Merge "Add secure_proxy_ssl_header option" into stable/mitaka

Jenkins · openstack-gerrit · commit c3cc0ed19289 · 2016-05-23T18:46:46.000Z
diff --git a/manifests/api.pp b/manifests/api.pp
@@ -136,6 +136,12 @@
 #   (optional) Enable or not Nova API v3
 #   Defaults to false
 #
+# [*secure_proxy_ssl_header*]
+#   (optional) The HTTP Header that will be used to determine
+#   what the original request protocol scheme was, even if
+#   it was hidden by an SSL termination proxy.
+#   Defaults to $::os_service_default
+#
 # [*default_floating_pool*]
 #   (optional) Default pool for floating IPs
 #   Defaults to 'nova'
@@ -206,6 +212,7 @@
   $instance_name_template    = undef,
   $fping_path                = '/usr/sbin/fping',
   $service_name              = $::nova::params::api_service_name,
+  $secure_proxy_ssl_header   = $::os_service_default,
   # DEPRECATED PARAMETER
   $conductor_workers         = undef,
   $ec2_listen_port           = undef,
@@ -292,20 +299,21 @@
   }
 
   nova_config {
-    'DEFAULT/api_paste_config':          value => $api_paste_config;
-    'DEFAULT/enabled_apis':              value => $enabled_apis_real;
-    'DEFAULT/volume_api_class':          value => $volume_api_class;
-    'DEFAULT/osapi_compute_listen':      value => $api_bind_address;
-    'DEFAULT/metadata_listen':           value => $metadata_listen;
-    'DEFAULT/metadata_listen_port':      value => $metadata_listen_port;
-    'DEFAULT/osapi_compute_listen_port': value => $osapi_compute_listen_port;
-    'DEFAULT/osapi_volume_listen':       value => $api_bind_address;
-    'DEFAULT/osapi_compute_workers':     value => $osapi_compute_workers;
-    'DEFAULT/metadata_workers':          value => $metadata_workers;
-    'DEFAULT/use_forwarded_for':         value => $use_forwarded_for;
-    'DEFAULT/default_floating_pool':     value => $default_floating_pool;
-    'DEFAULT/fping_path':                value => $fping_path;
-    'osapi_v3/enabled':                  value => $osapi_v3;
+    'DEFAULT/api_paste_config':                value => $api_paste_config;
+    'DEFAULT/enabled_apis':                    value => $enabled_apis_real;
+    'DEFAULT/volume_api_class':                value => $volume_api_class;
+    'DEFAULT/osapi_compute_listen':            value => $api_bind_address;
+    'DEFAULT/metadata_listen':                 value => $metadata_listen;
+    'DEFAULT/metadata_listen_port':            value => $metadata_listen_port;
+    'DEFAULT/osapi_compute_listen_port':       value => $osapi_compute_listen_port;
+    'DEFAULT/osapi_volume_listen':             value => $api_bind_address;
+    'DEFAULT/osapi_compute_workers':           value => $osapi_compute_workers;
+    'DEFAULT/metadata_workers':                value => $metadata_workers;
+    'DEFAULT/use_forwarded_for':               value => $use_forwarded_for;
+    'DEFAULT/default_floating_pool':           value => $default_floating_pool;
+    'DEFAULT/fping_path':                      value => $fping_path;
+    'osapi_v3/enabled':                        value => $osapi_v3;
+    'oslo_middleware/secure_proxy_ssl_header': value => $secure_proxy_ssl_header;
   }
 
   if ($neutron_metadata_proxy_shared_secret){
diff --git a/spec/classes/nova_api_spec.rb b/spec/classes/nova_api_spec.rb
@@ -66,6 +66,7 @@
         is_expected.to contain_nova_config('DEFAULT/metadata_workers').with('value' => '5')
         is_expected.to contain_nova_config('DEFAULT/default_floating_pool').with('value' => 'nova')
         is_expected.to contain_nova_config('DEFAULT/fping_path').with('value' => '/usr/sbin/fping')
+        is_expected.to contain_nova_config('oslo_middleware/secure_proxy_ssl_header').with('value' => '<SERVICE DEFAULT>')
       end
 
       it 'do not configure v3 api' do
@@ -100,7 +101,8 @@
           :metadata_workers                     => 2,
           :default_floating_pool                => 'public',
           :osapi_v3                             => true,
-          :pci_alias                            => "[{\"vendor_id\":\"8086\",\"product_id\":\"0126\",\"name\":\"graphic_card\"},{\"vendor_id\":\"9096\",\"product_id\":\"1520\",\"name\":\"network_card\"}]"
+          :pci_alias                            => "[{\"vendor_id\":\"8086\",\"product_id\":\"0126\",\"name\":\"graphic_card\"},{\"vendor_id\":\"9096\",\"product_id\":\"1520\",\"name\":\"network_card\"}]",
+          :secure_proxy_ssl_header              => "HTTP-X-Forwarded-Proto"
         })
       end
 
@@ -146,6 +148,7 @@
         is_expected.to contain_nova_config('DEFAULT/default_floating_pool').with('value' => 'public')
         is_expected.to contain_nova_config('neutron/service_metadata_proxy').with('value' => true)
         is_expected.to contain_nova_config('neutron/metadata_proxy_shared_secret').with('value' => 'secrete')
+        is_expected.to contain_nova_config('oslo_middleware/secure_proxy_ssl_header').with('value' => 'HTTP-X-Forwarded-Proto')
       end
 
       it 'configure nova api v3' do
