Make horizon_ca optional when SSL is enabled
This allows the vhost to use the globally set CA file (in ssl.conf) if present. Or one might just not need the CA to be set (no TLS authentication). Change-Id: Iba1aea34e72a0138120fa7bcb7267f73e37bf0ce Closes-Bug: #1711280
This commit is contained in:
parent
a6df5b361d
commit
639f1cf98d
@ -137,10 +137,6 @@ class horizon::wsgi::apache (
|
||||
include ::apache::mod::ssl
|
||||
$ensure_ssl_vhost = 'present'
|
||||
|
||||
if $horizon_ca == undef {
|
||||
fail('The horizon_ca parameter is required when listen_ssl is true')
|
||||
}
|
||||
|
||||
if $horizon_cert == undef {
|
||||
fail('The horizon_cert parameter is required when listen_ssl is true')
|
||||
}
|
||||
|
6
releasenotes/notes/ca-optional-7443c07bcef671ce.yaml
Normal file
6
releasenotes/notes/ca-optional-7443c07bcef671ce.yaml
Normal file
@ -0,0 +1,6 @@
|
||||
---
|
||||
security:
|
||||
- |
|
||||
The horizon_ca option is now optional. This implies that you could in theory
|
||||
use the CA configured in the global httpd SSL configuration (ssl.conf) or
|
||||
simply not using this value.
|
@ -145,11 +145,6 @@ describe 'horizon::wsgi::apache' do
|
||||
|
||||
context 'without required parameters' do
|
||||
|
||||
context 'without horizon_ca parameter' do
|
||||
before { params.delete(:horizon_ca) }
|
||||
it_raises 'a Puppet::Error', /The horizon_ca parameter is required when listen_ssl is true/
|
||||
end
|
||||
|
||||
context 'without horizon_cert parameter' do
|
||||
before { params.delete(:horizon_cert) }
|
||||
it_raises 'a Puppet::Error', /The horizon_cert parameter is required when listen_ssl is true/
|
||||
|
Loading…
x
Reference in New Issue
Block a user