diff --git a/manifests/api.pp b/manifests/api.pp index f7815003..6da596aa 100644 --- a/manifests/api.pp +++ b/manifests/api.pp @@ -104,6 +104,13 @@ # will also need to be changed to match. # Defaults to $::os_service_default # +# [*use_forwarded_for*] +# (optional) Treat X-Forwarded-For as the canonical remote address. Only +# enable this if you have a sanitizing proxy. +# Defaults to $::os_service_default +# +# DEPRECATED PARAMETERS +# # [*os_region_name*] # (optional) Some operations require cinder to make API requests # to Nova. This sets the keystone region to be used for these @@ -134,6 +141,7 @@ class cinder::api ( $ca_file = $::os_service_default, $auth_strategy = 'keystone', $osapi_volume_listen_port = $::os_service_default, + $use_forwarded_for = $::os_service_default, # DEPRECATED PARAMETERS $os_region_name = undef ) inherits cinder::params { @@ -216,6 +224,7 @@ running as a standalone service, or httpd for being run by a httpd server") 'DEFAULT/osapi_max_limit': value => $osapi_max_limit; 'DEFAULT/osapi_volume_listen_port': value => $osapi_volume_listen_port; 'DEFAULT/auth_strategy': value => $auth_strategy; + 'DEFAULT/use_forwarded_for': value => $use_forwarded_for; } oslo::middleware {'cinder_config': diff --git a/releasenotes/notes/use_forwarded_for-9390c34f298ebae3.yaml b/releasenotes/notes/use_forwarded_for-9390c34f298ebae3.yaml new file mode 100644 index 00000000..fc461324 --- /dev/null +++ b/releasenotes/notes/use_forwarded_for-9390c34f298ebae3.yaml @@ -0,0 +1,4 @@ +--- +features: + - | + The new ``cinder::api::use_forwarded_for`` parameter has been added. diff --git a/spec/classes/cinder_api_spec.rb b/spec/classes/cinder_api_spec.rb index 226e50c6..c7adca48 100644 --- a/spec/classes/cinder_api_spec.rb +++ b/spec/classes/cinder_api_spec.rb @@ -31,6 +31,7 @@ describe 'cinder::api' do is_expected.to contain_cinder_config('DEFAULT/osapi_volume_base_URL').with_value('') is_expected.to contain_cinder_config('DEFAULT/osapi_max_limit').with_value('') is_expected.to contain_cinder_config('DEFAULT/auth_strategy').with_value('keystone') + is_expected.to contain_cinder_config('DEFAULT/use_forwarded_for').with_value('') is_expected.to contain_cinder_config('DEFAULT/osapi_volume_listen_port').with('value' => '') is_expected.to contain_oslo__middleware('cinder_config').with( @@ -140,6 +141,17 @@ describe 'cinder::api' do end end + context 'with a custom use_forwarded_for' do + let :params do + req_params.merge({'use_forwarded_for' => true}) + end + it 'should configure the osapi_max_limit to 10000' do + is_expected.to contain_cinder_config('DEFAULT/use_forwarded_for').with( + :value => true + ) + end + end + context 'with a custom osapi_max_limit' do let :params do req_params.merge({'osapi_max_limit' => '10000'}) @@ -150,6 +162,7 @@ describe 'cinder::api' do ) end end + context 'when running cinder-api in wsgi' do let :params do req_params.merge!({ :service_name => 'httpd' })