OpenStack Barbican Charm

Legacy SSL configration options do not have effect

Bug #1864805 reported by José Pekkarinen on 2020-02-26

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Barbican Charm	Fix Released	High	José Pekkarinen	OpenStack Barbican Charm 20.05

Bug Description

Hi,

It's found that the charm provides config options for tls enpoint setup,
concretely ssl_cert and ssl_key, though it misses the code that produces
apache2 configuration for the tls endpoint to happen. An MP is open to
produce this configuration.

Thanks!

José.

Revision history for this message

Frode Nordahl (fnordahl) wrote on 2020-02-27:

The ssl_* configuration options are brought in from ``layer-openstack`` and unfortunately there was a missing call to act on them being set in the charm.

I would like to remind everyone that the preferred approach to TLS enablement of OpenStack deployments is through the use of the certificates relation to vault.

summary:	- Missing call for ssl endpoint configuration + Legacy SSL configration options do not have effect
Changed in charm-barbican:
milestone:	none → 20.05
importance:	Undecided → High
assignee:	nobody → José Pekkarinen (jose-pekkarinen)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-02-27: Fix merged to charm-barbican (master)

Reviewed: https://review.opendev.org/709969
Committed: https://git.openstack.org/cgit/openstack/charm-barbican/commit/?id=ef5a997c8cc706b7e1c61734306532b11b3e4f98
Submitter: Zuul
Branch: master

commit ef5a997c8cc706b7e1c61734306532b11b3e4f98
Author: José Pekkarinen <email address hidden>
Date: Wed Feb 26 09:55:50 2020 +0200

Restoring support for tls endpoint configuration

    Closes-bug: #1864805
    Change-Id: I6bf879693f1a2a4d8df27cb47a7d1c446af4596e
    Signed-off-by: José Pekkarinen <email address hidden>

Changed in charm-barbican:
status:	In Progress → Fix Committed

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-03-12: Fix proposed to charm-barbican (stable/20.02)

Fix proposed to branch: stable/20.02
Review: https://review.opendev.org/712710

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-03-13: Change abandoned on charm-barbican (stable/20.02)

Change abandoned by José Pekkarinen (<email address hidden>) on branch: stable/20.02
Review: https://review.opendev.org/712710

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-03-16: Fix merged to charm-barbican (stable/20.02)

Reviewed: https://review.opendev.org/712710
Committed: https://git.openstack.org/cgit/openstack/charm-barbican/commit/?id=c6226740a1208df79c12ba3157883e7ac38eb75a
Submitter: Zuul
Branch: stable/20.02

commit c6226740a1208df79c12ba3157883e7ac38eb75a
Author: José Pekkarinen <email address hidden>
Date: Wed Feb 26 09:55:50 2020 +0200

Restoring support for tls endpoint configuration

    Closes-bug: #1864805
    Change-Id: I6bf879693f1a2a4d8df27cb47a7d1c446af4596e
    Signed-off-by: José Pekkarinen <email address hidden>
    (cherry picked from commit ef5a997c8cc706b7e1c61734306532b11b3e4f98)

David Ames (thedac) on 2020-05-21

Changed in charm-barbican:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.