openstack/puppet-keystone
Code Issues Proposed changes

Add option to enable Keystone's SSL middleware

Browse Source 
Keystone is now using the HTTPProxyToWSGI middleware from
oslo.middlware in its default api-paste configuration [1]. This commit
gives us the ability to enable/disable that middlware.

[1] Iad628a863e55cbf20c89ef23ebc7527ba8e1a835

Change-Id: I0fec98a6e1d9c8be4d8b8df382b78ba2815790f9
This commit is contained in:
Juan Antonio Osorio Robles
2016-07-13 10:50:20 +03:00
parent 8e1d3f16c4
commit ade1aadb37
2 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
manifests/init.pp
View File

@@ -508,6 +508,11 @@
# prevent keystone eventlet and apache from auto-starting on package install. # prevent keystone eventlet and apache from auto-starting on package install.
# Defaults to false # Defaults to false
# #
# [*enable_proxy_headers_parsing*]
# (Optional) Enable paste middleware to handle SSL requests through
# HTTPProxyToWSGI middleware.
# Defaults to $::os_service_default.
#
# [*purge_config*] # [*purge_config*]
# (optional) Whether to set only the specified config options # (optional) Whether to set only the specified config options
# in the keystone config. # in the keystone config.
@@ -684,6 +689,7 @@ class keystone(
$keystone_user = $::keystone::params::keystone_user, $keystone_user = $::keystone::params::keystone_user,
$keystone_group = $::keystone::params::keystone_group, $keystone_group = $::keystone::params::keystone_group,
$manage_policyrcd = false, $manage_policyrcd = false,
$enable_proxy_headers_parsing = $::os_service_default,
$purge_config = false, $purge_config = false,
# DEPRECATED PARAMETERS # DEPRECATED PARAMETERS
$admin_workers = max($::processorcount, 2), $admin_workers = max($::processorcount, 2),
@@ -859,6 +865,10 @@ class keystone(
memcache_pool_connection_get_timeout => $memcache_pool_connection_get_timeout, memcache_pool_connection_get_timeout => $memcache_pool_connection_get_timeout,
} }
oslo::middleware { 'keystone_config':
enable_proxy_headers_parsing => $enable_proxy_headers_parsing,
}
# configure based on the catalog backend # configure based on the catalog backend
if $catalog_driver { if $catalog_driver {
$catalog_driver_real = $catalog_driver $catalog_driver_real = $catalog_driver

8
spec/classes/keystone_spec.rb
View File

@@ -808,6 +808,14 @@ describe 'keystone' do
it { is_expected.to contain_keystone_config('oslo_messaging_rabbit/kombu_failover_strategy').with_value('<SERVICE DEFAULT>') } it { is_expected.to contain_keystone_config('oslo_messaging_rabbit/kombu_failover_strategy').with_value('<SERVICE DEFAULT>') }
end end
describe 'setting enable_proxy_headers_parsing' do
let :params do
default_params.merge({:enable_proxy_headers_parsing => true })
end
it { is_expected.to contain_keystone_config('oslo_middleware/enable_proxy_headers_parsing').with_value(true) }
end
describe 'setting sql policy driver' do describe 'setting sql policy driver' do
let :params do let :params do
default_params.merge({:policy_driver => 'sql' }) default_params.merge({:policy_driver => 'sql' })