Add option to enable Neutron's SSL middleware

Neutron is now using the HTTPProxyToWSGI middleware from oslo.middlware in its default api-paste configuration [1]. This commit gives us the ability to enable/disable that middlware. [1] Ice9ee8f4e04050271d59858f92034c230325718b Change-Id: I99bc9486fdd85857ce73c413e17400320bd6ec5b
2016-10-17 09:14:01 +03:00 · 2016-10-17 09:14:01 +03:00 · d3630bda97
commit d3630bda97
parent 28ca3b3044
3 changed files with 23 additions and 0 deletions
--- a/manifests/server.pp
+++ b/manifests/server.pp
@ -204,6 +204,11 @@
 #   (optional) The strategy to use for authentication.
 #   Defaults to 'keystone'
 #
+# [*enable_proxy_headers_parsing*]
+#   (Optional) Enable paste middleware to handle SSL requests through
+#   HTTPProxyToWSGI middleware.
+#   Defaults to $::os_service_default.
+#
 # === Deprecated Parameters
 #
 # [*ensure_lbaas_package*]
@ -305,6 +310,7 @@ class neutron::server (
  $vpnaas_agent_package             = false,
  $service_providers                = $::os_service_default,
  $auth_strategy                    = 'keystone',
+  $enable_proxy_headers_parsing     = $::os_service_default,
  # DEPRECATED PARAMETERS
  $log_dir                          = undef,
  $log_file                         = undef,
@ -519,6 +525,10 @@ class neutron::server (

  }

+  oslo::middleware { 'neutron_config':
+    enable_proxy_headers_parsing => $enable_proxy_headers_parsing,
+  }
+
  if $manage_service {
    if $enabled {
      $service_ensure = 'running'
--- a/releasenotes/notes/Add-enable_headers_parsing-option-to-server-a5a36519b494c018.yaml
+++ b/releasenotes/notes/Add-enable_headers_parsing-option-to-server-a5a36519b494c018.yaml
@ -0,0 +1,4 @@
+---
+features:
+  - The enable_headers_parsing option was added to the server manifest. This
+    enables the http_proxy_to_wsgi middleware to process SSL-related headers.
--- a/spec/classes/neutron_server_spec.rb
+++ b/spec/classes/neutron_server_spec.rb
@ -79,6 +79,7 @@ describe 'neutron::server' do
      is_expected.to contain_neutron_config('DEFAULT/agent_down_time').with_value('<SERVICE DEFAULT>')
      is_expected.to contain_neutron_config('DEFAULT/router_scheduler_driver').with_value(p[:router_scheduler_driver])
      is_expected.to contain_neutron_config('qos/notification_drivers').with_value('<SERVICE DEFAULT>')
+      is_expected.to contain_neutron_config('oslo_middleware/enable_proxy_headers_parsing').with_value('<SERVICE DEFAULT>')
    end

    context 'with manage_service as false' do
@ -217,6 +218,14 @@ describe 'neutron::server' do
      end

    end
+
+    context 'with enable_proxy_headers_parsing' do
+      before :each do
+        params.merge!({:enable_proxy_headers_parsing => true })
+      end
+
+      it { is_expected.to contain_neutron_config('oslo_middleware/enable_proxy_headers_parsing').with_value(true) }
+    end
  end

  shared_examples_for 'a neutron server with broken authentication' do