-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Correct container plugin apache header rewrite #356
Conversation
In 5b6d088 it was assumed that `$api_default_request_headers` was the same, but it was slightly different. This corrects it and adds tests, which should have been added in the first place. These tests pass prior to the application and after, making sure there's no change. Fixes: 5b6d088 ("Reuse headers from pulpcore::apache class")
@@ -9,6 +9,11 @@ | |||
String $location_prefix = '/pulpcore_registry', | |||
String $registry_version_path = '/v2/', | |||
) { | |||
# This is like pulpcore::apache's value, but slightly different | |||
$api_default_request_headers = [ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we really need this?
https://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader says
set
The request header is set, replacing any previous header with this name
So while the content of the file is changed, the behavior should not?
(Unless the cn map is empty)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The CN map contains "if" expressions. My understanding is the first line 100% certain clears it. Then IF the cert's CN equals something, it sets the header.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right, so the flow is:
- use
unset
to remove any header by that name, wherever it comes from - use
set
to set it to the CN (if there is a CN!) - use
set
to set it toadmin
(if the expression matches, resetting a possibly previously set CN-based name)
I honestly see no reason (ever) to set the CN-based remote user, as such user just doesn't exist in Pulp (in our deployment)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My vote: don't add this complexity (same variable name, different values) back in, it's confusing as hell.
Do the releases we need to do.
Drop CN-stuff in an 11.x
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we then include 11.x in the upcoming releases? I'd actually feel more comfortable if we only had the explicit unset and explicit mapping.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure…
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fwiw, I tested the current (two-set
) config with theforeman/forklift#1853 and it pushes containers fine, so 🤷♀️
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm leaning to merging this now as is because it keeps it minimal and then resolve it properly in the next release cycle.
Skipping per #358 (comment) |
In 5b6d088 it was assumed that
$api_default_request_headers
was the same, but it was slightly different. This corrects it and adds tests, which should have been added in the first place. These tests pass prior to the application and after, making sure there's no change.Fixes: 5b6d088 ("Reuse headers from pulpcore::apache class")