Add enable_proxy_headers_parsing option

The patch enables paste middleware to handle SSL requests through HTTPProxyToWSGI middleware. Change-Id: I8107b6328fe103b16a65a8556f3ef9d0a38c2cf9
2016-10-28 19:50:21 +08:00 · 2016-10-28 19:50:21 +08:00 · 6aca1ad530
commit 6aca1ad530
parent 25f2899ef8
3 changed files with 29 additions and 0 deletions
--- a/manifests/api.pp
+++ b/manifests/api.pp
@ -214,6 +214,11 @@
 #   (optional) CA certificate file to use to verify connecting clients
 #   Defaults to $::os_service_default
 #
+# [*enable_proxy_headers_parsing*]
+#   (Optional) Enable paste middleware to handle SSL requests through
+#   HTTPProxyToWSGI middleware.
+#   Defaults to $::os_service_default.
+#
 # === DEPRECATED PARAMETERS
 #
 # [*keystone_password*]
@ -277,6 +282,7 @@ class barbican::api (
  $cert_file                                     = $::os_service_default,
  $key_file                                      = $::os_service_default,
  $service_name                                  = 'barbican-api',
+  $enable_proxy_headers_parsing                  = $::os_service_default,
  # DEPRECATED
  $auth_type                                     = undef,
  $keystone_password                             = undef,
@ -486,4 +492,8 @@ class barbican::api (
    fail('Invalid service_name. Use barbican-api for stand-alone or httpd')
  }

+  oslo::middleware { 'barbican_config':
+    enable_proxy_headers_parsing => $enable_proxy_headers_parsing,
+  }
+
 }
--- a/releasenotes/notes/add_enable_proxy_header_parsing-235a92e233f6741d.yaml
+++ b/releasenotes/notes/add_enable_proxy_header_parsing-235a92e233f6741d.yaml
@ -0,0 +1,4 @@
+---
+features:
+  - This adds the enable_proxy_headers parsing option which is used by the
+    http_proxy_to_wsgi middleware.
--- a/spec/classes/barbican_api_spec.rb
+++ b/spec/classes/barbican_api_spec.rb
@ -61,6 +61,7 @@ describe 'barbican::api' do
        :retry_scheduler_initial_delay_seconds         => '<SERVICE DEFAULT>',
        :retry_scheduler_periodic_interval_max_seconds => '<SERVICE DEFAULT>',
        :service_name                                  => platform_params[:service_name],
+        :enable_proxy_headers_parsing                  => '<SERVICE DEFAULT>',
      }
    end

@ -99,6 +100,7 @@ describe 'barbican::api' do
        :retry_scheduler_periodic_interval_max_seconds => 20.0,
        :max_allowed_secret_in_bytes                   => 20000,
        :max_allowed_request_size_in_bytes             => 2000000,
+        :enable_proxy_headers_parsing                  => false,
      }
    ].each do |param_set|
      describe "when #{param_set == {} ? "using default" : "specifying"} class parameters" do
@ -176,6 +178,19 @@ describe 'barbican::api' do
      end
    end

+    describe 'with enable_proxy_headers_parsing' do
+      let :pre_condition do
+          'class { "barbican::keystone::authtoken": password => "secret", }
+           include ::apache'
+      end
+
+      let :params do
+        default_params.merge!({:enable_proxy_headers_parsing => true })
+      end
+
+      it { is_expected.to contain_barbican_config('oslo_middleware/enable_proxy_headers_parsing').with_value(true) }
+    end
+
    describe 'with SSL socket options set' do
      let :pre_condition do
          'class { "barbican::keystone::authtoken": password => "secret", }