Add option to enable Neutron's SSL middleware

Neutron is now using the HTTPProxyToWSGI middleware from
oslo.middlware in its default api-paste configuration [1]. This commit
gives us the ability to enable/disable that middlware.

[1] Ice9ee8f4e04050271d59858f92034c230325718b

Change-Id: I99bc9486fdd85857ce73c413e17400320bd6ec5b
This commit is contained in:
Juan Antonio Osorio Robles 2016-10-17 09:14:01 +03:00
parent 28ca3b3044
commit d3630bda97
3 changed files with 23 additions and 0 deletions

View File

@ -204,6 +204,11 @@
# (optional) The strategy to use for authentication.
# Defaults to 'keystone'
#
# [*enable_proxy_headers_parsing*]
# (Optional) Enable paste middleware to handle SSL requests through
# HTTPProxyToWSGI middleware.
# Defaults to $::os_service_default.
#
# === Deprecated Parameters
#
# [*ensure_lbaas_package*]
@ -305,6 +310,7 @@ class neutron::server (
$vpnaas_agent_package = false,
$service_providers = $::os_service_default,
$auth_strategy = 'keystone',
$enable_proxy_headers_parsing = $::os_service_default,
# DEPRECATED PARAMETERS
$log_dir = undef,
$log_file = undef,
@ -519,6 +525,10 @@ class neutron::server (
}
oslo::middleware { 'neutron_config':
enable_proxy_headers_parsing => $enable_proxy_headers_parsing,
}
if $manage_service {
if $enabled {
$service_ensure = 'running'

View File

@ -0,0 +1,4 @@
---
features:
- The enable_headers_parsing option was added to the server manifest. This
enables the http_proxy_to_wsgi middleware to process SSL-related headers.

View File

@ -79,6 +79,7 @@ describe 'neutron::server' do
is_expected.to contain_neutron_config('DEFAULT/agent_down_time').with_value('<SERVICE DEFAULT>')
is_expected.to contain_neutron_config('DEFAULT/router_scheduler_driver').with_value(p[:router_scheduler_driver])
is_expected.to contain_neutron_config('qos/notification_drivers').with_value('<SERVICE DEFAULT>')
is_expected.to contain_neutron_config('oslo_middleware/enable_proxy_headers_parsing').with_value('<SERVICE DEFAULT>')
end
context 'with manage_service as false' do
@ -217,6 +218,14 @@ describe 'neutron::server' do
end
end
context 'with enable_proxy_headers_parsing' do
before :each do
params.merge!({:enable_proxy_headers_parsing => true })
end
it { is_expected.to contain_neutron_config('oslo_middleware/enable_proxy_headers_parsing').with_value(true) }
end
end
shared_examples_for 'a neutron server with broken authentication' do