Add option to enable Keystone's SSL middleware

Keystone is now using the HTTPProxyToWSGI middleware from oslo.middlware in its default api-paste configuration [1]. This commit gives us the ability to enable/disable that middlware. [1] Iad628a863e55cbf20c89ef23ebc7527ba8e1a835 Change-Id: I0fec98a6e1d9c8be4d8b8df382b78ba2815790f9
2016-07-13 10:50:20 +03:00
parent 8e1d3f16c4
commit ade1aadb37
2 changed files with 18 additions and 0 deletions
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -508,6 +508,11 @@
 #   prevent keystone eventlet and apache from auto-starting on package install.
 #   Defaults to false
 #
+# [*enable_proxy_headers_parsing*]
+#   (Optional) Enable paste middleware to handle SSL requests through
+#   HTTPProxyToWSGI middleware.
+#   Defaults to $::os_service_default.
+#
 # [*purge_config*]
 #   (optional) Whether to set only the specified config options
 #   in the keystone config.
@@ -684,6 +689,7 @@ class keystone(
  $keystone_user                        = $::keystone::params::keystone_user,
  $keystone_group                       = $::keystone::params::keystone_group,
  $manage_policyrcd                     = false,
+  $enable_proxy_headers_parsing         = $::os_service_default,
  $purge_config                         = false,
  # DEPRECATED PARAMETERS
  $admin_workers                        = max($::processorcount, 2),
@@ -859,6 +865,10 @@ class keystone(
    memcache_pool_connection_get_timeout => $memcache_pool_connection_get_timeout,
  }

+  oslo::middleware { 'keystone_config':
+    enable_proxy_headers_parsing => $enable_proxy_headers_parsing,
+  }
+
  # configure based on the catalog backend
  if $catalog_driver {
    $catalog_driver_real = $catalog_driver
--- a/spec/classes/keystone_spec.rb
+++ b/spec/classes/keystone_spec.rb
@@ -808,6 +808,14 @@ describe 'keystone' do
    it { is_expected.to contain_keystone_config('oslo_messaging_rabbit/kombu_failover_strategy').with_value('<SERVICE DEFAULT>') }
  end

+  describe 'setting enable_proxy_headers_parsing' do
+    let :params do
+      default_params.merge({:enable_proxy_headers_parsing => true })
+    end
+
+    it { is_expected.to contain_keystone_config('oslo_middleware/enable_proxy_headers_parsing').with_value(true) }
+  end
+
  describe 'setting sql policy driver' do
    let :params do
      default_params.merge({:policy_driver => 'sql' })