openstack/puppet-oslo
Code Issues Proposed changes

healthcheck: Add support for ignore_proxied_requests

Browse Source 
The new ignore_proxied_requests option was added to the healthcheck
middleware which allows operators to prohibit access to healthcheck
information via load balancers. This introduces a new parameter which
corresponds to this option.

Depends-on: https://review.opendev.org/901215
Change-Id: Iaf9b40db938f998c20d6cea4b19cf09651c46bbf
This commit is contained in:
Takashi Kajinami
2024-02-22 10:15:47 +09:00
parent 9175c459e4
commit ac79ad02bb
3 changed files with 28 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
manifests/healthcheck.pp
View File

@@ -18,6 +18,10 @@
# healthcheck information. # healthcheck information.
# Defaults to $facts['os_service_default'] # Defaults to $facts['os_service_default']
# #
# [*ignore_proxied_requests*]
# (Optional) Ignore requests with proxy headers
# Defaults to $facts['os_service_default']
#
# [*disable_by_file_path*] # [*disable_by_file_path*]
# (Optional) Check the presence of a file to determine if an application # (Optional) Check the presence of a file to determine if an application
# is running on a port. # is running on a port.
@@ -29,11 +33,12 @@
# Defaults to $facts['os_service_default'] # Defaults to $facts['os_service_default']
# #
define oslo::healthcheck( define oslo::healthcheck(
$detailed = $facts['os_service_default'], $detailed = $facts['os_service_default'],
$backends = $facts['os_service_default'], $backends = $facts['os_service_default'],
$allowed_source_ranges = $facts['os_service_default'], $allowed_source_ranges = $facts['os_service_default'],
$disable_by_file_path = $facts['os_service_default'], $ignore_proxied_requests = $facts['os_service_default'],
$disable_by_file_paths = $facts['os_service_default'], $disable_by_file_path = $facts['os_service_default'],
$disable_by_file_paths = $facts['os_service_default'],
) { ) {
$backends_real = join(any2array($backends), ',') $backends_real = join(any2array($backends), ',')
@@ -41,11 +46,12 @@ define oslo::healthcheck(
$disable_by_file_paths_real = join(any2array($disable_by_file_paths), ',') $disable_by_file_paths_real = join(any2array($disable_by_file_paths), ',')
$healthcheck_options = { $healthcheck_options = {
'healthcheck/detailed' => { value => $detailed }, 'healthcheck/detailed' => { value => $detailed },
'healthcheck/backends' => { value => $backends_real }, 'healthcheck/backends' => { value => $backends_real },
'healthcheck/allowed_source_ranges' => { value => $allowed_source_ranges_real }, 'healthcheck/allowed_source_ranges' => { value => $allowed_source_ranges_real },
'healthcheck/disable_by_file_path' => { value => $disable_by_file_path }, 'healthcheck/ignore_proxied_requests' => { value => $ignore_proxied_requests },
'healthcheck/disable_by_file_paths' => { value => $disable_by_file_paths_real}, 'healthcheck/disable_by_file_path' => { value => $disable_by_file_path },
'healthcheck/disable_by_file_paths' => { value => $disable_by_file_paths_real },
} }
create_resources($name, $healthcheck_options) create_resources($name, $healthcheck_options)
} }

4
releasenotes/notes/healthcheck-ignore_proxied_requests-1c64c62f261882c9.yaml Normal file
View File

@@ -0,0 +1,4 @@
---
features:
- |
The new ``oslo::ignore_proxied_requests`` parameter has been added.

13
spec/defines/oslo_healthcheck_spec.rb
View File

@@ -15,6 +15,7 @@ describe 'oslo::healthcheck' do
is_expected.to contain_keystone_config('healthcheck/detailed').with_value('<SERVICE DEFAULT>') is_expected.to contain_keystone_config('healthcheck/detailed').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('healthcheck/backends').with_value('<SERVICE DEFAULT>') is_expected.to contain_keystone_config('healthcheck/backends').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('healthcheck/allowed_source_ranges').with_value('<SERVICE DEFAULT>') is_expected.to contain_keystone_config('healthcheck/allowed_source_ranges').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('healthcheck/ignore_proxied_requests').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('healthcheck/disable_by_file_path').with_value('<SERVICE DEFAULT>') is_expected.to contain_keystone_config('healthcheck/disable_by_file_path').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('healthcheck/disable_by_file_paths').with_value('<SERVICE DEFAULT>') is_expected.to contain_keystone_config('healthcheck/disable_by_file_paths').with_value('<SERVICE DEFAULT>')
end end
@@ -23,14 +24,15 @@ describe 'oslo::healthcheck' do
context 'with parameters overridden' do context 'with parameters overridden' do
let :params do let :params do
{ {
:detailed => true, :detailed => true,
:backends => ['disable_by_file', 'disable_by_files_ports'], :backends => ['disable_by_file', 'disable_by_files_ports'],
:allowed_source_ranges => ['10.0.0.0/24', '10.0.1.0/24'], :allowed_source_ranges => ['10.0.0.0/24', '10.0.1.0/24'],
:disable_by_file_path => '/etc/keystone/healthcheck/disabled', :disable_by_file_path => '/etc/keystone/healthcheck/disabled',
:disable_by_file_paths => [ :disable_by_file_paths => [
'5000:/etc/keystone/healthcheck/public-disabled', '5000:/etc/keystone/healthcheck/public-disabled',
'35357:/etc/keystone/healthcheck/admin-disabled' '35357:/etc/keystone/healthcheck/admin-disabled'
], ],
:ignore_proxied_requests => false,
} }
end end
@@ -42,6 +44,7 @@ describe 'oslo::healthcheck' do
is_expected.to contain_keystone_config('healthcheck/allowed_source_ranges').with_value( is_expected.to contain_keystone_config('healthcheck/allowed_source_ranges').with_value(
'10.0.0.0/24,10.0.1.0/24' '10.0.0.0/24,10.0.1.0/24'
) )
is_expected.to contain_keystone_config('healthcheck/ignore_proxied_requests').with_value('false')
is_expected.to contain_keystone_config('healthcheck/disable_by_file_path').with_value( is_expected.to contain_keystone_config('healthcheck/disable_by_file_path').with_value(
'/etc/keystone/healthcheck/disabled' '/etc/keystone/healthcheck/disabled'
) )