From 1bd2b2bca9675c3759c6ee467d52ecb1d857aa7e Mon Sep 17 00:00:00 2001 From: Michael Krotscheck Date: Mon, 23 Feb 2015 12:27:02 -0800 Subject: [PATCH] Added Valid OAuth client configuration to storyboard manifest. StoryBoard now only permits a finite list of authorized oauth clients, which are based on the domain host. This adds the necessary configuration elements to the OpenStack StoryBoard manifest. Change-Id: Ia7d34e9b80399ffa9e4229d6cc7035061c41dffc Depends-on: I29495a0b640c3ca097cca8c17349df5cc42388de --- manifests/site.pp | 6 +++++- modules/openstack_project/manifests/storyboard.pp | 2 ++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/manifests/site.pp b/manifests/site.pp index dfe2629f63..c194604f47 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -420,7 +420,11 @@ node 'storyboard.openstack.org' { rabbitmq_password => hiera('storyboard_rabbit_password', 'XXX'), ssl_cert_file_contents => hiera('storyboard_ssl_cert_file_contents', 'XXX'), ssl_key_file_contents => hiera('storyboard_ssl_key_file_contents', 'XXX'), - ssl_chain_file_contents => hiera('storyboard_ssl_chain_file_contents', 'XXX') + ssl_chain_file_contents => hiera('storyboard_ssl_chain_file_contents', 'XXX'), + valid_oauth_clients => [ + $::fqdn, + 'docs-draft.openstack.org', + ], } } diff --git a/modules/openstack_project/manifests/storyboard.pp b/modules/openstack_project/manifests/storyboard.pp index 45ab947093..51c434987b 100644 --- a/modules/openstack_project/manifests/storyboard.pp +++ b/modules/openstack_project/manifests/storyboard.pp @@ -12,6 +12,7 @@ class openstack_project::storyboard( $ssl_chain_file_contents = undef, $openid_url = 'https://login.launchpad.net/+openid', $project_config_repo = '', + $valid_oauth_clients = [], ) { class { 'project_config': @@ -44,6 +45,7 @@ class openstack_project::storyboard( 'https://storyboard.openstack.org', 'http://docs-draft.openstack.org', ], + valid_oauth_clients => $valid_oauth_clients, cors_max_age => 3600, openid_url => $openid_url, mysql_host => $mysql_host,