Skip to content

Commit

Permalink
Remove deprecated $proxy_ips and $trusted_proxy_ips parameters
Browse files Browse the repository at this point in the history
  • Loading branch information
ekohl committed Jan 2, 2024
1 parent 9f9f32c commit 07e0454
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 62 deletions.
32 changes: 4 additions & 28 deletions manifests/mod/remoteip.pp
Original file line number Diff line number Diff line change
Expand Up @@ -8,13 +8,10 @@
#
# @param internal_proxy
# A list of IP addresses, IP blocks or hostname that are trusted to set a
# valid value inside specified header. Unlike the `$trusted_proxy_ips`
# valid value inside specified header. Unlike the `$trusted_proxy`
# parameter, any IP address (including private addresses) presented by these
# proxies will trusted by `mod_remoteip`.
#
# @param proxy_ips
# *Deprecated*: use `$internal_proxy` instead.
#
# @param internal_proxy_list
# The path to a file containing a list of IP addresses, IP blocks or hostname
# that are trusted to set a valid value inside the specified header. See
Expand All @@ -39,9 +36,6 @@
# any private IP presented by these proxies will be disgarded by
# `mod_remoteip`.
#
# @param trusted_proxy_ips
# *Deprecated*: use `$trusted_proxy` instead.
#
# @param trusted_proxy_list
# The path to a file containing a list of IP addresses, IP blocks or hostname
# that are trusted to set a valid value inside the specified header. See
Expand All @@ -51,44 +45,26 @@
#
class apache::mod::remoteip (
String $header = 'X-Forwarded-For',
Optional[Array[Stdlib::Host]] $internal_proxy = undef,
Optional[Array[Stdlib::Host]] $proxy_ips = undef,
Array[Stdlib::Host] $internal_proxy = ['127.0.0.1'],
Optional[Stdlib::Absolutepath] $internal_proxy_list = undef,
Optional[String] $proxies_header = undef,
Boolean $proxy_protocol = false,
Optional[Array[Stdlib::Host]] $proxy_protocol_exceptions = undef,
Optional[Array[Stdlib::Host]] $trusted_proxy = undef,
Optional[Array[Stdlib::Host]] $trusted_proxy_ips = undef,
Optional[Stdlib::Absolutepath] $trusted_proxy_list = undef,
) {
include apache

if $proxy_ips {
deprecation('apache::mod::remoteip::proxy_ips', 'This parameter is deprecated, please use `internal_proxy`.')
$_internal_proxy = $proxy_ips
} elsif $internal_proxy {
$_internal_proxy = $internal_proxy
} else {
$_internal_proxy = ['127.0.0.1']
}

if $trusted_proxy_ips {
deprecation('apache::mod::remoteip::trusted_proxy_ips', 'This parameter is deprecated, please use `trusted_proxy`.')
$_trusted_proxy = $trusted_proxy_ips
} else {
$_trusted_proxy = $trusted_proxy
}

::apache::mod { 'remoteip': }

$template_parameters = {
header => $header,
internal_proxy => $_internal_proxy,
internal_proxy => $internal_proxy,
internal_proxy_list => $internal_proxy_list,
proxies_header => $proxies_header,
proxy_protocol => $proxy_protocol,
proxy_protocol_exceptions => $proxy_protocol_exceptions,
trusted_proxy => $_trusted_proxy,
trusted_proxy => $trusted_proxy,
trusted_proxy_list => $trusted_proxy_list,
}

Expand Down
34 changes: 0 additions & 34 deletions spec/classes/mod/remoteip_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -46,31 +46,6 @@
it { is_expected.to contain_file('remoteip.conf').with_content(%r{^RemoteIPInternalProxy fd00:fd00:fd00:2000::/64$}) }
end

describe 'with proxy_ips => [ 10.42.17.8, 10.42.18.99 ]' do
let :params do
{ proxy_ips: ['10.42.17.8', '10.42.18.99'] }
end

it { is_expected.to contain_file('remoteip.conf').with_content(%r{^RemoteIPInternalProxy 10.42.17.8$}) }
it { is_expected.to contain_file('remoteip.conf').with_content(%r{^RemoteIPInternalProxy 10.42.18.99$}) }
end

describe 'with IPv4 CIDR in proxy_ips => [ 192.168.1.0/24 ]' do
let :params do
{ proxy_ips: ['192.168.1.0/24'] }
end

it { is_expected.to contain_file('remoteip.conf').with_content(%r{^RemoteIPInternalProxy 192.168.1.0/24$}) }
end

describe 'with IPv6 CIDR in proxy_ips => [ fd00:fd00:fd00:2000::/64 ]' do
let :params do
{ proxy_ips: ['fd00:fd00:fd00:2000::/64'] }
end

it { is_expected.to contain_file('remoteip.conf').with_content(%r{^RemoteIPInternalProxy fd00:fd00:fd00:2000::/64$}) }
end

describe 'with trusted_proxy => [ 10.42.17.8, 10.42.18.99 ]' do
let :params do
{ trusted_proxy: ['10.42.17.8', '10.42.18.99'] }
Expand All @@ -80,15 +55,6 @@
it { is_expected.to contain_file('remoteip.conf').with_content(%r{^RemoteIPTrustedProxy 10.42.18.99$}) }
end

describe 'with trusted_proxy_ips => [ 10.42.17.8, 10.42.18.99 ]' do
let :params do
{ trusted_proxy: ['10.42.17.8', '10.42.18.99'] }
end

it { is_expected.to contain_file('remoteip.conf').with_content(%r{^RemoteIPTrustedProxy 10.42.17.8$}) }
it { is_expected.to contain_file('remoteip.conf').with_content(%r{^RemoteIPTrustedProxy 10.42.18.99$}) }
end

describe 'with proxy_protocol_exceptions => [ 10.42.17.8, 10.42.18.99 ]' do
let :params do
{ proxy_protocol_exceptions: ['10.42.17.8', '10.42.18.99'] }
Expand Down

0 comments on commit 07e0454

Please sign in to comment.