openstack/openstack-ansible-os_designate
Code Issues Proposed changes

Avoid leaking internal url for authentication error

Browse Source 
keystonemiddrlware returns 401 reponse with www_authenticate_uri, so
we should use public url instead of internal url.

Change-Id: I6bb3f4ac8530ee58061fb1566cccc56ccf427d02
Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
This commit is contained in:
Takashi Kajinami
2026-02-08 11:41:32 +09:00
parent 5e59195e5e
commit a89a3bed1d
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
templates/designate.conf.j2
View File

@@ -153,7 +153,7 @@ enable_api_admin = False
insecure = {{ keystone_service_internaluri_insecure | bool }}
auth_type = {{ designate_keystone_auth_type }}
auth_url = {{ keystone_service_adminurl }}
www_authenticate_uri = {{ keystone_service_internaluri }}
www_authenticate_uri = {{ keystone_service_publicuri }}
project_domain_id = {{ designate_service_project_domain_id }}
user_domain_id = {{ designate_service_user_domain_id }}
project_name = {{ designate_service_project_name }}