diff --git a/ModuleFile b/ModuleFile index bbc56d2..a8d6849 100644 --- a/ModuleFile +++ b/ModuleFile @@ -1,5 +1,5 @@ name 'citops-repose' -version '2.6.2' +version '2.6.3' description "Repose is an api middleware that provides authentication, filtering, ratelimitting and several other features, this deploys it." project_page 'https://github.com/rackerlabs/puppet-repose' diff --git a/manifests/filter/header_normalization.pp b/manifests/filter/header_normalization.pp index 3b48a9f..2021112 100644 --- a/manifests/filter/header_normalization.pp +++ b/manifests/filter/header_normalization.pp @@ -28,6 +28,7 @@ # 'default': # header_filters => [ # { +# 'direction' => 'request', # 'http-methods' => 'GET', # 'blacklists' => [ # { diff --git a/puppet-module-repose.spec b/puppet-module-repose.spec index b933f9e..5b31a4c 100644 --- a/puppet-module-repose.spec +++ b/puppet-module-repose.spec @@ -2,7 +2,7 @@ %define base_name repose Name: puppet-module-%{user}-%{base_name} -Version: 2.6.2 +Version: 2.6.3 Release: 1 BuildArch: noarch Summary: Puppet module to configure %{base_name} @@ -30,6 +30,8 @@ cp -pr * %{buildroot}%{module_dir}/ %{module_dir} %changelog +* Fri Apr 13 2018 Meynard Alconis - 2.6.3-1 +- Updated header-normalization module to allow definition of blacklist/whitelist for header filters * Wed Mar 21 2018 Meynard Alconis - 2.6.2-1 - Fix for header user module and tests * Mon Mar 19 2018 Meynard Alconis - 2.6.1-1 diff --git a/spec/defines/filter/header_normalization_spec.rb b/spec/defines/filter/header_normalization_spec.rb index ffa04c3..3f6f219 100644 --- a/spec/defines/filter/header_normalization_spec.rb +++ b/spec/defines/filter/header_normalization_spec.rb @@ -66,7 +66,147 @@ with_content(/header id="X-PP-Groups"/). with_content(/whitelist id="creds"/). with_content(/header id="X-Auth-Key"/). - with_content(/header id="X-Auth-User"/) + with_content(/header id="X-Auth-User"/). + without_content(//). + without_content(/<\/request>/). + without_content(//). + without_content(/<\/response>/) + } + end + + context 'with direction for header_filters' do + let(:title) { 'headers' } + let(:params) { { + :header_filters => [ + { + 'direction' => 'request', + 'uri-regex' => '/.*test', + 'http-methods' => 'GET', + 'blacklists' => [ + { + 'id' => 'rate-limit-headers', + 'headers' => [ + 'X-PP-User', + 'X-PP-Groups' + ] + } + ], + 'whitelists' => [ + { + 'id' => 'creds', + 'headers' => [ + 'X-Auth-Key', + 'X-Auth-User' + ] + } + ], + } + ] + } } + it { + should contain_file('/etc/repose/header-normalization.cfg.xml'). + with_content(/uri-regex="\/\.\*test"/). + with_content(/http-methods="GET"/). + with_content(/blacklist id="rate-limit-headers"/). + with_content(/header id="X-PP-User"/). + with_content(/header id="X-PP-Groups"/). + with_content(/whitelist id="creds"/). + with_content(/header id="X-Auth-Key"/). + with_content(/header id="X-Auth-User"/). + with_content(//). + with_content(/<\/request>/). + without_content(//) + } + end + + context 'with direction response for header_filters' do + let(:title) { 'headers' } + let(:params) { { + :header_filters => [ + { + 'direction' => 'response', + 'uri-regex' => '/.*test', + 'http-methods' => 'GET', + 'blacklists' => [ + { + 'id' => 'rate-limit-headers', + 'headers' => [ + 'X-PP-User', + 'X-PP-Groups' + ] + } + ], + 'whitelists' => [ + { + 'id' => 'creds', + 'headers' => [ + 'X-Auth-Key', + 'X-Auth-User' + ] + } + ], + } + ] + } } + it { + should contain_file('/etc/repose/header-normalization.cfg.xml'). + with_content(/uri-regex="\/\.\*test"/). + with_content(/http-methods="GET"/). + with_content(/blacklist id="rate-limit-headers"/). + with_content(/header id="X-PP-User"/). + with_content(/header id="X-PP-Groups"/). + with_content(/whitelist id="creds"/). + with_content(/header id="X-Auth-Key"/). + with_content(/header id="X-Auth-User"/). + without_content(//). + without_content(/<\/request>/). + with_content(//). + with_content(/<\/response>/) + } + end + + context 'with two targets direction response for header_filters' do + let(:title) { 'headers' } + let(:params) { { + :header_filters => [ + { + 'direction' => 'response', + 'blacklists' => [ + { + 'id' => 'rate-limit-headers', + 'headers' => [ + 'X-PP-User', + 'X-PP-Groups' + ] + } + ] + }, + { + 'direction' => 'request', + 'blacklists' => [ + { + 'id' => 'rate-limit-headers', + 'headers' => [ + 'X-PP-User', + 'X-PP-Groups' + ] + } + ] + } + ] + } } + it { + should contain_file('/etc/repose/header-normalization.cfg.xml'). + without_content(/uri-regex="\/\.\*test"/). + without_content(/http-methods="GET"/). + with_content(/blacklist id="rate-limit-headers"/). + with_content(/header id="X-PP-User"/). + with_content(/header id="X-PP-Groups"/). + without_content(/whitelist id="creds"/). + with_content(//). + with_content(/<\/request>/). + with_content(//). + with_content(/<\/response>/) } end diff --git a/templates/header-normalization.cfg.xml.erb b/templates/header-normalization.cfg.xml.erb index 843f3ac..c72d4fb 100644 --- a/templates/header-normalization.cfg.xml.erb +++ b/templates/header-normalization.cfg.xml.erb @@ -13,6 +13,14 @@ http-methods="<%= target['http-methods'] %>" <%- end -%> > + <%- if target.has_key?('direction') -%> + <%- if target['direction'] == 'request' -%> + + <%- elsif target['direction'] == 'response' -%> + + <%- end -%> + <%- end -%> + <%- if target.has_key?('whitelists') -%> <%- target['whitelists'].each do |whitelist| -%> @@ -35,6 +43,13 @@ <%- end -%> <%- end -%> + <%- if target.has_key?('direction') -%> + <%- if target['direction'] == 'request' -%> + + <%- elsif target['direction'] == 'response' -%> + + <%- end -%> + <%- end -%> <%- end -%>