Merge pull request #606 from enovance/spicehtml6-hack

spice-html5: hack to enable secure console

manifests/compute/consoleproxy.pp

@@ -15,10 +15,15 @@
 #
 # Compute Proxy Console node
 #
+# [*secure*]
+# (optionnal) Enabled or not WSS in spice-html5 code
+# Defaults to false.
+#
 
 class cloud::compute::consoleproxy(
   $api_eth    = '127.0.0.1',
-  $spice_port = '6082'
+  $spice_port = '6082',
+  $secure     = false,
 ){
 
   include 'cloud::compute'
@@ -28,6 +33,15 @@ class cloud::compute::consoleproxy(
     host    => $api_eth
   }
 
+  # Horrible Hack to allow spice-html5 to connect on the web service
+  # by SSL. Since "ws" is hardcoded, there is no way to use HTTPS otherwise.
+  if $secure {
+    exec { 'enable_wss_spice_html5':
+      command => '/bin/sed -i "s/ws:\/\//wss:\/\//g" /usr/share/spice-html5/spice_auto.html',
+      unless  => '/bin/grep -F "wss://" /usr/share/spice-html5/spice_auto.html',
+    }
+  }
+
   @@haproxy::balancermember{"${::fqdn}-compute_spice":
     listening_service => 'spice_cluster',
     server_names      => $::hostname,

spec/classes/cloud_compute_consoleproxy_spec.rb

@@ -45,7 +45,8 @@ describe 'cloud::compute::consoleproxy' do
 
     let :params do
       { :api_eth    => '10.0.0.1',
-        :spice_port => '6082' }
+        :spice_port => '6082',
+        :secure     => false }
     end
 
     it 'configure nova common' do
@@ -94,6 +95,19 @@ describe 'cloud::compute::consoleproxy' do
       )
     end
 
+    context 'when using secure console' do
+      before :each do
+        params.merge!( :secure => true )
+      end
+
+      it 'replace ws by wss in spice html5 code' do
+        should contain_exec('enable_wss_spice_html5').with(
+          :command => '/bin/sed -i "s/ws:\/\//wss:\/\//g" /usr/share/spice-html5/spice_auto.html',
+          :unless  => '/bin/grep -F "wss://" /usr/share/spice-html5/spice_auto.html'
+        )
+      end
+    end
+
   end
 
   context 'on Debian platforms' do