From c3bb1bb650cc090c24a65b10dab59338a3b7b1bb Mon Sep 17 00:00:00 2001 From: tpsilva Date: Fri, 11 Feb 2022 14:20:32 -0300 Subject: [PATCH] Add use-public-endpoint config option Currently, this charm sets the host_href config option with the admin endpoint. This patch adds a config option to allow it to be configured to use the public endpoint, so that the secrets could be accessible through this endpoint. Closes-bug: #1642769 Change-Id: Ice7131459753f15e1184c687a24301689df338e2 --- src/config.yaml | 2 ++ src/templates/rocky/barbican.conf | 18 +++++++++++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/src/config.yaml b/src/config.yaml index 107cc47..12213df 100644 --- a/src/config.yaml +++ b/src/config.yaml @@ -46,3 +46,5 @@ options: Maximum allowed http request size against the barbican-api. openstack-origin: default: yoga + use-internal-endpoints: + default: True diff --git a/src/templates/rocky/barbican.conf b/src/templates/rocky/barbican.conf index 9911697..d4a36e9 100644 --- a/src/templates/rocky/barbican.conf +++ b/src/templates/rocky/barbican.conf @@ -2,7 +2,23 @@ debug = {{ options.debug }} bind_host = {{ options.service_listen_info.barbican_worker.ip }} bind_port = {{ options.service_listen_info.barbican_worker.port }} -host_href = {{ options.external_endpoints.barbican_worker.url }} + +{% if options.use_internal_endpoints %} +{% set hostname = options.os_admin_hostname %} +{% set port = options.port_map["barbican-worker"]["admin"] %} +{% else %} +{% set hostname = options.os_public_hostname %} +{% set port = options.port_map["barbican-worker"]["public"] %} +{%- endif %} + +{% if options.ssl -%} +{% set proto = "https://" %} +{% else %} +{% set proto = "http://" %} +{%- endif %} + +host_href = {{ proto }}{{ hostname }}:{{ port }} + db_auto_create = False max_allowed_secret_in_bytes = {{ options.max_allowed_secret_size }} max_allowed_request_size_in_bytes = {{ options.max_allowed_request_size }}