From 6aca1ad5301c0284a9584f1e8d68fb7bf8ed2c44 Mon Sep 17 00:00:00 2001
From: ZhongShengping <chdzsp@163.com>
Date: Fri, 28 Oct 2016 19:50:21 +0800
Subject: [PATCH] Add enable_proxy_headers_parsing option

The patch enables paste middleware to handle SSL requests through
HTTPProxyToWSGI middleware.

Change-Id: I8107b6328fe103b16a65a8556f3ef9d0a38c2cf9
---
 manifests/api.pp                                  | 10 ++++++++++
 ...ble_proxy_header_parsing-235a92e233f6741d.yaml |  4 ++++
 spec/classes/barbican_api_spec.rb                 | 15 +++++++++++++++
 3 files changed, 29 insertions(+)
 create mode 100644 releasenotes/notes/add_enable_proxy_header_parsing-235a92e233f6741d.yaml

diff --git a/manifests/api.pp b/manifests/api.pp
index 84e77f68..87833b8e 100644
--- a/manifests/api.pp
+++ b/manifests/api.pp
@@ -214,6 +214,11 @@
 #   (optional) CA certificate file to use to verify connecting clients
 #   Defaults to $::os_service_default
 #
+# [*enable_proxy_headers_parsing*]
+#   (Optional) Enable paste middleware to handle SSL requests through
+#   HTTPProxyToWSGI middleware.
+#   Defaults to $::os_service_default.
+#
 # === DEPRECATED PARAMETERS
 #
 # [*keystone_password*]
@@ -277,6 +282,7 @@ class barbican::api (
   $cert_file                                     = $::os_service_default,
   $key_file                                      = $::os_service_default,
   $service_name                                  = 'barbican-api',
+  $enable_proxy_headers_parsing                  = $::os_service_default,
   # DEPRECATED
   $auth_type                                     = undef,
   $keystone_password                             = undef,
@@ -486,4 +492,8 @@ class barbican::api (
     fail('Invalid service_name. Use barbican-api for stand-alone or httpd')
   }
 
+  oslo::middleware { 'barbican_config':
+    enable_proxy_headers_parsing => $enable_proxy_headers_parsing,
+  }
+
 }
diff --git a/releasenotes/notes/add_enable_proxy_header_parsing-235a92e233f6741d.yaml b/releasenotes/notes/add_enable_proxy_header_parsing-235a92e233f6741d.yaml
new file mode 100644
index 00000000..3f798751
--- /dev/null
+++ b/releasenotes/notes/add_enable_proxy_header_parsing-235a92e233f6741d.yaml
@@ -0,0 +1,4 @@
+---
+features:
+  - This adds the enable_proxy_headers parsing option which is used by the
+    http_proxy_to_wsgi middleware.
diff --git a/spec/classes/barbican_api_spec.rb b/spec/classes/barbican_api_spec.rb
index 77fda861..ced1b350 100644
--- a/spec/classes/barbican_api_spec.rb
+++ b/spec/classes/barbican_api_spec.rb
@@ -61,6 +61,7 @@ describe 'barbican::api' do
         :retry_scheduler_initial_delay_seconds         => '<SERVICE DEFAULT>',
         :retry_scheduler_periodic_interval_max_seconds => '<SERVICE DEFAULT>',
         :service_name                                  => platform_params[:service_name],
+        :enable_proxy_headers_parsing                  => '<SERVICE DEFAULT>',
       }
     end
 
@@ -99,6 +100,7 @@ describe 'barbican::api' do
         :retry_scheduler_periodic_interval_max_seconds => 20.0,
         :max_allowed_secret_in_bytes                   => 20000,
         :max_allowed_request_size_in_bytes             => 2000000,
+        :enable_proxy_headers_parsing                  => false,
       }
     ].each do |param_set|
       describe "when #{param_set == {} ? "using default" : "specifying"} class parameters" do
@@ -176,6 +178,19 @@ describe 'barbican::api' do
       end
     end
 
+    describe 'with enable_proxy_headers_parsing' do
+      let :pre_condition do
+          'class { "barbican::keystone::authtoken": password => "secret", }
+           include ::apache'
+      end
+
+      let :params do
+        default_params.merge!({:enable_proxy_headers_parsing => true })
+      end
+
+      it { is_expected.to contain_barbican_config('oslo_middleware/enable_proxy_headers_parsing').with_value(true) }
+    end
+
     describe 'with SSL socket options set' do
       let :pre_condition do
           'class { "barbican::keystone::authtoken": password => "secret", }