diff --git a/manifests/init.pp b/manifests/init.pp index 77454fc69..16f5d3c95 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -508,6 +508,11 @@ # prevent keystone eventlet and apache from auto-starting on package install. # Defaults to false # +# [*enable_proxy_headers_parsing*] +# (Optional) Enable paste middleware to handle SSL requests through +# HTTPProxyToWSGI middleware. +# Defaults to $::os_service_default. +# # [*purge_config*] # (optional) Whether to set only the specified config options # in the keystone config. @@ -684,6 +689,7 @@ class keystone( $keystone_user = $::keystone::params::keystone_user, $keystone_group = $::keystone::params::keystone_group, $manage_policyrcd = false, + $enable_proxy_headers_parsing = $::os_service_default, $purge_config = false, # DEPRECATED PARAMETERS $admin_workers = max($::processorcount, 2), @@ -859,6 +865,10 @@ class keystone( memcache_pool_connection_get_timeout => $memcache_pool_connection_get_timeout, } + oslo::middleware { 'keystone_config': + enable_proxy_headers_parsing => $enable_proxy_headers_parsing, + } + # configure based on the catalog backend if $catalog_driver { $catalog_driver_real = $catalog_driver diff --git a/spec/classes/keystone_spec.rb b/spec/classes/keystone_spec.rb index 50fbfca47..e8d1277c8 100644 --- a/spec/classes/keystone_spec.rb +++ b/spec/classes/keystone_spec.rb @@ -808,6 +808,14 @@ describe 'keystone' do it { is_expected.to contain_keystone_config('oslo_messaging_rabbit/kombu_failover_strategy').with_value('') } end + describe 'setting enable_proxy_headers_parsing' do + let :params do + default_params.merge({:enable_proxy_headers_parsing => true }) + end + + it { is_expected.to contain_keystone_config('oslo_middleware/enable_proxy_headers_parsing').with_value(true) } + end + describe 'setting sql policy driver' do let :params do default_params.merge({:policy_driver => 'sql' })