Fix encoded url bypass

Fix path when url was encoded with '%2F.git/HEAD'

Change-Id: Ia8742720e3a995fb254be395a64af6fe29fa8a50

inventory/group_vars/nova_all/haproxy_service.yml

@@ -72,7 +72,7 @@ haproxy_nova_spice_console_service:
   haproxy_accept_both_protocols: "{{ nova_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"
   haproxy_service_enabled: "{{ groups['nova_console'] is defined and groups['nova_console'] | length > 0 and 'spice' in nova_console_proxy_types }}"
   haproxy_frontend_raw:
-    - "http-request deny if { path -m sub /. }"
+    - "http-request deny if { path,url_dec -m sub /. }"
 
 haproxy_nova_serial_console_service:
   haproxy_service_name: nova_serial_console
@@ -91,7 +91,7 @@ haproxy_nova_serial_console_service:
   haproxy_service_enabled: "{{ (groups['nova_console'] is defined and groups['nova_console'] | length > 0 and 'serialconsole' in nova_console_proxy_types) or
                                (groups['ironic_console'] is defined and groups['ironic_console'] | length > 0 and 'serialconsole' in nova_console_proxy_types) }}"
   haproxy_frontend_raw:
-    - "http-request deny if { path -m sub /. }"
+    - "http-request deny if { path,url_dec -m sub /. }"
 
 haproxy_nova_novnc_console_service:
   haproxy_service_name: nova_novnc_console
@@ -109,7 +109,7 @@ haproxy_nova_novnc_console_service:
   haproxy_accept_both_protocols: "{{ nova_accept_both_protocols | default(openstack_service_accept_both_protocols) }}"
   haproxy_service_enabled: "{{ groups['nova_console'] is defined and groups['nova_console'] | length > 0 and 'novnc' in nova_console_proxy_types }}"
   haproxy_frontend_raw:
-    - "http-request deny if { path -m sub /. }"
+    - "http-request deny if { path,url_dec -m sub /. }"
 
 # NOTE(jrosser) Clean up legacy console haproxy configs from previous releases
 haproxy_nova_console_service: