From afb9d131309b8a628d55735c653bf1bd4c1f937b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Sun, 19 Nov 2023 12:59:13 -1000 Subject: [PATCH 01/74] Fix mod_suexec usage The missing newline break apache configuration: ``` apache2: Syntax error on line 50 of /etc/apache2/apache2.conf: Syntax error on line 6 of /etc/apache2/sites-enabled/25-example.com-443.conf:6: was not closed. ``` Add the missing new line. While here, alse remove the legacy (now unused) template and fix indentation of the generated statement. --- manifests/vhost.pp | 2 +- templates/vhost/_suexec.epp | 4 ---- 2 files changed, 1 insertion(+), 5 deletions(-) delete mode 100644 templates/vhost/_suexec.epp diff --git a/manifests/vhost.pp b/manifests/vhost.pp index bb1ad02de8..04bc8e77be 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -2713,7 +2713,7 @@ concat::fragment { "${name}-suexec": target => "${priority_real}${filename}.conf", order => 290, - content => "SuexecUserGroup ${suexec_user_group}", + content => " SuexecUserGroup ${suexec_user_group}\n", } } diff --git a/templates/vhost/_suexec.epp b/templates/vhost/_suexec.epp deleted file mode 100644 index da0f3eb59d..0000000000 --- a/templates/vhost/_suexec.epp +++ /dev/null @@ -1,4 +0,0 @@ -<% if $suexec_user_group { -%> - -SuexecUserGroup <%= $suexec_user_group %> -<% } -%> From 65bc0304a876d86a169d1f21d44973e3d2c42c92 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Tue, 12 Dec 2023 10:45:13 +0100 Subject: [PATCH 02/74] .fixtures.yml: Add `---` header --- .fixtures.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.fixtures.yml b/.fixtures.yml index 37bc6910f9..e1fc1e5d2d 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -1,3 +1,4 @@ +--- fixtures: repositories: concat: "https://github.com/puppetlabs/puppetlabs-concat.git" From b9b101b6051200db9919df610d6b5074046f78e8 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Tue, 12 Dec 2023 10:45:32 +0100 Subject: [PATCH 03/74] .fixtures.yml: Unpin puppet_agent module --- .fixtures.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.fixtures.yml b/.fixtures.yml index e1fc1e5d2d..6e655c3266 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -5,9 +5,7 @@ fixtures: facts: 'https://github.com/puppetlabs/puppetlabs-facts.git' portage: "https://github.com/gentoo/puppet-portage.git" provision: 'https://github.com/puppetlabs/provision.git' - puppet_agent: - repo: 'https://github.com/puppetlabs/puppetlabs-puppet_agent.git' - ref: v4.13.0 + puppet_agent: 'https://github.com/puppetlabs/puppetlabs-puppet_agent.git' stdlib: "https://github.com/puppetlabs/puppetlabs-stdlib.git" yumrepo_core: repo: "https://github.com/puppetlabs/puppetlabs-yumrepo_core.git" From d7701e03b7c9c058223fc98a78c6d1053525a692 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Tue, 12 Dec 2023 10:45:48 +0100 Subject: [PATCH 04/74] .fixtures.yml: remove trailing whitespace --- .fixtures.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.fixtures.yml b/.fixtures.yml index 6e655c3266..a0ba21129f 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -7,7 +7,7 @@ fixtures: provision: 'https://github.com/puppetlabs/provision.git' puppet_agent: 'https://github.com/puppetlabs/puppetlabs-puppet_agent.git' stdlib: "https://github.com/puppetlabs/puppetlabs-stdlib.git" - yumrepo_core: + yumrepo_core: repo: "https://github.com/puppetlabs/puppetlabs-yumrepo_core.git" puppet_version: '>= 6.0.0' symlinks: From b9c6a8e9e01c87bf2ec8a7050cfe77bc2aef7a13 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Tue, 12 Dec 2023 10:46:12 +0100 Subject: [PATCH 05/74] yumrepo_core: remove puppet version contraint --- .fixtures.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.fixtures.yml b/.fixtures.yml index a0ba21129f..68ef109e1b 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -7,9 +7,7 @@ fixtures: provision: 'https://github.com/puppetlabs/provision.git' puppet_agent: 'https://github.com/puppetlabs/puppetlabs-puppet_agent.git' stdlib: "https://github.com/puppetlabs/puppetlabs-stdlib.git" - yumrepo_core: - repo: "https://github.com/puppetlabs/puppetlabs-yumrepo_core.git" - puppet_version: '>= 6.0.0' + yumrepo_core: "https://github.com/puppetlabs/puppetlabs-yumrepo_core.git" symlinks: apache: "#{source_dir}" site_apache: "#{source_dir}/spec/fixtures/site_apache" From b0262bff0533ca3ce2f199fcffda791826a4633d Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Tue, 12 Dec 2023 10:44:37 +0100 Subject: [PATCH 06/74] vhost_spec: test if whole catalog compiles --- spec/defines/vhost_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index ffa82f1087..57dcfd811e 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -536,7 +536,7 @@ } end - it { is_expected.to compile } + it { is_expected.to compile.with_all_deps } it { is_expected.not_to contain_file('/var/www/foo') } it { is_expected.to contain_class('apache::mod::ssl') } From 840b6754e2f2442e7b3425324e670bf4bb39410d Mon Sep 17 00:00:00 2001 From: Ramesh Sencha Date: Thu, 21 Dec 2023 10:20:11 +0530 Subject: [PATCH 07/74] PDK update --- .sync.yml | 5 ---- Gemfile | 5 ++-- Rakefile | 80 --------------------------------------------------- metadata.json | 2 +- 4 files changed, 4 insertions(+), 88 deletions(-) diff --git a/.sync.yml b/.sync.yml index 44bb97480d..02b5c19ca4 100644 --- a/.sync.yml +++ b/.sync.yml @@ -6,11 +6,6 @@ appveyor.yml: delete: true -Gemfile: - optional: - ":development": - - gem: github_changelog_generator - version: '= 1.15.2' spec/spec_helper.rb: mock_with: ":rspec" coverage_report: true diff --git a/Gemfile b/Gemfile index 86e337adbc..ca0e773ecd 100644 --- a/Gemfile +++ b/Gemfile @@ -23,6 +23,7 @@ group :development do gem "voxpupuli-puppet-lint-plugins", '~> 5.0', require: false gem "facterdb", '~> 1.18', require: false gem "metadata-json-lint", '~> 3.0', require: false + gem "puppetlabs_spec_helper", '~> 6.0', require: false gem "rspec-puppet-facts", '~> 2.0', require: false gem "codecov", '~> 0.2', require: false gem "dependency_checker", '~> 1.0.0', require: false @@ -33,8 +34,8 @@ group :development do gem "rubocop", '= 1.48.1', require: false gem "rubocop-performance", '= 1.16.0', require: false gem "rubocop-rspec", '= 2.19.0', require: false + gem "puppet-strings", '~> 4.0', require: false gem "rb-readline", '= 0.5.5', require: false, platforms: [:mswin, :mingw, :x64_mingw] - gem "github_changelog_generator", '= 1.15.2', require: false end group :system_tests do gem "puppet_litmus", '~> 1.0', require: false, platforms: [:ruby, :x64_mingw] @@ -42,7 +43,7 @@ group :system_tests do end group :release_prep do gem "puppet-strings", '~> 4.0', require: false - gem "puppetlabs_spec_helper", '~> 7.0', require: false + gem "puppetlabs_spec_helper", '~> 6.0', require: false end puppet_version = ENV['PUPPET_GEM_VERSION'] diff --git a/Rakefile b/Rakefile index f761e13c04..2df73113cd 100644 --- a/Rakefile +++ b/Rakefile @@ -4,88 +4,8 @@ require 'bundler' require 'puppet_litmus/rake_tasks' if Gem.loaded_specs.key? 'puppet_litmus' require 'puppetlabs_spec_helper/rake_tasks' require 'puppet-syntax/tasks/puppet-syntax' -require 'github_changelog_generator/task' if Gem.loaded_specs.key? 'github_changelog_generator' require 'puppet-strings/tasks' if Gem.loaded_specs.key? 'puppet-strings' -def changelog_user - return unless Rake.application.top_level_tasks.include? "changelog" - returnVal = nil || JSON.load(File.read('metadata.json'))['author'] - raise "unable to find the changelog_user in .sync.yml, or the author in metadata.json" if returnVal.nil? - puts "GitHubChangelogGenerator user:#{returnVal}" - returnVal -end - -def changelog_project - return unless Rake.application.top_level_tasks.include? "changelog" - - returnVal = nil - returnVal ||= begin - metadata_source = JSON.load(File.read('metadata.json'))['source'] - metadata_source_match = metadata_source && metadata_source.match(%r{.*\/([^\/]*?)(?:\.git)?\Z}) - - metadata_source_match && metadata_source_match[1] - end - - raise "unable to find the changelog_project in .sync.yml or calculate it from the source in metadata.json" if returnVal.nil? - - puts "GitHubChangelogGenerator project:#{returnVal}" - returnVal -end - -def changelog_future_release - return unless Rake.application.top_level_tasks.include? "changelog" - returnVal = "v%s" % JSON.load(File.read('metadata.json'))['version'] - raise "unable to find the future_release (version) in metadata.json" if returnVal.nil? - puts "GitHubChangelogGenerator future_release:#{returnVal}" - returnVal -end - PuppetLint.configuration.send('disable_relative') PuppetLint.configuration.send('disable_anchor_resource') PuppetLint.configuration.send('disable_140chars') - - -if Gem.loaded_specs.key? 'github_changelog_generator' - GitHubChangelogGenerator::RakeTask.new :changelog do |config| - raise "Set CHANGELOG_GITHUB_TOKEN environment variable eg 'export CHANGELOG_GITHUB_TOKEN=valid_token_here'" if Rake.application.top_level_tasks.include? "changelog" and ENV['CHANGELOG_GITHUB_TOKEN'].nil? - config.user = "#{changelog_user}" - config.project = "#{changelog_project}" - config.since_tag = "3.2.0" - config.future_release = "#{changelog_future_release}" - config.exclude_labels = ['maintenance'] - config.header = "# Change log\n\nAll notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org)." - config.add_pr_wo_labels = true - config.issues = false - config.merge_prefix = "### UNCATEGORIZED PRS; LABEL THEM ON GITHUB" - config.configure_sections = { - "Changed" => { - "prefix" => "### Changed", - "labels" => ["backwards-incompatible"], - }, - "Added" => { - "prefix" => "### Added", - "labels" => ["enhancement", "feature"], - }, - "Fixed" => { - "prefix" => "### Fixed", - "labels" => ["bug", "documentation", "bugfix"], - }, - } - end -else - desc 'Generate a Changelog from GitHub' - task :changelog do - raise < 1.15' - condition: "Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.3.0')" -EOM - end -end - diff --git a/metadata.json b/metadata.json index 7cc69917f4..a638a5f699 100644 --- a/metadata.json +++ b/metadata.json @@ -89,5 +89,5 @@ "description": "Module for Apache configuration", "pdk-version": "3.0.0", "template-url": "https://github.com/puppetlabs/pdk-templates.git#main", - "template-ref": "heads/main-0-g01c6a19" + "template-ref": "heads/main-0-g79a2f93" } From 7b6e61a696cdce602c059f0a695225426ccd1e48 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Sun, 31 Dec 2023 22:07:55 +0000 Subject: [PATCH 08/74] Release prep v12.0.0 --- CHANGELOG.md | 94 ++++++++++++++++++++++++++++++--------------------- metadata.json | 2 +- 2 files changed, 56 insertions(+), 40 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1d2c086065..4c0c6711c5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,22 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org). +## [v12.0.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v12.0.0) - 2023-12-31 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v11.1.0...v12.0.0) + +### Changed +- Drop EoL Debian 9 and older code [#2479](https://github.com/puppetlabs/puppetlabs-apache/pull/2479) ([bastelfreak](https://github.com/bastelfreak)) + +### Added + +- `apache::vhost::directories`: switch default from `undef` to empty array [#2507](https://github.com/puppetlabs/puppetlabs-apache/pull/2507) ([bastelfreak](https://github.com/bastelfreak)) +- Add `AllowOverrideList` support [#2486](https://github.com/puppetlabs/puppetlabs-apache/pull/2486) ([yakatz](https://github.com/yakatz)) + +### Fixed + +- Remove useless notice [#2494](https://github.com/puppetlabs/puppetlabs-apache/pull/2494) ([smortex](https://github.com/smortex)) + ## [v11.1.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v11.1.0) - 2023-09-25 [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v11.0.0...v11.1.0) @@ -21,6 +37,12 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v10.1.1...v11.0.0) +### Changed +- (CAT-1449) - Remove deprecated parameters for scriptaliases & passenger [#2470](https://github.com/puppetlabs/puppetlabs-apache/pull/2470) ([Ramesh7](https://github.com/Ramesh7)) +- Remove deprecated classes [#2466](https://github.com/puppetlabs/puppetlabs-apache/pull/2466) ([ekohl](https://github.com/ekohl)) +- Remove deprecated parameters from mod::userdir [#2465](https://github.com/puppetlabs/puppetlabs-apache/pull/2465) ([ekohl](https://github.com/ekohl)) +- (CAT-1424)-Removal of redhat/scientific/oraclelinux 6 for apache module [#2462](https://github.com/puppetlabs/puppetlabs-apache/pull/2462) ([praj1001](https://github.com/praj1001)) + ### Added - (CAT-1417) Nested require support for authz_core mod [#2460](https://github.com/puppetlabs/puppetlabs-apache/pull/2460) ([Ramesh7](https://github.com/Ramesh7)) @@ -32,12 +54,6 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a - Add MellonSetEnv support [#2423](https://github.com/puppetlabs/puppetlabs-apache/pull/2423) ([ic248](https://github.com/ic248)) - Add the missing mod_authnz_ldap parameters [#2404](https://github.com/puppetlabs/puppetlabs-apache/pull/2404) ([chutzimir](https://github.com/chutzimir)) -### Changed -- (CAT-1449) - Remove deprecated parameters for scriptaliases & passenger [#2470](https://github.com/puppetlabs/puppetlabs-apache/pull/2470) ([Ramesh7](https://github.com/Ramesh7)) -- Remove deprecated classes [#2466](https://github.com/puppetlabs/puppetlabs-apache/pull/2466) ([ekohl](https://github.com/ekohl)) -- Remove deprecated parameters from mod::userdir [#2465](https://github.com/puppetlabs/puppetlabs-apache/pull/2465) ([ekohl](https://github.com/ekohl)) -- (CAT-1424)-Removal of redhat/scientific/oraclelinux 6 for apache module [#2462](https://github.com/puppetlabs/puppetlabs-apache/pull/2462) ([praj1001](https://github.com/praj1001)) - ### Fixed - (CAT-1308) Making mod list more restrictive and minor improvements in documentation for default mods override [#2459](https://github.com/puppetlabs/puppetlabs-apache/pull/2459) ([Ramesh7](https://github.com/Ramesh7)) @@ -245,6 +261,17 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v7.0.0...v8.0.0) +### Changed +- Drop mod_fastcgi support [#2267](https://github.com/puppetlabs/puppetlabs-apache/pull/2267) ([ekohl](https://github.com/ekohl)) +- Drop suphp support [#2263](https://github.com/puppetlabs/puppetlabs-apache/pull/2263) ([ekohl](https://github.com/ekohl)) +- Use a stricter data type on apache::vhost::aliases [#2253](https://github.com/puppetlabs/puppetlabs-apache/pull/2253) ([ekohl](https://github.com/ekohl)) +- Narrow down Datatypes [#2245](https://github.com/puppetlabs/puppetlabs-apache/pull/2245) ([cocker-cc](https://github.com/cocker-cc)) +- (GH-cat-9) Update module to match current syntax standard [#2235](https://github.com/puppetlabs/puppetlabs-apache/pull/2235) ([david22swan](https://github.com/david22swan)) +- Drop Apache 2.0 compatibility code [#2226](https://github.com/puppetlabs/puppetlabs-apache/pull/2226) ([ekohl](https://github.com/ekohl)) +- (GH-iac-334) Remove code specific to unsupported OSs [#2223](https://github.com/puppetlabs/puppetlabs-apache/pull/2223) ([david22swan](https://github.com/david22swan)) +- Remove warnings and plans to change vhost default naming [#2202](https://github.com/puppetlabs/puppetlabs-apache/pull/2202) ([ekohl](https://github.com/ekohl)) +- Update modsec crs config and template [#2197](https://github.com/puppetlabs/puppetlabs-apache/pull/2197) ([henkworks](https://github.com/henkworks)) + ### Added - Allow overriding CRS allowed HTTP methods per vhost [#2274](https://github.com/puppetlabs/puppetlabs-apache/pull/2274) ([Vincevrp](https://github.com/Vincevrp)) @@ -263,17 +290,6 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a - Add support for setting UserDir in Virual Hosts [#2192](https://github.com/puppetlabs/puppetlabs-apache/pull/2192) ([smortex](https://github.com/smortex)) - Add an apache::vhost::proxy define [#2169](https://github.com/puppetlabs/puppetlabs-apache/pull/2169) ([wbclark](https://github.com/wbclark)) -### Changed -- Drop mod_fastcgi support [#2267](https://github.com/puppetlabs/puppetlabs-apache/pull/2267) ([ekohl](https://github.com/ekohl)) -- Drop suphp support [#2263](https://github.com/puppetlabs/puppetlabs-apache/pull/2263) ([ekohl](https://github.com/ekohl)) -- Use a stricter data type on apache::vhost::aliases [#2253](https://github.com/puppetlabs/puppetlabs-apache/pull/2253) ([ekohl](https://github.com/ekohl)) -- Narrow down Datatypes [#2245](https://github.com/puppetlabs/puppetlabs-apache/pull/2245) ([cocker-cc](https://github.com/cocker-cc)) -- (GH-cat-9) Update module to match current syntax standard [#2235](https://github.com/puppetlabs/puppetlabs-apache/pull/2235) ([david22swan](https://github.com/david22swan)) -- Drop Apache 2.0 compatibility code [#2226](https://github.com/puppetlabs/puppetlabs-apache/pull/2226) ([ekohl](https://github.com/ekohl)) -- (GH-iac-334) Remove code specific to unsupported OSs [#2223](https://github.com/puppetlabs/puppetlabs-apache/pull/2223) ([david22swan](https://github.com/david22swan)) -- Remove warnings and plans to change vhost default naming [#2202](https://github.com/puppetlabs/puppetlabs-apache/pull/2202) ([ekohl](https://github.com/ekohl)) -- Update modsec crs config and template [#2197](https://github.com/puppetlabs/puppetlabs-apache/pull/2197) ([henkworks](https://github.com/henkworks)) - ### Fixed - Disable mod_php on EL9 [#2277](https://github.com/puppetlabs/puppetlabs-apache/pull/2277) ([ekohl](https://github.com/ekohl)) @@ -292,15 +308,15 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v6.5.1...v7.0.0) +### Changed +- Drop Debian < 8 and Ubuntu < 14.04 code [#2189](https://github.com/puppetlabs/puppetlabs-apache/pull/2189) ([ekohl](https://github.com/ekohl)) +- Drop support and compatibility for Debian < 9 and Ubuntu < 16.04 [#2123](https://github.com/puppetlabs/puppetlabs-apache/pull/2123) ([ekohl](https://github.com/ekohl)) + ### Added - pdksync - (IAC-1751) - Add Support for Rocky 8 [#2196](https://github.com/puppetlabs/puppetlabs-apache/pull/2196) ([david22swan](https://github.com/david22swan)) - Allow `docroot` with `mod_vhost_alias` `virtual_docroot` [#2195](https://github.com/puppetlabs/puppetlabs-apache/pull/2195) ([yakatz](https://github.com/yakatz)) -### Changed -- Drop Debian < 8 and Ubuntu < 14.04 code [#2189](https://github.com/puppetlabs/puppetlabs-apache/pull/2189) ([ekohl](https://github.com/ekohl)) -- Drop support and compatibility for Debian < 9 and Ubuntu < 16.04 [#2123](https://github.com/puppetlabs/puppetlabs-apache/pull/2123) ([ekohl](https://github.com/ekohl)) - ### Fixed - Restore Ubuntu 14.04 support in suphp [#2193](https://github.com/puppetlabs/puppetlabs-apache/pull/2193) ([ekohl](https://github.com/ekohl)) @@ -568,14 +584,14 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/4.1.0...v5.0.0) +### Changed +- pdksync - (MODULES-8444) - Raise lower Puppet bound [#1908](https://github.com/puppetlabs/puppetlabs-apache/pull/1908) ([david22swan](https://github.com/david22swan)) + ### Added - (FM-7923) Implement Puppet Strings [#1916](https://github.com/puppetlabs/puppetlabs-apache/pull/1916) ([eimlav](https://github.com/eimlav)) - Define SCL package name for mod_ldap [#1893](https://github.com/puppetlabs/puppetlabs-apache/pull/1893) ([treydock](https://github.com/treydock)) -### Changed -- pdksync - (MODULES-8444) - Raise lower Puppet bound [#1908](https://github.com/puppetlabs/puppetlabs-apache/pull/1908) ([david22swan](https://github.com/david22swan)) - ### Fixed - (MODULES-9014) Improve SSLSessionTickets handling [#1923](https://github.com/puppetlabs/puppetlabs-apache/pull/1923) ([FredericLespez](https://github.com/FredericLespez)) @@ -606,13 +622,13 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/3.5.0...4.0.0) +### Changed +- default server_tokens to prod - more secure default [#1746](https://github.com/puppetlabs/puppetlabs-apache/pull/1746) ([juju4](https://github.com/juju4)) + ### Added - (Modules 8141/Modules 8379) - Addition of support for SLES 15 [#1862](https://github.com/puppetlabs/puppetlabs-apache/pull/1862) ([david22swan](https://github.com/david22swan)) -### Changed -- default server_tokens to prod - more secure default [#1746](https://github.com/puppetlabs/puppetlabs-apache/pull/1746) ([juju4](https://github.com/juju4)) - ### Fixed - (MODULES-5990) - conf-enabled defaulted to undef [#1869](https://github.com/puppetlabs/puppetlabs-apache/pull/1869) ([david22swan](https://github.com/david22swan)) @@ -755,6 +771,11 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/1.11.0...2.0.0) +### Changed +- MODULES-4824: Update the version compatibility to >= 4.7.0 < 5.0.0 [#1628](https://github.com/puppetlabs/puppetlabs-apache/pull/1628) ([angrox](https://github.com/angrox)) +- Migrate to puppet4 datatypes [#1621](https://github.com/puppetlabs/puppetlabs-apache/pull/1621) ([bastelfreak](https://github.com/bastelfreak)) +- Set default keepalive to On [#1434](https://github.com/puppetlabs/puppetlabs-apache/pull/1434) ([sathieu](https://github.com/sathieu)) + ### Added - (MODULES-4933) Allow custom UserDir string [#1650](https://github.com/puppetlabs/puppetlabs-apache/pull/1650) ([hunner](https://github.com/hunner)) @@ -786,11 +807,6 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a - (MODULES-4156) adds RequestHeader directive to vhost template #puppethack [#1573](https://github.com/puppetlabs/puppetlabs-apache/pull/1573) ([eputnam](https://github.com/eputnam)) - add passenger_max_requests option per vhost [#1517](https://github.com/puppetlabs/puppetlabs-apache/pull/1517) ([pulecp](https://github.com/pulecp)) -### Changed -- MODULES-4824: Update the version compatibility to >= 4.7.0 < 5.0.0 [#1628](https://github.com/puppetlabs/puppetlabs-apache/pull/1628) ([angrox](https://github.com/angrox)) -- Migrate to puppet4 datatypes [#1621](https://github.com/puppetlabs/puppetlabs-apache/pull/1621) ([bastelfreak](https://github.com/bastelfreak)) -- Set default keepalive to On [#1434](https://github.com/puppetlabs/puppetlabs-apache/pull/1434) ([sathieu](https://github.com/sathieu)) - ### Fixed - Ensure that ProxyPreserveHost is set even when ProxyPass (etc) are not. [#1639](https://github.com/puppetlabs/puppetlabs-apache/pull/1639) ([tpdownes](https://github.com/tpdownes)) @@ -1400,6 +1416,10 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/0.11.0...1.0.0) +### Changed +- Metadata [#661](https://github.com/puppetlabs/puppetlabs-apache/pull/661) ([apenney](https://github.com/apenney)) +- Apache2.4 support [#552](https://github.com/puppetlabs/puppetlabs-apache/pull/552) ([scottasmith](https://github.com/scottasmith)) + ### Added - Modifying hierarchy of the Version/Params to fix AWS AMI [#651](https://github.com/puppetlabs/puppetlabs-apache/pull/651) ([jrnt30](https://github.com/jrnt30)) @@ -1411,10 +1431,6 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a - Ensure socache_shmcb is enabled on all Apache 2.4 OSes [#612](https://github.com/puppetlabs/puppetlabs-apache/pull/612) ([domcleal](https://github.com/domcleal)) - Add WSGIApplicationGroup and WSGIImportScript directives [#606](https://github.com/puppetlabs/puppetlabs-apache/pull/606) ([bodgit](https://github.com/bodgit)) -### Changed -- Metadata [#661](https://github.com/puppetlabs/puppetlabs-apache/pull/661) ([apenney](https://github.com/apenney)) -- Apache2.4 support [#552](https://github.com/puppetlabs/puppetlabs-apache/pull/552) ([scottasmith](https://github.com/scottasmith)) - ### Fixed - Add in missing fields to work around a Puppet bug. [#663](https://github.com/puppetlabs/puppetlabs-apache/pull/663) ([apenney](https://github.com/apenney)) @@ -1613,6 +1629,9 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/0.6.0...0.7.0) +### Changed +- Refactor module [#182](https://github.com/puppetlabs/puppetlabs-apache/pull/182) ([hunner](https://github.com/hunner)) + ### Added - Added an 'h' in a typo on default_ssl_vost [#243](https://github.com/puppetlabs/puppetlabs-apache/pull/243) ([Wesseldr](https://github.com/Wesseldr)) @@ -1638,9 +1657,6 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a - Added apache::mod::rewrite class. [#128](https://github.com/puppetlabs/puppetlabs-apache/pull/128) ([Stubbs](https://github.com/Stubbs)) - Added apache::mod::shib to configure Shibboleth Service Providers [#96](https://github.com/puppetlabs/puppetlabs-apache/pull/96) ([Aethylred](https://github.com/Aethylred)) -### Changed -- Refactor module [#182](https://github.com/puppetlabs/puppetlabs-apache/pull/182) ([hunner](https://github.com/hunner)) - ### Fixed - Fix directories template fragment [#233](https://github.com/puppetlabs/puppetlabs-apache/pull/233) ([hunner](https://github.com/hunner)) diff --git a/metadata.json b/metadata.json index a638a5f699..93e174cff1 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-apache", - "version": "11.1.0", + "version": "12.0.0", "author": "puppetlabs", "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.", "license": "Apache-2.0", From 184d2193ec36493beee3c44f810bde6580ba562a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Tue, 2 Jan 2024 06:46:33 -1000 Subject: [PATCH 09/74] Fix extra newline at end of headers This slept through while converting templates form erb to epp. Remove it so that it is easier to spot regressions if the catalog is not supposed to change but applying it in noop mode wants to change the actual files. --- templates/vhost/_file_header.epp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/vhost/_file_header.epp b/templates/vhost/_file_header.epp index 0fce926354..0958130b9c 100644 --- a/templates/vhost/_file_header.epp +++ b/templates/vhost/_file_header.epp @@ -40,4 +40,4 @@ MDomain <%= $servername %> <% } -%> <% if $limitreqbody { -%> LimitRequestBody <%= $limitreqbody %> -<% } %> +<% } -%> From b22bb017d6d2d9f52cd8ed4e8b46c117a538c5a7 Mon Sep 17 00:00:00 2001 From: Paul Barton Date: Wed, 3 Jan 2024 09:01:15 -0500 Subject: [PATCH 10/74] Fix use_canonical_name directive This is missing a newline char and breaks on recent (12.0.0) puppetlabs-apache: ``` apache2: Syntax error on line 50 of /etc/apache2/apache2.conf: Syntax error on line 6 of /etc/apache2/sites-enabled/25-example.com-443.conf:6: was not closed. ``` This fix is inspired by fb9d1313, it's functionally the same. Adds the missing newline and also adds two spaces for indentation. --- manifests/vhost.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index ba212b60e4..eec1a415e6 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -2946,7 +2946,7 @@ concat::fragment { "${name}-use_canonical_name": target => "${priority_real}${filename}.conf", order => 360, - content => "UseCanonicalName ${use_canonical_name}", + content => " UseCanonicalName ${use_canonical_name}\n", } } From d3d2d5f972116ef85a0e70a8faab08f6196a2899 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Wed, 3 Jan 2024 17:28:14 +0000 Subject: [PATCH 11/74] Release prep v12.0.1 --- CHANGELOG.md | 11 ++++++++++- metadata.json | 2 +- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4c0c6711c5..fe4bcc47dc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,16 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org). -## [v12.0.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v12.0.0) - 2023-12-31 +## [v12.0.1](https://github.com/puppetlabs/puppetlabs-apache/tree/v12.0.1) - 2024-01-03 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v12.0.0...v12.0.1) + +### Fixed + +- Fix use_canonical_name directive [#2515](https://github.com/puppetlabs/puppetlabs-apache/pull/2515) ([pebtron](https://github.com/pebtron)) +- Fix extra newline at end of headers [#2514](https://github.com/puppetlabs/puppetlabs-apache/pull/2514) ([smortex](https://github.com/smortex)) + +## [v12.0.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v12.0.0) - 2024-01-01 [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v11.1.0...v12.0.0) diff --git a/metadata.json b/metadata.json index 93e174cff1..e7f523a0f4 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-apache", - "version": "12.0.0", + "version": "12.0.1", "author": "puppetlabs", "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.", "license": "Apache-2.0", From 6da804a4094f2d53155a33f0bccb055d5860fd0e Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Sat, 6 Jan 2024 17:21:10 +0100 Subject: [PATCH 12/74] Correct handling of $serveraliases as string --- manifests/vhost.pp | 2 +- spec/defines/vhost_spec.rb | 24 +++++++++++++++++++++++- templates/vhost/_serveralias.epp | 3 ++- 3 files changed, 26 insertions(+), 3 deletions(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index eec1a415e6..60f835673d 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -2559,7 +2559,7 @@ concat::fragment { "${name}-serveralias": target => "${priority_real}${filename}.conf", order => 210, - content => epp('apache/vhost/_serveralias.epp', { 'serveraliases' => $serveraliases }), + content => epp('apache/vhost/_serveralias.epp', { 'serveraliases' => [$serveraliases].flatten }), } } diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 57dcfd811e..b55f5775f1 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -776,7 +776,7 @@ } it { is_expected.to contain_concat__fragment('rspec.example.com-scriptalias') } - it { is_expected.to contain_concat__fragment('rspec.example.com-serveralias') } + it { is_expected.to contain_concat__fragment('rspec.example.com-serveralias').with_content(%r{^ ServerAlias test-example\.com$}) } it { expect(subject).to contain_concat__fragment('rspec.example.com-setenv') @@ -1221,6 +1221,28 @@ it { is_expected.not_to contain_concat__fragment('NameVirtualHost 127.0.0.1:8080') } end + describe 'serveraliases parameter' do + let(:params) { default_params.merge(serveraliases: serveraliases) } + + context 'with a string' do + let(:serveraliases) { 'alias.example.com' } + + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_concat__fragment('rspec.example.com-serveralias').with_content(%r{^ ServerAlias alias\.example\.com$}) } + end + + context 'with an array' do + let(:serveraliases) { ['alias1.example.com', 'alias2.example.com'] } + + it { is_expected.to compile.with_all_deps } + it do + expect(subject).to contain_concat__fragment('rspec.example.com-serveralias') + .with_content(%r{^ ServerAlias alias1\.example\.com$}) + .with_content(%r{^ ServerAlias alias2\.example\.com$}) + end + end + end + context 'vhost with multiple ip addresses, multiple ports' do let :params do { diff --git a/templates/vhost/_serveralias.epp b/templates/vhost/_serveralias.epp index 5b9abb2817..1baf18c9b0 100644 --- a/templates/vhost/_serveralias.epp +++ b/templates/vhost/_serveralias.epp @@ -1,7 +1,8 @@ +<%- | Array[String] $serveraliases | -%> <% unless $serveraliases.empty { -%> ## Server aliases - <%- Array($serveraliases).each |$serveralias| { -%> + <%- $serveraliases.each |$serveralias| { -%> ServerAlias <%= $serveralias %> <%- } -%> <% } -%> From f9eaee1fba1de09b74996dcb86c464042506ae03 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Wed, 10 Jan 2024 20:00:52 +0000 Subject: [PATCH 13/74] Release prep v12.0.2 --- CHANGELOG.md | 8 ++++++++ metadata.json | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fe4bcc47dc..61016b9711 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,14 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org). +## [v12.0.2](https://github.com/puppetlabs/puppetlabs-apache/tree/v12.0.2) - 2024-01-10 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v12.0.1...v12.0.2) + +### Fixed + +- Correct handling of $serveraliases as string [#2518](https://github.com/puppetlabs/puppetlabs-apache/pull/2518) ([ekohl](https://github.com/ekohl)) + ## [v12.0.1](https://github.com/puppetlabs/puppetlabs-apache/tree/v12.0.1) - 2024-01-03 [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v12.0.0...v12.0.1) diff --git a/metadata.json b/metadata.json index e7f523a0f4..7d4ee720de 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-apache", - "version": "12.0.1", + "version": "12.0.2", "author": "puppetlabs", "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.", "license": "Apache-2.0", From c03607fd3999821112d3925bc7170c012e93e1b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Thu, 15 Feb 2024 10:03:59 -1000 Subject: [PATCH 14/74] Fix `mod_auth_openidc` parameters A typo in the data type cause an exception with recent Puppet 8 versions: ``` Error: The key '["IDTokenEncryptedResponseAlg"]' is declared more than once (file: /etc/puppetlabs/code/environments/production/modules/apache/types/oidcsettings.pp, line: 41, column: 57) on node b4d45d8831d5.mtgrj3ika5nejlcpzgeeecg0la.cx.internal.cloudapp.net ``` According to the upstream repository configuration file, this is a copy-paste error. --- types/oidcsettings.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/types/oidcsettings.pp b/types/oidcsettings.pp index 7dd2afca16..e09a0626b7 100644 --- a/types/oidcsettings.pp +++ b/types/oidcsettings.pp @@ -38,7 +38,7 @@ Optional['ClientJwksUri'] => Stdlib::HTTPSUrl, Optional['IDTokenSignedResponseAlg'] => Enum['RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512', 'HS256', 'HS384', 'HS512', 'ES256', 'ES384', 'ES512'], Optional['IDTokenEncryptedResponseAlg'] => Enum['RSA1_5', 'A128KW', 'A256KW', 'RSA-OAEP'], - Optional['IDTokenEncryptedResponseAlg'] => Enum['A128CBC-HS256', 'A256CBC-HS512', 'A256GCM'], + Optional['IDTokenEncryptedResponseEnc'] => Enum['A128CBC-HS256', 'A256CBC-HS512', 'A256GCM'], Optional['UserInfoSignedResposeAlg'] => Enum['RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512', 'HS256', 'HS384', 'HS512', 'ES256', 'ES384', 'ES512'], Optional['UserInfoEncryptedResponseAlg'] => Enum['RSA1_5', 'A128KW', 'A256KW', 'RSA-OAEP'], Optional['UserInfoEncryptedResponseEnc'] => Enum['A128CBC-HS256', 'A256CBC-HS512', 'A256GCM'], From 7587c4b416eb0380d05b7989b346b7fa61adcd75 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Fri, 1 Mar 2024 12:02:34 +0000 Subject: [PATCH 15/74] Release prep v12.0.3 --- CHANGELOG.md | 8 ++++++++ REFERENCE.md | 2 +- metadata.json | 2 +- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 61016b9711..3950a39c6e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,14 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org). +## [v12.0.3](https://github.com/puppetlabs/puppetlabs-apache/tree/v12.0.3) - 2024-03-01 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v12.0.2...v12.0.3) + +### Fixed + +- Fix `mod_auth_openidc` parameters [#2525](https://github.com/puppetlabs/puppetlabs-apache/pull/2525) ([smortex](https://github.com/smortex)) + ## [v12.0.2](https://github.com/puppetlabs/puppetlabs-apache/tree/v12.0.2) - 2024-01-10 [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v12.0.1...v12.0.2) diff --git a/REFERENCE.md b/REFERENCE.md index ba80e4391b..5536426b82 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -11334,7 +11334,7 @@ Struct[{ Optional['ClientJwksUri'] => Stdlib::HTTPSUrl, Optional['IDTokenSignedResponseAlg'] => Enum['RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512', 'HS256', 'HS384', 'HS512', 'ES256', 'ES384', 'ES512'], Optional['IDTokenEncryptedResponseAlg'] => Enum['RSA1_5', 'A128KW', 'A256KW', 'RSA-OAEP'], - Optional['IDTokenEncryptedResponseAlg'] => Enum['A128CBC-HS256', 'A256CBC-HS512', 'A256GCM'], + Optional['IDTokenEncryptedResponseEnc'] => Enum['A128CBC-HS256', 'A256CBC-HS512', 'A256GCM'], Optional['UserInfoSignedResposeAlg'] => Enum['RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512', 'HS256', 'HS384', 'HS512', 'ES256', 'ES384', 'ES512'], Optional['UserInfoEncryptedResponseAlg'] => Enum['RSA1_5', 'A128KW', 'A256KW', 'RSA-OAEP'], Optional['UserInfoEncryptedResponseEnc'] => Enum['A128CBC-HS256', 'A256CBC-HS512', 'A256GCM'], diff --git a/metadata.json b/metadata.json index 7d4ee720de..5592f58ade 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-apache", - "version": "12.0.2", + "version": "12.0.3", "author": "puppetlabs", "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.", "license": "Apache-2.0", From 09d5499d09bd8e89f2d841fa75138cd41b5b6ba5 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Sun, 17 Mar 2024 15:40:58 +0900 Subject: [PATCH 16/74] Add EnableSendfile per directory The EnableSendfile option can be configured in a Directory directive to disable/enable the snedfile feature for specific paths. --- spec/defines/vhost_spec.rb | 4 +++- templates/vhost/_directories.erb | 7 +++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index b55f5775f1..586a867b5c 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -139,7 +139,8 @@ { 'enforce' => 'any', 'requires' => ['any-valid1', 'any-valid2'] - } + }, + 'enable_sendfile' => 'On', }, { 'path' => '*', @@ -641,6 +642,7 @@ .with_content(%r{^\s+$}) .with_content(%r{^\s+Require any-valid1$}) .with_content(%r{^\s+Require any-valid2$}) + .with_content(%r{^\s+EnableSendfile On$}) .with_content(%r{^\s+LDAPReferrals off$}) .with_content(%r{^\s+ProxyPass http://backend-b/ retry=0 timeout=5 noquery interpolate$}) .with_content(%r{^\s+ProxyPassMatch http://backend-b/ retry=0 timeout=5 noquery interpolate$}) diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index ba072523fc..76dc6cfe4f 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -19,8 +19,11 @@ <%- path = directory['path'] -%> <<%= provider %> "<%= path %>"> - <%- if directory['headers'] -%> - <%- Array(directory['headers']).each do |header| -%> + <%- if directory['enable_sendfile'] -%> + EnableSendfile <%= directory['enable_sendfile'] %> + <%- end -%> + <%- if directory['headers'] -%> + <%- Array(directory['headers']).each do |header| -%> Header <%= header %> <%- end -%> <%- end -%> From 95a2ab0f4da27e62a3b0d57b537edc7e18449a9d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Charaoui?= Date: Tue, 20 Feb 2024 18:14:52 -0500 Subject: [PATCH 17/74] Stop managing mime support package on Debian All apache2 packages on Debian 10 and later already have a hard dependency on the `mime-support` package. While `mime-support` still exists on Debian 12 as a transitonal package, upcoming Debian 13 has removed it entirely. This sets the `$mime_support_package` to undefined so that the package isn't managed on Debian, since it doesn't need to be. --- manifests/mod/mime.pp | 6 +++--- manifests/params.pp | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/manifests/mod/mime.pp b/manifests/mod/mime.pp index b70e9257de..36312e3abb 100644 --- a/manifests/mod/mime.pp +++ b/manifests/mod/mime.pp @@ -13,9 +13,9 @@ # @see https://httpd.apache.org/docs/current/mod/mod_mime.html for additional documentation. # class apache::mod::mime ( - String $mime_support_package = $apache::params::mime_support_package, - String $mime_types_config = $apache::params::mime_types_config, - Optional[Hash] $mime_types_additional = undef, + Optional[String] $mime_support_package = $apache::params::mime_support_package, + String $mime_types_config = $apache::params::mime_types_config, + Optional[Hash] $mime_types_additional = undef, ) inherits apache::params { include apache $_mime_types_additional = pick($mime_types_additional, $apache::mime_types_additional) diff --git a/manifests/params.pp b/manifests/params.pp index 404a27bedb..be3fd6b24d 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -470,8 +470,8 @@ $keepalive = 'On' $keepalive_timeout = 15 $max_keepalive_requests = 100 - $mime_support_package = 'mime-support' $mime_types_config = '/etc/mime.types' + $mime_support_package = undef $docroot = '/var/www/html' $cas_cookie_path = '/var/cache/apache2/mod_auth_cas/' $mellon_lock_file = undef From 5a114d9765e55e22b28b3e65f6e7c8961d3381e4 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Mon, 25 Mar 2024 11:25:48 +0900 Subject: [PATCH 18/74] vhost: Allow customizing show_diff A vhost configuration file may contain sensitive information. For example when mod_auth_openidc is used then the file may contain OIDCCryptoPassphrase. This introduces the parameter to allow users to hide diff when applying manifests, to avoid leaking secrets to outputs. --- manifests/vhost.pp | 21 +++++++++++++-------- spec/defines/vhost_spec.rb | 5 ++++- 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 60f835673d..7414a6f165 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -238,6 +238,9 @@ # @param ensure # Specifies if the virtual host is present or absent.
# +# @param show_diff +# Specifies whether to set the show_diff parameter for the file resource. +# # @param fallbackresource # Sets the [FallbackResource](https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource) # directive, which specifies an action to take for any URL that doesn't map to anything in @@ -1836,6 +1839,7 @@ Variant[Array[String], String] $setenvifnocase = [], Variant[Array[String], String] $block = [], Enum['absent', 'present'] $ensure = 'present', + Boolean $show_diff = true, Optional[String] $wsgi_application_group = undef, Optional[Variant[String, Hash]] $wsgi_daemon_process = undef, Optional[Hash] $wsgi_daemon_process_options = undef, @@ -2195,14 +2199,15 @@ } concat { "${priority_real}${filename}.conf": - ensure => $ensure, - path => "${apache::vhost_dir}/${priority_real}${filename}.conf", - owner => 'root', - group => $apache::params::root_group, - mode => $apache::file_mode, - order => 'numeric', - require => Package['httpd'], - notify => Class['apache::service'], + ensure => $ensure, + path => "${apache::vhost_dir}/${priority_real}${filename}.conf", + owner => 'root', + group => $apache::params::root_group, + mode => $apache::file_mode, + show_diff => $show_diff, + order => 'numeric', + require => Package['httpd'], + notify => Class['apache::service'], } # NOTE(pabelanger): This code is duplicated in ::apache::vhost::custom and # needs to be converted into something generic. diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index b55f5775f1..f86569262d 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -589,6 +589,7 @@ it { expect(subject).to contain_concat('30-rspec.example.com.conf').with('owner' => 'root', 'mode' => '0644', + 'show_diff' => true, 'require' => 'Package[httpd]', 'notify' => 'Class[Apache::Service]') } @@ -1527,6 +1528,7 @@ 'error_log_pipe' => '/dev/null', 'docroot' => '/var/www/foo', 'ensure' => 'absent', + 'show_diff' => false, 'manage_docroot' => true, 'logroot' => '/tmp/logroot', 'logroot_ensure' => 'absent' @@ -1556,7 +1558,8 @@ } it { - expect(subject).to contain_concat('25-rspec.example.com.conf').with('ensure' => 'absent') + expect(subject).to contain_concat('25-rspec.example.com.conf').with('ensure' => 'absent', + 'show_diff' => false) } it { is_expected.to contain_concat__fragment('rspec.example.com-apache-header') } From b57883ee95d1bb1fdfc918dee0ddf15773816236 Mon Sep 17 00:00:00 2001 From: "Minor, Thomas" Date: Tue, 8 Dec 2020 13:22:51 +0100 Subject: [PATCH 19/74] Added cache_disk Deprecates disk_cache --- manifests/mod/cache_disk.pp | 121 ++++++++++++++++++++++++++++++ manifests/mod/disk_cache.pp | 54 ++++--------- templates/mod/cache_disk.conf.erb | 36 +++++++++ 3 files changed, 171 insertions(+), 40 deletions(-) create mode 100644 manifests/mod/cache_disk.pp create mode 100644 templates/mod/cache_disk.conf.erb diff --git a/manifests/mod/cache_disk.pp b/manifests/mod/cache_disk.pp new file mode 100644 index 0000000000..83abcf5f37 --- /dev/null +++ b/manifests/mod/cache_disk.pp @@ -0,0 +1,121 @@ +# @summary +# Installs and configures `mod_cache_disk`. +# +# @description +# This will install an configure the proper module depending on the used apache version, so +# - mod_cache_disk for apache version >= 2.4 +# - mod_disk_cache for older apache versions +# +# @param cache_root +# Defines the name of the directory on the disk to contain cache files. +# Default depends on the Apache version and operating system: +# - Debian: /var/cache/apache2/mod_cache_disk +# - FreeBSD: /var/cache/mod_cache_disk +# - Red Hat, Apache 2.4: /var/cache/httpd/proxy +# - Red Hat, Apache 2.2: /var/cache/mod_proxy +# +# @param cache_enable +# Defines an array of directories to cache, the default is none +# +# @param cache_ignore_headers +# Specifies HTTP header(s) that should not be stored in the cache. +# +# @param cache_dir_length +# The number of characters in subdirectory names +# +# @param cache_dir_levels +# The number of levels of subdirectories in the cache. +# +# @param cache_default_expire +# The default duration to cache a document when no expiry date is specified. +# +# @param cache_max_expire +# The maximum time in seconds to cache a document +# +# @param cache_ignore_no_lastmod +# Ignore the fact that a response has no Last Modified header. +# +# @param cache_header +# Add an X-Cache header to the response. +# +# @param cache_lock +# Enable the thundering herd lock. +# +# @param cache_ignore_cache_control +# Ignore request to not serve cached content to client +# +# @param cache_max_filesize +# The maximum size (in bytes) of a document to be placed in the cache +# +# @note +# Apache 2.2, mod_disk_cache installed. On Apache 2.4, mod_cache_disk installed. +# +# @see https://httpd.apache.org/docs/2.2/mod/mod_disk_cache.html for additional documentation on version 2.2. +# +# @see https://httpd.apache.org/docs/2.4/mod/mod_cache_disk.html for additional documentation on version 2.4. +# +class apache::mod::cache_disk ( + $cache_root = undef, + Array[String] $cache_enable = [], + Optional[String] $cache_ignore_headers = undef, + Optional[Integer] $cache_dir_length = undef, + Optional[Integer] $cache_dir_levels = undef, + Optional[Integer] $cache_default_expire = undef, + Optional[Integer] $cache_max_expire = undef, + Optional[Enum['Off', 'On']] $cache_ignore_no_lastmod = undef, + Optional[Enum['off', 'on']] $cache_header = undef, + Optional[Enum['off', 'on']] $cache_lock = undef, + Optional[Enum['Off', 'On']] $cache_ignore_cache_control = undef, + Optional[Integer] $cache_max_filesize = undef, +) { + include apache + if $cache_root { + $_cache_root = $cache_root + } + elsif versioncmp($apache::apache_version, '2.4') >= 0 { + $_module_name = 'cache_disk' + $_cache_root = $::osfamily ? { + 'debian' => '/var/cache/apache2/mod_cache_disk', + 'redhat' => '/var/cache/httpd/proxy', + 'freebsd' => '/var/cache/mod_cache_disk', + } + } + else { + $_module_name = 'disk_cache' + $_cache_root = $::osfamily ? { + 'debian' => '/var/cache/apache2/mod_disk_cache', + 'redhat' => '/var/cache/mod_proxy', + 'freebsd' => '/var/cache/mod_disk_cache', + } + } + $_configuration_file_name = "${_module_name}.conf" + $_class_name = "::apache::mod::${_module_name}" + + apache::mod { $_module_name: } + + Class['::apache::mod::cache'] -> Class[$_class_name] + + # Template uses + # - $_cache_root + # - $cache_enable + # - $cache_dir_length + # - $cache_ignore_headers + # - $cache_dir_length + # - $cache_dir_levels + # - $cache_default_expire + # - $cache_max_expire + # - $cache_ignore_no_lastmod + # - $cache_header + # - $cache_lock + # - $cache_ignore_cache_control + # - $cache_max_filesize + file { $_configuration_file_name: + ensure => file, + path => "${apache::mod_dir}/${_configuration_file_name}", + mode => $apache::file_mode, + content => template('apache/mod/cache_disk.conf.erb'), + require => Exec["mkdir ${apache::mod_dir}"], + before => File[$apache::mod_dir], + notify => Class['apache::service'], + } +} diff --git a/manifests/mod/disk_cache.pp b/manifests/mod/disk_cache.pp index 4a3dc35883..6b9a0c7a4d 100644 --- a/manifests/mod/disk_cache.pp +++ b/manifests/mod/disk_cache.pp @@ -6,55 +6,29 @@ # Default depends on the Apache version and operating system: # - Debian: /var/cache/apache2/mod_cache_disk # - FreeBSD: /var/cache/mod_cache_disk -# - Red Hat: /var/cache/httpd/proxy +# - Red Hat, Apache 2.4: /var/cache/httpd/proxy +# - Red Hat, Apache 2.2: /var/cache/mod_proxy # # @param cache_ignore_headers # Specifies HTTP header(s) that should not be stored in the cache. # -# @param default_cache_enable -# Default value is true, which enables "CacheEnable disk /" in disk_cache.conf for the webserver. This would cache -# every request to apache by default for every vhost. If set to false the default cache all behaviour is supressed. -# You can then control this behaviour in individual vhosts by explicitly defining CacheEnable. -# # @note -# On Apache 2.4, mod_cache_disk installed. +# Apache 2.2, mod_disk_cache installed. On Apache 2.4, mod_cache_disk installed. +# This class is deprecated, use mode_cache_disk instead +# +# @see https://httpd.apache.org/docs/2.2/mod/mod_disk_cache.html for additional documentation on version 2.2. # -# @see https://httpd.apache.org/docs/2.4/mod/mod_cache_disk.html for additional documentation. +# @see https://httpd.apache.org/docs/2.4/mod/mod_cache_disk.html for additional documentation on version 2.4. # class apache::mod::disk_cache ( - Optional[Stdlib::Absolutepath] $cache_root = undef, - Optional[String] $cache_ignore_headers = undef, - Boolean $default_cache_enable = true, + $cache_root = undef, + $cache_ignore_headers = undef, ) { - include apache - if $cache_root { - $_cache_root = $cache_root - } else { - $_cache_root = $facts['os']['family'] ? { - 'Debian' => '/var/cache/apache2/mod_cache_disk', - 'RedHat' => '/var/cache/httpd/proxy', - 'FreeBSD' => '/var/cache/mod_cache_disk', - } - } - - apache::mod { 'cache_disk': } - - Class['apache::mod::cache'] -> Class['apache::mod::disk_cache'] - - $parameters = { - 'default_cache_enable' => $default_cache_enable, - '_cache_root' => $_cache_root, - 'cache_ignore_headers' => $cache_ignore_headers, - } + deprecation('apache::mod::disk_cache','This module is deprecated; please use apache::mod::cache_disk') - # Template uses $_cache_root - file { 'disk_cache.conf': - ensure => file, - path => "${apache::mod_dir}/disk_cache.conf", - mode => $apache::file_mode, - content => epp('apache/mod/disk_cache.conf.epp', $parameters), - require => Exec["mkdir ${apache::mod_dir}"], - before => File[$apache::mod_dir], - notify => Class['apache::service'], + class { 'apache::mod::cache_disk': + cache_root => $cache_root, + cache_enable => ['/'], + cache_ignore_headers => $cache_ignore_headers, } } diff --git a/templates/mod/cache_disk.conf.erb b/templates/mod/cache_disk.conf.erb new file mode 100644 index 0000000000..e98632fe10 --- /dev/null +++ b/templates/mod/cache_disk.conf.erb @@ -0,0 +1,36 @@ +CacheRoot "<%= @_cache_root %>" +<%- if @cache_enable -%> + <%- @cache_enable.each do |enable| -%> +CacheEnable disk <%= enable %> + <%- end -%> +<%- end -%> +<%- if @cache_dir_length -%> +CacheDirLength <%= @cache_dir_length %> +<%- end -%> +<%- if @cache_dir_levels -%> +CacheDirLevels <%= @cache_dir_levels %> +<%- end -%> +<%- if @cache_default_expire -%> +CacheDefaultExpire <%= @cache_default_expire %> +<%- end -%> +<%- if @cache_max_expire -%> +CacheMaxExpire <%= @cache_max_expire %> +<%- end -%> +<%- if @cache_ignore_no_lastmod -%> +CacheIgnoreNoLastMod <%= @cache_ignore_no_lastmod %> +<%- end -%> +<%- if @cache_header -%> +CacheHeader <%= @cache_header %> +<%- end -%> +<%- if @cache_lock -%> +CacheLock <%= @cache_lock %> +<%- end -%> +<%- if @cache_ignore_cache_control -%> +CacheIgnoreCacheControl <%= @cache_ignore_cache_control %> +<%- end -%> +<%- if @cache_max_filesize -%> +CacheMaxFileSize <%= @cache_max_filesize %> +<%- end -%> +<%- if @cache_ignore_headers -%> +CacheIgnoreHeaders <%= @cache_ignore_headers -%> +<%- end -%> From 60c3d46fb169829c52ad71e3f9c9969fb01116c6 Mon Sep 17 00:00:00 2001 From: Dennis Ploeger Date: Fri, 12 Jan 2024 09:58:07 +0100 Subject: [PATCH 20/74] Fixing parameters in deprecated module to keep backwards compatibility --- manifests/mod/disk_cache.pp | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/manifests/mod/disk_cache.pp b/manifests/mod/disk_cache.pp index 6b9a0c7a4d..4c229c0ff8 100644 --- a/manifests/mod/disk_cache.pp +++ b/manifests/mod/disk_cache.pp @@ -6,8 +6,6 @@ # Default depends on the Apache version and operating system: # - Debian: /var/cache/apache2/mod_cache_disk # - FreeBSD: /var/cache/mod_cache_disk -# - Red Hat, Apache 2.4: /var/cache/httpd/proxy -# - Red Hat, Apache 2.2: /var/cache/mod_proxy # # @param cache_ignore_headers # Specifies HTTP header(s) that should not be stored in the cache. @@ -16,13 +14,12 @@ # Apache 2.2, mod_disk_cache installed. On Apache 2.4, mod_cache_disk installed. # This class is deprecated, use mode_cache_disk instead # -# @see https://httpd.apache.org/docs/2.2/mod/mod_disk_cache.html for additional documentation on version 2.2. -# # @see https://httpd.apache.org/docs/2.4/mod/mod_cache_disk.html for additional documentation on version 2.4. # class apache::mod::disk_cache ( - $cache_root = undef, - $cache_ignore_headers = undef, + Optional[Stdlib::Absolutepath] $cache_root = undef, + Optional[String] $cache_ignore_headers = undef, + Boolean $default_cache_enable = true, ) { deprecation('apache::mod::disk_cache','This module is deprecated; please use apache::mod::cache_disk') From ec10dff6e20c8bb99de92512ea97a13327ac31fd Mon Sep 17 00:00:00 2001 From: Dennis Ploeger Date: Fri, 12 Jan 2024 12:10:46 +0100 Subject: [PATCH 21/74] Optimization Fix parameters to keep backwards compatibility Added tests --- manifests/mod/cache.pp | 54 +++++++++++- manifests/mod/cache_disk.pp | 108 +++++++++--------------- manifests/mod/disk_cache.pp | 16 +++- spec/classes/mod/cache_disk_spec.rb | 123 ++++++++++++++++++++++++++++ spec/classes/mod/cache_spec.rb | 110 +++++++++++++++++++++++++ spec/classes/mod/disk_cache_spec.rb | 34 ++++---- templates/mod/cache.conf.epp | 30 +++++++ templates/mod/cache_disk.conf.epp | 26 ++++++ templates/mod/cache_disk.conf.erb | 36 -------- templates/mod/disk_cache.conf.epp | 9 -- 10 files changed, 409 insertions(+), 137 deletions(-) create mode 100644 spec/classes/mod/cache_disk_spec.rb create mode 100644 spec/classes/mod/cache_spec.rb create mode 100644 templates/mod/cache.conf.epp create mode 100644 templates/mod/cache_disk.conf.epp delete mode 100644 templates/mod/cache_disk.conf.erb delete mode 100644 templates/mod/disk_cache.conf.epp diff --git a/manifests/mod/cache.pp b/manifests/mod/cache.pp index a822ae9aa4..3ed71a60dc 100644 --- a/manifests/mod/cache.pp +++ b/manifests/mod/cache.pp @@ -1,8 +1,58 @@ # @summary # Installs `mod_cache` -# +# +# @param cache_ignore_headers +# Specifies HTTP header(s) that should not be stored in the cache. +# +# @param cache_default_expire +# The default duration to cache a document when no expiry date is specified. +# +# @param cache_max_expire +# The maximum time in seconds to cache a document +# +# @param cache_ignore_no_lastmod +# Ignore the fact that a response has no Last Modified header. +# +# @param cache_header +# Add an X-Cache header to the response. +# +# @param cache_lock +# Enable the thundering herd lock. +# +# @param cache_ignore_cache_control +# Ignore request to not serve cached content to client +# # @see https://httpd.apache.org/docs/current/mod/mod_cache.html for additional documentation. # -class apache::mod::cache { +class apache::mod::cache ( + Optional[String] $cache_ignore_headers = undef, + Optional[Integer] $cache_default_expire = undef, + Optional[Integer] $cache_max_expire = undef, + Optional[Enum['off', 'on', 'Off', 'On']] $cache_ignore_no_lastmod = undef, + Optional[Enum['off', 'on', 'Off', 'On']] $cache_header = undef, + Optional[Enum['off', 'on', 'Off', 'On']] $cache_lock = undef, + Optional[Enum['off', 'on', 'Off', 'On']] $cache_ignore_cache_control = undef, +) { + include apache ::apache::mod { 'cache': } + + $_configuration_file_name = 'cache.conf' + + file { $_configuration_file_name: + ensure => file, + path => "${apache::mod_dir}/${_configuration_file_name}", + mode => $apache::file_mode, + content => epp('apache/mod/cache.conf.epp', { + cache_ignore_headers => $cache_ignore_headers, + cache_default_expire => $cache_default_expire, + cache_max_expire => $cache_max_expire, + cache_ignore_no_lastmod => $cache_ignore_no_lastmod, + cache_header => $cache_header, + cache_lock => $cache_lock, + cache_ignore_cache_control => $cache_ignore_cache_control, + }), + require => Exec["mkdir ${apache::mod_dir}"], + before => File[$apache::mod_dir], + notify => Class['apache::service'], + } } diff --git a/manifests/mod/cache_disk.pp b/manifests/mod/cache_disk.pp index 83abcf5f37..97631d4a5a 100644 --- a/manifests/mod/cache_disk.pp +++ b/manifests/mod/cache_disk.pp @@ -12,108 +12,78 @@ # - Debian: /var/cache/apache2/mod_cache_disk # - FreeBSD: /var/cache/mod_cache_disk # - Red Hat, Apache 2.4: /var/cache/httpd/proxy -# - Red Hat, Apache 2.2: /var/cache/mod_proxy # # @param cache_enable # Defines an array of directories to cache, the default is none -# -# @param cache_ignore_headers -# Specifies HTTP header(s) that should not be stored in the cache. -# + # @param cache_dir_length # The number of characters in subdirectory names # # @param cache_dir_levels # The number of levels of subdirectories in the cache. # -# @param cache_default_expire -# The default duration to cache a document when no expiry date is specified. -# -# @param cache_max_expire -# The maximum time in seconds to cache a document -# -# @param cache_ignore_no_lastmod -# Ignore the fact that a response has no Last Modified header. -# -# @param cache_header -# Add an X-Cache header to the response. -# -# @param cache_lock -# Enable the thundering herd lock. -# -# @param cache_ignore_cache_control -# Ignore request to not serve cached content to client -# # @param cache_max_filesize # The maximum size (in bytes) of a document to be placed in the cache # +# @param cache_ignore_headers +# DEPRECATED Ignore request to not serve cached content to client (included for compatibility reasons to support disk_cache) +# +# @param configuration_file_name +# DEPRECATED Name of module configuration file (used for the compatibility layer for disk_cache) +# # @note # Apache 2.2, mod_disk_cache installed. On Apache 2.4, mod_cache_disk installed. # -# @see https://httpd.apache.org/docs/2.2/mod/mod_disk_cache.html for additional documentation on version 2.2. -# # @see https://httpd.apache.org/docs/2.4/mod/mod_cache_disk.html for additional documentation on version 2.4. # class apache::mod::cache_disk ( - $cache_root = undef, - Array[String] $cache_enable = [], - Optional[String] $cache_ignore_headers = undef, - Optional[Integer] $cache_dir_length = undef, - Optional[Integer] $cache_dir_levels = undef, - Optional[Integer] $cache_default_expire = undef, - Optional[Integer] $cache_max_expire = undef, - Optional[Enum['Off', 'On']] $cache_ignore_no_lastmod = undef, - Optional[Enum['off', 'on']] $cache_header = undef, - Optional[Enum['off', 'on']] $cache_lock = undef, - Optional[Enum['Off', 'On']] $cache_ignore_cache_control = undef, - Optional[Integer] $cache_max_filesize = undef, + Optional[String] $cache_root = undef, + Array[String] $cache_enable = [], + Optional[Integer] $cache_dir_length = undef, + Optional[Integer] $cache_dir_levels = undef, + Optional[Integer] $cache_max_filesize = undef, + Optional[String] $cache_ignore_headers = undef, + Optional[String] $configuration_file_name = undef, ) { include apache - if $cache_root { - $_cache_root = $cache_root + + if $cache_ignore_headers { + deprecation( + 'apache::mod::cache_disk', + 'The parameter cache_ignore_headers is deprecated. Please use apache::mod::cache::cache_ignore_headers instead.' + ) } - elsif versioncmp($apache::apache_version, '2.4') >= 0 { - $_module_name = 'cache_disk' - $_cache_root = $::osfamily ? { + + $_cache_root = $cache_root ? { + undef => $facts['os']['family'] ? { 'debian' => '/var/cache/apache2/mod_cache_disk', 'redhat' => '/var/cache/httpd/proxy', 'freebsd' => '/var/cache/mod_cache_disk', - } + }, + default => $cache_root, } - else { - $_module_name = 'disk_cache' - $_cache_root = $::osfamily ? { - 'debian' => '/var/cache/apache2/mod_disk_cache', - 'redhat' => '/var/cache/mod_proxy', - 'freebsd' => '/var/cache/mod_disk_cache', - } + $_configuration_file_name = $configuration_file_name ? { + undef => 'cache_disk.conf', + default => $configuration_file_name } - $_configuration_file_name = "${_module_name}.conf" - $_class_name = "::apache::mod::${_module_name}" + $_class_name = 'apache::mod::cache_disk' - apache::mod { $_module_name: } + apache::mod { 'cache_disk': } - Class['::apache::mod::cache'] -> Class[$_class_name] + Class['apache::mod::cache'] -> Class[$_class_name] - # Template uses - # - $_cache_root - # - $cache_enable - # - $cache_dir_length - # - $cache_ignore_headers - # - $cache_dir_length - # - $cache_dir_levels - # - $cache_default_expire - # - $cache_max_expire - # - $cache_ignore_no_lastmod - # - $cache_header - # - $cache_lock - # - $cache_ignore_cache_control - # - $cache_max_filesize file { $_configuration_file_name: ensure => file, path => "${apache::mod_dir}/${_configuration_file_name}", mode => $apache::file_mode, - content => template('apache/mod/cache_disk.conf.erb'), + content => epp('apache/mod/cache_disk.conf.epp', { + cache_root => $_cache_root, + cache_enable => $cache_enable, + cache_dir_length => $cache_dir_length, + cache_dir_levels => $cache_dir_levels, + cache_max_filesize => $cache_max_filesize, + cache_ignore_headers => $cache_ignore_headers, + }), require => Exec["mkdir ${apache::mod_dir}"], before => File[$apache::mod_dir], notify => Class['apache::service'], diff --git a/manifests/mod/disk_cache.pp b/manifests/mod/disk_cache.pp index 4c229c0ff8..2aa8a9bcc5 100644 --- a/manifests/mod/disk_cache.pp +++ b/manifests/mod/disk_cache.pp @@ -10,6 +10,11 @@ # @param cache_ignore_headers # Specifies HTTP header(s) that should not be stored in the cache. # +# @param default_cache_enable +# Default value is true, which enables "CacheEnable disk /" in disk_cache.conf for the webserver. This would cache +# every request to apache by default for every vhost. If set to false the default cache all behaviour is supressed. +# You can then control this behaviour in individual vhosts by explicitly defining CacheEnable. +# # @note # Apache 2.2, mod_disk_cache installed. On Apache 2.4, mod_cache_disk installed. # This class is deprecated, use mode_cache_disk instead @@ -21,11 +26,14 @@ Optional[String] $cache_ignore_headers = undef, Boolean $default_cache_enable = true, ) { - deprecation('apache::mod::disk_cache','This module is deprecated; please use apache::mod::cache_disk') + deprecation('apache::mod::disk_cache', 'This module is deprecated; please use apache::mod::cache_disk') class { 'apache::mod::cache_disk': - cache_root => $cache_root, - cache_enable => ['/'], - cache_ignore_headers => $cache_ignore_headers, + cache_root => $cache_root, + cache_enable => ['/'], + cache_ignore_headers => $cache_ignore_headers, + cache_dir_length => 1, + cache_dir_levels => 2, + configuration_file_name => 'cache_disk.conf' } } diff --git a/spec/classes/mod/cache_disk_spec.rb b/spec/classes/mod/cache_disk_spec.rb new file mode 100644 index 0000000000..6a18c61388 --- /dev/null +++ b/spec/classes/mod/cache_disk_spec.rb @@ -0,0 +1,123 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'apache::mod::cache_disk', type: :class do + context 'on a Debian OS' do + include_examples 'Debian 11' + + let(:params) do + { + cache_enable: ['/'], + } + end + + let :pre_condition do + 'class{ "apache": + default_mods => ["cache"], + mod_dir => "/tmp/junk", + }' + end + + it { is_expected.to compile } + it { is_expected.to contain_class('apache::mod::cache_disk') } + it { is_expected.to contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Cache_disk]') } + it { is_expected.to contain_apache__mod('cache_disk') } + + default_config = %r{CacheEnable disk /\nCacheRoot "/var/cache/apache2/mod_cache_disk"} + + it { + expect(subject).to contain_file('cache_disk.conf') + .with(content: default_config) + } + + describe 'with multiple cache_enable parameters' do + let(:params) do + { + cache_enable: %w[/ /something], + } + end + + it { + expect(subject).to contain_file('cache_disk.conf') + .with(content: %r{CacheEnable disk /\nCacheEnable disk /something\nCacheRoot "/var/cache/apache2/mod_cache_disk"}) + } + end + + describe 'with cache_dir_length' do + let(:params) do + { + cache_dir_length: 2, + cache_enable: ['/'], + } + end + + it { + expect(subject).to contain_file('cache_disk.conf') + .with(content: %r{#{default_config}\nCacheDirLength 2}) + } + end + + describe 'with cache_dir_levels' do + let(:params) do + { + cache_dir_levels: 2, + cache_enable: ['/'], + } + end + + it { + expect(subject).to contain_file('cache_disk.conf') + .with(content: %r{#{default_config}\nCacheDirLevels 2}) + } + end + end + + context 'on a RedHat 8-based OS' do + include_examples 'RedHat 8' + + let(:params) do + { + cache_enable: ['/'], + } + end + + let :pre_condition do + 'class{ "apache": + default_mods => ["cache"], + mod_dir => "/tmp/junk", + }' + end + + it { is_expected.to compile } + + it { + expect(subject).to contain_file('cache_disk.conf') + .with(content: %r{CacheEnable disk /\nCacheRoot "/var/cache/httpd/proxy"}) + } + end + + context 'on a FreeBSD OS' do + include_examples 'FreeBSD 10' + + let(:params) do + { + cache_enable: ['/'], + } + end + + let :pre_condition do + 'class{ "apache": + default_mods => ["cache"], + mod_dir => "/tmp/junk", + }' + end + + it { is_expected.to compile } + + it { + expect(subject).to contain_file('cache_disk.conf') + .with(content: %r{CacheEnable disk /\nCacheRoot "/var/cache/mod_cache_disk"}) + } + end +end diff --git a/spec/classes/mod/cache_spec.rb b/spec/classes/mod/cache_spec.rb new file mode 100644 index 0000000000..ee064f9bc7 --- /dev/null +++ b/spec/classes/mod/cache_spec.rb @@ -0,0 +1,110 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'apache::mod::cache', type: :class do + context 'on a Debian OS' do + include_examples 'Debian 11' + + it { is_expected.to compile } + it { is_expected.to contain_class('apache::mod::cache') } + it { is_expected.to contain_apache__mod('cache') } + + it { + expect(subject).to contain_file('cache.conf') + .with(content: '') + } + + describe 'with cache_ignore_headers' do + let(:params) do + { + cache_ignore_headers: 'Set-Cookie', + } + end + + it { + expect(subject).to contain_file('cache.conf') + .with(content: %r{CacheIgnoreHeaders Set-Cookie}) + } + end + + describe 'with cache_default_expire' do + let(:params) do + { + cache_default_expire: 2000, + } + end + + it { + expect(subject).to contain_file('cache.conf') + .with(content: %r{CacheDefaultExpire 2000}) + } + end + + describe 'with cache_max_expire' do + let(:params) do + { + cache_max_expire: 2000, + } + end + + it { + expect(subject).to contain_file('cache.conf') + .with(content: %r{CacheMaxExpire 2000}) + } + end + + describe 'with cache_ignore_no_lastmod' do + let(:params) do + { + cache_ignore_no_lastmod: 'On', + } + end + + it { + expect(subject).to contain_file('cache.conf') + .with(content: %r{CacheIgnoreNoLastMod On}) + } + end + + describe 'with cache_header' do + let(:params) do + { + cache_header: 'On', + } + end + + it { + expect(subject).to contain_file('cache.conf') + .with(content: %r{CacheHeader On}) + } + end + + describe 'with cache_lock' do + let(:params) do + { + cache_lock: 'On', + } + end + + it { + expect(subject).to contain_file('cache.conf') + .with(content: %r{CacheLock On}) + } + end + + describe 'with cache_ignore_cache_control' do + let(:params) do + { + cache_ignore_cache_control: 'On', + } + end + + it { + expect(subject).to contain_file('cache.conf') + .with(content: %r{CacheIgnoreCacheControl On}) + } + end + + end +end diff --git a/spec/classes/mod/disk_cache_spec.rb b/spec/classes/mod/disk_cache_spec.rb index ce840bdcf6..b893cbd9b1 100644 --- a/spec/classes/mod/disk_cache_spec.rb +++ b/spec/classes/mod/disk_cache_spec.rb @@ -21,11 +21,11 @@ it { is_expected.to compile } it { is_expected.to contain_class('apache::mod::disk_cache') } - it { is_expected.to contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Disk_cache]') } + it { is_expected.to contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Cache_disk]') } it { is_expected.to contain_apache__mod('cache_disk') } it { - expect(subject).to contain_file('disk_cache.conf') + expect(subject).to contain_file('cache_disk.conf') .with(content: %r{CacheEnable disk /\nCacheRoot "/var/cache/apache2/mod_cache_disk"\nCacheDirLevels 2\nCacheDirLength 1\nCacheIgnoreHeaders Set-Cookie}) } @@ -34,11 +34,11 @@ it { is_expected.to compile } it { is_expected.to contain_class('apache::mod::disk_cache') } - it { is_expected.to contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Disk_cache]') } + it { is_expected.to contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Cache_disk]') } it { is_expected.to contain_apache__mod('cache_disk') } it { - expect(subject).to contain_file('disk_cache.conf') + expect(subject).to contain_file('cache_disk.conf') .with(content: %r{CacheRoot "/var/cache/apache2/mod_cache_disk"\nCacheDirLevels 2\nCacheDirLength 1\n}) } end @@ -48,11 +48,11 @@ it { is_expected.to compile } it { is_expected.to contain_class('apache::mod::disk_cache') } - it { is_expected.to contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Disk_cache]') } + it { is_expected.to contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Cache_disk]') } it { is_expected.to contain_apache__mod('cache_disk') } it { - expect(subject).to contain_file('disk_cache.conf') + expect(subject).to contain_file('cache_disk.conf') .with(content: %r{CacheEnable disk /\nCacheRoot "/var/cache/apache2/mod_cache_disk"\nCacheDirLevels 2\nCacheDirLength 1\n}) } end @@ -83,7 +83,7 @@ it { is_expected.to contain_apache__mod('cache_disk') } it { - expect(subject).to contain_file('disk_cache.conf') + expect(subject).to contain_file('cache_disk.conf') .with(content: %r{CacheEnable disk /\nCacheRoot "/var/cache/httpd/proxy"\nCacheDirLevels 2\nCacheDirLength 1\nCacheIgnoreHeaders Set-Cookie}) } @@ -92,11 +92,11 @@ it { is_expected.to compile } it { is_expected.to contain_class('apache::mod::disk_cache') } - it { is_expected.to contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Disk_cache]') } + it { is_expected.to contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Cache_disk]') } it { is_expected.to contain_apache__mod('cache_disk') } it { - expect(subject).to contain_file('disk_cache.conf') + expect(subject).to contain_file('cache_disk.conf') .with(content: %r{CacheRoot "/var/cache/httpd/proxy"\nCacheDirLevels 2\nCacheDirLength 1\n}) } end @@ -106,11 +106,11 @@ it { is_expected.to compile } it { is_expected.to contain_class('apache::mod::disk_cache') } - it { is_expected.to contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Disk_cache]') } + it { is_expected.to contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Cache_disk]') } it { is_expected.to contain_apache__mod('cache_disk') } it { - expect(subject).to contain_file('disk_cache.conf') + expect(subject).to contain_file('cache_disk.conf') .with(content: %r{CacheEnable disk /\nCacheRoot "/var/cache/httpd/proxy"\nCacheDirLevels 2\nCacheDirLength 1\n}) } end @@ -140,11 +140,11 @@ it { is_expected.to compile } it { is_expected.to contain_class('apache::mod::disk_cache') } - it { is_expected.to contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Disk_cache]') } + it { is_expected.to contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Cache_disk]') } it { is_expected.to contain_apache__mod('cache_disk') } it { - expect(subject).to contain_file('disk_cache.conf') + expect(subject).to contain_file('cache_disk.conf') .with(content: %r{CacheEnable disk /\nCacheRoot "/var/cache/mod_cache_disk"\nCacheDirLevels 2\nCacheDirLength 1\nCacheIgnoreHeaders Set-Cookie}) } @@ -153,11 +153,11 @@ it { is_expected.to compile } it { is_expected.to contain_class('apache::mod::disk_cache') } - it { is_expected.to contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Disk_cache]') } + it { is_expected.to contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Cache_disk]') } it { is_expected.to contain_apache__mod('cache_disk') } it { - expect(subject).to contain_file('disk_cache.conf') + expect(subject).to contain_file('cache_disk.conf') .with(content: %r{CacheRoot "/var/cache/mod_cache_disk"\nCacheDirLevels 2\nCacheDirLength 1\n}) } end @@ -167,11 +167,11 @@ it { is_expected.to compile } it { is_expected.to contain_class('apache::mod::disk_cache') } - it { is_expected.to contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Disk_cache]') } + it { is_expected.to contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Cache_disk]') } it { is_expected.to contain_apache__mod('cache_disk') } it { - expect(subject).to contain_file('disk_cache.conf') + expect(subject).to contain_file('cache_disk.conf') .with(content: %r{CacheEnable disk /\nCacheRoot "/var/cache/mod_cache_disk"\nCacheDirLevels 2\nCacheDirLength 1\n}) } end diff --git a/templates/mod/cache.conf.epp b/templates/mod/cache.conf.epp new file mode 100644 index 0000000000..fba0300471 --- /dev/null +++ b/templates/mod/cache.conf.epp @@ -0,0 +1,30 @@ +<% | + Optional[String] $cache_ignore_headers = undef, + Optional[Integer] $cache_default_expire = undef, + Optional[Integer] $cache_max_expire = undef, + Optional[Enum['off', 'on', 'Off', 'On']] $cache_ignore_no_lastmod = undef, + Optional[Enum['off', 'on', 'Off', 'On']] $cache_header = undef, + Optional[Enum['off', 'on', 'Off', 'On']] $cache_lock = undef, + Optional[Enum['off', 'on', 'Off', 'On']] $cache_ignore_cache_control = undef, +| -%> +<%- if $cache_default_expire { -%> +CacheDefaultExpire <%= $cache_default_expire %> +<%- } -%> +<%- if $cache_max_expire { -%> +CacheMaxExpire <%= $cache_max_expire %> +<%- } -%> +<%- if $cache_ignore_no_lastmod { -%> +CacheIgnoreNoLastMod <%= $cache_ignore_no_lastmod %> +<%- } -%> +<%- if $cache_header { -%> +CacheHeader <%= $cache_header %> +<%- } -%> +<%- if $cache_lock { -%> +CacheLock <%= $cache_lock %> +<%- } -%> +<%- if $cache_ignore_cache_control { -%> +CacheIgnoreCacheControl <%= $cache_ignore_cache_control %> +<%- } -%> +<%- if $cache_ignore_headers { -%> +CacheIgnoreHeaders <%= $cache_ignore_headers -%> +<%- } -%> \ No newline at end of file diff --git a/templates/mod/cache_disk.conf.epp b/templates/mod/cache_disk.conf.epp new file mode 100644 index 0000000000..b2fb2b1cb1 --- /dev/null +++ b/templates/mod/cache_disk.conf.epp @@ -0,0 +1,26 @@ +<% | + Optional[String] $cache_root = undef, + Array[String] $cache_enable = [], + Optional[Integer] $cache_dir_length = undef, + Optional[Integer] $cache_dir_levels = undef, + Optional[Integer] $cache_max_filesize = undef, + Optional[String] $cache_ignore_headers = undef, +| -%> +<%- if $cache_enable { -%> + <%- $cache_enable.each |$enable| { -%> +CacheEnable disk <%= $enable %> + <%- } -%> +<%- } -%> +CacheRoot "<%= $cache_root %>" +<%- if $cache_dir_levels { -%> +CacheDirLevels <%= $cache_dir_levels %> +<%- } -%> +<%- if $cache_dir_length { -%> +CacheDirLength <%= $cache_dir_length %> +<%- } -%> +<%- if $cache_max_filesize { -%> +CacheMaxFileSize <%= $cache_max_filesize %> +<%- } -%> +<%- if $cache_ignore_headers { -%> +CacheIgnoreHeaders <%= $cache_ignore_headers -%> +<%- } -%> \ No newline at end of file diff --git a/templates/mod/cache_disk.conf.erb b/templates/mod/cache_disk.conf.erb deleted file mode 100644 index e98632fe10..0000000000 --- a/templates/mod/cache_disk.conf.erb +++ /dev/null @@ -1,36 +0,0 @@ -CacheRoot "<%= @_cache_root %>" -<%- if @cache_enable -%> - <%- @cache_enable.each do |enable| -%> -CacheEnable disk <%= enable %> - <%- end -%> -<%- end -%> -<%- if @cache_dir_length -%> -CacheDirLength <%= @cache_dir_length %> -<%- end -%> -<%- if @cache_dir_levels -%> -CacheDirLevels <%= @cache_dir_levels %> -<%- end -%> -<%- if @cache_default_expire -%> -CacheDefaultExpire <%= @cache_default_expire %> -<%- end -%> -<%- if @cache_max_expire -%> -CacheMaxExpire <%= @cache_max_expire %> -<%- end -%> -<%- if @cache_ignore_no_lastmod -%> -CacheIgnoreNoLastMod <%= @cache_ignore_no_lastmod %> -<%- end -%> -<%- if @cache_header -%> -CacheHeader <%= @cache_header %> -<%- end -%> -<%- if @cache_lock -%> -CacheLock <%= @cache_lock %> -<%- end -%> -<%- if @cache_ignore_cache_control -%> -CacheIgnoreCacheControl <%= @cache_ignore_cache_control %> -<%- end -%> -<%- if @cache_max_filesize -%> -CacheMaxFileSize <%= @cache_max_filesize %> -<%- end -%> -<%- if @cache_ignore_headers -%> -CacheIgnoreHeaders <%= @cache_ignore_headers -%> -<%- end -%> diff --git a/templates/mod/disk_cache.conf.epp b/templates/mod/disk_cache.conf.epp deleted file mode 100644 index 2cfc0e647a..0000000000 --- a/templates/mod/disk_cache.conf.epp +++ /dev/null @@ -1,9 +0,0 @@ -<% if $default_cache_enable { -%> -CacheEnable disk / -<% } -%> -CacheRoot "<%= $_cache_root %>" -CacheDirLevels 2 -CacheDirLength 1 -<% if $cache_ignore_headers { -%> -CacheIgnoreHeaders <%= $cache_ignore_headers -%> -<% } -%> \ No newline at end of file From c39316f4fdc5648d9627ef68dce8cd7b62c37adf Mon Sep 17 00:00:00 2001 From: Dennis Ploeger Date: Tue, 30 Jan 2024 07:17:39 +0100 Subject: [PATCH 22/74] Suggestions from Code Review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Romain Tartière --- manifests/mod/cache.pp | 16 ++++++++-------- manifests/mod/cache_disk.pp | 2 +- manifests/mod/disk_cache.pp | 2 +- templates/mod/cache.conf.epp | 16 ++++++++-------- templates/mod/cache_disk.conf.epp | 2 +- 5 files changed, 19 insertions(+), 19 deletions(-) diff --git a/manifests/mod/cache.pp b/manifests/mod/cache.pp index 3ed71a60dc..d31cebd3f0 100644 --- a/manifests/mod/cache.pp +++ b/manifests/mod/cache.pp @@ -25,16 +25,16 @@ # @see https://httpd.apache.org/docs/current/mod/mod_cache.html for additional documentation. # class apache::mod::cache ( - Optional[String] $cache_ignore_headers = undef, - Optional[Integer] $cache_default_expire = undef, - Optional[Integer] $cache_max_expire = undef, - Optional[Enum['off', 'on', 'Off', 'On']] $cache_ignore_no_lastmod = undef, - Optional[Enum['off', 'on', 'Off', 'On']] $cache_header = undef, - Optional[Enum['off', 'on', 'Off', 'On']] $cache_lock = undef, - Optional[Enum['off', 'on', 'Off', 'On']] $cache_ignore_cache_control = undef, + Array[String[1]] $cache_ignore_headers = [], + Optional[Integer] $cache_default_expire = undef, + Optional[Integer] $cache_max_expire = undef, + Optional[Apache::OnOff] $cache_ignore_no_lastmod = undef, + Optional[Apache::OnOff] $cache_header = undef, + Optional[Apache::OnOff] $cache_lock = undef, + Optional[Apache::OnOff] $cache_ignore_cache_control = undef, ) { include apache - ::apache::mod { 'cache': } + apache::mod { 'cache': } $_configuration_file_name = 'cache.conf' diff --git a/manifests/mod/cache_disk.pp b/manifests/mod/cache_disk.pp index 97631d4a5a..c419e8abae 100644 --- a/manifests/mod/cache_disk.pp +++ b/manifests/mod/cache_disk.pp @@ -37,7 +37,7 @@ # @see https://httpd.apache.org/docs/2.4/mod/mod_cache_disk.html for additional documentation on version 2.4. # class apache::mod::cache_disk ( - Optional[String] $cache_root = undef, + Optional[Stdlib::Absolutepath] $cache_root = undef, Array[String] $cache_enable = [], Optional[Integer] $cache_dir_length = undef, Optional[Integer] $cache_dir_levels = undef, diff --git a/manifests/mod/disk_cache.pp b/manifests/mod/disk_cache.pp index 2aa8a9bcc5..fe0fc8b406 100644 --- a/manifests/mod/disk_cache.pp +++ b/manifests/mod/disk_cache.pp @@ -26,7 +26,7 @@ Optional[String] $cache_ignore_headers = undef, Boolean $default_cache_enable = true, ) { - deprecation('apache::mod::disk_cache', 'This module is deprecated; please use apache::mod::cache_disk') + deprecation('apache::mod::disk_cache', 'This class is deprecated; please use apache::mod::cache_disk') class { 'apache::mod::cache_disk': cache_root => $cache_root, diff --git a/templates/mod/cache.conf.epp b/templates/mod/cache.conf.epp index fba0300471..136f277e40 100644 --- a/templates/mod/cache.conf.epp +++ b/templates/mod/cache.conf.epp @@ -1,11 +1,11 @@ <% | - Optional[String] $cache_ignore_headers = undef, - Optional[Integer] $cache_default_expire = undef, - Optional[Integer] $cache_max_expire = undef, - Optional[Enum['off', 'on', 'Off', 'On']] $cache_ignore_no_lastmod = undef, - Optional[Enum['off', 'on', 'Off', 'On']] $cache_header = undef, - Optional[Enum['off', 'on', 'Off', 'On']] $cache_lock = undef, - Optional[Enum['off', 'on', 'Off', 'On']] $cache_ignore_cache_control = undef, + Optional[String] $cache_ignore_headers = undef, + Optional[Integer] $cache_default_expire = undef, + Optional[Integer] $cache_max_expire = undef, + Optional[Apache::OnOff] $cache_ignore_no_lastmod = undef, + Optional[Apache::OnOff] $cache_header = undef, + Optional[Apache::OnOff] $cache_lock = undef, + Optional[Apache::OnOff] $cache_ignore_cache_control = undef, | -%> <%- if $cache_default_expire { -%> CacheDefaultExpire <%= $cache_default_expire %> @@ -27,4 +27,4 @@ CacheIgnoreCacheControl <%= $cache_ignore_cache_control %> <%- } -%> <%- if $cache_ignore_headers { -%> CacheIgnoreHeaders <%= $cache_ignore_headers -%> -<%- } -%> \ No newline at end of file +<%- } -%> diff --git a/templates/mod/cache_disk.conf.epp b/templates/mod/cache_disk.conf.epp index b2fb2b1cb1..030f0ba937 100644 --- a/templates/mod/cache_disk.conf.epp +++ b/templates/mod/cache_disk.conf.epp @@ -23,4 +23,4 @@ CacheMaxFileSize <%= $cache_max_filesize %> <%- } -%> <%- if $cache_ignore_headers { -%> CacheIgnoreHeaders <%= $cache_ignore_headers -%> -<%- } -%> \ No newline at end of file +<%- } -%> From f86abf28f4207814e356ddfb71ed5c3bff9a59ba Mon Sep 17 00:00:00 2001 From: Dennis Ploeger Date: Tue, 30 Jan 2024 07:43:35 +0100 Subject: [PATCH 23/74] Update manifests/mod/disk_cache.pp MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Romain Tartière --- manifests/mod/disk_cache.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/mod/disk_cache.pp b/manifests/mod/disk_cache.pp index fe0fc8b406..57ee028e14 100644 --- a/manifests/mod/disk_cache.pp +++ b/manifests/mod/disk_cache.pp @@ -31,7 +31,7 @@ class { 'apache::mod::cache_disk': cache_root => $cache_root, cache_enable => ['/'], - cache_ignore_headers => $cache_ignore_headers, + cache_ignore_headers => $cache_ignore_headers.split(' '), cache_dir_length => 1, cache_dir_levels => 2, configuration_file_name => 'cache_disk.conf' From aeef7fb59bd0244d76006928bf358ea9e0f19e36 Mon Sep 17 00:00:00 2001 From: Dennis Ploeger Date: Tue, 30 Jan 2024 07:57:04 +0100 Subject: [PATCH 24/74] Update spec/classes/mod/cache_disk_spec.rb MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Romain Tartière --- spec/classes/mod/cache_disk_spec.rb | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/spec/classes/mod/cache_disk_spec.rb b/spec/classes/mod/cache_disk_spec.rb index 6a18c61388..a85054063d 100644 --- a/spec/classes/mod/cache_disk_spec.rb +++ b/spec/classes/mod/cache_disk_spec.rb @@ -26,10 +26,7 @@ default_config = %r{CacheEnable disk /\nCacheRoot "/var/cache/apache2/mod_cache_disk"} - it { - expect(subject).to contain_file('cache_disk.conf') - .with(content: default_config) - } + it { is_expected.to contain_file('cache_disk.conf').with(content: default_config) } describe 'with multiple cache_enable parameters' do let(:params) do From 9fdf75446e69d2ff605add2d98797d3e34e22cbf Mon Sep 17 00:00:00 2001 From: Dennis Ploeger Date: Tue, 30 Jan 2024 09:04:19 +0100 Subject: [PATCH 25/74] Rubocop fixes --- spec/classes/mod/cache_disk_spec.rb | 12 ++++++------ spec/classes/mod/cache_spec.rb | 17 ++++++++--------- 2 files changed, 14 insertions(+), 15 deletions(-) diff --git a/spec/classes/mod/cache_disk_spec.rb b/spec/classes/mod/cache_disk_spec.rb index a85054063d..fdd55fa8d9 100644 --- a/spec/classes/mod/cache_disk_spec.rb +++ b/spec/classes/mod/cache_disk_spec.rb @@ -31,13 +31,13 @@ describe 'with multiple cache_enable parameters' do let(:params) do { - cache_enable: %w[/ /something], + cache_enable: ['/', '/something'], } end it { expect(subject).to contain_file('cache_disk.conf') - .with(content: %r{CacheEnable disk /\nCacheEnable disk /something\nCacheRoot "/var/cache/apache2/mod_cache_disk"}) + .with(content: %r{CacheEnable disk /\nCacheEnable disk /something\nCacheRoot "/var/cache/apache2/mod_cache_disk"}) } end @@ -51,7 +51,7 @@ it { expect(subject).to contain_file('cache_disk.conf') - .with(content: %r{#{default_config}\nCacheDirLength 2}) + .with(content: %r{#{default_config}\nCacheDirLength 2}) } end @@ -65,7 +65,7 @@ it { expect(subject).to contain_file('cache_disk.conf') - .with(content: %r{#{default_config}\nCacheDirLevels 2}) + .with(content: %r{#{default_config}\nCacheDirLevels 2}) } end end @@ -90,7 +90,7 @@ it { expect(subject).to contain_file('cache_disk.conf') - .with(content: %r{CacheEnable disk /\nCacheRoot "/var/cache/httpd/proxy"}) + .with(content: %r{CacheEnable disk /\nCacheRoot "/var/cache/httpd/proxy"}) } end @@ -114,7 +114,7 @@ it { expect(subject).to contain_file('cache_disk.conf') - .with(content: %r{CacheEnable disk /\nCacheRoot "/var/cache/mod_cache_disk"}) + .with(content: %r{CacheEnable disk /\nCacheRoot "/var/cache/mod_cache_disk"}) } end end diff --git a/spec/classes/mod/cache_spec.rb b/spec/classes/mod/cache_spec.rb index ee064f9bc7..8acb57b0db 100644 --- a/spec/classes/mod/cache_spec.rb +++ b/spec/classes/mod/cache_spec.rb @@ -12,7 +12,7 @@ it { expect(subject).to contain_file('cache.conf') - .with(content: '') + .with(content: '') } describe 'with cache_ignore_headers' do @@ -24,7 +24,7 @@ it { expect(subject).to contain_file('cache.conf') - .with(content: %r{CacheIgnoreHeaders Set-Cookie}) + .with(content: %r{CacheIgnoreHeaders Set-Cookie}) } end @@ -37,7 +37,7 @@ it { expect(subject).to contain_file('cache.conf') - .with(content: %r{CacheDefaultExpire 2000}) + .with(content: %r{CacheDefaultExpire 2000}) } end @@ -50,7 +50,7 @@ it { expect(subject).to contain_file('cache.conf') - .with(content: %r{CacheMaxExpire 2000}) + .with(content: %r{CacheMaxExpire 2000}) } end @@ -63,7 +63,7 @@ it { expect(subject).to contain_file('cache.conf') - .with(content: %r{CacheIgnoreNoLastMod On}) + .with(content: %r{CacheIgnoreNoLastMod On}) } end @@ -76,7 +76,7 @@ it { expect(subject).to contain_file('cache.conf') - .with(content: %r{CacheHeader On}) + .with(content: %r{CacheHeader On}) } end @@ -89,7 +89,7 @@ it { expect(subject).to contain_file('cache.conf') - .with(content: %r{CacheLock On}) + .with(content: %r{CacheLock On}) } end @@ -102,9 +102,8 @@ it { expect(subject).to contain_file('cache.conf') - .with(content: %r{CacheIgnoreCacheControl On}) + .with(content: %r{CacheIgnoreCacheControl On}) } end - end end From a7e55d3782b7c0e27b7ff0740e38c49ee72fd21f Mon Sep 17 00:00:00 2001 From: Dennis Ploeger Date: Tue, 30 Jan 2024 11:07:25 +0100 Subject: [PATCH 26/74] Update manifests/mod/cache_disk.pp Co-authored-by: Ewoud Kohl van Wijngaarden --- manifests/mod/cache_disk.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/mod/cache_disk.pp b/manifests/mod/cache_disk.pp index c419e8abae..56c4041f10 100644 --- a/manifests/mod/cache_disk.pp +++ b/manifests/mod/cache_disk.pp @@ -34,7 +34,7 @@ # @note # Apache 2.2, mod_disk_cache installed. On Apache 2.4, mod_cache_disk installed. # -# @see https://httpd.apache.org/docs/2.4/mod/mod_cache_disk.html for additional documentation on version 2.4. +# @see https://httpd.apache.org/docs/2.4/mod/mod_cache_disk.html # class apache::mod::cache_disk ( Optional[Stdlib::Absolutepath] $cache_root = undef, From 9e6e34e58911e20df4d8f86cf0dedd2329cedace Mon Sep 17 00:00:00 2001 From: Dennis Ploeger Date: Tue, 30 Jan 2024 11:08:22 +0100 Subject: [PATCH 27/74] Removed references to Apache 2.2 --- manifests/mod/cache_disk.pp | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/manifests/mod/cache_disk.pp b/manifests/mod/cache_disk.pp index 56c4041f10..4ad00a1b38 100644 --- a/manifests/mod/cache_disk.pp +++ b/manifests/mod/cache_disk.pp @@ -11,11 +11,11 @@ # Default depends on the Apache version and operating system: # - Debian: /var/cache/apache2/mod_cache_disk # - FreeBSD: /var/cache/mod_cache_disk -# - Red Hat, Apache 2.4: /var/cache/httpd/proxy +# - Red Hat: /var/cache/httpd/proxy # # @param cache_enable # Defines an array of directories to cache, the default is none - +# # @param cache_dir_length # The number of characters in subdirectory names # @@ -31,9 +31,6 @@ # @param configuration_file_name # DEPRECATED Name of module configuration file (used for the compatibility layer for disk_cache) # -# @note -# Apache 2.2, mod_disk_cache installed. On Apache 2.4, mod_cache_disk installed. -# # @see https://httpd.apache.org/docs/2.4/mod/mod_cache_disk.html # class apache::mod::cache_disk ( From ce2a3a911622ef3a0d2b2d8c074fe170a2dc5cbb Mon Sep 17 00:00:00 2001 From: Dennis Ploeger Date: Wed, 31 Jan 2024 08:51:46 +0100 Subject: [PATCH 28/74] Update manifests/mod/cache_disk.pp Co-authored-by: Ewoud Kohl van Wijngaarden --- manifests/mod/cache_disk.pp | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/manifests/mod/cache_disk.pp b/manifests/mod/cache_disk.pp index 4ad00a1b38..c8752fc4f3 100644 --- a/manifests/mod/cache_disk.pp +++ b/manifests/mod/cache_disk.pp @@ -59,10 +59,7 @@ }, default => $cache_root, } - $_configuration_file_name = $configuration_file_name ? { - undef => 'cache_disk.conf', - default => $configuration_file_name - } + $_configuration_file_name = pick($configuration_file_name, 'cache_disk.conf') $_class_name = 'apache::mod::cache_disk' apache::mod { 'cache_disk': } From a84601cd32678c3d07dfc071e1e4f0ee812813bb Mon Sep 17 00:00:00 2001 From: Thomas Minor Date: Wed, 31 Jan 2024 15:52:29 +0100 Subject: [PATCH 29/74] fix: fix apache cache_ignore_header regression --- templates/mod/cache.conf.epp | 4 ++-- templates/mod/cache_disk.conf.epp | 4 ---- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/templates/mod/cache.conf.epp b/templates/mod/cache.conf.epp index 136f277e40..54fa76441f 100644 --- a/templates/mod/cache.conf.epp +++ b/templates/mod/cache.conf.epp @@ -1,5 +1,5 @@ <% | - Optional[String] $cache_ignore_headers = undef, + Optional[Array[String[1]]] $cache_ignore_headers = undef, Optional[Integer] $cache_default_expire = undef, Optional[Integer] $cache_max_expire = undef, Optional[Apache::OnOff] $cache_ignore_no_lastmod = undef, @@ -26,5 +26,5 @@ CacheLock <%= $cache_lock %> CacheIgnoreCacheControl <%= $cache_ignore_cache_control %> <%- } -%> <%- if $cache_ignore_headers { -%> -CacheIgnoreHeaders <%= $cache_ignore_headers -%> +CacheIgnoreHeaders <% $cache_ignore_headers.each |$header| { %><%= $header %> <% } %> <%- } -%> diff --git a/templates/mod/cache_disk.conf.epp b/templates/mod/cache_disk.conf.epp index 030f0ba937..55d3351d15 100644 --- a/templates/mod/cache_disk.conf.epp +++ b/templates/mod/cache_disk.conf.epp @@ -4,7 +4,6 @@ Optional[Integer] $cache_dir_length = undef, Optional[Integer] $cache_dir_levels = undef, Optional[Integer] $cache_max_filesize = undef, - Optional[String] $cache_ignore_headers = undef, | -%> <%- if $cache_enable { -%> <%- $cache_enable.each |$enable| { -%> @@ -21,6 +20,3 @@ CacheDirLength <%= $cache_dir_length %> <%- if $cache_max_filesize { -%> CacheMaxFileSize <%= $cache_max_filesize %> <%- } -%> -<%- if $cache_ignore_headers { -%> -CacheIgnoreHeaders <%= $cache_ignore_headers -%> -<%- } -%> From 6c29fbfa222df6c266058a4efa8398f66b5b58a0 Mon Sep 17 00:00:00 2001 From: Thomas Minor Date: Wed, 31 Jan 2024 22:56:58 +0100 Subject: [PATCH 30/74] refactor: change config line generation to simpler and more readable solution --- templates/mod/cache.conf.epp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mod/cache.conf.epp b/templates/mod/cache.conf.epp index 54fa76441f..7eafbd6a15 100644 --- a/templates/mod/cache.conf.epp +++ b/templates/mod/cache.conf.epp @@ -26,5 +26,5 @@ CacheLock <%= $cache_lock %> CacheIgnoreCacheControl <%= $cache_ignore_cache_control %> <%- } -%> <%- if $cache_ignore_headers { -%> -CacheIgnoreHeaders <% $cache_ignore_headers.each |$header| { %><%= $header %> <% } %> +CacheIgnoreHeaders <%= $cache_ignore_headers.join(' ') %> <%- } -%> From 873dc6beb85244ab4506cb008c92f68bee3fba5e Mon Sep 17 00:00:00 2001 From: Thomas Minor Date: Thu, 1 Feb 2024 12:16:01 +0100 Subject: [PATCH 31/74] fix: handle undefined value of $cache_ignore_headers in deprecated module and remove module from bsd defaults --- manifests/default_mods.pp | 2 -- manifests/mod/disk_cache.pp | 9 +++++++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index b03b2660b5..474b53748b 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -69,8 +69,6 @@ 'FreeBSD': { include apache::mod::actions include apache::mod::authn_core - include apache::mod::cache - include apache::mod::disk_cache include apache::mod::filter include apache::mod::headers include apache::mod::info diff --git a/manifests/mod/disk_cache.pp b/manifests/mod/disk_cache.pp index 57ee028e14..5e46107a7d 100644 --- a/manifests/mod/disk_cache.pp +++ b/manifests/mod/disk_cache.pp @@ -1,6 +1,6 @@ # @summary # Installs and configures `mod_disk_cache`. -# +# # @param cache_root # Defines the name of the directory on the disk to contain cache files. # Default depends on the Apache version and operating system: @@ -28,10 +28,15 @@ ) { deprecation('apache::mod::disk_cache', 'This class is deprecated; please use apache::mod::cache_disk') + $_cache_ignore_headers = $cache_ignore_headers ? { + undef => [], + default => $cache_ignore_headers.split(' ') + } + class { 'apache::mod::cache_disk': cache_root => $cache_root, cache_enable => ['/'], - cache_ignore_headers => $cache_ignore_headers.split(' '), + cache_ignore_headers => $_cache_ignore_headers, cache_dir_length => 1, cache_dir_levels => 2, configuration_file_name => 'cache_disk.conf' From 8b998bb676cc444f19615dc76cdf1168b2f96842 Mon Sep 17 00:00:00 2001 From: Thomas Minor Date: Tue, 6 Feb 2024 12:05:12 +0100 Subject: [PATCH 32/74] fix: fix problems with deprecated modules and add additional test for multiple values --- manifests/mod/disk_cache.pp | 7 +------ spec/classes/mod/cache_spec.rb | 15 ++++++++++++++- spec/classes/mod/disk_cache_spec.rb | 2 +- templates/mod/cache.conf.epp | 4 ++-- templates/mod/cache_disk.conf.epp | 14 +++++++++----- 5 files changed, 27 insertions(+), 15 deletions(-) diff --git a/manifests/mod/disk_cache.pp b/manifests/mod/disk_cache.pp index 5e46107a7d..92e56e23f3 100644 --- a/manifests/mod/disk_cache.pp +++ b/manifests/mod/disk_cache.pp @@ -28,15 +28,10 @@ ) { deprecation('apache::mod::disk_cache', 'This class is deprecated; please use apache::mod::cache_disk') - $_cache_ignore_headers = $cache_ignore_headers ? { - undef => [], - default => $cache_ignore_headers.split(' ') - } - class { 'apache::mod::cache_disk': cache_root => $cache_root, cache_enable => ['/'], - cache_ignore_headers => $_cache_ignore_headers, + cache_ignore_headers => $cache_ignore_headers, cache_dir_length => 1, cache_dir_levels => 2, configuration_file_name => 'cache_disk.conf' diff --git a/spec/classes/mod/cache_spec.rb b/spec/classes/mod/cache_spec.rb index 8acb57b0db..3e98a3e679 100644 --- a/spec/classes/mod/cache_spec.rb +++ b/spec/classes/mod/cache_spec.rb @@ -18,7 +18,7 @@ describe 'with cache_ignore_headers' do let(:params) do { - cache_ignore_headers: 'Set-Cookie', + cache_ignore_headers: ['Set-Cookie'], } end @@ -28,6 +28,19 @@ } end + describe 'with cache_ignore_headers' do + let(:params) do + { + cache_ignore_headers: ['Set-Cookie', 'X-Forwarded-For', 'Cross-Origin-Embedder-Policy', 'Expires', 'Access-Control-Allow-Headers'], + } + end + + it { + expect(subject).to contain_file('cache.conf') + .with(content: %r{CacheIgnoreHeaders Access-Control-Allow-Headers Cross-Origin-Embedder-Policy Expires Set-Cookie X-Forwarded-For}) + } + end + describe 'with cache_default_expire' do let(:params) do { diff --git a/spec/classes/mod/disk_cache_spec.rb b/spec/classes/mod/disk_cache_spec.rb index b893cbd9b1..9438d0886d 100644 --- a/spec/classes/mod/disk_cache_spec.rb +++ b/spec/classes/mod/disk_cache_spec.rb @@ -14,7 +14,7 @@ let :pre_condition do 'class{ "apache": - default_mods => ["cache"], + default_mods => ["cache", "disk_cache"], mod_dir => "/tmp/junk", }' end diff --git a/templates/mod/cache.conf.epp b/templates/mod/cache.conf.epp index 7eafbd6a15..354f3b52b8 100644 --- a/templates/mod/cache.conf.epp +++ b/templates/mod/cache.conf.epp @@ -25,6 +25,6 @@ CacheLock <%= $cache_lock %> <%- if $cache_ignore_cache_control { -%> CacheIgnoreCacheControl <%= $cache_ignore_cache_control %> <%- } -%> -<%- if $cache_ignore_headers { -%> -CacheIgnoreHeaders <%= $cache_ignore_headers.join(' ') %> +<%- if ! empty($cache_ignore_headers) { -%> +CacheIgnoreHeaders <%= $cache_ignore_headers.sort.join(' ') %> <%- } -%> diff --git a/templates/mod/cache_disk.conf.epp b/templates/mod/cache_disk.conf.epp index 55d3351d15..6ae5a7b130 100644 --- a/templates/mod/cache_disk.conf.epp +++ b/templates/mod/cache_disk.conf.epp @@ -1,9 +1,10 @@ <% | - Optional[String] $cache_root = undef, - Array[String] $cache_enable = [], - Optional[Integer] $cache_dir_length = undef, - Optional[Integer] $cache_dir_levels = undef, - Optional[Integer] $cache_max_filesize = undef, + Optional[String] $cache_root = undef, + Array[String] $cache_enable = [], + Optional[Integer] $cache_dir_length = undef, + Optional[Integer] $cache_dir_levels = undef, + Optional[Integer] $cache_max_filesize = undef, + Optional[String] $cache_ignore_headers = undef, | -%> <%- if $cache_enable { -%> <%- $cache_enable.each |$enable| { -%> @@ -20,3 +21,6 @@ CacheDirLength <%= $cache_dir_length %> <%- if $cache_max_filesize { -%> CacheMaxFileSize <%= $cache_max_filesize %> <%- } -%> +<%- if $cache_ignore_headers { -%> +CacheIgnoreHeaders <%= $cache_ignore_headers -%> +<%- } -%> From f9ee7f4568f31a3026d0bcc6fec4606c0b94810b Mon Sep 17 00:00:00 2001 From: Malik Parvez <84777619+malikparvez@users.noreply.github.com> Date: Tue, 2 Apr 2024 21:09:37 +0530 Subject: [PATCH 33/74] Fix mend to run on cron --- .github/workflows/mend.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/mend.yml b/.github/workflows/mend.yml index b4100a5af0..8b5b401847 100644 --- a/.github/workflows/mend.yml +++ b/.github/workflows/mend.yml @@ -1,9 +1,10 @@ name: "mend" on: - pull_request: - branches: - - "main" + pull_request_target: + types: + - opened + - synchronize schedule: - cron: "0 0 * * *" workflow_dispatch: From e6a720da8bb3cacd7f61a39aa73d923b3ac3b5e3 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Wed, 3 Apr 2024 07:48:48 +0000 Subject: [PATCH 34/74] Release prep v12.1.0 --- CHANGELOG.md | 14 +++++++++++++- REFERENCE.md | 11 ++++++++++- metadata.json | 2 +- 3 files changed, 24 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3950a39c6e..e761dd2c97 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,19 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org). -## [v12.0.3](https://github.com/puppetlabs/puppetlabs-apache/tree/v12.0.3) - 2024-03-01 +## [v12.1.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v12.1.0) - 2024-04-03 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v12.0.3...v12.1.0) + +### Added + +- vhost: Allow customizing show_diff [#2536](https://github.com/puppetlabs/puppetlabs-apache/pull/2536) ([kajinamit](https://github.com/kajinamit)) + +### Fixed + +- Stop managing mime support package on Debian [#2526](https://github.com/puppetlabs/puppetlabs-apache/pull/2526) ([jcharaoui](https://github.com/jcharaoui)) + +## [v12.0.3](https://github.com/puppetlabs/puppetlabs-apache/tree/v12.0.3) - 2024-03-02 [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v12.0.2...v12.0.3) diff --git a/REFERENCE.md b/REFERENCE.md index 5536426b82..b637f3722a 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -3887,7 +3887,7 @@ The following parameters are available in the `apache::mod::mime` class: ##### `mime_support_package` -Data type: `String` +Data type: `Optional[String]` Name of the MIME package to be installed. @@ -7544,6 +7544,7 @@ The following parameters are available in the `apache::vhost` defined type: * [`error_log_format`](#-apache--vhost--error_log_format) * [`error_documents`](#-apache--vhost--error_documents) * [`ensure`](#-apache--vhost--ensure) +* [`show_diff`](#-apache--vhost--show_diff) * [`fallbackresource`](#-apache--vhost--fallbackresource) * [`filters`](#-apache--vhost--filters) * [`h2_copy_files`](#-apache--vhost--h2_copy_files) @@ -8158,6 +8159,14 @@ Specifies if the virtual host is present or absent.
Default value: `'present'` +##### `show_diff` + +Data type: `Boolean` + +Specifies whether to set the show_diff parameter for the file resource. + +Default value: `true` + ##### `fallbackresource` Data type: `Optional[Variant[Stdlib::Absolutepath, Enum['disabled']]]` diff --git a/metadata.json b/metadata.json index 5592f58ade..a74ad44249 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-apache", - "version": "12.0.3", + "version": "12.1.0", "author": "puppetlabs", "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.", "license": "Apache-2.0", From 82bd1bbe4581c849866651e8ef61d38db028dcac Mon Sep 17 00:00:00 2001 From: Max Gerlings <124243961+gerlingsm@users.noreply.github.com> Date: Thu, 4 Apr 2024 16:24:48 +0200 Subject: [PATCH 35/74] Add missing brackets for function call fix error "expects a Hash value, got Tuple" thanks to @hufschmidt --- templates/vhost/_directories.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index ba072523fc..7beec6dfaa 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -548,7 +548,7 @@ <%= directory['custom_fragment'] %> <%- end -%> <%- if directory['authz_core'] -%> - <%= scope.call_function('epp',["apache/vhost/_authz_core.epp", 'authz_core_config' => scope.call_function('apache::authz_core_config', directory['authz_core'])]) -%> + <%= scope.call_function('epp',["apache/vhost/_authz_core.epp", 'authz_core_config' => scope.call_function('apache::authz_core_config', [ directory['authz_core'] ]) ]) -%> <%- end -%> <%- if directory['gssapi'] -%> <%= scope.call_function('epp',["apache/vhost/_gssapi.epp", directory['gssapi']]) -%> From 1da07de06fc08e727ab00919bee04bb62bb63a53 Mon Sep 17 00:00:00 2001 From: Max Gerlings <124243961+gerlingsm@users.noreply.github.com> Date: Fri, 5 Apr 2024 14:13:58 +0200 Subject: [PATCH 36/74] Add authz unit spec test --- spec/defines/vhost_spec.rb | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index f86569262d..988858d0b5 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -316,6 +316,24 @@ 'mellon_cond' => ['isMemberOf "cn=example-access,ou=Groups,o=example,o=com" [MAP]'], 'mellon_session_length' => '300' }, + { + 'path' => '/secure', + 'provider' => 'location', + 'auth_type' => 'Basic', + 'authz_core' => { + 'require_all' => { + 'require_any' => { + 'require' => ['user superadmin'], + 'require_all' => { + 'require' => ['group admins', 'ldap-group "cn=Administrators,o=Airius"'], + }, + }, + 'require_none' => { + 'require' => ['group temps', 'ldap-group "cn=Temporary Employees,o=Airius"'] + } + } + } + } ], 'error_log' => false, 'error_log_file' => 'httpd_error_log', @@ -630,6 +648,7 @@ .with_content(%r{^\s+Require valid-user$}) .with_content(%r{^\s+Require all denied$}) .with_content(%r{^\s+Require all granted$}) + .with_content(%r{^\s+Require user superadmin$}) .with_content(%r{^\s+$}) .with_content(%r{^\s+$}) .with_content(%r{^\s+Require all-valid1$}) From 1612fd83a2a1a39380766d9765fc71f4fdadb036 Mon Sep 17 00:00:00 2001 From: Max Gerlings <124243961+gerlingsm@users.noreply.github.com> Date: Fri, 5 Apr 2024 14:17:21 +0200 Subject: [PATCH 37/74] Add authz unit acceptance test --- spec/acceptance/vhost_spec.rb | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index ae126471a5..0152d5b7f5 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -452,6 +452,25 @@ class { 'apache': } auth_require => 'valid-user', satisfy => 'Any', }, + { + path => '/var/www/files/authz', + auth_type => 'Basic', + auth_name => 'Basic Auth', + authz_core => { + require_all => { + require_any => { + require => [ + '127.0.0.1' + '10.10.10.10' + ], + require_all => { + auth_user_file => ['/var/www/htpasswd'], + require => ['valid-user'], + }, + }, + } + } + }, ], } file { '/var/www/files/foo': @@ -463,6 +482,9 @@ class { 'apache': } file { '/var/www/files/baz': ensure => directory, } + file { '/var/www/files/authz': + ensure => directory, + } file { '/var/www/files/foo/index.html': ensure => file, content => "Hello World\\n", @@ -475,6 +497,10 @@ class { 'apache': } ensure => file, content => "Hello World\\n", } + file { '/var/www/files/authz/index.html': + ensure => file, + content => "Hello World\\n", + } file { '/var/www/htpasswd': ensure => file, content => "login:IZ7jMcLSx0oQk", # "password" as password @@ -499,6 +525,10 @@ class { 'apache': } expect(result.stderr).to match(%r{curl: \(22\) The requested URL returned error: 401}) expect(result.exit_code).to eq 22 expect(run_shell('/usr/bin/curl -sSf -u login:password files.example.net:80/baz/index.html').stdout).to eq("Hello World\n") + result = run_shell('/usr/bin/curl -sSf files.example.net:80/authz/index.html', expect_failures: true) + expect(result.stderr).to match(%r{curl: \(22\) The requested URL returned error: 401}) + expect(result.exit_code).to eq 22 + expect(run_shell('/usr/bin/curl -sSf -u login:password files.example.net:80/authz/index.html').stdout).to eq("Hello World\n") end end end From ac1fe88c93706974519276f0e782a9820997fa6d Mon Sep 17 00:00:00 2001 From: Max Gerlings <124243961+gerlingsm@users.noreply.github.com> Date: Fri, 5 Apr 2024 14:31:35 +0200 Subject: [PATCH 38/74] Styling fix: Put a comma after the last item of a multiline array --- spec/defines/vhost_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 988858d0b5..1875417114 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -333,7 +333,7 @@ } } } - } + }, ], 'error_log' => false, 'error_log_file' => 'httpd_error_log', From b4c72fcb88a5a499e21c2e7feb971fbccda95b9f Mon Sep 17 00:00:00 2001 From: Benedikt Trefzer Date: Fri, 5 Apr 2024 15:12:05 +0200 Subject: [PATCH 39/74] add XForwardedHeaders for oidc_settings --- types/oidcsettings.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/types/oidcsettings.pp b/types/oidcsettings.pp index e09a0626b7..d3246ccdcd 100644 --- a/types/oidcsettings.pp +++ b/types/oidcsettings.pp @@ -108,5 +108,6 @@ Optional['BlackListedClaims'] => String, Optional['WhiteListedClaims'] => String, Optional['RefreshAccessTokenBeforeExpiry'] => Pattern[/^[0-9]+(\slogout_on_error)?$/], + Optional['XForwardedHeaders'] => String, } ] From 429dd0528b1d1387fde80c01f7d4dfa7d548b0b6 Mon Sep 17 00:00:00 2001 From: Julien Godin Date: Wed, 31 Jan 2024 17:39:59 +0100 Subject: [PATCH 40/74] feature: Allow to set the verbosity of the debug Signed-off-by: Julien Godin --- manifests/mod/security.pp | 5 +++++ spec/classes/mod/security_spec.rb | 2 ++ templates/mod/security.conf.epp | 2 +- 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp index a64be57f8a..b64e8a3859 100644 --- a/manifests/mod/security.pp +++ b/manifests/mod/security.pp @@ -23,6 +23,9 @@ # @param modsec_secruleengine # Configures the rules engine. # +# @param debug_log_level +# Configures the debug log level. +# # @param audit_log_relevant_status # Configures which response status code is to be considered relevant for the purpose of audit logging. # @@ -140,6 +143,7 @@ Optional[Array[String]] $custom_rules_set = $apache::params::modsec_custom_rules_set, Stdlib::Absolutepath $modsec_dir = $apache::params::modsec_dir, String $modsec_secruleengine = $apache::params::modsec_secruleengine, + Integer[0, 9] $debug_log_level = 0, String $audit_log_relevant_status = '^(?:5|4(?!04))', String $audit_log_parts = $apache::params::modsec_audit_log_parts, String $audit_log_type = $apache::params::modsec_audit_log_type, @@ -257,6 +261,7 @@ 'audit_log_parts' => $audit_log_parts, 'audit_log_type' => $audit_log_type, 'audit_log_storage_dir' => $audit_log_storage_dir, + 'debug_log_level' => $debug_log_level, 'logroot' => $logroot, } diff --git a/spec/classes/mod/security_spec.rb b/spec/classes/mod/security_spec.rb index ec41852199..0b58567ab4 100644 --- a/spec/classes/mod/security_spec.rb +++ b/spec/classes/mod/security_spec.rb @@ -103,6 +103,7 @@ audit_log_parts: 'ABCDZ', audit_log_type: 'Concurrent', audit_log_storage_dir: '/var/log/httpd/audit', + debug_log_level: 3, secdefaultaction: 'deny,status:406,nolog,auditlog', secrequestbodyaccess: 'Off', secresponsebodyaccess: 'On', @@ -116,6 +117,7 @@ it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecAuditLogType Concurrent$} } it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecAuditLogStorageDir /var/log/httpd/audit$} } it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecRequestBodyAccess Off$} } + it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecDebugLogLevel 3$} } it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecResponseBodyAccess On$} } it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecRequestBodyLimitAction ProcessPartial$} } it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecResponseBodyLimitAction Reject$} } diff --git a/templates/mod/security.conf.epp b/templates/mod/security.conf.epp index dbca254b30..e2dc2241f9 100644 --- a/templates/mod/security.conf.epp +++ b/templates/mod/security.conf.epp @@ -44,7 +44,7 @@ SecResponseBodyMimeType text/plain text/html text/xml SecResponseBodyLimit 524288 SecResponseBodyLimitAction <%= $secresponsebodylimitaction %> - SecDebugLogLevel 0 + SecDebugLogLevel <%= $debug_log_level %> SecAuditEngine RelevantOnly SecAuditLogRelevantStatus "<%= $audit_log_relevant_status %>" SecAuditLogParts <%= $audit_log_parts %> From c681afea6c017c6ae6664f95f48c9ebc155aebf4 Mon Sep 17 00:00:00 2001 From: Malik Parvez <84777619+malikparvez@users.noreply.github.com> Date: Tue, 21 May 2024 21:12:45 +0530 Subject: [PATCH 41/74] ITHELP-87329 : replace pull_request_target with pull_request --- .github/workflows/mend.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/mend.yml b/.github/workflows/mend.yml index 8b5b401847..b4100a5af0 100644 --- a/.github/workflows/mend.yml +++ b/.github/workflows/mend.yml @@ -1,10 +1,9 @@ name: "mend" on: - pull_request_target: - types: - - opened - - synchronize + pull_request: + branches: + - "main" schedule: - cron: "0 0 * * *" workflow_dispatch: From 9405294bc5d7d80a69b2d05e72e42f215a472511 Mon Sep 17 00:00:00 2001 From: Malik Parvez <84777619+malikparvez@users.noreply.github.com> Date: Tue, 4 Jun 2024 13:52:24 +0530 Subject: [PATCH 42/74] ITHELP-87329 : replace pull_request_target with pull_request --- .github/workflows/labeller.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/labeller.yml b/.github/workflows/labeller.yml index ee149bf525..0d4870d70b 100644 --- a/.github/workflows/labeller.yml +++ b/.github/workflows/labeller.yml @@ -6,7 +6,7 @@ on: - opened - labeled - unlabeled - pull_request_target: + pull_request: types: - opened - labeled From 6173af4b8267a63ba5734f45649fdb463f3fd4dc Mon Sep 17 00:00:00 2001 From: rajat-puppet Date: Mon, 22 Jul 2024 16:46:59 +0530 Subject: [PATCH 43/74] Remove labeller.yml --- .github/workflows/labeller.yml | 27 --------------------------- 1 file changed, 27 deletions(-) delete mode 100644 .github/workflows/labeller.yml diff --git a/.github/workflows/labeller.yml b/.github/workflows/labeller.yml deleted file mode 100644 index 0d4870d70b..0000000000 --- a/.github/workflows/labeller.yml +++ /dev/null @@ -1,27 +0,0 @@ -name: Labeller - -on: - issues: - types: - - opened - - labeled - - unlabeled - pull_request: - types: - - opened - - labeled - - unlabeled - -jobs: - label: - runs-on: ubuntu-latest - steps: - - - uses: puppetlabs/community-labeller@v1.0.1 - name: Label issues or pull requests - with: - label_name: community - label_color: '5319e7' - org_membership: puppetlabs - fail_if_member: 'true' - token: ${{ secrets.IAC_COMMUNITY_LABELER }} From c531341dd77f1c029c5afe3c2184ce3be8c33f4c Mon Sep 17 00:00:00 2001 From: rajat-puppet Date: Mon, 22 Jul 2024 17:23:20 +0530 Subject: [PATCH 44/74] Revert "Remove labeller.yml" This reverts commit 6173af4b8267a63ba5734f45649fdb463f3fd4dc. --- .github/workflows/labeller.yml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 .github/workflows/labeller.yml diff --git a/.github/workflows/labeller.yml b/.github/workflows/labeller.yml new file mode 100644 index 0000000000..0d4870d70b --- /dev/null +++ b/.github/workflows/labeller.yml @@ -0,0 +1,27 @@ +name: Labeller + +on: + issues: + types: + - opened + - labeled + - unlabeled + pull_request: + types: + - opened + - labeled + - unlabeled + +jobs: + label: + runs-on: ubuntu-latest + steps: + + - uses: puppetlabs/community-labeller@v1.0.1 + name: Label issues or pull requests + with: + label_name: community + label_color: '5319e7' + org_membership: puppetlabs + fail_if_member: 'true' + token: ${{ secrets.IAC_COMMUNITY_LABELER }} From 9118a6e41b928f974abc72e90318bba2c61c48a3 Mon Sep 17 00:00:00 2001 From: rajat-puppet Date: Mon, 22 Jul 2024 17:31:19 +0530 Subject: [PATCH 45/74] Remove labeller.yml --- .github/workflows/labeller.yml | 27 --------------------------- 1 file changed, 27 deletions(-) delete mode 100644 .github/workflows/labeller.yml diff --git a/.github/workflows/labeller.yml b/.github/workflows/labeller.yml deleted file mode 100644 index 0d4870d70b..0000000000 --- a/.github/workflows/labeller.yml +++ /dev/null @@ -1,27 +0,0 @@ -name: Labeller - -on: - issues: - types: - - opened - - labeled - - unlabeled - pull_request: - types: - - opened - - labeled - - unlabeled - -jobs: - label: - runs-on: ubuntu-latest - steps: - - - uses: puppetlabs/community-labeller@v1.0.1 - name: Label issues or pull requests - with: - label_name: community - label_color: '5319e7' - org_membership: puppetlabs - fail_if_member: 'true' - token: ${{ secrets.IAC_COMMUNITY_LABELER }} From fcb310ed72d3b6dadc73ca14ff9d91cd1e35ced3 Mon Sep 17 00:00:00 2001 From: Ryan Date: Tue, 3 Sep 2024 12:12:51 +0800 Subject: [PATCH 46/74] Include systemd module for Amazon Linux 2023 --- manifests/default_mods.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index 474b53748b..f970d98cca 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -16,7 +16,7 @@ if $facts['os']['name'] != 'Amazon' and $use_systemd { ::apache::mod { 'systemd': } } - if ($facts['os']['name'] == 'Amazon' and $facts['os']['release']['full'] == '2') { + if ($facts['os']['name'] == 'Amazon' and $facts['os']['release']['major'] =~ /^(2|2023)$/) { ::apache::mod { 'systemd': } } ::apache::mod { 'unixd': } From f23433948e0bfd52169ba3f7cd026c89c80d458c Mon Sep 17 00:00:00 2001 From: Ryan Date: Thu, 5 Sep 2024 13:01:04 +0800 Subject: [PATCH 47/74] always include systemd module when $use_systemd is true --- manifests/default_mods.pp | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index f970d98cca..50f04ba26e 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -13,10 +13,7 @@ case $facts['os']['family'] { 'RedHat': { ::apache::mod { 'log_config': } - if $facts['os']['name'] != 'Amazon' and $use_systemd { - ::apache::mod { 'systemd': } - } - if ($facts['os']['name'] == 'Amazon' and $facts['os']['release']['major'] =~ /^(2|2023)$/) { + if $use_systemd { ::apache::mod { 'systemd': } } ::apache::mod { 'unixd': } From 324e952c53fc9ff3e45946413a79a7e515a3f586 Mon Sep 17 00:00:00 2001 From: Atib Samal <76742622+Harvey2504@users.noreply.github.com> Date: Thu, 19 Sep 2024 19:12:10 +0530 Subject: [PATCH 48/74] Fix apache2-mod_php7 not found for SLES-15 --- manifests/mod/php.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/mod/php.pp b/manifests/mod/php.pp index 2d10e02b4b..62b0eca2ea 100644 --- a/manifests/mod/php.pp +++ b/manifests/mod/php.pp @@ -111,8 +111,8 @@ if ($_package_name == 'apache2-mod_php7' and versioncmp($facts['os']['release']['major'], '15') >= 0 and versioncmp($facts['os']['release']['minor'], '3') == 1) { exec { 'enable legacy repos': path => '/bin:/usr/bin/:/sbin:/usr/sbin', - command => 'SUSEConnect --product sle-module-legacy/15.5/x86_64', - unless => 'SUSEConnect --status-text | grep sle-module-legacy/15.5/x86_64', + command => "SUSEConnect --product sle-module-legacy/${facts['os']['release']['major']}.${facts['os']['release']['minor']}/x86_64", + unless => "SUSEConnect --status-text | grep sle-module-legacy/${facts['os']['release']['major']}.${facts['os']['release']['minor']}/x86_64", } } From 63de3350a61c62bfeb7cc83bc58f5051c7d032bf Mon Sep 17 00:00:00 2001 From: Atib Samal <76742622+Harvey2504@users.noreply.github.com> Date: Mon, 23 Sep 2024 13:23:27 +0530 Subject: [PATCH 49/74] Fixing acceptance test node setup --- spec/setup_acceptance_node.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/setup_acceptance_node.pp b/spec/setup_acceptance_node.pp index 6f3150006c..641c9d4f24 100644 --- a/spec/setup_acceptance_node.pp +++ b/spec/setup_acceptance_node.pp @@ -10,8 +10,8 @@ if (versioncmp($facts['os']['release']['major'], '15') >= 0 and versioncmp($facts['os']['release']['minor'], '3') == 1) { exec { 'enable legacy repos': path => '/bin:/usr/bin/:/sbin:/usr/sbin', - command => 'SUSEConnect --product sle-module-legacy/15.5/x86_64', - unless => 'SUSEConnect --status-text | grep sle-module-legacy/15.5/x86_64', + command => "SUSEConnect --product sle-module-legacy/${facts['os']['release']['major']}.${facts['os']['release']['minor']}/x86_64", + unless => "SUSEConnect --status-text | grep sle-module-legacy/${facts['os']['release']['major']}.${facts['os']['release']['minor']}/x86_64", } } # needed for netstat, for serverspec checks From b4ad4a7654a0dfe6b5c3ba08c3d747ed09e6035b Mon Sep 17 00:00:00 2001 From: Amit Karsale Date: Wed, 11 Sep 2024 14:16:18 +0530 Subject: [PATCH 50/74] pdksync - (PF-3525) - pdk update for module --- .github/workflows/release.yml | 2 +- .gitignore | 7 +++++++ .pdkignore | 7 +++++++ .rubocop.yml | 8 +++++++- .vscode/extensions.json | 2 +- Gemfile | 26 +++++++++++++------------- metadata.json | 4 ++-- spec/spec_helper.rb | 5 +++-- 8 files changed, 41 insertions(+), 20 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0b7b8a05dd..4b3b80fc80 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -2,7 +2,7 @@ name: "Publish module" on: workflow_dispatch: - + jobs: release: uses: "puppetlabs/cat-github-actions/.github/workflows/module_release.yml@main" diff --git a/.gitignore b/.gitignore index 3f1551212b..2803e566b5 100644 --- a/.gitignore +++ b/.gitignore @@ -19,6 +19,7 @@ /spec/fixtures/modules/* /tmp/ /vendor/ +/.vendor/ /convert_report.txt /update_report.txt .DS_Store @@ -26,3 +27,9 @@ .envrc /inventory.yaml /spec/fixtures/litmus_inventory.yaml +.resource_types +.modules +.task_cache.json +.plan_cache.json +.rerun.json +bolt-debug.log diff --git a/.pdkignore b/.pdkignore index 862847a72c..84684be63f 100644 --- a/.pdkignore +++ b/.pdkignore @@ -19,6 +19,7 @@ /spec/fixtures/modules/* /tmp/ /vendor/ +/.vendor/ /convert_report.txt /update_report.txt .DS_Store @@ -26,6 +27,12 @@ .envrc /inventory.yaml /spec/fixtures/litmus_inventory.yaml +.resource_types +.modules +.task_cache.json +.plan_cache.json +.rerun.json +bolt-debug.log /.fixtures.yml /Gemfile /.gitattributes diff --git a/.rubocop.yml b/.rubocop.yml index 7a66e08331..439ea84ee8 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -5,7 +5,7 @@ require: AllCops: NewCops: enable DisplayCopNames: true - TargetRubyVersion: '2.7' + TargetRubyVersion: '2.6' Include: - "**/*.rb" Exclude: @@ -529,6 +529,8 @@ Lint/DuplicateBranch: Enabled: false Lint/DuplicateMagicComment: Enabled: false +Lint/DuplicateMatchPattern: + Enabled: false Lint/DuplicateRegexpCharacterClassElement: Enabled: false Lint/EmptyBlock: @@ -645,6 +647,8 @@ Style/ComparableClamp: Enabled: false Style/ConcatArrayLiterals: Enabled: false +Style/DataInheritance: + Enabled: false Style/DirEmpty: Enabled: false Style/DocumentDynamicEvalDefinition: @@ -713,6 +717,8 @@ Style/RedundantHeredocDelimiterQuotes: Enabled: false Style/RedundantInitialize: Enabled: false +Style/RedundantLineContinuation: + Enabled: false Style/RedundantSelfAssignmentBranch: Enabled: false Style/RedundantStringEscape: diff --git a/.vscode/extensions.json b/.vscode/extensions.json index 2f1e4f73a5..6da8d472f8 100644 --- a/.vscode/extensions.json +++ b/.vscode/extensions.json @@ -1,6 +1,6 @@ { "recommendations": [ "puppet.puppet-vscode", - "rebornix.Ruby" + "Shopify.ruby-lsp" ] } diff --git a/Gemfile b/Gemfile index ca0e773ecd..9f66bfa983 100644 --- a/Gemfile +++ b/Gemfile @@ -20,30 +20,30 @@ group :development do gem "json", '= 2.6.1', require: false if Gem::Requirement.create(['>= 3.1.0', '< 3.1.3']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) gem "json", '= 2.6.3', require: false if Gem::Requirement.create(['>= 3.2.0', '< 4.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) gem "racc", '~> 1.4.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "deep_merge", '~> 1.2.2', require: false gem "voxpupuli-puppet-lint-plugins", '~> 5.0', require: false - gem "facterdb", '~> 1.18', require: false - gem "metadata-json-lint", '~> 3.0', require: false - gem "puppetlabs_spec_helper", '~> 6.0', require: false + gem "facterdb", '~> 1.18', require: false + gem "metadata-json-lint", '~> 4.0', require: false gem "rspec-puppet-facts", '~> 2.0', require: false - gem "codecov", '~> 0.2', require: false gem "dependency_checker", '~> 1.0.0', require: false gem "parallel_tests", '= 3.12.1', require: false gem "pry", '~> 0.10', require: false - gem "simplecov-console", '~> 0.5', require: false + gem "simplecov-console", '~> 0.9', require: false gem "puppet-debugger", '~> 1.0', require: false - gem "rubocop", '= 1.48.1', require: false + gem "rubocop", '~> 1.50.0', require: false gem "rubocop-performance", '= 1.16.0', require: false gem "rubocop-rspec", '= 2.19.0', require: false - gem "puppet-strings", '~> 4.0', require: false gem "rb-readline", '= 0.5.5', require: false, platforms: [:mswin, :mingw, :x64_mingw] + gem "rexml", '>= 3.0.0', '< 3.2.7', require: false end -group :system_tests do - gem "puppet_litmus", '~> 1.0', require: false, platforms: [:ruby, :x64_mingw] - gem "serverspec", '~> 2.41', require: false -end -group :release_prep do +group :development, :release_prep do gem "puppet-strings", '~> 4.0', require: false - gem "puppetlabs_spec_helper", '~> 6.0', require: false + gem "puppetlabs_spec_helper", '~> 7.0', require: false +end +group :system_tests do + gem "puppet_litmus", '~> 1.0', require: false, platforms: [:ruby, :x64_mingw] + gem "CFPropertyList", '< 3.0.7', require: false, platforms: [:mswin, :mingw, :x64_mingw] + gem "serverspec", '~> 2.41', require: false end puppet_version = ENV['PUPPET_GEM_VERSION'] diff --git a/metadata.json b/metadata.json index a74ad44249..cb9f1ab89e 100644 --- a/metadata.json +++ b/metadata.json @@ -87,7 +87,7 @@ } ], "description": "Module for Apache configuration", - "pdk-version": "3.0.0", + "pdk-version": "3.2.0", "template-url": "https://github.com/puppetlabs/pdk-templates.git#main", - "template-ref": "heads/main-0-g79a2f93" + "template-ref": "tags/3.2.0.4-0-g5d17ec1" } diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 6820cebee7..ae7c1f6818 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -25,7 +25,8 @@ next unless File.exist?(f) && File.readable?(f) && File.size?(f) begin - default_facts.merge!(YAML.safe_load(File.read(f), permitted_classes: [], permitted_symbols: [], aliases: true)) + require 'deep_merge' + default_facts.deep_merge!(YAML.safe_load(File.read(f), permitted_classes: [], permitted_symbols: [], aliases: true)) rescue StandardError => e RSpec.configuration.reporter.message "WARNING: Unable to load #{f}: #{e}" end @@ -33,7 +34,7 @@ # read default_facts and merge them over what is provided by facterdb default_facts.each do |fact, value| - add_custom_fact fact, value + add_custom_fact fact, value, merge_facts: true end RSpec.configure do |c| From 90f7482290c4143d168f4d209e16518b5968c27f Mon Sep 17 00:00:00 2001 From: Peter Jackson Date: Fri, 20 Sep 2024 12:38:04 +0100 Subject: [PATCH 51/74] Update config parameters to match latest OIDC release and fix typos. #2567 #2566 --- REFERENCE.md | 250 +++++++++++++++++++++++------------------ types/oidcsettings.pp | 251 ++++++++++++++++++++++++------------------ 2 files changed, 286 insertions(+), 215 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index b637f3722a..5b43bcb8e3 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -11306,113 +11306,149 @@ Alias of ```puppet Struct[{ - Optional['RedirectURI'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl, Pattern[/^\/[A-Za-z0-9\-\._%\/]*$/]], - Optional['CryptoPassphrase'] => String, - Optional['MetadataDir'] => String, - Optional['ProviderMetadataURL'] => Stdlib::HTTPSUrl, - Optional['ProviderIssuer'] => String, - Optional['ProviderAuthorizationEndpoint'] => Stdlib::HTTPSUrl, - Optional['ProviderJwksUri'] => Stdlib::HTTPSUrl, - Optional['ProviderTokenEndpoint'] => Stdlib::HTTPSUrl, - Optional['ProviderTokenEndpointAuth'] => Enum['client_secret_basic', 'client_secret_post', 'client_secret_jwt', 'private_key_jwt', 'none'], - Optional['ProviderTokenEndpointParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], - Optional['ProviderUserInfoEndpoint'] => Stdlib::HTTPSUrl, - Optional['ProviderCheckSessionIFrame'] => Stdlib::HTTPSUrl, - Optional['ProviderEndSessionEndpoint'] => Stdlib::HTTPSUrl, - Optional['ProviderRevocationEndpoint'] => Stdlib::HTTPSUrl, - Optional['ProviderBackChannelLogoutSupported'] => Enum['On', 'Off'], - Optional['ProviderRegistrationEndpointJson'] => String, - Optional['Scope'] => Pattern[/^\"?[A-Za-z0-9\-\._\s]+\"?$/], - Optional['AuthRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], - Optional['SSLValidateServer'] => Enum['On', 'Off'], - Optional['UserInfoRefreshInterval'] => Integer, - Optional['JWKSRefreshInterval'] => Integer, - Optional['UserInfoTokenMethod'] => Enum['authz_header', 'post_param'], - Optional['ProviderAuthRequestMethod'] => Enum['GET', 'POST'], - Optional['PublicKeyFiles'] => String, - Optional['ResponseType'] => Enum['code', 'id_token', 'id_token token', 'code id_token', 'code token', 'code id_token token'], - Optional['ResponseMode'] => Enum['fragment', 'query', 'form_post'], - Optional['ClientID'] => String, - Optional['ClientSecret'] => String, - Optional['ClientTokenEndpointCert'] => String, - Optional['ClientTokenEndpointKey'] => String, - Optional['ClientName'] => String, - Optional['ClientContact'] => String, - Optional['PKCDMethod'] => Enum['plain', 'S256', 'referred_tb'], - Optional['TokenBindingPolicy'] => Enum['disabled', 'optional', 'required', 'enforced'], - Optional['ClientJwksUri'] => Stdlib::HTTPSUrl, - Optional['IDTokenSignedResponseAlg'] => Enum['RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512', 'HS256', 'HS384', 'HS512', 'ES256', 'ES384', 'ES512'], - Optional['IDTokenEncryptedResponseAlg'] => Enum['RSA1_5', 'A128KW', 'A256KW', 'RSA-OAEP'], - Optional['IDTokenEncryptedResponseEnc'] => Enum['A128CBC-HS256', 'A256CBC-HS512', 'A256GCM'], - Optional['UserInfoSignedResposeAlg'] => Enum['RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512', 'HS256', 'HS384', 'HS512', 'ES256', 'ES384', 'ES512'], - Optional['UserInfoEncryptedResponseAlg'] => Enum['RSA1_5', 'A128KW', 'A256KW', 'RSA-OAEP'], - Optional['UserInfoEncryptedResponseEnc'] => Enum['A128CBC-HS256', 'A256CBC-HS512', 'A256GCM'], - Optional['OAuthServerMetadataURL'] => Stdlib::HTTPSUrl, - Optional['AuthIntrospectionEndpoint'] => Stdlib::HTTPSUrl, - Optional['OAuthClientID'] => String, - Optional['OAuthClientSecret'] => String, - Optional['OAuthIntrospectionEndpointAuth'] => Enum['client_secret_basic', 'client_secret_post', 'client_secret_jwt', 'private_key_jwt', 'bearer_access_token', 'none'], - Optional['OAuthIntrospectionClientAuthBearerToken'] => String, - Optional['OAuthIntrospectionEndpointCert'] => String, - Optional['OAuthIntrospectionEndpointKey'] => String, - Optional['OAuthIntrospectionEndpointMethod'] => Enum['POST', 'GET'], - Optional['OAuthIntrospectionEndpointParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], - Optional['OAuthIntrospectionTokenParamName'] => String, - Optional['OAuthTokenExpiryClaim'] => Pattern[/^[A-Za-z0-9\-\._]+\s(absolute|relative)\s(mandatory|optional)$/], - Optional['OAuthSSLValidateServer'] => Enum['On', 'Off'], - Optional['OAuthVerifySharedKeys'] => String, - Optional['OAuthVerifyCertFiles'] => String, - Optional['OAuthVerifyJwksUri'] => Stdlib::HTTPSUrl, - Optional['OAuthRemoteUserClaim'] => String, - Optional['OAuthAcceptTokenAs'] => Pattern[/^((header|post|query|cookie\:[A-Za-z0-9\-\._]+|basic)\s?)+$/], - Optional['OAuthAccessTokenBindingPolicy'] => Enum['disabled', 'optional', 'required', 'enforced'], - Optional['Cookie'] => String, - Optional['SessionCookieChunkSize'] => Integer, - Optional['CookieHTTPOnly'] => Enum['On', 'Off'], - Optional['CookieSameSite'] => Enum['On', 'Off'], - Optional['PassCookies'] => String, - Optional['StripCookies'] => String, - Optional['StateMaxNumberOfCookies'] => Pattern[/^[0-9]+\s(false|true)$/], - Optional['SessionInactivityTimeout'] => Integer, - Optional['SessionMaxDuration'] => Integer, - Optional['SessionType'] => Pattern[/^(server-cache(:persistent)?|client-cookie(:persistent)?)$/], - Optional['SessionCacheFallbackToCookie'] => Enum['On', 'Off'], - Optional['CacheType'] => Enum['shm', 'memcache', 'file', 'redis'], - Optional['CacheEncrypt'] => Enum['On', 'Off'], - Optional['CacheShmMax'] => Integer, - Optional['CacheShmEntrySizeMax'] => Integer, - Optional['CacheFileCleanInterval'] => Integer, - Optional['MemCacheServers'] => String, - Optional['RedisCacheServer'] => String, - Optional['RedisCachePassword'] => String, - Optional['DiscoverURL'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl], - Optional['HTMLErrorTemplate'] => String, - Optional['DefaultURL'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl], - Optional['PathScope'] => Pattern[/^\"?[A-Za-z0-9\-\._\s]+\"?$/], - Optional['PathAuthRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], - Optional['IDTokenIatSlack'] => Integer, - Optional['ClaimPrefix'] => String, - Optional['ClaimDelimiter'] => Pattern[/^.$/], - Optional['RemoteUserClaim'] => String, - Optional['PassIDTokenAs'] => Pattern[/^((claims|payload|serialized)\s?)+$/], - Optional['PassUserInfoAs'] => Pattern[/^((claims|json|jwt)\s?)+$/], - Optional['PassClaimsAs'] => Enum['none', 'headers', 'environment', 'both'], - Optional['AuthNHeader'] => String, - Optional['HTTPTimeoutLong'] => Integer, - Optional['HTTPTimeoutShort'] => Integer, - Optional['StateTimeout'] => Integer, - Optional['ScrubRequestHeaders'] => Enum['On', 'Off'], - Optional['OutgoingProxy'] => String, - Optional['UnAuthAction'] => Enum['auth', 'pass', '401', '410'], - Optional['UnAuthzAction'] => Enum['401', '403', 'auth'], - Optional['PreservePost'] => Enum['On', 'Off'], - Optional['PassRefreshToken'] => Enum['On', 'Off'], - Optional['RequestObject'] => String, - Optional['ProviderMetadataRefreshInterval'] => Integer, - Optional['InfoHook'] => Pattern[/^((iat|access_token|access_token_expires|id_token|userinfo|refresh_token|session)\s?)+$/], - Optional['BlackListedClaims'] => String, - Optional['WhiteListedClaims'] => String, - Optional['RefreshAccessTokenBeforeExpiry'] => Pattern[/^[0-9]+(\slogout_on_error)?$/], + Optional['RedirectURI'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl, Pattern[/^\/[A-Za-z0-9\-\._%\/]*$/]], + Optional['CryptoPassphrase'] => String, + Optional['MetadataDir'] => String, + Optional['ProviderMetadataURL'] => Stdlib::HTTPSUrl, + Optional['ProviderIssuer'] => String, + Optional['ProviderAuthorizationEndpoint'] => Stdlib::HTTPSUrl, + Optional['ProviderJwksUri'] => Stdlib::HTTPSUrl, + Optional['ProviderTokenEndpoint'] => Stdlib::HTTPSUrl, + Optional['ProviderTokenEndpointAuth'] => Enum['client_secret_basic', 'client_secret_post', 'client_secret_jwt', 'private_key_jwt', 'none'], + Optional['ProviderTokenEndpointParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], + Optional['ProviderUserInfoEndpoint'] => Stdlib::HTTPSUrl, + Optional['ProviderCheckSessionIFrame'] => Stdlib::HTTPSUrl, + Optional['ProviderEndSessionEndpoint'] => Stdlib::HTTPSUrl, + Optional['ProviderRevocationEndpoint'] => Stdlib::HTTPSUrl, + Optional['ProviderBackChannelLogoutSupported'] => Enum['On', 'Off'], + Optional['ProviderRegistrationEndpointJson'] => String, + Optional['Scope'] => Pattern[/^\"?[A-Za-z0-9\-\._\s]+\"?$/], + Optional['AuthRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], + Optional['SSLValidateServer'] => Enum['On', 'Off'], + Optional['UserInfoRefreshInterval'] => Pattern[/^[0-9]+(\s?(logout_on_error|authenticate_on_error|502_on_error))?$/], + Optional['JWKSRefreshInterval'] => Integer, + Optional['UserInfoTokenMethod'] => Enum['authz_header', 'post_param'], + Optional['ProviderAuthRequestMethod'] => Enum['GET', 'POST', 'PAR'], + Optional['PublicKeyFiles'] => String, + Optional['PrivateKeyFiles'] => String, + Optional['ResponseType'] => Enum['code', 'id_token', 'id_token token', 'code id_token', 'code token', 'code id_token token'], + Optional['ResponseMode'] => Enum['fragment', 'query', 'form_post'], + Optional['ClientID'] => String, + Optional['ClientSecret'] => String, + Optional['ClientTokenEndpointCert'] => String, + Optional['ClientTokenEndpointKey'] => String, + Optional['ClientTokenEndpointKeyPassword'] => String, + Optional['ClientName'] => String, + Optional['ClientContact'] => String, + Optional['PKCEMethod'] => Enum['plain', 'S256', 'referred_tb', 'none'], + Optional['TokenBindingPolicy'] => Enum['disabled', 'optional', 'required', 'enforced'], + Optional['ClientJwksUri'] => Stdlib::HTTPSUrl, + Optional['IDTokenSignedResponseAlg'] => Enum['RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512', 'HS256', 'HS384', 'HS512', 'ES256', 'ES384', 'ES512'], + Optional['IDTokenEncryptedResponseAlg'] => Enum['RSA1_5', 'A128KW', 'A256KW', 'RSA-OAEP'], + Optional['IDTokenEncryptedResponseEnc'] => Enum['A128CBC-HS256', 'A256CBC-HS512', 'A256GCM'], + Optional['UserInfoSignedResponseAlg'] => Enum['RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512', 'HS256', 'HS384', 'HS512', 'ES256', 'ES384', 'ES512'], + Optional['UserInfoEncryptedResponseAlg'] => Enum['RSA1_5', 'A128KW', 'A256KW', 'RSA-OAEP'], + Optional['UserInfoEncryptedResponseEnc'] => Enum['A128CBC-HS256', 'A256CBC-HS512', 'A256GCM'], + Optional['OAuthServerMetadataURL'] => Stdlib::HTTPSUrl, + Optional['AuthIntrospectionEndpoint'] => Stdlib::HTTPSUrl, + Optional['OAuthClientID'] => String, + Optional['OAuthClientSecret'] => String, + Optional['OAuthIntrospectionEndpoint'] => String, + Optional['OAuthIntrospectionEndpointAuth'] => Enum['client_secret_basic', 'client_secret_post', 'client_secret_jwt', 'private_key_jwt', 'bearer_access_token', 'none'], + Optional['OAuthIntrospectionClientAuthBearerToken'] => String, + Optional['OAuthIntrospectionEndpointCert'] => String, + Optional['OAuthIntrospectionEndpointKey'] => String, + Optional['OAuthIntrospectionEndpointKeyPassword'] => String, + Optional['OAuthIntrospectionEndpointMethod'] => Enum['POST', 'GET'], + Optional['OAuthIntrospectionEndpointParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], + Optional['OAuthIntrospectionTokenParamName'] => String, + Optional['OAuthTokenExpiryClaim'] => Pattern[/^[A-Za-z0-9\-\._]+\s?((absolute|relative)+(\s(mandatory|optional))?)?$/], + Optional['OAuthTokenIntrospectionInterval'] => Integer, + Optional['OAuthSSLValidateServer'] => Enum['On', 'Off'], + Optional['OAuthVerifySharedKeys'] => String, + Optional['OAuthVerifyCertFiles'] => String, + Optional['OAuthVerifyJwksUri'] => Stdlib::HTTPSUrl, + Optional['OAuthRemoteUserClaim'] => String, + Optional['OAuthAcceptTokenAs'] => Pattern[/^((header|post|query|cookie\:[A-Za-z0-9\-\._]+|basic)\s?)+$/], + Optional['OAuthAccessTokenBindingPolicy'] => Enum['disabled', 'optional', 'required', 'enforced'], + Optional['Cookie'] => String, + Optional['CookieDomain'] => String, + Optional['CookiePath'] => String, + Optional['SessionCookieChunkSize'] => Integer, + Optional['CookieHTTPOnly'] => Enum['On', 'Off'], + Optional['CookieSameSite'] => Enum['On', 'Off'], + Optional['PassCookies'] => String, + Optional['StripCookies'] => String, + Optional['StateMaxNumberOfCookies'] => Pattern[/^[0-9]+(\s?(false|true))?$/], + Optional['SessionInactivityTimeout'] => Integer, + Optional['SessionMaxDuration'] => Integer, + Optional['SessionType'] => Pattern[/^(server-cache(:persistent)?|client-cookie(:persistent|:store_id_token|:persistent:store_id_token)?)$/], + Optional['SessionCacheFallbackToCookie'] => Enum['On', 'Off'], + Optional['CacheType'] => Enum['shm', 'memcache', 'file', 'redis'], + Optional['CacheDir'] => String, + Optional['CacheEncrypt'] => Enum['On', 'Off'], + Optional['CacheShmMax'] => Integer, + Optional['CacheShmEntrySizeMax'] => Integer, + Optional['CacheFileCleanInterval'] => Integer, + Optional['MemCacheServers'] => String, + Optional['MemCacheConnectionsHMax'] => Integer, + Optional['MemCacheConnectionsMin'] => Integer, + Optional['MemCacheConnectionsSMax'] => Integer, + Optional['MemCacheConnectionsTTL'] => Integer, + Optional['RedisCacheServer'] => String, + Optional['RedisCachePassword'] => String, + Optional['RedisCacheConnectTimeout'] => Pattern[/^[0-9]+\s?[0-9]*$/], + Optional['RedisCacheDatabase'] => Integer, + Optional['RedisCacheTimeout'] => Integer, + Optional['RedisCacheUsername'] => String, + Optional['DiscoverURL'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl], + Optional['HTMLErrorTemplate'] => String, + Optional['DefaultURL'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl], + Optional['PathScope'] => Pattern[/^\"?[A-Za-z0-9\-\._\s]+\"?$/], + Optional['PathAuthRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], + Optional['IDTokenIatSlack'] => Integer, + Optional['ClaimPrefix'] => String, + Optional['ClaimDelimiter'] => Pattern[/^.$/], + Optional['RemoteUserClaim'] => String, + Optional['PassIDTokenAs'] => Pattern[/^((claims|payload|serialized)\s?)+$/], + Optional['PassUserInfoAs'] => Pattern[/^((claims|json(:([A-Za-z0-9\-\._])+)?|(signed_)?jwt(:([A-Za-z0-9\-\._])+)?)\s?)+$/], + Optional['PassClaimsAs'] => Enum['none', 'headers', 'environment', 'both'], + Optional['AuthNHeader'] => String, + Optional['HTTPTimeoutLong'] => Integer, + Optional['HTTPTimeoutShort'] => Integer, + Optional['StateTimeout'] => Integer, + Optional['ScrubRequestHeaders'] => Enum['On', 'Off'], + Optional['OutgoingProxy'] => String, + Optional['UnAuthAction'] => Pattern[/^(auth|pass|401|407|410)\s.*/], + Optional['UnAutzAction'] => Pattern[/^(none|headers|environment|both)(\s+(latin1|base64url|none)+)?$/], + Optional['PreservePost'] => Enum['On', 'Off'], + Optional['PreservePostTemplates'] => String, + Optional['PassRefreshToken'] => Enum['On', 'Off'], + Optional['RequestObject'] => String, + Optional['ProviderMetadataRefreshInterval'] => Integer, + Optional['InfoHook'] => Pattern[/^((iat|access_token|access_token_expires|id_token|id_token_hint|userinfo|refresh_token|exp|timeout|remote_user|session)\s?)+$/], + Optional['BlackListedClaims'] => String, + Optional['WhiteListedClaims'] => String, + Optional['RefreshAccessTokenBeforeExpiry'] => Pattern[/^[0-9]+(\s(logout_on_error|authenticate_on_error|502_on_error))?$/], + Optional['XForwardedHeaders'] => String, + Optional['CABundlePath'] => String, + Optional['DefaultLoggedOutURL'] => String, + Optional['DPoPMode'] => String, + Optional['FilterClaimsExpr'] => String, + Optional['LogoutRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], + Optional['LogoutXFrameOptions'] => String, + Optional['MetricsData'] => String, + Optional['MetricsPublish'] => String, + Optional['PassAccessToken'] => Enum['On', 'Off'], + Optional['ProviderPushedAuthorizationRequestEndpoint'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl], + Optional['ProviderSignedJwksUri'] => String, + Optional['ProviderVerifyCertFiles'] => String, + Optional['RedirectURLsAllowed'] => String, + Optional['StateCookiePrefix'] => String, + Optional['StateInputHeaders'] => Enum['user-agent', 'x-forwarded-for', 'both', 'none'], + Optional['TraceParent'] => Enum['off', 'generate', 'propagate'], + Optional['UserInfoClaimsExpr'] => String, + Optional['ValidateIssuer'] => Enum['On', 'Off'], }] ``` diff --git a/types/oidcsettings.pp b/types/oidcsettings.pp index d3246ccdcd..8a14935282 100644 --- a/types/oidcsettings.pp +++ b/types/oidcsettings.pp @@ -1,113 +1,148 @@ # https://github.com/zmartzone/mod_auth_openidc/blob/master/auth_openidc.conf type Apache::OIDCSettings = Struct[ { - Optional['RedirectURI'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl, Pattern[/^\/[A-Za-z0-9\-\._%\/]*$/]], - Optional['CryptoPassphrase'] => String, - Optional['MetadataDir'] => String, - Optional['ProviderMetadataURL'] => Stdlib::HTTPSUrl, - Optional['ProviderIssuer'] => String, - Optional['ProviderAuthorizationEndpoint'] => Stdlib::HTTPSUrl, - Optional['ProviderJwksUri'] => Stdlib::HTTPSUrl, - Optional['ProviderTokenEndpoint'] => Stdlib::HTTPSUrl, - Optional['ProviderTokenEndpointAuth'] => Enum['client_secret_basic', 'client_secret_post', 'client_secret_jwt', 'private_key_jwt', 'none'], - Optional['ProviderTokenEndpointParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], - Optional['ProviderUserInfoEndpoint'] => Stdlib::HTTPSUrl, - Optional['ProviderCheckSessionIFrame'] => Stdlib::HTTPSUrl, - Optional['ProviderEndSessionEndpoint'] => Stdlib::HTTPSUrl, - Optional['ProviderRevocationEndpoint'] => Stdlib::HTTPSUrl, - Optional['ProviderBackChannelLogoutSupported'] => Enum['On', 'Off'], - Optional['ProviderRegistrationEndpointJson'] => String, - Optional['Scope'] => Pattern[/^\"?[A-Za-z0-9\-\._\s]+\"?$/], - Optional['AuthRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], - Optional['SSLValidateServer'] => Enum['On', 'Off'], - Optional['UserInfoRefreshInterval'] => Integer, - Optional['JWKSRefreshInterval'] => Integer, - Optional['UserInfoTokenMethod'] => Enum['authz_header', 'post_param'], - Optional['ProviderAuthRequestMethod'] => Enum['GET', 'POST'], - Optional['PublicKeyFiles'] => String, - Optional['ResponseType'] => Enum['code', 'id_token', 'id_token token', 'code id_token', 'code token', 'code id_token token'], - Optional['ResponseMode'] => Enum['fragment', 'query', 'form_post'], - Optional['ClientID'] => String, - Optional['ClientSecret'] => String, - Optional['ClientTokenEndpointCert'] => String, - Optional['ClientTokenEndpointKey'] => String, - Optional['ClientName'] => String, - Optional['ClientContact'] => String, - Optional['PKCDMethod'] => Enum['plain', 'S256', 'referred_tb'], - Optional['TokenBindingPolicy'] => Enum['disabled', 'optional', 'required', 'enforced'], - Optional['ClientJwksUri'] => Stdlib::HTTPSUrl, - Optional['IDTokenSignedResponseAlg'] => Enum['RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512', 'HS256', 'HS384', 'HS512', 'ES256', 'ES384', 'ES512'], - Optional['IDTokenEncryptedResponseAlg'] => Enum['RSA1_5', 'A128KW', 'A256KW', 'RSA-OAEP'], - Optional['IDTokenEncryptedResponseEnc'] => Enum['A128CBC-HS256', 'A256CBC-HS512', 'A256GCM'], - Optional['UserInfoSignedResposeAlg'] => Enum['RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512', 'HS256', 'HS384', 'HS512', 'ES256', 'ES384', 'ES512'], - Optional['UserInfoEncryptedResponseAlg'] => Enum['RSA1_5', 'A128KW', 'A256KW', 'RSA-OAEP'], - Optional['UserInfoEncryptedResponseEnc'] => Enum['A128CBC-HS256', 'A256CBC-HS512', 'A256GCM'], - Optional['OAuthServerMetadataURL'] => Stdlib::HTTPSUrl, - Optional['AuthIntrospectionEndpoint'] => Stdlib::HTTPSUrl, - Optional['OAuthClientID'] => String, - Optional['OAuthClientSecret'] => String, - Optional['OAuthIntrospectionEndpointAuth'] => Enum['client_secret_basic', 'client_secret_post', 'client_secret_jwt', 'private_key_jwt', 'bearer_access_token', 'none'], - Optional['OAuthIntrospectionClientAuthBearerToken'] => String, - Optional['OAuthIntrospectionEndpointCert'] => String, - Optional['OAuthIntrospectionEndpointKey'] => String, - Optional['OAuthIntrospectionEndpointMethod'] => Enum['POST', 'GET'], - Optional['OAuthIntrospectionEndpointParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], - Optional['OAuthIntrospectionTokenParamName'] => String, - Optional['OAuthTokenExpiryClaim'] => Pattern[/^[A-Za-z0-9\-\._]+\s(absolute|relative)\s(mandatory|optional)$/], - Optional['OAuthSSLValidateServer'] => Enum['On', 'Off'], - Optional['OAuthVerifySharedKeys'] => String, - Optional['OAuthVerifyCertFiles'] => String, - Optional['OAuthVerifyJwksUri'] => Stdlib::HTTPSUrl, - Optional['OAuthRemoteUserClaim'] => String, - Optional['OAuthAcceptTokenAs'] => Pattern[/^((header|post|query|cookie\:[A-Za-z0-9\-\._]+|basic)\s?)+$/], - Optional['OAuthAccessTokenBindingPolicy'] => Enum['disabled', 'optional', 'required', 'enforced'], - Optional['Cookie'] => String, - Optional['SessionCookieChunkSize'] => Integer, - Optional['CookieHTTPOnly'] => Enum['On', 'Off'], - Optional['CookieSameSite'] => Enum['On', 'Off'], - Optional['PassCookies'] => String, - Optional['StripCookies'] => String, - Optional['StateMaxNumberOfCookies'] => Pattern[/^[0-9]+\s(false|true)$/], - Optional['SessionInactivityTimeout'] => Integer, - Optional['SessionMaxDuration'] => Integer, - Optional['SessionType'] => Pattern[/^(server-cache(:persistent)?|client-cookie(:persistent)?)$/], - Optional['SessionCacheFallbackToCookie'] => Enum['On', 'Off'], - Optional['CacheType'] => Enum['shm', 'memcache', 'file', 'redis'], - Optional['CacheEncrypt'] => Enum['On', 'Off'], - Optional['CacheShmMax'] => Integer, - Optional['CacheShmEntrySizeMax'] => Integer, - Optional['CacheFileCleanInterval'] => Integer, - Optional['MemCacheServers'] => String, - Optional['RedisCacheServer'] => String, - Optional['RedisCachePassword'] => String, - Optional['DiscoverURL'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl], - Optional['HTMLErrorTemplate'] => String, - Optional['DefaultURL'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl], - Optional['PathScope'] => Pattern[/^\"?[A-Za-z0-9\-\._\s]+\"?$/], - Optional['PathAuthRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], - Optional['IDTokenIatSlack'] => Integer, - Optional['ClaimPrefix'] => String, - Optional['ClaimDelimiter'] => Pattern[/^.$/], - Optional['RemoteUserClaim'] => String, - Optional['PassIDTokenAs'] => Pattern[/^((claims|payload|serialized)\s?)+$/], - Optional['PassUserInfoAs'] => Pattern[/^((claims|json|jwt)\s?)+$/], - Optional['PassClaimsAs'] => Enum['none', 'headers', 'environment', 'both'], - Optional['AuthNHeader'] => String, - Optional['HTTPTimeoutLong'] => Integer, - Optional['HTTPTimeoutShort'] => Integer, - Optional['StateTimeout'] => Integer, - Optional['ScrubRequestHeaders'] => Enum['On', 'Off'], - Optional['OutgoingProxy'] => String, - Optional['UnAuthAction'] => Enum['auth', 'pass', '401', '410'], - Optional['UnAuthzAction'] => Enum['401', '403', 'auth'], - Optional['PreservePost'] => Enum['On', 'Off'], - Optional['PassRefreshToken'] => Enum['On', 'Off'], - Optional['RequestObject'] => String, - Optional['ProviderMetadataRefreshInterval'] => Integer, - Optional['InfoHook'] => Pattern[/^((iat|access_token|access_token_expires|id_token|userinfo|refresh_token|session)\s?)+$/], - Optional['BlackListedClaims'] => String, - Optional['WhiteListedClaims'] => String, - Optional['RefreshAccessTokenBeforeExpiry'] => Pattern[/^[0-9]+(\slogout_on_error)?$/], - Optional['XForwardedHeaders'] => String, + Optional['RedirectURI'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl, Pattern[/^\/[A-Za-z0-9\-\._%\/]*$/]], + Optional['CryptoPassphrase'] => String, + Optional['MetadataDir'] => String, + Optional['ProviderMetadataURL'] => Stdlib::HTTPSUrl, + Optional['ProviderIssuer'] => String, + Optional['ProviderAuthorizationEndpoint'] => Stdlib::HTTPSUrl, + Optional['ProviderJwksUri'] => Stdlib::HTTPSUrl, + Optional['ProviderTokenEndpoint'] => Stdlib::HTTPSUrl, + Optional['ProviderTokenEndpointAuth'] => Enum['client_secret_basic', 'client_secret_post', 'client_secret_jwt', 'private_key_jwt', 'none'], + Optional['ProviderTokenEndpointParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], + Optional['ProviderUserInfoEndpoint'] => Stdlib::HTTPSUrl, + Optional['ProviderCheckSessionIFrame'] => Stdlib::HTTPSUrl, + Optional['ProviderEndSessionEndpoint'] => Stdlib::HTTPSUrl, + Optional['ProviderRevocationEndpoint'] => Stdlib::HTTPSUrl, + Optional['ProviderBackChannelLogoutSupported'] => Enum['On', 'Off'], + Optional['ProviderRegistrationEndpointJson'] => String, + Optional['Scope'] => Pattern[/^\"?[A-Za-z0-9\-\._\s]+\"?$/], + Optional['AuthRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], + Optional['SSLValidateServer'] => Enum['On', 'Off'], + Optional['UserInfoRefreshInterval'] => Pattern[/^[0-9]+(\s?(logout_on_error|authenticate_on_error|502_on_error))?$/], + Optional['JWKSRefreshInterval'] => Integer, + Optional['UserInfoTokenMethod'] => Enum['authz_header', 'post_param'], + Optional['ProviderAuthRequestMethod'] => Enum['GET', 'POST', 'PAR'], + Optional['PublicKeyFiles'] => String, + Optional['PrivateKeyFiles'] => String, + Optional['ResponseType'] => Enum['code', 'id_token', 'id_token token', 'code id_token', 'code token', 'code id_token token'], + Optional['ResponseMode'] => Enum['fragment', 'query', 'form_post'], + Optional['ClientID'] => String, + Optional['ClientSecret'] => String, + Optional['ClientTokenEndpointCert'] => String, + Optional['ClientTokenEndpointKey'] => String, + Optional['ClientTokenEndpointKeyPassword'] => String, + Optional['ClientName'] => String, + Optional['ClientContact'] => String, + Optional['PKCEMethod'] => Enum['plain', 'S256', 'referred_tb', 'none'], + Optional['TokenBindingPolicy'] => Enum['disabled', 'optional', 'required', 'enforced'], + Optional['ClientJwksUri'] => Stdlib::HTTPSUrl, + Optional['IDTokenSignedResponseAlg'] => Enum['RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512', 'HS256', 'HS384', 'HS512', 'ES256', 'ES384', 'ES512'], + Optional['IDTokenEncryptedResponseAlg'] => Enum['RSA1_5', 'A128KW', 'A256KW', 'RSA-OAEP'], + Optional['IDTokenEncryptedResponseEnc'] => Enum['A128CBC-HS256', 'A256CBC-HS512', 'A256GCM'], + Optional['UserInfoSignedResponseAlg'] => Enum['RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512', 'HS256', 'HS384', 'HS512', 'ES256', 'ES384', 'ES512'], + Optional['UserInfoEncryptedResponseAlg'] => Enum['RSA1_5', 'A128KW', 'A256KW', 'RSA-OAEP'], + Optional['UserInfoEncryptedResponseEnc'] => Enum['A128CBC-HS256', 'A256CBC-HS512', 'A256GCM'], + Optional['OAuthServerMetadataURL'] => Stdlib::HTTPSUrl, + Optional['AuthIntrospectionEndpoint'] => Stdlib::HTTPSUrl, + Optional['OAuthClientID'] => String, + Optional['OAuthClientSecret'] => String, + Optional['OAuthIntrospectionEndpoint'] => String, + Optional['OAuthIntrospectionEndpointAuth'] => Enum['client_secret_basic', 'client_secret_post', 'client_secret_jwt', 'private_key_jwt', 'bearer_access_token', 'none'], + Optional['OAuthIntrospectionClientAuthBearerToken'] => String, + Optional['OAuthIntrospectionEndpointCert'] => String, + Optional['OAuthIntrospectionEndpointKey'] => String, + Optional['OAuthIntrospectionEndpointKeyPassword'] => String, + Optional['OAuthIntrospectionEndpointMethod'] => Enum['POST', 'GET'], + Optional['OAuthIntrospectionEndpointParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], + Optional['OAuthIntrospectionTokenParamName'] => String, + Optional['OAuthTokenExpiryClaim'] => Pattern[/^[A-Za-z0-9\-\._]+\s?((absolute|relative)+(\s(mandatory|optional))?)?$/], + Optional['OAuthTokenIntrospectionInterval'] => Integer, + Optional['OAuthSSLValidateServer'] => Enum['On', 'Off'], + Optional['OAuthVerifySharedKeys'] => String, + Optional['OAuthVerifyCertFiles'] => String, + Optional['OAuthVerifyJwksUri'] => Stdlib::HTTPSUrl, + Optional['OAuthRemoteUserClaim'] => String, + Optional['OAuthAcceptTokenAs'] => Pattern[/^((header|post|query|cookie\:[A-Za-z0-9\-\._]+|basic)\s?)+$/], + Optional['OAuthAccessTokenBindingPolicy'] => Enum['disabled', 'optional', 'required', 'enforced'], + Optional['Cookie'] => String, + Optional['CookieDomain'] => String, + Optional['CookiePath'] => String, + Optional['SessionCookieChunkSize'] => Integer, + Optional['CookieHTTPOnly'] => Enum['On', 'Off'], + Optional['CookieSameSite'] => Enum['On', 'Off'], + Optional['PassCookies'] => String, + Optional['StripCookies'] => String, + Optional['StateMaxNumberOfCookies'] => Pattern[/^[0-9]+(\s?(false|true))?$/], + Optional['SessionInactivityTimeout'] => Integer, + Optional['SessionMaxDuration'] => Integer, + Optional['SessionType'] => Pattern[/^(server-cache(:persistent)?|client-cookie(:persistent|:store_id_token|:persistent:store_id_token)?)$/], + Optional['SessionCacheFallbackToCookie'] => Enum['On', 'Off'], + Optional['CacheType'] => Enum['shm', 'memcache', 'file', 'redis'], + Optional['CacheDir'] => String, + Optional['CacheEncrypt'] => Enum['On', 'Off'], + Optional['CacheShmMax'] => Integer, + Optional['CacheShmEntrySizeMax'] => Integer, + Optional['CacheFileCleanInterval'] => Integer, + Optional['MemCacheServers'] => String, + Optional['MemCacheConnectionsHMax'] => Integer, + Optional['MemCacheConnectionsMin'] => Integer, + Optional['MemCacheConnectionsSMax'] => Integer, + Optional['MemCacheConnectionsTTL'] => Integer, + Optional['RedisCacheServer'] => String, + Optional['RedisCachePassword'] => String, + Optional['RedisCacheConnectTimeout'] => Pattern[/^[0-9]+\s?[0-9]*$/], + Optional['RedisCacheDatabase'] => Integer, + Optional['RedisCacheTimeout'] => Integer, + Optional['RedisCacheUsername'] => String, + Optional['DiscoverURL'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl], + Optional['HTMLErrorTemplate'] => String, + Optional['DefaultURL'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl], + Optional['PathScope'] => Pattern[/^\"?[A-Za-z0-9\-\._\s]+\"?$/], + Optional['PathAuthRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], + Optional['IDTokenIatSlack'] => Integer, + Optional['ClaimPrefix'] => String, + Optional['ClaimDelimiter'] => Pattern[/^.$/], + Optional['RemoteUserClaim'] => String, + Optional['PassIDTokenAs'] => Pattern[/^((claims|payload|serialized)\s?)+$/], + Optional['PassUserInfoAs'] => Pattern[/^((claims|json(:([A-Za-z0-9\-\._])+)?|(signed_)?jwt(:([A-Za-z0-9\-\._])+)?)\s?)+$/], + Optional['PassClaimsAs'] => Enum['none', 'headers', 'environment', 'both'], + Optional['AuthNHeader'] => String, + Optional['HTTPTimeoutLong'] => Integer, + Optional['HTTPTimeoutShort'] => Integer, + Optional['StateTimeout'] => Integer, + Optional['ScrubRequestHeaders'] => Enum['On', 'Off'], + Optional['OutgoingProxy'] => String, + Optional['UnAuthAction'] => Pattern[/^(auth|pass|401|407|410)\s.*/], + Optional['UnAutzAction'] => Pattern[/^(none|headers|environment|both)(\s+(latin1|base64url|none)+)?$/], + Optional['PreservePost'] => Enum['On', 'Off'], + Optional['PreservePostTemplates'] => String, + Optional['PassRefreshToken'] => Enum['On', 'Off'], + Optional['RequestObject'] => String, + Optional['ProviderMetadataRefreshInterval'] => Integer, + Optional['InfoHook'] => Pattern[/^((iat|access_token|access_token_expires|id_token|id_token_hint|userinfo|refresh_token|exp|timeout|remote_user|session)\s?)+$/], + Optional['BlackListedClaims'] => String, + Optional['WhiteListedClaims'] => String, + Optional['RefreshAccessTokenBeforeExpiry'] => Pattern[/^[0-9]+(\s(logout_on_error|authenticate_on_error|502_on_error))?$/], + Optional['XForwardedHeaders'] => String, + Optional['CABundlePath'] => String, + Optional['DefaultLoggedOutURL'] => String, + Optional['DPoPMode'] => String, + Optional['FilterClaimsExpr'] => String, + Optional['LogoutRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], + Optional['LogoutXFrameOptions'] => String, + Optional['MetricsData'] => String, + Optional['MetricsPublish'] => String, + Optional['PassAccessToken'] => Enum['On', 'Off'], + Optional['ProviderPushedAuthorizationRequestEndpoint'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl], + Optional['ProviderSignedJwksUri'] => String, + Optional['ProviderVerifyCertFiles'] => String, + Optional['RedirectURLsAllowed'] => String, + Optional['StateCookiePrefix'] => String, + Optional['StateInputHeaders'] => Enum['user-agent', 'x-forwarded-for', 'both', 'none'], + Optional['TraceParent'] => Enum['off', 'generate', 'propagate'], + Optional['UserInfoClaimsExpr'] => String, + Optional['ValidateIssuer'] => Enum['On', 'Off'], } ] From 99ed356ba692f52aed16561d618f9a8bca31e66d Mon Sep 17 00:00:00 2001 From: uoe-pjackson <56168566+uoe-pjackson@users.noreply.github.com> Date: Mon, 23 Sep 2024 14:39:28 +0100 Subject: [PATCH 52/74] Apply suggestions from code review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Romain Tartière --- types/oidcsettings.pp | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/types/oidcsettings.pp b/types/oidcsettings.pp index 8a14935282..0401336cf6 100644 --- a/types/oidcsettings.pp +++ b/types/oidcsettings.pp @@ -20,7 +20,7 @@ Optional['Scope'] => Pattern[/^\"?[A-Za-z0-9\-\._\s]+\"?$/], Optional['AuthRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], Optional['SSLValidateServer'] => Enum['On', 'Off'], - Optional['UserInfoRefreshInterval'] => Pattern[/^[0-9]+(\s?(logout_on_error|authenticate_on_error|502_on_error))?$/], + Optional['UserInfoRefreshInterval'] => Pattern[/^[0-9]+(\s+(logout_on_error|authenticate_on_error|502_on_error))?$/], Optional['JWKSRefreshInterval'] => Integer, Optional['UserInfoTokenMethod'] => Enum['authz_header', 'post_param'], Optional['ProviderAuthRequestMethod'] => Enum['GET', 'POST', 'PAR'], @@ -58,7 +58,7 @@ Optional['OAuthIntrospectionEndpointParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], Optional['OAuthIntrospectionTokenParamName'] => String, Optional['OAuthTokenExpiryClaim'] => Pattern[/^[A-Za-z0-9\-\._]+\s?((absolute|relative)+(\s(mandatory|optional))?)?$/], - Optional['OAuthTokenIntrospectionInterval'] => Integer, + Optional['OAuthTokenIntrospectionInterval'] => Integer[-1], Optional['OAuthSSLValidateServer'] => Enum['On', 'Off'], Optional['OAuthVerifySharedKeys'] => String, Optional['OAuthVerifyCertFiles'] => String, @@ -74,7 +74,7 @@ Optional['CookieSameSite'] => Enum['On', 'Off'], Optional['PassCookies'] => String, Optional['StripCookies'] => String, - Optional['StateMaxNumberOfCookies'] => Pattern[/^[0-9]+(\s?(false|true))?$/], + Optional['StateMaxNumberOfCookies'] => Pattern[/^[0-9]+(\s(false|true))?$/], Optional['SessionInactivityTimeout'] => Integer, Optional['SessionMaxDuration'] => Integer, Optional['SessionType'] => Pattern[/^(server-cache(:persistent)?|client-cookie(:persistent|:store_id_token|:persistent:store_id_token)?)$/], @@ -92,7 +92,7 @@ Optional['MemCacheConnectionsTTL'] => Integer, Optional['RedisCacheServer'] => String, Optional['RedisCachePassword'] => String, - Optional['RedisCacheConnectTimeout'] => Pattern[/^[0-9]+\s?[0-9]*$/], + Optional['RedisCacheConnectTimeout'] => Pattern[/^[0-9]+(\s[0-9]+)?$/], Optional['RedisCacheDatabase'] => Integer, Optional['RedisCacheTimeout'] => Integer, Optional['RedisCacheUsername'] => String, @@ -114,8 +114,8 @@ Optional['StateTimeout'] => Integer, Optional['ScrubRequestHeaders'] => Enum['On', 'Off'], Optional['OutgoingProxy'] => String, - Optional['UnAuthAction'] => Pattern[/^(auth|pass|401|407|410)\s.*/], - Optional['UnAutzAction'] => Pattern[/^(none|headers|environment|both)(\s+(latin1|base64url|none)+)?$/], + Optional['UnAuthAction'] => Pattern[/^(auth|pass|401|407|410)(\s.*)?$/], + Optional['UnAutzAction'] => Pattern[/^(401|403|302|auth)(\s.*)?$/], Optional['PreservePost'] => Enum['On', 'Off'], Optional['PreservePostTemplates'] => String, Optional['PassRefreshToken'] => Enum['On', 'Off'], @@ -130,12 +130,12 @@ Optional['DefaultLoggedOutURL'] => String, Optional['DPoPMode'] => String, Optional['FilterClaimsExpr'] => String, - Optional['LogoutRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], + Optional['LogoutRequestParams'] => Pattern[/^[^=]+=[^&]+(&[^=]+=[^&]+)*$/], Optional['LogoutXFrameOptions'] => String, Optional['MetricsData'] => String, Optional['MetricsPublish'] => String, Optional['PassAccessToken'] => Enum['On', 'Off'], - Optional['ProviderPushedAuthorizationRequestEndpoint'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl], + Optional['ProviderPushedAuthorizationRequestEndpoint'] => Stdlib::HttpUrl, Optional['ProviderSignedJwksUri'] => String, Optional['ProviderVerifyCertFiles'] => String, Optional['RedirectURLsAllowed'] => String, From bea6661ba08220d38d352d49f493b20d2b736006 Mon Sep 17 00:00:00 2001 From: Peter Jackson Date: Mon, 23 Sep 2024 16:53:34 +0100 Subject: [PATCH 53/74] Update data types based on feedback from PR #2569 --- REFERENCE.md | 182 +++++++++++++++++++++--------------------- types/oidcsettings.pp | 166 +++++++++++++++++++------------------- 2 files changed, 174 insertions(+), 174 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index 5b43bcb8e3..5fc4e70967 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -11307,10 +11307,10 @@ Alias of ```puppet Struct[{ Optional['RedirectURI'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl, Pattern[/^\/[A-Za-z0-9\-\._%\/]*$/]], - Optional['CryptoPassphrase'] => String, - Optional['MetadataDir'] => String, + Optional['CryptoPassphrase'] => String[1], + Optional['MetadataDir'] => String[1], Optional['ProviderMetadataURL'] => Stdlib::HTTPSUrl, - Optional['ProviderIssuer'] => String, + Optional['ProviderIssuer'] => String[1], Optional['ProviderAuthorizationEndpoint'] => Stdlib::HTTPSUrl, Optional['ProviderJwksUri'] => Stdlib::HTTPSUrl, Optional['ProviderTokenEndpoint'] => Stdlib::HTTPSUrl, @@ -11320,26 +11320,26 @@ Struct[{ Optional['ProviderCheckSessionIFrame'] => Stdlib::HTTPSUrl, Optional['ProviderEndSessionEndpoint'] => Stdlib::HTTPSUrl, Optional['ProviderRevocationEndpoint'] => Stdlib::HTTPSUrl, - Optional['ProviderBackChannelLogoutSupported'] => Enum['On', 'Off'], - Optional['ProviderRegistrationEndpointJson'] => String, + Optional['ProviderBackChannelLogoutSupported'] => Apache::OnOff, + Optional['ProviderRegistrationEndpointJson'] => String[1], Optional['Scope'] => Pattern[/^\"?[A-Za-z0-9\-\._\s]+\"?$/], Optional['AuthRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], - Optional['SSLValidateServer'] => Enum['On', 'Off'], - Optional['UserInfoRefreshInterval'] => Pattern[/^[0-9]+(\s?(logout_on_error|authenticate_on_error|502_on_error))?$/], - Optional['JWKSRefreshInterval'] => Integer, + Optional['SSLValidateServer'] => Apache::OnOff , + Optional['UserInfoRefreshInterval'] => Pattern[/^[0-9]+(\s+(logout_on_error|authenticate_on_error|502_on_error))?$/], + Optional['JWKSRefreshInterval'] => Integer[-1], Optional['UserInfoTokenMethod'] => Enum['authz_header', 'post_param'], Optional['ProviderAuthRequestMethod'] => Enum['GET', 'POST', 'PAR'], - Optional['PublicKeyFiles'] => String, - Optional['PrivateKeyFiles'] => String, + Optional['PublicKeyFiles'] => String[1], + Optional['PrivateKeyFiles'] => String[1], Optional['ResponseType'] => Enum['code', 'id_token', 'id_token token', 'code id_token', 'code token', 'code id_token token'], Optional['ResponseMode'] => Enum['fragment', 'query', 'form_post'], - Optional['ClientID'] => String, - Optional['ClientSecret'] => String, - Optional['ClientTokenEndpointCert'] => String, - Optional['ClientTokenEndpointKey'] => String, - Optional['ClientTokenEndpointKeyPassword'] => String, - Optional['ClientName'] => String, - Optional['ClientContact'] => String, + Optional['ClientID'] => String[1], + Optional['ClientSecret'] => String[1], + Optional['ClientTokenEndpointCert'] => String[1], + Optional['ClientTokenEndpointKey'] => String[1], + Optional['ClientTokenEndpointKeyPassword'] => String[1], + Optional['ClientName'] => String[1], + Optional['ClientContact'] => String[1], Optional['PKCEMethod'] => Enum['plain', 'S256', 'referred_tb', 'none'], Optional['TokenBindingPolicy'] => Enum['disabled', 'optional', 'required', 'enforced'], Optional['ClientJwksUri'] => Stdlib::HTTPSUrl, @@ -11351,104 +11351,104 @@ Struct[{ Optional['UserInfoEncryptedResponseEnc'] => Enum['A128CBC-HS256', 'A256CBC-HS512', 'A256GCM'], Optional['OAuthServerMetadataURL'] => Stdlib::HTTPSUrl, Optional['AuthIntrospectionEndpoint'] => Stdlib::HTTPSUrl, - Optional['OAuthClientID'] => String, - Optional['OAuthClientSecret'] => String, - Optional['OAuthIntrospectionEndpoint'] => String, + Optional['OAuthClientID'] => String[1], + Optional['OAuthClientSecret'] => String[1], + Optional['OAuthIntrospectionEndpoint'] => String[1], Optional['OAuthIntrospectionEndpointAuth'] => Enum['client_secret_basic', 'client_secret_post', 'client_secret_jwt', 'private_key_jwt', 'bearer_access_token', 'none'], - Optional['OAuthIntrospectionClientAuthBearerToken'] => String, - Optional['OAuthIntrospectionEndpointCert'] => String, - Optional['OAuthIntrospectionEndpointKey'] => String, - Optional['OAuthIntrospectionEndpointKeyPassword'] => String, + Optional['OAuthIntrospectionClientAuthBearerToken'] => String[1], + Optional['OAuthIntrospectionEndpointCert'] => String[1], + Optional['OAuthIntrospectionEndpointKey'] => String[1], + Optional['OAuthIntrospectionEndpointKeyPassword'] => String[1], Optional['OAuthIntrospectionEndpointMethod'] => Enum['POST', 'GET'], Optional['OAuthIntrospectionEndpointParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], - Optional['OAuthIntrospectionTokenParamName'] => String, + Optional['OAuthIntrospectionTokenParamName'] => String[1], Optional['OAuthTokenExpiryClaim'] => Pattern[/^[A-Za-z0-9\-\._]+\s?((absolute|relative)+(\s(mandatory|optional))?)?$/], - Optional['OAuthTokenIntrospectionInterval'] => Integer, - Optional['OAuthSSLValidateServer'] => Enum['On', 'Off'], - Optional['OAuthVerifySharedKeys'] => String, - Optional['OAuthVerifyCertFiles'] => String, + Optional['OAuthTokenIntrospectionInterval'] => Integer[-1], + Optional['OAuthSSLValidateServer'] => Apache::OnOff, + Optional['OAuthVerifySharedKeys'] => String[1], + Optional['OAuthVerifyCertFiles'] => String[1], Optional['OAuthVerifyJwksUri'] => Stdlib::HTTPSUrl, - Optional['OAuthRemoteUserClaim'] => String, + Optional['OAuthRemoteUserClaim'] => String[1], Optional['OAuthAcceptTokenAs'] => Pattern[/^((header|post|query|cookie\:[A-Za-z0-9\-\._]+|basic)\s?)+$/], Optional['OAuthAccessTokenBindingPolicy'] => Enum['disabled', 'optional', 'required', 'enforced'], - Optional['Cookie'] => String, - Optional['CookieDomain'] => String, - Optional['CookiePath'] => String, - Optional['SessionCookieChunkSize'] => Integer, - Optional['CookieHTTPOnly'] => Enum['On', 'Off'], - Optional['CookieSameSite'] => Enum['On', 'Off'], - Optional['PassCookies'] => String, - Optional['StripCookies'] => String, - Optional['StateMaxNumberOfCookies'] => Pattern[/^[0-9]+(\s?(false|true))?$/], - Optional['SessionInactivityTimeout'] => Integer, - Optional['SessionMaxDuration'] => Integer, + Optional['Cookie'] => String[1], + Optional['CookieDomain'] => String[1], + Optional['CookiePath'] => String[1], + Optional['SessionCookieChunkSize'] => Intege[-1], + Optional['CookieHTTPOnly'] => Apache::OnOff, + Optional['CookieSameSite'] => Apache::OnOff, + Optional['PassCookies'] => String[1], + Optional['StripCookies'] => String[1], + Optional['StateMaxNumberOfCookies'] => Pattern[/^[0-9]+(\s(false|true))?$/], + Optional['SessionInactivityTimeout'] => Integer[-1], + Optional['SessionMaxDuration'] => Integer[-1], Optional['SessionType'] => Pattern[/^(server-cache(:persistent)?|client-cookie(:persistent|:store_id_token|:persistent:store_id_token)?)$/], - Optional['SessionCacheFallbackToCookie'] => Enum['On', 'Off'], + Optional['SessionCacheFallbackToCookie'] => Apache::OnOff, Optional['CacheType'] => Enum['shm', 'memcache', 'file', 'redis'], - Optional['CacheDir'] => String, - Optional['CacheEncrypt'] => Enum['On', 'Off'], - Optional['CacheShmMax'] => Integer, - Optional['CacheShmEntrySizeMax'] => Integer, - Optional['CacheFileCleanInterval'] => Integer, - Optional['MemCacheServers'] => String, - Optional['MemCacheConnectionsHMax'] => Integer, - Optional['MemCacheConnectionsMin'] => Integer, - Optional['MemCacheConnectionsSMax'] => Integer, - Optional['MemCacheConnectionsTTL'] => Integer, - Optional['RedisCacheServer'] => String, + Optional['CacheDir'] => String[1], + Optional['CacheEncrypt'] => Apache::OnOff, + Optional['CacheShmMax'] => Integer[-1], + Optional['CacheShmEntrySizeMax'] => Integer[-1], + Optional['CacheFileCleanInterval'] => Integer[-1], + Optional['MemCacheServers'] => String[1], + Optional['MemCacheConnectionsHMax'] => Integer[-1], + Optional['MemCacheConnectionsMin'] => Integer[-1], + Optional['MemCacheConnectionsSMax'] => Integer[-1], + Optional['MemCacheConnectionsTTL'] => Integer[-1], + Optional['RedisCacheServer'] => String[1], Optional['RedisCachePassword'] => String, - Optional['RedisCacheConnectTimeout'] => Pattern[/^[0-9]+\s?[0-9]*$/], - Optional['RedisCacheDatabase'] => Integer, - Optional['RedisCacheTimeout'] => Integer, - Optional['RedisCacheUsername'] => String, + Optional['RedisCacheConnectTimeout'] => Pattern[/^[0-9]+(\s[0-9]+)?$/], + Optional['RedisCacheDatabase'] => Integer[-1], + Optional['RedisCacheTimeout'] => Integer[-1], + Optional['RedisCacheUsername'] => String[1], Optional['DiscoverURL'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl], - Optional['HTMLErrorTemplate'] => String, + Optional['HTMLErrorTemplate'] => String[1], Optional['DefaultURL'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl], Optional['PathScope'] => Pattern[/^\"?[A-Za-z0-9\-\._\s]+\"?$/], Optional['PathAuthRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], - Optional['IDTokenIatSlack'] => Integer, + Optional['IDTokenIatSlack'] => Integer[-1], Optional['ClaimPrefix'] => String, Optional['ClaimDelimiter'] => Pattern[/^.$/], - Optional['RemoteUserClaim'] => String, + Optional['RemoteUserClaim'] => String[1], Optional['PassIDTokenAs'] => Pattern[/^((claims|payload|serialized)\s?)+$/], Optional['PassUserInfoAs'] => Pattern[/^((claims|json(:([A-Za-z0-9\-\._])+)?|(signed_)?jwt(:([A-Za-z0-9\-\._])+)?)\s?)+$/], Optional['PassClaimsAs'] => Enum['none', 'headers', 'environment', 'both'], - Optional['AuthNHeader'] => String, - Optional['HTTPTimeoutLong'] => Integer, - Optional['HTTPTimeoutShort'] => Integer, - Optional['StateTimeout'] => Integer, - Optional['ScrubRequestHeaders'] => Enum['On', 'Off'], - Optional['OutgoingProxy'] => String, - Optional['UnAuthAction'] => Pattern[/^(auth|pass|401|407|410)\s.*/], - Optional['UnAutzAction'] => Pattern[/^(none|headers|environment|both)(\s+(latin1|base64url|none)+)?$/], - Optional['PreservePost'] => Enum['On', 'Off'], - Optional['PreservePostTemplates'] => String, - Optional['PassRefreshToken'] => Enum['On', 'Off'], - Optional['RequestObject'] => String, - Optional['ProviderMetadataRefreshInterval'] => Integer, + Optional['AuthNHeader'] => String[1], + Optional['HTTPTimeoutLong'] => Integer[-1], + Optional['HTTPTimeoutShort'] => Integer[-1], + Optional['StateTimeout'] => Integer[-1], + Optional['ScrubRequestHeaders'] => Apache::OnOff, + Optional['OutgoingProxy'] => String[1], + Optional['UnAuthAction'] => Pattern[/^(auth|pass|401|407|410)(\s.*)?$/], + Optional['UnAutzAction'] => Pattern[/^(401|403|302|auth)(\s.*)?$/], + Optional['PreservePost'] => Apache::OnOff, + Optional['PreservePostTemplates'] => String[1], + Optional['PassRefreshToken'] => Apache::OnOff, + Optional['RequestObject'] => String[1], + Optional['ProviderMetadataRefreshInterval'] => Integer[-1], Optional['InfoHook'] => Pattern[/^((iat|access_token|access_token_expires|id_token|id_token_hint|userinfo|refresh_token|exp|timeout|remote_user|session)\s?)+$/], - Optional['BlackListedClaims'] => String, - Optional['WhiteListedClaims'] => String, + Optional['BlackListedClaims'] => String[1], + Optional['WhiteListedClaims'] => String[1], Optional['RefreshAccessTokenBeforeExpiry'] => Pattern[/^[0-9]+(\s(logout_on_error|authenticate_on_error|502_on_error))?$/], - Optional['XForwardedHeaders'] => String, - Optional['CABundlePath'] => String, - Optional['DefaultLoggedOutURL'] => String, - Optional['DPoPMode'] => String, - Optional['FilterClaimsExpr'] => String, - Optional['LogoutRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], - Optional['LogoutXFrameOptions'] => String, - Optional['MetricsData'] => String, - Optional['MetricsPublish'] => String, - Optional['PassAccessToken'] => Enum['On', 'Off'], - Optional['ProviderPushedAuthorizationRequestEndpoint'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl], - Optional['ProviderSignedJwksUri'] => String, - Optional['ProviderVerifyCertFiles'] => String, - Optional['RedirectURLsAllowed'] => String, + Optional['XForwardedHeaders'] => String[1], + Optional['CABundlePath'] => String[1], + Optional['DefaultLoggedOutURL'] => String[1], + Optional['DPoPMode'] => String[1], + Optional['FilterClaimsExpr'] => String[1], + Optional['LogoutRequestParams'] => Pattern[/^[^=]+=[^&]+(&[^=]+=[^&]+)*$/], + Optional['LogoutXFrameOptions'] => String[1], + Optional['MetricsData'] => String[1], + Optional['MetricsPublish'] => String[1], + Optional['PassAccessToken'] => Apache::OnOff, + Optional['ProviderPushedAuthorizationRequestEndpoint'] => Stdlib::HttpUrl, + Optional['ProviderSignedJwksUri'] => String[1], + Optional['ProviderVerifyCertFiles'] => String[1], + Optional['RedirectURLsAllowed'] => String[1], Optional['StateCookiePrefix'] => String, Optional['StateInputHeaders'] => Enum['user-agent', 'x-forwarded-for', 'both', 'none'], Optional['TraceParent'] => Enum['off', 'generate', 'propagate'], - Optional['UserInfoClaimsExpr'] => String, - Optional['ValidateIssuer'] => Enum['On', 'Off'], + Optional['UserInfoClaimsExpr'] => String[1], + Optional['ValidateIssuer'] => Apache::OnOff, }] ``` diff --git a/types/oidcsettings.pp b/types/oidcsettings.pp index 0401336cf6..8173831654 100644 --- a/types/oidcsettings.pp +++ b/types/oidcsettings.pp @@ -2,10 +2,10 @@ type Apache::OIDCSettings = Struct[ { Optional['RedirectURI'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl, Pattern[/^\/[A-Za-z0-9\-\._%\/]*$/]], - Optional['CryptoPassphrase'] => String, - Optional['MetadataDir'] => String, + Optional['CryptoPassphrase'] => String[1], + Optional['MetadataDir'] => String[1], Optional['ProviderMetadataURL'] => Stdlib::HTTPSUrl, - Optional['ProviderIssuer'] => String, + Optional['ProviderIssuer'] => String[1], Optional['ProviderAuthorizationEndpoint'] => Stdlib::HTTPSUrl, Optional['ProviderJwksUri'] => Stdlib::HTTPSUrl, Optional['ProviderTokenEndpoint'] => Stdlib::HTTPSUrl, @@ -15,26 +15,26 @@ Optional['ProviderCheckSessionIFrame'] => Stdlib::HTTPSUrl, Optional['ProviderEndSessionEndpoint'] => Stdlib::HTTPSUrl, Optional['ProviderRevocationEndpoint'] => Stdlib::HTTPSUrl, - Optional['ProviderBackChannelLogoutSupported'] => Enum['On', 'Off'], - Optional['ProviderRegistrationEndpointJson'] => String, + Optional['ProviderBackChannelLogoutSupported'] => Apache::OnOff, + Optional['ProviderRegistrationEndpointJson'] => String[1], Optional['Scope'] => Pattern[/^\"?[A-Za-z0-9\-\._\s]+\"?$/], Optional['AuthRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], - Optional['SSLValidateServer'] => Enum['On', 'Off'], + Optional['SSLValidateServer'] => Apache::OnOff , Optional['UserInfoRefreshInterval'] => Pattern[/^[0-9]+(\s+(logout_on_error|authenticate_on_error|502_on_error))?$/], - Optional['JWKSRefreshInterval'] => Integer, + Optional['JWKSRefreshInterval'] => Integer[-1], Optional['UserInfoTokenMethod'] => Enum['authz_header', 'post_param'], Optional['ProviderAuthRequestMethod'] => Enum['GET', 'POST', 'PAR'], - Optional['PublicKeyFiles'] => String, - Optional['PrivateKeyFiles'] => String, + Optional['PublicKeyFiles'] => String[1], + Optional['PrivateKeyFiles'] => String[1], Optional['ResponseType'] => Enum['code', 'id_token', 'id_token token', 'code id_token', 'code token', 'code id_token token'], Optional['ResponseMode'] => Enum['fragment', 'query', 'form_post'], - Optional['ClientID'] => String, - Optional['ClientSecret'] => String, - Optional['ClientTokenEndpointCert'] => String, - Optional['ClientTokenEndpointKey'] => String, - Optional['ClientTokenEndpointKeyPassword'] => String, - Optional['ClientName'] => String, - Optional['ClientContact'] => String, + Optional['ClientID'] => String[1], + Optional['ClientSecret'] => String[1], + Optional['ClientTokenEndpointCert'] => String[1], + Optional['ClientTokenEndpointKey'] => String[1], + Optional['ClientTokenEndpointKeyPassword'] => String[1], + Optional['ClientName'] => String[1], + Optional['ClientContact'] => String[1], Optional['PKCEMethod'] => Enum['plain', 'S256', 'referred_tb', 'none'], Optional['TokenBindingPolicy'] => Enum['disabled', 'optional', 'required', 'enforced'], Optional['ClientJwksUri'] => Stdlib::HTTPSUrl, @@ -46,103 +46,103 @@ Optional['UserInfoEncryptedResponseEnc'] => Enum['A128CBC-HS256', 'A256CBC-HS512', 'A256GCM'], Optional['OAuthServerMetadataURL'] => Stdlib::HTTPSUrl, Optional['AuthIntrospectionEndpoint'] => Stdlib::HTTPSUrl, - Optional['OAuthClientID'] => String, - Optional['OAuthClientSecret'] => String, - Optional['OAuthIntrospectionEndpoint'] => String, + Optional['OAuthClientID'] => String[1], + Optional['OAuthClientSecret'] => String[1], + Optional['OAuthIntrospectionEndpoint'] => String[1], Optional['OAuthIntrospectionEndpointAuth'] => Enum['client_secret_basic', 'client_secret_post', 'client_secret_jwt', 'private_key_jwt', 'bearer_access_token', 'none'], - Optional['OAuthIntrospectionClientAuthBearerToken'] => String, - Optional['OAuthIntrospectionEndpointCert'] => String, - Optional['OAuthIntrospectionEndpointKey'] => String, - Optional['OAuthIntrospectionEndpointKeyPassword'] => String, + Optional['OAuthIntrospectionClientAuthBearerToken'] => String[1], + Optional['OAuthIntrospectionEndpointCert'] => String[1], + Optional['OAuthIntrospectionEndpointKey'] => String[1], + Optional['OAuthIntrospectionEndpointKeyPassword'] => String[1], Optional['OAuthIntrospectionEndpointMethod'] => Enum['POST', 'GET'], Optional['OAuthIntrospectionEndpointParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], - Optional['OAuthIntrospectionTokenParamName'] => String, + Optional['OAuthIntrospectionTokenParamName'] => String[1], Optional['OAuthTokenExpiryClaim'] => Pattern[/^[A-Za-z0-9\-\._]+\s?((absolute|relative)+(\s(mandatory|optional))?)?$/], Optional['OAuthTokenIntrospectionInterval'] => Integer[-1], - Optional['OAuthSSLValidateServer'] => Enum['On', 'Off'], - Optional['OAuthVerifySharedKeys'] => String, - Optional['OAuthVerifyCertFiles'] => String, + Optional['OAuthSSLValidateServer'] => Apache::OnOff, + Optional['OAuthVerifySharedKeys'] => String[1], + Optional['OAuthVerifyCertFiles'] => String[1], Optional['OAuthVerifyJwksUri'] => Stdlib::HTTPSUrl, - Optional['OAuthRemoteUserClaim'] => String, + Optional['OAuthRemoteUserClaim'] => String[1], Optional['OAuthAcceptTokenAs'] => Pattern[/^((header|post|query|cookie\:[A-Za-z0-9\-\._]+|basic)\s?)+$/], Optional['OAuthAccessTokenBindingPolicy'] => Enum['disabled', 'optional', 'required', 'enforced'], - Optional['Cookie'] => String, - Optional['CookieDomain'] => String, - Optional['CookiePath'] => String, - Optional['SessionCookieChunkSize'] => Integer, - Optional['CookieHTTPOnly'] => Enum['On', 'Off'], - Optional['CookieSameSite'] => Enum['On', 'Off'], - Optional['PassCookies'] => String, - Optional['StripCookies'] => String, + Optional['Cookie'] => String[1], + Optional['CookieDomain'] => String[1], + Optional['CookiePath'] => String[1], + Optional['SessionCookieChunkSize'] => Intege[-1], + Optional['CookieHTTPOnly'] => Apache::OnOff, + Optional['CookieSameSite'] => Apache::OnOff, + Optional['PassCookies'] => String[1], + Optional['StripCookies'] => String[1], Optional['StateMaxNumberOfCookies'] => Pattern[/^[0-9]+(\s(false|true))?$/], - Optional['SessionInactivityTimeout'] => Integer, - Optional['SessionMaxDuration'] => Integer, + Optional['SessionInactivityTimeout'] => Integer[-1], + Optional['SessionMaxDuration'] => Integer[-1], Optional['SessionType'] => Pattern[/^(server-cache(:persistent)?|client-cookie(:persistent|:store_id_token|:persistent:store_id_token)?)$/], - Optional['SessionCacheFallbackToCookie'] => Enum['On', 'Off'], + Optional['SessionCacheFallbackToCookie'] => Apache::OnOff, Optional['CacheType'] => Enum['shm', 'memcache', 'file', 'redis'], - Optional['CacheDir'] => String, - Optional['CacheEncrypt'] => Enum['On', 'Off'], - Optional['CacheShmMax'] => Integer, - Optional['CacheShmEntrySizeMax'] => Integer, - Optional['CacheFileCleanInterval'] => Integer, - Optional['MemCacheServers'] => String, - Optional['MemCacheConnectionsHMax'] => Integer, - Optional['MemCacheConnectionsMin'] => Integer, - Optional['MemCacheConnectionsSMax'] => Integer, - Optional['MemCacheConnectionsTTL'] => Integer, - Optional['RedisCacheServer'] => String, + Optional['CacheDir'] => String[1], + Optional['CacheEncrypt'] => Apache::OnOff, + Optional['CacheShmMax'] => Integer[-1], + Optional['CacheShmEntrySizeMax'] => Integer[-1], + Optional['CacheFileCleanInterval'] => Integer[-1], + Optional['MemCacheServers'] => String[1], + Optional['MemCacheConnectionsHMax'] => Integer[-1], + Optional['MemCacheConnectionsMin'] => Integer[-1], + Optional['MemCacheConnectionsSMax'] => Integer[-1], + Optional['MemCacheConnectionsTTL'] => Integer[-1], + Optional['RedisCacheServer'] => String[1], Optional['RedisCachePassword'] => String, Optional['RedisCacheConnectTimeout'] => Pattern[/^[0-9]+(\s[0-9]+)?$/], - Optional['RedisCacheDatabase'] => Integer, - Optional['RedisCacheTimeout'] => Integer, - Optional['RedisCacheUsername'] => String, + Optional['RedisCacheDatabase'] => Integer[-1], + Optional['RedisCacheTimeout'] => Integer[-1], + Optional['RedisCacheUsername'] => String[1], Optional['DiscoverURL'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl], - Optional['HTMLErrorTemplate'] => String, + Optional['HTMLErrorTemplate'] => String[1], Optional['DefaultURL'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl], Optional['PathScope'] => Pattern[/^\"?[A-Za-z0-9\-\._\s]+\"?$/], Optional['PathAuthRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], - Optional['IDTokenIatSlack'] => Integer, + Optional['IDTokenIatSlack'] => Integer[-1], Optional['ClaimPrefix'] => String, Optional['ClaimDelimiter'] => Pattern[/^.$/], - Optional['RemoteUserClaim'] => String, + Optional['RemoteUserClaim'] => String[1], Optional['PassIDTokenAs'] => Pattern[/^((claims|payload|serialized)\s?)+$/], Optional['PassUserInfoAs'] => Pattern[/^((claims|json(:([A-Za-z0-9\-\._])+)?|(signed_)?jwt(:([A-Za-z0-9\-\._])+)?)\s?)+$/], Optional['PassClaimsAs'] => Enum['none', 'headers', 'environment', 'both'], - Optional['AuthNHeader'] => String, - Optional['HTTPTimeoutLong'] => Integer, - Optional['HTTPTimeoutShort'] => Integer, - Optional['StateTimeout'] => Integer, - Optional['ScrubRequestHeaders'] => Enum['On', 'Off'], - Optional['OutgoingProxy'] => String, + Optional['AuthNHeader'] => String[1], + Optional['HTTPTimeoutLong'] => Integer[-1], + Optional['HTTPTimeoutShort'] => Integer[-1], + Optional['StateTimeout'] => Integer[-1], + Optional['ScrubRequestHeaders'] => Apache::OnOff, + Optional['OutgoingProxy'] => String[1], Optional['UnAuthAction'] => Pattern[/^(auth|pass|401|407|410)(\s.*)?$/], Optional['UnAutzAction'] => Pattern[/^(401|403|302|auth)(\s.*)?$/], - Optional['PreservePost'] => Enum['On', 'Off'], - Optional['PreservePostTemplates'] => String, - Optional['PassRefreshToken'] => Enum['On', 'Off'], - Optional['RequestObject'] => String, - Optional['ProviderMetadataRefreshInterval'] => Integer, + Optional['PreservePost'] => Apache::OnOff, + Optional['PreservePostTemplates'] => String[1], + Optional['PassRefreshToken'] => Apache::OnOff, + Optional['RequestObject'] => String[1], + Optional['ProviderMetadataRefreshInterval'] => Integer[-1], Optional['InfoHook'] => Pattern[/^((iat|access_token|access_token_expires|id_token|id_token_hint|userinfo|refresh_token|exp|timeout|remote_user|session)\s?)+$/], - Optional['BlackListedClaims'] => String, - Optional['WhiteListedClaims'] => String, + Optional['BlackListedClaims'] => String[1], + Optional['WhiteListedClaims'] => String[1], Optional['RefreshAccessTokenBeforeExpiry'] => Pattern[/^[0-9]+(\s(logout_on_error|authenticate_on_error|502_on_error))?$/], - Optional['XForwardedHeaders'] => String, - Optional['CABundlePath'] => String, - Optional['DefaultLoggedOutURL'] => String, - Optional['DPoPMode'] => String, - Optional['FilterClaimsExpr'] => String, + Optional['XForwardedHeaders'] => String[1], + Optional['CABundlePath'] => String[1], + Optional['DefaultLoggedOutURL'] => String[1], + Optional['DPoPMode'] => String[1], + Optional['FilterClaimsExpr'] => String[1], Optional['LogoutRequestParams'] => Pattern[/^[^=]+=[^&]+(&[^=]+=[^&]+)*$/], - Optional['LogoutXFrameOptions'] => String, - Optional['MetricsData'] => String, - Optional['MetricsPublish'] => String, - Optional['PassAccessToken'] => Enum['On', 'Off'], + Optional['LogoutXFrameOptions'] => String[1], + Optional['MetricsData'] => String[1], + Optional['MetricsPublish'] => String[1], + Optional['PassAccessToken'] => Apache::OnOff, Optional['ProviderPushedAuthorizationRequestEndpoint'] => Stdlib::HttpUrl, - Optional['ProviderSignedJwksUri'] => String, - Optional['ProviderVerifyCertFiles'] => String, - Optional['RedirectURLsAllowed'] => String, + Optional['ProviderSignedJwksUri'] => String[1], + Optional['ProviderVerifyCertFiles'] => String[1], + Optional['RedirectURLsAllowed'] => String[1], Optional['StateCookiePrefix'] => String, Optional['StateInputHeaders'] => Enum['user-agent', 'x-forwarded-for', 'both', 'none'], Optional['TraceParent'] => Enum['off', 'generate', 'propagate'], - Optional['UserInfoClaimsExpr'] => String, - Optional['ValidateIssuer'] => Enum['On', 'Off'], + Optional['UserInfoClaimsExpr'] => String[1], + Optional['ValidateIssuer'] => Apache::OnOff, } ] From 0fb9d6fb5363a5a2f6afc1a9a4c19eb6d7f1cf2a Mon Sep 17 00:00:00 2001 From: Peter Jackson Date: Tue, 24 Sep 2024 10:24:53 +0100 Subject: [PATCH 54/74] Update remaining datatypes from review feedback. --- REFERENCE.md | 4 ++-- types/oidcsettings.pp | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index 5fc4e70967..93efdbbd42 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -11362,7 +11362,7 @@ Struct[{ Optional['OAuthIntrospectionEndpointMethod'] => Enum['POST', 'GET'], Optional['OAuthIntrospectionEndpointParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], Optional['OAuthIntrospectionTokenParamName'] => String[1], - Optional['OAuthTokenExpiryClaim'] => Pattern[/^[A-Za-z0-9\-\._]+\s?((absolute|relative)+(\s(mandatory|optional))?)?$/], + Optional['OAuthTokenExpiryClaim'] => Pattern[/^[A-Za-z0-9\-\._]+(\s(absolute|relative))?(\s(mandatory|optional))?$/], Optional['OAuthTokenIntrospectionInterval'] => Integer[-1], Optional['OAuthSSLValidateServer'] => Apache::OnOff, Optional['OAuthVerifySharedKeys'] => String[1], @@ -11412,7 +11412,7 @@ Struct[{ Optional['RemoteUserClaim'] => String[1], Optional['PassIDTokenAs'] => Pattern[/^((claims|payload|serialized)\s?)+$/], Optional['PassUserInfoAs'] => Pattern[/^((claims|json(:([A-Za-z0-9\-\._])+)?|(signed_)?jwt(:([A-Za-z0-9\-\._])+)?)\s?)+$/], - Optional['PassClaimsAs'] => Enum['none', 'headers', 'environment', 'both'], + Optional['PassClaimsAs'] => Pattern[/^(none|headers|environment|both)?\s?(latin1|base64url|none)?$/], Optional['AuthNHeader'] => String[1], Optional['HTTPTimeoutLong'] => Integer[-1], Optional['HTTPTimeoutShort'] => Integer[-1], diff --git a/types/oidcsettings.pp b/types/oidcsettings.pp index 8173831654..4ff28ddf5c 100644 --- a/types/oidcsettings.pp +++ b/types/oidcsettings.pp @@ -57,7 +57,7 @@ Optional['OAuthIntrospectionEndpointMethod'] => Enum['POST', 'GET'], Optional['OAuthIntrospectionEndpointParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], Optional['OAuthIntrospectionTokenParamName'] => String[1], - Optional['OAuthTokenExpiryClaim'] => Pattern[/^[A-Za-z0-9\-\._]+\s?((absolute|relative)+(\s(mandatory|optional))?)?$/], + Optional['OAuthTokenExpiryClaim'] => Pattern[/^[A-Za-z0-9\-\._]+(\s(absolute|relative))?(\s(mandatory|optional))?$/], Optional['OAuthTokenIntrospectionInterval'] => Integer[-1], Optional['OAuthSSLValidateServer'] => Apache::OnOff, Optional['OAuthVerifySharedKeys'] => String[1], @@ -107,7 +107,7 @@ Optional['RemoteUserClaim'] => String[1], Optional['PassIDTokenAs'] => Pattern[/^((claims|payload|serialized)\s?)+$/], Optional['PassUserInfoAs'] => Pattern[/^((claims|json(:([A-Za-z0-9\-\._])+)?|(signed_)?jwt(:([A-Za-z0-9\-\._])+)?)\s?)+$/], - Optional['PassClaimsAs'] => Enum['none', 'headers', 'environment', 'both'], + Optional['PassClaimsAs'] => Pattern[/^(none|headers|environment|both)?\s?(latin1|base64url|none)?$/], Optional['AuthNHeader'] => String[1], Optional['HTTPTimeoutLong'] => Integer[-1], Optional['HTTPTimeoutShort'] => Integer[-1], From 9778de4873f888ad50c88eddf532ae99845ee426 Mon Sep 17 00:00:00 2001 From: Peter Jackson Date: Wed, 2 Oct 2024 15:46:59 +0100 Subject: [PATCH 55/74] Fix yet another typo! --- REFERENCE.md | 2 +- types/oidcsettings.pp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index 93efdbbd42..78eea6bfc5 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -11374,7 +11374,7 @@ Struct[{ Optional['Cookie'] => String[1], Optional['CookieDomain'] => String[1], Optional['CookiePath'] => String[1], - Optional['SessionCookieChunkSize'] => Intege[-1], + Optional['SessionCookieChunkSize'] => Integer[-1], Optional['CookieHTTPOnly'] => Apache::OnOff, Optional['CookieSameSite'] => Apache::OnOff, Optional['PassCookies'] => String[1], diff --git a/types/oidcsettings.pp b/types/oidcsettings.pp index 4ff28ddf5c..a4e53fa43e 100644 --- a/types/oidcsettings.pp +++ b/types/oidcsettings.pp @@ -69,7 +69,7 @@ Optional['Cookie'] => String[1], Optional['CookieDomain'] => String[1], Optional['CookiePath'] => String[1], - Optional['SessionCookieChunkSize'] => Intege[-1], + Optional['SessionCookieChunkSize'] => Integer[-1], Optional['CookieHTTPOnly'] => Apache::OnOff, Optional['CookieSameSite'] => Apache::OnOff, Optional['PassCookies'] => String[1], From 9119d89dffa8d5e4a6b41f39822966540b0f637f Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Wed, 23 Oct 2024 11:09:49 +0000 Subject: [PATCH 56/74] Release prep v12.2.0 --- CHANGELOG.md | 32 ++++++++++- REFERENCE.md | 154 +++++++++++++++++++++++++++++++++++++++++++++++++- metadata.json | 2 +- 3 files changed, 181 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e761dd2c97..2012b2ba4f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,20 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org). +## [v12.2.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v12.2.0) - 2024-10-23 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v12.1.0...v12.2.0) + +### Added + +- Update config parameters to match latest OIDC release and fix typos. … [#2569](https://github.com/puppetlabs/puppetlabs-apache/pull/2569) ([uoe-pjackson](https://github.com/uoe-pjackson)) +- add XForwardedHeaders for oidc_settings [#2541](https://github.com/puppetlabs/puppetlabs-apache/pull/2541) ([trefzer](https://github.com/trefzer)) +- Added cache_disk [#2521](https://github.com/puppetlabs/puppetlabs-apache/pull/2521) ([dploeger](https://github.com/dploeger)) + +### Fixed + +- Add missing brackets for function call [#2540](https://github.com/puppetlabs/puppetlabs-apache/pull/2540) ([gerlingsm](https://github.com/gerlingsm)) + ## [v12.1.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v12.1.0) - 2024-04-03 [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v12.0.3...v12.1.0) @@ -47,6 +61,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v11.1.0...v12.0.0) ### Changed + - Drop EoL Debian 9 and older code [#2479](https://github.com/puppetlabs/puppetlabs-apache/pull/2479) ([bastelfreak](https://github.com/bastelfreak)) ### Added @@ -75,6 +90,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v10.1.1...v11.0.0) ### Changed + - (CAT-1449) - Remove deprecated parameters for scriptaliases & passenger [#2470](https://github.com/puppetlabs/puppetlabs-apache/pull/2470) ([Ramesh7](https://github.com/Ramesh7)) - Remove deprecated classes [#2466](https://github.com/puppetlabs/puppetlabs-apache/pull/2466) ([ekohl](https://github.com/ekohl)) - Remove deprecated parameters from mod::userdir [#2465](https://github.com/puppetlabs/puppetlabs-apache/pull/2465) ([ekohl](https://github.com/ekohl)) @@ -133,6 +149,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v9.1.3...v10.0.0) ### Changed + - (CONT-772) Puppet 8 support / Drop Puppet 6 [#2405](https://github.com/puppetlabs/puppetlabs-apache/pull/2405) ([LukasAud](https://github.com/LukasAud)) ## [v9.1.3](https://github.com/puppetlabs/puppetlabs-apache/tree/v9.1.3) - 2023-04-20 @@ -192,6 +209,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v8.6.0...v9.0.0) ### Changed + - (GH-2291) Further refine types [#2359](https://github.com/puppetlabs/puppetlabs-apache/pull/2359) ([david22swan](https://github.com/david22swan)) - Drop deprecated a2mod type/providers [#2350](https://github.com/puppetlabs/puppetlabs-apache/pull/2350) ([bastelfreak](https://github.com/bastelfreak)) - Drop Apache 2.2 support [#2329](https://github.com/puppetlabs/puppetlabs-apache/pull/2329) ([ekohl](https://github.com/ekohl)) @@ -299,6 +317,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v7.0.0...v8.0.0) ### Changed + - Drop mod_fastcgi support [#2267](https://github.com/puppetlabs/puppetlabs-apache/pull/2267) ([ekohl](https://github.com/ekohl)) - Drop suphp support [#2263](https://github.com/puppetlabs/puppetlabs-apache/pull/2263) ([ekohl](https://github.com/ekohl)) - Use a stricter data type on apache::vhost::aliases [#2253](https://github.com/puppetlabs/puppetlabs-apache/pull/2253) ([ekohl](https://github.com/ekohl)) @@ -346,6 +365,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v6.5.1...v7.0.0) ### Changed + - Drop Debian < 8 and Ubuntu < 14.04 code [#2189](https://github.com/puppetlabs/puppetlabs-apache/pull/2189) ([ekohl](https://github.com/ekohl)) - Drop support and compatibility for Debian < 9 and Ubuntu < 16.04 [#2123](https://github.com/puppetlabs/puppetlabs-apache/pull/2123) ([ekohl](https://github.com/ekohl)) @@ -443,6 +463,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v5.10.0...v6.0.0) ### Changed + - pdksync - (MAINT) Remove SLES 11 support [#2132](https://github.com/puppetlabs/puppetlabs-apache/pull/2132) ([sanfrancrisko](https://github.com/sanfrancrisko)) - pdksync - Remove Puppet 5 from testing and bump minimal version to 6.0.0 [#2125](https://github.com/puppetlabs/puppetlabs-apache/pull/2125) ([carabasdaniel](https://github.com/carabasdaniel)) @@ -622,6 +643,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/4.1.0...v5.0.0) ### Changed + - pdksync - (MODULES-8444) - Raise lower Puppet bound [#1908](https://github.com/puppetlabs/puppetlabs-apache/pull/1908) ([david22swan](https://github.com/david22swan)) ### Added @@ -660,6 +682,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/3.5.0...4.0.0) ### Changed + - default server_tokens to prod - more secure default [#1746](https://github.com/puppetlabs/puppetlabs-apache/pull/1746) ([juju4](https://github.com/juju4)) ### Added @@ -809,6 +832,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/1.11.0...2.0.0) ### Changed + - MODULES-4824: Update the version compatibility to >= 4.7.0 < 5.0.0 [#1628](https://github.com/puppetlabs/puppetlabs-apache/pull/1628) ([angrox](https://github.com/angrox)) - Migrate to puppet4 datatypes [#1621](https://github.com/puppetlabs/puppetlabs-apache/pull/1621) ([bastelfreak](https://github.com/bastelfreak)) - Set default keepalive to On [#1434](https://github.com/puppetlabs/puppetlabs-apache/pull/1434) ([sathieu](https://github.com/sathieu)) @@ -1086,7 +1110,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a ### Added - Add support for changing mod_nss listen port (vol 2) [#1260](https://github.com/puppetlabs/puppetlabs-apache/pull/1260) ([rexcze-zz](https://github.com/rexcze-zz)) -- (MODULES-2811) Add missing helper lines to spec files [#1256](https://github.com/puppetlabs/puppetlabs-apache/pull/1256) ([alexharv074](https://github.com/alexharv074)) +- (MODULES-2811) Add missing helper lines to spec files [#1256](https://github.com/puppetlabs/puppetlabs-apache/pull/1256) ([alex-harvey-z3q](https://github.com/alex-harvey-z3q)) - Add missing parameters in mod_auth_kerb [#1255](https://github.com/puppetlabs/puppetlabs-apache/pull/1255) ([olivierHa](https://github.com/olivierHa)) - (MODULES-2764) Enclose IPv6 addresses in square brackets [#1248](https://github.com/puppetlabs/puppetlabs-apache/pull/1248) ([Benedikt1992](https://github.com/Benedikt1992)) - (MODULES-2757) Adding if around ServerName in template [#1237](https://github.com/puppetlabs/puppetlabs-apache/pull/1237) ([damonconway](https://github.com/damonconway)) @@ -1118,8 +1142,8 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a ### Fixed -- (MODULES-2813) Fix deprecation warning in spec_helper.rb [#1258](https://github.com/puppetlabs/puppetlabs-apache/pull/1258) ([alexharv074](https://github.com/alexharv074)) -- (MODULES-2812) Fix deprecation warning in service_spec.rb [#1257](https://github.com/puppetlabs/puppetlabs-apache/pull/1257) ([alexharv074](https://github.com/alexharv074)) +- (MODULES-2813) Fix deprecation warning in spec_helper.rb [#1258](https://github.com/puppetlabs/puppetlabs-apache/pull/1258) ([alex-harvey-z3q](https://github.com/alex-harvey-z3q)) +- (MODULES-2812) Fix deprecation warning in service_spec.rb [#1257](https://github.com/puppetlabs/puppetlabs-apache/pull/1257) ([alex-harvey-z3q](https://github.com/alex-harvey-z3q)) - Fix typo about dynamic AddHandler/AddType [#1254](https://github.com/puppetlabs/puppetlabs-apache/pull/1254) ([olivierHa](https://github.com/olivierHa)) - reduce constraints on regex to fix pe tests [#1231](https://github.com/puppetlabs/puppetlabs-apache/pull/1231) ([tphoney](https://github.com/tphoney)) - Fix ordering issue with conf_file and ports_file [#1230](https://github.com/puppetlabs/puppetlabs-apache/pull/1230) ([MasonM](https://github.com/MasonM)) @@ -1454,6 +1478,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/0.11.0...1.0.0) ### Changed + - Metadata [#661](https://github.com/puppetlabs/puppetlabs-apache/pull/661) ([apenney](https://github.com/apenney)) - Apache2.4 support [#552](https://github.com/puppetlabs/puppetlabs-apache/pull/552) ([scottasmith](https://github.com/scottasmith)) @@ -1667,6 +1692,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/0.6.0...0.7.0) ### Changed + - Refactor module [#182](https://github.com/puppetlabs/puppetlabs-apache/pull/182) ([hunner](https://github.com/hunner)) ### Added diff --git a/REFERENCE.md b/REFERENCE.md index 78eea6bfc5..63d0f907ee 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -29,6 +29,7 @@ * [`apache::mod::authz_user`](#apache--mod--authz_user): Installs `mod_authz_user` * [`apache::mod::autoindex`](#apache--mod--autoindex): Installs `mod_autoindex` * [`apache::mod::cache`](#apache--mod--cache): Installs `mod_cache` +* [`apache::mod::cache_disk`](#apache--mod--cache_disk): Installs and configures `mod_cache_disk`. * [`apache::mod::cgi`](#apache--mod--cgi): Installs `mod_cgi`. * [`apache::mod::cgid`](#apache--mod--cgid): Installs `mod_cgid`. * [`apache::mod::cluster`](#apache--mod--cluster): Installs `mod_cluster`. @@ -1791,6 +1792,153 @@ Installs `mod_cache` * https://httpd.apache.org/docs/current/mod/mod_cache.html * for additional documentation. +#### Parameters + +The following parameters are available in the `apache::mod::cache` class: + +* [`cache_ignore_headers`](#-apache--mod--cache--cache_ignore_headers) +* [`cache_default_expire`](#-apache--mod--cache--cache_default_expire) +* [`cache_max_expire`](#-apache--mod--cache--cache_max_expire) +* [`cache_ignore_no_lastmod`](#-apache--mod--cache--cache_ignore_no_lastmod) +* [`cache_header`](#-apache--mod--cache--cache_header) +* [`cache_lock`](#-apache--mod--cache--cache_lock) +* [`cache_ignore_cache_control`](#-apache--mod--cache--cache_ignore_cache_control) + +##### `cache_ignore_headers` + +Data type: `Array[String[1]]` + +Specifies HTTP header(s) that should not be stored in the cache. + +Default value: `[]` + +##### `cache_default_expire` + +Data type: `Optional[Integer]` + +The default duration to cache a document when no expiry date is specified. + +Default value: `undef` + +##### `cache_max_expire` + +Data type: `Optional[Integer]` + +The maximum time in seconds to cache a document + +Default value: `undef` + +##### `cache_ignore_no_lastmod` + +Data type: `Optional[Apache::OnOff]` + +Ignore the fact that a response has no Last Modified header. + +Default value: `undef` + +##### `cache_header` + +Data type: `Optional[Apache::OnOff]` + +Add an X-Cache header to the response. + +Default value: `undef` + +##### `cache_lock` + +Data type: `Optional[Apache::OnOff]` + +Enable the thundering herd lock. + +Default value: `undef` + +##### `cache_ignore_cache_control` + +Data type: `Optional[Apache::OnOff]` + +Ignore request to not serve cached content to client + +Default value: `undef` + +### `apache::mod::cache_disk` + +Installs and configures `mod_cache_disk`. + +* **See also** + * https://httpd.apache.org/docs/2.4/mod/mod_cache_disk.html + +#### Parameters + +The following parameters are available in the `apache::mod::cache_disk` class: + +* [`cache_root`](#-apache--mod--cache_disk--cache_root) +* [`cache_enable`](#-apache--mod--cache_disk--cache_enable) +* [`cache_dir_length`](#-apache--mod--cache_disk--cache_dir_length) +* [`cache_dir_levels`](#-apache--mod--cache_disk--cache_dir_levels) +* [`cache_max_filesize`](#-apache--mod--cache_disk--cache_max_filesize) +* [`cache_ignore_headers`](#-apache--mod--cache_disk--cache_ignore_headers) +* [`configuration_file_name`](#-apache--mod--cache_disk--configuration_file_name) + +##### `cache_root` + +Data type: `Optional[Stdlib::Absolutepath]` + +Defines the name of the directory on the disk to contain cache files. +Default depends on the Apache version and operating system: +- Debian: /var/cache/apache2/mod_cache_disk +- FreeBSD: /var/cache/mod_cache_disk +- Red Hat: /var/cache/httpd/proxy + +Default value: `undef` + +##### `cache_enable` + +Data type: `Array[String]` + +Defines an array of directories to cache, the default is none + +Default value: `[]` + +##### `cache_dir_length` + +Data type: `Optional[Integer]` + +The number of characters in subdirectory names + +Default value: `undef` + +##### `cache_dir_levels` + +Data type: `Optional[Integer]` + +The number of levels of subdirectories in the cache. + +Default value: `undef` + +##### `cache_max_filesize` + +Data type: `Optional[Integer]` + +The maximum size (in bytes) of a document to be placed in the cache + +Default value: `undef` + +##### `cache_ignore_headers` + +Data type: `Optional[String]` + +DEPRECATED Ignore request to not serve cached content to client (included for compatibility reasons to support disk_cache) + +Default value: `undef` + +##### `configuration_file_name` + +Data type: `Optional[String]` + +DEPRECATED Name of module configuration file (used for the compatibility layer for disk_cache) + +Default value: `undef` + ### `apache::mod::cgi` Installs `mod_cgi`. @@ -2078,11 +2226,12 @@ Default value: Installs and configures `mod_disk_cache`. -* **Note** On Apache 2.4, mod_cache_disk installed. +* **Note** Apache 2.2, mod_disk_cache installed. On Apache 2.4, mod_cache_disk installed. +This class is deprecated, use mode_cache_disk instead * **See also** * https://httpd.apache.org/docs/2.4/mod/mod_cache_disk.html - * for additional documentation. + * for additional documentation on version 2.4. #### Parameters @@ -2100,7 +2249,6 @@ Defines the name of the directory on the disk to contain cache files. Default depends on the Apache version and operating system: - Debian: /var/cache/apache2/mod_cache_disk - FreeBSD: /var/cache/mod_cache_disk -- Red Hat: /var/cache/httpd/proxy Default value: `undef` diff --git a/metadata.json b/metadata.json index cb9f1ab89e..f80bd2ec30 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-apache", - "version": "12.1.0", + "version": "12.2.0", "author": "puppetlabs", "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.", "license": "Apache-2.0", From b3a3c0fa5414615154dc6d28bc8acad7f6c90fea Mon Sep 17 00:00:00 2001 From: Greg Cox Date: Sat, 9 Nov 2024 04:18:02 +0000 Subject: [PATCH 57/74] Update types/oidcsettings UserInfoRefreshInterval to allow Integers again --- types/oidcsettings.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/types/oidcsettings.pp b/types/oidcsettings.pp index a4e53fa43e..3988f13098 100644 --- a/types/oidcsettings.pp +++ b/types/oidcsettings.pp @@ -20,7 +20,7 @@ Optional['Scope'] => Pattern[/^\"?[A-Za-z0-9\-\._\s]+\"?$/], Optional['AuthRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], Optional['SSLValidateServer'] => Apache::OnOff , - Optional['UserInfoRefreshInterval'] => Pattern[/^[0-9]+(\s+(logout_on_error|authenticate_on_error|502_on_error))?$/], + Optional['UserInfoRefreshInterval'] => Variant[Integer[-1], Pattern[/^[0-9]+(\s+(logout_on_error|authenticate_on_error|502_on_error))?$/]], Optional['JWKSRefreshInterval'] => Integer[-1], Optional['UserInfoTokenMethod'] => Enum['authz_header', 'post_param'], Optional['ProviderAuthRequestMethod'] => Enum['GET', 'POST', 'PAR'], From 722653a99059300893596514b6e6255d2d2ae7c1 Mon Sep 17 00:00:00 2001 From: Greg Cox Date: Mon, 11 Nov 2024 01:43:20 +0000 Subject: [PATCH 58/74] Include UserInfoRefreshInterval fix to REFERENCE.md --- REFERENCE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/REFERENCE.md b/REFERENCE.md index 63d0f907ee..69c53e1b16 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -11473,7 +11473,7 @@ Struct[{ Optional['Scope'] => Pattern[/^\"?[A-Za-z0-9\-\._\s]+\"?$/], Optional['AuthRequestParams'] => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/], Optional['SSLValidateServer'] => Apache::OnOff , - Optional['UserInfoRefreshInterval'] => Pattern[/^[0-9]+(\s+(logout_on_error|authenticate_on_error|502_on_error))?$/], + Optional['UserInfoRefreshInterval'] => Variant[Integer[-1], Pattern[/^[0-9]+(\s+(logout_on_error|authenticate_on_error|502_on_error))?$/]], Optional['JWKSRefreshInterval'] => Integer[-1], Optional['UserInfoTokenMethod'] => Enum['authz_header', 'post_param'], Optional['ProviderAuthRequestMethod'] => Enum['GET', 'POST', 'PAR'], From 2a91ac438711ee2ec910acfd1cd0d3191d663f35 Mon Sep 17 00:00:00 2001 From: Amit Karsale Date: Mon, 18 Nov 2024 09:53:57 +0530 Subject: [PATCH 59/74] (CAT-2158) Upgrade rexml to address CVE-2024-49761 --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 9f66bfa983..539f0765d1 100644 --- a/Gemfile +++ b/Gemfile @@ -34,7 +34,7 @@ group :development do gem "rubocop-performance", '= 1.16.0', require: false gem "rubocop-rspec", '= 2.19.0', require: false gem "rb-readline", '= 0.5.5', require: false, platforms: [:mswin, :mingw, :x64_mingw] - gem "rexml", '>= 3.0.0', '< 3.2.7', require: false + gem "rexml", '>= 3.3.9', require: false end group :development, :release_prep do gem "puppet-strings", '~> 4.0', require: false From 19c0e9d676233f370b7a9f303e7b2dcb19d7f6a4 Mon Sep 17 00:00:00 2001 From: skyamgarp <130442619+skyamgarp@users.noreply.github.com> Date: Tue, 22 Oct 2024 18:40:57 +0530 Subject: [PATCH 60/74] (CAT-2100) Add Debian 12 support (CAT-2100) Updated specs (CAT-2100) Fix failing test (CAT-2100) Fix rubocop --- metadata.json | 3 ++- spec/acceptance/mod_php_spec.rb | 3 ++- spec/classes/mod/php_spec.rb | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/metadata.json b/metadata.json index f80bd2ec30..bc12b33c38 100644 --- a/metadata.json +++ b/metadata.json @@ -49,7 +49,8 @@ "operatingsystem": "Debian", "operatingsystemrelease": [ "10", - "11" + "11", + "12" ] }, { diff --git a/spec/acceptance/mod_php_spec.rb b/spec/acceptance/mod_php_spec.rb index 5c9f41e21f..8fd3dc9c29 100644 --- a/spec/acceptance/mod_php_spec.rb +++ b/spec/acceptance/mod_php_spec.rb @@ -20,6 +20,7 @@ class { 'apache::mod::php': } content => "\\n", } MANIFEST + it 'succeeds in puppeting php' do apply_manifest(pp, catch_failures: true) end @@ -36,7 +37,7 @@ class { 'apache::mod::php': } describe file("#{apache_hash['mod_dir']}/php7.4.conf") do it { is_expected.to contain 'DirectoryIndex index.php' } end - elsif os[:family] == 'debian' && os[:release] =~ %r{^12\.} + elsif os[:family] == 'debian' && os[:release] =~ %r{^12} describe file("#{apache_hash['mod_dir']}/php8.2.conf") do it { is_expected.to contain 'DirectoryIndex index.php' } end diff --git a/spec/classes/mod/php_spec.rb b/spec/classes/mod/php_spec.rb index 8c4e774d63..9cb56b04d7 100644 --- a/spec/classes/mod/php_spec.rb +++ b/spec/classes/mod/php_spec.rb @@ -91,7 +91,7 @@ it { expect(subject).to contain_file('php8.2.load').with( - content: "LoadModule php8_module /usr/lib/apache2/modules/libphp8.2.so\n", + content: "LoadModule php_module /usr/lib/apache2/modules/libphp8.2.so\n", ) } end From df182227f694e0fc2dceb6cc0f5b67847df84423 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Wed, 20 Nov 2024 11:37:15 -1000 Subject: [PATCH 61/74] Allow configuring RemoteIPProxyProtocol at VHost level The module currently support configuring RemoteIP PROXY Protocol at the system level, but the settings can also be used for specific virtual hosts. Allow to set `RemoteIPProxyProtocol` and `RemoteIPProxyProtocolExceptions` at the VHost level. For cosistency, une the same parameter names and types as the ones used for mod_remoteip configuration. --- manifests/vhost.pp | 22 ++++++++++++++++++++++ spec/defines/vhost_spec.rb | 11 ++++++++++- templates/vhost/_proxy_protocol.epp | 8 ++++++++ 3 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 templates/vhost/_proxy_protocol.epp diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 7414a6f165..9f95aecbb4 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -1705,6 +1705,11 @@ # @param userdir # Instances of apache::mod::userdir # +# @param proxy_protocol +# Enable or disable PROXY protocol handling +# +# @param proxy_protocol_exceptions +# Disable processing of PROXY header for certain hosts or networks define apache::vhost ( Variant[Stdlib::Absolutepath, Boolean] $docroot, Boolean $manage_docroot = true, @@ -1966,6 +1971,8 @@ Apache::OIDCSettings $oidc_settings = {}, Optional[Variant[Boolean, String]] $mdomain = undef, Optional[Variant[String[1], Array[String[1]]]] $userdir = undef, + Optional[Boolean] $proxy_protocol = undef, + Array[Stdlib::Host] $proxy_protocol_exceptions = [], ) { # The base class must be included first because it is used by parameter defaults if ! defined(Class['apache']) { @@ -2955,6 +2962,21 @@ } } + if $proxy_protocol != undef { + include apache::mod::remoteip + + $proxy_protocol_params = { + proxy_protocol => $proxy_protocol, + proxy_protocol_exceptions => $proxy_protocol_exceptions, + } + + concat::fragment { "${name}-proxy_protocol": + target => "${priority_real}${filename}.conf", + order => 400, + content => epp('apache/vhost/_proxy_protocol.epp', $proxy_protocol_params), + } + } + $file_footer_params = { 'define' => $define, 'passenger_pre_start' => $passenger_pre_start, diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index f448b8ca53..b80fd61b0e 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -551,7 +551,9 @@ 'ClientSecret' => 'aae053a9-4abf-4824-8956-e94b2af335c8', 'CryptoPassphrase' => '4ad1bb46-9979-450e-ae58-c696967df3cd' }, 'mdomain' => 'example.com example.net auto', - 'userdir' => 'disabled' + 'userdir' => 'disabled', + 'proxy_protocol' => true, + 'proxy_protocol_exceptions' => ['127.0.0.1', '10.0.0.0/8'], } end @@ -968,6 +970,13 @@ content: %r{^MDomain example\.com example\.net auto$}, ) } + + it { + expect(subject).to contain_concat__fragment('rspec.example.com-proxy_protocol') + .with_content(%r{^\s+RemoteIPProxyProtocol On$}) + .with_content(%r{^\s+RemoteIPProxyProtocolExceptions 127\.0\.0\.1$}) + .with_content(%r{^\s+RemoteIPProxyProtocolExceptions 10\.0\.0\.0/8$}) + } end context 'vhost with proxy_add_headers true' do diff --git a/templates/vhost/_proxy_protocol.epp b/templates/vhost/_proxy_protocol.epp new file mode 100644 index 0000000000..d022f74c5b --- /dev/null +++ b/templates/vhost/_proxy_protocol.epp @@ -0,0 +1,8 @@ +<%- | + Boolean $proxy_protocol, + Array[Stdlib::Host] $proxy_protocol_exceptions, +| -%> + RemoteIPProxyProtocol <%= apache::bool2httpd($proxy_protocol) %> +<% $proxy_protocol_exceptions.each |$exception| { -%> + RemoteIPProxyProtocolExceptions <%= $exception %> +<% } -%> From 3c58ec686bcf011bb452e9ba300b535e658c20da Mon Sep 17 00:00:00 2001 From: Tames McTigue Date: Thu, 28 Nov 2024 13:24:55 +0300 Subject: [PATCH 62/74] Adding ModSecurity parameter for audit log format. --- manifests/mod/security.pp | 6 ++++++ manifests/params.pp | 1 + spec/classes/mod/security_spec.rb | 2 ++ templates/mod/security.conf.epp | 3 +++ 4 files changed, 12 insertions(+) diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp index a64be57f8a..4247ddf8c4 100644 --- a/manifests/mod/security.pp +++ b/manifests/mod/security.pp @@ -32,6 +32,10 @@ # # @param audit_log_type # Defines the type of audit logging mechanism to be used. +# +# @param audit_log_format +# Defines what format the logs should be written in. Accepts `Native` and `JSON`. +# Default value: Native # # @param audit_log_storage_dir # Defines the directory where concurrent audit log entries are to be stored. This directive is only needed when concurrent audit logging is used. @@ -143,6 +147,7 @@ String $audit_log_relevant_status = '^(?:5|4(?!04))', String $audit_log_parts = $apache::params::modsec_audit_log_parts, String $audit_log_type = $apache::params::modsec_audit_log_type, + Enum['Native', 'JSON'] $audit_log_format = $apache::params::modsec_audit_log_format, Optional[Stdlib::Absolutepath] $audit_log_storage_dir = undef, Integer $secpcrematchlimit = $apache::params::secpcrematchlimit, Integer $secpcrematchlimitrecursion = $apache::params::secpcrematchlimitrecursion, @@ -256,6 +261,7 @@ 'audit_log_relevant_status' => $audit_log_relevant_status, 'audit_log_parts' => $audit_log_parts, 'audit_log_type' => $audit_log_type, + 'audit_log_format' => $audit_log_format, 'audit_log_storage_dir' => $audit_log_storage_dir, 'logroot' => $logroot, } diff --git a/manifests/params.pp b/manifests/params.pp index be3fd6b24d..113b5939ce 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -36,6 +36,7 @@ $modsec_audit_log_parts = 'ABIJDEFHZ' $modsec_audit_log_type = 'Serial' + $modsec_audit_log_format = 'Native' $modsec_custom_rules = false $modsec_custom_rules_set = undef diff --git a/spec/classes/mod/security_spec.rb b/spec/classes/mod/security_spec.rb index ec41852199..a1c457457b 100644 --- a/spec/classes/mod/security_spec.rb +++ b/spec/classes/mod/security_spec.rb @@ -102,6 +102,7 @@ audit_log_relevant_status: '^(?:5|4(?!01|04))', audit_log_parts: 'ABCDZ', audit_log_type: 'Concurrent', + audit_log_format: 'JSON', audit_log_storage_dir: '/var/log/httpd/audit', secdefaultaction: 'deny,status:406,nolog,auditlog', secrequestbodyaccess: 'Off', @@ -114,6 +115,7 @@ it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecAuditLogRelevantStatus "\^\(\?:5\|4\(\?!01\|04\)\)"$} } it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecAuditLogParts ABCDZ$} } it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecAuditLogType Concurrent$} } + it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecAuditLogFormat JSON$} } it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecAuditLogStorageDir /var/log/httpd/audit$} } it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecRequestBodyAccess Off$} } it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecResponseBodyAccess On$} } diff --git a/templates/mod/security.conf.epp b/templates/mod/security.conf.epp index dbca254b30..4e6a6e789e 100644 --- a/templates/mod/security.conf.epp +++ b/templates/mod/security.conf.epp @@ -49,6 +49,9 @@ SecAuditLogRelevantStatus "<%= $audit_log_relevant_status %>" SecAuditLogParts <%= $audit_log_parts %> SecAuditLogType <%= $audit_log_type %> + <%- if $audit_log_format == 'JSON' { -%> + SecAuditLogFormat JSON + <%- } -%> <%- if $audit_log_storage_dir { -%> SecAuditLogStorageDir <%= $audit_log_storage_dir %> <%- } -%> From db12e0eb3a29d182d632edde6e414c98d1063925 Mon Sep 17 00:00:00 2001 From: Tames McTigue Date: Thu, 28 Nov 2024 13:47:00 +0300 Subject: [PATCH 63/74] Update REFERENCE.md with new parameter --- REFERENCE.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/REFERENCE.md b/REFERENCE.md index 69c53e1b16..dc4f80aff3 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -6075,6 +6075,7 @@ The following parameters are available in the `apache::mod::security` class: * [`audit_log_relevant_status`](#-apache--mod--security--audit_log_relevant_status) * [`audit_log_parts`](#-apache--mod--security--audit_log_parts) * [`audit_log_type`](#-apache--mod--security--audit_log_type) +* [`audit_log_format`](#-apache--mod--security--audit_log_format) * [`audit_log_storage_dir`](#-apache--mod--security--audit_log_storage_dir) * [`secpcrematchlimit`](#-apache--mod--security--secpcrematchlimit) * [`secpcrematchlimitrecursion`](#-apache--mod--security--secpcrematchlimitrecursion) @@ -6194,6 +6195,15 @@ Defines the type of audit logging mechanism to be used. Default value: `$apache::params::modsec_audit_log_type` +##### `audit_log_format` + +Data type: `Enum['Native', 'JSON']` + +Defines what format the logs should be written in. Accepts `Native` and `JSON`. +Default value: Native + +Default value: `$apache::params::modsec_audit_log_format` + ##### `audit_log_storage_dir` Data type: `Optional[Stdlib::Absolutepath]` From b085de66e5edf1e32fa0c4cebffb0c26ef4bffcb Mon Sep 17 00:00:00 2001 From: Tames McTigue Date: Thu, 28 Nov 2024 13:48:37 +0300 Subject: [PATCH 64/74] Fixed docstring to fit existing format --- REFERENCE.md | 1 - manifests/mod/security.pp | 1 - 2 files changed, 2 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index dc4f80aff3..14f2138a57 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -6200,7 +6200,6 @@ Default value: `$apache::params::modsec_audit_log_type` Data type: `Enum['Native', 'JSON']` Defines what format the logs should be written in. Accepts `Native` and `JSON`. -Default value: Native Default value: `$apache::params::modsec_audit_log_format` diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp index 4247ddf8c4..839b90e36d 100644 --- a/manifests/mod/security.pp +++ b/manifests/mod/security.pp @@ -35,7 +35,6 @@ # # @param audit_log_format # Defines what format the logs should be written in. Accepts `Native` and `JSON`. -# Default value: Native # # @param audit_log_storage_dir # Defines the directory where concurrent audit log entries are to be stored. This directive is only needed when concurrent audit logging is used. From f231a3cce7c7356dc643acf9db4ca5a79d4ad6f9 Mon Sep 17 00:00:00 2001 From: Evgeni Golov Date: Mon, 16 Dec 2024 13:43:46 +0100 Subject: [PATCH 65/74] fix license entry in the toc not being a link Signed-off-by: Evgeni Golov --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 6119fb6983..703fe1a34b 100644 --- a/README.md +++ b/README.md @@ -21,6 +21,8 @@ [Limitations]: #limitations +[License]: #license + [Development]: #development [`AddDefaultCharset`]: https://httpd.apache.org/docs/current/mod/core.html#adddefaultcharset @@ -861,6 +863,7 @@ COVERAGE=yes bundle exec rake parallel_spec Acceptance tests for this module leverage [puppet_litmus](https://github.com/puppetlabs/puppet_litmus). To run the acceptance tests follow the instructions [here](https://puppetlabs.github.io/litmus/Running-acceptance-tests.html). You can also find a tutorial and walkthrough of using Litmus and the PDK on [YouTube](https://www.youtube.com/watch?v=FYfR7ZEGHoE). + ## License This codebase is licensed under the Apache2.0 licensing, however due to the nature of the codebase the open source dependencies may also use a combination of [AGPL](https://opensource.org/license/agpl-v3/), [BSD-2](https://opensource.org/license/bsd-2-clause/), [BSD-3](https://opensource.org/license/bsd-3-clause/), [GPL2.0](https://opensource.org/license/gpl-2-0/), [LGPL](https://opensource.org/license/lgpl-3-0/), [MIT](https://opensource.org/license/mit/) and [MPL](https://opensource.org/license/mpl-2-0/) Licensing. From 692ec9e2c2b960fddf4b9fca94ba3e8f424c8854 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Mon, 16 Dec 2024 15:22:04 +0000 Subject: [PATCH 66/74] Release prep v12.3.0 --- CHANGELOG.md | 14 ++++++++++++++ metadata.json | 2 +- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2012b2ba4f..e4de837f26 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,19 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org). +## [v12.3.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v12.3.0) - 2024-12-16 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v12.2.0...v12.3.0) + +### Added + +- (CAT-2100) Add Debian 12 support [#2572](https://github.com/puppetlabs/puppetlabs-apache/pull/2572) ([shubhamshinde360](https://github.com/shubhamshinde360)) + +### Fixed + +- (CAT-2158) Upgrade rexml to address CVE-2024-49761 [#2579](https://github.com/puppetlabs/puppetlabs-apache/pull/2579) ([amitkarsale](https://github.com/amitkarsale)) +- Update types/oidcsettings UserInfoRefreshInterval to allow Integers again [#2578](https://github.com/puppetlabs/puppetlabs-apache/pull/2578) ([gcoxmoz](https://github.com/gcoxmoz)) + ## [v12.2.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v12.2.0) - 2024-10-23 [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v12.1.0...v12.2.0) @@ -17,6 +30,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a ### Fixed +- Fix apache2-mod_php7 not found for SLES-15 [#2568](https://github.com/puppetlabs/puppetlabs-apache/pull/2568) ([Harvey2504](https://github.com/Harvey2504)) - Add missing brackets for function call [#2540](https://github.com/puppetlabs/puppetlabs-apache/pull/2540) ([gerlingsm](https://github.com/gerlingsm)) ## [v12.1.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v12.1.0) - 2024-04-03 diff --git a/metadata.json b/metadata.json index bc12b33c38..906dd3490e 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-apache", - "version": "12.2.0", + "version": "12.3.0", "author": "puppetlabs", "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.", "license": "Apache-2.0", From 72ceff36afb48d194b882a25b78c13721e4c758d Mon Sep 17 00:00:00 2001 From: Tames McTigue Date: Sun, 5 Jan 2025 13:15:01 +0300 Subject: [PATCH 67/74] Following smortex's suggestions --- manifests/mod/security.pp | 4 ++-- manifests/params.pp | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp index 839b90e36d..95726f0905 100644 --- a/manifests/mod/security.pp +++ b/manifests/mod/security.pp @@ -34,7 +34,7 @@ # Defines the type of audit logging mechanism to be used. # # @param audit_log_format -# Defines what format the logs should be written in. Accepts `Native` and `JSON`. +# Defines what format the logs should be written in. # # @param audit_log_storage_dir # Defines the directory where concurrent audit log entries are to be stored. This directive is only needed when concurrent audit logging is used. @@ -146,7 +146,7 @@ String $audit_log_relevant_status = '^(?:5|4(?!04))', String $audit_log_parts = $apache::params::modsec_audit_log_parts, String $audit_log_type = $apache::params::modsec_audit_log_type, - Enum['Native', 'JSON'] $audit_log_format = $apache::params::modsec_audit_log_format, + Enum['Native', 'JSON'] $audit_log_format = 'Native', Optional[Stdlib::Absolutepath] $audit_log_storage_dir = undef, Integer $secpcrematchlimit = $apache::params::secpcrematchlimit, Integer $secpcrematchlimitrecursion = $apache::params::secpcrematchlimitrecursion, diff --git a/manifests/params.pp b/manifests/params.pp index 113b5939ce..be3fd6b24d 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -36,7 +36,6 @@ $modsec_audit_log_parts = 'ABIJDEFHZ' $modsec_audit_log_type = 'Serial' - $modsec_audit_log_format = 'Native' $modsec_custom_rules = false $modsec_custom_rules_set = undef From 8a10df5694b84cb5b58aeb2d3c1d8228089f89d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Mon, 6 Jan 2025 14:30:11 -1000 Subject: [PATCH 68/74] Regenerate REFERENCE.md --- REFERENCE.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index 14f2138a57..8c84b6ca0a 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -6199,9 +6199,9 @@ Default value: `$apache::params::modsec_audit_log_type` Data type: `Enum['Native', 'JSON']` -Defines what format the logs should be written in. Accepts `Native` and `JSON`. +Defines what format the logs should be written in. -Default value: `$apache::params::modsec_audit_log_format` +Default value: `'Native'` ##### `audit_log_storage_dir` From 7131f54a7ebb3b1be22bc75698756f626262ab63 Mon Sep 17 00:00:00 2001 From: uoe-pjackson <56168566+uoe-pjackson@users.noreply.github.com> Date: Fri, 28 Feb 2025 18:08:58 +0000 Subject: [PATCH 69/74] Fix mod_headers load for headers in directory #2590 --- manifests/vhost.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 9f95aecbb4..03c86938b0 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -2358,7 +2358,7 @@ } } - if 'request_headers' in $directory { + if 'request_headers' in $directory or 'headers' in $directory { include apache::mod::headers } From a981abf0044523f786093e08e949f89632f35265 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Wed, 5 Mar 2025 06:55:12 +0000 Subject: [PATCH 70/74] Release prep v12.3.0 --- CHANGELOG.md | 13 ++++++++++--- REFERENCE.md | 27 +++++++++++++++++++++++++++ 2 files changed, 37 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e4de837f26..b7f8d4cf72 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,19 +5,26 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org). -## [v12.3.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v12.3.0) - 2024-12-16 +## [v12.3.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v12.3.0) - 2025-03-05 [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v12.2.0...v12.3.0) ### Added +- Allow configuring RemoteIPProxyProtocol at VHost level [#2582](https://github.com/puppetlabs/puppetlabs-apache/pull/2582) ([smortex](https://github.com/smortex)) - (CAT-2100) Add Debian 12 support [#2572](https://github.com/puppetlabs/puppetlabs-apache/pull/2572) ([shubhamshinde360](https://github.com/shubhamshinde360)) +- Feature: Allow to set the verbosity of the debug [#2523](https://github.com/puppetlabs/puppetlabs-apache/pull/2523) ([JGodin-C2C](https://github.com/JGodin-C2C)) ### Fixed - (CAT-2158) Upgrade rexml to address CVE-2024-49761 [#2579](https://github.com/puppetlabs/puppetlabs-apache/pull/2579) ([amitkarsale](https://github.com/amitkarsale)) - Update types/oidcsettings UserInfoRefreshInterval to allow Integers again [#2578](https://github.com/puppetlabs/puppetlabs-apache/pull/2578) ([gcoxmoz](https://github.com/gcoxmoz)) +### Other + +- Fix mod_headers load for headers in directory #2590 [#2591](https://github.com/puppetlabs/puppetlabs-apache/pull/2591) ([uoe-pjackson](https://github.com/uoe-pjackson)) +- Adding ModSecurity parameter for audit log format. [#2583](https://github.com/puppetlabs/puppetlabs-apache/pull/2583) ([Tamerz](https://github.com/Tamerz)) + ## [v12.2.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v12.2.0) - 2024-10-23 [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v12.1.0...v12.2.0) @@ -118,7 +125,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a - (CAT-1283) - Enable forensic module [#2442](https://github.com/puppetlabs/puppetlabs-apache/pull/2442) ([Ramesh7](https://github.com/Ramesh7)) - (CAT-1281) - Support to add cipher with respective ssl protocol [#2440](https://github.com/puppetlabs/puppetlabs-apache/pull/2440) ([Ramesh7](https://github.com/Ramesh7)) - feat: add Debian12 Compability [#2439](https://github.com/puppetlabs/puppetlabs-apache/pull/2439) ([Robnarok](https://github.com/Robnarok)) -- Add MellonSetEnv support [#2423](https://github.com/puppetlabs/puppetlabs-apache/pull/2423) ([ic248](https://github.com/ic248)) +- Add MellonSetEnv support [#2423](https://github.com/puppetlabs/puppetlabs-apache/pull/2423) ([](https://github.com/)) - Add the missing mod_authnz_ldap parameters [#2404](https://github.com/puppetlabs/puppetlabs-apache/pull/2404) ([chutzimir](https://github.com/chutzimir)) ### Fixed @@ -667,7 +674,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a ### Fixed -- (MODULES-9014) Improve SSLSessionTickets handling [#1923](https://github.com/puppetlabs/puppetlabs-apache/pull/1923) ([FredericLespez](https://github.com/FredericLespez)) +- (MODULES-9014) Improve SSLSessionTickets handling [#1923](https://github.com/puppetlabs/puppetlabs-apache/pull/1923) ([FredL69](https://github.com/FredL69)) - (MODULES-8931) Fix stahnma/epel failures [#1914](https://github.com/puppetlabs/puppetlabs-apache/pull/1914) ([eimlav](https://github.com/eimlav)) - Fix wsgi_daemon_process to support hash data type [#1884](https://github.com/puppetlabs/puppetlabs-apache/pull/1884) ([mdechiaro](https://github.com/mdechiaro)) diff --git a/REFERENCE.md b/REFERENCE.md index 8c84b6ca0a..76106a38a1 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -6072,6 +6072,7 @@ The following parameters are available in the `apache::mod::security` class: * [`custom_rules_set`](#-apache--mod--security--custom_rules_set) * [`modsec_dir`](#-apache--mod--security--modsec_dir) * [`modsec_secruleengine`](#-apache--mod--security--modsec_secruleengine) +* [`debug_log_level`](#-apache--mod--security--debug_log_level) * [`audit_log_relevant_status`](#-apache--mod--security--audit_log_relevant_status) * [`audit_log_parts`](#-apache--mod--security--audit_log_parts) * [`audit_log_type`](#-apache--mod--security--audit_log_type) @@ -6170,6 +6171,14 @@ Configures the rules engine. Default value: `$apache::params::modsec_secruleengine` +##### `debug_log_level` + +Data type: `Integer[0, 9]` + +Configures the debug log level. + +Default value: `0` + ##### `audit_log_relevant_status` Data type: `String` @@ -7910,6 +7919,8 @@ The following parameters are available in the `apache::vhost` defined type: * [`mdomain`](#-apache--vhost--mdomain) * [`proxy_requests`](#-apache--vhost--proxy_requests) * [`userdir`](#-apache--vhost--userdir) +* [`proxy_protocol`](#-apache--vhost--proxy_protocol) +* [`proxy_protocol_exceptions`](#-apache--vhost--proxy_protocol_exceptions) ##### `access_log` @@ -10838,6 +10849,22 @@ Instances of apache::mod::userdir Default value: `undef` +##### `proxy_protocol` + +Data type: `Optional[Boolean]` + +Enable or disable PROXY protocol handling + +Default value: `undef` + +##### `proxy_protocol_exceptions` + +Data type: `Array[Stdlib::Host]` + +Disable processing of PROXY header for certain hosts or networks + +Default value: `[]` + ### `apache::vhost::custom` The `apache::vhost::custom` defined type is a thin wrapper around the `apache::custom_config` defined type, and simply overrides some of its default settings specific to the virtual host directory in Apache. From 79ba18c523fc53c911cac3e42fd53271a9494301 Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Mon, 10 Mar 2025 17:29:21 +0100 Subject: [PATCH 71/74] Correct whitespace in arrow alignment Fixes: cedd45b63be8 ("Drop Apache 2.2 support") --- manifests/mod/prefork.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/mod/prefork.pp b/manifests/mod/prefork.pp index 1138d8314b..24cf217f43 100644 --- a/manifests/mod/prefork.pp +++ b/manifests/mod/prefork.pp @@ -94,7 +94,7 @@ } 'Suse': { ::apache::mpm { 'prefork': - lib_path => '/usr/lib64/apache2-prefork', + lib_path => '/usr/lib64/apache2-prefork', } } 'Gentoo': { From 33056865af61b4f24dfc133adba9f2ee8ad51834 Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Mon, 10 Mar 2025 13:46:51 +0100 Subject: [PATCH 72/74] Install mod_http2 on EL if required In EL8 httpd had a hard requirement on mod_http2 but in EL9 it turned into a weak dependency. While most installs default to installing weak dependencies, it can be disabled by users. OracleLinux even defaults to disabled. EL7 doesn't have http2 at all so the whole class can't be used with it. --- manifests/params.pp | 1 + spec/classes/mod/http2_spec.rb | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/manifests/params.pp b/manifests/params.pp index be3fd6b24d..60318ef6aa 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -202,6 +202,7 @@ 'authnz_pam' => 'mod_authnz_pam', 'fcgid' => 'mod_fcgid', 'geoip' => 'mod_geoip', + 'http2' => 'mod_http2', 'intercept_form_submit' => 'mod_intercept_form_submit', 'ldap' => 'mod_ldap', 'lookup_identity' => 'mod_lookup_identity', diff --git a/spec/classes/mod/http2_spec.rb b/spec/classes/mod/http2_spec.rb index 3046914d06..54130e36c7 100644 --- a/spec/classes/mod/http2_spec.rb +++ b/spec/classes/mod/http2_spec.rb @@ -85,4 +85,11 @@ it { is_expected.to contain_file('http2.conf').with(content: expected_content) } end end + + context 'on Red Hat 8' do + include_examples 'RedHat 8' do + it { is_expected.to contain_class('apache::mod::http2') } + it { is_expected.to contain_package('mod_http2') } + end + end end From d77ba526ad26cdaf1e4e9747d6d8785a1aa7047b Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Mon, 31 Mar 2025 15:08:01 +0000 Subject: [PATCH 73/74] Release prep v12.3.1 --- CHANGELOG.md | 8 ++++++++ metadata.json | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b7f8d4cf72..083cf00f1d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,14 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org). +## [v12.3.1](https://github.com/puppetlabs/puppetlabs-apache/tree/v12.3.1) - 2025-03-31 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v12.3.0...v12.3.1) + +### Fixed + +- Install mod_http2 on EL if required [#2593](https://github.com/puppetlabs/puppetlabs-apache/pull/2593) ([ekohl](https://github.com/ekohl)) + ## [v12.3.0](https://github.com/puppetlabs/puppetlabs-apache/tree/v12.3.0) - 2025-03-05 [Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/v12.2.0...v12.3.0) diff --git a/metadata.json b/metadata.json index 906dd3490e..473938b825 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-apache", - "version": "12.3.0", + "version": "12.3.1", "author": "puppetlabs", "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.", "license": "Apache-2.0", From 164e4557f990798ea1240baafca4663163746ffd Mon Sep 17 00:00:00 2001 From: Shubham Shinde Date: Tue, 22 Apr 2025 12:01:19 +0530 Subject: [PATCH 74/74] (CAT-2296) Update github runner image to ubuntu-24.04 ubuntu-20.04 is not supported anymore: https://github.com/actions/runner-images/issues/11101 --- .github/workflows/ci.yml | 4 ++-- .github/workflows/nightly.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e6dd8d7bc0..93cd3406b7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -10,12 +10,12 @@ jobs: Spec: uses: "puppetlabs/cat-github-actions/.github/workflows/module_ci.yml@main" with: - runs_on: "ubuntu-20.04" + runs_on: "ubuntu-24.04" secrets: "inherit" Acceptance: needs: Spec uses: "puppetlabs/cat-github-actions/.github/workflows/module_acceptance.yml@main" with: - runs_on: "ubuntu-20.04" + runs_on: "ubuntu-24.04" secrets: "inherit" diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 8ea551fa5d..dddcf87b3b 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -9,13 +9,13 @@ jobs: Spec: uses: "puppetlabs/cat-github-actions/.github/workflows/module_ci.yml@main" with: - runs_on: "ubuntu-20.04" + runs_on: "ubuntu-24.04" secrets: "inherit" Acceptance: needs: Spec uses: "puppetlabs/cat-github-actions/.github/workflows/module_acceptance.yml@main" with: - runs_on: "ubuntu-20.04" + runs_on: "ubuntu-24.04" secrets: "inherit"