openstack/puppet-neutron
Code Issues Proposed changes

Add option to enable Neutron's SSL middleware

Browse Source 
Neutron is now using the HTTPProxyToWSGI middleware from
oslo.middlware in its default api-paste configuration [1]. This commit
gives us the ability to enable/disable that middlware.

[1] Ice9ee8f4e04050271d59858f92034c230325718b

Change-Id: I99bc9486fdd85857ce73c413e17400320bd6ec5b
This commit is contained in:
Juan Antonio Osorio Robles 2016-10-17 09:14:01 +03:00
parent 28ca3b3044
commit d3630bda97
3 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
manifests/server.pp
View File

@ -204,6 +204,11 @@
# (optional) The strategy to use for authentication. # (optional) The strategy to use for authentication.
# Defaults to 'keystone' # Defaults to 'keystone'
# #
# [*enable_proxy_headers_parsing*]
# (Optional) Enable paste middleware to handle SSL requests through
# HTTPProxyToWSGI middleware.
# Defaults to $::os_service_default.
#
# === Deprecated Parameters # === Deprecated Parameters
# #
# [*ensure_lbaas_package*] # [*ensure_lbaas_package*]
@ -305,6 +310,7 @@ class neutron::server (
$vpnaas_agent_package = false, $vpnaas_agent_package = false,
$service_providers = $::os_service_default, $service_providers = $::os_service_default,
$auth_strategy = 'keystone', $auth_strategy = 'keystone',
$enable_proxy_headers_parsing = $::os_service_default,
# DEPRECATED PARAMETERS # DEPRECATED PARAMETERS
$log_dir = undef, $log_dir = undef,
$log_file = undef, $log_file = undef,
@ -519,6 +525,10 @@ class neutron::server (
} }
oslo::middleware { 'neutron_config':
enable_proxy_headers_parsing => $enable_proxy_headers_parsing,
}
if $manage_service { if $manage_service {
if $enabled { if $enabled {
$service_ensure = 'running' $service_ensure = 'running'

4
releasenotes/notes/Add-enable_headers_parsing-option-to-server-a5a36519b494c018.yaml Normal file
View File

@ -0,0 +1,4 @@
---
features:
- The enable_headers_parsing option was added to the server manifest. This
enables the http_proxy_to_wsgi middleware to process SSL-related headers.

9
spec/classes/neutron_server_spec.rb
View File

@ -79,6 +79,7 @@ describe 'neutron::server' do
is_expected.to contain_neutron_config('DEFAULT/agent_down_time').with_value('<SERVICE DEFAULT>') is_expected.to contain_neutron_config('DEFAULT/agent_down_time').with_value('<SERVICE DEFAULT>')
is_expected.to contain_neutron_config('DEFAULT/router_scheduler_driver').with_value(p[:router_scheduler_driver]) is_expected.to contain_neutron_config('DEFAULT/router_scheduler_driver').with_value(p[:router_scheduler_driver])
is_expected.to contain_neutron_config('qos/notification_drivers').with_value('<SERVICE DEFAULT>') is_expected.to contain_neutron_config('qos/notification_drivers').with_value('<SERVICE DEFAULT>')
is_expected.to contain_neutron_config('oslo_middleware/enable_proxy_headers_parsing').with_value('<SERVICE DEFAULT>')
end end
context 'with manage_service as false' do context 'with manage_service as false' do
@ -217,6 +218,14 @@ describe 'neutron::server' do
end end
end end
context 'with enable_proxy_headers_parsing' do
before :each do
params.merge!({:enable_proxy_headers_parsing => true })
end
it { is_expected.to contain_neutron_config('oslo_middleware/enable_proxy_headers_parsing').with_value(true) }
end
end end
shared_examples_for 'a neutron server with broken authentication' do shared_examples_for 'a neutron server with broken authentication' do