Enable keystone to use the SSL middleware

The http_proxy_to_wsgi middleware was recently added to keystone as
default in the pipeline [1]. So this takes it into use instead of the
non-standard option we were using before, which will be deprecated.

We already enable this middleware for nova, cinder and heat.

[1] Iad628a863e55cbf20c89ef23ebc7527ba8e1a835

Depends-On: I0fec98a6e1d9c8be4d8b8df382b78ba2815790f9
Change-Id: I8c1b84adc828a2b8c9ea11c4e2b8349427b1b206

diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index 48e7487..79c0dcc 100644 (file)
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -110,6 +110,7 @@ outputs:
         keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
         keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
         keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
+        keystone::enable_proxy_headers_parsing: true
         keystone::debug: {get_param: Debug}
         keystone::db::mysql::password: {get_param: AdminToken}
         keystone::rabbit_userid: {get_param: RabbitUserName}
@@ -138,8 +139,6 @@ outputs:
         keystone::roles::admin::admin_tenant: 'admin'
         keystone::cron::token_flush::destination: '/dev/null'
         keystone::config::keystone_config:
-          DEFAULT/secure_proxy_ssl_header:
-            value: 'HTTP_X_FORWARDED_PROTO'
           ec2/driver:
             value: 'keystone.contrib.ec2.backends.sql.Ec2'
         keystone::service_name: 'httpd'