Added Valid OAuth client configuration to storyboard manifest.

StoryBoard now only permits a finite list of authorized oauth clients, which are based on the domain host. This adds the necessary configuration elements to the OpenStack StoryBoard manifest. Change-Id: Ia7d34e9b80399ffa9e4229d6cc7035061c41dffc Depends-on: I29495a0b640c3ca097cca8c17349df5cc42388de
2015-02-23 12:27:02 -08:00 · 2015-02-23 12:27:02 -08:00 · 1bd2b2bca9
parent 340efe0d91
commit 1bd2b2bca9
2 changed files with 7 additions and 1 deletions
--- a/manifests/site.pp
+++ b/manifests/site.pp
@ -420,7 +420,11 @@ node 'storyboard.openstack.org' {
    rabbitmq_password       => hiera('storyboard_rabbit_password', 'XXX'),
    ssl_cert_file_contents  => hiera('storyboard_ssl_cert_file_contents', 'XXX'),
    ssl_key_file_contents   => hiera('storyboard_ssl_key_file_contents', 'XXX'),
-    ssl_chain_file_contents => hiera('storyboard_ssl_chain_file_contents', 'XXX')
+    ssl_chain_file_contents => hiera('storyboard_ssl_chain_file_contents', 'XXX'),
+    valid_oauth_clients     => [
+      $::fqdn,
+      'docs-draft.openstack.org',
+    ],
  }
 }

--- a/modules/openstack_project/manifests/storyboard.pp
+++ b/modules/openstack_project/manifests/storyboard.pp
@ -12,6 +12,7 @@ class openstack_project::storyboard(
  $ssl_chain_file_contents = undef,
  $openid_url = 'https://login.launchpad.net/+openid',
  $project_config_repo = '',
+  $valid_oauth_clients = [],
 ) {

  class { 'project_config':
@ -44,6 +45,7 @@ class openstack_project::storyboard(
      'https://storyboard.openstack.org',
      'http://docs-draft.openstack.org',
    ],
+    valid_oauth_clients    => $valid_oauth_clients,
    cors_max_age           => 3600,
    openid_url             => $openid_url,
    mysql_host             => $mysql_host,