From 1a3518050a7eeaab2a600a36a5a5ab405592520a Mon Sep 17 00:00:00 2001
From: Emilien Macchi <emilien.macchi@enovance.com>
Date: Tue, 9 Sep 2014 10:25:37 -0400
Subject: [PATCH] spice-html5: hack to enable secure console

This is an horrible hack to fix spice-html5 code while this is fixed
upstream.

It aims to create a new parameter (false by default to maintain backward
compatibility) which enable or not secure console. If enabled, it will
replace the hardcoded "ws" to "wss" and then make the secure Spice
console working.

Closes-bug #604
Signed-off-by: Emilien Macchi <emilien.macchi@enovance.com>
---
 manifests/compute/consoleproxy.pp               | 16 +++++++++++++++-
 spec/classes/cloud_compute_consoleproxy_spec.rb | 16 +++++++++++++++-
 2 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/manifests/compute/consoleproxy.pp b/manifests/compute/consoleproxy.pp
index cef616a1..376b0e86 100644
--- a/manifests/compute/consoleproxy.pp
+++ b/manifests/compute/consoleproxy.pp
@@ -15,10 +15,15 @@
 #
 # Compute Proxy Console node
 #
+# [*secure*]
+# (optionnal) Enabled or not WSS in spice-html5 code
+# Defaults to false.
+#
 
 class cloud::compute::consoleproxy(
   $api_eth    = '127.0.0.1',
-  $spice_port = '6082'
+  $spice_port = '6082',
+  $secure     = false,
 ){
 
   include 'cloud::compute'
@@ -28,6 +33,15 @@ class cloud::compute::consoleproxy(
     host    => $api_eth
   }
 
+  # Horrible Hack to allow spice-html5 to connect on the web service
+  # by SSL. Since "ws" is hardcoded, there is no way to use HTTPS otherwise.
+  if $secure {
+    exec { 'enable_wss_spice_html5':
+      command => '/bin/sed -i "s/ws:\/\//wss:\/\//g" /usr/share/spice-html5/spice_auto.html',
+      unless  => '/bin/grep -F "wss://" /usr/share/spice-html5/spice_auto.html',
+    }
+  }
+
   @@haproxy::balancermember{"${::fqdn}-compute_spice":
     listening_service => 'spice_cluster',
     server_names      => $::hostname,
diff --git a/spec/classes/cloud_compute_consoleproxy_spec.rb b/spec/classes/cloud_compute_consoleproxy_spec.rb
index 318c2750..1825dee0 100644
--- a/spec/classes/cloud_compute_consoleproxy_spec.rb
+++ b/spec/classes/cloud_compute_consoleproxy_spec.rb
@@ -45,7 +45,8 @@ describe 'cloud::compute::consoleproxy' do
 
     let :params do
       { :api_eth    => '10.0.0.1',
-        :spice_port => '6082' }
+        :spice_port => '6082',
+        :secure     => false }
     end
 
     it 'configure nova common' do
@@ -94,6 +95,19 @@ describe 'cloud::compute::consoleproxy' do
       )
     end
 
+    context 'when using secure console' do
+      before :each do
+        params.merge!( :secure => true )
+      end
+
+      it 'replace ws by wss in spice html5 code' do
+        should contain_exec('enable_wss_spice_html5').with(
+          :command => '/bin/sed -i "s/ws:\/\//wss:\/\//g" /usr/share/spice-html5/spice_auto.html',
+          :unless  => '/bin/grep -F "wss://" /usr/share/spice-html5/spice_auto.html'
+        )
+      end
+    end
+
   end
 
   context 'on Debian platforms' do