From 7f16f6d4825fe88916a0c8611cea1367f5e9cf7d Mon Sep 17 00:00:00 2001
From: Jens Harbott <frickler@offenerstapel.de>
Date: Tue, 28 Sep 2021 13:44:32 +0200
Subject: [PATCH] Fix uwsgi config for trailing slashes

The apache mod_proxy documentation[0] says that trailing slashes need to
match for the ProxyPass statement. Since adding a slash to the redirected
url would break things that need to access endpoints like /identity
without anything added, we need to drop the trailing slash for the
target URL. See [1] for the discussion of the CVE fix that changed the
previous behavior.

For stable/victoria the devstack-platform-opensuse-15 and
nova-ceph-multistore jobs are currently broken, drop them for now,
they can be re-added when they got fixed.

[0] https://httpd.apache.org/docs/trunk/mod/mod_proxy.html#proxypass
[1] https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1945274

Change-Id: I99fbc91be1e7764a71a65b5abadd26144e0d1446
---
 .zuul.yaml | 9 ---------
 lib/apache | 2 +-
 2 files changed, 1 insertion(+), 10 deletions(-)

diff --git a/.zuul.yaml b/.zuul.yaml
index 8570ef3be3..5d1d485ca8 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -659,7 +659,6 @@
       jobs:
         - devstack
         - devstack-ipv6
-        - devstack-platform-opensuse-15
         - devstack-platform-centos-8
         - devstack-platform-bionic
         - devstack-multinode
@@ -705,10 +704,6 @@
             irrelevant-files:
               - ^.*\.rst$
               - ^doc/.*$
-        - nova-ceph-multistore:
-            irrelevant-files:
-              - ^.*\.rst$
-              - ^doc/.*$
         # NOTE(gmann): Remove this job from devstack pipeline once it is
         # migrated to zuulv3 native. This is legacy job and rely on
         # devstack-gate + devstack setting so any change in devstack can
@@ -745,10 +740,6 @@
             irrelevant-files:
               - ^.*\.rst$
               - ^doc/.*$
-        - nova-ceph-multistore:
-            irrelevant-files:
-              - ^.*\.rst$
-              - ^doc/.*$
     # Please add a note on each job and conditions for the job not
     # being experimental any more, so we can keep this list somewhat
     # pruned.
diff --git a/lib/apache b/lib/apache
index 870a65a9d2..1df446f28c 100644
--- a/lib/apache
+++ b/lib/apache
@@ -306,7 +306,7 @@ function write_uwsgi_config {
         apache_conf=$(apache_site_config_for $name)
         iniset "$file" uwsgi socket "$socket"
         iniset "$file" uwsgi chmod-socket 666
-        echo "ProxyPass \"${url}\" \"unix:${socket}|uwsgi://uwsgi-uds-${name}/\" retry=0 " | sudo tee -a $apache_conf
+        echo "ProxyPass \"${url}\" \"unix:${socket}|uwsgi://uwsgi-uds-${name}\" retry=0 " | sudo tee -a $apache_conf
         enable_apache_site $name
         restart_apache_server
     fi