openidc/mellon: Use static Location for protected endpoints

... instead of using LocationMatch or Location with regexp(~) unnecessarily. Usage of the Location directive is described in the Keystone admin guide[1]. [1] https://docs.openstack.org/keystone/latest/admin/federation/configure_federation.html Change-Id: I1fcefad64225ea9917605d451237967edb4843ed
2022-09-27 16:01:49 +09:00 · 2022-09-27 16:01:49 +09:00 · fd2ab9f606
commit fd2ab9f606
parent 31c42f0dd6
2 changed files with 7 additions and 7 deletions
--- a/templates/mellon.conf.erb
+++ b/templates/mellon.conf.erb
@ -16,12 +16,12 @@
  </Location>

 <% if @enable_websso -%>
-  <Location ~ "/v3/auth/OS-FEDERATION/websso/mapped">
+  <Location "/v3/auth/OS-FEDERATION/websso/mapped">
    AuthType Mellon
    MellonEnable auth
    Require valid-user
  </Location>
-  <Location ~ "/v3/auth/OS-FEDERATION/identity_providers/<%= scope['keystone::federation::mellon::idp_name']-%>/protocols/mapped/websso">
+  <Location "/v3/auth/OS-FEDERATION/identity_providers/<%= scope['keystone::federation::mellon::idp_name']-%>/protocols/mapped/websso">
    AuthType Mellon
    MellonEnable auth
    Require valid-user
--- a/templates/openidc.conf.erb
+++ b/templates/openidc.conf.erb
@ -49,15 +49,15 @@
  OIDCRedirectURI "<%= @keystone_url -%>/v3/auth/OS-FEDERATION/identity_providers/<%= scope['keystone::federation::openidc::idp_name']-%>/protocols/openid/websso"
  OIDCRedirectURI "<%= @keystone_url -%>/v3/auth/OS-FEDERATION/websso/openid"

-  <LocationMatch "/v3/auth/OS-FEDERATION/websso/openid">
+  <Location "/v3/auth/OS-FEDERATION/websso/openid">
      AuthType "openid-connect"
      Require valid-user
-  </LocationMatch>
+  </Location>

-  <LocationMatch "/v3/auth/OS-FEDERATION/identity_providers/<%= scope['keystone::federation::openidc::idp_name']-%>/protocols/openid/websso">
+  <Location "/v3/auth/OS-FEDERATION/identity_providers/<%= scope['keystone::federation::openidc::idp_name']-%>/protocols/openid/websso">
      AuthType "openid-connect"
      Require valid-user
-  </LocationMatch>
+  </Location>

 <%- if scope['::keystone::federation::openidc::openidc_enable_oauth'] -%>
  <%- if scope['keystone::federation::openidc::openidc_verify_method'] == 'introspection' -%>
@ -68,7 +68,7 @@
  OIDCOAuthVerifyJwksUri "<%= scope['keystone::federation::openidc::openidc_verify_jwks_uri']-%>"
  <%- end -%>

-  <Location ~ "/v3/OS-FEDERATION/identity_providers/<%= scope['keystone::federation::openidc::idp_name']-%>/protocols/openid/auth">
+  <Location "/v3/OS-FEDERATION/identity_providers/<%= scope['keystone::federation::openidc::idp_name']-%>/protocols/openid/auth">
      AuthType oauth20
      Require valid-user
  </Location>