From e0934e976901f87122c81875b392d36e0beea9cc Mon Sep 17 00:00:00 2001
From: Yi Cong Lu <yiconglu@cn.ibm.com>
Date: Thu, 16 Oct 2014 16:41:00 +0800
Subject: [PATCH] Allow API pipeline to be settable in keystone-paste.ini

Change server recipe and template to allow the pipeline of
public_api, admin_api, api_v3 to be set.

Change-Id: Iab81c5e20aca2e7af2ea27c1c4c8a01dc40240ac
Closes-Bug: #1358142
---
 CHANGELOG.md                             |  1 +
 README.md                                |  3 +++
 attributes/default.rb                    | 13 +++++++++++++
 spec/server_spec.rb                      | 14 +++++++++++++-
 templates/default/keystone-paste.ini.erb |  6 +++---
 5 files changed, 33 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index df16bb8..7abeb72 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,7 @@ This file is used to list changes made in each version of cookbook-openstack-ide
 * Bump Chef gem to 11.16
 * Add test to verify each endpoint can be configured seperatly
 * Update endpoint when endpoint for one service type exists
+* Add attributes for pipeline of API
 
 ## 10.0.0
 * Upgrading to Juno
diff --git a/README.md b/README.md
index 695c634..060fa47 100644
--- a/README.md
+++ b/README.md
@@ -272,6 +272,9 @@ Please refer to the Common cookbook for more attributes.
 * `openstack['identity']['catalog']['list_limit']` - Maximum number of entities that will be returned in a catalog collection
 * `openstack['identity']['identity']['list_limit']` - Maximum number of entities that will be returned in a identity collection
 * `openstack['identity']['policy']['list_limit']` - Maximum number of entities that will be returned in a policy collection
+* `openstack['identity']['pipeline']['public_api']` - Pipeline of identity public api
+* `openstack['identity']['pipeline']['admin_api']` - Pipeline of identity admin api
+* `openstack['identity']['pipeline']['api_v3']` - Pipeline of identity V3 api
 
 Most `openstack['identity']['ldap']` attributes map directly to the corresponding config options in keystone.conf's `[ldap]` backend.  They are primarily used when configuring `openstack['identity']['identity']['backend']` and/or `openstack["identity"]["assignment"]["backend"]` as `ldap` (both default to `sql`).
 
diff --git a/attributes/default.rb b/attributes/default.rb
index 3d4f84a..3450605 100644
--- a/attributes/default.rb
+++ b/attributes/default.rb
@@ -46,6 +46,19 @@ default['openstack']['identity']['pastefile_url'] = nil
 # array of lines to add to templated version of keystone-paste.ini
 default['openstack']['identity']['misc_paste'] = []
 
+# This specify the pipeline of the keystone public API,
+# all Identity public API requests will be processed by the order of the pipeline.
+# this value will be used in the templated version of keystone-paste.ini
+default['openstack']['identity']['pipeline']['public_api'] = 'sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v2 json_body ec2_extension user_crud_extension public_service'
+# This specify the pipeline of the keystone admin API,
+# all Identity admin API requests will be processed by the order of the pipeline.
+# this value will be used in the templated version of keystone-paste.ini
+default['openstack']['identity']['pipeline']['admin_api'] = 'sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v2 json_body ec2_extension s3_extension crud_extension admin_service'
+# This specify the pipeline of the keystone V3 API,
+# all Identity V3 API requests will be processed by the order of the pipeline.
+# this value will be used in the templated version of keystone-paste.ini
+default['openstack']['identity']['pipeline']['api_v3'] = 'sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v3 json_body ec2_extension_v3 s3_extension simple_cert_extension revoke_extension service_v3'
+
 default['openstack']['identity']['region'] = node['openstack']['region']
 default['openstack']['identity']['token']['expiration'] = '86400'
 default['openstack']['identity']['token']['hash_algorithm'] = 'md5'
diff --git a/spec/server_spec.rb b/spec/server_spec.rb
index 375cec9..7845c38 100644
--- a/spec/server_spec.rb
+++ b/spec/server_spec.rb
@@ -851,7 +851,19 @@ describe 'openstack-identity::server' do
       it 'has proper modes' do
         expect(sprintf('%o', template.mode)).to eq('644')
       end
-
+      it 'has default api pipeline value' do
+        expect(chef_run).to render_file(path).with_content(/^pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v2 json_body ec2_extension user_crud_extension public_service$/)
+        expect(chef_run).to render_file(path).with_content(/^pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v2 json_body ec2_extension s3_extension crud_extension admin_service$/)
+        expect(chef_run).to render_file(path).with_content(/^pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v3 json_body ec2_extension_v3 s3_extension simple_cert_extension revoke_extension service_v3$/)
+      end
+      it 'template api pipeline set correct' do
+        node.set['openstack']['identity']['pipeline']['public_api'] = 'public_service'
+        node.set['openstack']['identity']['pipeline']['admin_api'] = 'admin_service'
+        node.set['openstack']['identity']['pipeline']['api_v3'] = 'service_v3'
+        expect(chef_run).to render_file(path).with_content(/^pipeline = public_service$/)
+        expect(chef_run).to render_file(path).with_content(/^pipeline = admin_service$/)
+        expect(chef_run).to render_file(path).with_content(/^pipeline = service_v3$/)
+      end
       it 'template misc_paste array correctly' do
         node.set['openstack']['identity']['misc_paste'] = ['MISC1=OPTION1', 'MISC2=OPTION2']
         expect(chef_run).to render_file(path).with_content(
diff --git a/templates/default/keystone-paste.ini.erb b/templates/default/keystone-paste.ini.erb
index 610608d..ca6f588 100644
--- a/templates/default/keystone-paste.ini.erb
+++ b/templates/default/keystone-paste.ini.erb
@@ -81,13 +81,13 @@ paste.app_factory = keystone.service:v3_app_factory
 paste.app_factory = keystone.service:admin_app_factory
 
 [pipeline:public_api]
-pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v2 json_body ec2_extension user_crud_extension public_service
+pipeline = <%=node["openstack"]["identity"]["pipeline"]["public_api"] %>
 
 [pipeline:admin_api]
-pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v2 json_body ec2_extension s3_extension crud_extension admin_service
+pipeline = <%=node["openstack"]["identity"]["pipeline"]["admin_api"] %>
 
 [pipeline:api_v3]
-pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v3 json_body ec2_extension_v3 s3_extension simple_cert_extension revoke_extension service_v3
+pipeline = <%=node["openstack"]["identity"]["pipeline"]["api_v3"] %>
 
 [app:public_version_service]
 paste.app_factory = keystone.service:public_version_app_factory