openstack/puppet-openstacklib
Code Issues Proposed changes

Add ssl_verify_client to wsgi::apache

Browse Source 
Change-Id: Iee9f8e0d87310e099185044f1cc1939a03aa9977
This commit is contained in:
Tobias Urdin 2020-10-14 11:20:21 +02:00
parent 57771aa866
commit 342f4f0b04
3 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
manifests/wsgi/apache.pp
View File

@ -67,6 +67,11 @@
# (Optional) Path to SSL key. # (Optional) Path to SSL key.
# Default to apache::vhost 'ssl_*' defaults # Default to apache::vhost 'ssl_*' defaults
# #
# [*ssl_verify_client*]
# (Optional) Sets the SSLVerifyClient directive which sets the
# certificate verification level for client authentication.
# Default to apache::vhost 'ssl_*' defaults
#
# [*ssl_chain*] # [*ssl_chain*]
# (Optional) SSL chain. # (Optional) SSL chain.
# Default to apache::vhost 'ssl_*' defaults # Default to apache::vhost 'ssl_*' defaults
@ -240,6 +245,7 @@ define openstacklib::wsgi::apache (
$ssl_crl = undef, $ssl_crl = undef,
$ssl_crl_path = undef, $ssl_crl_path = undef,
$ssl_key = undef, $ssl_key = undef,
$ssl_verify_client = undef,
$threads = 1, $threads = 1,
$user = undef, $user = undef,
$workers = $::os_workers, $workers = $::os_workers,
@ -352,6 +358,7 @@ define openstacklib::wsgi::apache (
ssl => $ssl, ssl => $ssl,
ssl_cert => $ssl_cert, ssl_cert => $ssl_cert,
ssl_key => $ssl_key, ssl_key => $ssl_key,
ssl_verify_client => $ssl_verify_client,
ssl_chain => $ssl_chain, ssl_chain => $ssl_chain,
ssl_ca => $ssl_ca, ssl_ca => $ssl_ca,
ssl_crl_path => $ssl_crl_path, ssl_crl_path => $ssl_crl_path,

4
releasenotes/notes/add-ssl_verify_client-87e52209cc80861d.yaml Normal file
View File

@ -0,0 +1,4 @@
---
features:
- |
Added ssl_verify_client parameter to openstacklib::wsgi::apache.

2
spec/defines/openstacklib_wsgi_apache_spec.rb
View File

@ -33,6 +33,7 @@ describe 'openstacklib::wsgi::apache' do
:bind_port => 5000, :bind_port => 5000,
:group => 'keystone', :group => 'keystone',
:ssl => true, :ssl => true,
:ssl_verify_client => 'optional',
:user => 'keystone', :user => 'keystone',
:wsgi_script_dir => '/var/www/cgi-bin/keystone', :wsgi_script_dir => '/var/www/cgi-bin/keystone',
:wsgi_script_file => 'main', :wsgi_script_file => 'main',
@ -76,6 +77,7 @@ describe 'openstacklib::wsgi::apache' do
:docroot_group => 'keystone', :docroot_group => 'keystone',
:setenv => [], :setenv => [],
:ssl => 'true', :ssl => 'true',
:ssl_verify_client => 'optional',
:wsgi_daemon_process => { :wsgi_daemon_process => {
'keystone_wsgi' => { 'keystone_wsgi' => {
'user' => 'keystone', 'user' => 'keystone',