"],
- },
- "Added" => {
- "prefix" => "### Added",
- "labels" => ["enhancement", "feature"],
- },
- "Fixed" => {
- "prefix" => "### Fixed",
- "labels" => ["bug", "documentation", "bugfix"],
- },
- }
- end
-else
- desc 'Generate a Changelog from GitHub'
- task :changelog do
- raise < 1.15'
- condition: "Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.3.0')"
-EOM
- end
-end
-
diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp
index b03b2660b5..50f04ba26e 100644
--- a/manifests/default_mods.pp
+++ b/manifests/default_mods.pp
@@ -13,10 +13,7 @@
case $facts['os']['family'] {
'RedHat': {
::apache::mod { 'log_config': }
- if $facts['os']['name'] != 'Amazon' and $use_systemd {
- ::apache::mod { 'systemd': }
- }
- if ($facts['os']['name'] == 'Amazon' and $facts['os']['release']['full'] == '2') {
+ if $use_systemd {
::apache::mod { 'systemd': }
}
::apache::mod { 'unixd': }
@@ -69,8 +66,6 @@
'FreeBSD': {
include apache::mod::actions
include apache::mod::authn_core
- include apache::mod::cache
- include apache::mod::disk_cache
include apache::mod::filter
include apache::mod::headers
include apache::mod::info
diff --git a/manifests/mod/cache.pp b/manifests/mod/cache.pp
index a822ae9aa4..d31cebd3f0 100644
--- a/manifests/mod/cache.pp
+++ b/manifests/mod/cache.pp
@@ -1,8 +1,58 @@
# @summary
# Installs `mod_cache`
-#
+#
+# @param cache_ignore_headers
+# Specifies HTTP header(s) that should not be stored in the cache.
+#
+# @param cache_default_expire
+# The default duration to cache a document when no expiry date is specified.
+#
+# @param cache_max_expire
+# The maximum time in seconds to cache a document
+#
+# @param cache_ignore_no_lastmod
+# Ignore the fact that a response has no Last Modified header.
+#
+# @param cache_header
+# Add an X-Cache header to the response.
+#
+# @param cache_lock
+# Enable the thundering herd lock.
+#
+# @param cache_ignore_cache_control
+# Ignore request to not serve cached content to client
+#
# @see https://httpd.apache.org/docs/current/mod/mod_cache.html for additional documentation.
#
-class apache::mod::cache {
- ::apache::mod { 'cache': }
+class apache::mod::cache (
+ Array[String[1]] $cache_ignore_headers = [],
+ Optional[Integer] $cache_default_expire = undef,
+ Optional[Integer] $cache_max_expire = undef,
+ Optional[Apache::OnOff] $cache_ignore_no_lastmod = undef,
+ Optional[Apache::OnOff] $cache_header = undef,
+ Optional[Apache::OnOff] $cache_lock = undef,
+ Optional[Apache::OnOff] $cache_ignore_cache_control = undef,
+) {
+ include apache
+ apache::mod { 'cache': }
+
+ $_configuration_file_name = 'cache.conf'
+
+ file { $_configuration_file_name:
+ ensure => file,
+ path => "${apache::mod_dir}/${_configuration_file_name}",
+ mode => $apache::file_mode,
+ content => epp('apache/mod/cache.conf.epp', {
+ cache_ignore_headers => $cache_ignore_headers,
+ cache_default_expire => $cache_default_expire,
+ cache_max_expire => $cache_max_expire,
+ cache_ignore_no_lastmod => $cache_ignore_no_lastmod,
+ cache_header => $cache_header,
+ cache_lock => $cache_lock,
+ cache_ignore_cache_control => $cache_ignore_cache_control,
+ }),
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
+ notify => Class['apache::service'],
+ }
}
diff --git a/manifests/mod/cache_disk.pp b/manifests/mod/cache_disk.pp
new file mode 100644
index 0000000000..c8752fc4f3
--- /dev/null
+++ b/manifests/mod/cache_disk.pp
@@ -0,0 +1,85 @@
+# @summary
+# Installs and configures `mod_cache_disk`.
+#
+# @description
+# This will install an configure the proper module depending on the used apache version, so
+# - mod_cache_disk for apache version >= 2.4
+# - mod_disk_cache for older apache versions
+#
+# @param cache_root
+# Defines the name of the directory on the disk to contain cache files.
+# Default depends on the Apache version and operating system:
+# - Debian: /var/cache/apache2/mod_cache_disk
+# - FreeBSD: /var/cache/mod_cache_disk
+# - Red Hat: /var/cache/httpd/proxy
+#
+# @param cache_enable
+# Defines an array of directories to cache, the default is none
+#
+# @param cache_dir_length
+# The number of characters in subdirectory names
+#
+# @param cache_dir_levels
+# The number of levels of subdirectories in the cache.
+#
+# @param cache_max_filesize
+# The maximum size (in bytes) of a document to be placed in the cache
+#
+# @param cache_ignore_headers
+# DEPRECATED Ignore request to not serve cached content to client (included for compatibility reasons to support disk_cache)
+#
+# @param configuration_file_name
+# DEPRECATED Name of module configuration file (used for the compatibility layer for disk_cache)
+#
+# @see https://httpd.apache.org/docs/2.4/mod/mod_cache_disk.html
+#
+class apache::mod::cache_disk (
+ Optional[Stdlib::Absolutepath] $cache_root = undef,
+ Array[String] $cache_enable = [],
+ Optional[Integer] $cache_dir_length = undef,
+ Optional[Integer] $cache_dir_levels = undef,
+ Optional[Integer] $cache_max_filesize = undef,
+ Optional[String] $cache_ignore_headers = undef,
+ Optional[String] $configuration_file_name = undef,
+) {
+ include apache
+
+ if $cache_ignore_headers {
+ deprecation(
+ 'apache::mod::cache_disk',
+ 'The parameter cache_ignore_headers is deprecated. Please use apache::mod::cache::cache_ignore_headers instead.'
+ )
+ }
+
+ $_cache_root = $cache_root ? {
+ undef => $facts['os']['family'] ? {
+ 'debian' => '/var/cache/apache2/mod_cache_disk',
+ 'redhat' => '/var/cache/httpd/proxy',
+ 'freebsd' => '/var/cache/mod_cache_disk',
+ },
+ default => $cache_root,
+ }
+ $_configuration_file_name = pick($configuration_file_name, 'cache_disk.conf')
+ $_class_name = 'apache::mod::cache_disk'
+
+ apache::mod { 'cache_disk': }
+
+ Class['apache::mod::cache'] -> Class[$_class_name]
+
+ file { $_configuration_file_name:
+ ensure => file,
+ path => "${apache::mod_dir}/${_configuration_file_name}",
+ mode => $apache::file_mode,
+ content => epp('apache/mod/cache_disk.conf.epp', {
+ cache_root => $_cache_root,
+ cache_enable => $cache_enable,
+ cache_dir_length => $cache_dir_length,
+ cache_dir_levels => $cache_dir_levels,
+ cache_max_filesize => $cache_max_filesize,
+ cache_ignore_headers => $cache_ignore_headers,
+ }),
+ require => Exec["mkdir ${apache::mod_dir}"],
+ before => File[$apache::mod_dir],
+ notify => Class['apache::service'],
+ }
+}
diff --git a/manifests/mod/disk_cache.pp b/manifests/mod/disk_cache.pp
index 4a3dc35883..92e56e23f3 100644
--- a/manifests/mod/disk_cache.pp
+++ b/manifests/mod/disk_cache.pp
@@ -1,12 +1,11 @@
# @summary
# Installs and configures `mod_disk_cache`.
-#
+#
# @param cache_root
# Defines the name of the directory on the disk to contain cache files.
# Default depends on the Apache version and operating system:
# - Debian: /var/cache/apache2/mod_cache_disk
# - FreeBSD: /var/cache/mod_cache_disk
-# - Red Hat: /var/cache/httpd/proxy
#
# @param cache_ignore_headers
# Specifies HTTP header(s) that should not be stored in the cache.
@@ -17,44 +16,24 @@
# You can then control this behaviour in individual vhosts by explicitly defining CacheEnable.
#
# @note
-# On Apache 2.4, mod_cache_disk installed.
+# Apache 2.2, mod_disk_cache installed. On Apache 2.4, mod_cache_disk installed.
+# This class is deprecated, use mode_cache_disk instead
#
-# @see https://httpd.apache.org/docs/2.4/mod/mod_cache_disk.html for additional documentation.
+# @see https://httpd.apache.org/docs/2.4/mod/mod_cache_disk.html for additional documentation on version 2.4.
#
class apache::mod::disk_cache (
Optional[Stdlib::Absolutepath] $cache_root = undef,
Optional[String] $cache_ignore_headers = undef,
Boolean $default_cache_enable = true,
) {
- include apache
- if $cache_root {
- $_cache_root = $cache_root
- } else {
- $_cache_root = $facts['os']['family'] ? {
- 'Debian' => '/var/cache/apache2/mod_cache_disk',
- 'RedHat' => '/var/cache/httpd/proxy',
- 'FreeBSD' => '/var/cache/mod_cache_disk',
- }
- }
-
- apache::mod { 'cache_disk': }
-
- Class['apache::mod::cache'] -> Class['apache::mod::disk_cache']
-
- $parameters = {
- 'default_cache_enable' => $default_cache_enable,
- '_cache_root' => $_cache_root,
- 'cache_ignore_headers' => $cache_ignore_headers,
- }
+ deprecation('apache::mod::disk_cache', 'This class is deprecated; please use apache::mod::cache_disk')
- # Template uses $_cache_root
- file { 'disk_cache.conf':
- ensure => file,
- path => "${apache::mod_dir}/disk_cache.conf",
- mode => $apache::file_mode,
- content => epp('apache/mod/disk_cache.conf.epp', $parameters),
- require => Exec["mkdir ${apache::mod_dir}"],
- before => File[$apache::mod_dir],
- notify => Class['apache::service'],
+ class { 'apache::mod::cache_disk':
+ cache_root => $cache_root,
+ cache_enable => ['/'],
+ cache_ignore_headers => $cache_ignore_headers,
+ cache_dir_length => 1,
+ cache_dir_levels => 2,
+ configuration_file_name => 'cache_disk.conf'
}
}
diff --git a/manifests/mod/mime.pp b/manifests/mod/mime.pp
index b70e9257de..36312e3abb 100644
--- a/manifests/mod/mime.pp
+++ b/manifests/mod/mime.pp
@@ -13,9 +13,9 @@
# @see https://httpd.apache.org/docs/current/mod/mod_mime.html for additional documentation.
#
class apache::mod::mime (
- String $mime_support_package = $apache::params::mime_support_package,
- String $mime_types_config = $apache::params::mime_types_config,
- Optional[Hash] $mime_types_additional = undef,
+ Optional[String] $mime_support_package = $apache::params::mime_support_package,
+ String $mime_types_config = $apache::params::mime_types_config,
+ Optional[Hash] $mime_types_additional = undef,
) inherits apache::params {
include apache
$_mime_types_additional = pick($mime_types_additional, $apache::mime_types_additional)
diff --git a/manifests/mod/php.pp b/manifests/mod/php.pp
index 2d10e02b4b..62b0eca2ea 100644
--- a/manifests/mod/php.pp
+++ b/manifests/mod/php.pp
@@ -111,8 +111,8 @@
if ($_package_name == 'apache2-mod_php7' and versioncmp($facts['os']['release']['major'], '15') >= 0 and versioncmp($facts['os']['release']['minor'], '3') == 1) {
exec { 'enable legacy repos':
path => '/bin:/usr/bin/:/sbin:/usr/sbin',
- command => 'SUSEConnect --product sle-module-legacy/15.5/x86_64',
- unless => 'SUSEConnect --status-text | grep sle-module-legacy/15.5/x86_64',
+ command => "SUSEConnect --product sle-module-legacy/${facts['os']['release']['major']}.${facts['os']['release']['minor']}/x86_64",
+ unless => "SUSEConnect --status-text | grep sle-module-legacy/${facts['os']['release']['major']}.${facts['os']['release']['minor']}/x86_64",
}
}
diff --git a/manifests/mod/prefork.pp b/manifests/mod/prefork.pp
index 1138d8314b..24cf217f43 100644
--- a/manifests/mod/prefork.pp
+++ b/manifests/mod/prefork.pp
@@ -94,7 +94,7 @@
}
'Suse': {
::apache::mpm { 'prefork':
- lib_path => '/usr/lib64/apache2-prefork',
+ lib_path => '/usr/lib64/apache2-prefork',
}
}
'Gentoo': {
diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp
index a64be57f8a..27de2e8a42 100644
--- a/manifests/mod/security.pp
+++ b/manifests/mod/security.pp
@@ -23,6 +23,9 @@
# @param modsec_secruleengine
# Configures the rules engine.
#
+# @param debug_log_level
+# Configures the debug log level.
+#
# @param audit_log_relevant_status
# Configures which response status code is to be considered relevant for the purpose of audit logging.
#
@@ -32,6 +35,9 @@
#
# @param audit_log_type
# Defines the type of audit logging mechanism to be used.
+#
+# @param audit_log_format
+# Defines what format the logs should be written in.
#
# @param audit_log_storage_dir
# Defines the directory where concurrent audit log entries are to be stored. This directive is only needed when concurrent audit logging is used.
@@ -140,9 +146,11 @@
Optional[Array[String]] $custom_rules_set = $apache::params::modsec_custom_rules_set,
Stdlib::Absolutepath $modsec_dir = $apache::params::modsec_dir,
String $modsec_secruleengine = $apache::params::modsec_secruleengine,
+ Integer[0, 9] $debug_log_level = 0,
String $audit_log_relevant_status = '^(?:5|4(?!04))',
String $audit_log_parts = $apache::params::modsec_audit_log_parts,
String $audit_log_type = $apache::params::modsec_audit_log_type,
+ Enum['Native', 'JSON'] $audit_log_format = 'Native',
Optional[Stdlib::Absolutepath] $audit_log_storage_dir = undef,
Integer $secpcrematchlimit = $apache::params::secpcrematchlimit,
Integer $secpcrematchlimitrecursion = $apache::params::secpcrematchlimitrecursion,
@@ -256,7 +264,9 @@
'audit_log_relevant_status' => $audit_log_relevant_status,
'audit_log_parts' => $audit_log_parts,
'audit_log_type' => $audit_log_type,
+ 'audit_log_format' => $audit_log_format,
'audit_log_storage_dir' => $audit_log_storage_dir,
+ 'debug_log_level' => $debug_log_level,
'logroot' => $logroot,
}
diff --git a/manifests/params.pp b/manifests/params.pp
index 404a27bedb..60318ef6aa 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -202,6 +202,7 @@
'authnz_pam' => 'mod_authnz_pam',
'fcgid' => 'mod_fcgid',
'geoip' => 'mod_geoip',
+ 'http2' => 'mod_http2',
'intercept_form_submit' => 'mod_intercept_form_submit',
'ldap' => 'mod_ldap',
'lookup_identity' => 'mod_lookup_identity',
@@ -470,8 +471,8 @@
$keepalive = 'On'
$keepalive_timeout = 15
$max_keepalive_requests = 100
- $mime_support_package = 'mime-support'
$mime_types_config = '/etc/mime.types'
+ $mime_support_package = undef
$docroot = '/var/www/html'
$cas_cookie_path = '/var/cache/apache2/mod_auth_cas/'
$mellon_lock_file = undef
diff --git a/manifests/vhost.pp b/manifests/vhost.pp
index 8caaa9386d..03c86938b0 100644
--- a/manifests/vhost.pp
+++ b/manifests/vhost.pp
@@ -238,6 +238,9 @@
# @param ensure
# Specifies if the virtual host is present or absent.
#
+# @param show_diff
+# Specifies whether to set the show_diff parameter for the file resource.
+#
# @param fallbackresource
# Sets the [FallbackResource](https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource)
# directive, which specifies an action to take for any URL that doesn't map to anything in
@@ -1702,6 +1705,11 @@
# @param userdir
# Instances of apache::mod::userdir
#
+# @param proxy_protocol
+# Enable or disable PROXY protocol handling
+#
+# @param proxy_protocol_exceptions
+# Disable processing of PROXY header for certain hosts or networks
define apache::vhost (
Variant[Stdlib::Absolutepath, Boolean] $docroot,
Boolean $manage_docroot = true,
@@ -1836,6 +1844,7 @@
Variant[Array[String], String] $setenvifnocase = [],
Variant[Array[String], String] $block = [],
Enum['absent', 'present'] $ensure = 'present',
+ Boolean $show_diff = true,
Optional[String] $wsgi_application_group = undef,
Optional[Variant[String, Hash]] $wsgi_daemon_process = undef,
Optional[Hash] $wsgi_daemon_process_options = undef,
@@ -1962,6 +1971,8 @@
Apache::OIDCSettings $oidc_settings = {},
Optional[Variant[Boolean, String]] $mdomain = undef,
Optional[Variant[String[1], Array[String[1]]]] $userdir = undef,
+ Optional[Boolean] $proxy_protocol = undef,
+ Array[Stdlib::Host] $proxy_protocol_exceptions = [],
) {
# The base class must be included first because it is used by parameter defaults
if ! defined(Class['apache']) {
@@ -2195,14 +2206,15 @@
}
concat { "${priority_real}${filename}.conf":
- ensure => $ensure,
- path => "${apache::vhost_dir}/${priority_real}${filename}.conf",
- owner => 'root',
- group => $apache::params::root_group,
- mode => $apache::file_mode,
- order => 'numeric',
- require => Package['httpd'],
- notify => Class['apache::service'],
+ ensure => $ensure,
+ path => "${apache::vhost_dir}/${priority_real}${filename}.conf",
+ owner => 'root',
+ group => $apache::params::root_group,
+ mode => $apache::file_mode,
+ show_diff => $show_diff,
+ order => 'numeric',
+ require => Package['httpd'],
+ notify => Class['apache::service'],
}
# NOTE(pabelanger): This code is duplicated in ::apache::vhost::custom and
# needs to be converted into something generic.
@@ -2346,7 +2358,7 @@
}
}
- if 'request_headers' in $directory {
+ if 'request_headers' in $directory or 'headers' in $directory {
include apache::mod::headers
}
@@ -2559,7 +2571,7 @@
concat::fragment { "${name}-serveralias":
target => "${priority_real}${filename}.conf",
order => 210,
- content => epp('apache/vhost/_serveralias.epp', { 'serveraliases' => $serveraliases }),
+ content => epp('apache/vhost/_serveralias.epp', { 'serveraliases' => [$serveraliases].flatten }),
}
}
@@ -2715,7 +2727,7 @@
concat::fragment { "${name}-suexec":
target => "${priority_real}${filename}.conf",
order => 290,
- content => "SuexecUserGroup ${suexec_user_group}",
+ content => " SuexecUserGroup ${suexec_user_group}\n",
}
}
@@ -2946,7 +2958,22 @@
concat::fragment { "${name}-use_canonical_name":
target => "${priority_real}${filename}.conf",
order => 360,
- content => "UseCanonicalName ${use_canonical_name}",
+ content => " UseCanonicalName ${use_canonical_name}\n",
+ }
+ }
+
+ if $proxy_protocol != undef {
+ include apache::mod::remoteip
+
+ $proxy_protocol_params = {
+ proxy_protocol => $proxy_protocol,
+ proxy_protocol_exceptions => $proxy_protocol_exceptions,
+ }
+
+ concat::fragment { "${name}-proxy_protocol":
+ target => "${priority_real}${filename}.conf",
+ order => 400,
+ content => epp('apache/vhost/_proxy_protocol.epp', $proxy_protocol_params),
}
}
diff --git a/metadata.json b/metadata.json
index 7cc69917f4..473938b825 100644
--- a/metadata.json
+++ b/metadata.json
@@ -1,6 +1,6 @@
{
"name": "puppetlabs-apache",
- "version": "11.1.0",
+ "version": "12.3.1",
"author": "puppetlabs",
"summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.",
"license": "Apache-2.0",
@@ -49,7 +49,8 @@
"operatingsystem": "Debian",
"operatingsystemrelease": [
"10",
- "11"
+ "11",
+ "12"
]
},
{
@@ -87,7 +88,7 @@
}
],
"description": "Module for Apache configuration",
- "pdk-version": "3.0.0",
+ "pdk-version": "3.2.0",
"template-url": "https://github.com/puppetlabs/pdk-templates.git#main",
- "template-ref": "heads/main-0-g01c6a19"
+ "template-ref": "tags/3.2.0.4-0-g5d17ec1"
}
diff --git a/spec/acceptance/mod_php_spec.rb b/spec/acceptance/mod_php_spec.rb
index 5c9f41e21f..8fd3dc9c29 100644
--- a/spec/acceptance/mod_php_spec.rb
+++ b/spec/acceptance/mod_php_spec.rb
@@ -20,6 +20,7 @@ class { 'apache::mod::php': }
content => "\\n",
}
MANIFEST
+
it 'succeeds in puppeting php' do
apply_manifest(pp, catch_failures: true)
end
@@ -36,7 +37,7 @@ class { 'apache::mod::php': }
describe file("#{apache_hash['mod_dir']}/php7.4.conf") do
it { is_expected.to contain 'DirectoryIndex index.php' }
end
- elsif os[:family] == 'debian' && os[:release] =~ %r{^12\.}
+ elsif os[:family] == 'debian' && os[:release] =~ %r{^12}
describe file("#{apache_hash['mod_dir']}/php8.2.conf") do
it { is_expected.to contain 'DirectoryIndex index.php' }
end
diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb
index ae126471a5..0152d5b7f5 100644
--- a/spec/acceptance/vhost_spec.rb
+++ b/spec/acceptance/vhost_spec.rb
@@ -452,6 +452,25 @@ class { 'apache': }
auth_require => 'valid-user',
satisfy => 'Any',
},
+ {
+ path => '/var/www/files/authz',
+ auth_type => 'Basic',
+ auth_name => 'Basic Auth',
+ authz_core => {
+ require_all => {
+ require_any => {
+ require => [
+ '127.0.0.1'
+ '10.10.10.10'
+ ],
+ require_all => {
+ auth_user_file => ['/var/www/htpasswd'],
+ require => ['valid-user'],
+ },
+ },
+ }
+ }
+ },
],
}
file { '/var/www/files/foo':
@@ -463,6 +482,9 @@ class { 'apache': }
file { '/var/www/files/baz':
ensure => directory,
}
+ file { '/var/www/files/authz':
+ ensure => directory,
+ }
file { '/var/www/files/foo/index.html':
ensure => file,
content => "Hello World\\n",
@@ -475,6 +497,10 @@ class { 'apache': }
ensure => file,
content => "Hello World\\n",
}
+ file { '/var/www/files/authz/index.html':
+ ensure => file,
+ content => "Hello World\\n",
+ }
file { '/var/www/htpasswd':
ensure => file,
content => "login:IZ7jMcLSx0oQk", # "password" as password
@@ -499,6 +525,10 @@ class { 'apache': }
expect(result.stderr).to match(%r{curl: \(22\) The requested URL returned error: 401})
expect(result.exit_code).to eq 22
expect(run_shell('/usr/bin/curl -sSf -u login:password files.example.net:80/baz/index.html').stdout).to eq("Hello World\n")
+ result = run_shell('/usr/bin/curl -sSf files.example.net:80/authz/index.html', expect_failures: true)
+ expect(result.stderr).to match(%r{curl: \(22\) The requested URL returned error: 401})
+ expect(result.exit_code).to eq 22
+ expect(run_shell('/usr/bin/curl -sSf -u login:password files.example.net:80/authz/index.html').stdout).to eq("Hello World\n")
end
end
end
diff --git a/spec/classes/mod/cache_disk_spec.rb b/spec/classes/mod/cache_disk_spec.rb
new file mode 100644
index 0000000000..fdd55fa8d9
--- /dev/null
+++ b/spec/classes/mod/cache_disk_spec.rb
@@ -0,0 +1,120 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'apache::mod::cache_disk', type: :class do
+ context 'on a Debian OS' do
+ include_examples 'Debian 11'
+
+ let(:params) do
+ {
+ cache_enable: ['/'],
+ }
+ end
+
+ let :pre_condition do
+ 'class{ "apache":
+ default_mods => ["cache"],
+ mod_dir => "/tmp/junk",
+ }'
+ end
+
+ it { is_expected.to compile }
+ it { is_expected.to contain_class('apache::mod::cache_disk') }
+ it { is_expected.to contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Cache_disk]') }
+ it { is_expected.to contain_apache__mod('cache_disk') }
+
+ default_config = %r{CacheEnable disk /\nCacheRoot "/var/cache/apache2/mod_cache_disk"}
+
+ it { is_expected.to contain_file('cache_disk.conf').with(content: default_config) }
+
+ describe 'with multiple cache_enable parameters' do
+ let(:params) do
+ {
+ cache_enable: ['/', '/something'],
+ }
+ end
+
+ it {
+ expect(subject).to contain_file('cache_disk.conf')
+ .with(content: %r{CacheEnable disk /\nCacheEnable disk /something\nCacheRoot "/var/cache/apache2/mod_cache_disk"})
+ }
+ end
+
+ describe 'with cache_dir_length' do
+ let(:params) do
+ {
+ cache_dir_length: 2,
+ cache_enable: ['/'],
+ }
+ end
+
+ it {
+ expect(subject).to contain_file('cache_disk.conf')
+ .with(content: %r{#{default_config}\nCacheDirLength 2})
+ }
+ end
+
+ describe 'with cache_dir_levels' do
+ let(:params) do
+ {
+ cache_dir_levels: 2,
+ cache_enable: ['/'],
+ }
+ end
+
+ it {
+ expect(subject).to contain_file('cache_disk.conf')
+ .with(content: %r{#{default_config}\nCacheDirLevels 2})
+ }
+ end
+ end
+
+ context 'on a RedHat 8-based OS' do
+ include_examples 'RedHat 8'
+
+ let(:params) do
+ {
+ cache_enable: ['/'],
+ }
+ end
+
+ let :pre_condition do
+ 'class{ "apache":
+ default_mods => ["cache"],
+ mod_dir => "/tmp/junk",
+ }'
+ end
+
+ it { is_expected.to compile }
+
+ it {
+ expect(subject).to contain_file('cache_disk.conf')
+ .with(content: %r{CacheEnable disk /\nCacheRoot "/var/cache/httpd/proxy"})
+ }
+ end
+
+ context 'on a FreeBSD OS' do
+ include_examples 'FreeBSD 10'
+
+ let(:params) do
+ {
+ cache_enable: ['/'],
+ }
+ end
+
+ let :pre_condition do
+ 'class{ "apache":
+ default_mods => ["cache"],
+ mod_dir => "/tmp/junk",
+ }'
+ end
+
+ it { is_expected.to compile }
+
+ it {
+ expect(subject).to contain_file('cache_disk.conf')
+ .with(content: %r{CacheEnable disk /\nCacheRoot "/var/cache/mod_cache_disk"})
+ }
+ end
+end
diff --git a/spec/classes/mod/cache_spec.rb b/spec/classes/mod/cache_spec.rb
new file mode 100644
index 0000000000..3e98a3e679
--- /dev/null
+++ b/spec/classes/mod/cache_spec.rb
@@ -0,0 +1,122 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'apache::mod::cache', type: :class do
+ context 'on a Debian OS' do
+ include_examples 'Debian 11'
+
+ it { is_expected.to compile }
+ it { is_expected.to contain_class('apache::mod::cache') }
+ it { is_expected.to contain_apache__mod('cache') }
+
+ it {
+ expect(subject).to contain_file('cache.conf')
+ .with(content: '')
+ }
+
+ describe 'with cache_ignore_headers' do
+ let(:params) do
+ {
+ cache_ignore_headers: ['Set-Cookie'],
+ }
+ end
+
+ it {
+ expect(subject).to contain_file('cache.conf')
+ .with(content: %r{CacheIgnoreHeaders Set-Cookie})
+ }
+ end
+
+ describe 'with cache_ignore_headers' do
+ let(:params) do
+ {
+ cache_ignore_headers: ['Set-Cookie', 'X-Forwarded-For', 'Cross-Origin-Embedder-Policy', 'Expires', 'Access-Control-Allow-Headers'],
+ }
+ end
+
+ it {
+ expect(subject).to contain_file('cache.conf')
+ .with(content: %r{CacheIgnoreHeaders Access-Control-Allow-Headers Cross-Origin-Embedder-Policy Expires Set-Cookie X-Forwarded-For})
+ }
+ end
+
+ describe 'with cache_default_expire' do
+ let(:params) do
+ {
+ cache_default_expire: 2000,
+ }
+ end
+
+ it {
+ expect(subject).to contain_file('cache.conf')
+ .with(content: %r{CacheDefaultExpire 2000})
+ }
+ end
+
+ describe 'with cache_max_expire' do
+ let(:params) do
+ {
+ cache_max_expire: 2000,
+ }
+ end
+
+ it {
+ expect(subject).to contain_file('cache.conf')
+ .with(content: %r{CacheMaxExpire 2000})
+ }
+ end
+
+ describe 'with cache_ignore_no_lastmod' do
+ let(:params) do
+ {
+ cache_ignore_no_lastmod: 'On',
+ }
+ end
+
+ it {
+ expect(subject).to contain_file('cache.conf')
+ .with(content: %r{CacheIgnoreNoLastMod On})
+ }
+ end
+
+ describe 'with cache_header' do
+ let(:params) do
+ {
+ cache_header: 'On',
+ }
+ end
+
+ it {
+ expect(subject).to contain_file('cache.conf')
+ .with(content: %r{CacheHeader On})
+ }
+ end
+
+ describe 'with cache_lock' do
+ let(:params) do
+ {
+ cache_lock: 'On',
+ }
+ end
+
+ it {
+ expect(subject).to contain_file('cache.conf')
+ .with(content: %r{CacheLock On})
+ }
+ end
+
+ describe 'with cache_ignore_cache_control' do
+ let(:params) do
+ {
+ cache_ignore_cache_control: 'On',
+ }
+ end
+
+ it {
+ expect(subject).to contain_file('cache.conf')
+ .with(content: %r{CacheIgnoreCacheControl On})
+ }
+ end
+ end
+end
diff --git a/spec/classes/mod/disk_cache_spec.rb b/spec/classes/mod/disk_cache_spec.rb
index ce840bdcf6..9438d0886d 100644
--- a/spec/classes/mod/disk_cache_spec.rb
+++ b/spec/classes/mod/disk_cache_spec.rb
@@ -14,18 +14,18 @@
let :pre_condition do
'class{ "apache":
- default_mods => ["cache"],
+ default_mods => ["cache", "disk_cache"],
mod_dir => "/tmp/junk",
}'
end
it { is_expected.to compile }
it { is_expected.to contain_class('apache::mod::disk_cache') }
- it { is_expected.to contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Disk_cache]') }
+ it { is_expected.to contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Cache_disk]') }
it { is_expected.to contain_apache__mod('cache_disk') }
it {
- expect(subject).to contain_file('disk_cache.conf')
+ expect(subject).to contain_file('cache_disk.conf')
.with(content: %r{CacheEnable disk /\nCacheRoot "/var/cache/apache2/mod_cache_disk"\nCacheDirLevels 2\nCacheDirLength 1\nCacheIgnoreHeaders Set-Cookie})
}
@@ -34,11 +34,11 @@
it { is_expected.to compile }
it { is_expected.to contain_class('apache::mod::disk_cache') }
- it { is_expected.to contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Disk_cache]') }
+ it { is_expected.to contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Cache_disk]') }
it { is_expected.to contain_apache__mod('cache_disk') }
it {
- expect(subject).to contain_file('disk_cache.conf')
+ expect(subject).to contain_file('cache_disk.conf')
.with(content: %r{CacheRoot "/var/cache/apache2/mod_cache_disk"\nCacheDirLevels 2\nCacheDirLength 1\n})
}
end
@@ -48,11 +48,11 @@
it { is_expected.to compile }
it { is_expected.to contain_class('apache::mod::disk_cache') }
- it { is_expected.to contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Disk_cache]') }
+ it { is_expected.to contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Cache_disk]') }
it { is_expected.to contain_apache__mod('cache_disk') }
it {
- expect(subject).to contain_file('disk_cache.conf')
+ expect(subject).to contain_file('cache_disk.conf')
.with(content: %r{CacheEnable disk /\nCacheRoot "/var/cache/apache2/mod_cache_disk"\nCacheDirLevels 2\nCacheDirLength 1\n})
}
end
@@ -83,7 +83,7 @@
it { is_expected.to contain_apache__mod('cache_disk') }
it {
- expect(subject).to contain_file('disk_cache.conf')
+ expect(subject).to contain_file('cache_disk.conf')
.with(content: %r{CacheEnable disk /\nCacheRoot "/var/cache/httpd/proxy"\nCacheDirLevels 2\nCacheDirLength 1\nCacheIgnoreHeaders Set-Cookie})
}
@@ -92,11 +92,11 @@
it { is_expected.to compile }
it { is_expected.to contain_class('apache::mod::disk_cache') }
- it { is_expected.to contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Disk_cache]') }
+ it { is_expected.to contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Cache_disk]') }
it { is_expected.to contain_apache__mod('cache_disk') }
it {
- expect(subject).to contain_file('disk_cache.conf')
+ expect(subject).to contain_file('cache_disk.conf')
.with(content: %r{CacheRoot "/var/cache/httpd/proxy"\nCacheDirLevels 2\nCacheDirLength 1\n})
}
end
@@ -106,11 +106,11 @@
it { is_expected.to compile }
it { is_expected.to contain_class('apache::mod::disk_cache') }
- it { is_expected.to contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Disk_cache]') }
+ it { is_expected.to contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Cache_disk]') }
it { is_expected.to contain_apache__mod('cache_disk') }
it {
- expect(subject).to contain_file('disk_cache.conf')
+ expect(subject).to contain_file('cache_disk.conf')
.with(content: %r{CacheEnable disk /\nCacheRoot "/var/cache/httpd/proxy"\nCacheDirLevels 2\nCacheDirLength 1\n})
}
end
@@ -140,11 +140,11 @@
it { is_expected.to compile }
it { is_expected.to contain_class('apache::mod::disk_cache') }
- it { is_expected.to contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Disk_cache]') }
+ it { is_expected.to contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Cache_disk]') }
it { is_expected.to contain_apache__mod('cache_disk') }
it {
- expect(subject).to contain_file('disk_cache.conf')
+ expect(subject).to contain_file('cache_disk.conf')
.with(content: %r{CacheEnable disk /\nCacheRoot "/var/cache/mod_cache_disk"\nCacheDirLevels 2\nCacheDirLength 1\nCacheIgnoreHeaders Set-Cookie})
}
@@ -153,11 +153,11 @@
it { is_expected.to compile }
it { is_expected.to contain_class('apache::mod::disk_cache') }
- it { is_expected.to contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Disk_cache]') }
+ it { is_expected.to contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Cache_disk]') }
it { is_expected.to contain_apache__mod('cache_disk') }
it {
- expect(subject).to contain_file('disk_cache.conf')
+ expect(subject).to contain_file('cache_disk.conf')
.with(content: %r{CacheRoot "/var/cache/mod_cache_disk"\nCacheDirLevels 2\nCacheDirLength 1\n})
}
end
@@ -167,11 +167,11 @@
it { is_expected.to compile }
it { is_expected.to contain_class('apache::mod::disk_cache') }
- it { is_expected.to contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Disk_cache]') }
+ it { is_expected.to contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Cache_disk]') }
it { is_expected.to contain_apache__mod('cache_disk') }
it {
- expect(subject).to contain_file('disk_cache.conf')
+ expect(subject).to contain_file('cache_disk.conf')
.with(content: %r{CacheEnable disk /\nCacheRoot "/var/cache/mod_cache_disk"\nCacheDirLevels 2\nCacheDirLength 1\n})
}
end
diff --git a/spec/classes/mod/http2_spec.rb b/spec/classes/mod/http2_spec.rb
index 3046914d06..54130e36c7 100644
--- a/spec/classes/mod/http2_spec.rb
+++ b/spec/classes/mod/http2_spec.rb
@@ -85,4 +85,11 @@
it { is_expected.to contain_file('http2.conf').with(content: expected_content) }
end
end
+
+ context 'on Red Hat 8' do
+ include_examples 'RedHat 8' do
+ it { is_expected.to contain_class('apache::mod::http2') }
+ it { is_expected.to contain_package('mod_http2') }
+ end
+ end
end
diff --git a/spec/classes/mod/php_spec.rb b/spec/classes/mod/php_spec.rb
index 8c4e774d63..9cb56b04d7 100644
--- a/spec/classes/mod/php_spec.rb
+++ b/spec/classes/mod/php_spec.rb
@@ -91,7 +91,7 @@
it {
expect(subject).to contain_file('php8.2.load').with(
- content: "LoadModule php8_module /usr/lib/apache2/modules/libphp8.2.so\n",
+ content: "LoadModule php_module /usr/lib/apache2/modules/libphp8.2.so\n",
)
}
end
diff --git a/spec/classes/mod/security_spec.rb b/spec/classes/mod/security_spec.rb
index ec41852199..1263777670 100644
--- a/spec/classes/mod/security_spec.rb
+++ b/spec/classes/mod/security_spec.rb
@@ -102,7 +102,9 @@
audit_log_relevant_status: '^(?:5|4(?!01|04))',
audit_log_parts: 'ABCDZ',
audit_log_type: 'Concurrent',
+ audit_log_format: 'JSON',
audit_log_storage_dir: '/var/log/httpd/audit',
+ debug_log_level: 3,
secdefaultaction: 'deny,status:406,nolog,auditlog',
secrequestbodyaccess: 'Off',
secresponsebodyaccess: 'On',
@@ -114,8 +116,10 @@
it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecAuditLogRelevantStatus "\^\(\?:5\|4\(\?!01\|04\)\)"$} }
it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecAuditLogParts ABCDZ$} }
it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecAuditLogType Concurrent$} }
+ it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecAuditLogFormat JSON$} }
it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecAuditLogStorageDir /var/log/httpd/audit$} }
it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecRequestBodyAccess Off$} }
+ it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecDebugLogLevel 3$} }
it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecResponseBodyAccess On$} }
it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecRequestBodyLimitAction ProcessPartial$} }
it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecResponseBodyLimitAction Reject$} }
diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb
index ffa82f1087..b80fd61b0e 100644
--- a/spec/defines/vhost_spec.rb
+++ b/spec/defines/vhost_spec.rb
@@ -139,7 +139,8 @@
{
'enforce' => 'any',
'requires' => ['any-valid1', 'any-valid2']
- }
+ },
+ 'enable_sendfile' => 'On',
},
{
'path' => '*',
@@ -316,6 +317,24 @@
'mellon_cond' => ['isMemberOf "cn=example-access,ou=Groups,o=example,o=com" [MAP]'],
'mellon_session_length' => '300'
},
+ {
+ 'path' => '/secure',
+ 'provider' => 'location',
+ 'auth_type' => 'Basic',
+ 'authz_core' => {
+ 'require_all' => {
+ 'require_any' => {
+ 'require' => ['user superadmin'],
+ 'require_all' => {
+ 'require' => ['group admins', 'ldap-group "cn=Administrators,o=Airius"'],
+ },
+ },
+ 'require_none' => {
+ 'require' => ['group temps', 'ldap-group "cn=Temporary Employees,o=Airius"']
+ }
+ }
+ }
+ },
],
'error_log' => false,
'error_log_file' => 'httpd_error_log',
@@ -532,11 +551,13 @@
'ClientSecret' => 'aae053a9-4abf-4824-8956-e94b2af335c8',
'CryptoPassphrase' => '4ad1bb46-9979-450e-ae58-c696967df3cd' },
'mdomain' => 'example.com example.net auto',
- 'userdir' => 'disabled'
+ 'userdir' => 'disabled',
+ 'proxy_protocol' => true,
+ 'proxy_protocol_exceptions' => ['127.0.0.1', '10.0.0.0/8'],
}
end
- it { is_expected.to compile }
+ it { is_expected.to compile.with_all_deps }
it { is_expected.not_to contain_file('/var/www/foo') }
it { is_expected.to contain_class('apache::mod::ssl') }
@@ -589,6 +610,7 @@
it {
expect(subject).to contain_concat('30-rspec.example.com.conf').with('owner' => 'root',
'mode' => '0644',
+ 'show_diff' => true,
'require' => 'Package[httpd]',
'notify' => 'Class[Apache::Service]')
}
@@ -629,6 +651,7 @@
.with_content(%r{^\s+Require valid-user$})
.with_content(%r{^\s+Require all denied$})
.with_content(%r{^\s+Require all granted$})
+ .with_content(%r{^\s+Require user superadmin$})
.with_content(%r{^\s+$})
.with_content(%r{^\s+$})
.with_content(%r{^\s+Require all-valid1$})
@@ -641,6 +664,7 @@
.with_content(%r{^\s+$})
.with_content(%r{^\s+Require any-valid1$})
.with_content(%r{^\s+Require any-valid2$})
+ .with_content(%r{^\s+EnableSendfile On$})
.with_content(%r{^\s+LDAPReferrals off$})
.with_content(%r{^\s+ProxyPass http://backend-b/ retry=0 timeout=5 noquery interpolate$})
.with_content(%r{^\s+ProxyPassMatch http://backend-b/ retry=0 timeout=5 noquery interpolate$})
@@ -776,7 +800,7 @@
}
it { is_expected.to contain_concat__fragment('rspec.example.com-scriptalias') }
- it { is_expected.to contain_concat__fragment('rspec.example.com-serveralias') }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-serveralias').with_content(%r{^ ServerAlias test-example\.com$}) }
it {
expect(subject).to contain_concat__fragment('rspec.example.com-setenv')
@@ -946,6 +970,13 @@
content: %r{^MDomain example\.com example\.net auto$},
)
}
+
+ it {
+ expect(subject).to contain_concat__fragment('rspec.example.com-proxy_protocol')
+ .with_content(%r{^\s+RemoteIPProxyProtocol On$})
+ .with_content(%r{^\s+RemoteIPProxyProtocolExceptions 127\.0\.0\.1$})
+ .with_content(%r{^\s+RemoteIPProxyProtocolExceptions 10\.0\.0\.0/8$})
+ }
end
context 'vhost with proxy_add_headers true' do
@@ -1221,6 +1252,28 @@
it { is_expected.not_to contain_concat__fragment('NameVirtualHost 127.0.0.1:8080') }
end
+ describe 'serveraliases parameter' do
+ let(:params) { default_params.merge(serveraliases: serveraliases) }
+
+ context 'with a string' do
+ let(:serveraliases) { 'alias.example.com' }
+
+ it { is_expected.to compile.with_all_deps }
+ it { is_expected.to contain_concat__fragment('rspec.example.com-serveralias').with_content(%r{^ ServerAlias alias\.example\.com$}) }
+ end
+
+ context 'with an array' do
+ let(:serveraliases) { ['alias1.example.com', 'alias2.example.com'] }
+
+ it { is_expected.to compile.with_all_deps }
+ it do
+ expect(subject).to contain_concat__fragment('rspec.example.com-serveralias')
+ .with_content(%r{^ ServerAlias alias1\.example\.com$})
+ .with_content(%r{^ ServerAlias alias2\.example\.com$})
+ end
+ end
+ end
+
context 'vhost with multiple ip addresses, multiple ports' do
let :params do
{
@@ -1505,6 +1558,7 @@
'error_log_pipe' => '/dev/null',
'docroot' => '/var/www/foo',
'ensure' => 'absent',
+ 'show_diff' => false,
'manage_docroot' => true,
'logroot' => '/tmp/logroot',
'logroot_ensure' => 'absent'
@@ -1534,7 +1588,8 @@
}
it {
- expect(subject).to contain_concat('25-rspec.example.com.conf').with('ensure' => 'absent')
+ expect(subject).to contain_concat('25-rspec.example.com.conf').with('ensure' => 'absent',
+ 'show_diff' => false)
}
it { is_expected.to contain_concat__fragment('rspec.example.com-apache-header') }
diff --git a/spec/setup_acceptance_node.pp b/spec/setup_acceptance_node.pp
index 6f3150006c..641c9d4f24 100644
--- a/spec/setup_acceptance_node.pp
+++ b/spec/setup_acceptance_node.pp
@@ -10,8 +10,8 @@
if (versioncmp($facts['os']['release']['major'], '15') >= 0 and versioncmp($facts['os']['release']['minor'], '3') == 1) {
exec { 'enable legacy repos':
path => '/bin:/usr/bin/:/sbin:/usr/sbin',
- command => 'SUSEConnect --product sle-module-legacy/15.5/x86_64',
- unless => 'SUSEConnect --status-text | grep sle-module-legacy/15.5/x86_64',
+ command => "SUSEConnect --product sle-module-legacy/${facts['os']['release']['major']}.${facts['os']['release']['minor']}/x86_64",
+ unless => "SUSEConnect --status-text | grep sle-module-legacy/${facts['os']['release']['major']}.${facts['os']['release']['minor']}/x86_64",
}
}
# needed for netstat, for serverspec checks
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index 6820cebee7..ae7c1f6818 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -25,7 +25,8 @@
next unless File.exist?(f) && File.readable?(f) && File.size?(f)
begin
- default_facts.merge!(YAML.safe_load(File.read(f), permitted_classes: [], permitted_symbols: [], aliases: true))
+ require 'deep_merge'
+ default_facts.deep_merge!(YAML.safe_load(File.read(f), permitted_classes: [], permitted_symbols: [], aliases: true))
rescue StandardError => e
RSpec.configuration.reporter.message "WARNING: Unable to load #{f}: #{e}"
end
@@ -33,7 +34,7 @@
# read default_facts and merge them over what is provided by facterdb
default_facts.each do |fact, value|
- add_custom_fact fact, value
+ add_custom_fact fact, value, merge_facts: true
end
RSpec.configure do |c|
diff --git a/templates/mod/cache.conf.epp b/templates/mod/cache.conf.epp
new file mode 100644
index 0000000000..354f3b52b8
--- /dev/null
+++ b/templates/mod/cache.conf.epp
@@ -0,0 +1,30 @@
+<% |
+ Optional[Array[String[1]]] $cache_ignore_headers = undef,
+ Optional[Integer] $cache_default_expire = undef,
+ Optional[Integer] $cache_max_expire = undef,
+ Optional[Apache::OnOff] $cache_ignore_no_lastmod = undef,
+ Optional[Apache::OnOff] $cache_header = undef,
+ Optional[Apache::OnOff] $cache_lock = undef,
+ Optional[Apache::OnOff] $cache_ignore_cache_control = undef,
+| -%>
+<%- if $cache_default_expire { -%>
+CacheDefaultExpire <%= $cache_default_expire %>
+<%- } -%>
+<%- if $cache_max_expire { -%>
+CacheMaxExpire <%= $cache_max_expire %>
+<%- } -%>
+<%- if $cache_ignore_no_lastmod { -%>
+CacheIgnoreNoLastMod <%= $cache_ignore_no_lastmod %>
+<%- } -%>
+<%- if $cache_header { -%>
+CacheHeader <%= $cache_header %>
+<%- } -%>
+<%- if $cache_lock { -%>
+CacheLock <%= $cache_lock %>
+<%- } -%>
+<%- if $cache_ignore_cache_control { -%>
+CacheIgnoreCacheControl <%= $cache_ignore_cache_control %>
+<%- } -%>
+<%- if ! empty($cache_ignore_headers) { -%>
+CacheIgnoreHeaders <%= $cache_ignore_headers.sort.join(' ') %>
+<%- } -%>
diff --git a/templates/mod/cache_disk.conf.epp b/templates/mod/cache_disk.conf.epp
new file mode 100644
index 0000000000..6ae5a7b130
--- /dev/null
+++ b/templates/mod/cache_disk.conf.epp
@@ -0,0 +1,26 @@
+<% |
+ Optional[String] $cache_root = undef,
+ Array[String] $cache_enable = [],
+ Optional[Integer] $cache_dir_length = undef,
+ Optional[Integer] $cache_dir_levels = undef,
+ Optional[Integer] $cache_max_filesize = undef,
+ Optional[String] $cache_ignore_headers = undef,
+| -%>
+<%- if $cache_enable { -%>
+ <%- $cache_enable.each |$enable| { -%>
+CacheEnable disk <%= $enable %>
+ <%- } -%>
+<%- } -%>
+CacheRoot "<%= $cache_root %>"
+<%- if $cache_dir_levels { -%>
+CacheDirLevels <%= $cache_dir_levels %>
+<%- } -%>
+<%- if $cache_dir_length { -%>
+CacheDirLength <%= $cache_dir_length %>
+<%- } -%>
+<%- if $cache_max_filesize { -%>
+CacheMaxFileSize <%= $cache_max_filesize %>
+<%- } -%>
+<%- if $cache_ignore_headers { -%>
+CacheIgnoreHeaders <%= $cache_ignore_headers -%>
+<%- } -%>
diff --git a/templates/mod/disk_cache.conf.epp b/templates/mod/disk_cache.conf.epp
deleted file mode 100644
index 2cfc0e647a..0000000000
--- a/templates/mod/disk_cache.conf.epp
+++ /dev/null
@@ -1,9 +0,0 @@
-<% if $default_cache_enable { -%>
-CacheEnable disk /
-<% } -%>
-CacheRoot "<%= $_cache_root %>"
-CacheDirLevels 2
-CacheDirLength 1
-<% if $cache_ignore_headers { -%>
-CacheIgnoreHeaders <%= $cache_ignore_headers -%>
-<% } -%>
\ No newline at end of file
diff --git a/templates/mod/security.conf.epp b/templates/mod/security.conf.epp
index dbca254b30..059c763557 100644
--- a/templates/mod/security.conf.epp
+++ b/templates/mod/security.conf.epp
@@ -44,11 +44,14 @@
SecResponseBodyMimeType text/plain text/html text/xml
SecResponseBodyLimit 524288
SecResponseBodyLimitAction <%= $secresponsebodylimitaction %>
- SecDebugLogLevel 0
+ SecDebugLogLevel <%= $debug_log_level %>
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus "<%= $audit_log_relevant_status %>"
SecAuditLogParts <%= $audit_log_parts %>
SecAuditLogType <%= $audit_log_type %>
+ <%- if $audit_log_format == 'JSON' { -%>
+ SecAuditLogFormat JSON
+ <%- } -%>
<%- if $audit_log_storage_dir { -%>
SecAuditLogStorageDir <%= $audit_log_storage_dir %>
<%- } -%>
diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb
index ba072523fc..60b7eb9176 100644
--- a/templates/vhost/_directories.erb
+++ b/templates/vhost/_directories.erb
@@ -19,8 +19,11 @@
<%- path = directory['path'] -%>
<<%= provider %> "<%= path %>">
- <%- if directory['headers'] -%>
- <%- Array(directory['headers']).each do |header| -%>
+ <%- if directory['enable_sendfile'] -%>
+ EnableSendfile <%= directory['enable_sendfile'] %>
+ <%- end -%>
+ <%- if directory['headers'] -%>
+ <%- Array(directory['headers']).each do |header| -%>
Header <%= header %>
<%- end -%>
<%- end -%>
@@ -548,7 +551,7 @@
<%= directory['custom_fragment'] %>
<%- end -%>
<%- if directory['authz_core'] -%>
- <%= scope.call_function('epp',["apache/vhost/_authz_core.epp", 'authz_core_config' => scope.call_function('apache::authz_core_config', directory['authz_core'])]) -%>
+ <%= scope.call_function('epp',["apache/vhost/_authz_core.epp", 'authz_core_config' => scope.call_function('apache::authz_core_config', [ directory['authz_core'] ]) ]) -%>
<%- end -%>
<%- if directory['gssapi'] -%>
<%= scope.call_function('epp',["apache/vhost/_gssapi.epp", directory['gssapi']]) -%>
diff --git a/templates/vhost/_file_header.epp b/templates/vhost/_file_header.epp
index 0fce926354..0958130b9c 100644
--- a/templates/vhost/_file_header.epp
+++ b/templates/vhost/_file_header.epp
@@ -40,4 +40,4 @@ MDomain <%= $servername %>
<% } -%>
<% if $limitreqbody { -%>
LimitRequestBody <%= $limitreqbody %>
-<% } %>
+<% } -%>
diff --git a/templates/vhost/_proxy_protocol.epp b/templates/vhost/_proxy_protocol.epp
new file mode 100644
index 0000000000..d022f74c5b
--- /dev/null
+++ b/templates/vhost/_proxy_protocol.epp
@@ -0,0 +1,8 @@
+<%- |
+ Boolean $proxy_protocol,
+ Array[Stdlib::Host] $proxy_protocol_exceptions,
+| -%>
+ RemoteIPProxyProtocol <%= apache::bool2httpd($proxy_protocol) %>
+<% $proxy_protocol_exceptions.each |$exception| { -%>
+ RemoteIPProxyProtocolExceptions <%= $exception %>
+<% } -%>
diff --git a/templates/vhost/_serveralias.epp b/templates/vhost/_serveralias.epp
index 5b9abb2817..1baf18c9b0 100644
--- a/templates/vhost/_serveralias.epp
+++ b/templates/vhost/_serveralias.epp
@@ -1,7 +1,8 @@
+<%- | Array[String] $serveraliases | -%>
<% unless $serveraliases.empty { -%>
## Server aliases
- <%- Array($serveraliases).each |$serveralias| { -%>
+ <%- $serveraliases.each |$serveralias| { -%>
ServerAlias <%= $serveralias %>
<%- } -%>
<% } -%>
diff --git a/templates/vhost/_suexec.epp b/templates/vhost/_suexec.epp
deleted file mode 100644
index da0f3eb59d..0000000000
--- a/templates/vhost/_suexec.epp
+++ /dev/null
@@ -1,4 +0,0 @@
-<% if $suexec_user_group { -%>
-
-SuexecUserGroup <%= $suexec_user_group %>
-<% } -%>
diff --git a/types/oidcsettings.pp b/types/oidcsettings.pp
index 7dd2afca16..3988f13098 100644
--- a/types/oidcsettings.pp
+++ b/types/oidcsettings.pp
@@ -1,112 +1,148 @@
# https://github.com/zmartzone/mod_auth_openidc/blob/master/auth_openidc.conf
type Apache::OIDCSettings = Struct[
{
- Optional['RedirectURI'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl, Pattern[/^\/[A-Za-z0-9\-\._%\/]*$/]],
- Optional['CryptoPassphrase'] => String,
- Optional['MetadataDir'] => String,
- Optional['ProviderMetadataURL'] => Stdlib::HTTPSUrl,
- Optional['ProviderIssuer'] => String,
- Optional['ProviderAuthorizationEndpoint'] => Stdlib::HTTPSUrl,
- Optional['ProviderJwksUri'] => Stdlib::HTTPSUrl,
- Optional['ProviderTokenEndpoint'] => Stdlib::HTTPSUrl,
- Optional['ProviderTokenEndpointAuth'] => Enum['client_secret_basic', 'client_secret_post', 'client_secret_jwt', 'private_key_jwt', 'none'],
- Optional['ProviderTokenEndpointParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/],
- Optional['ProviderUserInfoEndpoint'] => Stdlib::HTTPSUrl,
- Optional['ProviderCheckSessionIFrame'] => Stdlib::HTTPSUrl,
- Optional['ProviderEndSessionEndpoint'] => Stdlib::HTTPSUrl,
- Optional['ProviderRevocationEndpoint'] => Stdlib::HTTPSUrl,
- Optional['ProviderBackChannelLogoutSupported'] => Enum['On', 'Off'],
- Optional['ProviderRegistrationEndpointJson'] => String,
- Optional['Scope'] => Pattern[/^\"?[A-Za-z0-9\-\._\s]+\"?$/],
- Optional['AuthRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/],
- Optional['SSLValidateServer'] => Enum['On', 'Off'],
- Optional['UserInfoRefreshInterval'] => Integer,
- Optional['JWKSRefreshInterval'] => Integer,
- Optional['UserInfoTokenMethod'] => Enum['authz_header', 'post_param'],
- Optional['ProviderAuthRequestMethod'] => Enum['GET', 'POST'],
- Optional['PublicKeyFiles'] => String,
- Optional['ResponseType'] => Enum['code', 'id_token', 'id_token token', 'code id_token', 'code token', 'code id_token token'],
- Optional['ResponseMode'] => Enum['fragment', 'query', 'form_post'],
- Optional['ClientID'] => String,
- Optional['ClientSecret'] => String,
- Optional['ClientTokenEndpointCert'] => String,
- Optional['ClientTokenEndpointKey'] => String,
- Optional['ClientName'] => String,
- Optional['ClientContact'] => String,
- Optional['PKCDMethod'] => Enum['plain', 'S256', 'referred_tb'],
- Optional['TokenBindingPolicy'] => Enum['disabled', 'optional', 'required', 'enforced'],
- Optional['ClientJwksUri'] => Stdlib::HTTPSUrl,
- Optional['IDTokenSignedResponseAlg'] => Enum['RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512', 'HS256', 'HS384', 'HS512', 'ES256', 'ES384', 'ES512'],
- Optional['IDTokenEncryptedResponseAlg'] => Enum['RSA1_5', 'A128KW', 'A256KW', 'RSA-OAEP'],
- Optional['IDTokenEncryptedResponseAlg'] => Enum['A128CBC-HS256', 'A256CBC-HS512', 'A256GCM'],
- Optional['UserInfoSignedResposeAlg'] => Enum['RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512', 'HS256', 'HS384', 'HS512', 'ES256', 'ES384', 'ES512'],
- Optional['UserInfoEncryptedResponseAlg'] => Enum['RSA1_5', 'A128KW', 'A256KW', 'RSA-OAEP'],
- Optional['UserInfoEncryptedResponseEnc'] => Enum['A128CBC-HS256', 'A256CBC-HS512', 'A256GCM'],
- Optional['OAuthServerMetadataURL'] => Stdlib::HTTPSUrl,
- Optional['AuthIntrospectionEndpoint'] => Stdlib::HTTPSUrl,
- Optional['OAuthClientID'] => String,
- Optional['OAuthClientSecret'] => String,
- Optional['OAuthIntrospectionEndpointAuth'] => Enum['client_secret_basic', 'client_secret_post', 'client_secret_jwt', 'private_key_jwt', 'bearer_access_token', 'none'],
- Optional['OAuthIntrospectionClientAuthBearerToken'] => String,
- Optional['OAuthIntrospectionEndpointCert'] => String,
- Optional['OAuthIntrospectionEndpointKey'] => String,
- Optional['OAuthIntrospectionEndpointMethod'] => Enum['POST', 'GET'],
- Optional['OAuthIntrospectionEndpointParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/],
- Optional['OAuthIntrospectionTokenParamName'] => String,
- Optional['OAuthTokenExpiryClaim'] => Pattern[/^[A-Za-z0-9\-\._]+\s(absolute|relative)\s(mandatory|optional)$/],
- Optional['OAuthSSLValidateServer'] => Enum['On', 'Off'],
- Optional['OAuthVerifySharedKeys'] => String,
- Optional['OAuthVerifyCertFiles'] => String,
- Optional['OAuthVerifyJwksUri'] => Stdlib::HTTPSUrl,
- Optional['OAuthRemoteUserClaim'] => String,
- Optional['OAuthAcceptTokenAs'] => Pattern[/^((header|post|query|cookie\:[A-Za-z0-9\-\._]+|basic)\s?)+$/],
- Optional['OAuthAccessTokenBindingPolicy'] => Enum['disabled', 'optional', 'required', 'enforced'],
- Optional['Cookie'] => String,
- Optional['SessionCookieChunkSize'] => Integer,
- Optional['CookieHTTPOnly'] => Enum['On', 'Off'],
- Optional['CookieSameSite'] => Enum['On', 'Off'],
- Optional['PassCookies'] => String,
- Optional['StripCookies'] => String,
- Optional['StateMaxNumberOfCookies'] => Pattern[/^[0-9]+\s(false|true)$/],
- Optional['SessionInactivityTimeout'] => Integer,
- Optional['SessionMaxDuration'] => Integer,
- Optional['SessionType'] => Pattern[/^(server-cache(:persistent)?|client-cookie(:persistent)?)$/],
- Optional['SessionCacheFallbackToCookie'] => Enum['On', 'Off'],
- Optional['CacheType'] => Enum['shm', 'memcache', 'file', 'redis'],
- Optional['CacheEncrypt'] => Enum['On', 'Off'],
- Optional['CacheShmMax'] => Integer,
- Optional['CacheShmEntrySizeMax'] => Integer,
- Optional['CacheFileCleanInterval'] => Integer,
- Optional['MemCacheServers'] => String,
- Optional['RedisCacheServer'] => String,
- Optional['RedisCachePassword'] => String,
- Optional['DiscoverURL'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl],
- Optional['HTMLErrorTemplate'] => String,
- Optional['DefaultURL'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl],
- Optional['PathScope'] => Pattern[/^\"?[A-Za-z0-9\-\._\s]+\"?$/],
- Optional['PathAuthRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/],
- Optional['IDTokenIatSlack'] => Integer,
- Optional['ClaimPrefix'] => String,
- Optional['ClaimDelimiter'] => Pattern[/^.$/],
- Optional['RemoteUserClaim'] => String,
- Optional['PassIDTokenAs'] => Pattern[/^((claims|payload|serialized)\s?)+$/],
- Optional['PassUserInfoAs'] => Pattern[/^((claims|json|jwt)\s?)+$/],
- Optional['PassClaimsAs'] => Enum['none', 'headers', 'environment', 'both'],
- Optional['AuthNHeader'] => String,
- Optional['HTTPTimeoutLong'] => Integer,
- Optional['HTTPTimeoutShort'] => Integer,
- Optional['StateTimeout'] => Integer,
- Optional['ScrubRequestHeaders'] => Enum['On', 'Off'],
- Optional['OutgoingProxy'] => String,
- Optional['UnAuthAction'] => Enum['auth', 'pass', '401', '410'],
- Optional['UnAuthzAction'] => Enum['401', '403', 'auth'],
- Optional['PreservePost'] => Enum['On', 'Off'],
- Optional['PassRefreshToken'] => Enum['On', 'Off'],
- Optional['RequestObject'] => String,
- Optional['ProviderMetadataRefreshInterval'] => Integer,
- Optional['InfoHook'] => Pattern[/^((iat|access_token|access_token_expires|id_token|userinfo|refresh_token|session)\s?)+$/],
- Optional['BlackListedClaims'] => String,
- Optional['WhiteListedClaims'] => String,
- Optional['RefreshAccessTokenBeforeExpiry'] => Pattern[/^[0-9]+(\slogout_on_error)?$/],
+ Optional['RedirectURI'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl, Pattern[/^\/[A-Za-z0-9\-\._%\/]*$/]],
+ Optional['CryptoPassphrase'] => String[1],
+ Optional['MetadataDir'] => String[1],
+ Optional['ProviderMetadataURL'] => Stdlib::HTTPSUrl,
+ Optional['ProviderIssuer'] => String[1],
+ Optional['ProviderAuthorizationEndpoint'] => Stdlib::HTTPSUrl,
+ Optional['ProviderJwksUri'] => Stdlib::HTTPSUrl,
+ Optional['ProviderTokenEndpoint'] => Stdlib::HTTPSUrl,
+ Optional['ProviderTokenEndpointAuth'] => Enum['client_secret_basic', 'client_secret_post', 'client_secret_jwt', 'private_key_jwt', 'none'],
+ Optional['ProviderTokenEndpointParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/],
+ Optional['ProviderUserInfoEndpoint'] => Stdlib::HTTPSUrl,
+ Optional['ProviderCheckSessionIFrame'] => Stdlib::HTTPSUrl,
+ Optional['ProviderEndSessionEndpoint'] => Stdlib::HTTPSUrl,
+ Optional['ProviderRevocationEndpoint'] => Stdlib::HTTPSUrl,
+ Optional['ProviderBackChannelLogoutSupported'] => Apache::OnOff,
+ Optional['ProviderRegistrationEndpointJson'] => String[1],
+ Optional['Scope'] => Pattern[/^\"?[A-Za-z0-9\-\._\s]+\"?$/],
+ Optional['AuthRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/],
+ Optional['SSLValidateServer'] => Apache::OnOff ,
+ Optional['UserInfoRefreshInterval'] => Variant[Integer[-1], Pattern[/^[0-9]+(\s+(logout_on_error|authenticate_on_error|502_on_error))?$/]],
+ Optional['JWKSRefreshInterval'] => Integer[-1],
+ Optional['UserInfoTokenMethod'] => Enum['authz_header', 'post_param'],
+ Optional['ProviderAuthRequestMethod'] => Enum['GET', 'POST', 'PAR'],
+ Optional['PublicKeyFiles'] => String[1],
+ Optional['PrivateKeyFiles'] => String[1],
+ Optional['ResponseType'] => Enum['code', 'id_token', 'id_token token', 'code id_token', 'code token', 'code id_token token'],
+ Optional['ResponseMode'] => Enum['fragment', 'query', 'form_post'],
+ Optional['ClientID'] => String[1],
+ Optional['ClientSecret'] => String[1],
+ Optional['ClientTokenEndpointCert'] => String[1],
+ Optional['ClientTokenEndpointKey'] => String[1],
+ Optional['ClientTokenEndpointKeyPassword'] => String[1],
+ Optional['ClientName'] => String[1],
+ Optional['ClientContact'] => String[1],
+ Optional['PKCEMethod'] => Enum['plain', 'S256', 'referred_tb', 'none'],
+ Optional['TokenBindingPolicy'] => Enum['disabled', 'optional', 'required', 'enforced'],
+ Optional['ClientJwksUri'] => Stdlib::HTTPSUrl,
+ Optional['IDTokenSignedResponseAlg'] => Enum['RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512', 'HS256', 'HS384', 'HS512', 'ES256', 'ES384', 'ES512'],
+ Optional['IDTokenEncryptedResponseAlg'] => Enum['RSA1_5', 'A128KW', 'A256KW', 'RSA-OAEP'],
+ Optional['IDTokenEncryptedResponseEnc'] => Enum['A128CBC-HS256', 'A256CBC-HS512', 'A256GCM'],
+ Optional['UserInfoSignedResponseAlg'] => Enum['RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512', 'HS256', 'HS384', 'HS512', 'ES256', 'ES384', 'ES512'],
+ Optional['UserInfoEncryptedResponseAlg'] => Enum['RSA1_5', 'A128KW', 'A256KW', 'RSA-OAEP'],
+ Optional['UserInfoEncryptedResponseEnc'] => Enum['A128CBC-HS256', 'A256CBC-HS512', 'A256GCM'],
+ Optional['OAuthServerMetadataURL'] => Stdlib::HTTPSUrl,
+ Optional['AuthIntrospectionEndpoint'] => Stdlib::HTTPSUrl,
+ Optional['OAuthClientID'] => String[1],
+ Optional['OAuthClientSecret'] => String[1],
+ Optional['OAuthIntrospectionEndpoint'] => String[1],
+ Optional['OAuthIntrospectionEndpointAuth'] => Enum['client_secret_basic', 'client_secret_post', 'client_secret_jwt', 'private_key_jwt', 'bearer_access_token', 'none'],
+ Optional['OAuthIntrospectionClientAuthBearerToken'] => String[1],
+ Optional['OAuthIntrospectionEndpointCert'] => String[1],
+ Optional['OAuthIntrospectionEndpointKey'] => String[1],
+ Optional['OAuthIntrospectionEndpointKeyPassword'] => String[1],
+ Optional['OAuthIntrospectionEndpointMethod'] => Enum['POST', 'GET'],
+ Optional['OAuthIntrospectionEndpointParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/],
+ Optional['OAuthIntrospectionTokenParamName'] => String[1],
+ Optional['OAuthTokenExpiryClaim'] => Pattern[/^[A-Za-z0-9\-\._]+(\s(absolute|relative))?(\s(mandatory|optional))?$/],
+ Optional['OAuthTokenIntrospectionInterval'] => Integer[-1],
+ Optional['OAuthSSLValidateServer'] => Apache::OnOff,
+ Optional['OAuthVerifySharedKeys'] => String[1],
+ Optional['OAuthVerifyCertFiles'] => String[1],
+ Optional['OAuthVerifyJwksUri'] => Stdlib::HTTPSUrl,
+ Optional['OAuthRemoteUserClaim'] => String[1],
+ Optional['OAuthAcceptTokenAs'] => Pattern[/^((header|post|query|cookie\:[A-Za-z0-9\-\._]+|basic)\s?)+$/],
+ Optional['OAuthAccessTokenBindingPolicy'] => Enum['disabled', 'optional', 'required', 'enforced'],
+ Optional['Cookie'] => String[1],
+ Optional['CookieDomain'] => String[1],
+ Optional['CookiePath'] => String[1],
+ Optional['SessionCookieChunkSize'] => Integer[-1],
+ Optional['CookieHTTPOnly'] => Apache::OnOff,
+ Optional['CookieSameSite'] => Apache::OnOff,
+ Optional['PassCookies'] => String[1],
+ Optional['StripCookies'] => String[1],
+ Optional['StateMaxNumberOfCookies'] => Pattern[/^[0-9]+(\s(false|true))?$/],
+ Optional['SessionInactivityTimeout'] => Integer[-1],
+ Optional['SessionMaxDuration'] => Integer[-1],
+ Optional['SessionType'] => Pattern[/^(server-cache(:persistent)?|client-cookie(:persistent|:store_id_token|:persistent:store_id_token)?)$/],
+ Optional['SessionCacheFallbackToCookie'] => Apache::OnOff,
+ Optional['CacheType'] => Enum['shm', 'memcache', 'file', 'redis'],
+ Optional['CacheDir'] => String[1],
+ Optional['CacheEncrypt'] => Apache::OnOff,
+ Optional['CacheShmMax'] => Integer[-1],
+ Optional['CacheShmEntrySizeMax'] => Integer[-1],
+ Optional['CacheFileCleanInterval'] => Integer[-1],
+ Optional['MemCacheServers'] => String[1],
+ Optional['MemCacheConnectionsHMax'] => Integer[-1],
+ Optional['MemCacheConnectionsMin'] => Integer[-1],
+ Optional['MemCacheConnectionsSMax'] => Integer[-1],
+ Optional['MemCacheConnectionsTTL'] => Integer[-1],
+ Optional['RedisCacheServer'] => String[1],
+ Optional['RedisCachePassword'] => String,
+ Optional['RedisCacheConnectTimeout'] => Pattern[/^[0-9]+(\s[0-9]+)?$/],
+ Optional['RedisCacheDatabase'] => Integer[-1],
+ Optional['RedisCacheTimeout'] => Integer[-1],
+ Optional['RedisCacheUsername'] => String[1],
+ Optional['DiscoverURL'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl],
+ Optional['HTMLErrorTemplate'] => String[1],
+ Optional['DefaultURL'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl],
+ Optional['PathScope'] => Pattern[/^\"?[A-Za-z0-9\-\._\s]+\"?$/],
+ Optional['PathAuthRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/],
+ Optional['IDTokenIatSlack'] => Integer[-1],
+ Optional['ClaimPrefix'] => String,
+ Optional['ClaimDelimiter'] => Pattern[/^.$/],
+ Optional['RemoteUserClaim'] => String[1],
+ Optional['PassIDTokenAs'] => Pattern[/^((claims|payload|serialized)\s?)+$/],
+ Optional['PassUserInfoAs'] => Pattern[/^((claims|json(:([A-Za-z0-9\-\._])+)?|(signed_)?jwt(:([A-Za-z0-9\-\._])+)?)\s?)+$/],
+ Optional['PassClaimsAs'] => Pattern[/^(none|headers|environment|both)?\s?(latin1|base64url|none)?$/],
+ Optional['AuthNHeader'] => String[1],
+ Optional['HTTPTimeoutLong'] => Integer[-1],
+ Optional['HTTPTimeoutShort'] => Integer[-1],
+ Optional['StateTimeout'] => Integer[-1],
+ Optional['ScrubRequestHeaders'] => Apache::OnOff,
+ Optional['OutgoingProxy'] => String[1],
+ Optional['UnAuthAction'] => Pattern[/^(auth|pass|401|407|410)(\s.*)?$/],
+ Optional['UnAutzAction'] => Pattern[/^(401|403|302|auth)(\s.*)?$/],
+ Optional['PreservePost'] => Apache::OnOff,
+ Optional['PreservePostTemplates'] => String[1],
+ Optional['PassRefreshToken'] => Apache::OnOff,
+ Optional['RequestObject'] => String[1],
+ Optional['ProviderMetadataRefreshInterval'] => Integer[-1],
+ Optional['InfoHook'] => Pattern[/^((iat|access_token|access_token_expires|id_token|id_token_hint|userinfo|refresh_token|exp|timeout|remote_user|session)\s?)+$/],
+ Optional['BlackListedClaims'] => String[1],
+ Optional['WhiteListedClaims'] => String[1],
+ Optional['RefreshAccessTokenBeforeExpiry'] => Pattern[/^[0-9]+(\s(logout_on_error|authenticate_on_error|502_on_error))?$/],
+ Optional['XForwardedHeaders'] => String[1],
+ Optional['CABundlePath'] => String[1],
+ Optional['DefaultLoggedOutURL'] => String[1],
+ Optional['DPoPMode'] => String[1],
+ Optional['FilterClaimsExpr'] => String[1],
+ Optional['LogoutRequestParams'] => Pattern[/^[^=]+=[^&]+(&[^=]+=[^&]+)*$/],
+ Optional['LogoutXFrameOptions'] => String[1],
+ Optional['MetricsData'] => String[1],
+ Optional['MetricsPublish'] => String[1],
+ Optional['PassAccessToken'] => Apache::OnOff,
+ Optional['ProviderPushedAuthorizationRequestEndpoint'] => Stdlib::HttpUrl,
+ Optional['ProviderSignedJwksUri'] => String[1],
+ Optional['ProviderVerifyCertFiles'] => String[1],
+ Optional['RedirectURLsAllowed'] => String[1],
+ Optional['StateCookiePrefix'] => String,
+ Optional['StateInputHeaders'] => Enum['user-agent', 'x-forwarded-for', 'both', 'none'],
+ Optional['TraceParent'] => Enum['off', 'generate', 'propagate'],
+ Optional['UserInfoClaimsExpr'] => String[1],
+ Optional['ValidateIssuer'] => Apache::OnOff,
}
]