Add enable_proxy_headers_parsing option

The patch enables paste middleware to handle SSL requests through HTTPProxyToWSGI middleware. Change-Id: I367333809b7c2d9888b425d2db5e8033554db2c6
2016-10-28 20:11:21 +08:00
parent e8d5c7b887
commit 54097080e3
3 changed files with 38 additions and 15 deletions
--- a/manifests/api.pp
+++ b/manifests/api.pp
@@ -94,23 +94,29 @@
 #   undefined, tokens will instead be cached in-process.
 #   Defaults to undef.
 #
+# [*enable_proxy_headers_parsing*]
+#   (Optional) Enable paste middleware to handle SSL requests through
+#   HTTPProxyToWSGI middleware.
+#   Defaults to $::os_service_default.
+#
 class ironic::api (
-  $package_ensure    = 'present',
-  $enabled           = true,
-  $service_name      = $::ironic::params::api_service,
-  $host_ip           = '0.0.0.0',
-  $port              = '6385',
-  $max_limit         = '1000',
-  $workers           = $::os_service_default,
-  $neutron_url       = 'http://127.0.0.1:9696/',
-  $public_endpoint   = $::os_service_default,
+  $package_ensure               = 'present',
+  $enabled                      = true,
+  $service_name                 = $::ironic::params::api_service,
+  $host_ip                      = '0.0.0.0',
+  $port                         = '6385',
+  $max_limit                    = '1000',
+  $workers                      = $::os_service_default,
+  $neutron_url                  = 'http://127.0.0.1:9696/',
+  $public_endpoint              = $::os_service_default,
+  $enable_proxy_headers_parsing = $::os_service_default,
  # DEPRECATED PARAMETERS
-  $identity_uri      = undef,
-  $admin_tenant_name = undef,
-  $admin_user        = undef,
-  $admin_password    = undef,
-  $auth_uri          = undef,
-  $memcached_servers = undef,
+  $identity_uri                 = undef,
+  $admin_tenant_name            = undef,
+  $admin_user                   = undef,
+  $admin_password               = undef,
+  $auth_uri                     = undef,
+  $memcached_servers            = undef,
 ) inherits ironic::params {

  include ::ironic::deps
@@ -200,4 +206,8 @@ Use 'ironic::api::authtoken::memcached_servers' parameter instead.")
 standalone service, or httpd for being run by a httpd server")
  }

+  oslo::middleware { 'ironic_config':
+    enable_proxy_headers_parsing => $enable_proxy_headers_parsing,
+  }
+
 }
--- a/releasenotes/notes/add_enable_proxy_header_parsing-1837e35d317e74f7.yaml
+++ b/releasenotes/notes/add_enable_proxy_header_parsing-1837e35d317e74f7.yaml
@@ -0,0 +1,4 @@
+---
+features:
+  - This adds the enable_proxy_headers parsing option which is used by the
+    http_proxy_to_wsgi middleware.
--- a/spec/classes/ironic_api_spec.rb
+++ b/spec/classes/ironic_api_spec.rb
@@ -76,6 +76,7 @@ describe 'ironic::api' do
      is_expected.to contain_ironic_config('keystone_authtoken/memcached_servers').with_value('<SERVICE DEFAULT>')
      is_expected.to contain_ironic_config('neutron/url').with_value('http://127.0.0.1:9696/')
      is_expected.to contain_ironic_config('keystone_authtoken/project_name').with_value(p[:admin_tenant_name])
+      is_expected.to contain_ironic_config('oslo_middleware/enable_proxy_headers_parsing').with_value('<SERVICE DEFAULT>')
    end

    context 'when overriding parameters' do
@@ -105,6 +106,14 @@ describe 'ironic::api' do
      end
    end

+    context 'with enable_proxy_headers_parsing' do
+      before do
+        params.merge!({:enable_proxy_headers_parsing => true })
+      end
+
+      it { is_expected.to contain_ironic_config('oslo_middleware/enable_proxy_headers_parsing').with_value(true) }
+    end
+
    context 'when running ironic-api in wsgi' do
      before do
        params.merge!({ :service_name => 'httpd' })