openstack/puppet-nova
Code Issues Proposed changes

Adds Support for X-Forwarded-For HTTP Headers

Browse Source 
Previously, the nova::api class did not support proxies and
load-balancers that use X-Forwarded-For Headers to identify the
originating IP address of requests.  This change implements the
use_forwarded_for parameter to enable/disable the ability for
Nova API to treat the X-Forwarded-For HTTP Header as the canonical
remote address.

Defaults to false for backwards compatibility and to disable
X-Forwarded-For Headers.

Change-Id: I3c7224bef1bfa4578ab2a298b05a24e46d618ce7
This commit is contained in:
Daneyon Hansen
2013-07-30 23:31:44 +00:00
parent 72dc339f7e
commit f32ee5c74c
2 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
manifests/api.pp
View File

@@ -15,6 +15,10 @@
# * admin_tenant_name
# * admin_user
# * enabled_apis
# * use_forwarded_for:
# Treat X-Forwarded-For as the canonical remote address. Only
# enable this if you have a sanitizing proxy. (boolean value)
# (Optional). Defaults to false.
# * quantum_metadata_proxy_shared_secret
#
class nova::api(
@@ -32,6 +36,7 @@ class nova::api(
$metadata_listen = '0.0.0.0',
$enabled_apis = 'ec2,osapi_compute,metadata',
$volume_api_class = 'nova.volume.cinder.API',
$use_forwarded_for = false,
$workers = $::processorcount,
$sync_db = true,
$quantum_metadata_proxy_shared_secret = undef
@@ -67,6 +72,7 @@ class nova::api(
'DEFAULT/metadata_listen': value => $metadata_listen;
'DEFAULT/osapi_volume_listen': value => $api_bind_address;
'DEFAULT/osapi_compute_workers': value => $workers;
'DEFAULT/use_forwarded_for': value => $use_forwarded_for;
}
if ($quantum_metadata_proxy_shared_secret){

2
spec/classes/nova_api_spec.rb
View File

@@ -90,6 +90,7 @@ describe 'nova::api' do
:api_bind_address => '192.168.56.210',
:metadata_listen => '127.0.0.1',
:volume_api_class => 'nova.volume.cinder.API',
:use_forwarded_for => false,
:quantum_metadata_proxy_shared_secret => 'secrete',
}
end
@@ -113,6 +114,7 @@ describe 'nova::api' do
it { should contain_nova_config('DEFAULT/osapi_compute_listen').with('value' => '192.168.56.210') }
it { should contain_nova_config('DEFAULT/metadata_listen').with('value' => '127.0.0.1') }
it { should contain_nova_config('DEFAULT/osapi_volume_listen').with('value' => '192.168.56.210') }
it { should contain_nova_config('DEFAULT/use_forwarded_for').with('value' => false) }
it { should contain_nova_config('DEFAULT/osapi_compute_workers').with('value' => '5') }
it { should contain_nova_config('DEFAULT/service_quantum_metadata_proxy').with('value' => true) }
it { should contain_nova_config('DEFAULT/quantum_metadata_proxy_shared_secret').with('value' => 'secrete') }