Added Valid OAuth client configuration to storyboard manifest.

StoryBoard now only permits a finite list of authorized oauth clients,
which are based on the domain host. This adds the necessary configuration
elements to the OpenStack StoryBoard manifest.

Change-Id: Ia7d34e9b80399ffa9e4229d6cc7035061c41dffc
Depends-on: I29495a0b640c3ca097cca8c17349df5cc42388de

manifests/site.pp

@@ -420,7 +420,11 @@ node 'storyboard.openstack.org' {
     rabbitmq_password       => hiera('storyboard_rabbit_password', 'XXX'),
     ssl_cert_file_contents  => hiera('storyboard_ssl_cert_file_contents', 'XXX'),
     ssl_key_file_contents   => hiera('storyboard_ssl_key_file_contents', 'XXX'),
-    ssl_chain_file_contents => hiera('storyboard_ssl_chain_file_contents', 'XXX')
+    ssl_chain_file_contents => hiera('storyboard_ssl_chain_file_contents', 'XXX'),
+    valid_oauth_clients     => [
+      $::fqdn,
+      'docs-draft.openstack.org',
+    ],
   }
 }
 

modules/openstack_project/manifests/storyboard.pp

@@ -12,6 +12,7 @@ class openstack_project::storyboard(
   $ssl_chain_file_contents = undef,
   $openid_url = 'https://login.launchpad.net/+openid',
   $project_config_repo = '',
+  $valid_oauth_clients = [],
 ) {
 
   class { 'project_config':
@@ -44,6 +45,7 @@ class openstack_project::storyboard(
       'https://storyboard.openstack.org',
       'http://docs-draft.openstack.org',
     ],
+    valid_oauth_clients    => $valid_oauth_clients,
     cors_max_age           => 3600,
     openid_url             => $openid_url,
     mysql_host             => $mysql_host,