From d3630bda9722a83107a3bb77973ba101a77f1287 Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Date: Mon, 17 Oct 2016 09:14:01 +0300
Subject: [PATCH] Add option to enable Neutron's SSL middleware

Neutron is now using the HTTPProxyToWSGI middleware from
oslo.middlware in its default api-paste configuration [1]. This commit
gives us the ability to enable/disable that middlware.

[1] Ice9ee8f4e04050271d59858f92034c230325718b

Change-Id: I99bc9486fdd85857ce73c413e17400320bd6ec5b
---
 manifests/server.pp                                    | 10 ++++++++++
 ...ders_parsing-option-to-server-a5a36519b494c018.yaml |  4 ++++
 spec/classes/neutron_server_spec.rb                    |  9 +++++++++
 3 files changed, 23 insertions(+)
 create mode 100644 releasenotes/notes/Add-enable_headers_parsing-option-to-server-a5a36519b494c018.yaml

diff --git a/manifests/server.pp b/manifests/server.pp
index 051cff07b..e79d4e56f 100644
--- a/manifests/server.pp
+++ b/manifests/server.pp
@@ -204,6 +204,11 @@
 #   (optional) The strategy to use for authentication.
 #   Defaults to 'keystone'
 #
+# [*enable_proxy_headers_parsing*]
+#   (Optional) Enable paste middleware to handle SSL requests through
+#   HTTPProxyToWSGI middleware.
+#   Defaults to $::os_service_default.
+#
 # === Deprecated Parameters
 #
 # [*ensure_lbaas_package*]
@@ -305,6 +310,7 @@ class neutron::server (
   $vpnaas_agent_package             = false,
   $service_providers                = $::os_service_default,
   $auth_strategy                    = 'keystone',
+  $enable_proxy_headers_parsing     = $::os_service_default,
   # DEPRECATED PARAMETERS
   $log_dir                          = undef,
   $log_file                         = undef,
@@ -519,6 +525,10 @@ class neutron::server (
 
   }
 
+  oslo::middleware { 'neutron_config':
+    enable_proxy_headers_parsing => $enable_proxy_headers_parsing,
+  }
+
   if $manage_service {
     if $enabled {
       $service_ensure = 'running'
diff --git a/releasenotes/notes/Add-enable_headers_parsing-option-to-server-a5a36519b494c018.yaml b/releasenotes/notes/Add-enable_headers_parsing-option-to-server-a5a36519b494c018.yaml
new file mode 100644
index 000000000..7519c03df
--- /dev/null
+++ b/releasenotes/notes/Add-enable_headers_parsing-option-to-server-a5a36519b494c018.yaml
@@ -0,0 +1,4 @@
+---
+features:
+  - The enable_headers_parsing option was added to the server manifest. This
+    enables the http_proxy_to_wsgi middleware to process SSL-related headers.
diff --git a/spec/classes/neutron_server_spec.rb b/spec/classes/neutron_server_spec.rb
index 13f6106e1..0465a5a09 100644
--- a/spec/classes/neutron_server_spec.rb
+++ b/spec/classes/neutron_server_spec.rb
@@ -79,6 +79,7 @@ describe 'neutron::server' do
       is_expected.to contain_neutron_config('DEFAULT/agent_down_time').with_value('<SERVICE DEFAULT>')
       is_expected.to contain_neutron_config('DEFAULT/router_scheduler_driver').with_value(p[:router_scheduler_driver])
       is_expected.to contain_neutron_config('qos/notification_drivers').with_value('<SERVICE DEFAULT>')
+      is_expected.to contain_neutron_config('oslo_middleware/enable_proxy_headers_parsing').with_value('<SERVICE DEFAULT>')
     end
 
     context 'with manage_service as false' do
@@ -217,6 +218,14 @@ describe 'neutron::server' do
       end
 
     end
+
+    context 'with enable_proxy_headers_parsing' do
+      before :each do
+        params.merge!({:enable_proxy_headers_parsing => true })
+      end
+
+      it { is_expected.to contain_neutron_config('oslo_middleware/enable_proxy_headers_parsing').with_value(true) }
+    end
   end
 
   shared_examples_for 'a neutron server with broken authentication' do