Drop suphp support

README.md

@@ -65,7 +65,6 @@
 [`apache::mod::shib`]: https://forge.puppet.com/modules/puppetlabs/apache/reference#apachemodshib
 [`apache::mod::ssl`]: https://forge.puppet.com/modules/puppetlabs/apache/reference#apachemodssl
 [`apache::mod::status`]: https://forge.puppet.com/modules/puppetlabs/apache/reference#apachemodstatus
-[`apache::mod::suphp`]: https://forge.puppet.com/modules/puppetlabs/apache/reference#apachemodsuphp
 [`apache::mod::userdir`]: https://forge.puppet.com/modules/puppetlabs/apache/reference#apachemoduserdir
 [`apache::mod::worker`]: https://forge.puppet.com/modules/puppetlabs/apache/reference#apachemodworker
 [`apache::mod::wsgi`]: https://forge.puppet.com/modules/puppetlabs/apache/reference#apachemodwsgi
@@ -243,10 +242,6 @@
 [`ssl_compression`]: https://forge.puppet.com/modules/puppetlabs/apache/reference#ssl_compression
 [`ssl_key`]: https://forge.puppet.com/modules/puppetlabs/apache/reference#ssl_key
 [`StartServers`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#startservers
-[suPHP]: http://www.suphp.org/Home.html
-[`suphp_addhandler`]: https://forge.puppet.com/modules/puppetlabs/apache/reference#suphp_addhandler
-[`suphp_configpath`]: https://forge.puppet.com/modules/puppetlabs/apache/reference#suphp_configpath
-[`suphp_engine`]: https://forge.puppet.com/modules/puppetlabs/apache/reference#suphp_engine
 [supported operating system]: https://forge.puppet.com/supported#puppet-supported-modules-compatibility-matrix
 
 [`ThreadLimit`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#threadlimit
@@ -506,33 +501,6 @@ apache::vhost { 'subdomain.loc':
 
 #### Configuring virtual hosts for apps and processors
 
-To set up a virtual host with [suPHP][], use the following parameters:
-
-* [`suphp_engine`][], to enable the suPHP engine.
-* [`suphp_addhandler`][], to define a MIME type.
-* [`suphp_configpath`][], to set which path suPHP passes to the PHP interpreter.
-* [`directories`][], to configure Directory, File, and Location directive blocks.
-
-For example:
-
-``` puppet
-apache::vhost { 'suphp.example.com':
-  port             => '80',
-  docroot          => '/home/appuser/myphpapp',
-  suphp_addhandler => 'x-httpd-php',
-  suphp_engine     => 'on',
-  suphp_configpath => '/etc/php5/apache2',
-  directories      => [
-    { 'path'  => '/home/appuser/myphpapp',
-      'suphp' => {
-        user  => 'myappuser',
-        group => 'myappgroup',
-      },
-    },
-  ],
-}
-```
-
 To configure a virtual host to use the [Web Server Gateway Interface][] (WSGI) for [Python][] applications, use the `wsgi` set of parameters:
 
 ``` puppet

manifests/params.pp

@@ -88,9 +88,6 @@
     $passenger_root       = undef
     $passenger_ruby       = undef
     $passenger_default_ruby = undef
-    $suphp_addhandler     = 'php5-script'
-    $suphp_engine         = 'off'
-    $suphp_configpath     = undef
     $php_version          = $apache::version::scl_php_version
     $mod_packages         = {
       'authnz_ldap' => "${_scl_httpd_name}-mod_ldap",
@@ -200,9 +197,6 @@
     $passenger_root       = undef
     $passenger_ruby       = undef
     $passenger_default_ruby = undef
-    $suphp_addhandler     = 'php5-script'
-    $suphp_engine         = 'off'
-    $suphp_configpath     = undef
     $php_version = $facts['os']['release']['major'] ? {
       '9'     => '8', # RedHat9
       '8'     => '7', # RedHat8
@@ -261,7 +255,6 @@
         default => 'python3-mod_wsgi', # RedHat8+
       },
       'dav_svn'               => 'mod_dav_svn',
-      'suphp'                 => 'mod_suphp',
       'xsendfile'             => 'mod_xsendfile',
       'nss'                   => 'mod_nss',
       'shib2'                 => 'shibboleth',
@@ -359,9 +352,6 @@
     $default_ssl_cert    = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
     $default_ssl_key     = '/etc/ssl/private/ssl-cert-snakeoil.key'
     $ssl_sessioncache    = "\${APACHE_RUN_DIR}/ssl_scache(512000)"
-    $suphp_addhandler    = 'x-httpd-php'
-    $suphp_engine        = 'off'
-    $suphp_configpath    = '/etc/php5/apache2'
     if ($facts['os']['name'] == 'Ubuntu') or ($facts['os']['name'] == 'Debian' and versioncmp($facts['os']['release']['major'], '11') < 0) {
       $php_version = $facts['os']['release']['major'] ? {
         '9'     => '7.0', # Debian Stretch
@@ -527,9 +517,6 @@
     $passenger_root   = '/usr/local/lib/ruby/gems/2.0/gems/passenger-4.0.58'
     $passenger_ruby   = '/usr/local/bin/ruby'
     $passenger_default_ruby = undef
-    $suphp_addhandler = 'php5-script'
-    $suphp_engine     = 'off'
-    $suphp_configpath = undef
     $php_version      = '5'
     $mod_packages     = {
       # NOTE: I list here only modules that are not included in www/apache24
@@ -600,9 +587,6 @@
     $passenger_conf_file = 'passenger.conf'
     $passenger_conf_package_file = undef
     $passenger_default_ruby = undef
-    $suphp_addhandler = 'x-httpd-php'
-    $suphp_engine     = 'off'
-    $suphp_configpath = '/etc/php5/apache2'
     $php_version      = '5'
     $mod_packages     = {
       # NOTE: I list here only modules that are not included in www-servers/apache
@@ -672,10 +656,7 @@
       $default_ssl_key     = '/etc/apache2/ssl.key/default-server.key'
       $php_version         = '7'
     }
-    $suphp_configpath    = "/etc/php${php_version}/apache2"
     $ssl_sessioncache    = '/var/lib/apache2/ssl_scache(512000)'
-    $suphp_addhandler    = 'x-httpd-php'
-    $suphp_engine        = 'off'
     if versioncmp($facts['os']['release']['major'], '11') < 0 or versioncmp($facts['os']['release']['major'], '12') >= 0 {
       $mod_packages = {
         'auth_kerb'   => 'apache2-mod_auth_kerb',

manifests/vhost.pp

@@ -1154,66 +1154,6 @@
 #   Allows the spcification of user and group execution privileges for CGI programs through
 #   inclusion of the `mod_suexec` module.
 #
-# @param suphp_addhandler
-#   Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG)
-#   working together with suphp_configpath and suphp_engine.<br />
-#   An example virtual host configuration with suPHP:
-#   ``` puppet
-#   apache::vhost { 'suphp.example.com':
-#     port             => '80',
-#     docroot          => '/home/appuser/myphpapp',
-#     suphp_addhandler => 'x-httpd-php',
-#     suphp_engine     => 'on',
-#     suphp_configpath => '/etc/php5/apache2',
-#     directories      => [
-#       {
-#         'path'  => '/home/appuser/myphpapp',
-#         'suphp' => { user => 'myappuser', group => 'myappgroup' },
-#       },
-#     ],
-#   }
-#   ```
-#
-# @param suphp_configpath
-#   Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG)
-#   working together with suphp_addhandler and suphp_engine.<br />
-#   An example virtual host configuration with suPHP:
-#   ``` puppet
-#   apache::vhost { 'suphp.example.com':
-#     port             => '80',
-#     docroot          => '/home/appuser/myphpapp',
-#     suphp_addhandler => 'x-httpd-php',
-#     suphp_engine     => 'on',
-#     suphp_configpath => '/etc/php5/apache2',
-#     directories      => [
-#       {
-#         'path'  => '/home/appuser/myphpapp',
-#         'suphp' => { user => 'myappuser', group => 'myappgroup' },
-#       },
-#     ],
-#   }
-#   ```
-#
-# @param suphp_engine
-#   Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG)
-#   working together with suphp_configpath and suphp_addhandler.<br />
-#   An example virtual host configuration with suPHP:
-#   ``` puppet
-#   apache::vhost { 'suphp.example.com':
-#     port             => '80',
-#     docroot          => '/home/appuser/myphpapp',
-#     suphp_addhandler => 'x-httpd-php',
-#     suphp_engine     => 'on',
-#     suphp_configpath => '/etc/php5/apache2',
-#     directories      => [
-#       {
-#         'path'  => '/home/appuser/myphpapp',
-#         'suphp' => { user => 'myappuser', group => 'myappgroup' },
-#       },
-#     ],
-#   }
-#   ```
-#
 # @param vhost_name
 #   Enables name-based virtual hosting. If no IP is passed to the virtual host, but the 
 #   virtual host is assigned a port, then the virtual host name is `vhost_name:port`. 
@@ -1849,9 +1789,6 @@
   Optional[Variant[Array[Hash],Hash]] $proxy_pass                                     = undef,
   Optional[Variant[Array[Hash],Hash]] $proxy_pass_match                               = undef,
   Boolean $proxy_requests                                                             = false,
-  String $suphp_addhandler                                                            = $apache::params::suphp_addhandler,
-  Enum['on', 'off'] $suphp_engine                                                     = $apache::params::suphp_engine,
-  Optional[String] $suphp_configpath                                                  = $apache::params::suphp_configpath,
   Hash $php_flags                                                                     = {},
   Hash $php_values                                                                    = {},
   Variant[Array[String],Hash] $php_admin_flags                                        = {},
@@ -2365,7 +2302,6 @@
   # - $_directories
   # - $docroot
   # - $apache_version
-  # - $suphp_engine
   # - $shibboleth_enabled
   if $_directories and ! empty($_directories) and $ensure == 'present' {
     $_directories.each |Hash $directory| {
@@ -2693,18 +2629,6 @@
     }
   }
 
-  # Template uses:
-  # - $suphp_engine
-  # - $suphp_addhandler
-  # - $suphp_configpath
-  if $suphp_engine == 'on' {
-    concat::fragment { "${name}-suphp":
-      target  => "${priority_real}${filename}.conf",
-      order   => 240,
-      content => template('apache/vhost/_suphp.erb'),
-    }
-  }
-
   # Template uses:
   # - $php_values
   # - $php_flags

spec/acceptance/vhost_spec.rb

@@ -1082,29 +1082,6 @@ class { 'apache': }
     end
   end
 
-  describe 'suphp' do
-    pp = <<-MANIFEST
-      class { 'apache': service_ensure => stopped, }
-      host { 'test.server': ip => '127.0.0.1' }
-      apache::vhost { 'test.server':
-        docroot          => '/tmp',
-        suphp_addhandler => '#{apache_hash['suphp_handler']}',
-        suphp_engine     => 'on',
-        suphp_configpath => '#{apache_hash['suphp_configpath']}',
-      }
-    MANIFEST
-    it 'applies cleanly' do
-      apply_manifest(pp, catch_failures: true)
-    end
-
-    describe file("#{apache_hash['vhost_dir']}/25-test.server.conf") do
-      it { is_expected.to be_file }
-      it { is_expected.to contain "suPHP_AddHandler #{apache_hash['suphp_handler']}" }
-      it { is_expected.to contain 'suPHP_Engine on' }
-      it { is_expected.to contain "suPHP_ConfigPath \"#{apache_hash['suphp_configpath']}\"" }
-    end
-  end
-
   describe 'directory rewrite rules' do
     pp = <<-MANIFEST
       class { 'apache': }

spec/defines/vhost_spec.rb

@@ -375,9 +375,6 @@
                 },
               ],
               'proxy_requests'              => false,
-              'suphp_addhandler'            => 'foo',
-              'suphp_engine'                => 'on',
-              'suphp_configpath'            => '/var/www/html',
               'php_admin_flags'             => ['foo', 'bar'],
               'php_admin_values'            => ['true', 'false'],
               'no_proxy_uris'               => '/foo',
@@ -777,7 +774,6 @@
               .with_content(%r{^\s+SSLProxyCipherSuite\s+HIGH$})
               .with_content(%r{^\s+SSLProxyProtocol\s+TLSv1.2$})
           }
-          it { is_expected.to contain_concat__fragment('rspec.example.com-suphp') }
           it { is_expected.to contain_concat__fragment('rspec.example.com-php_admin') }
           it { is_expected.to contain_concat__fragment('rspec.example.com-header') }
           it {
@@ -1315,7 +1311,6 @@
           it { is_expected.not_to contain_concat__fragment('rspec.example.com-setenv') }
           it { is_expected.not_to contain_concat__fragment('rspec.example.com-ssl') }
           it { is_expected.not_to contain_concat__fragment('rspec.example.com-sslproxy') }
-          it { is_expected.not_to contain_concat__fragment('rspec.example.com-suphp') }
           it { is_expected.not_to contain_concat__fragment('rspec.example.com-php_admin') }
           it { is_expected.not_to contain_concat__fragment('rspec.example.com-header') }
           it { is_expected.not_to contain_concat__fragment('rspec.example.com-requestheader') }
@@ -1634,7 +1629,7 @@
           end
 
           [
-            'ensure', 'suphp_engine', 'ip_based', 'access_log', 'error_log',
+            'ensure', 'ip_based', 'access_log', 'error_log',
             'ssl', 'default_vhost', 'ssl_proxyengine', 'rewrites', 'suexec_user_group',
             'wsgi_script_alias', 'wsgi_daemon_process_options',
             'wsgi_import_script_alias', 'itk', 'logroot_ensure', 'log_level',

spec/spec_helper_acceptance_local.rb

@@ -100,8 +100,6 @@ def apache_settings_hash
     apache['service_name']     = 'httpd'
     apache['package_name']     = 'httpd'
     apache['error_log']        = 'error_log'
-    apache['suphp_handler']    = 'php5-script'
-    apache['suphp_configpath'] = 'undef'
     if operatingsystemrelease >= 8 && osfamily == 'redhat'
       apache['version']     = '2.4'
       apache['mod_dir']     = '/etc/httpd/conf.modules.d'
@@ -132,8 +130,6 @@ def apache_settings_hash
     apache['service_name']     = 'apache2'
     apache['package_name']     = 'apache2'
     apache['error_log']        = 'error.log'
-    apache['suphp_handler']    = 'x-httpd-php'
-    apache['suphp_configpath'] = '/etc/php5/apache2'
     apache['version']          = '2.4'
     apache['mod_ssl_dir']      = apache['mod_dir']
   when 'freebsd'

templates/vhost/_directories.erb

@@ -347,9 +347,6 @@
     SSLVerifyDepth <%= directory['ssl_verify_depth'] %>
     <%- end -%>
     <%- end -%>
-    <%- if directory['suphp'] and @suphp_engine == 'on' -%>
-    suPHP_UserGroup <%= directory['suphp']['user'] %> <%= directory['suphp']['group'] %>
-    <%- end -%>
     <%- if directory['fcgiwrapper'] -%>
     FcgidWrapper <%= directory['fcgiwrapper']['command'] %> <%= directory['fcgiwrapper']['suffix'] %> <%= directory['fcgiwrapper']['virtual'] %>
     <%- end -%>