Add enable_proxy_headers_parsing option
The patch enables paste middleware to handle SSL requests through HTTPProxyToWSGI middleware. Change-Id: I8107b6328fe103b16a65a8556f3ef9d0a38c2cf9
This commit is contained in:
parent
25f2899ef8
commit
6aca1ad530
|
@ -214,6 +214,11 @@
|
||||||
# (optional) CA certificate file to use to verify connecting clients
|
# (optional) CA certificate file to use to verify connecting clients
|
||||||
# Defaults to $::os_service_default
|
# Defaults to $::os_service_default
|
||||||
#
|
#
|
||||||
|
# [*enable_proxy_headers_parsing*]
|
||||||
|
# (Optional) Enable paste middleware to handle SSL requests through
|
||||||
|
# HTTPProxyToWSGI middleware.
|
||||||
|
# Defaults to $::os_service_default.
|
||||||
|
#
|
||||||
# === DEPRECATED PARAMETERS
|
# === DEPRECATED PARAMETERS
|
||||||
#
|
#
|
||||||
# [*keystone_password*]
|
# [*keystone_password*]
|
||||||
|
@ -277,6 +282,7 @@ class barbican::api (
|
||||||
$cert_file = $::os_service_default,
|
$cert_file = $::os_service_default,
|
||||||
$key_file = $::os_service_default,
|
$key_file = $::os_service_default,
|
||||||
$service_name = 'barbican-api',
|
$service_name = 'barbican-api',
|
||||||
|
$enable_proxy_headers_parsing = $::os_service_default,
|
||||||
# DEPRECATED
|
# DEPRECATED
|
||||||
$auth_type = undef,
|
$auth_type = undef,
|
||||||
$keystone_password = undef,
|
$keystone_password = undef,
|
||||||
|
@ -486,4 +492,8 @@ class barbican::api (
|
||||||
fail('Invalid service_name. Use barbican-api for stand-alone or httpd')
|
fail('Invalid service_name. Use barbican-api for stand-alone or httpd')
|
||||||
}
|
}
|
||||||
|
|
||||||
|
oslo::middleware { 'barbican_config':
|
||||||
|
enable_proxy_headers_parsing => $enable_proxy_headers_parsing,
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
features:
|
||||||
|
- This adds the enable_proxy_headers parsing option which is used by the
|
||||||
|
http_proxy_to_wsgi middleware.
|
|
@ -61,6 +61,7 @@ describe 'barbican::api' do
|
||||||
:retry_scheduler_initial_delay_seconds => '<SERVICE DEFAULT>',
|
:retry_scheduler_initial_delay_seconds => '<SERVICE DEFAULT>',
|
||||||
:retry_scheduler_periodic_interval_max_seconds => '<SERVICE DEFAULT>',
|
:retry_scheduler_periodic_interval_max_seconds => '<SERVICE DEFAULT>',
|
||||||
:service_name => platform_params[:service_name],
|
:service_name => platform_params[:service_name],
|
||||||
|
:enable_proxy_headers_parsing => '<SERVICE DEFAULT>',
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -99,6 +100,7 @@ describe 'barbican::api' do
|
||||||
:retry_scheduler_periodic_interval_max_seconds => 20.0,
|
:retry_scheduler_periodic_interval_max_seconds => 20.0,
|
||||||
:max_allowed_secret_in_bytes => 20000,
|
:max_allowed_secret_in_bytes => 20000,
|
||||||
:max_allowed_request_size_in_bytes => 2000000,
|
:max_allowed_request_size_in_bytes => 2000000,
|
||||||
|
:enable_proxy_headers_parsing => false,
|
||||||
}
|
}
|
||||||
].each do |param_set|
|
].each do |param_set|
|
||||||
describe "when #{param_set == {} ? "using default" : "specifying"} class parameters" do
|
describe "when #{param_set == {} ? "using default" : "specifying"} class parameters" do
|
||||||
|
@ -176,6 +178,19 @@ describe 'barbican::api' do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe 'with enable_proxy_headers_parsing' do
|
||||||
|
let :pre_condition do
|
||||||
|
'class { "barbican::keystone::authtoken": password => "secret", }
|
||||||
|
include ::apache'
|
||||||
|
end
|
||||||
|
|
||||||
|
let :params do
|
||||||
|
default_params.merge!({:enable_proxy_headers_parsing => true })
|
||||||
|
end
|
||||||
|
|
||||||
|
it { is_expected.to contain_barbican_config('oslo_middleware/enable_proxy_headers_parsing').with_value(true) }
|
||||||
|
end
|
||||||
|
|
||||||
describe 'with SSL socket options set' do
|
describe 'with SSL socket options set' do
|
||||||
let :pre_condition do
|
let :pre_condition do
|
||||||
'class { "barbican::keystone::authtoken": password => "secret", }
|
'class { "barbican::keystone::authtoken": password => "secret", }
|
||||||
|
|
Loading…
Reference in New Issue