OpenStack Keystone Charm

tls-enabled set to true over the keystone-fid-service-provider relation

Bug #1982948 reported by Felipe Reyes on 2022-07-27

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Keystone Charm	New	Medium	Unassigned

Bug Description

the relation keystone-fid-service-provider informs the subordinate if http or https should be used to talk to keystone (and configure the provider correctly), although when keystone is related to vault (via certificates relation) the tls-enabled key will be set to true even if keystone hasn't been configured to serve by https, this specially a problem when vault is sealed and the certificates may simply never be available during the deployment.

```
if relation_ids('certificates'):
tls_enabled = True
```
source: https://opendev.org/openstack/charm-keystone/src/branch/master/hooks/keystone_hooks.py#L835

process_certificates()[0] is capable of detecting if there are certificates available in the relation, but calling it has the side effect that it will write them on disk.

[0] https://opendev.org/openstack/charm-keystone/src/branch/master/hooks/keystone_hooks.py#L872

Felipe Reyes (freyes) on 2022-07-27

Changed in charm-keystone:
importance:	Undecided → Medium

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.