Allow API pipeline to be settable in keystone-paste.ini

Change server recipe and template to allow the pipeline of
public_api, admin_api, api_v3 to be set.

Change-Id: Iab81c5e20aca2e7af2ea27c1c4c8a01dc40240ac
Closes-Bug: #1358142

CHANGELOG.md

@@ -12,6 +12,7 @@ This file is used to list changes made in each version of cookbook-openstack-ide
 * Bump Chef gem to 11.16
 * Add test to verify each endpoint can be configured seperatly
 * Update endpoint when endpoint for one service type exists
+* Add attributes for pipeline of API
 
 ## 10.0.0
 * Upgrading to Juno

README.md

@@ -272,6 +272,9 @@ Please refer to the Common cookbook for more attributes.
 * `openstack['identity']['catalog']['list_limit']` - Maximum number of entities that will be returned in a catalog collection
 * `openstack['identity']['identity']['list_limit']` - Maximum number of entities that will be returned in a identity collection
 * `openstack['identity']['policy']['list_limit']` - Maximum number of entities that will be returned in a policy collection
+* `openstack['identity']['pipeline']['public_api']` - Pipeline of identity public api
+* `openstack['identity']['pipeline']['admin_api']` - Pipeline of identity admin api
+* `openstack['identity']['pipeline']['api_v3']` - Pipeline of identity V3 api
 
 Most `openstack['identity']['ldap']` attributes map directly to the corresponding config options in keystone.conf's `[ldap]` backend.  They are primarily used when configuring `openstack['identity']['identity']['backend']` and/or `openstack["identity"]["assignment"]["backend"]` as `ldap` (both default to `sql`).
 

attributes/default.rb

@@ -46,6 +46,19 @@ default['openstack']['identity']['pastefile_url'] = nil
 # array of lines to add to templated version of keystone-paste.ini
 default['openstack']['identity']['misc_paste'] = []
 
+# This specify the pipeline of the keystone public API,
+# all Identity public API requests will be processed by the order of the pipeline.
+# this value will be used in the templated version of keystone-paste.ini
+default['openstack']['identity']['pipeline']['public_api'] = 'sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v2 json_body ec2_extension user_crud_extension public_service'
+# This specify the pipeline of the keystone admin API,
+# all Identity admin API requests will be processed by the order of the pipeline.
+# this value will be used in the templated version of keystone-paste.ini
+default['openstack']['identity']['pipeline']['admin_api'] = 'sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v2 json_body ec2_extension s3_extension crud_extension admin_service'
+# This specify the pipeline of the keystone V3 API,
+# all Identity V3 API requests will be processed by the order of the pipeline.
+# this value will be used in the templated version of keystone-paste.ini
+default['openstack']['identity']['pipeline']['api_v3'] = 'sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v3 json_body ec2_extension_v3 s3_extension simple_cert_extension revoke_extension service_v3'
+
 default['openstack']['identity']['region'] = node['openstack']['region']
 default['openstack']['identity']['token']['expiration'] = '86400'
 default['openstack']['identity']['token']['hash_algorithm'] = 'md5'

spec/server_spec.rb

@@ -851,7 +851,19 @@ describe 'openstack-identity::server' do
       it 'has proper modes' do
         expect(sprintf('%o', template.mode)).to eq('644')
       end
-
+      it 'has default api pipeline value' do
+        expect(chef_run).to render_file(path).with_content(/^pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v2 json_body ec2_extension user_crud_extension public_service$/)
+        expect(chef_run).to render_file(path).with_content(/^pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v2 json_body ec2_extension s3_extension crud_extension admin_service$/)
+        expect(chef_run).to render_file(path).with_content(/^pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v3 json_body ec2_extension_v3 s3_extension simple_cert_extension revoke_extension service_v3$/)
+      end
+      it 'template api pipeline set correct' do
+        node.set['openstack']['identity']['pipeline']['public_api'] = 'public_service'
+        node.set['openstack']['identity']['pipeline']['admin_api'] = 'admin_service'
+        node.set['openstack']['identity']['pipeline']['api_v3'] = 'service_v3'
+        expect(chef_run).to render_file(path).with_content(/^pipeline = public_service$/)
+        expect(chef_run).to render_file(path).with_content(/^pipeline = admin_service$/)
+        expect(chef_run).to render_file(path).with_content(/^pipeline = service_v3$/)
+      end
       it 'template misc_paste array correctly' do
         node.set['openstack']['identity']['misc_paste'] = ['MISC1=OPTION1', 'MISC2=OPTION2']
         expect(chef_run).to render_file(path).with_content(

templates/default/keystone-paste.ini.erb

@@ -81,13 +81,13 @@ paste.app_factory = keystone.service:v3_app_factory
 paste.app_factory = keystone.service:admin_app_factory
 
 [pipeline:public_api]
-pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v2 json_body ec2_extension user_crud_extension public_service
+pipeline = <%=node["openstack"]["identity"]["pipeline"]["public_api"] %>
 
 [pipeline:admin_api]
-pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v2 json_body ec2_extension s3_extension crud_extension admin_service
+pipeline = <%=node["openstack"]["identity"]["pipeline"]["admin_api"] %>
 
 [pipeline:api_v3]
-pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v3 json_body ec2_extension_v3 s3_extension simple_cert_extension revoke_extension service_v3
+pipeline = <%=node["openstack"]["identity"]["pipeline"]["api_v3"] %>
 
 [app:public_version_service]
 paste.app_factory = keystone.service:public_version_app_factory