Add use-public-endpoint config option

Currently, this charm sets the host_href config option with the admin endpoint. This patch adds a config option to allow it to be configured to use the public endpoint, so that the secrets could be accessible through this endpoint. Closes-bug: #1642769 Change-Id: Ice7131459753f15e1184c687a24301689df338e2 (cherry picked from commit c3bb1bb650)
2022-02-11 14:20:32 -03:00 · 2022-02-11 14:20:32 -03:00 · c3460f0b4e
parent 087d0a70fd
commit c3460f0b4e
2 changed files with 19 additions and 1 deletions
--- a/src/config.yaml
+++ b/src/config.yaml
@ -44,3 +44,5 @@ options:
    type: int
    description: |
      Maximum allowed http request size against the barbican-api.
+  use-internal-endpoints:
+    default: True
--- a/src/templates/rocky/barbican.conf
+++ b/src/templates/rocky/barbican.conf
@ -2,7 +2,23 @@
 debug = {{ options.debug }}
 bind_host = {{ options.service_listen_info.barbican_worker.ip }}
 bind_port = {{ options.service_listen_info.barbican_worker.port }}
-host_href = {{ options.external_endpoints.barbican_worker.url }}
+
+{% if options.use_internal_endpoints %}
+{% set hostname = options.os_admin_hostname %}
+{% set port = options.port_map["barbican-worker"]["admin"] %}
+{% else %}
+{% set hostname = options.os_public_hostname %}
+{% set port = options.port_map["barbican-worker"]["public"] %}
+{%- endif %}
+
+{% if options.ssl -%}
+{% set proto = "https://" %}
+{% else %}
+{% set proto = "http://" %}
+{%- endif %}
+
+host_href = {{ proto }}{{ hostname }}:{{ port }}
+
 db_auto_create = False
 max_allowed_secret_in_bytes = {{ options.max_allowed_secret_size }}
 max_allowed_request_size_in_bytes = {{ options.max_allowed_request_size }}