Add enable_proxy_headers_parsing option

The patch enables paste middleware to handle SSL requests through
HTTPProxyToWSGI middleware.

Change-Id: I8107b6328fe103b16a65a8556f3ef9d0a38c2cf9
This commit is contained in:
ZhongShengping 2016-10-28 19:50:21 +08:00
parent 25f2899ef8
commit 6aca1ad530
3 changed files with 29 additions and 0 deletions

View File

@ -214,6 +214,11 @@
# (optional) CA certificate file to use to verify connecting clients
# Defaults to $::os_service_default
#
# [*enable_proxy_headers_parsing*]
# (Optional) Enable paste middleware to handle SSL requests through
# HTTPProxyToWSGI middleware.
# Defaults to $::os_service_default.
#
# === DEPRECATED PARAMETERS
#
# [*keystone_password*]
@ -277,6 +282,7 @@ class barbican::api (
$cert_file = $::os_service_default,
$key_file = $::os_service_default,
$service_name = 'barbican-api',
$enable_proxy_headers_parsing = $::os_service_default,
# DEPRECATED
$auth_type = undef,
$keystone_password = undef,
@ -486,4 +492,8 @@ class barbican::api (
fail('Invalid service_name. Use barbican-api for stand-alone or httpd')
}
oslo::middleware { 'barbican_config':
enable_proxy_headers_parsing => $enable_proxy_headers_parsing,
}
}

View File

@ -0,0 +1,4 @@
---
features:
- This adds the enable_proxy_headers parsing option which is used by the
http_proxy_to_wsgi middleware.

View File

@ -61,6 +61,7 @@ describe 'barbican::api' do
:retry_scheduler_initial_delay_seconds => '<SERVICE DEFAULT>',
:retry_scheduler_periodic_interval_max_seconds => '<SERVICE DEFAULT>',
:service_name => platform_params[:service_name],
:enable_proxy_headers_parsing => '<SERVICE DEFAULT>',
}
end
@ -99,6 +100,7 @@ describe 'barbican::api' do
:retry_scheduler_periodic_interval_max_seconds => 20.0,
:max_allowed_secret_in_bytes => 20000,
:max_allowed_request_size_in_bytes => 2000000,
:enable_proxy_headers_parsing => false,
}
].each do |param_set|
describe "when #{param_set == {} ? "using default" : "specifying"} class parameters" do
@ -176,6 +178,19 @@ describe 'barbican::api' do
end
end
describe 'with enable_proxy_headers_parsing' do
let :pre_condition do
'class { "barbican::keystone::authtoken": password => "secret", }
include ::apache'
end
let :params do
default_params.merge!({:enable_proxy_headers_parsing => true })
end
it { is_expected.to contain_barbican_config('oslo_middleware/enable_proxy_headers_parsing').with_value(true) }
end
describe 'with SSL socket options set' do
let :pre_condition do
'class { "barbican::keystone::authtoken": password => "secret", }