Adjusted and documented class names and for disabling http -> https r…

…edirection

While implementing the ability to prevent listening on port 80 I noticed this
documentation was missing so I added it.

Based on feedback from the PR providing capability to disable listening on port
80 these related settings to avoid redirecting from http -> https were updated
to be more clear.

Warnings were also introduced to highlight the case of using the older less
understandable value and redirection to http is automatically disabled if plain
http is disabled.

Ticket: ENT-2071
Changelog: None

MPF.md

@@ -255,10 +255,39 @@ By default Mission Portal listens for HTTP requests on port 80, redirecting to H
 }
 ```
 
+**Notes:**
+
+- If this class (`default:cfe_enterprise_disable_http_redirect_to_https`) is defined the class `default:cfe_enterprise_disable_plain_http` is defined is automatically defined.
+
 **History:**
 
 - Added in CFEngine 3.23.0
 
+### Disable plain http redirect to https for CFEngine Enterprise Mission Portal
+
+By default Mission Portal listens for HTTP requests on port 80, redirecting to HTTPS on port 443. To prevent redirection of requests on HTTP to HTTPS define `default:cfe_enterprise_disable_http_redirect_to_https`.
+
+**For example:**
+
+```json
+{
+  "classes": {
+    "default:cfe_enterprise_disable_http_redirect_to_https": {
+      "class_expressions": [ "(am_policy_hub|policy_server).test_server::" ]
+    }
+  }
+}
+```
+
+**Notes:**
+
+- If `default:cfe_enterprise_disable_plain_http` is defined, this class (`default:cfe_enterprise_disable_http_redirect_to_https`) is automatically defined.
+
+**History:**
+
+- Added in CFEngine 3.6.0
+- Class renamed from `cfe_cfengine_enterprise_enable_plain_http` to `cfe_enterprise_disable_http_redirect_to_https` in CFEngine 3.23.0
+
 ### Disable cf\_promises\_validated check
 
 For non policy hubs the default update policy only performs a full scan of

cfe_internal/enterprise/templates/httpd.conf.mustache

@@ -234,11 +234,11 @@ AddType    application/x-httpd-php-source php{{{vars.cfe_internal_hub_vars.php_v
   <IfModule rewrite_module>
     RewriteEngine On
 
-    {{^classes.cfe_enterprise_enable_plain_http}}
+    {{^classes.cfe_enterprise_disable_http_redirect_to_https}}
     # Force https with redirection
     RewriteCond %{HTTPS} off
     RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
-    {{/classes.cfe_enterprise_enable_plain_http}}
+    {{/classes.cfe_enterprise_disable_http_redirect_to_https}}
 
     {{#classes.mission_portal_index_php_redirect_enabled}}
     # redirect from `index.php/path` to `/path`

controls/def.cf

@@ -676,6 +676,21 @@ bundle common def
       # Enable paths to POSIX tools instead of native tools when possible.
       "mpf_stdlib_use_posix_utils" expression => "any";
 
+    enterprise_edition.(policy_server|am_policy_hub)::
+      "cfe_enterprise_disable_http_redirect_to_https"
+        scope => "namespace",
+        expression => "cfe_cfengine_enterprise_enable_plain_http";
+
+      "cfe_enterprise_disable_http_redirect_to_https"
+        expression => "cfe_enterprise_disable_plain_http",
+        comment => "If plain http is disabled, it makes no sense to redirect to it, so we disable that as well.";
+
+  reports:
+      "Warning: the 'cfe_cfengine_enterprise_enable_plain_http' class has been deprecated in favor of 'cfe_enterprise_disable_http_redirect_to_https', please adjust accordingly. The  'cfe_enterprise_disable_http_redirect_to_https' class has been set automatically."
+        if => "cfe_enterprise_disable_http_redirect_to_https.cfe_cfengine_enterprise_enable_plain_http";
+      "Warning: the 'cfe_cfengine_enterprise_enable_plain_http' class has been deprecated in favor of 'cfe_enterprise_disable_http_redirect_to_https', please adjust accordingly."
+        if => "cfe_cfengine_enterprise_enable_plain_http.!cfe_enterprise_disable_http_redirect_to_https";
+
 }
 
 bundle common inventory_control