From fd9208025eae0304fa5b6936749fbee96cf9b814 Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Date: Thu, 14 Jan 2016 17:17:27 +0200
Subject: Enable keystone handling of X-Forwarded-Proto header

If the X-Forwarded-Proto header is received by keystone, this option
will make the service properly handle it. This is useful, for instance,
if TLS is enabled for the admin endpoint.

Change-Id: I31a1f51591e8423367e61eafc3af9b2d61278468
---
 puppet/hieradata/controller.yaml | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'puppet/hieradata')

diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml
index 7f30fe7a..f8ef6408 100644
--- a/puppet/hieradata/controller.yaml
+++ b/puppet/hieradata/controller.yaml
@@ -45,6 +45,11 @@ keystone::cron::token_flush::maxdelay: 3600
 keystone::roles::admin::service_tenant: 'service'
 keystone::roles::admin::admin_tenant: 'admin'
 keystone::cron::token_flush::destination: '/dev/null'
+keystone::config::keystone_config:
+  DEFAULT/secure_proxy_ssl_header:
+    value: 'HTTP_X_FORWARDED_PROTO'
+  ec2/driver:
+    value: 'keystone.contrib.ec2.backends.sql.Ec2'
 
 #swift
 swift::proxy::pipeline:
-- 
cgit 1.2.3-korg