is_cert_provided_in_config check is too strict, ssl_ca should be optional
Bug #1711354 reported by
Nobuto Murata
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Keystone Charm |
Fix Released
|
Medium
|
Nobuto Murata |
Bug Description
[hooks/
52 def is_cert_
53 ca = config('ssl_ca')
54 cert = config('ssl_cert')
55 key = config('ssl_key')
56 return bool(ca and cert and key)
When configuring SSL, keystone charm skips the configuration when ssl_ca is not provided in the charm config. ssl_ca is unnecessary when OS already has a root CA, e.g. GeoTrust.
Changed in charm-keystone: | |
status: | New → In Progress |
importance: | Undecided → Medium |
assignee: | nobody → Nobuto Murata (nobuto) |
tags: | added: cpe-onsite |
Changed in charm-keystone: | |
assignee: | Nobuto Murata (nobuto) → James Page (james-page) |
Changed in charm-keystone: | |
assignee: | James Page (james-page) → nobody |
status: | In Progress → Triaged |
Changed in charm-keystone: | |
assignee: | nobody → Nobuto Murata (nobuto) |
status: | Triaged → In Progress |
milestone: | none → 17.11 |
Changed in charm-keystone: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
https:/ /review. openstack. org/#/c/ 494514/