majic-ansible-roles Changeset

Changeset - 8944b8348567

Parent rev.

Child rev.

[Not reviewed]

0 8 0

Branko Majic (branko) - 7 months ago 2024-03-06 23:10:22
branko@majic.rs

MAR-226: Harmonise the HTTP header override parameter between the PHP and WSGI website roles:

- Use the new naming/syntax introduced in the php_website role since
it implies less dependence on the backend application (more generic
name for it), and is a little bit saner in terms of not having to
provide quotes as part of the value.

8 files changed with 38 insertions and 18 deletions:

docs/releasenotes.rst

docs/rolereference.rst

docs/usage.rst

roles/wsgi_website/defaults/main.yml

roles/wsgi_website/molecule/default/playbook.yml

roles/wsgi_website/molecule/default/tests/test_parameters_optional.py

roles/wsgi_website/templates/nginx_site.j2

testsite/group_vars/web.yml

0 comments (0 inline, 0 general)

docs/releasenotes.rst

➞

Show inline comments

@@ @@ -80,6 +80,12 @@ Debian 12 Bookworm. Some minor improvements and fixes. @@
     ``/etc/pip_check_requirements_upgrades`` path, in accordance to
     changes made in this release to the ``common`` role.
   * Dropped the ``proxy_headers`` parameter, and replaced it with the
     ``http_header_overrides`` parameter. The new parameter has similar
     function, but the values should no longer include double
     quotes. Main goal is ease of use and consistency between the PHP
     and WSGI website roles.
 **New features/improvements**
 * ``php_website`` role

docs/rolereference.rst

➞

Show inline comments

@@ @@ -1937,12 +1937,24 @@ Parameters @@
   website. This is usually going to be development libraries for building Python
   packages.
 **proxy_headers** (dictionary, optional, ``{}``)
   Additional headers to set when proxying request to Gunicorn. Keys are header
   names, values are header values. Both should be compatible with Nginx
   ``proxy_set_header``. If you need to provide an empty value, use quotes (don't
   forget to surround them by another set of quotes for YAML syntax, for example
   ``"\"\""`` or ``'""'``).
 **http_header_overrides** (dict, optional, ``{}``)
   HTTP headers to set/override on the incoming request before passing
   it on to the WSGI application. Keys are HTTP header names, values are
   header values.
   Double quotes in the value must be escaped with a backslash. Make
   sure to take into account the YAML escaping as well. For example, to
   set the value to ``this is quote - "``, YAML should look like one of
   the following:
   - ``this is double quote - "``
   - ``'this is double quote - \"'``
   - ``"this is double quote - \\\"'``
   To clear a header value, simply set its value to an empty
   string. Nginx variables can be used as well, however keep in mind
   that the dollar sign (``$``) *cannot* be used/escaped due to Nginx
   configuration file syntax limitations.
 **rewrites** (list, optional, ``[]``)
   A list of rewrite rules that are applied to incoming requests. Each element of
@@ @@ -2056,8 +2068,8 @@ running a bare Django project): @@
         background_colour: "green"
         text_colour: "black"
         text: "TEST ENVIRONMENT"
       proxy_headers:
         Accept-Encoding: '""'
       http_header_overrides:
         Accept-Encoding: ""
     # Use wsgi_requirements to deploy Gunicorn.
     - role: wsgi_website

docs/usage.rst

➞

Show inline comments

@@ @@ -1814,8 +1814,10 @@ on the safe side: @@
 * If you ever need to set some environment variables, this can easily be done
   via the ``environment_variables`` role parameter. This particular example does
   not set any, though.
 * You can also specify headers to be passed on via Nginx ``proxy_set_header``
   directive to Gunicorn running the application.
 * You can also specify headers to be modified in incoming client
   request before it gets passed on to the WSGI application using the
   ``http_header_overrides`` parameter.  directive to Gunicorn running
   the application.
 * Mails deliverd to local admin/application users are forwarded to ``root``
   account instead (this can be configured via ``website_mail_recipients`` role
   parameter.

roles/wsgi_website/defaults/main.yml

➞

Show inline comments

@@ @@ -9,7 +9,7 @@ virtualenv_packages: [] @@
 environment_variables: {}
 website_mail_recipients: "root"
 environment_indicator: null
-proxy_headers: {}
+http_header_overrides: {}
 wsgi_requirements:
   - gunicorn==21.2.0
   - packaging==23.2

roles/wsgi_website/molecule/default/playbook.yml

➞

Show inline comments

@@ @@ -36,8 +36,8 @@ @@
       packages:
         - atftp
         - global
       proxy_headers:
         Accept-Encoding: '""'
       http_header_overrides:
         Accept-Encoding: ""
       rewrites:
         - '^/rewrite1/(.*) /rewritten1/ last'
         - '^/rewrite2/(.*) /rewritten2/$1 last'

roles/wsgi_website/molecule/default/tests/test_parameters_optional.py

➞

Show inline comments

@@ @@ -22,7 +22,7 @@ def test_index_page(host): @@
     - Basic WSGI application operation.
     - Handling of environment variables.
-    - Handling of proxy headers.
+    - Handling of HTTP header overrides.
     """
     page = host.run('curl -H "Accept-Encoding: plain" https://parameters-optional.local/')

roles/wsgi_website/templates/nginx_site.j2

➞

Show inline comments

@@ @@ -50,8 +50,8 @@ server { @@
         proxy_set_header Host $http_host;
         proxy_redirect off;
     {% for header, value in proxy_headers | dictsort -%}
     proxy_set_header {{ header }} {{ value }};
     {% for header, value in http_header_overrides | dictsort -%}
     proxy_set_header {{ header }} "{{ value }}";
     {% endfor -%}
         proxy_pass http://unix:/run/wsgi/{{ fqdn }}.sock;

testsite/group_vars/web.yml

➞

Show inline comments

@@ @@ -20,8 +20,8 @@ environment_indicator: @@
   text_colour: "white"
   text: "Majic Ansible Roles Test Site"
 proxy_headers:
   Accept-Encoding: '"gzip"'
 http_header_overrides:
   Accept-Encoding: "gzip"
 web_server_tls_protocols:
   - TLSv1.2

0 comments (0 inline, 0 general)